diff --git a/.github/workflows/test-chart.yaml b/.github/workflows/test-chart.yaml index 81cf0f7b91..718f3257a3 100644 --- a/.github/workflows/test-chart.yaml +++ b/.github/workflows/test-chart.yaml @@ -148,19 +148,45 @@ jobs: run: | . ./ci/common UPGRADE_FROM_VERSION=$(curl -sS https://jupyterhub.github.io/helm-chart/info.json | jq -er '.jupyterhub.${{ matrix.upgrade-from }}') + echo "UPGRADE_FROM_VERSION=$UPGRADE_FROM_VERSION" >> $GITHUB_ENV echo "" echo "Installing already released jupyterhub version $UPGRADE_FROM_VERSION" - helm install jupyterhub --repo https://jupyterhub.github.io/helm-chart/ jupyterhub --values dev-config.yaml --version=$UPGRADE_FROM_VERSION + + # FIXME: We change the directory so jupyterhub the chart name won't be + # misunderstood as the local folder name. + # + # https://github.com/helm/helm/issues/9244 + cd ci + helm install jupyterhub --repo https://jupyterhub.github.io/helm-chart/ jupyterhub --values ../dev-config.yaml --version=$UPGRADE_FROM_VERSION echo "" echo "Installing Helm diff plugin while k8s resources are initializing" helm plugin install https://github.com/databus23/helm-diff - - name: "Helm diff ${{ matrix.upgrade-from }} chart with current chart" + # ref: https://github.com/jacobtomlinson/gha-read-helm-chart + - name: Load local Chart.yaml + id: local-chart + uses: jacobtomlinson/gha-read-helm-chart@0.1.3 + with: + path: jupyterhub + + - name: "Helm diff ${{ matrix.upgrade-from }} chart with local chart" if: matrix.test == 'upgrade' run: | - helm diff upgrade --install jupyterhub ./jupyterhub --values dev-config.yaml + export STRING_REPLACER_A=${{ steps.local-chart.outputs.version }} + export STRING_REPLACER_B=$UPGRADE_FROM_VERSION + + echo "NOTE: For the helm diff only, we have replaced the new chart" + echo " version with the old chart version to reduce clutter." + echo + echo " Old version: $UPGRADE_FROM_VERSION" + echo " New version: ${{ steps.local-chart.outputs.version }} (replaced)" + echo + + helm diff upgrade --install jupyterhub ./jupyterhub --values dev-config.yaml \ + --context=3 \ + --post-renderer=ci/string-replacer.sh - name: "Await ${{ matrix.upgrade-from }} chart" if: matrix.test == 'upgrade' @@ -170,7 +196,7 @@ jobs: await_autohttps_tls_cert_acquisition await_autohttps_tls_cert_save - - name: "Install or upgrade to current chart" + - name: "Install or upgrade to local chart" run: | . ./ci/common helm upgrade --install jupyterhub ./jupyterhub --values dev-config.yaml diff --git a/ci/string-replacer.sh b/ci/string-replacer.sh new file mode 100755 index 0000000000..38194204c4 --- /dev/null +++ b/ci/string-replacer.sh @@ -0,0 +1,12 @@ +#!/bin/bash +# +# In .github/workflows/test-chart.yaml, we test upgrading one chart version to +# another. After having installed the first version we run "helm diff" with the +# new version. +# +# This script created to be referenced by helm's --post-renderer flag to replace +# strings in the rendered templates into something that doesn't change. +# + +set -eu +sed -e "s|$STRING_REPLACER_A|$STRING_REPLACER_B|" < /dev/stdin diff --git a/jupyterhub/files/hub/jupyterhub_config.py b/jupyterhub/files/hub/jupyterhub_config.py index e01876fd52..f80efbec62 100644 --- a/jupyterhub/files/hub/jupyterhub_config.py +++ b/jupyterhub/files/hub/jupyterhub_config.py @@ -12,7 +12,7 @@ configuration_directory = os.path.dirname(os.path.realpath(__file__)) sys.path.insert(0, configuration_directory) -from z2jh import get_config, set_config_if_not_none +from z2jh import get_config, set_config_if_not_none, get_name, get_name_env def camelCaseify(s): @@ -35,7 +35,7 @@ def camelCaseify(s): # Connect to a proxy running in a different pod. Note that *_SERVICE_* # environment variables are set by Kubernetes for Services c.ConfigurableHTTPProxy.api_url = ( - f"http://proxy-api:{os.environ['PROXY_API_SERVICE_PORT']}" + f'http://{get_name("proxy-api")}:{get_name_env("proxy-api", "_SERVICE_PORT")}' ) c.ConfigurableHTTPProxy.should_start = False @@ -92,7 +92,9 @@ def camelCaseify(s): # hub_connect_url is the URL for connecting to the hub for use by external # JupyterHub services such as the proxy. Note that *_SERVICE_* environment # variables are set by Kubernetes for Services. -c.JupyterHub.hub_connect_url = f"http://hub:{os.environ['HUB_SERVICE_PORT']}" +c.JupyterHub.hub_connect_url = ( + f'http://{get_name("hub")}:{get_name_env("hub", "_SERVICE_PORT")}' +) # implement common labels # this duplicates the jupyterhub.commonLabels helper @@ -174,7 +176,7 @@ def camelCaseify(s): if get_config("imagePullSecret.automaticReferenceInjection") and ( get_config("imagePullSecret.create") or get_config("imagePullSecret.enabled") ): - image_pull_secrets.append("image-pull-secret") + image_pull_secrets.append(get_name("image-pull-secret")) if get_config("imagePullSecrets"): image_pull_secrets.extend(get_config("imagePullSecrets")) if get_config("singleuser.image.pullSecrets"): @@ -184,11 +186,9 @@ def camelCaseify(s): # scheduling: if get_config("scheduling.userScheduler.enabled"): - c.KubeSpawner.scheduler_name = os.environ["HELM_RELEASE_NAME"] + "-user-scheduler" + c.KubeSpawner.scheduler_name = get_name("user-scheduler") if get_config("scheduling.podPriority.enabled"): - c.KubeSpawner.priority_class_name = ( - os.environ["HELM_RELEASE_NAME"] + "-default-priority" - ) + c.KubeSpawner.priority_class_name = get_name("priority") # add node-purpose affinity match_node_purpose = get_config("scheduling.userPods.nodeAffinity.matchNodePurpose") diff --git a/jupyterhub/files/hub/z2jh.py b/jupyterhub/files/hub/z2jh.py index 5abbc8a785..ac4239b507 100644 --- a/jupyterhub/files/hub/z2jh.py +++ b/jupyterhub/files/hub/z2jh.py @@ -9,25 +9,46 @@ import yaml - # memoize so we only load config once @lru_cache() def _load_config(): - """Load configuration from disk + """Load the Helm chart configuration used to render the Helm templates of + the chart from a mounted k8s Secret.""" - Memoized to only load once - """ - cfg = {} - for source in ("config", "secret"): - path = f"/etc/jupyterhub/{source}/values.yaml" - if os.path.exists(path): - print(f"Loading {path}") - with open(path) as f: - values = yaml.safe_load(f) - cfg = _merge_dictionaries(cfg, values) - else: - print(f"No config at {path}") - return cfg + path = f"/etc/jupyterhub/secret/values.yaml" + if os.path.exists(path): + print(f"Loading {path}") + with open(path) as f: + return yaml.safe_load(f) + else: + raise Exception(f"{path} not found!") + + +@lru_cache() +def _get_config_value(key): + """Load value from the k8s ConfigMap given a key.""" + + path = f"/etc/jupyterhub/config/{key}" + if os.path.exists(path): + with open(path) as f: + return f.read() + else: + raise Exception(f"{path} not found!") + + +def get_name(name): + """Returns the fullname of a resource given its short name""" + return _get_config_value(name) + + +def get_name_env(name, suffix=""): + """Returns the fullname of a resource given its short name along with a + suffix, converted to uppercase with dashes replaced with underscores. This + is useful to reference named services associated environment variables, such + as PROXY_PUBLIC_SERVICE_PORT.""" + env_key = _get_config_value(name) + suffix + env_key = env_key.upper().replace("-", "_") + return os.environ[env_key] def _merge_dictionaries(a, b): diff --git a/jupyterhub/schema.yaml b/jupyterhub/schema.yaml index d85f68fa97..45b631fc9e 100644 --- a/jupyterhub/schema.yaml +++ b/jupyterhub/schema.yaml @@ -1,6 +1,55 @@ title: Config type: object properties: + fullnameOverride: + type: string + description: | + fullnameOverride and nameOverride allow you to adjust how the resources + part of the Helm chart are named. + + Name format | Resource types | fullnameOverride | nameOverride | Note + - | - | - | - | - + component | namespaced | `""` | * | Default + release-component | cluster wide | `""` | * | Default + fullname-component | * | str | * | - + release-component | * | null | `""` | - + release-(name-)component | * | null | str | omitted if contained in release + release-(chart-)component | * | null | null | omitted if contained in release + + ```{admonition} Warning! + :class: warning + Changing fullnameOverride or nameOverride after the initial installation + of the chart isn't supported. Changing their values likely leads to a + reset of non-external JupyterHub databases, abandonment of users' storage, + and severed couplings to currently running user pods. + ``` + + If you are a developer of a chart depending on this chart, you should + avoid hardcoding names. If you want to reference the name of a resource in + this chart from a parent helm chart's template, you can make use of the + global named templates instead. + + ```yaml + # some pod definition of a parent chart helm template + schedulerName: {{ include "jupyterhub.user-scheduler.fullname" . }} + ``` + + To access them from a container, you can also rely on the hub ConfigMap + that contains entries of all the resource names. + + ```yaml + # some container definition in a parent chart helm template + env: + - name: SCHEDULER_NAME + valueFrom: + configMapKeyRef: + name: {{ include "jupyterhub.user-scheduler.fullname" . }} + key: user-scheduler + ``` + nameOverride: + type: string + description: | + See the documentation under [`fullnameOverride`](schema_fullnameOverride). imagePullSecret: type: object description: | @@ -663,21 +712,22 @@ properties: type: - string description: | - Name of the existing secret in the kubernetes cluster, typically the `hub-secret`. + Name of an existing k8s Secret to use instead of the chart managed k8s + Secret. - This secret should represent the structure as otherwise generated by this chart: - ```yaml - apiVersion: v1 - data: - proxy.token: < FILL IN > - values.yaml: < FILL IN > - kind: Secret - metadata: - name: hub-secret - ``` + This k8s Secret must represent the structure generated by this chart + and by using this option, you are in change of ensuring the secret + structure is reflected when upgrading to new versions of the chart. - NOTE: if you choose to manage the secret yourself, you are in charge of ensuring the - secret having the proper contents. + ```yaml + apiVersion: v1 + data: + proxy.token: < FILL IN > + values.yaml: < FILL IN > + kind: Secret + metadata: + name: my-self-managed-secret + ``` nodeSelector: &nodeSelector-spec type: - object diff --git a/jupyterhub/templates/_helpers-names.tpl b/jupyterhub/templates/_helpers-names.tpl new file mode 100644 index 0000000000..2e45b26593 --- /dev/null +++ b/jupyterhub/templates/_helpers-names.tpl @@ -0,0 +1,250 @@ +{{- /* + These helpers encapsulates logic on how we name resources. They also enable + parent charts to reference these dynamic resource names. + + To avoid duplicating documentation, for more information, please see the the + fullnameOverride entry in schema.yaml or the configuration reference that + schema.yaml renders to. + + https://z2jh.jupyter.org/en/latest/resources/reference.html#fullnameOverride +*/}} + + + +{{- /* + Utility templates +*/}} + +{{- /* + Renders to a prefix for the chart's resource names. This prefix is assumed to + make the resource name cluster unique. +*/}} +{{- define "jupyterhub.fullname" -}} + {{- /* + We have implemented a trick to allow a parent chart depending on this + chart to call these named templates. + + Caveats and notes: + + 1. While parent charts can reference these, grandparent charts can't. + 2. Parent charts must not use an alias for this chart. + 3. There is no failsafe workaround to above due to + https://github.com/helm/helm/issues/9214. + 4. .Chart is of its own type (*chart.Metadata) and needs to be casted + using "toYaml | fromYaml" in order to be able to use normal helm + template functions on it. + */}} + {{- $fullname_override := .Values.fullnameOverride }} + {{- $name_override := .Values.nameOverride }} + {{- if ne .Chart.Name "jupyterhub" }} + {{- $fullname_override = .Values.jupyterhub.fullnameOverride }} + {{- $name_override = .Values.jupyterhub.nameOverride }} + {{- end }} + + {{- if eq (typeOf $fullname_override) "string" }} + {{- $fullname_override }} + {{- else }} + {{- $name := $name_override | default .Chart.Name }} + {{- if contains $name .Release.Name }} + {{- .Release.Name }} + {{- else }} + {{- .Release.Name }}-{{ $name }} + {{- end }} + {{- end }} +{{- end }} + +{{- /* + Renders to a blank string or if the fullname template is truthy renders to it + with an appended dash. +*/}} +{{- define "jupyterhub.fullname.dash" -}} + {{- if (include "jupyterhub.fullname" .) }} + {{- include "jupyterhub.fullname" . }}- + {{- end }} +{{- end }} + + + +{{- /* + Namespaced resources +*/}} + +{{- /* hub Deployment */}} +{{- define "jupyterhub.hub.fullname" -}} + {{- include "jupyterhub.fullname.dash" . }}hub +{{- end }} + +{{- /* hub Secret */}} +{{- define "jupyterhub.hub-secret.fullname" -}} + {{- /* A hack to avoid issues from invoking this from a parent Helm chart. */}} + {{- $existing_secret := .Values.hub.existingSecret }} + {{- if ne .Chart.Name "jupyterhub" }} + {{- $existing_secret = .Values.jupyterhub.hub.existingSecret }} + {{- end }} + {{- if $existing_secret }} + {{- $existing_secret }} + {{- else }} + {{- include "jupyterhub.hub.fullname" . }} + {{- end }} +{{- end }} + +{{- /* hub PVC */}} +{{- define "jupyterhub.hub-pvc.fullname" -}} + {{- include "jupyterhub.hub.fullname" . }}-db-dir +{{- end }} + +{{- /* proxy Deployment */}} +{{- define "jupyterhub.proxy.fullname" -}} + {{- include "jupyterhub.fullname.dash" . }}proxy +{{- end }} + +{{- /* proxy-api Service */}} +{{- define "jupyterhub.proxy-api.fullname" -}} + {{- include "jupyterhub.proxy.fullname" . }}-api +{{- end }} + +{{- /* proxy-http Service */}} +{{- define "jupyterhub.proxy-http.fullname" -}} + {{- include "jupyterhub.proxy.fullname" . }}-http +{{- end }} + +{{- /* proxy-public Service */}} +{{- define "jupyterhub.proxy-public.fullname" -}} + {{- include "jupyterhub.proxy.fullname" . }}-public +{{- end }} + +{{- /* proxy-public-tls Secret */}} +{{- define "jupyterhub.proxy-public-tls.fullname" -}} + {{- include "jupyterhub.proxy-public.fullname" . }}-tls-acme +{{- end }} + +{{- /* proxy-public-manual-tls Secret */}} +{{- define "jupyterhub.proxy-public-manual-tls.fullname" -}} + {{- include "jupyterhub.proxy-public.fullname" . }}-manual-tls +{{- end }} + +{{- /* autohttps Deployment */}} +{{- define "jupyterhub.autohttps.fullname" -}} + {{- include "jupyterhub.fullname.dash" . }}autohttps +{{- end }} + +{{- /* user-scheduler Deployment */}} +{{- define "jupyterhub.user-scheduler-deploy.fullname" -}} + {{- include "jupyterhub.fullname.dash" . }}user-scheduler +{{- end }} + +{{- /* user-scheduler leader election lock resource */}} +{{- define "jupyterhub.user-scheduler-lock.fullname" -}} + {{- include "jupyterhub.user-scheduler-deploy.fullname" . }}-lock +{{- end }} + +{{- /* user-placeholder StatefulSet */}} +{{- define "jupyterhub.user-placeholder.fullname" -}} + {{- include "jupyterhub.fullname.dash" . }}user-placeholder +{{- end }} + +{{- /* image-awaiter Job */}} +{{- define "jupyterhub.hook-image-awaiter.fullname" -}} + {{- include "jupyterhub.fullname.dash" . }}hook-image-awaiter +{{- end }} + +{{- /* hook-image-puller DaemonSet */}} +{{- define "jupyterhub.hook-image-puller.fullname" -}} + {{- include "jupyterhub.fullname.dash" . }}hook-image-puller +{{- end }} + +{{- /* continuous-image-puller DaemonSet */}} +{{- define "jupyterhub.continuous-image-puller.fullname" -}} + {{- include "jupyterhub.fullname.dash" . }}continuous-image-puller +{{- end }} + +{{- /* singleuser NetworkPolicy */}} +{{- define "jupyterhub.singleuser.fullname" -}} + {{- include "jupyterhub.fullname.dash" . }}singleuser +{{- end }} + +{{- /* image-pull-secret Secret */}} +{{- define "jupyterhub.image-pull-secret.fullname" -}} + {{- include "jupyterhub.fullname.dash" . }}image-pull-secret +{{- end }} + +{{- /* Ingress */}} +{{- define "jupyterhub.ingress.fullname" -}} + {{- if (include "jupyterhub.fullname.dash" .) }} + {{- include "jupyterhub.fullname.dash" . }} + {{- else -}} + jupyterhub + {{- end }} +{{- end }} + + + +{{- /* + Cluster wide resources + + We enforce uniqueness of names for our cluster wide resources. We assume that + the prefix from setting fullnameOverride to null or a string will be cluster + unique. +*/}} + +{{- /* Priority */}} +{{- define "jupyterhub.priority.fullname" -}} + {{- if (include "jupyterhub.fullname.dash" .) }} + {{- include "jupyterhub.fullname.dash" . }} + {{- else }} + {{- .Release.Name }}-default-priority + {{- end }} +{{- end }} + +{{- /* user-placeholder Priority */}} +{{- define "jupyterhub.user-placeholder-priority.fullname" -}} + {{- if (include "jupyterhub.fullname.dash" .) }} + {{- include "jupyterhub.user-placeholder.fullname" . }} + {{- else }} + {{- .Release.Name }}-user-placeholder-priority + {{- end }} +{{- end }} + +{{- /* user-scheduler's registered name */}} +{{- define "jupyterhub.user-scheduler.fullname" -}} + {{- if (include "jupyterhub.fullname.dash" .) }} + {{- include "jupyterhub.user-scheduler-deploy.fullname" . }} + {{- else }} + {{- .Release.Name }}-user-scheduler + {{- end }} +{{- end }} + + + +{{- /* + A template to render all the named templates in this file for use in the + hub's ConfigMap. + + It is important we keep this in sync with the available templates. +*/}} +{{- define "jupyterhub.name-templates" -}} +fullname: {{ include "jupyterhub.fullname" . | quote }} +fullname-dash: {{ include "jupyterhub.fullname.dash" . | quote }} +hub: {{ include "jupyterhub.hub.fullname" . | quote }} +hub-secret: {{ include "jupyterhub.hub-secret.fullname" . | quote }} +hub-pvc: {{ include "jupyterhub.hub-pvc.fullname" . | quote }} +proxy: {{ include "jupyterhub.proxy.fullname" . | quote }} +proxy-api: {{ include "jupyterhub.proxy-api.fullname" . | quote }} +proxy-http: {{ include "jupyterhub.proxy-http.fullname" . | quote }} +proxy-public: {{ include "jupyterhub.proxy-public.fullname" . | quote }} +proxy-public-tls: {{ include "jupyterhub.proxy-public-tls.fullname" . | quote }} +proxy-public-manual-tls: {{ include "jupyterhub.proxy-public-manual-tls.fullname" . | quote }} +autohttps: {{ include "jupyterhub.autohttps.fullname" . | quote }} +user-scheduler-deploy: {{ include "jupyterhub.user-scheduler-deploy.fullname" . | quote }} +user-scheduler-lock: {{ include "jupyterhub.user-scheduler-lock.fullname" . | quote }} +user-placeholder: {{ include "jupyterhub.user-placeholder.fullname" . | quote }} +hook-image-awaiter: {{ include "jupyterhub.hook-image-awaiter.fullname" . | quote }} +hook-image-puller: {{ include "jupyterhub.hook-image-puller.fullname" . | quote }} +continuous-image-puller: {{ include "jupyterhub.continuous-image-puller.fullname" . | quote }} +singleuser: {{ include "jupyterhub.singleuser.fullname" . | quote }} +image-pull-secret: {{ include "jupyterhub.image-pull-secret.fullname" . | quote }} +ingress: {{ include "jupyterhub.ingress.fullname" . | quote }} +priority: {{ include "jupyterhub.priority.fullname" . | quote }} +user-placeholder-priority: {{ include "jupyterhub.user-placeholder-priority.fullname" . | quote }} +user-scheduler: {{ include "jupyterhub.user-scheduler.fullname" . | quote }} +{{- end }} diff --git a/jupyterhub/templates/_helpers.tpl b/jupyterhub/templates/_helpers.tpl index 83d9b65b86..d1b20872de 100644 --- a/jupyterhub/templates/_helpers.tpl +++ b/jupyterhub/templates/_helpers.tpl @@ -183,7 +183,7 @@ component: {{ include "jupyterhub.componentLabel" . }} {{- /* Populate $_.list with all relevant entries */}} {{- $_ := dict "list" (concat .image.pullSecrets .root.Values.imagePullSecrets | uniq) }} {{- if and .root.Values.imagePullSecret.automaticReferenceInjection .root.Values.imagePullSecret.create }} -{{- $__ := set $_ "list" (append $_.list "image-pull-secret" | uniq) }} +{{- $__ := set $_ "list" (append $_.list (include "jupyterhub.image-pull-secret.fullname" .root) | uniq) }} {{- end }} {{- /* Decide if something should be written */}} diff --git a/jupyterhub/templates/hub/configmap.yaml b/jupyterhub/templates/hub/configmap.yaml index fc3bd32a36..60e9371c23 100644 --- a/jupyterhub/templates/hub/configmap.yaml +++ b/jupyterhub/templates/hub/configmap.yaml @@ -1,10 +1,24 @@ kind: ConfigMap apiVersion: v1 metadata: - name: hub-config + name: {{ include "jupyterhub.hub.fullname" . }} labels: {{- include "jupyterhub.labels" . | nindent 4 }} data: - {{- /* Glob files to allow them to be mounted by the hub pod */ -}} - {{- /* key=filename: value=content */ -}} + {{- /* + Resource names exposed to reliably reference them. + + user-scheduler: "my-helm-release-user-scheduler" + ... + */}} + {{- include "jupyterhub.name-templates" . | nindent 2 }} + + {{- /* + Glob files to allow them to be mounted by the hub pod + + jupyterhub_config: | + multi line string content... + z2jh.py: | + multi line string content... + */}} {{- (.Files.Glob "files/hub/*").AsConfig | nindent 2 }} diff --git a/jupyterhub/templates/hub/deployment.yaml b/jupyterhub/templates/hub/deployment.yaml index f7f52ecda6..9dade6d741 100644 --- a/jupyterhub/templates/hub/deployment.yaml +++ b/jupyterhub/templates/hub/deployment.yaml @@ -1,7 +1,7 @@ apiVersion: apps/v1 kind: Deployment metadata: - name: hub + name: {{ include "jupyterhub.hub.fullname" . }} labels: {{- include "jupyterhub.labels" . | nindent 4 }} spec: @@ -31,7 +31,7 @@ spec: {{- end }} spec: {{- if .Values.scheduling.podPriority.enabled }} - priorityClassName: {{ .Release.Name }}-default-priority + priorityClassName: {{ include "jupyterhub.priority.fullname" . }} {{- end }} nodeSelector: {{ toJson .Values.hub.nodeSelector }} tolerations: {{ toJson .Values.hub.tolerations }} @@ -39,20 +39,20 @@ spec: volumes: - name: config configMap: - name: hub-config + name: {{ include "jupyterhub.hub.fullname" . }} - name: secret secret: - secretName: {{ .Values.hub.existingSecret | default "hub-secret" }} + secretName: {{ include "jupyterhub.hub-secret.fullname" . }} {{- if .Values.hub.extraVolumes }} {{- .Values.hub.extraVolumes | toYaml | trimSuffix "\n" | nindent 8 }} {{- end }} {{- if eq .Values.hub.db.type "sqlite-pvc" }} - - name: hub-db-dir + - name: pvc persistentVolumeClaim: - claimName: hub-db-dir + claimName: {{ include "jupyterhub.hub-pvc.fullname" . }} {{- end }} {{- if .Values.rbac.enabled }} - serviceAccountName: hub + serviceAccountName: {{ include "jupyterhub.hub.fullname" . }} {{- end }} securityContext: fsGroup: {{ .Values.hub.fsGid }} @@ -127,7 +127,7 @@ spec: {{- end }} {{- if eq .Values.hub.db.type "sqlite-pvc" }} - mountPath: /srv/jupyterhub - name: hub-db-dir + name: pvc {{- if .Values.hub.db.pvc.subPath }} subPath: {{ .Values.hub.db.pvc.subPath | quote }} {{- end }} @@ -159,20 +159,20 @@ spec: - name: CONFIGPROXY_AUTH_TOKEN valueFrom: secretKeyRef: - name: {{ .Values.hub.existingSecret | default "hub-secret" }} + name: {{ include "jupyterhub.hub-secret.fullname" . }} key: proxy.token {{- if .Values.hub.db.password }} {{- if eq .Values.hub.db.type "mysql" }} - name: MYSQL_PWD valueFrom: secretKeyRef: - name: {{ .Values.hub.existingSecret | default "hub-secret" }} + name: {{ include "jupyterhub.hub-secret.fullname" . }} key: hub.db.password {{- else if eq .Values.hub.db.type "postgres" }} - name: PGPASSWORD valueFrom: secretKeyRef: - name: {{ .Values.hub.existingSecret | default "hub-secret" }} + name: {{ include "jupyterhub.hub-secret.fullname" . }} key: hub.db.password {{- end }} {{- end }} diff --git a/jupyterhub/templates/hub/netpol.yaml b/jupyterhub/templates/hub/netpol.yaml index 4938e70b0c..7d948ece74 100644 --- a/jupyterhub/templates/hub/netpol.yaml +++ b/jupyterhub/templates/hub/netpol.yaml @@ -2,7 +2,7 @@ apiVersion: networking.k8s.io/v1 kind: NetworkPolicy metadata: - name: hub + name: {{ include "jupyterhub.hub.fullname" . }} labels: {{- include "jupyterhub.labels" . | nindent 4 }} spec: diff --git a/jupyterhub/templates/hub/pdb.yaml b/jupyterhub/templates/hub/pdb.yaml index 5b0623bf54..1419eda894 100644 --- a/jupyterhub/templates/hub/pdb.yaml +++ b/jupyterhub/templates/hub/pdb.yaml @@ -2,7 +2,7 @@ apiVersion: policy/v1beta1 kind: PodDisruptionBudget metadata: - name: hub + name: {{ include "jupyterhub.hub.fullname" . }} labels: {{- include "jupyterhub.labels" . | nindent 4 }} spec: diff --git a/jupyterhub/templates/hub/pvc.yaml b/jupyterhub/templates/hub/pvc.yaml index 240321af4c..73cdfd837e 100644 --- a/jupyterhub/templates/hub/pvc.yaml +++ b/jupyterhub/templates/hub/pvc.yaml @@ -2,7 +2,7 @@ kind: PersistentVolumeClaim apiVersion: v1 metadata: - name: hub-db-dir + name: {{ include "jupyterhub.hub-pvc.fullname" . }} labels: {{- include "jupyterhub.labels" . | nindent 4 }} {{- if .Values.hub.db.pvc.annotations }} diff --git a/jupyterhub/templates/hub/rbac.yaml b/jupyterhub/templates/hub/rbac.yaml index f78ebfd18a..d46cc8de4d 100644 --- a/jupyterhub/templates/hub/rbac.yaml +++ b/jupyterhub/templates/hub/rbac.yaml @@ -2,14 +2,14 @@ apiVersion: v1 kind: ServiceAccount metadata: - name: hub + name: {{ include "jupyterhub.hub.fullname" . }} labels: {{- include "jupyterhub.labels" . | nindent 4 }} --- kind: Role apiVersion: rbac.authorization.k8s.io/v1 metadata: - name: hub + name: {{ include "jupyterhub.hub.fullname" . }} labels: {{- include "jupyterhub.labels" . | nindent 4 }} rules: @@ -23,15 +23,15 @@ rules: kind: RoleBinding apiVersion: rbac.authorization.k8s.io/v1 metadata: - name: hub + name: {{ include "jupyterhub.hub.fullname" . }} labels: {{- include "jupyterhub.labels" . | nindent 4 }} subjects: - kind: ServiceAccount - name: hub + name: {{ include "jupyterhub.hub.fullname" . }} namespace: {{ .Release.Namespace }} roleRef: kind: Role - name: hub + name: {{ include "jupyterhub.hub.fullname" . }} apiGroup: rbac.authorization.k8s.io {{- end }} diff --git a/jupyterhub/templates/hub/secret.yaml b/jupyterhub/templates/hub/secret.yaml index 49df86921a..485fc8ebb7 100644 --- a/jupyterhub/templates/hub/secret.yaml +++ b/jupyterhub/templates/hub/secret.yaml @@ -2,7 +2,7 @@ kind: Secret apiVersion: v1 metadata: - name: hub-secret + name: {{ include "jupyterhub.hub-secret.fullname" . }} labels: {{- include "jupyterhub.labels" . | nindent 4 }} type: Opaque diff --git a/jupyterhub/templates/hub/service.yaml b/jupyterhub/templates/hub/service.yaml index 34470b6b0f..54147e8e1c 100644 --- a/jupyterhub/templates/hub/service.yaml +++ b/jupyterhub/templates/hub/service.yaml @@ -1,7 +1,7 @@ apiVersion: v1 kind: Service metadata: - name: hub + name: {{ include "jupyterhub.hub.fullname" . }} labels: {{- include "jupyterhub.labels" . | nindent 4 }} annotations: diff --git a/jupyterhub/templates/image-pull-secret.yaml b/jupyterhub/templates/image-pull-secret.yaml index 95ebb28d10..efb6b2ef4d 100644 --- a/jupyterhub/templates/image-pull-secret.yaml +++ b/jupyterhub/templates/image-pull-secret.yaml @@ -2,7 +2,7 @@ kind: Secret apiVersion: v1 metadata: - name: image-pull-secret + name: {{ include "jupyterhub.image-pull-secret.fullname" . }} labels: {{- include "jupyterhub.labels" . | nindent 4 }} annotations: diff --git a/jupyterhub/templates/image-puller/_daemonset-helper.yaml b/jupyterhub/templates/image-puller/_helpers-daemonset.tpl similarity index 95% rename from jupyterhub/templates/image-puller/_daemonset-helper.yaml rename to jupyterhub/templates/image-puller/_helpers-daemonset.tpl index ad4485e8e5..072617d6e2 100644 --- a/jupyterhub/templates/image-puller/_daemonset-helper.yaml +++ b/jupyterhub/templates/image-puller/_helpers-daemonset.tpl @@ -7,7 +7,11 @@ Returns an image-puller daemonset. Two daemonsets will be created like this. apiVersion: apps/v1 kind: DaemonSet metadata: - name: {{ print .componentPrefix "image-puller" }} + {{- if .hook }} + name: {{ include "jupyterhub.hook-image-puller.fullname" . }} + {{- else }} + name: {{ include "jupyterhub.continuous-image-puller.fullname" . }} + {{- end }} labels: {{- include "jupyterhub.labels" . | nindent 4 }} {{- if .hook }} @@ -44,7 +48,7 @@ spec: per node limit all k8s clusters have. */}} {{- if and (not .hook) .Values.scheduling.podPriority.enabled }} - priorityClassName: {{ .Release.Name }}-user-placeholder-priority + priorityClassName: {{ include "jupyterhub.user-placeholder-priority.fullname" . }} {{- end }} tolerations: {{- include "jupyterhub.userTolerations" . | nindent 8 }} diff --git a/jupyterhub/templates/image-puller/daemonset.yaml b/jupyterhub/templates/image-puller/daemonset.yaml index 190e4f6db9..0a80c1e35a 100644 --- a/jupyterhub/templates/image-puller/daemonset.yaml +++ b/jupyterhub/templates/image-puller/daemonset.yaml @@ -8,7 +8,14 @@ deleted. Only then will the actual helm upgrade start. {{- $_ := merge (dict "hook" true "componentPrefix" "hook-") . }} {{- include "jupyterhub.imagePuller.daemonset" $_ }} {{- end }} ---- + + +{{- /* Manifest separator */}} +{{- if and .Values.prePuller.hook.enabled .Values.prePuller.continuous.enabled }} +{{- print "\n---\n" }} +{{- end }} + + {{- /* The continuous-image-puller daemonset task is to pull required images to nodes that are added in between helm upgrades, for example by manually adding a node @@ -16,5 +23,5 @@ or by the cluster autoscaler. */}} {{- if .Values.prePuller.continuous.enabled }} {{- $_ := merge (dict "hook" false "componentPrefix" "continuous-") . }} -{{ include "jupyterhub.imagePuller.daemonset" $_ }} +{{- include "jupyterhub.imagePuller.daemonset" $_ }} {{- end }} diff --git a/jupyterhub/templates/image-puller/job.yaml b/jupyterhub/templates/image-puller/job.yaml index e5505a69ac..38c186aeb8 100644 --- a/jupyterhub/templates/image-puller/job.yaml +++ b/jupyterhub/templates/image-puller/job.yaml @@ -9,7 +9,7 @@ command. apiVersion: batch/v1 kind: Job metadata: - name: hook-image-awaiter + name: {{ include "jupyterhub.hook-image-awaiter.fullname" . }} labels: {{- include "jupyterhub.labels" . | nindent 4 }} hub.jupyter.org/deletable: "true" @@ -30,7 +30,7 @@ spec: spec: restartPolicy: Never {{- if .Values.rbac.enabled }} - serviceAccountName: hook-image-awaiter + serviceAccountName: {{ include "jupyterhub.hook-image-awaiter.fullname" . }} {{- end }} tolerations: {{ toJson .Values.prePuller.hook.tolerations }} nodeSelector: {{ toJson .Values.prePuller.hook.nodeSelector }} @@ -39,7 +39,7 @@ spec: {{- end }} containers: - image: {{ .Values.prePuller.hook.image.name }}:{{ .Values.prePuller.hook.image.tag }} - name: hook-image-awaiter + name: {{ include "jupyterhub.hook-image-awaiter.fullname" . }} {{- with .Values.prePuller.hook.image.pullPolicy }} imagePullPolicy: {{ . }} {{- end }} @@ -49,7 +49,7 @@ spec: - -auth-token-path=/var/run/secrets/kubernetes.io/serviceaccount/token - -api-server-address=https://kubernetes.default.svc:$(KUBERNETES_SERVICE_PORT) - -namespace={{ .Release.Namespace }} - - -daemonset=hook-image-puller + - -daemonset={{ include "jupyterhub.hook-image-puller.fullname" . }} - -pod-scheduling-wait-duration={{ .Values.prePuller.hook.podSchedulingWaitDuration }} {{- with .Values.prePuller.hook.containerSecurityContext }} securityContext: diff --git a/jupyterhub/templates/image-puller/rbac.yaml b/jupyterhub/templates/image-puller/rbac.yaml index 4dd9b40fed..369de17151 100644 --- a/jupyterhub/templates/image-puller/rbac.yaml +++ b/jupyterhub/templates/image-puller/rbac.yaml @@ -9,7 +9,7 @@ This service account... apiVersion: v1 kind: ServiceAccount metadata: - name: hook-image-awaiter + name: {{ include "jupyterhub.hook-image-awaiter.fullname" . }} labels: {{- include "jupyterhub.labels" . | nindent 4 }} hub.jupyter.org/deletable: "true" @@ -24,7 +24,7 @@ metadata: kind: Role apiVersion: rbac.authorization.k8s.io/v1 metadata: - name: hook-image-awaiter + name: {{ include "jupyterhub.hook-image-awaiter.fullname" . }} labels: {{- include "jupyterhub.labels" . | nindent 4 }} hub.jupyter.org/deletable: "true" @@ -43,7 +43,7 @@ rules: kind: RoleBinding apiVersion: rbac.authorization.k8s.io/v1 metadata: - name: hook-image-awaiter + name: {{ include "jupyterhub.hook-image-awaiter.fullname" . }} labels: {{- include "jupyterhub.labels" . | nindent 4 }} hub.jupyter.org/deletable: "true" @@ -53,11 +53,11 @@ metadata: "helm.sh/hook-weight": "0" subjects: - kind: ServiceAccount - name: hook-image-awaiter + name: {{ include "jupyterhub.hook-image-awaiter.fullname" . }} namespace: {{ .Release.Namespace }} roleRef: kind: Role - name: hook-image-awaiter + name: {{ include "jupyterhub.hook-image-awaiter.fullname" . }} apiGroup: rbac.authorization.k8s.io {{- end }} {{- end }} diff --git a/jupyterhub/templates/ingress.yaml b/jupyterhub/templates/ingress.yaml index e0b760c7da..e81f17d3e7 100644 --- a/jupyterhub/templates/ingress.yaml +++ b/jupyterhub/templates/ingress.yaml @@ -6,7 +6,7 @@ apiVersion: networking.k8s.io/v1beta1 {{- end }} kind: Ingress metadata: - name: jupyterhub + name: {{ include "jupyterhub.ingress.fullname" . }} labels: {{- include "jupyterhub.labels" . | nindent 4 }} {{- if .Values.ingress.annotations }} @@ -31,7 +31,7 @@ spec: name: http {{- else }} backend: - serviceName: proxy-public + serviceName: {{ include "jupyterhub.proxy-public.fullname" $ }} servicePort: 80 {{- end }} {{- end }} diff --git a/jupyterhub/templates/proxy/autohttps/configmap.yaml b/jupyterhub/templates/proxy/autohttps/configmap.yaml index b529a8c6bf..4804bf73dc 100644 --- a/jupyterhub/templates/proxy/autohttps/configmap.yaml +++ b/jupyterhub/templates/proxy/autohttps/configmap.yaml @@ -16,7 +16,7 @@ kind: ConfigMap apiVersion: v1 metadata: - name: traefik-proxy-config + name: {{ include "jupyterhub.autohttps.fullname" . }} labels: {{- include "jupyterhub.labels" . | nindent 4 }} data: diff --git a/jupyterhub/templates/proxy/autohttps/deployment.yaml b/jupyterhub/templates/proxy/autohttps/deployment.yaml index 581e4d22c7..bcabde2b0c 100644 --- a/jupyterhub/templates/proxy/autohttps/deployment.yaml +++ b/jupyterhub/templates/proxy/autohttps/deployment.yaml @@ -4,7 +4,7 @@ apiVersion: apps/v1 kind: Deployment metadata: - name: autohttps + name: {{ include "jupyterhub.autohttps.fullname" . }} labels: {{- include "jupyterhub.labels" . | nindent 4 }} spec: @@ -28,10 +28,10 @@ spec: checksum/static-config: {{ include "jupyterhub.traefik.yaml" . | fromYaml | merge .Values.proxy.traefik.extraStaticConfig | toYaml | sha256sum }} spec: {{- if .Values.rbac.enabled }} - serviceAccountName: autohttps + serviceAccountName: {{ include "jupyterhub.autohttps.fullname" . }} {{- end }} {{- if .Values.scheduling.podPriority.enabled }} - priorityClassName: {{ .Release.Name }}-default-priority + priorityClassName: {{ include "jupyterhub.priority.fullname" . }} {{- end }} nodeSelector: {{ toJson .Values.proxy.traefik.nodeSelector }} tolerations: {{ toJson .Values.proxy.traefik.tolerations }} @@ -41,7 +41,7 @@ spec: emptyDir: {} - name: traefik-config configMap: - name: traefik-proxy-config + name: {{ include "jupyterhub.autohttps.fullname" . }} {{- with .Values.proxy.traefik.extraVolumes }} {{- . | toYaml | trimSuffix "\n" | nindent 8 }} {{- end }} @@ -56,7 +56,7 @@ spec: {{- end }} args: - load - - proxy-public-tls-acme + - {{ include "jupyterhub.proxy-public-tls.fullname" . }} - acme.json - /etc/acme/acme.json env: @@ -114,7 +114,7 @@ spec: - --label=release={{ .Release.Name }} - --label=chart={{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - --label=heritage=secret-sync - - proxy-public-tls-acme + - {{ include "jupyterhub.proxy-public-tls.fullname" . }} - acme.json - /etc/acme/acme.json env: diff --git a/jupyterhub/templates/proxy/autohttps/netpol.yaml b/jupyterhub/templates/proxy/autohttps/netpol.yaml index 6d7de8b92a..710b77ce60 100644 --- a/jupyterhub/templates/proxy/autohttps/netpol.yaml +++ b/jupyterhub/templates/proxy/autohttps/netpol.yaml @@ -4,7 +4,7 @@ apiVersion: networking.k8s.io/v1 kind: NetworkPolicy metadata: - name: autohttps + name: {{ include "jupyterhub.autohttps.fullname" . }} labels: {{- include "jupyterhub.labels" . | nindent 4 }} spec: diff --git a/jupyterhub/templates/proxy/autohttps/rbac.yaml b/jupyterhub/templates/proxy/autohttps/rbac.yaml index 3a864c6851..4f5d8e4ee3 100644 --- a/jupyterhub/templates/proxy/autohttps/rbac.yaml +++ b/jupyterhub/templates/proxy/autohttps/rbac.yaml @@ -4,7 +4,7 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: - name: autohttps + name: {{ include "jupyterhub.autohttps.fullname" . }} labels: {{- include "jupyterhub.labels" . | nindent 4 }} rules: @@ -15,22 +15,22 @@ rules: apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: - name: autohttps + name: {{ include "jupyterhub.autohttps.fullname" . }} labels: {{- include "jupyterhub.labels" . | nindent 4 }} subjects: - kind: ServiceAccount - name: autohttps + name: {{ include "jupyterhub.autohttps.fullname" . }} apiGroup: roleRef: kind: Role - name: autohttps + name: {{ include "jupyterhub.autohttps.fullname" . }} apiGroup: rbac.authorization.k8s.io --- apiVersion: v1 kind: ServiceAccount metadata: - name: autohttps + name: {{ include "jupyterhub.autohttps.fullname" . }} labels: {{- include "jupyterhub.labels" . | nindent 4 }} {{- end }} diff --git a/jupyterhub/templates/proxy/autohttps/service.yaml b/jupyterhub/templates/proxy/autohttps/service.yaml index 6884f1c446..d5dc52418d 100644 --- a/jupyterhub/templates/proxy/autohttps/service.yaml +++ b/jupyterhub/templates/proxy/autohttps/service.yaml @@ -4,7 +4,7 @@ apiVersion: v1 kind: Service metadata: - name: proxy-http + name: {{ include "jupyterhub.proxy-http.fullname" . }} labels: {{- include "jupyterhub.labels" . | nindent 4 }} {{- range $key, $value := .Values.proxy.service.labels }} diff --git a/jupyterhub/templates/proxy/deployment.yaml b/jupyterhub/templates/proxy/deployment.yaml index 5ffac92727..8eae2205c3 100644 --- a/jupyterhub/templates/proxy/deployment.yaml +++ b/jupyterhub/templates/proxy/deployment.yaml @@ -3,7 +3,7 @@ apiVersion: apps/v1 kind: Deployment metadata: - name: proxy + name: {{ include "jupyterhub.proxy.fullname" . }} labels: {{- include "jupyterhub.labels" . | nindent 4 }} spec: @@ -33,7 +33,7 @@ spec: spec: terminationGracePeriodSeconds: 60 {{- if .Values.scheduling.podPriority.enabled }} - priorityClassName: {{ .Release.Name }}-default-priority + priorityClassName: {{ include "jupyterhub.priority.fullname" . }} {{- end }} nodeSelector: {{ toJson .Values.proxy.chp.nodeSelector }} tolerations: {{ toJson .Values.proxy.chp.tolerations }} @@ -42,7 +42,7 @@ spec: volumes: - name: tls-secret secret: - secretName: proxy-manual-tls + secretName: {{ include "jupyterhub.proxy-public-manual-tls.fullname" . }} {{- else if $manualHTTPSwithsecret }} volumes: - name: tls-secret @@ -55,13 +55,14 @@ spec: containers: - name: chp image: {{ .Values.proxy.chp.image.name }}:{{ .Values.proxy.chp.image.tag }} + {{- $hubNameAsEnv := include "jupyterhub.hub.fullname" . | upper | replace "-" "_" }} command: - configurable-http-proxy - "--ip=::" - "--api-ip=::" - --api-port=8001 - - --default-target=http://hub:$(HUB_SERVICE_PORT) - - --error-target=http://hub:$(HUB_SERVICE_PORT)/hub/error + - --default-target=http://{{ include "jupyterhub.hub.fullname" . }}:$({{ $hubNameAsEnv }}_SERVICE_PORT) + - --error-target=http://{{ include "jupyterhub.hub.fullname" . }}:$({{ $hubNameAsEnv }}_SERVICE_PORT)/hub/error {{- if $manualHTTPS }} - --port=8443 - --redirect-port=8000 @@ -95,7 +96,7 @@ spec: - name: CONFIGPROXY_AUTH_TOKEN valueFrom: secretKeyRef: - name: {{ .Values.hub.existingSecret | default "hub-secret" }} + name: {{ include "jupyterhub.hub-secret.fullname" . }} key: proxy.token {{- include "jupyterhub.extraEnv" .Values.proxy.chp.extraEnv | nindent 12 }} {{- with .Values.proxy.chp.image.pullPolicy }} diff --git a/jupyterhub/templates/proxy/netpol.yaml b/jupyterhub/templates/proxy/netpol.yaml index fbab69d74f..c12f2eabd3 100644 --- a/jupyterhub/templates/proxy/netpol.yaml +++ b/jupyterhub/templates/proxy/netpol.yaml @@ -6,7 +6,7 @@ apiVersion: networking.k8s.io/v1 kind: NetworkPolicy metadata: - name: proxy + name: {{ include "jupyterhub.proxy.fullname" . }} labels: {{- include "jupyterhub.labels" . | nindent 4 }} spec: diff --git a/jupyterhub/templates/proxy/pdb.yaml b/jupyterhub/templates/proxy/pdb.yaml index b8946d2178..a9a19a3691 100644 --- a/jupyterhub/templates/proxy/pdb.yaml +++ b/jupyterhub/templates/proxy/pdb.yaml @@ -2,7 +2,7 @@ apiVersion: policy/v1beta1 kind: PodDisruptionBudget metadata: - name: proxy + name: {{ include "jupyterhub.proxy.fullname" . }} labels: {{- include "jupyterhub.labels" . | nindent 4 }} spec: diff --git a/jupyterhub/templates/proxy/secret.yaml b/jupyterhub/templates/proxy/secret.yaml index db56769c17..9a3e4d6f8d 100644 --- a/jupyterhub/templates/proxy/secret.yaml +++ b/jupyterhub/templates/proxy/secret.yaml @@ -3,7 +3,7 @@ apiVersion: v1 kind: Secret metadata: - name: proxy-manual-tls + name: {{ include "jupyterhub.proxy-public-manual-tls.fullname" . }} labels: {{- include "jupyterhub.labels" . | nindent 4 }} type: kubernetes.io/tls diff --git a/jupyterhub/templates/proxy/service.yaml b/jupyterhub/templates/proxy/service.yaml index 9e96b72d78..43a53aa1a6 100644 --- a/jupyterhub/templates/proxy/service.yaml +++ b/jupyterhub/templates/proxy/service.yaml @@ -8,7 +8,7 @@ apiVersion: v1 kind: Service metadata: - name: proxy-api + name: {{ include "jupyterhub.proxy-api.fullname" . }} labels: {{- $_ := merge (dict "componentSuffix" "-api") . }} {{- include "jupyterhub.labels" $_ | nindent 4 }} @@ -22,7 +22,7 @@ spec: apiVersion: v1 kind: Service metadata: - name: proxy-public + name: {{ include "jupyterhub.proxy-public.fullname" . }} labels: {{- $_ := merge (dict "componentSuffix" "-public") . }} {{- include "jupyterhub.labels" $_ | nindent 4 }} diff --git a/jupyterhub/templates/scheduling/priorityclass.yaml b/jupyterhub/templates/scheduling/priorityclass.yaml index 4caf001102..050c472e86 100644 --- a/jupyterhub/templates/scheduling/priorityclass.yaml +++ b/jupyterhub/templates/scheduling/priorityclass.yaml @@ -2,7 +2,7 @@ apiVersion: scheduling.k8s.io/v1 kind: PriorityClass metadata: - name: {{ .Release.Name }}-default-priority + name: {{ include "jupyterhub.priority.fullname" . }} labels: {{- $_ := merge (dict "componentLabel" "default-priority") . }} {{- include "jupyterhub.labels" $_ | nindent 4 }} diff --git a/jupyterhub/templates/scheduling/user-placeholder/pdb.yaml b/jupyterhub/templates/scheduling/user-placeholder/pdb.yaml index df406b809b..923fc010b0 100644 --- a/jupyterhub/templates/scheduling/user-placeholder/pdb.yaml +++ b/jupyterhub/templates/scheduling/user-placeholder/pdb.yaml @@ -6,7 +6,7 @@ it would help in order to scale down a node. apiVersion: policy/v1beta1 kind: PodDisruptionBudget metadata: - name: user-placeholder + name: {{ include "jupyterhub.user-placeholder.fullname" . }} labels: {{- include "jupyterhub.labels" . | nindent 4 }} spec: diff --git a/jupyterhub/templates/scheduling/user-placeholder/priorityclass.yaml b/jupyterhub/templates/scheduling/user-placeholder/priorityclass.yaml index a039609737..fb4fda7b31 100644 --- a/jupyterhub/templates/scheduling/user-placeholder/priorityclass.yaml +++ b/jupyterhub/templates/scheduling/user-placeholder/priorityclass.yaml @@ -3,7 +3,7 @@ apiVersion: scheduling.k8s.io/v1 kind: PriorityClass metadata: - name: {{ .Release.Name }}-user-placeholder-priority + name: {{ include "jupyterhub.user-placeholder-priority.fullname" . }} labels: {{- include "jupyterhub.labels" . | nindent 4 }} annotations: diff --git a/jupyterhub/templates/scheduling/user-placeholder/statefulset.yaml b/jupyterhub/templates/scheduling/user-placeholder/statefulset.yaml index 112fd58d84..12f54be616 100644 --- a/jupyterhub/templates/scheduling/user-placeholder/statefulset.yaml +++ b/jupyterhub/templates/scheduling/user-placeholder/statefulset.yaml @@ -11,7 +11,7 @@ $ kubectl scale sts/user-placeholder --replicas 4 apiVersion: apps/v1 kind: StatefulSet metadata: - name: user-placeholder + name: {{ include "jupyterhub.user-placeholder.fullname" . }} labels: {{- include "jupyterhub.labels" . | nindent 4 }} spec: @@ -20,7 +20,7 @@ spec: selector: matchLabels: {{- include "jupyterhub.matchLabels" . | nindent 6 }} - serviceName: "user-placeholder" + serviceName: {{ include "jupyterhub.user-placeholder.fullname" . }} template: metadata: labels: @@ -28,10 +28,10 @@ spec: {{- include "jupyterhub.matchLabels" . | nindent 8 }} spec: {{- if .Values.scheduling.podPriority.enabled }} - priorityClassName: {{ .Release.Name }}-user-placeholder-priority + priorityClassName: {{ include "jupyterhub.user-placeholder-priority.fullname" . }} {{- end }} {{- if .Values.scheduling.userScheduler.enabled }} - schedulerName: {{ .Release.Name }}-user-scheduler + schedulerName: {{ include "jupyterhub.user-scheduler.fullname" . }} {{- end }} tolerations: {{- include "jupyterhub.userTolerations" . | nindent 8 }} diff --git a/jupyterhub/templates/scheduling/user-scheduler/configmap.yaml b/jupyterhub/templates/scheduling/user-scheduler/configmap.yaml index 3935326e81..e1255f564f 100644 --- a/jupyterhub/templates/scheduling/user-scheduler/configmap.yaml +++ b/jupyterhub/templates/scheduling/user-scheduler/configmap.yaml @@ -2,7 +2,7 @@ kind: ConfigMap apiVersion: v1 metadata: - name: user-scheduler + name: {{ include "jupyterhub.user-scheduler-deploy.fullname" . }} labels: {{- include "jupyterhub.labels" . | nindent 4 }} data: @@ -12,10 +12,10 @@ data: kind: KubeSchedulerConfiguration leaderElection: resourceLock: endpoints - resourceName: user-scheduler-lock + resourceName: {{ include "jupyterhub.user-scheduler-lock.fullname" . }} resourceNamespace: {{ .Release.Namespace }} profiles: - - schedulerName: {{ .Release.Name }}-user-scheduler + - schedulerName: {{ include "jupyterhub.user-scheduler.fullname" . }} plugins: {{- .Values.scheduling.userScheduler.plugins | toYaml | trimSuffix "\n" | nindent 10 }} diff --git a/jupyterhub/templates/scheduling/user-scheduler/deployment.yaml b/jupyterhub/templates/scheduling/user-scheduler/deployment.yaml index ee38b6464e..71fea95f48 100644 --- a/jupyterhub/templates/scheduling/user-scheduler/deployment.yaml +++ b/jupyterhub/templates/scheduling/user-scheduler/deployment.yaml @@ -2,7 +2,7 @@ apiVersion: apps/v1 kind: Deployment metadata: - name: user-scheduler + name: {{ include "jupyterhub.user-scheduler-deploy.fullname" . }} labels: {{- include "jupyterhub.labels" . | nindent 4 }} spec: @@ -18,10 +18,10 @@ spec: checksum/config-map: {{ include (print $.Template.BasePath "/scheduling/user-scheduler/configmap.yaml") . | sha256sum }} spec: {{- if .Values.rbac.enabled }} - serviceAccountName: user-scheduler + serviceAccountName: {{ include "jupyterhub.user-scheduler-deploy.fullname" . }} {{- end }} {{- if .Values.scheduling.podPriority.enabled }} - priorityClassName: {{ .Release.Name }}-default-priority + priorityClassName: {{ include "jupyterhub.priority.fullname" . }} {{- end }} nodeSelector: {{ toJson .Values.scheduling.userScheduler.nodeSelector }} tolerations: {{ toJson .Values.scheduling.userScheduler.tolerations }} @@ -29,12 +29,12 @@ spec: volumes: - name: config configMap: - name: user-scheduler + name: {{ include "jupyterhub.user-scheduler-deploy.fullname" . }} {{- with include "jupyterhub.imagePullSecrets" (dict "root" . "image" .Values.scheduling.userScheduler.image) }} imagePullSecrets: {{ . }} {{- end }} containers: - - name: user-scheduler + - name: {{ include "jupyterhub.user-scheduler-deploy.fullname" . }} # NOTE: When the kube-scheduler 1.17+ binaries fail to find CSINode # resource in the cluster, they won't start scheduling. Due to # this, we fallback to the latest functional version with its @@ -66,9 +66,9 @@ spec: - --config=/etc/user-scheduler/config.yaml - --authentication-skip-lookup=true {{- else }} - - --scheduler-name={{ .Release.Name }}-user-scheduler + - --scheduler-name={{ include "jupyterhub.user-scheduler.fullname" . }} - --policy-config-file=/etc/user-scheduler/policy.cfg - - --lock-object-name=user-scheduler-lock + - --lock-object-name={{ include "jupyterhub.user-scheduler-lock.fullname" . }} - --lock-object-namespace={{ .Release.Namespace }} {{- end }} - --v={{ .Values.scheduling.userScheduler.logLevel | default 4 }} diff --git a/jupyterhub/templates/scheduling/user-scheduler/pdb.yaml b/jupyterhub/templates/scheduling/user-scheduler/pdb.yaml index b49f8c1526..d8ed345966 100644 --- a/jupyterhub/templates/scheduling/user-scheduler/pdb.yaml +++ b/jupyterhub/templates/scheduling/user-scheduler/pdb.yaml @@ -2,7 +2,7 @@ apiVersion: policy/v1beta1 kind: PodDisruptionBudget metadata: - name: user-scheduler + name: {{ include "jupyterhub.user-scheduler-deploy.fullname" . }} labels: {{- include "jupyterhub.labels" . | nindent 4 }} spec: diff --git a/jupyterhub/templates/scheduling/user-scheduler/rbac.yaml b/jupyterhub/templates/scheduling/user-scheduler/rbac.yaml index 4c15ed62c2..6c98586503 100644 --- a/jupyterhub/templates/scheduling/user-scheduler/rbac.yaml +++ b/jupyterhub/templates/scheduling/user-scheduler/rbac.yaml @@ -3,14 +3,14 @@ apiVersion: v1 kind: ServiceAccount metadata: - name: user-scheduler + name: {{ include "jupyterhub.user-scheduler-deploy.fullname" . }} labels: {{- include "jupyterhub.labels" . | nindent 4 }} --- kind: ClusterRole apiVersion: rbac.authorization.k8s.io/v1 metadata: - name: {{ .Release.Name }}-user-scheduler + name: {{ include "jupyterhub.user-scheduler.fullname" . }} labels: {{- include "jupyterhub.labels" . | nindent 4 }} rules: @@ -40,7 +40,7 @@ rules: - apiGroups: - coordination.k8s.io resourceNames: - - user-scheduler-lock + - {{ include "jupyterhub.user-scheduler-lock.fullname" . }} resources: - leases verbs: @@ -55,7 +55,7 @@ rules: - apiGroups: - "" resourceNames: - - user-scheduler-lock + - {{ include "jupyterhub.user-scheduler-lock.fullname" . }} resources: - endpoints verbs: @@ -194,7 +194,7 @@ rules: kind: ClusterRoleBinding apiVersion: rbac.authorization.k8s.io/v1 metadata: - name: {{ .Release.Name }}-user-scheduler + name: {{ include "jupyterhub.user-scheduler.fullname" . }} labels: {{- include "jupyterhub.labels" . | nindent 4 }} subjects: @@ -203,7 +203,7 @@ subjects: namespace: {{ .Release.Namespace }} roleRef: kind: ClusterRole - name: {{ .Release.Name }}-user-scheduler + name: {{ include "jupyterhub.user-scheduler.fullname" . }} apiGroup: rbac.authorization.k8s.io {{- end }} {{- end }} diff --git a/jupyterhub/templates/singleuser/netpol.yaml b/jupyterhub/templates/singleuser/netpol.yaml index 1c24e4888c..07137fd2d4 100644 --- a/jupyterhub/templates/singleuser/netpol.yaml +++ b/jupyterhub/templates/singleuser/netpol.yaml @@ -2,7 +2,7 @@ apiVersion: networking.k8s.io/v1 kind: NetworkPolicy metadata: - name: singleuser + name: {{ include "jupyterhub.singleuser.fullname" . }} labels: {{- include "jupyterhub.labels" . | nindent 4 }} spec: diff --git a/jupyterhub/values.yaml b/jupyterhub/values.yaml index a29dcaac3a..9f8e3ef857 100644 --- a/jupyterhub/values.yaml +++ b/jupyterhub/values.yaml @@ -1,3 +1,8 @@ +# fullnameOverride and nameOverride distinguishes blank strings, null values, +# and non-blank strings. For more details, see the configuration reference. +fullnameOverride: "" +nameOverride: + # custom can contain anything you want to pass to the hub pod, as all passed # Helm template values will be made available there. custom: {} diff --git a/tools/templates/watch-diff.sh b/tools/templates/watch-diff.sh new file mode 100755 index 0000000000..b2ee45d37c --- /dev/null +++ b/tools/templates/watch-diff.sh @@ -0,0 +1,26 @@ +#!/bin/bash +# Use https://www.shellcheck.net/ to reduce mistakes if you make changes to this file. +# +# This script is a quick and dirty solution to monitoring how work done to +# templates influence the rendered resource manifests. When you start this +# script, the templates as they currently render become a comparison point which +# "git diff" is then updated against. +# + +# https://stackoverflow.com/a/246128 +HERE_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" >/dev/null 2>&1 && pwd )" +TMP_DIFF_DIR=/tmp/diff + +# initialize by committing the current state to a dummy directory +set -eu +rm -rf $TMP_DIFF_DIR +mkdir $TMP_DIFF_DIR +git init $TMP_DIFF_DIR + +helm template jupyterhub --values $HERE_DIR/lint-and-validate-values.yaml --output-dir $TMP_DIFF_DIR + +# create a point of comparison +(cd $TMP_DIFF_DIR && git add . && git commit -m "Comparision point") + +# watch "git diff" every second (-n1), in color (-c), without watch header (-t) +watch -n1 -ct "helm template jupyterhub --values $HERE_DIR/lint-and-validate-values.yaml --output-dir $TMP_DIFF_DIR > /dev/null && (cd $TMP_DIFF_DIR && git diff --unified=1 --color=always)"