From 16a79305f8d3284df4bc63aae3f00b8b359523df Mon Sep 17 00:00:00 2001 From: Erik Sundell Date: Wed, 25 Nov 2020 09:42:26 +0100 Subject: [PATCH 01/28] tooling: add script to monitor helm templates' rendering --- tools/templates/watch-diff.sh | 26 ++++++++++++++++++++++++++ 1 file changed, 26 insertions(+) create mode 100755 tools/templates/watch-diff.sh diff --git a/tools/templates/watch-diff.sh b/tools/templates/watch-diff.sh new file mode 100755 index 0000000000..b2ee45d37c --- /dev/null +++ b/tools/templates/watch-diff.sh @@ -0,0 +1,26 @@ +#!/bin/bash +# Use https://www.shellcheck.net/ to reduce mistakes if you make changes to this file. +# +# This script is a quick and dirty solution to monitoring how work done to +# templates influence the rendered resource manifests. When you start this +# script, the templates as they currently render become a comparison point which +# "git diff" is then updated against. +# + +# https://stackoverflow.com/a/246128 +HERE_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" >/dev/null 2>&1 && pwd )" +TMP_DIFF_DIR=/tmp/diff + +# initialize by committing the current state to a dummy directory +set -eu +rm -rf $TMP_DIFF_DIR +mkdir $TMP_DIFF_DIR +git init $TMP_DIFF_DIR + +helm template jupyterhub --values $HERE_DIR/lint-and-validate-values.yaml --output-dir $TMP_DIFF_DIR + +# create a point of comparison +(cd $TMP_DIFF_DIR && git add . && git commit -m "Comparision point") + +# watch "git diff" every second (-n1), in color (-c), without watch header (-t) +watch -n1 -ct "helm template jupyterhub --values $HERE_DIR/lint-and-validate-values.yaml --output-dir $TMP_DIFF_DIR > /dev/null && (cd $TMP_DIFF_DIR && git diff --unified=1 --color=always)" From 15f92023289b91bbaac62cf433b60bab711d3e47 Mon Sep 17 00:00:00 2001 From: Erik Sundell Date: Thu, 26 Nov 2020 18:40:15 +0100 Subject: [PATCH 02/28] Rename helpers file for consistency --- .../{_daemonset-helper.yaml => _helpers-daemonset.tpl} | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) rename jupyterhub/templates/image-puller/{_daemonset-helper.yaml => _helpers-daemonset.tpl} (96%) diff --git a/jupyterhub/templates/image-puller/_daemonset-helper.yaml b/jupyterhub/templates/image-puller/_helpers-daemonset.tpl similarity index 96% rename from jupyterhub/templates/image-puller/_daemonset-helper.yaml rename to jupyterhub/templates/image-puller/_helpers-daemonset.tpl index ad4485e8e5..ef6184906b 100644 --- a/jupyterhub/templates/image-puller/_daemonset-helper.yaml +++ b/jupyterhub/templates/image-puller/_helpers-daemonset.tpl @@ -7,7 +7,11 @@ Returns an image-puller daemonset. Two daemonsets will be created like this. apiVersion: apps/v1 kind: DaemonSet metadata: - name: {{ print .componentPrefix "image-puller" }} + {{- if .hook }} + name: {{ include "jupyterhub.hook-image-puller.fullname" . }} + {{- else }} + name: {{ include "jupyterhub.continuous-image-puller.fullname" . }} + {{- end }} labels: {{- include "jupyterhub.labels" . | nindent 4 }} {{- if .hook }} @@ -44,6 +48,7 @@ spec: per node limit all k8s clusters have. */}} {{- if and (not .hook) .Values.scheduling.podPriority.enabled }} + {{- /* # FIXME: unique name */}} priorityClassName: {{ .Release.Name }}-user-placeholder-priority {{- end }} tolerations: From be5af02f39a6cd78bcd130c9fa4f56866c3025a7 Mon Sep 17 00:00:00 2001 From: Erik Sundell Date: Thu, 26 Nov 2020 18:41:00 +0100 Subject: [PATCH 03/28] Add _helpers-names.tpl to track named templates for name references --- jupyterhub/templates/_helpers-names.tpl | 126 ++++++++++++++++++++++++ 1 file changed, 126 insertions(+) create mode 100644 jupyterhub/templates/_helpers-names.tpl diff --git a/jupyterhub/templates/_helpers-names.tpl b/jupyterhub/templates/_helpers-names.tpl new file mode 100644 index 0000000000..115e152379 --- /dev/null +++ b/jupyterhub/templates/_helpers-names.tpl @@ -0,0 +1,126 @@ +{{- /* FIXME: +This named template is introduced byt not yet activated to +serve a purpose until everything would work when using it. +*/}} +{{- /* The chart's resources' name prefix */}} +{{- define "jupyterhub.fullname" -}} +{{- if not "FORCEFULLY DISABLED" }} +{{- if .Values.fullnameOverride }} +{{- .Values.fullnameOverride }} +{{- else }} +{{- .Release.Name }} +{{- end }} +{{- end }} +{{- end }} + +{{- /* The chart's resources' name prefix with a separator dash */}} +{{- define "jupyterhub.fullname.dash" -}} +{{- if (include "jupyterhub.fullname" .) }} +{{- include "jupyterhub.fullname" . }}- +{{- end }} +{{- end }} + + + +{{- /* hub Deployment */}} +{{- define "jupyterhub.hub.fullname" -}} +{{- include "jupyterhub.fullname.dash" . }}hub +{{- end }} + +{{- /* hub-secret Secret */}} +{{- define "jupyterhub.hub-secret.fullname" -}} +{{- if .Values.hub.existingSecret }} +{{- .Values.hub.existingSecret }} +{{- else }} +{{- include "jupyterhub.hub.fullname" . }}-secret +{{- end }} +{{- end }} + +{{- /* hub-db-dir PVC */}} +{{- define "jupyterhub.hub-db-dir.fullname" -}} +{{- include "jupyterhub.hub.fullname" . }}-db-dir +{{- end }} + +{{- /* proxy Deployment */}} +{{- define "jupyterhub.proxy.fullname" -}} +{{- include "jupyterhub.fullname.dash" . }}proxy +{{- end }} + +{{- /* proxy-api Service */}} +{{- define "jupyterhub.proxy-api.fullname" -}} +{{- include "jupyterhub.proxy.fullname" . }}-api +{{- end }} + +{{- /* proxy-http Service */}} +{{- define "jupyterhub.proxy-http.fullname" -}} +{{- include "jupyterhub.proxy.fullname" . }}-http +{{- end }} + +{{- /* proxy-public Service */}} +{{- define "jupyterhub.proxy-public.fullname" -}} +{{- include "jupyterhub.proxy.fullname" . }}-public +{{- end }} + +{{- /* proxy-public-tls Secret */}} +{{- define "jupyterhub.proxy-public-tls.fullname" -}} +{{- include "jupyterhub.proxy-public.fullname" . }}-tls-acme +{{- end }} + +{{- /* proxy-public-manual-tls Secret */}} +{{- define "jupyterhub.proxy-public-manual-tls.fullname" -}} +{{- include "jupyterhub.proxy-public.fullname" . }}-manual-tls +{{- end }} + +{{- /* autohttps Deployment */}} +{{- define "jupyterhub.autohttps.fullname" -}} +{{- include "jupyterhub.fullname.dash" . }}autohttps +{{- end }} + +{{- /* user-scheduler Deployment */}} +{{- define "jupyterhub.user-scheduler.fullname" -}} +{{- include "jupyterhub.fullname.dash" . }}user-scheduler +{{- end }} + +{{- /* user-scheduler leader election lock resource */}} +{{- define "jupyterhub.user-scheduler-lock.fullname" -}} +{{- include "jupyterhub.user-scheduler.fullname" . }}-lock +{{- end }} + +{{- /* user-placeholder StatefulSet */}} +{{- define "jupyterhub.user-placeholder.fullname" -}} +{{- include "jupyterhub.fullname.dash" . }}user-placeholder +{{- end }} + +{{- /* image-awaiter Job */}} +{{- define "jupyterhub.hook-image-awaiter.fullname" -}} +{{- include "jupyterhub.fullname.dash" . }}hook-image-awaiter +{{- end }} + +{{- /* hook-image-puller DaemonSet */}} +{{- define "jupyterhub.hook-image-puller.fullname" -}} +{{- include "jupyterhub.fullname.dash" . }}hook-image-puller +{{- end }} + +{{- /* continuous-image-puller DaemonSet */}} +{{- define "jupyterhub.continuous-image-puller.fullname" -}} +{{- include "jupyterhub.fullname.dash" . }}continuous-image-puller +{{- end }} + +{{- /* singleuser NetworkPolicy */}} +{{- define "jupyterhub.singleuser.fullname" -}} +{{- include "jupyterhub.fullname.dash" . }}singleuser +{{- end }} + +{{- /* image-pull-secret Secret */}} +{{- define "jupyterhub.image-pull-secret.fullname" -}} +{{- include "jupyterhub.fullname.dash" . }}image-pull-secret +{{- end }} + +{{- /* Ingress */}} +{{- define "jupyterhub.ingress.fullname" -}} +{{- if (include "jupyterhub.fullname.dash" .) }} +{{- include "jupyterhub.fullname.dash" . }} +{{- else -}} +jupyterhub +{{- end }} +{{- end }} From bb926f7ed21f6186e87dd7c33cc7f296ff327370 Mon Sep 17 00:00:00 2001 From: Erik Sundell Date: Thu, 26 Nov 2020 18:41:25 +0100 Subject: [PATCH 04/28] Use named templates for resource name references part 1 --- jupyterhub/files/hub/jupyterhub_config.py | 5 ++++ jupyterhub/schema.yaml | 27 ++++++++++--------- jupyterhub/templates/_helpers.tpl | 2 +- jupyterhub/templates/hub/configmap.yaml | 2 +- jupyterhub/templates/hub/deployment.yaml | 17 ++++++------ jupyterhub/templates/hub/netpol.yaml | 2 +- jupyterhub/templates/hub/pdb.yaml | 2 +- jupyterhub/templates/hub/pvc.yaml | 2 +- jupyterhub/templates/hub/rbac.yaml | 10 +++---- jupyterhub/templates/hub/secret.yaml | 2 +- jupyterhub/templates/hub/service.yaml | 2 +- jupyterhub/templates/image-pull-secret.yaml | 2 +- .../templates/image-puller/daemonset.yaml | 11 ++++++-- jupyterhub/templates/image-puller/job.yaml | 8 +++--- jupyterhub/templates/image-puller/rbac.yaml | 10 +++---- jupyterhub/templates/ingress.yaml | 4 +-- .../templates/proxy/autohttps/configmap.yaml | 2 +- .../templates/proxy/autohttps/deployment.yaml | 11 ++++---- .../templates/proxy/autohttps/netpol.yaml | 2 +- .../templates/proxy/autohttps/rbac.yaml | 10 +++---- .../templates/proxy/autohttps/service.yaml | 2 +- jupyterhub/templates/proxy/deployment.yaml | 8 +++--- jupyterhub/templates/proxy/netpol.yaml | 2 +- jupyterhub/templates/proxy/pdb.yaml | 2 +- jupyterhub/templates/proxy/secret.yaml | 2 +- jupyterhub/templates/proxy/service.yaml | 4 +-- .../templates/scheduling/priorityclass.yaml | 1 + .../scheduling/user-placeholder/pdb.yaml | 2 +- .../user-placeholder/priorityclass.yaml | 1 + .../user-placeholder/statefulset.yaml | 6 +++-- .../scheduling/user-scheduler/configmap.yaml | 5 ++-- .../scheduling/user-scheduler/deployment.yaml | 12 +++++---- .../scheduling/user-scheduler/pdb.yaml | 2 +- .../scheduling/user-scheduler/rbac.yaml | 9 ++++--- jupyterhub/templates/singleuser/netpol.yaml | 3 ++- 35 files changed, 111 insertions(+), 83 deletions(-) diff --git a/jupyterhub/files/hub/jupyterhub_config.py b/jupyterhub/files/hub/jupyterhub_config.py index e01876fd52..56279e3159 100644 --- a/jupyterhub/files/hub/jupyterhub_config.py +++ b/jupyterhub/files/hub/jupyterhub_config.py @@ -35,6 +35,7 @@ def camelCaseify(s): # Connect to a proxy running in a different pod. Note that *_SERVICE_* # environment variables are set by Kubernetes for Services c.ConfigurableHTTPProxy.api_url = ( + # FIXME: unique name f"http://proxy-api:{os.environ['PROXY_API_SERVICE_PORT']}" ) c.ConfigurableHTTPProxy.should_start = False @@ -92,6 +93,7 @@ def camelCaseify(s): # hub_connect_url is the URL for connecting to the hub for use by external # JupyterHub services such as the proxy. Note that *_SERVICE_* environment # variables are set by Kubernetes for Services. +# FIXME: unique name c.JupyterHub.hub_connect_url = f"http://hub:{os.environ['HUB_SERVICE_PORT']}" # implement common labels @@ -174,6 +176,7 @@ def camelCaseify(s): if get_config("imagePullSecret.automaticReferenceInjection") and ( get_config("imagePullSecret.create") or get_config("imagePullSecret.enabled") ): + # FIXME: unique name image_pull_secrets.append("image-pull-secret") if get_config("imagePullSecrets"): image_pull_secrets.extend(get_config("imagePullSecrets")) @@ -184,8 +187,10 @@ def camelCaseify(s): # scheduling: if get_config("scheduling.userScheduler.enabled"): + # FIXME: unique name c.KubeSpawner.scheduler_name = os.environ["HELM_RELEASE_NAME"] + "-user-scheduler" if get_config("scheduling.podPriority.enabled"): + # FIXME: unique name c.KubeSpawner.priority_class_name = ( os.environ["HELM_RELEASE_NAME"] + "-default-priority" ) diff --git a/jupyterhub/schema.yaml b/jupyterhub/schema.yaml index d85f68fa97..a91bf95253 100644 --- a/jupyterhub/schema.yaml +++ b/jupyterhub/schema.yaml @@ -663,21 +663,22 @@ properties: type: - string description: | - Name of the existing secret in the kubernetes cluster, typically the `hub-secret`. + Name of an existing k8s Secret to use instead of the chart managed k8s + Secret. - This secret should represent the structure as otherwise generated by this chart: - ```yaml - apiVersion: v1 - data: - proxy.token: < FILL IN > - values.yaml: < FILL IN > - kind: Secret - metadata: - name: hub-secret - ``` + This k8s Secret must represent the structure generated by this chart + and by using this option, you are in change of ensuring the secret + structure is reflected when upgrading to new versions of the chart. - NOTE: if you choose to manage the secret yourself, you are in charge of ensuring the - secret having the proper contents. + ```yaml + apiVersion: v1 + data: + proxy.token: < FILL IN > + values.yaml: < FILL IN > + kind: Secret + metadata: + name: my-self-managed-secret + ``` nodeSelector: &nodeSelector-spec type: - object diff --git a/jupyterhub/templates/_helpers.tpl b/jupyterhub/templates/_helpers.tpl index 83d9b65b86..d1b20872de 100644 --- a/jupyterhub/templates/_helpers.tpl +++ b/jupyterhub/templates/_helpers.tpl @@ -183,7 +183,7 @@ component: {{ include "jupyterhub.componentLabel" . }} {{- /* Populate $_.list with all relevant entries */}} {{- $_ := dict "list" (concat .image.pullSecrets .root.Values.imagePullSecrets | uniq) }} {{- if and .root.Values.imagePullSecret.automaticReferenceInjection .root.Values.imagePullSecret.create }} -{{- $__ := set $_ "list" (append $_.list "image-pull-secret" | uniq) }} +{{- $__ := set $_ "list" (append $_.list (include "jupyterhub.image-pull-secret.fullname" .root) | uniq) }} {{- end }} {{- /* Decide if something should be written */}} diff --git a/jupyterhub/templates/hub/configmap.yaml b/jupyterhub/templates/hub/configmap.yaml index fc3bd32a36..0461008300 100644 --- a/jupyterhub/templates/hub/configmap.yaml +++ b/jupyterhub/templates/hub/configmap.yaml @@ -1,7 +1,7 @@ kind: ConfigMap apiVersion: v1 metadata: - name: hub-config + name: {{ include "jupyterhub.hub.fullname" . }} labels: {{- include "jupyterhub.labels" . | nindent 4 }} data: diff --git a/jupyterhub/templates/hub/deployment.yaml b/jupyterhub/templates/hub/deployment.yaml index f7f52ecda6..1e720b2231 100644 --- a/jupyterhub/templates/hub/deployment.yaml +++ b/jupyterhub/templates/hub/deployment.yaml @@ -1,7 +1,7 @@ apiVersion: apps/v1 kind: Deployment metadata: - name: hub + name: {{ include "jupyterhub.hub.fullname" . }} labels: {{- include "jupyterhub.labels" . | nindent 4 }} spec: @@ -31,6 +31,7 @@ spec: {{- end }} spec: {{- if .Values.scheduling.podPriority.enabled }} + {{- /* # FIXME: unique name */}} priorityClassName: {{ .Release.Name }}-default-priority {{- end }} nodeSelector: {{ toJson .Values.hub.nodeSelector }} @@ -39,20 +40,20 @@ spec: volumes: - name: config configMap: - name: hub-config + name: {{ include "jupyterhub.hub.fullname" . }} - name: secret secret: - secretName: {{ .Values.hub.existingSecret | default "hub-secret" }} + secretName: {{ include "jupyterhub.hub-secret.fullname" . }} {{- if .Values.hub.extraVolumes }} {{- .Values.hub.extraVolumes | toYaml | trimSuffix "\n" | nindent 8 }} {{- end }} {{- if eq .Values.hub.db.type "sqlite-pvc" }} - name: hub-db-dir persistentVolumeClaim: - claimName: hub-db-dir + claimName: {{ include "jupyterhub.hub-db-dir.fullname" . }} {{- end }} {{- if .Values.rbac.enabled }} - serviceAccountName: hub + serviceAccountName: {{ include "jupyterhub.hub.fullname" . }} {{- end }} securityContext: fsGroup: {{ .Values.hub.fsGid }} @@ -159,20 +160,20 @@ spec: - name: CONFIGPROXY_AUTH_TOKEN valueFrom: secretKeyRef: - name: {{ .Values.hub.existingSecret | default "hub-secret" }} + name: {{ include "jupyterhub.hub-secret.fullname" . }} key: proxy.token {{- if .Values.hub.db.password }} {{- if eq .Values.hub.db.type "mysql" }} - name: MYSQL_PWD valueFrom: secretKeyRef: - name: {{ .Values.hub.existingSecret | default "hub-secret" }} + name: {{ include "jupyterhub.hub-secret.fullname" . }} key: hub.db.password {{- else if eq .Values.hub.db.type "postgres" }} - name: PGPASSWORD valueFrom: secretKeyRef: - name: {{ .Values.hub.existingSecret | default "hub-secret" }} + name: {{ include "jupyterhub.hub-secret.fullname" . }} key: hub.db.password {{- end }} {{- end }} diff --git a/jupyterhub/templates/hub/netpol.yaml b/jupyterhub/templates/hub/netpol.yaml index 4938e70b0c..7d948ece74 100644 --- a/jupyterhub/templates/hub/netpol.yaml +++ b/jupyterhub/templates/hub/netpol.yaml @@ -2,7 +2,7 @@ apiVersion: networking.k8s.io/v1 kind: NetworkPolicy metadata: - name: hub + name: {{ include "jupyterhub.hub.fullname" . }} labels: {{- include "jupyterhub.labels" . | nindent 4 }} spec: diff --git a/jupyterhub/templates/hub/pdb.yaml b/jupyterhub/templates/hub/pdb.yaml index 5b0623bf54..1419eda894 100644 --- a/jupyterhub/templates/hub/pdb.yaml +++ b/jupyterhub/templates/hub/pdb.yaml @@ -2,7 +2,7 @@ apiVersion: policy/v1beta1 kind: PodDisruptionBudget metadata: - name: hub + name: {{ include "jupyterhub.hub.fullname" . }} labels: {{- include "jupyterhub.labels" . | nindent 4 }} spec: diff --git a/jupyterhub/templates/hub/pvc.yaml b/jupyterhub/templates/hub/pvc.yaml index 240321af4c..0a2f5cd414 100644 --- a/jupyterhub/templates/hub/pvc.yaml +++ b/jupyterhub/templates/hub/pvc.yaml @@ -2,7 +2,7 @@ kind: PersistentVolumeClaim apiVersion: v1 metadata: - name: hub-db-dir + name: {{ include "jupyterhub.hub-db-dir.fullname" . }} labels: {{- include "jupyterhub.labels" . | nindent 4 }} {{- if .Values.hub.db.pvc.annotations }} diff --git a/jupyterhub/templates/hub/rbac.yaml b/jupyterhub/templates/hub/rbac.yaml index f78ebfd18a..d46cc8de4d 100644 --- a/jupyterhub/templates/hub/rbac.yaml +++ b/jupyterhub/templates/hub/rbac.yaml @@ -2,14 +2,14 @@ apiVersion: v1 kind: ServiceAccount metadata: - name: hub + name: {{ include "jupyterhub.hub.fullname" . }} labels: {{- include "jupyterhub.labels" . | nindent 4 }} --- kind: Role apiVersion: rbac.authorization.k8s.io/v1 metadata: - name: hub + name: {{ include "jupyterhub.hub.fullname" . }} labels: {{- include "jupyterhub.labels" . | nindent 4 }} rules: @@ -23,15 +23,15 @@ rules: kind: RoleBinding apiVersion: rbac.authorization.k8s.io/v1 metadata: - name: hub + name: {{ include "jupyterhub.hub.fullname" . }} labels: {{- include "jupyterhub.labels" . | nindent 4 }} subjects: - kind: ServiceAccount - name: hub + name: {{ include "jupyterhub.hub.fullname" . }} namespace: {{ .Release.Namespace }} roleRef: kind: Role - name: hub + name: {{ include "jupyterhub.hub.fullname" . }} apiGroup: rbac.authorization.k8s.io {{- end }} diff --git a/jupyterhub/templates/hub/secret.yaml b/jupyterhub/templates/hub/secret.yaml index 49df86921a..485fc8ebb7 100644 --- a/jupyterhub/templates/hub/secret.yaml +++ b/jupyterhub/templates/hub/secret.yaml @@ -2,7 +2,7 @@ kind: Secret apiVersion: v1 metadata: - name: hub-secret + name: {{ include "jupyterhub.hub-secret.fullname" . }} labels: {{- include "jupyterhub.labels" . | nindent 4 }} type: Opaque diff --git a/jupyterhub/templates/hub/service.yaml b/jupyterhub/templates/hub/service.yaml index 34470b6b0f..54147e8e1c 100644 --- a/jupyterhub/templates/hub/service.yaml +++ b/jupyterhub/templates/hub/service.yaml @@ -1,7 +1,7 @@ apiVersion: v1 kind: Service metadata: - name: hub + name: {{ include "jupyterhub.hub.fullname" . }} labels: {{- include "jupyterhub.labels" . | nindent 4 }} annotations: diff --git a/jupyterhub/templates/image-pull-secret.yaml b/jupyterhub/templates/image-pull-secret.yaml index 95ebb28d10..efb6b2ef4d 100644 --- a/jupyterhub/templates/image-pull-secret.yaml +++ b/jupyterhub/templates/image-pull-secret.yaml @@ -2,7 +2,7 @@ kind: Secret apiVersion: v1 metadata: - name: image-pull-secret + name: {{ include "jupyterhub.image-pull-secret.fullname" . }} labels: {{- include "jupyterhub.labels" . | nindent 4 }} annotations: diff --git a/jupyterhub/templates/image-puller/daemonset.yaml b/jupyterhub/templates/image-puller/daemonset.yaml index 190e4f6db9..0a80c1e35a 100644 --- a/jupyterhub/templates/image-puller/daemonset.yaml +++ b/jupyterhub/templates/image-puller/daemonset.yaml @@ -8,7 +8,14 @@ deleted. Only then will the actual helm upgrade start. {{- $_ := merge (dict "hook" true "componentPrefix" "hook-") . }} {{- include "jupyterhub.imagePuller.daemonset" $_ }} {{- end }} ---- + + +{{- /* Manifest separator */}} +{{- if and .Values.prePuller.hook.enabled .Values.prePuller.continuous.enabled }} +{{- print "\n---\n" }} +{{- end }} + + {{- /* The continuous-image-puller daemonset task is to pull required images to nodes that are added in between helm upgrades, for example by manually adding a node @@ -16,5 +23,5 @@ or by the cluster autoscaler. */}} {{- if .Values.prePuller.continuous.enabled }} {{- $_ := merge (dict "hook" false "componentPrefix" "continuous-") . }} -{{ include "jupyterhub.imagePuller.daemonset" $_ }} +{{- include "jupyterhub.imagePuller.daemonset" $_ }} {{- end }} diff --git a/jupyterhub/templates/image-puller/job.yaml b/jupyterhub/templates/image-puller/job.yaml index e5505a69ac..38c186aeb8 100644 --- a/jupyterhub/templates/image-puller/job.yaml +++ b/jupyterhub/templates/image-puller/job.yaml @@ -9,7 +9,7 @@ command. apiVersion: batch/v1 kind: Job metadata: - name: hook-image-awaiter + name: {{ include "jupyterhub.hook-image-awaiter.fullname" . }} labels: {{- include "jupyterhub.labels" . | nindent 4 }} hub.jupyter.org/deletable: "true" @@ -30,7 +30,7 @@ spec: spec: restartPolicy: Never {{- if .Values.rbac.enabled }} - serviceAccountName: hook-image-awaiter + serviceAccountName: {{ include "jupyterhub.hook-image-awaiter.fullname" . }} {{- end }} tolerations: {{ toJson .Values.prePuller.hook.tolerations }} nodeSelector: {{ toJson .Values.prePuller.hook.nodeSelector }} @@ -39,7 +39,7 @@ spec: {{- end }} containers: - image: {{ .Values.prePuller.hook.image.name }}:{{ .Values.prePuller.hook.image.tag }} - name: hook-image-awaiter + name: {{ include "jupyterhub.hook-image-awaiter.fullname" . }} {{- with .Values.prePuller.hook.image.pullPolicy }} imagePullPolicy: {{ . }} {{- end }} @@ -49,7 +49,7 @@ spec: - -auth-token-path=/var/run/secrets/kubernetes.io/serviceaccount/token - -api-server-address=https://kubernetes.default.svc:$(KUBERNETES_SERVICE_PORT) - -namespace={{ .Release.Namespace }} - - -daemonset=hook-image-puller + - -daemonset={{ include "jupyterhub.hook-image-puller.fullname" . }} - -pod-scheduling-wait-duration={{ .Values.prePuller.hook.podSchedulingWaitDuration }} {{- with .Values.prePuller.hook.containerSecurityContext }} securityContext: diff --git a/jupyterhub/templates/image-puller/rbac.yaml b/jupyterhub/templates/image-puller/rbac.yaml index 4dd9b40fed..369de17151 100644 --- a/jupyterhub/templates/image-puller/rbac.yaml +++ b/jupyterhub/templates/image-puller/rbac.yaml @@ -9,7 +9,7 @@ This service account... apiVersion: v1 kind: ServiceAccount metadata: - name: hook-image-awaiter + name: {{ include "jupyterhub.hook-image-awaiter.fullname" . }} labels: {{- include "jupyterhub.labels" . | nindent 4 }} hub.jupyter.org/deletable: "true" @@ -24,7 +24,7 @@ metadata: kind: Role apiVersion: rbac.authorization.k8s.io/v1 metadata: - name: hook-image-awaiter + name: {{ include "jupyterhub.hook-image-awaiter.fullname" . }} labels: {{- include "jupyterhub.labels" . | nindent 4 }} hub.jupyter.org/deletable: "true" @@ -43,7 +43,7 @@ rules: kind: RoleBinding apiVersion: rbac.authorization.k8s.io/v1 metadata: - name: hook-image-awaiter + name: {{ include "jupyterhub.hook-image-awaiter.fullname" . }} labels: {{- include "jupyterhub.labels" . | nindent 4 }} hub.jupyter.org/deletable: "true" @@ -53,11 +53,11 @@ metadata: "helm.sh/hook-weight": "0" subjects: - kind: ServiceAccount - name: hook-image-awaiter + name: {{ include "jupyterhub.hook-image-awaiter.fullname" . }} namespace: {{ .Release.Namespace }} roleRef: kind: Role - name: hook-image-awaiter + name: {{ include "jupyterhub.hook-image-awaiter.fullname" . }} apiGroup: rbac.authorization.k8s.io {{- end }} {{- end }} diff --git a/jupyterhub/templates/ingress.yaml b/jupyterhub/templates/ingress.yaml index e0b760c7da..e81f17d3e7 100644 --- a/jupyterhub/templates/ingress.yaml +++ b/jupyterhub/templates/ingress.yaml @@ -6,7 +6,7 @@ apiVersion: networking.k8s.io/v1beta1 {{- end }} kind: Ingress metadata: - name: jupyterhub + name: {{ include "jupyterhub.ingress.fullname" . }} labels: {{- include "jupyterhub.labels" . | nindent 4 }} {{- if .Values.ingress.annotations }} @@ -31,7 +31,7 @@ spec: name: http {{- else }} backend: - serviceName: proxy-public + serviceName: {{ include "jupyterhub.proxy-public.fullname" $ }} servicePort: 80 {{- end }} {{- end }} diff --git a/jupyterhub/templates/proxy/autohttps/configmap.yaml b/jupyterhub/templates/proxy/autohttps/configmap.yaml index b529a8c6bf..4804bf73dc 100644 --- a/jupyterhub/templates/proxy/autohttps/configmap.yaml +++ b/jupyterhub/templates/proxy/autohttps/configmap.yaml @@ -16,7 +16,7 @@ kind: ConfigMap apiVersion: v1 metadata: - name: traefik-proxy-config + name: {{ include "jupyterhub.autohttps.fullname" . }} labels: {{- include "jupyterhub.labels" . | nindent 4 }} data: diff --git a/jupyterhub/templates/proxy/autohttps/deployment.yaml b/jupyterhub/templates/proxy/autohttps/deployment.yaml index 581e4d22c7..6442aa50b2 100644 --- a/jupyterhub/templates/proxy/autohttps/deployment.yaml +++ b/jupyterhub/templates/proxy/autohttps/deployment.yaml @@ -4,7 +4,7 @@ apiVersion: apps/v1 kind: Deployment metadata: - name: autohttps + name: {{ include "jupyterhub.autohttps.fullname" . }} labels: {{- include "jupyterhub.labels" . | nindent 4 }} spec: @@ -28,9 +28,10 @@ spec: checksum/static-config: {{ include "jupyterhub.traefik.yaml" . | fromYaml | merge .Values.proxy.traefik.extraStaticConfig | toYaml | sha256sum }} spec: {{- if .Values.rbac.enabled }} - serviceAccountName: autohttps + serviceAccountName: {{ include "jupyterhub.autohttps.fullname" . }} {{- end }} {{- if .Values.scheduling.podPriority.enabled }} + {{- /* # FIXME: unique name */}} priorityClassName: {{ .Release.Name }}-default-priority {{- end }} nodeSelector: {{ toJson .Values.proxy.traefik.nodeSelector }} @@ -41,7 +42,7 @@ spec: emptyDir: {} - name: traefik-config configMap: - name: traefik-proxy-config + name: {{ include "jupyterhub.autohttps.fullname" . }} {{- with .Values.proxy.traefik.extraVolumes }} {{- . | toYaml | trimSuffix "\n" | nindent 8 }} {{- end }} @@ -56,7 +57,7 @@ spec: {{- end }} args: - load - - proxy-public-tls-acme + - {{ include "jupyterhub.proxy-public-tls.fullname" . }} - acme.json - /etc/acme/acme.json env: @@ -114,7 +115,7 @@ spec: - --label=release={{ .Release.Name }} - --label=chart={{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - --label=heritage=secret-sync - - proxy-public-tls-acme + - {{ include "jupyterhub.proxy-public-tls.fullname" . }} - acme.json - /etc/acme/acme.json env: diff --git a/jupyterhub/templates/proxy/autohttps/netpol.yaml b/jupyterhub/templates/proxy/autohttps/netpol.yaml index 6d7de8b92a..710b77ce60 100644 --- a/jupyterhub/templates/proxy/autohttps/netpol.yaml +++ b/jupyterhub/templates/proxy/autohttps/netpol.yaml @@ -4,7 +4,7 @@ apiVersion: networking.k8s.io/v1 kind: NetworkPolicy metadata: - name: autohttps + name: {{ include "jupyterhub.autohttps.fullname" . }} labels: {{- include "jupyterhub.labels" . | nindent 4 }} spec: diff --git a/jupyterhub/templates/proxy/autohttps/rbac.yaml b/jupyterhub/templates/proxy/autohttps/rbac.yaml index 3a864c6851..4f5d8e4ee3 100644 --- a/jupyterhub/templates/proxy/autohttps/rbac.yaml +++ b/jupyterhub/templates/proxy/autohttps/rbac.yaml @@ -4,7 +4,7 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: - name: autohttps + name: {{ include "jupyterhub.autohttps.fullname" . }} labels: {{- include "jupyterhub.labels" . | nindent 4 }} rules: @@ -15,22 +15,22 @@ rules: apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: - name: autohttps + name: {{ include "jupyterhub.autohttps.fullname" . }} labels: {{- include "jupyterhub.labels" . | nindent 4 }} subjects: - kind: ServiceAccount - name: autohttps + name: {{ include "jupyterhub.autohttps.fullname" . }} apiGroup: roleRef: kind: Role - name: autohttps + name: {{ include "jupyterhub.autohttps.fullname" . }} apiGroup: rbac.authorization.k8s.io --- apiVersion: v1 kind: ServiceAccount metadata: - name: autohttps + name: {{ include "jupyterhub.autohttps.fullname" . }} labels: {{- include "jupyterhub.labels" . | nindent 4 }} {{- end }} diff --git a/jupyterhub/templates/proxy/autohttps/service.yaml b/jupyterhub/templates/proxy/autohttps/service.yaml index 6884f1c446..d5dc52418d 100644 --- a/jupyterhub/templates/proxy/autohttps/service.yaml +++ b/jupyterhub/templates/proxy/autohttps/service.yaml @@ -4,7 +4,7 @@ apiVersion: v1 kind: Service metadata: - name: proxy-http + name: {{ include "jupyterhub.proxy-http.fullname" . }} labels: {{- include "jupyterhub.labels" . | nindent 4 }} {{- range $key, $value := .Values.proxy.service.labels }} diff --git a/jupyterhub/templates/proxy/deployment.yaml b/jupyterhub/templates/proxy/deployment.yaml index 5ffac92727..ee28a091b3 100644 --- a/jupyterhub/templates/proxy/deployment.yaml +++ b/jupyterhub/templates/proxy/deployment.yaml @@ -3,7 +3,7 @@ apiVersion: apps/v1 kind: Deployment metadata: - name: proxy + name: {{ include "jupyterhub.proxy.fullname" . }} labels: {{- include "jupyterhub.labels" . | nindent 4 }} spec: @@ -33,6 +33,7 @@ spec: spec: terminationGracePeriodSeconds: 60 {{- if .Values.scheduling.podPriority.enabled }} + {{- /* # FIXME: unique name */}} priorityClassName: {{ .Release.Name }}-default-priority {{- end }} nodeSelector: {{ toJson .Values.proxy.chp.nodeSelector }} @@ -42,7 +43,7 @@ spec: volumes: - name: tls-secret secret: - secretName: proxy-manual-tls + secretName: {{ include "jupyterhub.proxy-public-manual-tls.fullname" . }} {{- else if $manualHTTPSwithsecret }} volumes: - name: tls-secret @@ -60,6 +61,7 @@ spec: - "--ip=::" - "--api-ip=::" - --api-port=8001 + {{- /* # FIXME: unique name */}} - --default-target=http://hub:$(HUB_SERVICE_PORT) - --error-target=http://hub:$(HUB_SERVICE_PORT)/hub/error {{- if $manualHTTPS }} @@ -95,7 +97,7 @@ spec: - name: CONFIGPROXY_AUTH_TOKEN valueFrom: secretKeyRef: - name: {{ .Values.hub.existingSecret | default "hub-secret" }} + name: {{ include "jupyterhub.hub-secret.fullname" . }} key: proxy.token {{- include "jupyterhub.extraEnv" .Values.proxy.chp.extraEnv | nindent 12 }} {{- with .Values.proxy.chp.image.pullPolicy }} diff --git a/jupyterhub/templates/proxy/netpol.yaml b/jupyterhub/templates/proxy/netpol.yaml index fbab69d74f..c12f2eabd3 100644 --- a/jupyterhub/templates/proxy/netpol.yaml +++ b/jupyterhub/templates/proxy/netpol.yaml @@ -6,7 +6,7 @@ apiVersion: networking.k8s.io/v1 kind: NetworkPolicy metadata: - name: proxy + name: {{ include "jupyterhub.proxy.fullname" . }} labels: {{- include "jupyterhub.labels" . | nindent 4 }} spec: diff --git a/jupyterhub/templates/proxy/pdb.yaml b/jupyterhub/templates/proxy/pdb.yaml index b8946d2178..a9a19a3691 100644 --- a/jupyterhub/templates/proxy/pdb.yaml +++ b/jupyterhub/templates/proxy/pdb.yaml @@ -2,7 +2,7 @@ apiVersion: policy/v1beta1 kind: PodDisruptionBudget metadata: - name: proxy + name: {{ include "jupyterhub.proxy.fullname" . }} labels: {{- include "jupyterhub.labels" . | nindent 4 }} spec: diff --git a/jupyterhub/templates/proxy/secret.yaml b/jupyterhub/templates/proxy/secret.yaml index db56769c17..9a3e4d6f8d 100644 --- a/jupyterhub/templates/proxy/secret.yaml +++ b/jupyterhub/templates/proxy/secret.yaml @@ -3,7 +3,7 @@ apiVersion: v1 kind: Secret metadata: - name: proxy-manual-tls + name: {{ include "jupyterhub.proxy-public-manual-tls.fullname" . }} labels: {{- include "jupyterhub.labels" . | nindent 4 }} type: kubernetes.io/tls diff --git a/jupyterhub/templates/proxy/service.yaml b/jupyterhub/templates/proxy/service.yaml index 9e96b72d78..43a53aa1a6 100644 --- a/jupyterhub/templates/proxy/service.yaml +++ b/jupyterhub/templates/proxy/service.yaml @@ -8,7 +8,7 @@ apiVersion: v1 kind: Service metadata: - name: proxy-api + name: {{ include "jupyterhub.proxy-api.fullname" . }} labels: {{- $_ := merge (dict "componentSuffix" "-api") . }} {{- include "jupyterhub.labels" $_ | nindent 4 }} @@ -22,7 +22,7 @@ spec: apiVersion: v1 kind: Service metadata: - name: proxy-public + name: {{ include "jupyterhub.proxy-public.fullname" . }} labels: {{- $_ := merge (dict "componentSuffix" "-public") . }} {{- include "jupyterhub.labels" $_ | nindent 4 }} diff --git a/jupyterhub/templates/scheduling/priorityclass.yaml b/jupyterhub/templates/scheduling/priorityclass.yaml index 4caf001102..b808f69335 100644 --- a/jupyterhub/templates/scheduling/priorityclass.yaml +++ b/jupyterhub/templates/scheduling/priorityclass.yaml @@ -2,6 +2,7 @@ apiVersion: scheduling.k8s.io/v1 kind: PriorityClass metadata: + {{- /* # FIXME: unique name */}} name: {{ .Release.Name }}-default-priority labels: {{- $_ := merge (dict "componentLabel" "default-priority") . }} diff --git a/jupyterhub/templates/scheduling/user-placeholder/pdb.yaml b/jupyterhub/templates/scheduling/user-placeholder/pdb.yaml index df406b809b..923fc010b0 100644 --- a/jupyterhub/templates/scheduling/user-placeholder/pdb.yaml +++ b/jupyterhub/templates/scheduling/user-placeholder/pdb.yaml @@ -6,7 +6,7 @@ it would help in order to scale down a node. apiVersion: policy/v1beta1 kind: PodDisruptionBudget metadata: - name: user-placeholder + name: {{ include "jupyterhub.user-placeholder.fullname" . }} labels: {{- include "jupyterhub.labels" . | nindent 4 }} spec: diff --git a/jupyterhub/templates/scheduling/user-placeholder/priorityclass.yaml b/jupyterhub/templates/scheduling/user-placeholder/priorityclass.yaml index a039609737..98313c27bf 100644 --- a/jupyterhub/templates/scheduling/user-placeholder/priorityclass.yaml +++ b/jupyterhub/templates/scheduling/user-placeholder/priorityclass.yaml @@ -3,6 +3,7 @@ apiVersion: scheduling.k8s.io/v1 kind: PriorityClass metadata: + {{- /* # FIXME: unique name */}} name: {{ .Release.Name }}-user-placeholder-priority labels: {{- include "jupyterhub.labels" . | nindent 4 }} diff --git a/jupyterhub/templates/scheduling/user-placeholder/statefulset.yaml b/jupyterhub/templates/scheduling/user-placeholder/statefulset.yaml index 112fd58d84..57159401e8 100644 --- a/jupyterhub/templates/scheduling/user-placeholder/statefulset.yaml +++ b/jupyterhub/templates/scheduling/user-placeholder/statefulset.yaml @@ -11,7 +11,7 @@ $ kubectl scale sts/user-placeholder --replicas 4 apiVersion: apps/v1 kind: StatefulSet metadata: - name: user-placeholder + name: {{ include "jupyterhub.user-placeholder.fullname" . }} labels: {{- include "jupyterhub.labels" . | nindent 4 }} spec: @@ -20,7 +20,7 @@ spec: selector: matchLabels: {{- include "jupyterhub.matchLabels" . | nindent 6 }} - serviceName: "user-placeholder" + serviceName: {{ include "jupyterhub.user-placeholder.fullname" . }} template: metadata: labels: @@ -28,9 +28,11 @@ spec: {{- include "jupyterhub.matchLabels" . | nindent 8 }} spec: {{- if .Values.scheduling.podPriority.enabled }} + {{- /* # FIXME: unique name */}} priorityClassName: {{ .Release.Name }}-user-placeholder-priority {{- end }} {{- if .Values.scheduling.userScheduler.enabled }} + {{- /* # FIXME: unique name */}} schedulerName: {{ .Release.Name }}-user-scheduler {{- end }} tolerations: diff --git a/jupyterhub/templates/scheduling/user-scheduler/configmap.yaml b/jupyterhub/templates/scheduling/user-scheduler/configmap.yaml index 3935326e81..a0690743e6 100644 --- a/jupyterhub/templates/scheduling/user-scheduler/configmap.yaml +++ b/jupyterhub/templates/scheduling/user-scheduler/configmap.yaml @@ -2,7 +2,7 @@ kind: ConfigMap apiVersion: v1 metadata: - name: user-scheduler + name: {{ include "jupyterhub.user-scheduler.fullname" . }} labels: {{- include "jupyterhub.labels" . | nindent 4 }} data: @@ -12,9 +12,10 @@ data: kind: KubeSchedulerConfiguration leaderElection: resourceLock: endpoints - resourceName: user-scheduler-lock + resourceName: {{ include "jupyterhub.user-scheduler-lock.fullname" . }} resourceNamespace: {{ .Release.Namespace }} profiles: + {{- /* # FIXME: unique name */}} - schedulerName: {{ .Release.Name }}-user-scheduler plugins: {{- .Values.scheduling.userScheduler.plugins | toYaml | trimSuffix "\n" | nindent 10 }} diff --git a/jupyterhub/templates/scheduling/user-scheduler/deployment.yaml b/jupyterhub/templates/scheduling/user-scheduler/deployment.yaml index ee38b6464e..cc82337ee8 100644 --- a/jupyterhub/templates/scheduling/user-scheduler/deployment.yaml +++ b/jupyterhub/templates/scheduling/user-scheduler/deployment.yaml @@ -2,7 +2,7 @@ apiVersion: apps/v1 kind: Deployment metadata: - name: user-scheduler + name: {{ include "jupyterhub.user-scheduler.fullname" . }} labels: {{- include "jupyterhub.labels" . | nindent 4 }} spec: @@ -18,9 +18,10 @@ spec: checksum/config-map: {{ include (print $.Template.BasePath "/scheduling/user-scheduler/configmap.yaml") . | sha256sum }} spec: {{- if .Values.rbac.enabled }} - serviceAccountName: user-scheduler + serviceAccountName: {{ include "jupyterhub.user-scheduler.fullname" . }} {{- end }} {{- if .Values.scheduling.podPriority.enabled }} + {{- /* # FIXME: unique name */}} priorityClassName: {{ .Release.Name }}-default-priority {{- end }} nodeSelector: {{ toJson .Values.scheduling.userScheduler.nodeSelector }} @@ -29,12 +30,12 @@ spec: volumes: - name: config configMap: - name: user-scheduler + name: {{ include "jupyterhub.user-scheduler.fullname" . }} {{- with include "jupyterhub.imagePullSecrets" (dict "root" . "image" .Values.scheduling.userScheduler.image) }} imagePullSecrets: {{ . }} {{- end }} containers: - - name: user-scheduler + - name: {{ include "jupyterhub.user-scheduler.fullname" . }} # NOTE: When the kube-scheduler 1.17+ binaries fail to find CSINode # resource in the cluster, they won't start scheduling. Due to # this, we fallback to the latest functional version with its @@ -66,9 +67,10 @@ spec: - --config=/etc/user-scheduler/config.yaml - --authentication-skip-lookup=true {{- else }} + {{- /* # FIXME: unique name */}} - --scheduler-name={{ .Release.Name }}-user-scheduler - --policy-config-file=/etc/user-scheduler/policy.cfg - - --lock-object-name=user-scheduler-lock + - --lock-object-name={{ include "jupyterhub.user-scheduler-lock.fullname" . }} - --lock-object-namespace={{ .Release.Namespace }} {{- end }} - --v={{ .Values.scheduling.userScheduler.logLevel | default 4 }} diff --git a/jupyterhub/templates/scheduling/user-scheduler/pdb.yaml b/jupyterhub/templates/scheduling/user-scheduler/pdb.yaml index b49f8c1526..4cd10eae7f 100644 --- a/jupyterhub/templates/scheduling/user-scheduler/pdb.yaml +++ b/jupyterhub/templates/scheduling/user-scheduler/pdb.yaml @@ -2,7 +2,7 @@ apiVersion: policy/v1beta1 kind: PodDisruptionBudget metadata: - name: user-scheduler + name: {{ include "jupyterhub.user-scheduler.fullname" . }} labels: {{- include "jupyterhub.labels" . | nindent 4 }} spec: diff --git a/jupyterhub/templates/scheduling/user-scheduler/rbac.yaml b/jupyterhub/templates/scheduling/user-scheduler/rbac.yaml index 4c15ed62c2..76b32ab4f9 100644 --- a/jupyterhub/templates/scheduling/user-scheduler/rbac.yaml +++ b/jupyterhub/templates/scheduling/user-scheduler/rbac.yaml @@ -3,13 +3,14 @@ apiVersion: v1 kind: ServiceAccount metadata: - name: user-scheduler + name: {{ include "jupyterhub.user-scheduler.fullname" . }} labels: {{- include "jupyterhub.labels" . | nindent 4 }} --- kind: ClusterRole apiVersion: rbac.authorization.k8s.io/v1 metadata: + {{- /* # FIXME: unique name */}} name: {{ .Release.Name }}-user-scheduler labels: {{- include "jupyterhub.labels" . | nindent 4 }} @@ -40,7 +41,7 @@ rules: - apiGroups: - coordination.k8s.io resourceNames: - - user-scheduler-lock + - {{ include "jupyterhub.user-scheduler-lock.fullname" . }} resources: - leases verbs: @@ -55,7 +56,7 @@ rules: - apiGroups: - "" resourceNames: - - user-scheduler-lock + - {{ include "jupyterhub.user-scheduler-lock.fullname" . }} resources: - endpoints verbs: @@ -194,6 +195,7 @@ rules: kind: ClusterRoleBinding apiVersion: rbac.authorization.k8s.io/v1 metadata: + {{- /* # FIXME: unique name */}} name: {{ .Release.Name }}-user-scheduler labels: {{- include "jupyterhub.labels" . | nindent 4 }} @@ -203,6 +205,7 @@ subjects: namespace: {{ .Release.Namespace }} roleRef: kind: ClusterRole + {{- /* # FIXME: unique name */}} name: {{ .Release.Name }}-user-scheduler apiGroup: rbac.authorization.k8s.io {{- end }} diff --git a/jupyterhub/templates/singleuser/netpol.yaml b/jupyterhub/templates/singleuser/netpol.yaml index 1c24e4888c..b66f2631d3 100644 --- a/jupyterhub/templates/singleuser/netpol.yaml +++ b/jupyterhub/templates/singleuser/netpol.yaml @@ -2,7 +2,8 @@ apiVersion: networking.k8s.io/v1 kind: NetworkPolicy metadata: - name: singleuser + {{- /* # FIXME: unique name */}} + name: {{ include "jupyterhub.singleuser.fullname" . }} labels: {{- include "jupyterhub.labels" . | nindent 4 }} spec: From 158ee9ff3a48e1e1ccb3e0fd905df1efeb4f37e4 Mon Sep 17 00:00:00 2001 From: Erik Sundell Date: Fri, 4 Dec 2020 22:32:44 +0100 Subject: [PATCH 05/28] Use named templates for resource name references part 2 --- jupyterhub/templates/_helpers-names.tpl | 23 +++++++++++++++++++ jupyterhub/templates/hub/deployment.yaml | 3 +-- .../image-puller/_helpers-daemonset.tpl | 3 +-- .../templates/proxy/autohttps/deployment.yaml | 3 +-- jupyterhub/templates/proxy/deployment.yaml | 3 +-- .../templates/scheduling/priorityclass.yaml | 3 +-- .../user-placeholder/priorityclass.yaml | 3 +-- .../user-placeholder/statefulset.yaml | 3 +-- .../scheduling/user-scheduler/deployment.yaml | 3 +-- 9 files changed, 31 insertions(+), 16 deletions(-) diff --git a/jupyterhub/templates/_helpers-names.tpl b/jupyterhub/templates/_helpers-names.tpl index 115e152379..18731fd9bf 100644 --- a/jupyterhub/templates/_helpers-names.tpl +++ b/jupyterhub/templates/_helpers-names.tpl @@ -124,3 +124,26 @@ serve a purpose until everything would work when using it. jupyterhub {{- end }} {{- end }} + + +{{- /* + Cluster wide resources +*/}} + +{{- /* Priority */}} +{{- define "jupyterhub.priority.fullname" -}} +{{- if (include "jupyterhub.fullname.dash" .) }} +{{- include "jupyterhub.fullname.dash" . }} +{{- else -}} +{{ .Release.Name }}-default-priority +{{- end }} +{{- end }} + +{{- /* user-placeholder Priority */}} +{{- define "jupyterhub.user-placeholder.priority.fullname" -}} +{{- if (include "jupyterhub.fullname.dash" .) }} +{{- include "jupyterhub.user-placeholder.fullname" . }} +{{- else -}} +{{ .Release.Name }}-user-placeholder-priority +{{- end }} +{{- end }} diff --git a/jupyterhub/templates/hub/deployment.yaml b/jupyterhub/templates/hub/deployment.yaml index 1e720b2231..ed5332f878 100644 --- a/jupyterhub/templates/hub/deployment.yaml +++ b/jupyterhub/templates/hub/deployment.yaml @@ -31,8 +31,7 @@ spec: {{- end }} spec: {{- if .Values.scheduling.podPriority.enabled }} - {{- /* # FIXME: unique name */}} - priorityClassName: {{ .Release.Name }}-default-priority + priorityClassName: {{ include "jupyterhub.priority.fullname" . }} {{- end }} nodeSelector: {{ toJson .Values.hub.nodeSelector }} tolerations: {{ toJson .Values.hub.tolerations }} diff --git a/jupyterhub/templates/image-puller/_helpers-daemonset.tpl b/jupyterhub/templates/image-puller/_helpers-daemonset.tpl index ef6184906b..67b0b9051b 100644 --- a/jupyterhub/templates/image-puller/_helpers-daemonset.tpl +++ b/jupyterhub/templates/image-puller/_helpers-daemonset.tpl @@ -48,8 +48,7 @@ spec: per node limit all k8s clusters have. */}} {{- if and (not .hook) .Values.scheduling.podPriority.enabled }} - {{- /* # FIXME: unique name */}} - priorityClassName: {{ .Release.Name }}-user-placeholder-priority + priorityClassName: {{ include "jupyterhub.user-placeholder.priority.fullname" . }} {{- end }} tolerations: {{- include "jupyterhub.userTolerations" . | nindent 8 }} diff --git a/jupyterhub/templates/proxy/autohttps/deployment.yaml b/jupyterhub/templates/proxy/autohttps/deployment.yaml index 6442aa50b2..bcabde2b0c 100644 --- a/jupyterhub/templates/proxy/autohttps/deployment.yaml +++ b/jupyterhub/templates/proxy/autohttps/deployment.yaml @@ -31,8 +31,7 @@ spec: serviceAccountName: {{ include "jupyterhub.autohttps.fullname" . }} {{- end }} {{- if .Values.scheduling.podPriority.enabled }} - {{- /* # FIXME: unique name */}} - priorityClassName: {{ .Release.Name }}-default-priority + priorityClassName: {{ include "jupyterhub.priority.fullname" . }} {{- end }} nodeSelector: {{ toJson .Values.proxy.traefik.nodeSelector }} tolerations: {{ toJson .Values.proxy.traefik.tolerations }} diff --git a/jupyterhub/templates/proxy/deployment.yaml b/jupyterhub/templates/proxy/deployment.yaml index ee28a091b3..1f965af7cd 100644 --- a/jupyterhub/templates/proxy/deployment.yaml +++ b/jupyterhub/templates/proxy/deployment.yaml @@ -33,8 +33,7 @@ spec: spec: terminationGracePeriodSeconds: 60 {{- if .Values.scheduling.podPriority.enabled }} - {{- /* # FIXME: unique name */}} - priorityClassName: {{ .Release.Name }}-default-priority + priorityClassName: {{ include "jupyterhub.priority.fullname" . }} {{- end }} nodeSelector: {{ toJson .Values.proxy.chp.nodeSelector }} tolerations: {{ toJson .Values.proxy.chp.tolerations }} diff --git a/jupyterhub/templates/scheduling/priorityclass.yaml b/jupyterhub/templates/scheduling/priorityclass.yaml index b808f69335..050c472e86 100644 --- a/jupyterhub/templates/scheduling/priorityclass.yaml +++ b/jupyterhub/templates/scheduling/priorityclass.yaml @@ -2,8 +2,7 @@ apiVersion: scheduling.k8s.io/v1 kind: PriorityClass metadata: - {{- /* # FIXME: unique name */}} - name: {{ .Release.Name }}-default-priority + name: {{ include "jupyterhub.priority.fullname" . }} labels: {{- $_ := merge (dict "componentLabel" "default-priority") . }} {{- include "jupyterhub.labels" $_ | nindent 4 }} diff --git a/jupyterhub/templates/scheduling/user-placeholder/priorityclass.yaml b/jupyterhub/templates/scheduling/user-placeholder/priorityclass.yaml index 98313c27bf..b1e79a1f88 100644 --- a/jupyterhub/templates/scheduling/user-placeholder/priorityclass.yaml +++ b/jupyterhub/templates/scheduling/user-placeholder/priorityclass.yaml @@ -3,8 +3,7 @@ apiVersion: scheduling.k8s.io/v1 kind: PriorityClass metadata: - {{- /* # FIXME: unique name */}} - name: {{ .Release.Name }}-user-placeholder-priority + name: {{ include "jupyterhub.user-placeholder.priority.fullname" . }} labels: {{- include "jupyterhub.labels" . | nindent 4 }} annotations: diff --git a/jupyterhub/templates/scheduling/user-placeholder/statefulset.yaml b/jupyterhub/templates/scheduling/user-placeholder/statefulset.yaml index 57159401e8..6491722deb 100644 --- a/jupyterhub/templates/scheduling/user-placeholder/statefulset.yaml +++ b/jupyterhub/templates/scheduling/user-placeholder/statefulset.yaml @@ -28,8 +28,7 @@ spec: {{- include "jupyterhub.matchLabels" . | nindent 8 }} spec: {{- if .Values.scheduling.podPriority.enabled }} - {{- /* # FIXME: unique name */}} - priorityClassName: {{ .Release.Name }}-user-placeholder-priority + priorityClassName: {{ include "jupyterhub.user-placeholder.priority.fullname" . }} {{- end }} {{- if .Values.scheduling.userScheduler.enabled }} {{- /* # FIXME: unique name */}} diff --git a/jupyterhub/templates/scheduling/user-scheduler/deployment.yaml b/jupyterhub/templates/scheduling/user-scheduler/deployment.yaml index cc82337ee8..c2c04447dc 100644 --- a/jupyterhub/templates/scheduling/user-scheduler/deployment.yaml +++ b/jupyterhub/templates/scheduling/user-scheduler/deployment.yaml @@ -21,8 +21,7 @@ spec: serviceAccountName: {{ include "jupyterhub.user-scheduler.fullname" . }} {{- end }} {{- if .Values.scheduling.podPriority.enabled }} - {{- /* # FIXME: unique name */}} - priorityClassName: {{ .Release.Name }}-default-priority + priorityClassName: {{ include "jupyterhub.priority.fullname" . }} {{- end }} nodeSelector: {{ toJson .Values.scheduling.userScheduler.nodeSelector }} tolerations: {{ toJson .Values.scheduling.userScheduler.tolerations }} From 0e08c5b1e4ff5984926aa051c766f28f9c64420c Mon Sep 17 00:00:00 2001 From: Erik Sundell Date: Fri, 4 Dec 2020 23:38:33 +0100 Subject: [PATCH 06/28] Use named templates for resource name references part 3 --- jupyterhub/templates/_helpers-names.tpl | 9 +++++++++ jupyterhub/templates/proxy/deployment.yaml | 6 +++--- .../scheduling/user-placeholder/statefulset.yaml | 3 +-- .../templates/scheduling/user-scheduler/configmap.yaml | 3 +-- .../templates/scheduling/user-scheduler/deployment.yaml | 3 +-- jupyterhub/templates/scheduling/user-scheduler/rbac.yaml | 9 +++------ jupyterhub/templates/singleuser/netpol.yaml | 1 - 7 files changed, 18 insertions(+), 16 deletions(-) diff --git a/jupyterhub/templates/_helpers-names.tpl b/jupyterhub/templates/_helpers-names.tpl index 18731fd9bf..f80b59edf3 100644 --- a/jupyterhub/templates/_helpers-names.tpl +++ b/jupyterhub/templates/_helpers-names.tpl @@ -147,3 +147,12 @@ jupyterhub {{ .Release.Name }}-user-placeholder-priority {{- end }} {{- end }} + +{{- /* user-scheduler ref - a cluster wide reference */}} +{{- define "jupyterhub.user-scheduler.ref.fullname" -}} +{{- if (include "jupyterhub.fullname.dash" .) }} +{{- include "jupyterhub.user-scheduler.fullname" . }} +{{- else -}} +{{ .Release.Name }}-user-scheduler +{{- end }} +{{- end }} diff --git a/jupyterhub/templates/proxy/deployment.yaml b/jupyterhub/templates/proxy/deployment.yaml index 1f965af7cd..8eae2205c3 100644 --- a/jupyterhub/templates/proxy/deployment.yaml +++ b/jupyterhub/templates/proxy/deployment.yaml @@ -55,14 +55,14 @@ spec: containers: - name: chp image: {{ .Values.proxy.chp.image.name }}:{{ .Values.proxy.chp.image.tag }} + {{- $hubNameAsEnv := include "jupyterhub.hub.fullname" . | upper | replace "-" "_" }} command: - configurable-http-proxy - "--ip=::" - "--api-ip=::" - --api-port=8001 - {{- /* # FIXME: unique name */}} - - --default-target=http://hub:$(HUB_SERVICE_PORT) - - --error-target=http://hub:$(HUB_SERVICE_PORT)/hub/error + - --default-target=http://{{ include "jupyterhub.hub.fullname" . }}:$({{ $hubNameAsEnv }}_SERVICE_PORT) + - --error-target=http://{{ include "jupyterhub.hub.fullname" . }}:$({{ $hubNameAsEnv }}_SERVICE_PORT)/hub/error {{- if $manualHTTPS }} - --port=8443 - --redirect-port=8000 diff --git a/jupyterhub/templates/scheduling/user-placeholder/statefulset.yaml b/jupyterhub/templates/scheduling/user-placeholder/statefulset.yaml index 6491722deb..39c31d6f16 100644 --- a/jupyterhub/templates/scheduling/user-placeholder/statefulset.yaml +++ b/jupyterhub/templates/scheduling/user-placeholder/statefulset.yaml @@ -31,8 +31,7 @@ spec: priorityClassName: {{ include "jupyterhub.user-placeholder.priority.fullname" . }} {{- end }} {{- if .Values.scheduling.userScheduler.enabled }} - {{- /* # FIXME: unique name */}} - schedulerName: {{ .Release.Name }}-user-scheduler + schedulerName: {{ include "jupyterhub.user-scheduler.ref.fullname" . }} {{- end }} tolerations: {{- include "jupyterhub.userTolerations" . | nindent 8 }} diff --git a/jupyterhub/templates/scheduling/user-scheduler/configmap.yaml b/jupyterhub/templates/scheduling/user-scheduler/configmap.yaml index a0690743e6..fb5f5356e5 100644 --- a/jupyterhub/templates/scheduling/user-scheduler/configmap.yaml +++ b/jupyterhub/templates/scheduling/user-scheduler/configmap.yaml @@ -15,8 +15,7 @@ data: resourceName: {{ include "jupyterhub.user-scheduler-lock.fullname" . }} resourceNamespace: {{ .Release.Namespace }} profiles: - {{- /* # FIXME: unique name */}} - - schedulerName: {{ .Release.Name }}-user-scheduler + - schedulerName: {{ include "jupyterhub.user-scheduler.ref.fullname" . }} plugins: {{- .Values.scheduling.userScheduler.plugins | toYaml | trimSuffix "\n" | nindent 10 }} diff --git a/jupyterhub/templates/scheduling/user-scheduler/deployment.yaml b/jupyterhub/templates/scheduling/user-scheduler/deployment.yaml index c2c04447dc..907344aacc 100644 --- a/jupyterhub/templates/scheduling/user-scheduler/deployment.yaml +++ b/jupyterhub/templates/scheduling/user-scheduler/deployment.yaml @@ -66,8 +66,7 @@ spec: - --config=/etc/user-scheduler/config.yaml - --authentication-skip-lookup=true {{- else }} - {{- /* # FIXME: unique name */}} - - --scheduler-name={{ .Release.Name }}-user-scheduler + - --scheduler-name={{ include "jupyterhub.user-scheduler.ref.fullname" . }} - --policy-config-file=/etc/user-scheduler/policy.cfg - --lock-object-name={{ include "jupyterhub.user-scheduler-lock.fullname" . }} - --lock-object-namespace={{ .Release.Namespace }} diff --git a/jupyterhub/templates/scheduling/user-scheduler/rbac.yaml b/jupyterhub/templates/scheduling/user-scheduler/rbac.yaml index 76b32ab4f9..bdc1be747c 100644 --- a/jupyterhub/templates/scheduling/user-scheduler/rbac.yaml +++ b/jupyterhub/templates/scheduling/user-scheduler/rbac.yaml @@ -10,8 +10,7 @@ metadata: kind: ClusterRole apiVersion: rbac.authorization.k8s.io/v1 metadata: - {{- /* # FIXME: unique name */}} - name: {{ .Release.Name }}-user-scheduler + name: {{ include "jupyterhub.user-scheduler.ref.fullname" . }} labels: {{- include "jupyterhub.labels" . | nindent 4 }} rules: @@ -195,8 +194,7 @@ rules: kind: ClusterRoleBinding apiVersion: rbac.authorization.k8s.io/v1 metadata: - {{- /* # FIXME: unique name */}} - name: {{ .Release.Name }}-user-scheduler + name: {{ include "jupyterhub.user-scheduler.ref.fullname" . }} labels: {{- include "jupyterhub.labels" . | nindent 4 }} subjects: @@ -205,8 +203,7 @@ subjects: namespace: {{ .Release.Namespace }} roleRef: kind: ClusterRole - {{- /* # FIXME: unique name */}} - name: {{ .Release.Name }}-user-scheduler + name: {{ include "jupyterhub.user-scheduler.ref.fullname" . }} apiGroup: rbac.authorization.k8s.io {{- end }} {{- end }} diff --git a/jupyterhub/templates/singleuser/netpol.yaml b/jupyterhub/templates/singleuser/netpol.yaml index b66f2631d3..07137fd2d4 100644 --- a/jupyterhub/templates/singleuser/netpol.yaml +++ b/jupyterhub/templates/singleuser/netpol.yaml @@ -2,7 +2,6 @@ apiVersion: networking.k8s.io/v1 kind: NetworkPolicy metadata: - {{- /* # FIXME: unique name */}} name: {{ include "jupyterhub.singleuser.fullname" . }} labels: {{- include "jupyterhub.labels" . | nindent 4 }} From cbc9a0c9039f14eaedb7762730f9167d4914b1e9 Mon Sep 17 00:00:00 2001 From: Erik Sundell Date: Fri, 8 Jan 2021 07:41:29 +0100 Subject: [PATCH 07/28] Avoid an additional . in template names I think this could cause some trouble down the line. --- jupyterhub/templates/_helpers-names.tpl | 4 ++-- jupyterhub/templates/image-puller/_helpers-daemonset.tpl | 2 +- .../scheduling/user-placeholder/priorityclass.yaml | 2 +- .../templates/scheduling/user-placeholder/statefulset.yaml | 4 ++-- .../templates/scheduling/user-scheduler/configmap.yaml | 2 +- .../templates/scheduling/user-scheduler/deployment.yaml | 2 +- jupyterhub/templates/scheduling/user-scheduler/rbac.yaml | 6 +++--- 7 files changed, 11 insertions(+), 11 deletions(-) diff --git a/jupyterhub/templates/_helpers-names.tpl b/jupyterhub/templates/_helpers-names.tpl index f80b59edf3..8d96102c4a 100644 --- a/jupyterhub/templates/_helpers-names.tpl +++ b/jupyterhub/templates/_helpers-names.tpl @@ -140,7 +140,7 @@ jupyterhub {{- end }} {{- /* user-placeholder Priority */}} -{{- define "jupyterhub.user-placeholder.priority.fullname" -}} +{{- define "jupyterhub.user-placeholder-priority.fullname" -}} {{- if (include "jupyterhub.fullname.dash" .) }} {{- include "jupyterhub.user-placeholder.fullname" . }} {{- else -}} @@ -149,7 +149,7 @@ jupyterhub {{- end }} {{- /* user-scheduler ref - a cluster wide reference */}} -{{- define "jupyterhub.user-scheduler.ref.fullname" -}} +{{- define "jupyterhub.user-scheduler-ref.fullname" -}} {{- if (include "jupyterhub.fullname.dash" .) }} {{- include "jupyterhub.user-scheduler.fullname" . }} {{- else -}} diff --git a/jupyterhub/templates/image-puller/_helpers-daemonset.tpl b/jupyterhub/templates/image-puller/_helpers-daemonset.tpl index 67b0b9051b..072617d6e2 100644 --- a/jupyterhub/templates/image-puller/_helpers-daemonset.tpl +++ b/jupyterhub/templates/image-puller/_helpers-daemonset.tpl @@ -48,7 +48,7 @@ spec: per node limit all k8s clusters have. */}} {{- if and (not .hook) .Values.scheduling.podPriority.enabled }} - priorityClassName: {{ include "jupyterhub.user-placeholder.priority.fullname" . }} + priorityClassName: {{ include "jupyterhub.user-placeholder-priority.fullname" . }} {{- end }} tolerations: {{- include "jupyterhub.userTolerations" . | nindent 8 }} diff --git a/jupyterhub/templates/scheduling/user-placeholder/priorityclass.yaml b/jupyterhub/templates/scheduling/user-placeholder/priorityclass.yaml index b1e79a1f88..fb4fda7b31 100644 --- a/jupyterhub/templates/scheduling/user-placeholder/priorityclass.yaml +++ b/jupyterhub/templates/scheduling/user-placeholder/priorityclass.yaml @@ -3,7 +3,7 @@ apiVersion: scheduling.k8s.io/v1 kind: PriorityClass metadata: - name: {{ include "jupyterhub.user-placeholder.priority.fullname" . }} + name: {{ include "jupyterhub.user-placeholder-priority.fullname" . }} labels: {{- include "jupyterhub.labels" . | nindent 4 }} annotations: diff --git a/jupyterhub/templates/scheduling/user-placeholder/statefulset.yaml b/jupyterhub/templates/scheduling/user-placeholder/statefulset.yaml index 39c31d6f16..da2a384598 100644 --- a/jupyterhub/templates/scheduling/user-placeholder/statefulset.yaml +++ b/jupyterhub/templates/scheduling/user-placeholder/statefulset.yaml @@ -28,10 +28,10 @@ spec: {{- include "jupyterhub.matchLabels" . | nindent 8 }} spec: {{- if .Values.scheduling.podPriority.enabled }} - priorityClassName: {{ include "jupyterhub.user-placeholder.priority.fullname" . }} + priorityClassName: {{ include "jupyterhub.user-placeholder-priority.fullname" . }} {{- end }} {{- if .Values.scheduling.userScheduler.enabled }} - schedulerName: {{ include "jupyterhub.user-scheduler.ref.fullname" . }} + schedulerName: {{ include "jupyterhub.user-scheduler-ref.fullname" . }} {{- end }} tolerations: {{- include "jupyterhub.userTolerations" . | nindent 8 }} diff --git a/jupyterhub/templates/scheduling/user-scheduler/configmap.yaml b/jupyterhub/templates/scheduling/user-scheduler/configmap.yaml index fb5f5356e5..8f3863167c 100644 --- a/jupyterhub/templates/scheduling/user-scheduler/configmap.yaml +++ b/jupyterhub/templates/scheduling/user-scheduler/configmap.yaml @@ -15,7 +15,7 @@ data: resourceName: {{ include "jupyterhub.user-scheduler-lock.fullname" . }} resourceNamespace: {{ .Release.Namespace }} profiles: - - schedulerName: {{ include "jupyterhub.user-scheduler.ref.fullname" . }} + - schedulerName: {{ include "jupyterhub.user-scheduler-ref.fullname" . }} plugins: {{- .Values.scheduling.userScheduler.plugins | toYaml | trimSuffix "\n" | nindent 10 }} diff --git a/jupyterhub/templates/scheduling/user-scheduler/deployment.yaml b/jupyterhub/templates/scheduling/user-scheduler/deployment.yaml index 907344aacc..19fba60055 100644 --- a/jupyterhub/templates/scheduling/user-scheduler/deployment.yaml +++ b/jupyterhub/templates/scheduling/user-scheduler/deployment.yaml @@ -66,7 +66,7 @@ spec: - --config=/etc/user-scheduler/config.yaml - --authentication-skip-lookup=true {{- else }} - - --scheduler-name={{ include "jupyterhub.user-scheduler.ref.fullname" . }} + - --scheduler-name={{ include "jupyterhub.user-scheduler-ref.fullname" . }} - --policy-config-file=/etc/user-scheduler/policy.cfg - --lock-object-name={{ include "jupyterhub.user-scheduler-lock.fullname" . }} - --lock-object-namespace={{ .Release.Namespace }} diff --git a/jupyterhub/templates/scheduling/user-scheduler/rbac.yaml b/jupyterhub/templates/scheduling/user-scheduler/rbac.yaml index bdc1be747c..13c7dacc2e 100644 --- a/jupyterhub/templates/scheduling/user-scheduler/rbac.yaml +++ b/jupyterhub/templates/scheduling/user-scheduler/rbac.yaml @@ -10,7 +10,7 @@ metadata: kind: ClusterRole apiVersion: rbac.authorization.k8s.io/v1 metadata: - name: {{ include "jupyterhub.user-scheduler.ref.fullname" . }} + name: {{ include "jupyterhub.user-scheduler-ref.fullname" . }} labels: {{- include "jupyterhub.labels" . | nindent 4 }} rules: @@ -194,7 +194,7 @@ rules: kind: ClusterRoleBinding apiVersion: rbac.authorization.k8s.io/v1 metadata: - name: {{ include "jupyterhub.user-scheduler.ref.fullname" . }} + name: {{ include "jupyterhub.user-scheduler-ref.fullname" . }} labels: {{- include "jupyterhub.labels" . | nindent 4 }} subjects: @@ -203,7 +203,7 @@ subjects: namespace: {{ .Release.Namespace }} roleRef: kind: ClusterRole - name: {{ include "jupyterhub.user-scheduler.ref.fullname" . }} + name: {{ include "jupyterhub.user-scheduler-ref.fullname" . }} apiGroup: rbac.authorization.k8s.io {{- end }} {{- end }} From 1b09941ad10923a95d544e4a3e3b37b8646f06d3 Mon Sep 17 00:00:00 2001 From: Erik Sundell Date: Fri, 8 Jan 2021 07:42:55 +0100 Subject: [PATCH 08/28] Set a default value for fullnameOverride and nameOverride --- jupyterhub/values.yaml | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/jupyterhub/values.yaml b/jupyterhub/values.yaml index a29dcaac3a..9f8e3ef857 100644 --- a/jupyterhub/values.yaml +++ b/jupyterhub/values.yaml @@ -1,3 +1,8 @@ +# fullnameOverride and nameOverride distinguishes blank strings, null values, +# and non-blank strings. For more details, see the configuration reference. +fullnameOverride: "" +nameOverride: + # custom can contain anything you want to pass to the hub pod, as all passed # Helm template values will be made available there. custom: {} From 27934b00fb92556fad37c7e0eafd008320168944 Mon Sep 17 00:00:00 2001 From: Erik Sundell Date: Fri, 8 Jan 2021 07:48:23 +0100 Subject: [PATCH 09/28] Write name templates to the hub configmap --- jupyterhub/templates/_helpers-names.tpl | 32 +++++++++++++++++++++++++ jupyterhub/templates/hub/configmap.yaml | 11 +++++++++ 2 files changed, 43 insertions(+) diff --git a/jupyterhub/templates/_helpers-names.tpl b/jupyterhub/templates/_helpers-names.tpl index 8d96102c4a..f0ec06b992 100644 --- a/jupyterhub/templates/_helpers-names.tpl +++ b/jupyterhub/templates/_helpers-names.tpl @@ -156,3 +156,35 @@ jupyterhub {{ .Release.Name }}-user-scheduler {{- end }} {{- end }} + +{{- /* + name-templates - a template rendering all name templates so its easy to + emit them to a configmap. + + IMPORTANT: Ensure 1:1 mapping of references +*/}} +{{- define "jupyterhub.name-templates" -}} +fullname: {{ include "jupyterhub.fullname" . | quote }} +hub: {{ include "jupyterhub.hub.fullname" . | quote }} +hub-secret: {{ include "jupyterhub.hub-secret.fullname" . | quote }} +hub-db-dir: {{ include "jupyterhub.hub-db-dir.fullname" . | quote }} +proxy: {{ include "jupyterhub.proxy.fullname" . | quote }} +proxy-api: {{ include "jupyterhub.proxy-api.fullname" . | quote }} +proxy-http: {{ include "jupyterhub.proxy-http.fullname" . | quote }} +proxy-public: {{ include "jupyterhub.proxy-public.fullname" . | quote }} +proxy-public-tls: {{ include "jupyterhub.proxy-public-tls.fullname" . | quote }} +proxy-public-manual-tls: {{ include "jupyterhub.proxy-public-manual-tls.fullname" . | quote }} +autohttps: {{ include "jupyterhub.autohttps.fullname" . | quote }} +user-scheduler: {{ include "jupyterhub.user-scheduler.fullname" . | quote }} +user-scheduler-lock: {{ include "jupyterhub.user-scheduler-lock.fullname" . | quote }} +user-placeholder: {{ include "jupyterhub.user-placeholder.fullname" . | quote }} +hook-image-awaiter: {{ include "jupyterhub.hook-image-awaiter.fullname" . | quote }} +hook-image-puller: {{ include "jupyterhub.hook-image-puller.fullname" . | quote }} +continuous-image-puller: {{ include "jupyterhub.continuous-image-puller.fullname" . | quote }} +singleuser: {{ include "jupyterhub.singleuser.fullname" . | quote }} +image-pull-secret: {{ include "jupyterhub.image-pull-secret.fullname" . | quote }} +ingress: {{ include "jupyterhub.ingress.fullname" . | quote }} +priority: {{ include "jupyterhub.priority.fullname" . | quote }} +user-placeholder-priority: {{ include "jupyterhub.user-placeholder-priority.fullname" . | quote }} +user-scheduler-ref: {{ include "jupyterhub.user-scheduler-ref.fullname" . | quote }} +{{- end }} diff --git a/jupyterhub/templates/hub/configmap.yaml b/jupyterhub/templates/hub/configmap.yaml index 0461008300..7f7adb769c 100644 --- a/jupyterhub/templates/hub/configmap.yaml +++ b/jupyterhub/templates/hub/configmap.yaml @@ -8,3 +8,14 @@ data: {{- /* Glob files to allow them to be mounted by the hub pod */ -}} {{- /* key=filename: value=content */ -}} {{- (.Files.Glob "files/hub/*").AsConfig | nindent 2 }} + + {{- /* + The name templates from _helpers-names.tpl are made available both as a + single YAML blob and as separate key-value pairs for direct reference. + + Their purpose is to help containers be able to reference dynamically + determined resource names. + */}} + name-templates: | + {{- include "jupyterhub.name-templates" . | fromYaml | toYaml | nindent 4 }} + {{- include "jupyterhub.name-templates" . | nindent 2 }} From 3a051bfacbe3d321df5e71b99754a406b3eb0a7a Mon Sep 17 00:00:00 2001 From: Erik Sundell Date: Fri, 8 Jan 2021 07:48:42 +0100 Subject: [PATCH 10/28] Use name templates from hub configmap in jupyterhub_config.py --- jupyterhub/files/hub/jupyterhub_config.py | 21 ++++++++------------- jupyterhub/files/hub/z2jh.py | 15 +++++++++++---- 2 files changed, 19 insertions(+), 17 deletions(-) diff --git a/jupyterhub/files/hub/jupyterhub_config.py b/jupyterhub/files/hub/jupyterhub_config.py index 56279e3159..f80efbec62 100644 --- a/jupyterhub/files/hub/jupyterhub_config.py +++ b/jupyterhub/files/hub/jupyterhub_config.py @@ -12,7 +12,7 @@ configuration_directory = os.path.dirname(os.path.realpath(__file__)) sys.path.insert(0, configuration_directory) -from z2jh import get_config, set_config_if_not_none +from z2jh import get_config, set_config_if_not_none, get_name, get_name_env def camelCaseify(s): @@ -35,8 +35,7 @@ def camelCaseify(s): # Connect to a proxy running in a different pod. Note that *_SERVICE_* # environment variables are set by Kubernetes for Services c.ConfigurableHTTPProxy.api_url = ( - # FIXME: unique name - f"http://proxy-api:{os.environ['PROXY_API_SERVICE_PORT']}" + f'http://{get_name("proxy-api")}:{get_name_env("proxy-api", "_SERVICE_PORT")}' ) c.ConfigurableHTTPProxy.should_start = False @@ -93,8 +92,9 @@ def camelCaseify(s): # hub_connect_url is the URL for connecting to the hub for use by external # JupyterHub services such as the proxy. Note that *_SERVICE_* environment # variables are set by Kubernetes for Services. -# FIXME: unique name -c.JupyterHub.hub_connect_url = f"http://hub:{os.environ['HUB_SERVICE_PORT']}" +c.JupyterHub.hub_connect_url = ( + f'http://{get_name("hub")}:{get_name_env("hub", "_SERVICE_PORT")}' +) # implement common labels # this duplicates the jupyterhub.commonLabels helper @@ -176,8 +176,7 @@ def camelCaseify(s): if get_config("imagePullSecret.automaticReferenceInjection") and ( get_config("imagePullSecret.create") or get_config("imagePullSecret.enabled") ): - # FIXME: unique name - image_pull_secrets.append("image-pull-secret") + image_pull_secrets.append(get_name("image-pull-secret")) if get_config("imagePullSecrets"): image_pull_secrets.extend(get_config("imagePullSecrets")) if get_config("singleuser.image.pullSecrets"): @@ -187,13 +186,9 @@ def camelCaseify(s): # scheduling: if get_config("scheduling.userScheduler.enabled"): - # FIXME: unique name - c.KubeSpawner.scheduler_name = os.environ["HELM_RELEASE_NAME"] + "-user-scheduler" + c.KubeSpawner.scheduler_name = get_name("user-scheduler") if get_config("scheduling.podPriority.enabled"): - # FIXME: unique name - c.KubeSpawner.priority_class_name = ( - os.environ["HELM_RELEASE_NAME"] + "-default-priority" - ) + c.KubeSpawner.priority_class_name = get_name("priority") # add node-purpose affinity match_node_purpose = get_config("scheduling.userPods.nodeAffinity.matchNodePurpose") diff --git a/jupyterhub/files/hub/z2jh.py b/jupyterhub/files/hub/z2jh.py index 5abbc8a785..22b9264a0b 100644 --- a/jupyterhub/files/hub/z2jh.py +++ b/jupyterhub/files/hub/z2jh.py @@ -9,17 +9,16 @@ import yaml - # memoize so we only load config once @lru_cache() def _load_config(): - """Load configuration from disk + """Load and merge mounted configuration from disk into a single dictionary Memoized to only load once """ cfg = {} - for source in ("config", "secret"): - path = f"/etc/jupyterhub/{source}/values.yaml" + for source in ("config/named-templates.yaml", "secret/values.yaml"): + path = f"/etc/jupyterhub/{source}" if os.path.exists(path): print(f"Loading {path}") with open(path) as f: @@ -30,6 +29,14 @@ def _load_config(): return cfg +def get_name(name): + return _load_config()[name] + + +def get_name_env(name, suffix=""): + return _load_config()[name].upper().replace("-", "_") + suffix + + def _merge_dictionaries(a, b): """Merge two dictionaries recursively. From 5e4e50ce55b91bc6b76d5c69167b58dc4f7fb906 Mon Sep 17 00:00:00 2001 From: Erik Sundell Date: Fri, 8 Jan 2021 07:45:06 +0100 Subject: [PATCH 11/28] Activate fullnameOverride and nameOverride config --- jupyterhub/templates/_helpers-names.tpl | 22 +++++++++++++++++----- 1 file changed, 17 insertions(+), 5 deletions(-) diff --git a/jupyterhub/templates/_helpers-names.tpl b/jupyterhub/templates/_helpers-names.tpl index f0ec06b992..5eb1d05926 100644 --- a/jupyterhub/templates/_helpers-names.tpl +++ b/jupyterhub/templates/_helpers-names.tpl @@ -1,14 +1,26 @@ -{{- /* FIXME: -This named template is introduced byt not yet activated to -serve a purpose until everything would work when using it. +{{- /* + +There are five modes to name resources: + + 1. namespaced: component fullnameOverride: "", nameOverride: ? + cluster wide: release-component + 2. independent: fullnameOverride-component fullnameOverride: str, nameOverride: ? + 3. independent: release-component fullnameOverride: null, nameOverride: "" + 4. independent: release-(nameOverride-)component fullnameOverride: null, nameOverride: str (omitted if contained in release) + 5. independent: release-(chart-)component fullnameOverride: null, nameOverride: null (omitted if contained in release) + */}} + {{- /* The chart's resources' name prefix */}} {{- define "jupyterhub.fullname" -}} -{{- if not "FORCEFULLY DISABLED" }} -{{- if .Values.fullnameOverride }} +{{- if eq (typeOf .Values.fullnameOverride) "string" }} {{- .Values.fullnameOverride }} {{- else }} +{{- $name := .Values.nameOverride | default .Chart.Name }} +{{- if contains $name .Release.Name }} {{- .Release.Name }} +{{- else }} +{{- .Release.Name }}-{{ $name }} {{- end }} {{- end }} {{- end }} From a4fde58c749f551ac650b9e6203ce8fd1f335490 Mon Sep 17 00:00:00 2001 From: Erik Sundell Date: Fri, 8 Jan 2021 08:10:29 +0100 Subject: [PATCH 12/28] Add inline comment and a FIXME --- jupyterhub/templates/_helpers-names.tpl | 27 +++++++++++++++++++++++++ 1 file changed, 27 insertions(+) diff --git a/jupyterhub/templates/_helpers-names.tpl b/jupyterhub/templates/_helpers-names.tpl index 5eb1d05926..4ec9eff3e2 100644 --- a/jupyterhub/templates/_helpers-names.tpl +++ b/jupyterhub/templates/_helpers-names.tpl @@ -9,6 +9,33 @@ There are five modes to name resources: 4. independent: release-(nameOverride-)component fullnameOverride: null, nameOverride: str (omitted if contained in release) 5. independent: release-(chart-)component fullnameOverride: null, nameOverride: null (omitted if contained in release) + +With such dynamic naming, referencing them is a bit complicated. With dynamic +names, we cannot use hardcoded strings. So, how do we reference them? + +From templates... + + Rely on the named templates below, so instead of referencing "hub" as a name, + reference the named template "jupyterhub.hub.fullname" passing the . scope. + + FIXME: + + For this to work for a chart that depends on this chart, we must + be able to traverse the .Values to this chart's values. If for + example the daskhub chart depends on this and reference the + named template "jupyterhub.proxy-public.fullname" + .Values.fullnameOverride will be used instead of the desired + ".Values.jupyterhub.fullnameOverride". + + One workaround is to make our name template translate + .Values.jupyterhub.X to .Values.X, but this is a hack as daskhub + may use an alias etc... + +From containers... + + Rely on the hub ConfigMap which both has a blob of YAML and individual + key/value pairs. + */}} {{- /* The chart's resources' name prefix */}} From 93f5e35cbc988917a0a808ee6f1f789b7ac7aeb7 Mon Sep 17 00:00:00 2001 From: Erik Sundell Date: Fri, 8 Jan 2021 09:20:13 +0100 Subject: [PATCH 13/28] Fix name templates implementation details --- jupyterhub/files/hub/jupyterhub_config.py | 2 +- jupyterhub/files/hub/z2jh.py | 42 ++++++++++++++--------- jupyterhub/templates/hub/configmap.yaml | 4 +-- 3 files changed, 29 insertions(+), 19 deletions(-) diff --git a/jupyterhub/files/hub/jupyterhub_config.py b/jupyterhub/files/hub/jupyterhub_config.py index f80efbec62..d497d48e8f 100644 --- a/jupyterhub/files/hub/jupyterhub_config.py +++ b/jupyterhub/files/hub/jupyterhub_config.py @@ -186,7 +186,7 @@ def camelCaseify(s): # scheduling: if get_config("scheduling.userScheduler.enabled"): - c.KubeSpawner.scheduler_name = get_name("user-scheduler") + c.KubeSpawner.scheduler_name = get_name("user-scheduler-ref") if get_config("scheduling.podPriority.enabled"): c.KubeSpawner.priority_class_name = get_name("priority") diff --git a/jupyterhub/files/hub/z2jh.py b/jupyterhub/files/hub/z2jh.py index 22b9264a0b..f6d0a7c23a 100644 --- a/jupyterhub/files/hub/z2jh.py +++ b/jupyterhub/files/hub/z2jh.py @@ -12,29 +12,39 @@ # memoize so we only load config once @lru_cache() def _load_config(): - """Load and merge mounted configuration from disk into a single dictionary + """Load Helm chart configuration passed through a mounted ConfigMap.""" - Memoized to only load once - """ - cfg = {} - for source in ("config/named-templates.yaml", "secret/values.yaml"): - path = f"/etc/jupyterhub/{source}" - if os.path.exists(path): - print(f"Loading {path}") - with open(path) as f: - values = yaml.safe_load(f) - cfg = _merge_dictionaries(cfg, values) - else: - print(f"No config at {path}") - return cfg + path = f"/etc/jupyterhub/secret/values.yaml" + if os.path.exists(path): + print(f"Loading {path}") + with open(path) as f: + return yaml.safe_load(f) + else: + raise Exception(f"{path} not found!") + + +@lru_cache() +def _load_name_templates(): + """Load dynamically determined k8s resource names so we can reference them + from within the container.""" + + path = f"/etc/jupyterhub/config/name-templates.yaml" + if os.path.exists(path): + print(f"Loading {path}") + with open(path) as f: + return yaml.safe_load(f) + else: + raise Exception(f"{path} not found!") def get_name(name): - return _load_config()[name] + return _load_name_templates()[name] def get_name_env(name, suffix=""): - return _load_config()[name].upper().replace("-", "_") + suffix + env_key = _load_name_templates()[name] + suffix + env_key = env_key.upper().replace("-", "_") + return os.environ[env_key] def _merge_dictionaries(a, b): diff --git a/jupyterhub/templates/hub/configmap.yaml b/jupyterhub/templates/hub/configmap.yaml index 7f7adb769c..d36563ab3d 100644 --- a/jupyterhub/templates/hub/configmap.yaml +++ b/jupyterhub/templates/hub/configmap.yaml @@ -16,6 +16,6 @@ data: Their purpose is to help containers be able to reference dynamically determined resource names. */}} - name-templates: | - {{- include "jupyterhub.name-templates" . | fromYaml | toYaml | nindent 4 }} + name-templates.yaml: | + {{- include "jupyterhub.name-templates" . | nindent 4 }} {{- include "jupyterhub.name-templates" . | nindent 2 }} From 371b5016471a3840f5d788d00ae47409645fb19d Mon Sep 17 00:00:00 2001 From: Erik Sundell Date: Sat, 9 Jan 2021 04:44:15 +0100 Subject: [PATCH 14/28] Enable named templates to be used by parent charts' . scope --- jupyterhub/templates/_helpers-names.tpl | 53 +++++++++++++++---------- 1 file changed, 32 insertions(+), 21 deletions(-) diff --git a/jupyterhub/templates/_helpers-names.tpl b/jupyterhub/templates/_helpers-names.tpl index 4ec9eff3e2..f05d6925ed 100644 --- a/jupyterhub/templates/_helpers-names.tpl +++ b/jupyterhub/templates/_helpers-names.tpl @@ -1,6 +1,7 @@ {{- /* -There are five modes to name resources: +There are five modes to name resources, for more details see schema.yaml or the +rendered configuration reference under fullnameOverride / nameOverride. 1. namespaced: component fullnameOverride: "", nameOverride: ? cluster wide: release-component @@ -9,28 +10,15 @@ There are five modes to name resources: 4. independent: release-(nameOverride-)component fullnameOverride: null, nameOverride: str (omitted if contained in release) 5. independent: release-(chart-)component fullnameOverride: null, nameOverride: null (omitted if contained in release) - With such dynamic naming, referencing them is a bit complicated. With dynamic -names, we cannot use hardcoded strings. So, how do we reference them? +names, we cannot use hardcoded strings. So, how do we reference them from this +chart and parent charts depending on this chart? From templates... Rely on the named templates below, so instead of referencing "hub" as a name, reference the named template "jupyterhub.hub.fullname" passing the . scope. - FIXME: - - For this to work for a chart that depends on this chart, we must - be able to traverse the .Values to this chart's values. If for - example the daskhub chart depends on this and reference the - named template "jupyterhub.proxy-public.fullname" - .Values.fullnameOverride will be used instead of the desired - ".Values.jupyterhub.fullnameOverride". - - One workaround is to make our name template translate - .Values.jupyterhub.X to .Values.X, but this is a hack as daskhub - may use an alias etc... - From containers... Rely on the hub ConfigMap which both has a blob of YAML and individual @@ -40,10 +28,28 @@ From containers... {{- /* The chart's resources' name prefix */}} {{- define "jupyterhub.fullname" -}} -{{- if eq (typeOf .Values.fullnameOverride) "string" }} -{{- .Values.fullnameOverride }} +{{- /* + A hack to avoid issues from invoking this from a parent Helm chart. + + Caveats and notes: + 1. While parent charts can, their parents chart can't reference these + 2. The parent chart must not use an alias for this chart + 3. There is no failsafe workaround to above due to + https://github.com/helm/helm/issues/9214. + 4. Note that .Chart is of type *chart.Metadata needs to be casted to a + normal dict by doing "toYaml | fromYaml" for normal dict inspection. +*/}} +{{- $fullname_override := .Values.fullnameOverride }} +{{- $name_override := .Values.fullnameOverride }} +{{- if ne .Chart.Name "jupyterhub" }} +{{- $fullname_override = .Values.jupyterhub.fullnameOverride }} +{{- $name_override = .Values.jupyterhub.fullnameOverride }} +{{- end }} + +{{- if eq (typeOf $fullname_override) "string" }} +{{- $fullname_override }} {{- else }} -{{- $name := .Values.nameOverride | default .Chart.Name }} +{{- $name := $name_override | default .Chart.Name }} {{- if contains $name .Release.Name }} {{- .Release.Name }} {{- else }} @@ -68,8 +74,13 @@ From containers... {{- /* hub-secret Secret */}} {{- define "jupyterhub.hub-secret.fullname" -}} -{{- if .Values.hub.existingSecret }} -{{- .Values.hub.existingSecret }} +{{- /* A hack to avoid issues from invoking this from a parent Helm chart. */}} +{{- $existing_secret := .Values.hub.existingSecret }} +{{- if ne .Chart.Name "jupyterhub" }} +{{- $existing_secret = .Values.jupyterhub.hub.existingSecret }} +{{- end }} +{{- if $existing_secret }} +{{- $existing_secret }} {{- else }} {{- include "jupyterhub.hub.fullname" . }}-secret {{- end }} From c633cc9496a9f7e076aa015c7041150eccb4f8a5 Mon Sep 17 00:00:00 2001 From: Erik Sundell Date: Sat, 9 Jan 2021 05:37:39 +0100 Subject: [PATCH 15/28] docs: config ref. fullnameOverride and nameOverride --- jupyterhub/schema.yaml | 41 +++++++++++++++++++++++++++++++++++++++++ 1 file changed, 41 insertions(+) diff --git a/jupyterhub/schema.yaml b/jupyterhub/schema.yaml index a91bf95253..076021d24c 100644 --- a/jupyterhub/schema.yaml +++ b/jupyterhub/schema.yaml @@ -1,6 +1,47 @@ title: Config type: object properties: + fullnameOverride: + type: string + description: | + fullnameOverride and nameOverride allow you to adjust how the resources + part of the Helm chart are named. + + Name format | Resource types | fullnameOverride | nameOverride | Note + - | - | - | - | - + component | namespaced | `""` | * | Default + release-component | cluster wide | `""` | * | Default + fullname-component | * | str | * | - + release-component | * | null | `""` | - + release-(name-)component | * | null | str | omitted if contained in release + release-(chart-)component | * | null | null | omitted if contained in release + + If you are a developer of a chart depending on this chart, you should + avoid hardcoding names. If you want to reference the name of a resource in + this chart from a parent helm chart's template, you can make use of the + global named templates instead. + + ```yaml + # some pod definition of a parent chart helm template + schedulerName: {{ include "jupyterhub.user-scheduler-ref.fullname" . }} + ``` + + To access them from a container, you can also rely on the hub ConfigMap + that contains entries of all the resource names. + + ```yaml + # some container definition in a parent chart helm template + env: + - name: SCHEDULER_NAME + valueFrom: + configMapKeyRef: + name: {{ include "jupyterhub.hub.fullname" . }} + key: user-scheduler-ref + ``` + nameOverride: + type: string + description: | + See `fullnameOverride`. imagePullSecret: type: object description: | From 77d54ab8a7a6ec281e9544505849b7765e379d2b Mon Sep 17 00:00:00 2001 From: Erik Sundell Date: Tue, 12 Jan 2021 06:25:30 +0100 Subject: [PATCH 16/28] Rename: k8s Secret hub-secret to be named hub --- jupyterhub/templates/_helpers-names.tpl | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/jupyterhub/templates/_helpers-names.tpl b/jupyterhub/templates/_helpers-names.tpl index f05d6925ed..00c01b4841 100644 --- a/jupyterhub/templates/_helpers-names.tpl +++ b/jupyterhub/templates/_helpers-names.tpl @@ -82,7 +82,7 @@ From containers... {{- if $existing_secret }} {{- $existing_secret }} {{- else }} -{{- include "jupyterhub.hub.fullname" . }}-secret +{{- include "jupyterhub.hub.fullname" . }} {{- end }} {{- end }} From 42238e5ba91cb744964439077df402bc66d94df7 Mon Sep 17 00:00:00 2001 From: Erik Sundell Date: Tue, 12 Jan 2021 06:29:38 +0100 Subject: [PATCH 17/28] Rename: name of user user-scheduler's named templates --- jupyterhub/files/hub/jupyterhub_config.py | 2 +- jupyterhub/schema.yaml | 4 ++-- jupyterhub/templates/_helpers-names.tpl | 12 ++++++------ .../scheduling/user-placeholder/statefulset.yaml | 2 +- .../scheduling/user-scheduler/configmap.yaml | 4 ++-- .../scheduling/user-scheduler/deployment.yaml | 10 +++++----- .../templates/scheduling/user-scheduler/pdb.yaml | 2 +- .../templates/scheduling/user-scheduler/rbac.yaml | 8 ++++---- 8 files changed, 22 insertions(+), 22 deletions(-) diff --git a/jupyterhub/files/hub/jupyterhub_config.py b/jupyterhub/files/hub/jupyterhub_config.py index d497d48e8f..f80efbec62 100644 --- a/jupyterhub/files/hub/jupyterhub_config.py +++ b/jupyterhub/files/hub/jupyterhub_config.py @@ -186,7 +186,7 @@ def camelCaseify(s): # scheduling: if get_config("scheduling.userScheduler.enabled"): - c.KubeSpawner.scheduler_name = get_name("user-scheduler-ref") + c.KubeSpawner.scheduler_name = get_name("user-scheduler") if get_config("scheduling.podPriority.enabled"): c.KubeSpawner.priority_class_name = get_name("priority") diff --git a/jupyterhub/schema.yaml b/jupyterhub/schema.yaml index 076021d24c..ffdfef0498 100644 --- a/jupyterhub/schema.yaml +++ b/jupyterhub/schema.yaml @@ -23,7 +23,7 @@ properties: ```yaml # some pod definition of a parent chart helm template - schedulerName: {{ include "jupyterhub.user-scheduler-ref.fullname" . }} + schedulerName: {{ include "jupyterhub.user-scheduler.fullname" . }} ``` To access them from a container, you can also rely on the hub ConfigMap @@ -36,7 +36,7 @@ properties: valueFrom: configMapKeyRef: name: {{ include "jupyterhub.hub.fullname" . }} - key: user-scheduler-ref + key: user-scheduler ``` nameOverride: type: string diff --git a/jupyterhub/templates/_helpers-names.tpl b/jupyterhub/templates/_helpers-names.tpl index 00c01b4841..cbe1374d35 100644 --- a/jupyterhub/templates/_helpers-names.tpl +++ b/jupyterhub/templates/_helpers-names.tpl @@ -127,13 +127,13 @@ From containers... {{- end }} {{- /* user-scheduler Deployment */}} -{{- define "jupyterhub.user-scheduler.fullname" -}} +{{- define "jupyterhub.user-scheduler-deploy.fullname" -}} {{- include "jupyterhub.fullname.dash" . }}user-scheduler {{- end }} {{- /* user-scheduler leader election lock resource */}} {{- define "jupyterhub.user-scheduler-lock.fullname" -}} -{{- include "jupyterhub.user-scheduler.fullname" . }}-lock +{{- include "jupyterhub.user-scheduler-deploy.fullname" . }}-lock {{- end }} {{- /* user-placeholder StatefulSet */}} @@ -199,9 +199,9 @@ jupyterhub {{- end }} {{- /* user-scheduler ref - a cluster wide reference */}} -{{- define "jupyterhub.user-scheduler-ref.fullname" -}} +{{- define "jupyterhub.user-scheduler.fullname" -}} {{- if (include "jupyterhub.fullname.dash" .) }} -{{- include "jupyterhub.user-scheduler.fullname" . }} +{{- include "jupyterhub.user-scheduler-deploy.fullname" . }} {{- else -}} {{ .Release.Name }}-user-scheduler {{- end }} @@ -225,7 +225,7 @@ proxy-public: {{ include "jupyterhub.proxy-public.fullname" . | quote }} proxy-public-tls: {{ include "jupyterhub.proxy-public-tls.fullname" . | quote }} proxy-public-manual-tls: {{ include "jupyterhub.proxy-public-manual-tls.fullname" . | quote }} autohttps: {{ include "jupyterhub.autohttps.fullname" . | quote }} -user-scheduler: {{ include "jupyterhub.user-scheduler.fullname" . | quote }} +user-scheduler-deploy: {{ include "jupyterhub.user-scheduler-deploy.fullname" . | quote }} user-scheduler-lock: {{ include "jupyterhub.user-scheduler-lock.fullname" . | quote }} user-placeholder: {{ include "jupyterhub.user-placeholder.fullname" . | quote }} hook-image-awaiter: {{ include "jupyterhub.hook-image-awaiter.fullname" . | quote }} @@ -236,5 +236,5 @@ image-pull-secret: {{ include "jupyterhub.image-pull-secret.fullname" . | quote ingress: {{ include "jupyterhub.ingress.fullname" . | quote }} priority: {{ include "jupyterhub.priority.fullname" . | quote }} user-placeholder-priority: {{ include "jupyterhub.user-placeholder-priority.fullname" . | quote }} -user-scheduler-ref: {{ include "jupyterhub.user-scheduler-ref.fullname" . | quote }} +user-scheduler: {{ include "jupyterhub.user-scheduler.fullname" . | quote }} {{- end }} diff --git a/jupyterhub/templates/scheduling/user-placeholder/statefulset.yaml b/jupyterhub/templates/scheduling/user-placeholder/statefulset.yaml index da2a384598..12f54be616 100644 --- a/jupyterhub/templates/scheduling/user-placeholder/statefulset.yaml +++ b/jupyterhub/templates/scheduling/user-placeholder/statefulset.yaml @@ -31,7 +31,7 @@ spec: priorityClassName: {{ include "jupyterhub.user-placeholder-priority.fullname" . }} {{- end }} {{- if .Values.scheduling.userScheduler.enabled }} - schedulerName: {{ include "jupyterhub.user-scheduler-ref.fullname" . }} + schedulerName: {{ include "jupyterhub.user-scheduler.fullname" . }} {{- end }} tolerations: {{- include "jupyterhub.userTolerations" . | nindent 8 }} diff --git a/jupyterhub/templates/scheduling/user-scheduler/configmap.yaml b/jupyterhub/templates/scheduling/user-scheduler/configmap.yaml index 8f3863167c..e1255f564f 100644 --- a/jupyterhub/templates/scheduling/user-scheduler/configmap.yaml +++ b/jupyterhub/templates/scheduling/user-scheduler/configmap.yaml @@ -2,7 +2,7 @@ kind: ConfigMap apiVersion: v1 metadata: - name: {{ include "jupyterhub.user-scheduler.fullname" . }} + name: {{ include "jupyterhub.user-scheduler-deploy.fullname" . }} labels: {{- include "jupyterhub.labels" . | nindent 4 }} data: @@ -15,7 +15,7 @@ data: resourceName: {{ include "jupyterhub.user-scheduler-lock.fullname" . }} resourceNamespace: {{ .Release.Namespace }} profiles: - - schedulerName: {{ include "jupyterhub.user-scheduler-ref.fullname" . }} + - schedulerName: {{ include "jupyterhub.user-scheduler.fullname" . }} plugins: {{- .Values.scheduling.userScheduler.plugins | toYaml | trimSuffix "\n" | nindent 10 }} diff --git a/jupyterhub/templates/scheduling/user-scheduler/deployment.yaml b/jupyterhub/templates/scheduling/user-scheduler/deployment.yaml index 19fba60055..71fea95f48 100644 --- a/jupyterhub/templates/scheduling/user-scheduler/deployment.yaml +++ b/jupyterhub/templates/scheduling/user-scheduler/deployment.yaml @@ -2,7 +2,7 @@ apiVersion: apps/v1 kind: Deployment metadata: - name: {{ include "jupyterhub.user-scheduler.fullname" . }} + name: {{ include "jupyterhub.user-scheduler-deploy.fullname" . }} labels: {{- include "jupyterhub.labels" . | nindent 4 }} spec: @@ -18,7 +18,7 @@ spec: checksum/config-map: {{ include (print $.Template.BasePath "/scheduling/user-scheduler/configmap.yaml") . | sha256sum }} spec: {{- if .Values.rbac.enabled }} - serviceAccountName: {{ include "jupyterhub.user-scheduler.fullname" . }} + serviceAccountName: {{ include "jupyterhub.user-scheduler-deploy.fullname" . }} {{- end }} {{- if .Values.scheduling.podPriority.enabled }} priorityClassName: {{ include "jupyterhub.priority.fullname" . }} @@ -29,12 +29,12 @@ spec: volumes: - name: config configMap: - name: {{ include "jupyterhub.user-scheduler.fullname" . }} + name: {{ include "jupyterhub.user-scheduler-deploy.fullname" . }} {{- with include "jupyterhub.imagePullSecrets" (dict "root" . "image" .Values.scheduling.userScheduler.image) }} imagePullSecrets: {{ . }} {{- end }} containers: - - name: {{ include "jupyterhub.user-scheduler.fullname" . }} + - name: {{ include "jupyterhub.user-scheduler-deploy.fullname" . }} # NOTE: When the kube-scheduler 1.17+ binaries fail to find CSINode # resource in the cluster, they won't start scheduling. Due to # this, we fallback to the latest functional version with its @@ -66,7 +66,7 @@ spec: - --config=/etc/user-scheduler/config.yaml - --authentication-skip-lookup=true {{- else }} - - --scheduler-name={{ include "jupyterhub.user-scheduler-ref.fullname" . }} + - --scheduler-name={{ include "jupyterhub.user-scheduler.fullname" . }} - --policy-config-file=/etc/user-scheduler/policy.cfg - --lock-object-name={{ include "jupyterhub.user-scheduler-lock.fullname" . }} - --lock-object-namespace={{ .Release.Namespace }} diff --git a/jupyterhub/templates/scheduling/user-scheduler/pdb.yaml b/jupyterhub/templates/scheduling/user-scheduler/pdb.yaml index 4cd10eae7f..d8ed345966 100644 --- a/jupyterhub/templates/scheduling/user-scheduler/pdb.yaml +++ b/jupyterhub/templates/scheduling/user-scheduler/pdb.yaml @@ -2,7 +2,7 @@ apiVersion: policy/v1beta1 kind: PodDisruptionBudget metadata: - name: {{ include "jupyterhub.user-scheduler.fullname" . }} + name: {{ include "jupyterhub.user-scheduler-deploy.fullname" . }} labels: {{- include "jupyterhub.labels" . | nindent 4 }} spec: diff --git a/jupyterhub/templates/scheduling/user-scheduler/rbac.yaml b/jupyterhub/templates/scheduling/user-scheduler/rbac.yaml index 13c7dacc2e..6c98586503 100644 --- a/jupyterhub/templates/scheduling/user-scheduler/rbac.yaml +++ b/jupyterhub/templates/scheduling/user-scheduler/rbac.yaml @@ -3,14 +3,14 @@ apiVersion: v1 kind: ServiceAccount metadata: - name: {{ include "jupyterhub.user-scheduler.fullname" . }} + name: {{ include "jupyterhub.user-scheduler-deploy.fullname" . }} labels: {{- include "jupyterhub.labels" . | nindent 4 }} --- kind: ClusterRole apiVersion: rbac.authorization.k8s.io/v1 metadata: - name: {{ include "jupyterhub.user-scheduler-ref.fullname" . }} + name: {{ include "jupyterhub.user-scheduler.fullname" . }} labels: {{- include "jupyterhub.labels" . | nindent 4 }} rules: @@ -194,7 +194,7 @@ rules: kind: ClusterRoleBinding apiVersion: rbac.authorization.k8s.io/v1 metadata: - name: {{ include "jupyterhub.user-scheduler-ref.fullname" . }} + name: {{ include "jupyterhub.user-scheduler.fullname" . }} labels: {{- include "jupyterhub.labels" . | nindent 4 }} subjects: @@ -203,7 +203,7 @@ subjects: namespace: {{ .Release.Namespace }} roleRef: kind: ClusterRole - name: {{ include "jupyterhub.user-scheduler-ref.fullname" . }} + name: {{ include "jupyterhub.user-scheduler.fullname" . }} apiGroup: rbac.authorization.k8s.io {{- end }} {{- end }} From 1cdfb22bd5e87a39e423f598d1a17f8a133630ec Mon Sep 17 00:00:00 2001 From: Erik Sundell Date: Tue, 12 Jan 2021 06:33:15 +0100 Subject: [PATCH 18/28] refactor: indentation of _helpers-names.tpl --- jupyterhub/templates/_helpers-names.tpl | 156 ++++++++++++------------ 1 file changed, 78 insertions(+), 78 deletions(-) diff --git a/jupyterhub/templates/_helpers-names.tpl b/jupyterhub/templates/_helpers-names.tpl index cbe1374d35..25479b9406 100644 --- a/jupyterhub/templates/_helpers-names.tpl +++ b/jupyterhub/templates/_helpers-names.tpl @@ -28,151 +28,151 @@ From containers... {{- /* The chart's resources' name prefix */}} {{- define "jupyterhub.fullname" -}} -{{- /* - A hack to avoid issues from invoking this from a parent Helm chart. - - Caveats and notes: - 1. While parent charts can, their parents chart can't reference these - 2. The parent chart must not use an alias for this chart - 3. There is no failsafe workaround to above due to - https://github.com/helm/helm/issues/9214. - 4. Note that .Chart is of type *chart.Metadata needs to be casted to a - normal dict by doing "toYaml | fromYaml" for normal dict inspection. -*/}} -{{- $fullname_override := .Values.fullnameOverride }} -{{- $name_override := .Values.fullnameOverride }} -{{- if ne .Chart.Name "jupyterhub" }} -{{- $fullname_override = .Values.jupyterhub.fullnameOverride }} -{{- $name_override = .Values.jupyterhub.fullnameOverride }} -{{- end }} - -{{- if eq (typeOf $fullname_override) "string" }} -{{- $fullname_override }} -{{- else }} -{{- $name := $name_override | default .Chart.Name }} -{{- if contains $name .Release.Name }} -{{- .Release.Name }} -{{- else }} -{{- .Release.Name }}-{{ $name }} -{{- end }} -{{- end }} + {{- /* + A hack to avoid issues from invoking this from a parent Helm chart. + + Caveats and notes: + 1. While parent charts can, their parents chart can't reference these + 2. The parent chart must not use an alias for this chart + 3. There is no failsafe workaround to above due to + https://github.com/helm/helm/issues/9214. + 4. Note that .Chart is of type *chart.Metadata needs to be casted to a + normal dict by doing "toYaml | fromYaml" for normal dict inspection. + */}} + {{- $fullname_override := .Values.fullnameOverride }} + {{- $name_override := .Values.fullnameOverride }} + {{- if ne .Chart.Name "jupyterhub" }} + {{- $fullname_override = .Values.jupyterhub.fullnameOverride }} + {{- $name_override = .Values.jupyterhub.fullnameOverride }} + {{- end }} + + {{- if eq (typeOf $fullname_override) "string" }} + {{- $fullname_override }} + {{- else }} + {{- $name := $name_override | default .Chart.Name }} + {{- if contains $name .Release.Name }} + {{- .Release.Name }} + {{- else }} + {{- .Release.Name }}-{{ $name }} + {{- end }} + {{- end }} {{- end }} {{- /* The chart's resources' name prefix with a separator dash */}} {{- define "jupyterhub.fullname.dash" -}} -{{- if (include "jupyterhub.fullname" .) }} -{{- include "jupyterhub.fullname" . }}- -{{- end }} + {{- if (include "jupyterhub.fullname" .) }} + {{- include "jupyterhub.fullname" . }}- + {{- end }} {{- end }} {{- /* hub Deployment */}} {{- define "jupyterhub.hub.fullname" -}} -{{- include "jupyterhub.fullname.dash" . }}hub + {{- include "jupyterhub.fullname.dash" . }}hub {{- end }} {{- /* hub-secret Secret */}} {{- define "jupyterhub.hub-secret.fullname" -}} -{{- /* A hack to avoid issues from invoking this from a parent Helm chart. */}} -{{- $existing_secret := .Values.hub.existingSecret }} -{{- if ne .Chart.Name "jupyterhub" }} -{{- $existing_secret = .Values.jupyterhub.hub.existingSecret }} -{{- end }} -{{- if $existing_secret }} -{{- $existing_secret }} -{{- else }} -{{- include "jupyterhub.hub.fullname" . }} -{{- end }} + {{- /* A hack to avoid issues from invoking this from a parent Helm chart. */}} + {{- $existing_secret := .Values.hub.existingSecret }} + {{- if ne .Chart.Name "jupyterhub" }} + {{- $existing_secret = .Values.jupyterhub.hub.existingSecret }} + {{- end }} + {{- if $existing_secret }} + {{- $existing_secret }} + {{- else }} + {{- include "jupyterhub.hub.fullname" . }} + {{- end }} {{- end }} {{- /* hub-db-dir PVC */}} {{- define "jupyterhub.hub-db-dir.fullname" -}} -{{- include "jupyterhub.hub.fullname" . }}-db-dir + {{- include "jupyterhub.hub.fullname" . }}-db-dir {{- end }} {{- /* proxy Deployment */}} {{- define "jupyterhub.proxy.fullname" -}} -{{- include "jupyterhub.fullname.dash" . }}proxy + {{- include "jupyterhub.fullname.dash" . }}proxy {{- end }} {{- /* proxy-api Service */}} {{- define "jupyterhub.proxy-api.fullname" -}} -{{- include "jupyterhub.proxy.fullname" . }}-api + {{- include "jupyterhub.proxy.fullname" . }}-api {{- end }} {{- /* proxy-http Service */}} {{- define "jupyterhub.proxy-http.fullname" -}} -{{- include "jupyterhub.proxy.fullname" . }}-http + {{- include "jupyterhub.proxy.fullname" . }}-http {{- end }} {{- /* proxy-public Service */}} {{- define "jupyterhub.proxy-public.fullname" -}} -{{- include "jupyterhub.proxy.fullname" . }}-public + {{- include "jupyterhub.proxy.fullname" . }}-public {{- end }} {{- /* proxy-public-tls Secret */}} {{- define "jupyterhub.proxy-public-tls.fullname" -}} -{{- include "jupyterhub.proxy-public.fullname" . }}-tls-acme + {{- include "jupyterhub.proxy-public.fullname" . }}-tls-acme {{- end }} {{- /* proxy-public-manual-tls Secret */}} {{- define "jupyterhub.proxy-public-manual-tls.fullname" -}} -{{- include "jupyterhub.proxy-public.fullname" . }}-manual-tls + {{- include "jupyterhub.proxy-public.fullname" . }}-manual-tls {{- end }} {{- /* autohttps Deployment */}} {{- define "jupyterhub.autohttps.fullname" -}} -{{- include "jupyterhub.fullname.dash" . }}autohttps + {{- include "jupyterhub.fullname.dash" . }}autohttps {{- end }} {{- /* user-scheduler Deployment */}} {{- define "jupyterhub.user-scheduler-deploy.fullname" -}} -{{- include "jupyterhub.fullname.dash" . }}user-scheduler + {{- include "jupyterhub.fullname.dash" . }}user-scheduler {{- end }} {{- /* user-scheduler leader election lock resource */}} {{- define "jupyterhub.user-scheduler-lock.fullname" -}} -{{- include "jupyterhub.user-scheduler-deploy.fullname" . }}-lock + {{- include "jupyterhub.user-scheduler-deploy.fullname" . }}-lock {{- end }} {{- /* user-placeholder StatefulSet */}} {{- define "jupyterhub.user-placeholder.fullname" -}} -{{- include "jupyterhub.fullname.dash" . }}user-placeholder + {{- include "jupyterhub.fullname.dash" . }}user-placeholder {{- end }} {{- /* image-awaiter Job */}} {{- define "jupyterhub.hook-image-awaiter.fullname" -}} -{{- include "jupyterhub.fullname.dash" . }}hook-image-awaiter + {{- include "jupyterhub.fullname.dash" . }}hook-image-awaiter {{- end }} {{- /* hook-image-puller DaemonSet */}} {{- define "jupyterhub.hook-image-puller.fullname" -}} -{{- include "jupyterhub.fullname.dash" . }}hook-image-puller + {{- include "jupyterhub.fullname.dash" . }}hook-image-puller {{- end }} {{- /* continuous-image-puller DaemonSet */}} {{- define "jupyterhub.continuous-image-puller.fullname" -}} -{{- include "jupyterhub.fullname.dash" . }}continuous-image-puller + {{- include "jupyterhub.fullname.dash" . }}continuous-image-puller {{- end }} {{- /* singleuser NetworkPolicy */}} {{- define "jupyterhub.singleuser.fullname" -}} -{{- include "jupyterhub.fullname.dash" . }}singleuser + {{- include "jupyterhub.fullname.dash" . }}singleuser {{- end }} {{- /* image-pull-secret Secret */}} {{- define "jupyterhub.image-pull-secret.fullname" -}} -{{- include "jupyterhub.fullname.dash" . }}image-pull-secret + {{- include "jupyterhub.fullname.dash" . }}image-pull-secret {{- end }} {{- /* Ingress */}} {{- define "jupyterhub.ingress.fullname" -}} -{{- if (include "jupyterhub.fullname.dash" .) }} -{{- include "jupyterhub.fullname.dash" . }} -{{- else -}} -jupyterhub -{{- end }} + {{- if (include "jupyterhub.fullname.dash" .) }} + {{- include "jupyterhub.fullname.dash" . }} + {{- else -}} + jupyterhub + {{- end }} {{- end }} @@ -182,29 +182,29 @@ jupyterhub {{- /* Priority */}} {{- define "jupyterhub.priority.fullname" -}} -{{- if (include "jupyterhub.fullname.dash" .) }} -{{- include "jupyterhub.fullname.dash" . }} -{{- else -}} -{{ .Release.Name }}-default-priority -{{- end }} + {{- if (include "jupyterhub.fullname.dash" .) }} + {{- include "jupyterhub.fullname.dash" . }} + {{- else }} + {{- .Release.Name }}-default-priority + {{- end }} {{- end }} {{- /* user-placeholder Priority */}} {{- define "jupyterhub.user-placeholder-priority.fullname" -}} -{{- if (include "jupyterhub.fullname.dash" .) }} -{{- include "jupyterhub.user-placeholder.fullname" . }} -{{- else -}} -{{ .Release.Name }}-user-placeholder-priority -{{- end }} + {{- if (include "jupyterhub.fullname.dash" .) }} + {{- include "jupyterhub.user-placeholder.fullname" . }} + {{- else }} + {{- .Release.Name }}-user-placeholder-priority + {{- end }} {{- end }} {{- /* user-scheduler ref - a cluster wide reference */}} {{- define "jupyterhub.user-scheduler.fullname" -}} -{{- if (include "jupyterhub.fullname.dash" .) }} -{{- include "jupyterhub.user-scheduler-deploy.fullname" . }} -{{- else -}} -{{ .Release.Name }}-user-scheduler -{{- end }} + {{- if (include "jupyterhub.fullname.dash" .) }} + {{- include "jupyterhub.user-scheduler-deploy.fullname" . }} + {{- else }} + {{- .Release.Name }}-user-scheduler + {{- end }} {{- end }} {{- /* From 643fb8fd114696fa069140e10fade7d145f3b789 Mon Sep 17 00:00:00 2001 From: Erik Sundell Date: Tue, 12 Jan 2021 06:39:36 +0100 Subject: [PATCH 19/28] Rename hub-db-dir to hub-pvc, but not the actual PVC --- jupyterhub/templates/_helpers-names.tpl | 6 +++--- jupyterhub/templates/hub/deployment.yaml | 6 +++--- jupyterhub/templates/hub/pvc.yaml | 2 +- 3 files changed, 7 insertions(+), 7 deletions(-) diff --git a/jupyterhub/templates/_helpers-names.tpl b/jupyterhub/templates/_helpers-names.tpl index 25479b9406..e6ee5d490c 100644 --- a/jupyterhub/templates/_helpers-names.tpl +++ b/jupyterhub/templates/_helpers-names.tpl @@ -86,8 +86,8 @@ From containers... {{- end }} {{- end }} -{{- /* hub-db-dir PVC */}} -{{- define "jupyterhub.hub-db-dir.fullname" -}} +{{- /* hub PVC */}} +{{- define "jupyterhub.hub-pvc.fullname" -}} {{- include "jupyterhub.hub.fullname" . }}-db-dir {{- end }} @@ -217,7 +217,7 @@ From containers... fullname: {{ include "jupyterhub.fullname" . | quote }} hub: {{ include "jupyterhub.hub.fullname" . | quote }} hub-secret: {{ include "jupyterhub.hub-secret.fullname" . | quote }} -hub-db-dir: {{ include "jupyterhub.hub-db-dir.fullname" . | quote }} +hub-pvc: {{ include "jupyterhub.hub-pvc.fullname" . | quote }} proxy: {{ include "jupyterhub.proxy.fullname" . | quote }} proxy-api: {{ include "jupyterhub.proxy-api.fullname" . | quote }} proxy-http: {{ include "jupyterhub.proxy-http.fullname" . | quote }} diff --git a/jupyterhub/templates/hub/deployment.yaml b/jupyterhub/templates/hub/deployment.yaml index ed5332f878..9dade6d741 100644 --- a/jupyterhub/templates/hub/deployment.yaml +++ b/jupyterhub/templates/hub/deployment.yaml @@ -47,9 +47,9 @@ spec: {{- .Values.hub.extraVolumes | toYaml | trimSuffix "\n" | nindent 8 }} {{- end }} {{- if eq .Values.hub.db.type "sqlite-pvc" }} - - name: hub-db-dir + - name: pvc persistentVolumeClaim: - claimName: {{ include "jupyterhub.hub-db-dir.fullname" . }} + claimName: {{ include "jupyterhub.hub-pvc.fullname" . }} {{- end }} {{- if .Values.rbac.enabled }} serviceAccountName: {{ include "jupyterhub.hub.fullname" . }} @@ -127,7 +127,7 @@ spec: {{- end }} {{- if eq .Values.hub.db.type "sqlite-pvc" }} - mountPath: /srv/jupyterhub - name: hub-db-dir + name: pvc {{- if .Values.hub.db.pvc.subPath }} subPath: {{ .Values.hub.db.pvc.subPath | quote }} {{- end }} diff --git a/jupyterhub/templates/hub/pvc.yaml b/jupyterhub/templates/hub/pvc.yaml index 0a2f5cd414..73cdfd837e 100644 --- a/jupyterhub/templates/hub/pvc.yaml +++ b/jupyterhub/templates/hub/pvc.yaml @@ -2,7 +2,7 @@ kind: PersistentVolumeClaim apiVersion: v1 metadata: - name: {{ include "jupyterhub.hub-db-dir.fullname" . }} + name: {{ include "jupyterhub.hub-pvc.fullname" . }} labels: {{- include "jupyterhub.labels" . | nindent 4 }} {{- if .Values.hub.db.pvc.annotations }} From b9e90948a4f093190201c89a0b2b23cfdd93f4ce Mon Sep 17 00:00:00 2001 From: Erik Sundell Date: Tue, 12 Jan 2021 06:43:49 +0100 Subject: [PATCH 20/28] bugfix: nameOverride didn't work as intended due to typo --- jupyterhub/templates/_helpers-names.tpl | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/jupyterhub/templates/_helpers-names.tpl b/jupyterhub/templates/_helpers-names.tpl index e6ee5d490c..f0e5ac9ad3 100644 --- a/jupyterhub/templates/_helpers-names.tpl +++ b/jupyterhub/templates/_helpers-names.tpl @@ -40,10 +40,10 @@ From containers... normal dict by doing "toYaml | fromYaml" for normal dict inspection. */}} {{- $fullname_override := .Values.fullnameOverride }} - {{- $name_override := .Values.fullnameOverride }} + {{- $name_override := .Values.nameOverride }} {{- if ne .Chart.Name "jupyterhub" }} {{- $fullname_override = .Values.jupyterhub.fullnameOverride }} - {{- $name_override = .Values.jupyterhub.fullnameOverride }} + {{- $name_override = .Values.jupyterhub.nameOverride }} {{- end }} {{- if eq (typeOf $fullname_override) "string" }} From 5cd4b6658f7dcde7424eeeb1214f6d7bdb1546a7 Mon Sep 17 00:00:00 2001 From: Erik Sundell Date: Tue, 12 Jan 2021 08:45:13 +0100 Subject: [PATCH 21/28] docs: correct mistake in docstring --- jupyterhub/files/hub/z2jh.py | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/jupyterhub/files/hub/z2jh.py b/jupyterhub/files/hub/z2jh.py index f6d0a7c23a..26a928e818 100644 --- a/jupyterhub/files/hub/z2jh.py +++ b/jupyterhub/files/hub/z2jh.py @@ -12,7 +12,8 @@ # memoize so we only load config once @lru_cache() def _load_config(): - """Load Helm chart configuration passed through a mounted ConfigMap.""" + """Load the Helm chart configuration used to render the Helm templates of + the chart from a mounted k8s Secret.""" path = f"/etc/jupyterhub/secret/values.yaml" if os.path.exists(path): From 52877ebac8c17897d03ae436857ad8434f57f62e Mon Sep 17 00:00:00 2001 From: Erik Sundell Date: Tue, 12 Jan 2021 09:09:24 +0100 Subject: [PATCH 22/28] ci: helm diff, reduce diff context to +-3 lines like in a git diff --- .github/workflows/test-chart.yaml | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/.github/workflows/test-chart.yaml b/.github/workflows/test-chart.yaml index 81cf0f7b91..de95c561c1 100644 --- a/.github/workflows/test-chart.yaml +++ b/.github/workflows/test-chart.yaml @@ -160,7 +160,11 @@ jobs: - name: "Helm diff ${{ matrix.upgrade-from }} chart with current chart" if: matrix.test == 'upgrade' run: | - helm diff upgrade --install jupyterhub ./jupyterhub --values dev-config.yaml + # FIXME: consider if there is a way we can avoid being cluttered with + # changes to the "chart" label defined in _helpers.tpl + # "jupyterhub.commonLabels" named template. + helm diff upgrade --install jupyterhub ./jupyterhub --values dev-config.yaml \ + --context 3 - name: "Await ${{ matrix.upgrade-from }} chart" if: matrix.test == 'upgrade' From 2cf91acefb1fc265769c6c24906f74e9891358be Mon Sep 17 00:00:00 2001 From: Erik Sundell Date: Tue, 12 Jan 2021 13:31:22 +0100 Subject: [PATCH 23/28] try helm diff with less clutter --- .github/workflows/test-chart.yaml | 21 +++++++++++++++++---- ci/string-replacer.sh | 12 ++++++++++++ 2 files changed, 29 insertions(+), 4 deletions(-) create mode 100755 ci/string-replacer.sh diff --git a/.github/workflows/test-chart.yaml b/.github/workflows/test-chart.yaml index de95c561c1..19ad1551c8 100644 --- a/.github/workflows/test-chart.yaml +++ b/.github/workflows/test-chart.yaml @@ -148,6 +148,7 @@ jobs: run: | . ./ci/common UPGRADE_FROM_VERSION=$(curl -sS https://jupyterhub.github.io/helm-chart/info.json | jq -er '.jupyterhub.${{ matrix.upgrade-from }}') + echo "UPGRADE_FROM_VERSION=$UPGRADE_FROM_VERSION" >> $GITHUB_ENV echo "" echo "Installing already released jupyterhub version $UPGRADE_FROM_VERSION" @@ -157,14 +158,26 @@ jobs: echo "Installing Helm diff plugin while k8s resources are initializing" helm plugin install https://github.com/databus23/helm-diff + # ref: https://github.com/jacobtomlinson/gha-read-helm-chart + - name: Load local Chart.yaml + id: chart + uses: jacobtomlinson/gha-read-helm-chart@0.1.3 + with: + path: jupyterhub + - name: "Helm diff ${{ matrix.upgrade-from }} chart with current chart" if: matrix.test == 'upgrade' run: | - # FIXME: consider if there is a way we can avoid being cluttered with - # changes to the "chart" label defined in _helpers.tpl - # "jupyterhub.commonLabels" named template. + export STRING_REPLACER_A=${{ steps.chart.outputs.version }} + export STRING_REPLACER_B=$UPGRADE_FROM_VERSION + + echo "NOTE: For the helm diff only, we have replaced the new chart" + echo " version with the old chart version to reduce clutter." + echo + helm diff upgrade --install jupyterhub ./jupyterhub --values dev-config.yaml \ - --context 3 + --context=3 \ + --post-renderer=ci/string-replacer.sh - name: "Await ${{ matrix.upgrade-from }} chart" if: matrix.test == 'upgrade' diff --git a/ci/string-replacer.sh b/ci/string-replacer.sh new file mode 100755 index 0000000000..38194204c4 --- /dev/null +++ b/ci/string-replacer.sh @@ -0,0 +1,12 @@ +#!/bin/bash +# +# In .github/workflows/test-chart.yaml, we test upgrading one chart version to +# another. After having installed the first version we run "helm diff" with the +# new version. +# +# This script created to be referenced by helm's --post-renderer flag to replace +# strings in the rendered templates into something that doesn't change. +# + +set -eu +sed -e "s|$STRING_REPLACER_A|$STRING_REPLACER_B|" < /dev/stdin From 448ed6d05746c412f1952887ee4d909ac75e83d9 Mon Sep 17 00:00:00 2001 From: Erik Sundell Date: Sun, 17 Jan 2021 08:18:26 +0100 Subject: [PATCH 24/28] Don't duplicate entries in configmap --- jupyterhub/files/hub/z2jh.py | 19 +++++++++++-------- jupyterhub/templates/hub/configmap.yaml | 23 +++++++++++++---------- 2 files changed, 24 insertions(+), 18 deletions(-) diff --git a/jupyterhub/files/hub/z2jh.py b/jupyterhub/files/hub/z2jh.py index 26a928e818..ac4239b507 100644 --- a/jupyterhub/files/hub/z2jh.py +++ b/jupyterhub/files/hub/z2jh.py @@ -25,25 +25,28 @@ def _load_config(): @lru_cache() -def _load_name_templates(): - """Load dynamically determined k8s resource names so we can reference them - from within the container.""" +def _get_config_value(key): + """Load value from the k8s ConfigMap given a key.""" - path = f"/etc/jupyterhub/config/name-templates.yaml" + path = f"/etc/jupyterhub/config/{key}" if os.path.exists(path): - print(f"Loading {path}") with open(path) as f: - return yaml.safe_load(f) + return f.read() else: raise Exception(f"{path} not found!") def get_name(name): - return _load_name_templates()[name] + """Returns the fullname of a resource given its short name""" + return _get_config_value(name) def get_name_env(name, suffix=""): - env_key = _load_name_templates()[name] + suffix + """Returns the fullname of a resource given its short name along with a + suffix, converted to uppercase with dashes replaced with underscores. This + is useful to reference named services associated environment variables, such + as PROXY_PUBLIC_SERVICE_PORT.""" + env_key = _get_config_value(name) + suffix env_key = env_key.upper().replace("-", "_") return os.environ[env_key] diff --git a/jupyterhub/templates/hub/configmap.yaml b/jupyterhub/templates/hub/configmap.yaml index d36563ab3d..60e9371c23 100644 --- a/jupyterhub/templates/hub/configmap.yaml +++ b/jupyterhub/templates/hub/configmap.yaml @@ -5,17 +5,20 @@ metadata: labels: {{- include "jupyterhub.labels" . | nindent 4 }} data: - {{- /* Glob files to allow them to be mounted by the hub pod */ -}} - {{- /* key=filename: value=content */ -}} - {{- (.Files.Glob "files/hub/*").AsConfig | nindent 2 }} - {{- /* - The name templates from _helpers-names.tpl are made available both as a - single YAML blob and as separate key-value pairs for direct reference. + Resource names exposed to reliably reference them. - Their purpose is to help containers be able to reference dynamically - determined resource names. + user-scheduler: "my-helm-release-user-scheduler" + ... */}} - name-templates.yaml: | - {{- include "jupyterhub.name-templates" . | nindent 4 }} {{- include "jupyterhub.name-templates" . | nindent 2 }} + + {{- /* + Glob files to allow them to be mounted by the hub pod + + jupyterhub_config: | + multi line string content... + z2jh.py: | + multi line string content... + */}} + {{- (.Files.Glob "files/hub/*").AsConfig | nindent 2 }} From d5b31a13a8c6ab53f5ebe70d5290940629450f7b Mon Sep 17 00:00:00 2001 From: Erik Sundell Date: Sun, 17 Jan 2021 08:18:48 +0100 Subject: [PATCH 25/28] Refine inline docs --- jupyterhub/templates/_helpers-names.tpl | 76 ++++++++++++++----------- 1 file changed, 43 insertions(+), 33 deletions(-) diff --git a/jupyterhub/templates/_helpers-names.tpl b/jupyterhub/templates/_helpers-names.tpl index f0e5ac9ad3..2e45b26593 100644 --- a/jupyterhub/templates/_helpers-names.tpl +++ b/jupyterhub/templates/_helpers-names.tpl @@ -1,43 +1,38 @@ {{- /* + These helpers encapsulates logic on how we name resources. They also enable + parent charts to reference these dynamic resource names. -There are five modes to name resources, for more details see schema.yaml or the -rendered configuration reference under fullnameOverride / nameOverride. + To avoid duplicating documentation, for more information, please see the the + fullnameOverride entry in schema.yaml or the configuration reference that + schema.yaml renders to. - 1. namespaced: component fullnameOverride: "", nameOverride: ? - cluster wide: release-component - 2. independent: fullnameOverride-component fullnameOverride: str, nameOverride: ? - 3. independent: release-component fullnameOverride: null, nameOverride: "" - 4. independent: release-(nameOverride-)component fullnameOverride: null, nameOverride: str (omitted if contained in release) - 5. independent: release-(chart-)component fullnameOverride: null, nameOverride: null (omitted if contained in release) - -With such dynamic naming, referencing them is a bit complicated. With dynamic -names, we cannot use hardcoded strings. So, how do we reference them from this -chart and parent charts depending on this chart? - -From templates... - - Rely on the named templates below, so instead of referencing "hub" as a name, - reference the named template "jupyterhub.hub.fullname" passing the . scope. + https://z2jh.jupyter.org/en/latest/resources/reference.html#fullnameOverride +*/}} -From containers... - Rely on the hub ConfigMap which both has a blob of YAML and individual - key/value pairs. +{{- /* + Utility templates */}} -{{- /* The chart's resources' name prefix */}} +{{- /* + Renders to a prefix for the chart's resource names. This prefix is assumed to + make the resource name cluster unique. +*/}} {{- define "jupyterhub.fullname" -}} {{- /* - A hack to avoid issues from invoking this from a parent Helm chart. + We have implemented a trick to allow a parent chart depending on this + chart to call these named templates. Caveats and notes: - 1. While parent charts can, their parents chart can't reference these - 2. The parent chart must not use an alias for this chart + + 1. While parent charts can reference these, grandparent charts can't. + 2. Parent charts must not use an alias for this chart. 3. There is no failsafe workaround to above due to - https://github.com/helm/helm/issues/9214. - 4. Note that .Chart is of type *chart.Metadata needs to be casted to a - normal dict by doing "toYaml | fromYaml" for normal dict inspection. + https://github.com/helm/helm/issues/9214. + 4. .Chart is of its own type (*chart.Metadata) and needs to be casted + using "toYaml | fromYaml" in order to be able to use normal helm + template functions on it. */}} {{- $fullname_override := .Values.fullnameOverride }} {{- $name_override := .Values.nameOverride }} @@ -58,7 +53,10 @@ From containers... {{- end }} {{- end }} -{{- /* The chart's resources' name prefix with a separator dash */}} +{{- /* + Renders to a blank string or if the fullname template is truthy renders to it + with an appended dash. +*/}} {{- define "jupyterhub.fullname.dash" -}} {{- if (include "jupyterhub.fullname" .) }} {{- include "jupyterhub.fullname" . }}- @@ -67,12 +65,16 @@ From containers... +{{- /* + Namespaced resources +*/}} + {{- /* hub Deployment */}} {{- define "jupyterhub.hub.fullname" -}} {{- include "jupyterhub.fullname.dash" . }}hub {{- end }} -{{- /* hub-secret Secret */}} +{{- /* hub Secret */}} {{- define "jupyterhub.hub-secret.fullname" -}} {{- /* A hack to avoid issues from invoking this from a parent Helm chart. */}} {{- $existing_secret := .Values.hub.existingSecret }} @@ -176,8 +178,13 @@ From containers... {{- end }} + {{- /* Cluster wide resources + + We enforce uniqueness of names for our cluster wide resources. We assume that + the prefix from setting fullnameOverride to null or a string will be cluster + unique. */}} {{- /* Priority */}} @@ -198,7 +205,7 @@ From containers... {{- end }} {{- end }} -{{- /* user-scheduler ref - a cluster wide reference */}} +{{- /* user-scheduler's registered name */}} {{- define "jupyterhub.user-scheduler.fullname" -}} {{- if (include "jupyterhub.fullname.dash" .) }} {{- include "jupyterhub.user-scheduler-deploy.fullname" . }} @@ -207,14 +214,17 @@ From containers... {{- end }} {{- end }} + + {{- /* - name-templates - a template rendering all name templates so its easy to - emit them to a configmap. + A template to render all the named templates in this file for use in the + hub's ConfigMap. - IMPORTANT: Ensure 1:1 mapping of references + It is important we keep this in sync with the available templates. */}} {{- define "jupyterhub.name-templates" -}} fullname: {{ include "jupyterhub.fullname" . | quote }} +fullname-dash: {{ include "jupyterhub.fullname.dash" . | quote }} hub: {{ include "jupyterhub.hub.fullname" . | quote }} hub-secret: {{ include "jupyterhub.hub-secret.fullname" . | quote }} hub-pvc: {{ include "jupyterhub.hub-pvc.fullname" . | quote }} From 5e8836801e0f509fe73f13010f371216cd20b68a Mon Sep 17 00:00:00 2001 From: Erik Sundell Date: Sun, 17 Jan 2021 14:27:17 +0100 Subject: [PATCH 26/28] docs: warn about changes to fullnameOverride/nameOverride --- jupyterhub/schema.yaml | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) diff --git a/jupyterhub/schema.yaml b/jupyterhub/schema.yaml index ffdfef0498..45b631fc9e 100644 --- a/jupyterhub/schema.yaml +++ b/jupyterhub/schema.yaml @@ -16,6 +16,14 @@ properties: release-(name-)component | * | null | str | omitted if contained in release release-(chart-)component | * | null | null | omitted if contained in release + ```{admonition} Warning! + :class: warning + Changing fullnameOverride or nameOverride after the initial installation + of the chart isn't supported. Changing their values likely leads to a + reset of non-external JupyterHub databases, abandonment of users' storage, + and severed couplings to currently running user pods. + ``` + If you are a developer of a chart depending on this chart, you should avoid hardcoding names. If you want to reference the name of a resource in this chart from a parent helm chart's template, you can make use of the @@ -35,13 +43,13 @@ properties: - name: SCHEDULER_NAME valueFrom: configMapKeyRef: - name: {{ include "jupyterhub.hub.fullname" . }} + name: {{ include "jupyterhub.user-scheduler.fullname" . }} key: user-scheduler ``` nameOverride: type: string description: | - See `fullnameOverride`. + See the documentation under [`fullnameOverride`](schema_fullnameOverride). imagePullSecret: type: object description: | From 254dc9b6da769e308a0c9676826e8a3609d6f342 Mon Sep 17 00:00:00 2001 From: Erik Sundell Date: Sun, 17 Jan 2021 15:54:21 +0100 Subject: [PATCH 27/28] ci: fix bug caused by --repo --- .github/workflows/test-chart.yaml | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/.github/workflows/test-chart.yaml b/.github/workflows/test-chart.yaml index 19ad1551c8..9077481b46 100644 --- a/.github/workflows/test-chart.yaml +++ b/.github/workflows/test-chart.yaml @@ -152,7 +152,13 @@ jobs: echo "" echo "Installing already released jupyterhub version $UPGRADE_FROM_VERSION" - helm install jupyterhub --repo https://jupyterhub.github.io/helm-chart/ jupyterhub --values dev-config.yaml --version=$UPGRADE_FROM_VERSION + + # FIXME: We change the directory so jupyterhub the chart name won't be + # misunderstood as the local folder name. + # + # https://github.com/helm/helm/issues/9244 + cd ci + helm install jupyterhub --repo https://jupyterhub.github.io/helm-chart/ jupyterhub --values ../dev-config.yaml --version=$UPGRADE_FROM_VERSION echo "" echo "Installing Helm diff plugin while k8s resources are initializing" From afb3f44054889a0872505e6caeb682e5bb52b720 Mon Sep 17 00:00:00 2001 From: Erik Sundell Date: Sun, 17 Jan 2021 15:55:12 +0100 Subject: [PATCH 28/28] ci: readability improvements --- .github/workflows/test-chart.yaml | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/.github/workflows/test-chart.yaml b/.github/workflows/test-chart.yaml index 9077481b46..718f3257a3 100644 --- a/.github/workflows/test-chart.yaml +++ b/.github/workflows/test-chart.yaml @@ -166,20 +166,23 @@ jobs: # ref: https://github.com/jacobtomlinson/gha-read-helm-chart - name: Load local Chart.yaml - id: chart + id: local-chart uses: jacobtomlinson/gha-read-helm-chart@0.1.3 with: path: jupyterhub - - name: "Helm diff ${{ matrix.upgrade-from }} chart with current chart" + - name: "Helm diff ${{ matrix.upgrade-from }} chart with local chart" if: matrix.test == 'upgrade' run: | - export STRING_REPLACER_A=${{ steps.chart.outputs.version }} + export STRING_REPLACER_A=${{ steps.local-chart.outputs.version }} export STRING_REPLACER_B=$UPGRADE_FROM_VERSION echo "NOTE: For the helm diff only, we have replaced the new chart" echo " version with the old chart version to reduce clutter." echo + echo " Old version: $UPGRADE_FROM_VERSION" + echo " New version: ${{ steps.local-chart.outputs.version }} (replaced)" + echo helm diff upgrade --install jupyterhub ./jupyterhub --values dev-config.yaml \ --context=3 \ @@ -193,7 +196,7 @@ jobs: await_autohttps_tls_cert_acquisition await_autohttps_tls_cert_save - - name: "Install or upgrade to current chart" + - name: "Install or upgrade to local chart" run: | . ./ci/common helm upgrade --install jupyterhub ./jupyterhub --values dev-config.yaml