Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

update https/proxy configs #562

Merged
merged 6 commits into from
Mar 13, 2020
Merged

update https/proxy configs #562

merged 6 commits into from
Mar 13, 2020

Conversation

jhamman
Copy link
Member

@jhamman jhamman commented Mar 12, 2020

This PR updates our proxy/service configs to match the current layout in zero-to-jupyterhub: https://zero-to-jupyterhub.readthedocs.io/en/latest/administrator/security.html#set-up-automatic-https

@tjcrone
Copy link
Contributor

tjcrone commented Mar 12, 2020

These all look good to me. We are in a good spot for testing all of this on OOI. Happy to assist as needed. Thanks @jhamman!

@consideRatio
Copy link
Member

consideRatio commented Mar 12, 2020
edited
Loading

I think the service to be configured to get an external IP and act as the entrypoint of traffic, need to be the proxy-public service, but this PR makes the hub service become the external entrypoint.

The hub service will go to the hub pod, and the hub pod wont proxy traffic onwards. The hub pod does not understand how to respond to someone requesting /user/erik. The hub pod do know how to accept a user on /hub/home and later on demand configure the proxy pod (which gets traffic from proxy public) to route /user/erik properly to the individual user pod. But, for the proxy pod to route to /user/erik, it needs to get the incoming traffic redirect to it, but that requires it to be the entrypoint of the domain, but this PR makes the Hub get the traffic to itself without passing through the proxy.

I didn't see a reference to this configuration in the documentation.

Hmmm... But with autohttps, there is one more proxy that shows up in front of the proxy-public service i think, a pod that will decrypt/encrypt incoming/outgoing traffic. So, the key here to ensure incoming traffic goes there i guess, but i think that should not force the user of the chart make a change like this.

@scottyhq
Copy link
Member

yeah @jhamman and @consideRatio i was just wondering why this change would be needed given how things have been working in the past?...

I find it confusing that loadBalancerIP can be under either proxy or hub, but the documentation doesn't really clarify how they are different:
https://zero-to-jupyterhub.readthedocs.io/en/stable/reference.html#proxy-service-loadbalancerip
https://zero-to-jupyterhub.readthedocs.io/en/stable/reference.html#hub-service-loadbalancerip

@consideRatio
Copy link
Member

@scottyhq yes I think that has been added for completeness at some point as the proxy service had that option, but it doesn't make sense to me in a z2jh deployment that one would ever configure the hub service to be a external entrypoint for network traffic.

@jhamman
Copy link
Member Author

jhamman commented Mar 13, 2020

@consideRatio - to be honest, I'm not following all of what you and @scottyhq are going over. Are you suggesting I move/remove the loadBalancerIP section from our config?

jhamman
jhamman commented Mar 13, 2020
View reviewed changes
requirements.txt
@@ -1,4 +1,4 @@
git+https://github.com/yuvipanda/hubploy@a02fb01bbc4a698b2cc85f9677e9881dac8d438a
git+https://github.com/jhamman/hubploy@c3f270f11c4aa60314a125fdd1ebbed65b8a643b
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

see also: berkeley-dsep-infra/hubploy#56

consideRatio
consideRatio reviewed Mar 13, 2020
View reviewed changes
Joseph Hamman added 2 commits March 13, 2020 08:18
@jhamman jhamman merged commit 8b9a115 into pangeo-data:staging Mar 13, 2020
jhamman pushed a commit that referenced this pull request Mar 16, 2020
Merge pull request #565 from pangeo-data/staging
88e5e4a 
staging -> prod (#555, #556, #559, #561, #562, #564)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@consideRatio consideRatio consideRatio left review comments

@tjcrone tjcrone tjcrone approved these changes

@scottyhq scottyhq Awaiting requested review from scottyhq

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@jhamman @tjcrone @consideRatio @scottyhq