Skip to content

Commit

Permalink
Remove entire binderhub generated config from deployer
Browse files Browse the repository at this point in the history 
Ref 2i2c-org#1925
  • Loading branch information
@yuvipanda
yuvipanda committed Nov 16, 2022
1 parent 0c72d20 commit c17f3ca
Show file tree
Hide file tree
Showing 2 changed files with 117 additions and 126 deletions.
17 changes: 17 additions & 0 deletions config/clusters/2i2c/binder-staging.values.yaml
View file
Original file line number Diff line number Diff line change
@@ -1,10 +1,18 @@
binderhub:
ingress:
hosts:
- binder-staging.2i2c.cloud
tls:
- secretName: https-auto-tls-binde
hosts:
- binder-staging.2i2c.cloud
registry:
url: https://us-central1-docker.pkg.dev
config:
DockerRegistry:
token_url: https://us-central1-docker.pkg.dev/v2/token?service=
BinderHub:
# The URL set as jupyterhub.ingress.hosts[0] in this config
hub_url: https://hub.binder-staging.2i2c.cloud
image_prefix: us-central1-docker.pkg.dev/two-eye-two-see/binder-staging-registry/binder-staging-

Expand Down Expand Up @@ -35,3 +43,12 @@ binderhub:
extraVolumeMounts:
- name: custom-templates
mountPath: /etc/binderhub/custom

jupyterhub:
ingress:
hosts:
- hub.binder-staging.2i2c.cloud
tls:
- secretName: https-auto-tls-binde
hosts:
- hub.binder-staging.2i2c.cloud
226 changes: 100 additions & 126 deletions deployer/hub.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -30,137 +30,111 @@ def get_generated_config(self, auth_provider: KeyProvider):
WARNING: MIGHT CONTAINS SECRET VALUES!
"""
if self.spec["helm_chart"] == "binderhub":
generated_config = {
"binderhub": {
"ingress": {
"hosts": [self.spec["domain"]],
"tls": [
{
"secretName": "https-auto-tls-binder",
"hosts": [self.spec["domain"]],
}
],
},
"jupyterhub": {
"ingress": {
"hosts": [f"hub.{self.spec['domain']}"],
"tls": [
generated_config = {
"jupyterhub": {
"proxy": {"https": {"hosts": [self.spec["domain"]]}},
"ingress": {
"hosts": [self.spec["domain"]],
"tls": [
{
"secretName": "https-auto-tls",
"hosts": [self.spec["domain"]],
}
],
},
"hub": {
"config": {},
"initContainers": [
{
"name": "templates-clone",
"image": "alpine/git",
"args": [
"clone",
"--",
"https://github.com/2i2c-org/default-hub-homepage",
"/srv/repo",
],
"securityContext": {
"runAsUser": 1000,
"runAsGroup": 1000,
"allowPrivilegeEscalation": False,
"readOnlyRootFilesystem": True,
},
"volumeMounts": [
{
"secretName": "https-auto-tls-hub",
"hosts": [f"hub.{self.spec['domain']}"],
"name": "custom-templates",
"mountPath": "/srv/repo",
}
],
}
},
}
}
else:
generated_config = {
"jupyterhub": {
"proxy": {"https": {"hosts": [self.spec["domain"]]}},
"ingress": {
"hosts": [self.spec["domain"]],
"tls": [
{
"secretName": "https-auto-tls",
"hosts": [self.spec["domain"]],
}
],
},
"hub": {
"config": {},
"initContainers": [
{
"name": "templates-clone",
"image": "alpine/git",
"args": [
"clone",
"--",
"https://github.com/2i2c-org/default-hub-homepage",
"/srv/repo",
],
"securityContext": {
"runAsUser": 1000,
"runAsGroup": 1000,
"allowPrivilegeEscalation": False,
"readOnlyRootFilesystem": True,
},
"volumeMounts": [
{
"name": "custom-templates",
"mountPath": "/srv/repo",
}
],
},
{
"name": "templates-ownership-fix",
"image": "alpine/git",
"command": ["/bin/sh"],
"args": [
"-c",
"ls -lhd /srv/repo && chown 1000:1000 /srv/repo && ls -lhd /srv/repo",
],
"securityContext": {"runAsUser": 0},
"volumeMounts": [
{
"name": "custom-templates",
"mountPath": "/srv/repo",
}
],
},
],
"extraContainers": [
{
"name": "templates-sync",
"image": "alpine/git",
"workingDir": "/srv/repo",
"command": ["/bin/sh"],
"args": [
"-c",
dedent(
f"""\
ls -lhd /srv/repo;
while true; do git fetch origin;
if [[ $(git ls-remote --heads origin {self.cluster.spec["name"]}-{self.spec["name"]} | wc -c) -ne 0 ]]; then
git reset --hard origin/{self.cluster.spec["name"]}-{self.spec["name"]};
else
git reset --hard origin/master;
fi
sleep 5m; done
"""
),
],
"securityContext": {
"runAsUser": 1000,
"runAsGroup": 1000,
"allowPrivilegeEscalation": False,
"readOnlyRootFilesystem": True,
},
"volumeMounts": [
{
"name": "custom-templates",
"mountPath": "/srv/repo",
}
],
}
],
"extraVolumes": [{"name": "custom-templates", "emptyDir": {}}],
"extraVolumeMounts": [
{
"mountPath": "/usr/local/share/jupyterhub/custom_templates",
"name": "custom-templates",
"subPath": "templates",
},
{
"mountPath": "/usr/local/share/jupyterhub/static/extra-assets",
"name": "custom-templates",
"subPath": "extra-assets",
},
{
"name": "templates-ownership-fix",
"image": "alpine/git",
"command": ["/bin/sh"],
"args": [
"-c",
"ls -lhd /srv/repo && chown 1000:1000 /srv/repo && ls -lhd /srv/repo",
],
"securityContext": {"runAsUser": 0},
"volumeMounts": [
{
"name": "custom-templates",
"mountPath": "/srv/repo",
}
],
},
],
"extraContainers": [
{
"name": "templates-sync",
"image": "alpine/git",
"workingDir": "/srv/repo",
"command": ["/bin/sh"],
"args": [
"-c",
dedent(
f"""\
ls -lhd /srv/repo;
while true; do git fetch origin;
if [[ $(git ls-remote --heads origin {self.cluster.spec["name"]}-{self.spec["name"]} | wc -c) -ne 0 ]]; then
git reset --hard origin/{self.cluster.spec["name"]}-{self.spec["name"]};
else
git reset --hard origin/master;
fi
sleep 5m; done
"""
),
],
"securityContext": {
"runAsUser": 1000,
"runAsGroup": 1000,
"allowPrivilegeEscalation": False,
"readOnlyRootFilesystem": True,
},
],
},
"volumeMounts": [
{
"name": "custom-templates",
"mountPath": "/srv/repo",
}
],
}
],
"extraVolumes": [{"name": "custom-templates", "emptyDir": {}}],
"extraVolumeMounts": [
{
"mountPath": "/usr/local/share/jupyterhub/custom_templates",
"name": "custom-templates",
"subPath": "templates",
},
{
"mountPath": "/usr/local/share/jupyterhub/static/extra-assets",
"name": "custom-templates",
"subPath": "extra-assets",
},
],
},
}
},
}
#
# Allow explicilty ignoring auth0 setup
if self.spec["auth0"].get("enabled", True):
Expand Down

0 comments on commit c17f3ca

Please sign in to comment.