From c17f3cabb10a96623cbfd6301eda3577003fec52 Mon Sep 17 00:00:00 2001 From: YuviPanda Date: Wed, 16 Nov 2022 03:19:52 -0800 Subject: [PATCH] Remove entire binderhub generated config from deployer Ref https://github.com/2i2c-org/infrastructure/issues/1925 --- .../clusters/2i2c/binder-staging.values.yaml | 17 ++ deployer/hub.py | 226 ++++++++---------- 2 files changed, 117 insertions(+), 126 deletions(-) diff --git a/config/clusters/2i2c/binder-staging.values.yaml b/config/clusters/2i2c/binder-staging.values.yaml index 8123f33063..0846fe2524 100644 --- a/config/clusters/2i2c/binder-staging.values.yaml +++ b/config/clusters/2i2c/binder-staging.values.yaml @@ -1,10 +1,18 @@ binderhub: + ingress: + hosts: + - binder-staging.2i2c.cloud + tls: + - secretName: https-auto-tls-binde + hosts: + - binder-staging.2i2c.cloud registry: url: https://us-central1-docker.pkg.dev config: DockerRegistry: token_url: https://us-central1-docker.pkg.dev/v2/token?service= BinderHub: + # The URL set as jupyterhub.ingress.hosts[0] in this config hub_url: https://hub.binder-staging.2i2c.cloud image_prefix: us-central1-docker.pkg.dev/two-eye-two-see/binder-staging-registry/binder-staging- @@ -35,3 +43,12 @@ binderhub: extraVolumeMounts: - name: custom-templates mountPath: /etc/binderhub/custom + + jupyterhub: + ingress: + hosts: + - hub.binder-staging.2i2c.cloud + tls: + - secretName: https-auto-tls-binde + hosts: + - hub.binder-staging.2i2c.cloud diff --git a/deployer/hub.py b/deployer/hub.py index ae0cea3673..703616fe33 100644 --- a/deployer/hub.py +++ b/deployer/hub.py @@ -30,137 +30,111 @@ def get_generated_config(self, auth_provider: KeyProvider): WARNING: MIGHT CONTAINS SECRET VALUES! """ - if self.spec["helm_chart"] == "binderhub": - generated_config = { - "binderhub": { - "ingress": { - "hosts": [self.spec["domain"]], - "tls": [ - { - "secretName": "https-auto-tls-binder", - "hosts": [self.spec["domain"]], - } - ], - }, - "jupyterhub": { - "ingress": { - "hosts": [f"hub.{self.spec['domain']}"], - "tls": [ + generated_config = { + "jupyterhub": { + "proxy": {"https": {"hosts": [self.spec["domain"]]}}, + "ingress": { + "hosts": [self.spec["domain"]], + "tls": [ + { + "secretName": "https-auto-tls", + "hosts": [self.spec["domain"]], + } + ], + }, + "hub": { + "config": {}, + "initContainers": [ + { + "name": "templates-clone", + "image": "alpine/git", + "args": [ + "clone", + "--", + "https://github.com/2i2c-org/default-hub-homepage", + "/srv/repo", + ], + "securityContext": { + "runAsUser": 1000, + "runAsGroup": 1000, + "allowPrivilegeEscalation": False, + "readOnlyRootFilesystem": True, + }, + "volumeMounts": [ { - "secretName": "https-auto-tls-hub", - "hosts": [f"hub.{self.spec['domain']}"], + "name": "custom-templates", + "mountPath": "/srv/repo", } ], - } - }, - } - } - else: - generated_config = { - "jupyterhub": { - "proxy": {"https": {"hosts": [self.spec["domain"]]}}, - "ingress": { - "hosts": [self.spec["domain"]], - "tls": [ - { - "secretName": "https-auto-tls", - "hosts": [self.spec["domain"]], - } - ], - }, - "hub": { - "config": {}, - "initContainers": [ - { - "name": "templates-clone", - "image": "alpine/git", - "args": [ - "clone", - "--", - "https://github.com/2i2c-org/default-hub-homepage", - "/srv/repo", - ], - "securityContext": { - "runAsUser": 1000, - "runAsGroup": 1000, - "allowPrivilegeEscalation": False, - "readOnlyRootFilesystem": True, - }, - "volumeMounts": [ - { - "name": "custom-templates", - "mountPath": "/srv/repo", - } - ], - }, - { - "name": "templates-ownership-fix", - "image": "alpine/git", - "command": ["/bin/sh"], - "args": [ - "-c", - "ls -lhd /srv/repo && chown 1000:1000 /srv/repo && ls -lhd /srv/repo", - ], - "securityContext": {"runAsUser": 0}, - "volumeMounts": [ - { - "name": "custom-templates", - "mountPath": "/srv/repo", - } - ], - }, - ], - "extraContainers": [ - { - "name": "templates-sync", - "image": "alpine/git", - "workingDir": "/srv/repo", - "command": ["/bin/sh"], - "args": [ - "-c", - dedent( - f"""\ - ls -lhd /srv/repo; - while true; do git fetch origin; - if [[ $(git ls-remote --heads origin {self.cluster.spec["name"]}-{self.spec["name"]} | wc -c) -ne 0 ]]; then - git reset --hard origin/{self.cluster.spec["name"]}-{self.spec["name"]}; - else - git reset --hard origin/master; - fi - sleep 5m; done - """ - ), - ], - "securityContext": { - "runAsUser": 1000, - "runAsGroup": 1000, - "allowPrivilegeEscalation": False, - "readOnlyRootFilesystem": True, - }, - "volumeMounts": [ - { - "name": "custom-templates", - "mountPath": "/srv/repo", - } - ], - } - ], - "extraVolumes": [{"name": "custom-templates", "emptyDir": {}}], - "extraVolumeMounts": [ - { - "mountPath": "/usr/local/share/jupyterhub/custom_templates", - "name": "custom-templates", - "subPath": "templates", - }, - { - "mountPath": "/usr/local/share/jupyterhub/static/extra-assets", - "name": "custom-templates", - "subPath": "extra-assets", + }, + { + "name": "templates-ownership-fix", + "image": "alpine/git", + "command": ["/bin/sh"], + "args": [ + "-c", + "ls -lhd /srv/repo && chown 1000:1000 /srv/repo && ls -lhd /srv/repo", + ], + "securityContext": {"runAsUser": 0}, + "volumeMounts": [ + { + "name": "custom-templates", + "mountPath": "/srv/repo", + } + ], + }, + ], + "extraContainers": [ + { + "name": "templates-sync", + "image": "alpine/git", + "workingDir": "/srv/repo", + "command": ["/bin/sh"], + "args": [ + "-c", + dedent( + f"""\ + ls -lhd /srv/repo; + while true; do git fetch origin; + if [[ $(git ls-remote --heads origin {self.cluster.spec["name"]}-{self.spec["name"]} | wc -c) -ne 0 ]]; then + git reset --hard origin/{self.cluster.spec["name"]}-{self.spec["name"]}; + else + git reset --hard origin/master; + fi + sleep 5m; done + """ + ), + ], + "securityContext": { + "runAsUser": 1000, + "runAsGroup": 1000, + "allowPrivilegeEscalation": False, + "readOnlyRootFilesystem": True, }, - ], - }, + "volumeMounts": [ + { + "name": "custom-templates", + "mountPath": "/srv/repo", + } + ], + } + ], + "extraVolumes": [{"name": "custom-templates", "emptyDir": {}}], + "extraVolumeMounts": [ + { + "mountPath": "/usr/local/share/jupyterhub/custom_templates", + "name": "custom-templates", + "subPath": "templates", + }, + { + "mountPath": "/usr/local/share/jupyterhub/static/extra-assets", + "name": "custom-templates", + "subPath": "extra-assets", + }, + ], }, - } + }, + } # # Allow explicilty ignoring auth0 setup if self.spec["auth0"].get("enabled", True):