Simplified integration with namespace local JupyterHub Helm charts #612
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
consideRatio
added
enhancement
consideRatio
force-pushed
the
pr/simplied-integration-with-namespace-local-jh
branch
from
ef23bda
to
100259f
Compare
consideRatio
requested review from
jacobtomlinson,
martindurant and
TomAugspurger
consideRatio
added a commit
to consideRatio/pilot-hubs
that referenced
this pull request
Oct 7, 2022
Relies on dask/dask-gateway#612 released in some version after 2022.6.1 so we don't have to set this explicitly.
TomAugspurger
approved these changes
Oct 13, 2022
There was a problem hiding this comment.
Very cool @consideRatio!
One quick question: do you worry at all about upgrades to existing deployments? I suspect things will be just fine, since providing your own tokens continues to be an option.
Exactly, previously everyone has been forced to provide a token - so they should all be fine as this will only impact people not providing a token. Thank you for looking at this PR @TomAugspurger!!! |
|
Great, thanks. Feel free to merge whenever you're ready! |
|
Thanks! Going for it! |
consideRatio
added a commit
to consideRatio/pilot-hubs
that referenced
this pull request
Oct 13, 2022
…hub chart Relies on dask/dask-gateway#612 released in 2022.10.0 so we don't have to set this explicitly.
consideRatio
added a commit
to consideRatio/pilot-hubs
that referenced
this pull request
Oct 13, 2022
…hub chart Relies on dask/dask-gateway#612 released in 2022.10.0 so we don't have to set this explicitly.
yuvipanda
pushed a commit
to consideRatio/pilot-hubs
that referenced
this pull request
Oct 14, 2022
…hub chart Relies on dask/dask-gateway#612 released in 2022.10.0 so we don't have to set this explicitly.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Summary
Closes #473. The idea is to enable users installing both the dask-gateway chart and jupyterhub chart to not provide any api-token credential for dask-gateway/juyterhub to trust each other, but instead rely on a generated api-token persisted in a k8s Secret.
The implementation plan in #473 was the following:
This PR follows that plan quite well, but provides a default for the k8s Secret name and Key config and relies on them by default unless the previously required
apiTokenis specified. This PR also updates the documentation under the topic of installing the dask-gateway helm chart and autenticating against a JupyterHub Helm chart installation.Added chart config in values.yaml
The schema file is also updated to reflect this new configuration.
Successfully tested
I've tested this on the hub.jupytearth.org deployment of a dask-gateway deployed next to a jupyterhub.
How dask/helm-chart's daskhub would adjust with this
Steps relating to generating and configuring an api token could be simplied. This would be an example of the configuration to have, without secret credentials involved.