# This file can update the JupyterHub Helm chart's default configuration values.
#
# For reference see the configuration reference and default values, but make
# sure to refer to the Helm chart version of interest to you!
#
# Introduction to YAML: https://www.youtube.com/watch?v=cdLNKUoMc6c
# Chart config reference: https://zero-to-jupyterhub.readthedocs.io/en/stable/resources/reference.html
# Chart default values: https://github.com/jupyterhub/zero-to-jupyterhub-k8s/blob/HEAD/jupyterhub/values.yaml
# Available chart versions: https://jupyterhub.github.io/helm-chart/
#
hub:
config:
CILogonOAuthenticator:
client_id: $CILOGON_ID
client_secret: $CILOGON_SECRET
oauth_callback_url: https://csusb-hub-dev.nrp-nautilus.io/hub/oauth_callback
# username_claim: "email"
admin_users: ["dvu@csusb.edu", "000065181@csusb.edu", "youngsu.kim@csusb.edu", "006501270@csusb.edu"]
allowed_idps:
https://idp.csusb.edu/idp/shibboleth:
username_derivation:
username_claim: "email"
allowed_domains:
- csusb.edu
urn:mace:incommon:ucr.edu:
username_derivation:
username_claim: "email"
allowed_domains:
- ucr.edu
- email.ucr.edu
allow_all: false
allowed_users:
- dmishin@ucsd.edu
- dung.vu@email.ucr.edu
blocked_users:
- brandon.le7991@coyote.csusb.edu
# CSE faculty
# IDS faculty
JupyterHub:
admin_access: true
authenticator_class: cilogon
extraConfig:
templates: |
c.JupyterHub.template_paths = ['/etc/jupyterhub/custom']
# https://github.com/jupyterhub/zero-to-jupyterhub-k8s/issues/1990
# To use these .gitlab-ci.yml needs to be updated accordingly
extraFiles:
image_select_idp:
mountPath: /usr/local/share/jupyterhub/static/select_idp_cilogon.png
# Files in /usr/local/etc/jupyterhub/jupyterhub_config.d are
# automatically loaded in alphabetical order of the final file
# name when JupyterHub starts.
# for dynamic resource allocation
custom_spawner:
mountPath: /usr/local/etc/jupyterhub/jupyterhub_config.d/my_spawner.py
# Custom profiles list for the spawner above
custom_spawner_profile:
mountPath: /etc/jupyterhub/custom/my_spawner.html
# Additional custom html files
custom_login_html:
mountPath: /etc/jupyterhub/custom/login.html
custom_page_html:
mountPath: /etc/jupyterhub/custom/page.html
custom_spawn_pending_html:
mountPath: /etc/jupyterhub/custom/spawn_pending.html
#. JupyterHub Start with event log redirection; & cannot be passed in yaml files
# jupyterhub_event_log:
# mountPath: /etc/jupyterhub/custom/event_command.sh
# stringData: |
# #! /bin/bash
# /usr/local/bin/jupyterhub --config /usr/local/etc/jupyterhub/jupyterhub_config.py --upgrade-db &>> /srv/jupyterhub/event.log
# mode: 0777
#
# args: [ "/etc/jupyterhub/custom/event_command.sh" ]
image:
name: jupyterhub/k8s-hub
tag: '3.0.3'
pullPolicy: ''
pullSecrets: []
livenessProbe:
# The livenessProbe's aim to give JupyterHub sufficient time to startup but
# be able to restart if it becomes unresponsive for ~5 min.
enabled: true
initialDelaySeconds: 300
periodSeconds: 10
failureThreshold: 300
timeoutSeconds: 3
readinessProbe:
# The readinessProbe's aim is to provide a successful startup indication,
# but following that never become unready before its livenessProbe fail and
# restarts it if needed. To become unready following startup serves no
# purpose as there are no other pod to fallback to in our non-HA deployment.
enabled: true
initialDelaySeconds: 0
periodSeconds: 2
failureThreshold: 1000
timeoutSeconds: 1
service:
type: ClusterIP
annotations: {}
ports:
nodePort:
loadBalancerIP:
nodeSelector:
topology.kubernetes.io/region: "us-west"
# kubernetes.io/hostname: "node-2-6.sdsc.optiputer.net"
# env: system
# tolerations:
# - key: nautilus.io/csusb
# operator: Exists
# effect: NoSchedule
# - key: "nautilus.io/rynode"
# operator: "Exists"
# effect: "NoSchedule"
# - key: "nautilus.io/csu-tide"
# operator: "Exists"
# effect: "NoSchedule"
# - key: "nautilus.io/sdsu-fix"
# operator: "Exists"
# effect: "NoSchedule"
deploymentStrategy:
type: Recreate
db:
type: sqlite-pvc
pvc:
accessModes:
- ReadWriteOnce
storage: 5Gi
storageClassName: rook-ceph-block-tide
resources:
limits:
cpu: "2"
memory: 4Gi
requests:
cpu: "2"
memory: 4Gi
networkPolicy:
enabled: false
proxy:
secretToken: '$SECRET_TOKEN'
service:
type: ClusterIP
chp:
nodeSelector:
topology.kubernetes.io/region: "us-west"
# topology.kubernetes.io/hostname: "node-2-6.sdsc.optiputer.net"
# env: system
# tolerations:
# - key: "nautilus.io/csu-tide"
# operator: "Exists"
# effect: "NoSchedule"
# - key: "nautilus.io/sdsu-fix"
# operator: "Exists"
# effect: "NoSchedule"
# - key: nautilus.io/csusb
# operator: Exists
# effect: NoSchedule
# - key: "nautilus.io/rynode"
# operator: "Exists"
# effect: "NoSchedule"
resources:
limits:
cpu: "2"
memory: 4Gi
requests:
cpu: "2"
memory: 4Gi
singleuser:
extraPodConfig:
securityContext:
fsGroupChangePolicy: "OnRootMismatch"
fsGroup: 100
# runAsUser: 1099
# runAsGroup: 1099
# fsGroup: 1099
allowPrivilegeEscalation: true
extraTolerations:
- key: "nautilus.io/csu-tide"
operator: "Exists"
effect: "NoSchedule"
- key: "nautilus.io/sdsu-fix"
operator: "Exists"
effect: "NoSchedule"
# - key: "nautilus.io/csusb"
# operator: "Exists"
# effect: "NoSchedule"
# - key: "nautilus.io/rynode"
# operator: "Exists"
# effect: "NoSchedule"
# - key: "nautilus.io/testing"
# operator: "Exists"
# effect: "NoSchedule"
# extraNodeAffinity:
# required:
# - matchExpressions:
# - 'key': 'topology.kubernetes.io/region'
# 'operator': 'In'
# 'values': ["us-west"]
cloudMetadata:
blockWithIptables: false
networkPolicy:
enabled: false
storage:
type: dynamic
extraLabels: {}
extraVolumes: []
extraVolumeMounts: []
capacity: 50Gi
# homeMountPath: /home/jovyan
homeMountPath: /home/{username}
dynamic:
storageClass: rook-ceph-block-tide
pvcNameTemplate: claim-{username}{servername}
volumeNameTemplate: volume-{username}{servername}
storageAccessModes: [ReadWriteOnce]
# extraVolumes(Mounts) are overriden by the custom spawner -> extraFiles/my_spawner.py
extraVolumes:
# - name: csusb-hpc-share
# persistentVolumeClaim:
# claimName: csusb-hub-dev-share-south-east
- name: csusb-cvmfs
persistentVolumeClaim:
claimName: csusb-cvmfs
- name: scratch
emptyDir: {}
# bypass this
# - name: mkshare-script
# configMap:
# name: mkshare-script
# defaultMode: 0777
# optional: true
- name: shm-volume
emptyDir:
medium: Memory
extraVolumeMounts:
# - name: csusb-hpc-share
# mountPath: /home/jovyan/shared
# - name: csusb-cvmfs
# mountPath: /csusb-cvmfs
# C VMFS automount volumes must be mounted with HostToContainer mount propagation.
# mountPropagation: HostToContainer
# bypass this
# - name: mkshare-script
# mountPath: /usr/local/bin/before-notebook.d/mkshare.sh
# subPath: mkshare.sh
- name: shm-volume
mountPath: /dev/shm
- name: scratch
mountPath: /home/jovyan/scratch-drive
# - name: csusb-cvmfs
# It is possible to mount a single CVMFS repository by specifying subPath.
# subPath: sdsc-nrp-osdf-origin.osgstorage.org/nrp/csusb/software
# mountPath: /home/jovyan/.software
# mountPropagation: HostToContainer
image:
# name: gitlab-registry.nrp-nautilus.io/vutiendung/jupyter-stack/minimal
name: gitlab-registry.nrp-nautilus.io/prp/jupyter-stack/minimal
tag: v1.3
# tag: latest
startTimeout: 600
cpu:
limit: 16
guarantee: 4
memory:
limit: 16G
guarantee: 8G
extraResource:
limits: {}
guarantees: {}
# cmd: start-notebook.sh
cmd: jupyterhub-singleuser
defaultUrl: "/lab"
# profileList:
# - display_name: Stack Minimal
# default: true
# kubespawner_override:
# image_spec: localhost:30081/prp/jupyter-stack/minimal
scheduling:
userPlaceholder:
enabled: false
userScheduler:
enabled: false
# prePuller relates to the hook|continuous-image-puller DaemonsSets
prePuller:
hook:
enabled: false
continuous:
enabled: false
ingress:
enabled: true
annotations:
kubernetes.io/ingress.class: haproxy
hosts: ["csusb-hub-dev.nrp-nautilus.io"]
pathSuffix: ''
tls:
- hosts:
- csusb-hub-dev.nrp-nautilus.io
cull:
enabled: false
users: false
removeNamedServers: false
timeout: 3600
every: 600
concurrency: 10
maxAge: 0