diff --git a/charts/enterprise-gateway/Chart.yaml b/charts/enterprise-gateway/Chart.yaml new file mode 100644 index 0000000..b546a2c --- /dev/null +++ b/charts/enterprise-gateway/Chart.yaml @@ -0,0 +1,13 @@ +name: enterprise-gateway +description: A helm chart to deploy Jupyter Enterprise Gateway +version: 2.3.0 +apiVersion: v1 +icon: https://avatars1.githubusercontent.com/u/7388996?s=200&v=4 +home: https://jupyter.org/enterprise_gateway +sources: + - https://github.com/jupyter/enterprise_gateway +kubeVersion: '>=1.11.0-0' +tillerVersion: '>=2.11.0-0' +maintainers: + - name: ntfrnzn + email: nate.franzen@netapp.com diff --git a/charts/enterprise-gateway/templates/clusterrole.yaml b/charts/enterprise-gateway/templates/clusterrole.yaml new file mode 100644 index 0000000..4a127d1 --- /dev/null +++ b/charts/enterprise-gateway/templates/clusterrole.yaml @@ -0,0 +1,34 @@ +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: enterprise-gateway-controller + labels: + app: enterprise-gateway + component: enterprise-gateway + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +rules: + - apiGroups: [""] + resources: ["pods", "namespaces", "services", "configmaps", "secrets", "persistentvolumes", "persistentvolumeclaims"] + verbs: ["get", "watch", "list", "create", "delete"] + - apiGroups: ["rbac.authorization.k8s.io"] + resources: ["rolebindings"] + verbs: ["get", "list", "create", "delete"] +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + # Referenced by EG_KERNEL_CLUSTER_ROLE in the Deployment + name: {{ .Values.kernel.clusterRole }} + labels: + app: enterprise-gateway + component: kernel + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +rules: + - apiGroups: [""] + resources: ["pods"] + verbs: ["get", "watch", "list", "create", "delete"] diff --git a/charts/enterprise-gateway/templates/clusterrolebinding.yaml b/charts/enterprise-gateway/templates/clusterrolebinding.yaml new file mode 100644 index 0000000..bd5509b --- /dev/null +++ b/charts/enterprise-gateway/templates/clusterrolebinding.yaml @@ -0,0 +1,18 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: enterprise-gateway-controller + labels: + app: enterprise-gateway + component: enterprise-gateway + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +subjects: + - kind: ServiceAccount + name: enterprise-gateway-sa + namespace: {{ .Release.Namespace }} +roleRef: + kind: ClusterRole + name: enterprise-gateway-controller + apiGroup: rbac.authorization.k8s.io diff --git a/charts/enterprise-gateway/templates/daemonset.yaml b/charts/enterprise-gateway/templates/daemonset.yaml new file mode 100644 index 0000000..7425e9c --- /dev/null +++ b/charts/enterprise-gateway/templates/daemonset.yaml @@ -0,0 +1,39 @@ +{{- if .Values.kip.enabled }} +apiVersion: apps/v1 +kind: DaemonSet +metadata: + name: kernel-image-puller + namespace: {{ .Release.Namespace }} +spec: + selector: + matchLabels: + name: kernel-image-puller + template: + metadata: + labels: + name: kernel-image-puller + app: enterprise-gateway + component: kernel-image-puller + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} + spec: + containers: + - name: kernel-image-puller + image: {{ .Values.kip.image }} + imagePullPolicy: {{ .Values.kip.imagePullPolicy }} + env: + - name: KIP_GATEWAY_HOST + value: "http://enterprise-gateway.{{ .Release.Namespace }}:{{ .Values.port }}" + - name: KIP_INTERVAL + value: !!str {{ .Values.kip.interval }} + - name: KIP_PULL_POLICY + value: {{ .Values.kip.pullPolicy }} + volumeMounts: + - name: dockersock + mountPath: "/var/run/docker.sock" + volumes: + - name: dockersock + hostPath: + path: /var/run/docker.sock +{{- end }} diff --git a/charts/enterprise-gateway/templates/deployment.yaml b/charts/enterprise-gateway/templates/deployment.yaml new file mode 100644 index 0000000..f140267 --- /dev/null +++ b/charts/enterprise-gateway/templates/deployment.yaml @@ -0,0 +1,87 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: enterprise-gateway + namespace: {{ .Release.Namespace }} + labels: + gateway-selector: enterprise-gateway + app: enterprise-gateway + component: enterprise-gateway + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +spec: + replicas: {{ .Values.replicas }} + selector: + matchLabels: + gateway-selector: enterprise-gateway + template: + metadata: + labels: + gateway-selector: enterprise-gateway + app: enterprise-gateway + component: enterprise-gateway + spec: + # Created by this chart. + serviceAccountName: enterprise-gateway-sa +{{- if .Values.kernelspecs.image }} + initContainers: + - name: kernelspecs + image: {{ .Values.kernelspecs.image }} + imagePullPolicy: {{ .Values.kernelspecs.imagePullPolicy }} + args: ["cp", "-r", "/kernels", "/usr/local/share/jupyter"] + volumeMounts: + - name: image-kernelspecs + mountPath: "/usr/local/share/jupyter/kernels" +{{- end }} + containers: + - name: enterprise-gateway + image: {{ .Values.image }} + imagePullPolicy: {{ .Values.imagePullPolicy }} + env: + - name: EG_PORT + value: !!str {{ .Values.port }} + - name: EG_NAMESPACE + value: {{ .Release.Namespace }} + - name: EG_KERNEL_CLUSTER_ROLE + value: {{ .Values.kernel.clusterRole }} + - name: EG_SHARED_NAMESPACE + value: {{ if .Values.kernel.shareGatewayNamespace }}"True"{{ else }}"False"{{ end }} +{{- if and .Values.kernel.kernelNamespace (not .Values.kernel.shareGatewayNamespace )}} + - name: KERNEL_NAMESPACE + value: {{ .Values.kernel.kernelNamespace }} +{{- end }} + - name: EG_MIRROR_WORKING_DIRS + value: {{ if .Values.mirrorWorkingDirs }}"True"{{ else }}"False"{{ end }} + - name: KERNEL_SERVICE_ACCOUNT_NAME + value: kernel_sa + - name: EG_CULL_IDLE_TIMEOUT + value: !!str {{ .Values.kernel.cullIdleTimeout }} + - name: EG_LOG_LEVEL + value: {{ .Values.logLevel }} + - name: EG_KERNEL_LAUNCH_TIMEOUT + value: !!str {{ .Values.kernel.launchTimeout }} + - name: EG_KERNEL_WHITELIST + value: {{ toJson .Values.kernel.whitelist | squote }} + - name: EG_DEFAULT_KERNEL_NAME + value: {{ .Values.kernel.defaultKernelName }} + ports: + - containerPort: {{ .Values.port }} +{{- if .Values.nfs.enabled }} + volumeMounts: + - name: nfs-kernelspecs + mountPath: "/usr/local/share/jupyter/kernels" + volumes: + - name: nfs-kernelspecs + nfs: + server: {{ .Values.nfs.internalServerIPAddress }} + path: "/usr/local/share/jupyter/kernels" +{{- else if .Values.kernelspecs.image }} + volumeMounts: + - name: image-kernelspecs + mountPath: "/usr/local/share/jupyter/kernels" + volumes: + - name: image-kernelspecs + emptyDir: + medium: Memory +{{- end }} diff --git a/charts/enterprise-gateway/templates/ingress.yaml b/charts/enterprise-gateway/templates/ingress.yaml new file mode 100644 index 0000000..9ec6a3a --- /dev/null +++ b/charts/enterprise-gateway/templates/ingress.yaml @@ -0,0 +1,35 @@ +{{ if .Values.ingress.enabled }} +apiVersion: extensions/v1beta1 +kind: Ingress +metadata: + namespace: {{ .Release.Namespace }} + name: enterprise-gateway-ingress + annotations: +{{- if .Values.ingress.nginx.enabled }} +{{- with .Values.ingress.nginx.annotations }} +{{ toYaml . | indent 4 }} +{{- end }} +{{- else if .Values.ingress.traefik.enabled }} +{{- with .Values.ingress.traefik.annotations }} +{{ toYaml . | indent 4 }} +{{- end }} +{{- end }} +spec: + rules: + {{- if .Values.ingress.hostName }} + - host: {{ .Values.ingress.hostName }} + http: + {{- else }} + - http: + {{- end }} + paths: +{{- if .Values.ingress.nginx.enabled }} + - path: {{ .Values.ingress.nginx.path }} +{{- else if .Values.ingress.traefik.enabled }} + - path: {{ .Values.ingress.traefik.path }} +{{- end }} + backend: + serviceName: enterprise-gateway + servicePort: {{ .Values.port }} +{{ end }} + diff --git a/charts/enterprise-gateway/templates/notebooks.yaml b/charts/enterprise-gateway/templates/notebooks.yaml new file mode 100644 index 0000000..35d1921 --- /dev/null +++ b/charts/enterprise-gateway/templates/notebooks.yaml @@ -0,0 +1,44 @@ +{{- if and .Values.kernel.kernelNamespace (not .Values.kernel.shareGatewayNamespace )}} +apiVersion: v1 +kind: Namespace +metadata: + name: {{ .Values.kernel.kernelNamespace }} + labels: + app: enterprise-gateway + component: kernel + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: kernel-sa + namespace: {{ .Values.kernel.kernelNamespace }} + labels: + app: enterprise-gateway + component: kernel + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: {{ .Values.kernel.kernelNamespace }} + namespace: {{ .Values.kernel.kernelNamespace }} + labels: + app: enterprise-gateway + component: kernel + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +subjects: + - kind: ServiceAccount + name: kernel-sa + namespace: {{ .Values.kernel.kernelNamespace }} +roleRef: + kind: ClusterRole + name: {{ .Values.kernel.clusterRole }} + apiGroup: rbac.authorization.k8s.io +{{- end }} \ No newline at end of file diff --git a/charts/enterprise-gateway/templates/service.yaml b/charts/enterprise-gateway/templates/service.yaml new file mode 100644 index 0000000..1c68e8e --- /dev/null +++ b/charts/enterprise-gateway/templates/service.yaml @@ -0,0 +1,24 @@ +apiVersion: v1 +kind: Service +metadata: + labels: + app: enterprise-gateway + component: enterprise-gateway + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} + name: enterprise-gateway + namespace: {{ .Release.Namespace }} +spec: + ports: + - name: http + port: {{ .Values.port }} + targetPort: {{ .Values.port }} + selector: + gateway-selector: enterprise-gateway + sessionAffinity: ClientIP + type: NodePort +{{- if .Values.k8sMasterPublicIP }} + externalIPs: + - {{ .Values.k8sMasterPublicIP }} +{{- end }} diff --git a/charts/enterprise-gateway/templates/serviceaccount.yaml b/charts/enterprise-gateway/templates/serviceaccount.yaml new file mode 100644 index 0000000..f09582c --- /dev/null +++ b/charts/enterprise-gateway/templates/serviceaccount.yaml @@ -0,0 +1,11 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: enterprise-gateway-sa + namespace: {{ .Release.Namespace }} + labels: + app: enterprise-gateway + component: enterprise-gateway + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} diff --git a/charts/enterprise-gateway/values.yaml b/charts/enterprise-gateway/values.yaml new file mode 100644 index 0000000..0e2000b --- /dev/null +++ b/charts/enterprise-gateway/values.yaml @@ -0,0 +1,84 @@ +# Enterprise Gateway image name and tag to use. +image: elyra/enterprise-gateway:2.3.0 +# Enterprise Gateway image pull policy. +imagePullPolicy: IfNotPresent +# The primary port on which Enterprise Gateway is servicing requests. +port: 8888 +# Update to deploy multiple replicas of EG. +replicas: 1 +# Log output level. +logLevel: DEBUG +# Whether to mirror working directories. +mirrorWorkingDirs: false +# Master public IP on which to expose EG. +k8sMasterPublicIP: + +kernel: + # Kernel cluster role created by this chart. + clusterRole: kernel-controller + # Will start kernels in the same namespace as EG if True. + shareGatewayNamespace: false + # ignored if shareGatewayNamespace + kernelNamespace: jupyter-notebooks + # Timeout for kernel launching in seconds. + launchTimeout: 60 + # Timeout for an idle kernel before its culled in seconds. Default is 1 hour. + cullIdleTimeout: 3600 + # List of kernel names that are available for use. + whitelist: + - r_kubernetes + - python_kubernetes + - scala_kubernetes + - spark_r_kubernetes + - spark_python_kubernetes + - spark_scala_kubernetes + # Default kernel name should be something from the whitelist + defaultKernelName: python_kubernetes + +kernelspecs: + # Optional custom data image containing kernelspecs to use. + image: + # Kernelspecs image pull policy. + imagePullPolicy: Always + +nfs: + enabled: false + # IP address of NFS server. Required if enabled. + internalServerIPAddress: + +ingress: + enabled: false + + # Ingress resource host + hostName: "" + + # Ingress resource annotations to be included depending in ingress controller. + traefik: + enabled: true + path: /gateway + annotations: + kubernetes.io/ingress.class: "traefik" + traefik.frontend.rule.type: PathPrefixStrip + + nginx: + enabled: false + path: /gateway/?(.*) + annotations: + kubernetes.io/ingress.class: "nginx" + nginx.ingress.kubernetes.io/rewrite-target: /$1 + nginx.ingress.kubernetes.io/ssl-redirect: "false" + nginx.ingress.kubernetes.io/force-ssl-redirect: "false" + +# Kernel Image Puller (daemonset) +kip: + enabled: true + # Kernel Image Puller image name and tag to use. + image: elyra/kernel-image-puller:2.3.0 + # Kernel Image Puller image pull policy. + imagePullPolicy: IfNotPresent + # Determines whether the Kernel Image Puller will pull kernel images it has + # previously pulled + pullPolicy: IfNotPresent + # The interval (in seconds) at which the Kernel Image Puller fetches + # kernelspecs to pull kernel images. + interval: 300