diff --git a/jupyter/base/charts/jupyterhub/Chart.yaml b/jupyter/base/charts/jupyterhub/Chart.yaml index 04c3906..eaa3033 100644 --- a/jupyter/base/charts/jupyterhub/Chart.yaml +++ b/jupyter/base/charts/jupyterhub/Chart.yaml @@ -1,24 +1,24 @@ annotations: artifacthub.io/images: | - - image: jupyterhub/configurable-http-proxy:4.5.6 + - image: quay.io/jupyterhub/configurable-http-proxy:4.6.1 name: configurable-http-proxy - - image: jupyterhub/k8s-hub:3.0.3 + - image: quay.io/jupyterhub/k8s-hub:3.2.1 name: k8s-hub - - image: jupyterhub/k8s-image-awaiter:3.0.3 + - image: quay.io/jupyterhub/k8s-image-awaiter:3.2.1 name: k8s-image-awaiter - - image: jupyterhub/k8s-network-tools:3.0.3 + - image: quay.io/jupyterhub/k8s-network-tools:3.2.1 name: k8s-network-tools - - image: jupyterhub/k8s-secret-sync:3.0.3 + - image: quay.io/jupyterhub/k8s-secret-sync:3.2.1 name: k8s-secret-sync - - image: jupyterhub/k8s-singleuser-sample:3.0.3 + - image: quay.io/jupyterhub/k8s-singleuser-sample:3.2.1 name: k8s-singleuser-sample - - image: registry.k8s.io/kube-scheduler:v1.26.8 + - image: registry.k8s.io/kube-scheduler:v1.26.11 name: kube-scheduler - image: registry.k8s.io/pause:3.9 name: pause - image: registry.k8s.io/pause:3.9 name: pause - - image: traefik:v2.10.4 + - image: traefik:v2.10.5 name: traefik apiVersion: v2 appVersion: 4.0.2 @@ -38,4 +38,4 @@ maintainers: name: jupyterhub sources: - https://github.com/jupyterhub/zero-to-jupyterhub-k8s -version: 3.0.3 +version: 3.2.1 diff --git a/jupyter/base/charts/jupyterhub/templates/image-puller/_helpers-daemonset.tpl b/jupyter/base/charts/jupyterhub/templates/image-puller/_helpers-daemonset.tpl index 1fe8276..610f8bd 100644 --- a/jupyter/base/charts/jupyterhub/templates/image-puller/_helpers-daemonset.tpl +++ b/jupyter/base/charts/jupyterhub/templates/image-puller/_helpers-daemonset.tpl @@ -134,6 +134,7 @@ spec: {{- /* --- Conditionally pull profileList images --- */}} {{- if .Values.prePuller.pullProfileListImages }} {{- range $k, $container := .Values.singleuser.profileList }} + {{- /* profile's kubespawner_override */}} {{- if $container.kubespawner_override }} {{- if $container.kubespawner_override.image }} - name: image-pull-singleuser-profilelist-{{ $k }} @@ -152,6 +153,33 @@ spec: {{- end }} {{- end }} {{- end }} + {{- /* kubespawner_override in profile's profile_options */}} + {{- if $container.profile_options }} + {{- range $option, $option_spec := $container.profile_options }} + {{- if $option_spec.choices }} + {{- range $choice, $choice_spec := $option_spec.choices }} + {{- if $choice_spec.kubespawner_override }} + {{- if $choice_spec.kubespawner_override.image }} + - name: image-pull-profile-{{ $k }}-option-{{ $option }}-{{ $choice }} + image: {{ $choice_spec.kubespawner_override.image }} + command: + - /bin/sh + - -c + - echo "Pulling complete" + {{- with $.Values.prePuller.resources }} + resources: + {{- . | toYaml | nindent 12 }} + {{- end }} + {{- with $.Values.prePuller.containerSecurityContext }} + securityContext: + {{- . | toYaml | nindent 12 }} + {{- end }} + {{- end }} + {{- end }} + {{- end }} + {{- end }} + {{- end }} + {{- end }} {{- end }} {{- end }} diff --git a/jupyter/base/charts/jupyterhub/values.yaml b/jupyter/base/charts/jupyterhub/values.yaml index 28544dd..eaa3875 100644 --- a/jupyter/base/charts/jupyterhub/values.yaml +++ b/jupyter/base/charts/jupyterhub/values.yaml @@ -83,8 +83,8 @@ hub: extraVolumes: [] extraVolumeMounts: [] image: - name: jupyterhub/k8s-hub - tag: "3.0.3" + name: quay.io/jupyterhub/k8s-hub + tag: "3.2.1" pullPolicy: pullSecrets: [] resources: {} @@ -201,11 +201,11 @@ proxy: runAsGroup: 65534 # nobody group allowPrivilegeEscalation: false image: - name: jupyterhub/configurable-http-proxy + name: quay.io/jupyterhub/configurable-http-proxy # tag is automatically bumped to new patch versions by the # watch-dependencies.yaml workflow. # - tag: "4.5.6" # https://github.com/jupyterhub/configurable-http-proxy/tags + tag: "4.6.1" # https://github.com/jupyterhub/configurable-http-proxy/tags pullPolicy: pullSecrets: [] extraCommandLineFlags: [] @@ -258,7 +258,7 @@ proxy: # tag is automatically bumped to new patch versions by the # watch-dependencies.yaml workflow. # - tag: "v2.10.4" # ref: https://hub.docker.com/_/traefik?tab=tags + tag: "v2.10.5" # ref: https://hub.docker.com/_/traefik?tab=tags pullPolicy: pullSecrets: [] hsts: @@ -304,8 +304,8 @@ proxy: runAsGroup: 65534 # nobody group allowPrivilegeEscalation: false image: - name: jupyterhub/k8s-secret-sync - tag: "3.0.3" + name: quay.io/jupyterhub/k8s-secret-sync + tag: "3.2.1" pullPolicy: pullSecrets: [] resources: {} @@ -344,8 +344,8 @@ singleuser: preferred: [] networkTools: image: - name: jupyterhub/k8s-network-tools - tag: "3.0.3" + name: quay.io/jupyterhub/k8s-network-tools + tag: "3.2.1" pullPolicy: pullSecrets: [] resources: {} @@ -396,8 +396,8 @@ singleuser: volumeNameTemplate: volume-{username}{servername} storageAccessModes: [ReadWriteOnce] image: - name: jupyterhub/k8s-singleuser-sample - tag: "3.0.3" + name: quay.io/jupyterhub/k8s-singleuser-sample + tag: "3.2.1" pullPolicy: pullSecrets: [] startTimeout: 300 @@ -519,7 +519,7 @@ scheduling: # here. We aim to stay around 1 minor version behind the latest k8s # version. # - tag: "v1.26.8" # ref: https://github.com/kubernetes/kubernetes/tree/master/CHANGELOG + tag: "v1.26.11" # ref: https://github.com/kubernetes/kubernetes/tree/master/CHANGELOG pullPolicy: pullSecrets: [] nodeSelector: {} @@ -605,8 +605,8 @@ prePuller: pullOnlyOnChanges: true # image and the configuration below relates to the hook-image-awaiter Job image: - name: jupyterhub/k8s-image-awaiter - tag: "3.0.3" + name: quay.io/jupyterhub/k8s-image-awaiter + tag: "3.2.1" pullPolicy: pullSecrets: [] containerSecurityContext: diff --git a/jupyter/base/values/values.yaml b/jupyter/base/values/values.yaml index 7b48010..0a0199d 100644 --- a/jupyter/base/values/values.yaml +++ b/jupyter/base/values/values.yaml @@ -11,16 +11,16 @@ hub: storageClassName: csi-sc-cinderplugin extraConfig: oauthCode: | - from oauthenticator.generic import GenericOAuthenticator - c.JupyterHub.authenticator_class = GenericOAuthenticator + c.JupyterHub.authenticator_class = "generic-oauth" c.GenericOAuthenticator.client_id = os.environ['NEXTCLOUD_CLIENT_ID'] c.GenericOAuthenticator.client_secret = os.environ['NEXTCLOUD_CLIENT_ID'] c.GenericOAuthenticator.login_service = 'Sunet Drive' - c.GenericOAuthenticator.username_key = lambda r: r.get('ocs', {}).get('data', {}).get('id') - c.GenericOAuthenticator.userdata_url = 'https://' + os.environ['NEXTCLOUD_HOST'] + '/ocs/v2.php/cloud/user?format=json' + c.GenericOAuthenticator.username_claim = lambda r: r.get('ocs', {}).get('data', {}).get('id') + c.GenericOAuthenticator.authorize_url = 'https://' + os.environ['NEXTCLOUD_HOST'] + '/index.php/apps/oauth2/authorize' c.GenericOAuthenticator.token_url = 'https://' + os.environ['NEXTCLOUD_HOST'] + '/index.php/apps/oauth2/api/v1/token' - c.GenericOAuthenticator.oauth_callback_url = 'https://' + os.environ['JUPYTER_HOST'] + '/hub/oauth_callback' + c.GenericOAuthenticator.userdata_url = 'https://' + os.environ['NEXTCLOUD_HOST'] + '/ocs/v2.php/cloud/user?format=json' + # c.GenericOAuthenticator.oauth_callback_url = 'https://' + os.environ['JUPYTER_HOST'] + '/hub/oauth_callback' extraEnv: NEXTCLOUD_HOST: sunet.drive.test.sunet.se @@ -35,6 +35,8 @@ hub: secretKeyRef: name: nextcloud-oauth-secrets key: client-secret + networkPolicy: + enabled: false singleuser: image: