From 0b2587fdea2c82ceaceac96fbbddd74bb5bc244f Mon Sep 17 00:00:00 2001 From: Nate Franzen Date: Thu, 3 Dec 2020 15:15:17 -0800 Subject: [PATCH 1/4] enterprise-gateway-2.3.0 reference https://jupyter-enterprise-gateway.readthedocs.io/en/latest/kernel-kubernetes.html#configuration modified from https://github.com/jupyter/enterprise_gateway/releases/download/v2.3.0/jupyter_enterprise_gateway_helm-2.3.0.tgz --- charts/enterprise-gateway/Chart.yaml | 11 +++ .../templates/clusterrole.yaml | 34 ++++++++ .../templates/clusterrolebinding.yaml | 18 ++++ .../templates/daemonset.yaml | 39 +++++++++ .../templates/deployment.yaml | 85 ++++++++++++++++++ .../enterprise-gateway/templates/ingress.yaml | 35 ++++++++ .../templates/notebooks.yaml | 47 ++++++++++ .../enterprise-gateway/templates/service.yaml | 24 ++++++ .../templates/serviceaccount.yaml | 11 +++ charts/enterprise-gateway/values.yaml | 86 +++++++++++++++++++ 10 files changed, 390 insertions(+) create mode 100644 charts/enterprise-gateway/Chart.yaml create mode 100644 charts/enterprise-gateway/templates/clusterrole.yaml create mode 100644 charts/enterprise-gateway/templates/clusterrolebinding.yaml create mode 100644 charts/enterprise-gateway/templates/daemonset.yaml create mode 100644 charts/enterprise-gateway/templates/deployment.yaml create mode 100644 charts/enterprise-gateway/templates/ingress.yaml create mode 100644 charts/enterprise-gateway/templates/notebooks.yaml create mode 100644 charts/enterprise-gateway/templates/service.yaml create mode 100644 charts/enterprise-gateway/templates/serviceaccount.yaml create mode 100644 charts/enterprise-gateway/values.yaml diff --git a/charts/enterprise-gateway/Chart.yaml b/charts/enterprise-gateway/Chart.yaml new file mode 100644 index 0000000..2430c8e --- /dev/null +++ b/charts/enterprise-gateway/Chart.yaml @@ -0,0 +1,11 @@ +name: enterprise-gateway +description: A helm chart to deploy Jupyter Enterprise Gateway +version: 2.3.0 +apiVersion: v1 +icon: https://avatars1.githubusercontent.com/u/7388996?s=200&v=4 +home: https://jupyter.org/enterprise_gateway +sources: + - https://github.com/jupyter/enterprise_gateway +kubeVersion: '>=1.11.0-0' +tillerVersion: '>=2.11.0-0' + diff --git a/charts/enterprise-gateway/templates/clusterrole.yaml b/charts/enterprise-gateway/templates/clusterrole.yaml new file mode 100644 index 0000000..4a127d1 --- /dev/null +++ b/charts/enterprise-gateway/templates/clusterrole.yaml @@ -0,0 +1,34 @@ +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: enterprise-gateway-controller + labels: + app: enterprise-gateway + component: enterprise-gateway + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +rules: + - apiGroups: [""] + resources: ["pods", "namespaces", "services", "configmaps", "secrets", "persistentvolumes", "persistentvolumeclaims"] + verbs: ["get", "watch", "list", "create", "delete"] + - apiGroups: ["rbac.authorization.k8s.io"] + resources: ["rolebindings"] + verbs: ["get", "list", "create", "delete"] +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + # Referenced by EG_KERNEL_CLUSTER_ROLE in the Deployment + name: {{ .Values.kernel.clusterRole }} + labels: + app: enterprise-gateway + component: kernel + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +rules: + - apiGroups: [""] + resources: ["pods"] + verbs: ["get", "watch", "list", "create", "delete"] diff --git a/charts/enterprise-gateway/templates/clusterrolebinding.yaml b/charts/enterprise-gateway/templates/clusterrolebinding.yaml new file mode 100644 index 0000000..bd5509b --- /dev/null +++ b/charts/enterprise-gateway/templates/clusterrolebinding.yaml @@ -0,0 +1,18 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: enterprise-gateway-controller + labels: + app: enterprise-gateway + component: enterprise-gateway + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +subjects: + - kind: ServiceAccount + name: enterprise-gateway-sa + namespace: {{ .Release.Namespace }} +roleRef: + kind: ClusterRole + name: enterprise-gateway-controller + apiGroup: rbac.authorization.k8s.io diff --git a/charts/enterprise-gateway/templates/daemonset.yaml b/charts/enterprise-gateway/templates/daemonset.yaml new file mode 100644 index 0000000..7425e9c --- /dev/null +++ b/charts/enterprise-gateway/templates/daemonset.yaml @@ -0,0 +1,39 @@ +{{- if .Values.kip.enabled }} +apiVersion: apps/v1 +kind: DaemonSet +metadata: + name: kernel-image-puller + namespace: {{ .Release.Namespace }} +spec: + selector: + matchLabels: + name: kernel-image-puller + template: + metadata: + labels: + name: kernel-image-puller + app: enterprise-gateway + component: kernel-image-puller + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} + spec: + containers: + - name: kernel-image-puller + image: {{ .Values.kip.image }} + imagePullPolicy: {{ .Values.kip.imagePullPolicy }} + env: + - name: KIP_GATEWAY_HOST + value: "http://enterprise-gateway.{{ .Release.Namespace }}:{{ .Values.port }}" + - name: KIP_INTERVAL + value: !!str {{ .Values.kip.interval }} + - name: KIP_PULL_POLICY + value: {{ .Values.kip.pullPolicy }} + volumeMounts: + - name: dockersock + mountPath: "/var/run/docker.sock" + volumes: + - name: dockersock + hostPath: + path: /var/run/docker.sock +{{- end }} diff --git a/charts/enterprise-gateway/templates/deployment.yaml b/charts/enterprise-gateway/templates/deployment.yaml new file mode 100644 index 0000000..e3104cf --- /dev/null +++ b/charts/enterprise-gateway/templates/deployment.yaml @@ -0,0 +1,85 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: enterprise-gateway + namespace: {{ .Release.Namespace }} + labels: + gateway-selector: enterprise-gateway + app: enterprise-gateway + component: enterprise-gateway + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +spec: + replicas: {{ .Values.replicas }} + selector: + matchLabels: + gateway-selector: enterprise-gateway + template: + metadata: + labels: + gateway-selector: enterprise-gateway + app: enterprise-gateway + component: enterprise-gateway + spec: + # Created by this chart. + serviceAccountName: enterprise-gateway-sa +{{- if .Values.kernelspecs.image }} + initContainers: + - name: kernelspecs + image: {{ .Values.kernelspecs.image }} + imagePullPolicy: {{ .Values.kernelspecs.imagePullPolicy }} + args: ["cp", "-r", "/kernels", "/usr/local/share/jupyter"] + volumeMounts: + - name: image-kernelspecs + mountPath: "/usr/local/share/jupyter/kernels" +{{- end }} + containers: + - name: enterprise-gateway + image: {{ .Values.image }} + imagePullPolicy: {{ .Values.imagePullPolicy }} + env: + - name: EG_PORT + value: !!str {{ .Values.port }} + - name: EG_NAMESPACE + value: {{ .Release.Namespace }} + - name: EG_KERNEL_CLUSTER_ROLE + value: {{ .Values.kernel.clusterRole }} + - name: EG_SHARED_NAMESPACE + value: {{ if .Values.kernel.shareGatewayNamespace }}"True"{{ else }}"False"{{ end }} +{{- if and .Values.kernel.kernelNamespace (not .Values.kernel.shareGatewayNamespace )}} + - name: KERNEL_NAMESPACE + value: {{ .Values.kernel.kernelNamespace }} +{{- end }} + - name: EG_MIRROR_WORKING_DIRS + value: {{ if .Values.mirrorWorkingDirs }}"True"{{ else }}"False"{{ end }} + - name: EG_CULL_IDLE_TIMEOUT + value: !!str {{ .Values.kernel.cullIdleTimeout }} + - name: EG_LOG_LEVEL + value: {{ .Values.logLevel }} + - name: EG_KERNEL_LAUNCH_TIMEOUT + value: !!str {{ .Values.kernel.launchTimeout }} + - name: EG_KERNEL_WHITELIST + value: {{ toJson .Values.kernel.whitelist | squote }} + - name: EG_DEFAULT_KERNEL_NAME + value: {{ .Values.kernel.defaultKernelName }} + ports: + - containerPort: {{ .Values.port }} +{{- if .Values.nfs.enabled }} + volumeMounts: + - name: nfs-kernelspecs + mountPath: "/usr/local/share/jupyter/kernels" + volumes: + - name: nfs-kernelspecs + nfs: + server: {{ .Values.nfs.internalServerIPAddress }} + path: "/usr/local/share/jupyter/kernels" +{{- else if .Values.kernelspecs.image }} + volumeMounts: + - name: image-kernelspecs + mountPath: "/usr/local/share/jupyter/kernels" + volumes: + - name: image-kernelspecs + emptyDir: + medium: Memory +{{- end }} diff --git a/charts/enterprise-gateway/templates/ingress.yaml b/charts/enterprise-gateway/templates/ingress.yaml new file mode 100644 index 0000000..9ec6a3a --- /dev/null +++ b/charts/enterprise-gateway/templates/ingress.yaml @@ -0,0 +1,35 @@ +{{ if .Values.ingress.enabled }} +apiVersion: extensions/v1beta1 +kind: Ingress +metadata: + namespace: {{ .Release.Namespace }} + name: enterprise-gateway-ingress + annotations: +{{- if .Values.ingress.nginx.enabled }} +{{- with .Values.ingress.nginx.annotations }} +{{ toYaml . | indent 4 }} +{{- end }} +{{- else if .Values.ingress.traefik.enabled }} +{{- with .Values.ingress.traefik.annotations }} +{{ toYaml . | indent 4 }} +{{- end }} +{{- end }} +spec: + rules: + {{- if .Values.ingress.hostName }} + - host: {{ .Values.ingress.hostName }} + http: + {{- else }} + - http: + {{- end }} + paths: +{{- if .Values.ingress.nginx.enabled }} + - path: {{ .Values.ingress.nginx.path }} +{{- else if .Values.ingress.traefik.enabled }} + - path: {{ .Values.ingress.traefik.path }} +{{- end }} + backend: + serviceName: enterprise-gateway + servicePort: {{ .Values.port }} +{{ end }} + diff --git a/charts/enterprise-gateway/templates/notebooks.yaml b/charts/enterprise-gateway/templates/notebooks.yaml new file mode 100644 index 0000000..3042762 --- /dev/null +++ b/charts/enterprise-gateway/templates/notebooks.yaml @@ -0,0 +1,47 @@ +{{- if and .Values.kernel.kernelNamespace (not .Values.kernel.shareGatewayNamespace )}} +apiVersion: v1 +kind: Namespace +metadata: + name: {{ .Values.kernel.kernelNamespace }} + labels: + app: enterprise-gateway + component: kernel + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: kernel-sa + namespace: {{ .Values.kernel.kernelNamespace }} + labels: + app: enterprise-gateway + component: kernel + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: {{ .Values.kernel.kernelNamespace }} + namespace: {{ .Values.kernel.kernelNamespace }} + labels: + app: enterprise-gateway + component: kernel + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +subjects: + - kind: ServiceAccount + name: default + namespace: {{ .Values.kernel.kernelNamespace }} + - kind: ServiceAccount + name: kernel-sa + namespace: {{ .Values.kernel.kernelNamespace }} +roleRef: + kind: ClusterRole + name: {{ .Values.kernel.clusterRole }} + apiGroup: rbac.authorization.k8s.io +{{- end }} \ No newline at end of file diff --git a/charts/enterprise-gateway/templates/service.yaml b/charts/enterprise-gateway/templates/service.yaml new file mode 100644 index 0000000..1c68e8e --- /dev/null +++ b/charts/enterprise-gateway/templates/service.yaml @@ -0,0 +1,24 @@ +apiVersion: v1 +kind: Service +metadata: + labels: + app: enterprise-gateway + component: enterprise-gateway + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} + name: enterprise-gateway + namespace: {{ .Release.Namespace }} +spec: + ports: + - name: http + port: {{ .Values.port }} + targetPort: {{ .Values.port }} + selector: + gateway-selector: enterprise-gateway + sessionAffinity: ClientIP + type: NodePort +{{- if .Values.k8sMasterPublicIP }} + externalIPs: + - {{ .Values.k8sMasterPublicIP }} +{{- end }} diff --git a/charts/enterprise-gateway/templates/serviceaccount.yaml b/charts/enterprise-gateway/templates/serviceaccount.yaml new file mode 100644 index 0000000..f09582c --- /dev/null +++ b/charts/enterprise-gateway/templates/serviceaccount.yaml @@ -0,0 +1,11 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: enterprise-gateway-sa + namespace: {{ .Release.Namespace }} + labels: + app: enterprise-gateway + component: enterprise-gateway + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} diff --git a/charts/enterprise-gateway/values.yaml b/charts/enterprise-gateway/values.yaml new file mode 100644 index 0000000..aa58672 --- /dev/null +++ b/charts/enterprise-gateway/values.yaml @@ -0,0 +1,86 @@ +# Enterprise Gateway image name and tag to use. +image: elyra/enterprise-gateway:2.3.0 +# Enterprise Gateway image pull policy. +imagePullPolicy: IfNotPresent +# The primary port on which Enterprise Gateway is servicing requests. +port: 8888 +# Update to deploy multiple replicas of EG. +replicas: 1 +# Log output level. +logLevel: DEBUG +# Whether to mirror working directories. +mirrorWorkingDirs: false +# Master public IP on which to expose EG. +k8sMasterPublicIP: + +kernel: + # Kernel cluster role created by this chart. + clusterRole: kernel-controller + # Will start kernels in the same namespace as EG if True. + shareGatewayNamespace: false + # ignored if shareGatewayNamespace + kernelNamespace: spark-notebooks + # Timeout for kernel launching in seconds. + launchTimeout: 60 + # Timeout for an idle kernel before its culled in seconds. Default is 1 hour. + cullIdleTimeout: 3600 + # List of kernel names that are available for use. + whitelist: + - r_kubernetes + - python_kubernetes + - python_tf_kubernetes + - python_tf_gpu_kubernetes + - scala_kubernetes + - spark_r_kubernetes + - spark_python_kubernetes + - spark_scala_kubernetes + # Default kernel name should be something from the whitelist + defaultKernelName: python_kubernetes + +kernelspecs: + # Optional custom data image containing kernelspecs to use. + image: + # Kernelspecs image pull policy. + imagePullPolicy: Always + +nfs: + enabled: false + # IP address of NFS server. Required if enabled. + internalServerIPAddress: + +ingress: + enabled: false + + # Ingress resource host + hostName: "" + + # Ingress resource annotations to be included depending in ingress controller. + traefik: + enabled: true + path: /gateway + annotations: + kubernetes.io/ingress.class: "traefik" + traefik.frontend.rule.type: PathPrefixStrip + + nginx: + enabled: false + path: /gateway/?(.*) + annotations: + kubernetes.io/ingress.class: "nginx" + nginx.ingress.kubernetes.io/rewrite-target: /$1 + nginx.ingress.kubernetes.io/ssl-redirect: "false" + nginx.ingress.kubernetes.io/force-ssl-redirect: "false" + +# Kernel Image Puller (daemonset) +kip: + enabled: true + # Kernel Image Puller image name and tag to use. + image: elyra/kernel-image-puller:2.3.0 + # Kernel Image Puller image pull policy. + imagePullPolicy: IfNotPresent + # Determines whether the Kernel Image Puller will pull kernel images it has previously pulled + pullPolicy: IfNotPresent + # The interval (in seconds) at which the Kernel Image Puller fetches kernelspecs to pull kernel images. + interval: 300 + + From 929553c914c56bab0e51c34371bb54b39f9b667e Mon Sep 17 00:00:00 2001 From: Nate Franzen Date: Thu, 3 Dec 2020 15:29:14 -0800 Subject: [PATCH 2/4] yamllint --- charts/enterprise-gateway/Chart.yaml | 1 - charts/enterprise-gateway/values.yaml | 8 ++++---- 2 files changed, 4 insertions(+), 5 deletions(-) diff --git a/charts/enterprise-gateway/Chart.yaml b/charts/enterprise-gateway/Chart.yaml index 2430c8e..a2a8975 100644 --- a/charts/enterprise-gateway/Chart.yaml +++ b/charts/enterprise-gateway/Chart.yaml @@ -8,4 +8,3 @@ sources: - https://github.com/jupyter/enterprise_gateway kubeVersion: '>=1.11.0-0' tillerVersion: '>=2.11.0-0' - diff --git a/charts/enterprise-gateway/values.yaml b/charts/enterprise-gateway/values.yaml index aa58672..aef7bfa 100644 --- a/charts/enterprise-gateway/values.yaml +++ b/charts/enterprise-gateway/values.yaml @@ -78,9 +78,9 @@ kip: image: elyra/kernel-image-puller:2.3.0 # Kernel Image Puller image pull policy. imagePullPolicy: IfNotPresent - # Determines whether the Kernel Image Puller will pull kernel images it has previously pulled + # Determines whether the Kernel Image Puller will pull kernel images it has + # previously pulled pullPolicy: IfNotPresent - # The interval (in seconds) at which the Kernel Image Puller fetches kernelspecs to pull kernel images. + # The interval (in seconds) at which the Kernel Image Puller fetches + # kernelspecs to pull kernel images. interval: 300 - - From 1c9865d299de85a4e5605910c6b76b727c9d74aa Mon Sep 17 00:00:00 2001 From: Nate Franzen Date: Thu, 3 Dec 2020 15:53:46 -0800 Subject: [PATCH 3/4] add chart maintainer --- charts/enterprise-gateway/Chart.yaml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/charts/enterprise-gateway/Chart.yaml b/charts/enterprise-gateway/Chart.yaml index a2a8975..faeb193 100644 --- a/charts/enterprise-gateway/Chart.yaml +++ b/charts/enterprise-gateway/Chart.yaml @@ -8,3 +8,6 @@ sources: - https://github.com/jupyter/enterprise_gateway kubeVersion: '>=1.11.0-0' tillerVersion: '>=2.11.0-0' +maintainers: + - name: Nathan Franzen + email: nate.franzen@netapp.com From 5e7a6889e42ec81e3c4c45a608b6f5520ee47a58 Mon Sep 17 00:00:00 2001 From: Nate Franzen Date: Fri, 4 Dec 2020 09:49:50 -0800 Subject: [PATCH 4/4] use kernel_sa serviceaccount; exclude tensorflow --- charts/enterprise-gateway/Chart.yaml | 2 +- charts/enterprise-gateway/templates/deployment.yaml | 2 ++ charts/enterprise-gateway/templates/notebooks.yaml | 3 --- charts/enterprise-gateway/values.yaml | 4 +--- 4 files changed, 4 insertions(+), 7 deletions(-) diff --git a/charts/enterprise-gateway/Chart.yaml b/charts/enterprise-gateway/Chart.yaml index faeb193..b546a2c 100644 --- a/charts/enterprise-gateway/Chart.yaml +++ b/charts/enterprise-gateway/Chart.yaml @@ -9,5 +9,5 @@ sources: kubeVersion: '>=1.11.0-0' tillerVersion: '>=2.11.0-0' maintainers: - - name: Nathan Franzen + - name: ntfrnzn email: nate.franzen@netapp.com diff --git a/charts/enterprise-gateway/templates/deployment.yaml b/charts/enterprise-gateway/templates/deployment.yaml index e3104cf..f140267 100644 --- a/charts/enterprise-gateway/templates/deployment.yaml +++ b/charts/enterprise-gateway/templates/deployment.yaml @@ -53,6 +53,8 @@ spec: {{- end }} - name: EG_MIRROR_WORKING_DIRS value: {{ if .Values.mirrorWorkingDirs }}"True"{{ else }}"False"{{ end }} + - name: KERNEL_SERVICE_ACCOUNT_NAME + value: kernel_sa - name: EG_CULL_IDLE_TIMEOUT value: !!str {{ .Values.kernel.cullIdleTimeout }} - name: EG_LOG_LEVEL diff --git a/charts/enterprise-gateway/templates/notebooks.yaml b/charts/enterprise-gateway/templates/notebooks.yaml index 3042762..35d1921 100644 --- a/charts/enterprise-gateway/templates/notebooks.yaml +++ b/charts/enterprise-gateway/templates/notebooks.yaml @@ -34,9 +34,6 @@ metadata: release: {{ .Release.Name }} heritage: {{ .Release.Service }} subjects: - - kind: ServiceAccount - name: default - namespace: {{ .Values.kernel.kernelNamespace }} - kind: ServiceAccount name: kernel-sa namespace: {{ .Values.kernel.kernelNamespace }} diff --git a/charts/enterprise-gateway/values.yaml b/charts/enterprise-gateway/values.yaml index aef7bfa..0e2000b 100644 --- a/charts/enterprise-gateway/values.yaml +++ b/charts/enterprise-gateway/values.yaml @@ -19,7 +19,7 @@ kernel: # Will start kernels in the same namespace as EG if True. shareGatewayNamespace: false # ignored if shareGatewayNamespace - kernelNamespace: spark-notebooks + kernelNamespace: jupyter-notebooks # Timeout for kernel launching in seconds. launchTimeout: 60 # Timeout for an idle kernel before its culled in seconds. Default is 1 hour. @@ -28,8 +28,6 @@ kernel: whitelist: - r_kubernetes - python_kubernetes - - python_tf_kubernetes - - python_tf_gpu_kubernetes - scala_kubernetes - spark_r_kubernetes - spark_python_kubernetes