Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

deployer: don't generate config in deployer anymore #2349

Merged
merged 17 commits into from
Mar 24, 2023
Merged

deployer: don't generate config in deployer anymore #2349

Show file tree
Hide file tree
Changes from 7 commits
Commits
Show all changes
17 commits
Select commit Hold shift + click to select a range
2ab567b
Move the config generation out of the deployer and pilot it on staging
GeorgianaElena Mar 14, 2023
ec2950d
Put templates containers in the basehub chart
GeorgianaElena Mar 23, 2023
2ce49bf
Let hubs config be explicit about the template branch used
GeorgianaElena Mar 23, 2023
7c4a83c
Rm non existing staging template branch and exemplify with ohw
GeorgianaElena Mar 23, 2023
71d59ab
Update key nesting and key quoting
GeorgianaElena Mar 24, 2023
a534c4e
Add hubTemplateRepoDetails to the chart schema
GeorgianaElena Mar 24, 2023
b76cfe1
Correctly place the config in the right place
GeorgianaElena Mar 24, 2023
b722d9f
Add config for hubs with custom homepages
GeorgianaElena Mar 24, 2023
73abc0e
Add proxy and ingress config from basehub into hub specific config
GeorgianaElena Mar 24, 2023
aa84fd7
One more renaming of the template repo vars
GeorgianaElena Mar 24, 2023
c20a621
Place proxy config in the right place
GeorgianaElena Mar 24, 2023
3416cac
Rm debugging info
GeorgianaElena Mar 24, 2023
3f5a15e
Update schema
GeorgianaElena Mar 24, 2023
81080cd
Fix indentation
GeorgianaElena Mar 24, 2023
89f445e
Ensure empty fields are not allowed for proxy and ingress hosts
GeorgianaElena Mar 24, 2023
ba3e3dd
Add missing proxy config to utoronto default hubs
GeorgianaElena Mar 24, 2023
b5dd107
More renaming
GeorgianaElena Mar 24, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 2 additions & 0 deletions config/clusters/2i2c/ohw.values.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -74,6 +74,8 @@ basehub:
add_staff_user_ids_to_admin_users: true
add_staff_user_ids_of_type: "github"
homepage:
hubTemplateRepoDetails:
repo_branch: "2i2c-ohw"
templateVars:
org:
name: OceanHackWeek
GeorgianaElena marked this conversation as resolved.
Show resolved Hide resolved
Expand Down
11 changes: 11 additions & 0 deletions config/clusters/2i2c/staging.values.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -15,6 +15,17 @@ staticWebsite:
enabled: false

jupyterhub:
proxy:
https:
hosts:
- staging.2i2c.cloud
ingress:
hosts:
- staging.2i2c.cloud
tls:
- secretName: https-auto-tls
consideRatio marked this conversation as resolved.
Show resolved Hide resolved
hosts:
- staging.2i2c.cloud
custom:
2i2c:
add_staff_user_ids_to_admin_users: true
Expand Down
135 changes: 1 addition & 134 deletions deployer/hub.py
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,8 +1,5 @@
import json
import subprocess
import tempfile
from pathlib import Path
from textwrap import dedent

from ruamel.yaml import YAML

Expand All @@ -23,125 +20,6 @@ def __init__(self, cluster, spec):
self.cluster = cluster
self.spec = spec

def get_generated_config(self):
"""
Generate config automatically for each hub
"""
generated_config = {
"jupyterhub": {
"proxy": {"https": {"hosts": [self.spec["domain"]]}},
"ingress": {
"hosts": [self.spec["domain"]],
"tls": [
{
"secretName": "https-auto-tls",
"hosts": [self.spec["domain"]],
}
],
},
"hub": {
"config": {},
"initContainers": [
{
"name": "templates-clone",
"image": "alpine/git",
"args": [
"clone",
"--",
"https://github.com/2i2c-org/default-hub-homepage",
"/srv/repo",
],
"securityContext": {
"runAsUser": 1000,
"runAsGroup": 1000,
"allowPrivilegeEscalation": False,
"readOnlyRootFilesystem": True,
},
"volumeMounts": [
{
"name": "custom-templates",
"mountPath": "/srv/repo",
}
],
},
{
"name": "templates-ownership-fix",
"image": "alpine/git",
"command": ["/bin/sh"],
"args": [
"-c",
"ls -lhd /srv/repo && chown 1000:1000 /srv/repo && ls -lhd /srv/repo",
],
"securityContext": {"runAsUser": 0},
"volumeMounts": [
{
"name": "custom-templates",
"mountPath": "/srv/repo",
}
],
},
],
"extraContainers": [
{
"name": "templates-sync",
"image": "alpine/git",
"workingDir": "/srv/repo",
"command": ["/bin/sh"],
"args": [
"-c",
dedent(
f"""\
ls -lhd /srv/repo;
while true; do git fetch origin;
if [[ $(git ls-remote --heads origin {self.cluster.spec["name"]}-{self.spec["name"]} | wc -c) -ne 0 ]]; then
git reset --hard origin/{self.cluster.spec["name"]}-{self.spec["name"]};
else
git reset --hard origin/master;
fi
sleep 5m; done
"""
),
],
"securityContext": {
"runAsUser": 1000,
"runAsGroup": 1000,
"allowPrivilegeEscalation": False,
"readOnlyRootFilesystem": True,
},
"volumeMounts": [
{
"name": "custom-templates",
"mountPath": "/srv/repo",
}
],
}
],
"extraVolumes": [{"name": "custom-templates", "emptyDir": {}}],
"extraVolumeMounts": [
{
"mountPath": "/usr/local/share/jupyterhub/custom_templates",
"name": "custom-templates",
"subPath": "templates",
},
{
"mountPath": "/usr/local/share/jupyterhub/static/extra-assets",
"name": "custom-templates",
"subPath": "extra-assets",
},
],
},
},
}

# Due to nesting of charts on top of the basehub, our generated basehub
# config may need to be nested as well.
if self.spec["helm_chart"] == "daskhub":
generated_config = {"basehub": generated_config}
elif self.spec["helm_chart"] == "binderhub":
generated_config = {}

return generated_config

def deploy(self, dask_gateway_version, debug, dry_run):
"""
Deploy this hub
Expand All @@ -168,8 +46,6 @@ def deploy(self, dask_gateway_version, debug, dry_run):

self.spec["domain"] = domain_override_config["domain"]

generated_values = self.get_generated_config()

if self.spec["helm_chart"] == "daskhub":
# Install CRDs for daskhub before deployment
manifest_urls = [
Expand All @@ -180,15 +56,10 @@ def deploy(self, dask_gateway_version, debug, dry_run):
for manifest_url in manifest_urls:
subprocess.check_call(["kubectl", "apply", "-f", manifest_url])

with tempfile.NamedTemporaryFile(
mode="w"
) as generated_values_file, get_decrypted_files(
with get_decrypted_files(
self.cluster.config_path.joinpath(p)
for p in self.spec["helm_chart_values_files"]
) as values_files:
json.dump(generated_values, generated_values_file)
generated_values_file.flush()

cmd = [
"helm",
"upgrade",
Expand All @@ -198,10 +69,6 @@ def deploy(self, dask_gateway_version, debug, dry_run):
f"--namespace={self.spec['name']}",
self.spec["name"],
helm_charts_dir.joinpath(self.spec["helm_chart"]),
# Ordering matters here - config explicitly mentioned in cli should take
# priority over our generated values. Based on how helm does overrides, this means
# we should put the config from cluster.yaml last.
f"--values={generated_values_file.name}",
]

if dry_run:
Expand Down
11 changes: 11 additions & 0 deletions helm-charts/basehub/templates/configmap-hub-templates.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,11 @@
kind: ConfigMap
apiVersion: v1
metadata:
name: hub-custom-templates-config
labels:
app: jupyterhub
data:
{{- with .Values.jupyterhub.custom.homepage.hubTemplateRepoDetails }}
HUB_TEMPLATES_REPO_URL: {{ .repo_url | quote }}
HUB_TEMPLATES_REPO_BRANCH: {{ .repo_branch | quote }}
{{- end }}
19 changes: 19 additions & 0 deletions helm-charts/basehub/values.schema.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -283,6 +283,25 @@ properties:
required:
- templateVars
GeorgianaElena marked this conversation as resolved.
Show resolved Hide resolved
properties:
hubTemplateRepoDetails:
type: object
additionalProperties: false
properties:
repo_url:
type: string
description: |
The URL of the repository hosting custom hub templates
that should override the hub homepage default ones.

Example: https://github.com/2i2c-org/default-hub-homepage
repo_branch:
type: string
description: |
The name of the branch of the repository at `hubTemplateRepoDetails.repo_url`
to pull the custom templates from.
Should be used to customize the homepage of a hub.

The convention for the name of this branch is `<cluster-name>-<hub-name>`.
templateVars:
type: object
additionalProperties: false
Expand Down
77 changes: 76 additions & 1 deletion helm-charts/basehub/values.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -101,6 +101,11 @@ jupyterhub:
- [email protected]
- [email protected]
- [email protected]
homepage:
hubTemplateRepoDetails:
repo_url: "https://github.com/2i2c-org/default-hub-homepage"
# TODO: make main the default branch in the repo above
repo_branch: "master"
ingress:
enabled: true
annotations:
Expand Down Expand Up @@ -400,7 +405,77 @@ jupyterhub:
- value: "/rstudio"
title: RStudio
description: An IDE For R, created by the RStudio company

initContainers:
- name: templates-clone
image: alpine/git
args:
- clone
- --
- $(HUB_TEMPLATES_REPO_URL)
- /srv/repo
env:
- name: HUB_TEMPLATES_REPO_URL
valueFrom:
configMapKeyRef:
name: hub-custom-templates-config
key: HUB_TEMPLATES_REPO_URL
securityContext:
runAsUser: 1000
runAsGroup: 1000
allowPrivilegeEscalation: False
readOnlyRootFilesystem: True
volumeMounts:
- name: custom-templates
mountPath: /srv/repo
- name: templates-ownership-fix
image: alpine/git
command:
- /bin/sh
args:
- -c
- ls -lhd /srv/repo && chown 1000:1000 /srv/repo && ls -lhd /srv/repo
securityContext:
runAsUser: 0
volumeMounts:
- name: custom-templates
mountPath: /srv/repo
extraContainers:
- name: templates-sync
image: alpine/git
workingDir: /srv/repo
command:
- /bin/sh
args:
- -c
- |
ls -lhd /srv/repo;
while true; do git fetch origin;
git reset --hard origin/$(HUB_TEMPLATES_REPO_BRANCH);
GeorgianaElena marked this conversation as resolved.
Show resolved Hide resolved
consideRatio marked this conversation as resolved.
Show resolved Hide resolved
sleep 5m; done
env:
- name: HUB_TEMPLATES_REPO_BRANCH
valueFrom:
configMapKeyRef:
name: hub-custom-templates-config
key: HUB_TEMPLATES_REPO_BRANCH
securityContext:
runAsUser: 1000
runAsGroup: 1000
allowPrivilegeEscalation: False
readOnlyRootFilesystem: True
volumeMounts:
- name: custom-templates
mountPath: /srv/repo
extraVolumes:
- name: custom-templates
emptyDir: {}
extraVolumeMounts:
- mountPath: /usr/local/share/jupyterhub/custom_templates
name: custom-templates
subPath: templates
- mountPath: /usr/local/share/jupyterhub/static/extra-assets
name: custom-templates
subPath: extra-assets
services:
configurator:
url: http://configurator:10101
Expand Down