streams-manifests/jupyter/overlays/test/values/values.yaml

debug:
  enabled: true
hub:
  config:
    Authenticator:
      auto_login: true
      enable_auth_state: true
    JupyterHub:
      tornado_settings:
        headers: { 'Content-Security-Policy': "frame-ancestors *;" }
  db:
    pvc:
      storageClassName: csi-sc-cinderplugin
  extraConfig:
    oauthCode: |
      import os
      from oauthenticator.generic import GenericOAuthenticator

      keycloak_base = 'https://' + os.environ['OAUTH2_HOST'] + '/realms/' + os.environ['OAUTH2_REALM'] + '/protocol/openid-connect'
      os.environ['OAUTH2_TOKEN_URL'] = keycloak_base + '/token'
      os.environ['OAUTH2_AUTHORIZE_URL'] = keycloak_base + '/auth'

      c.JupyterHub.authenticator_class = GenericOAuthenticator

      c.OAuthenticator.client_id = os.environ['OAUTH2_CLIENT_ID']
      c.OAuthenticator.client_secret = os.environ['OAUTH2_CLIENT_SECRET']

      c.GenericOAuthenticator.token_url =  os.environ['OAUTH2_TOKEN_URL']
      c.GenericOAuthenticator.userdata_url = keycloak_base + '/userinfo'
      c.GenericOAuthenticator.userdata_method = 'GET'
      c.GenericOAuthenticator.userdata_params = {'state': 'state'}
      c.GenericOAuthenticator.username_key = 'preferred_username'
      c.GenericOAuthenticator.scope = ['openid', 'profile', 'email']
      c.GenericOAuthenticator.admin_users = ['kano', 'benedith']
      c.GenericOAuthenticator.allow_all = True
      c.GenericOAuthenticator.authorize_url = os.environ['OAUTH2_AUTHORIZE_URL']
      c.GenericOAuthenticator.enable_auth_state = True
      c.GenericOAuthenticator.login_service = 'Keycloak'
      c.GenericOAuthenticator.oauth_callback_url = 'https://' + os.environ['JUPYTER_HOST'] + '/hub/oauth_callback'
      c.GenericOAuthenticator.refresh_pre_spawn = True
  extraEnv:
    JUPYTER_HOST: jupyter-test.streams.sunet.se
    JUPYTERHUB_API_KEY:
      valueFrom:
        secretKeyRef:
          name: jupyterhub-secrets
          key: api-key
    JUPYTERHUB_CRYPT_KEY:
      valueFrom:
        secretKeyRef:
          name: jupyterhub-secrets
          key: crypt-key
    OAUTH2_CLIENT_ID:
      valueFrom:
        secretKeyRef:
          name: keycloak-oauth-secrets
          key: client-id
    OAUTH2_CLIENT_SECRET:
      valueFrom:
        secretKeyRef:
          name: keycloak-oauth-secrets
          key: client-secret
    OAUTH2_HOST: keycloak-test.streams.sunet.se
    OAUTH2_REALM: streams
singleuser:
  image:
    name: quay.io/jupyter/datascience-notebook
    tag: python-3.12.8
  storage:
    dynamic:
      storageClass: csi-sc-cinderplugin
  extraEnv:
    JUPYTER_ENABLE_LAB: "yes"
    JUPYTER_HOST: jupyter-test.streams.sunet.se
    MINIO_ACCESS_KEY:
      valueFrom:
        secretKeyRef:
          name: minio-credentials
          key: MINIO_ACCESS_KEY
    MINIO_SECRET_KEY:
      valueFrom:
        secretKeyRef:
          name: minio-credentials
          key: MINIO_SECRET_KEY
    MINIO_ENDPOINT_URL: "https://s3.dco1.safedc.net"
  extraFiles:
    jupyter_notebook_config:
      mountPath: /home/jovyan/.jupyter/jupyter_server_config.py
      stringData: |
        import os
        c = get_config()
        c.NotebookApp.allow_origin = '*'
        c.NotebookApp.tornado_settings = {
            'headers': { 'Content-Security-Policy': "frame-ancestors *;" }
        }
      mode: 0644
Add jupyterhub, similar to drive 2025-01-30 13:09:08 +01:00			`debug:`
			`enabled: true`
			`hub:`
			`config:`
			`Authenticator:`
			`auto_login: true`
			`enable_auth_state: true`
			`JupyterHub:`
			`tornado_settings:`
			`headers: { 'Content-Security-Policy': "frame-ancestors *;" }`
			`db:`
			`pvc:`
			`storageClassName: csi-sc-cinderplugin`
			`extraConfig:`
			`oauthCode: \|`
Try generic oauth 2025-02-03 13:41:31 +01:00			`import os`
Add jupyterhub, similar to drive 2025-01-30 13:09:08 +01:00			`from oauthenticator.generic import GenericOAuthenticator`

Try generic oauth 2025-02-03 13:41:31 +01:00			`keycloak_base = 'https://' + os.environ['OAUTH2_HOST'] + '/realms/' + os.environ['OAUTH2_REALM'] + '/protocol/openid-connect'`
			`os.environ['OAUTH2_TOKEN_URL'] = keycloak_base + '/token'`
			`os.environ['OAUTH2_AUTHORIZE_URL'] = keycloak_base + '/auth'`
Add jupyterhub, similar to drive 2025-01-30 13:09:08 +01:00
Try with the class itself 2025-02-03 13:44:35 +01:00			`c.JupyterHub.authenticator_class = GenericOAuthenticator`
Add jupyterhub, similar to drive 2025-01-30 13:09:08 +01:00
Try generic oauth 2025-02-03 13:41:31 +01:00			`c.OAuthenticator.client_id = os.environ['OAUTH2_CLIENT_ID']`
			`c.OAuthenticator.client_secret = os.environ['OAUTH2_CLIENT_SECRET']`

			`c.GenericOAuthenticator.token_url = os.environ['OAUTH2_TOKEN_URL']`
			`c.GenericOAuthenticator.userdata_url = keycloak_base + '/userinfo'`
			`c.GenericOAuthenticator.userdata_method = 'GET'`
			`c.GenericOAuthenticator.userdata_params = {'state': 'state'}`
back to preferred_username 2025-02-03 14:09:08 +01:00			`c.GenericOAuthenticator.username_key = 'preferred_username'`
add scope 2025-02-03 14:06:08 +01:00			`c.GenericOAuthenticator.scope = ['openid', 'profile', 'email']`
Try generic oauth 2025-02-03 13:41:31 +01:00			`c.GenericOAuthenticator.admin_users = ['kano', 'benedith']`
			`c.GenericOAuthenticator.allow_all = True`
			`c.GenericOAuthenticator.authorize_url = os.environ['OAUTH2_AUTHORIZE_URL']`
			`c.GenericOAuthenticator.enable_auth_state = True`
			`c.GenericOAuthenticator.login_service = 'Keycloak'`
			`c.GenericOAuthenticator.oauth_callback_url = 'https://' + os.environ['JUPYTER_HOST'] + '/hub/oauth_callback'`
			`c.GenericOAuthenticator.refresh_pre_spawn = True`
Add jupyterhub, similar to drive 2025-01-30 13:09:08 +01:00			`extraEnv:`
			`JUPYTER_HOST: jupyter-test.streams.sunet.se`
			`JUPYTERHUB_API_KEY:`
			`valueFrom:`
			`secretKeyRef:`
			`name: jupyterhub-secrets`
			`key: api-key`
			`JUPYTERHUB_CRYPT_KEY:`
			`valueFrom:`
			`secretKeyRef:`
			`name: jupyterhub-secrets`
			`key: crypt-key`
Try generic oauth 2025-02-03 13:41:31 +01:00			`OAUTH2_CLIENT_ID:`
Add jupyterhub, similar to drive 2025-01-30 13:09:08 +01:00			`valueFrom:`
			`secretKeyRef:`
			`name: keycloak-oauth-secrets`
			`key: client-id`
Try generic oauth 2025-02-03 13:41:31 +01:00			`OAUTH2_CLIENT_SECRET:`
Add jupyterhub, similar to drive 2025-01-30 13:09:08 +01:00			`valueFrom:`
			`secretKeyRef:`
			`name: keycloak-oauth-secrets`
			`key: client-secret`
Try generic oauth 2025-02-03 13:41:31 +01:00			`OAUTH2_HOST: keycloak-test.streams.sunet.se`
			`OAUTH2_REALM: streams`
Add jupyterhub, similar to drive 2025-01-30 13:09:08 +01:00			`singleuser:`
			`image:`
			`name: quay.io/jupyter/datascience-notebook`
			`tag: python-3.12.8`
			`storage:`
			`dynamic:`
			`storageClass: csi-sc-cinderplugin`
			`extraEnv:`
			`JUPYTER_ENABLE_LAB: "yes"`
			`JUPYTER_HOST: jupyter-test.streams.sunet.se`
			`MINIO_ACCESS_KEY:`
			`valueFrom:`
			`secretKeyRef:`
			`name: minio-credentials`
			`key: MINIO_ACCESS_KEY`
			`MINIO_SECRET_KEY:`
			`valueFrom:`
			`secretKeyRef:`
			`name: minio-credentials`
			`key: MINIO_SECRET_KEY`
Update minio config values 2025-01-30 13:46:11 +01:00			`MINIO_ENDPOINT_URL: "https://s3.dco1.safedc.net"`
Add jupyterhub, similar to drive 2025-01-30 13:09:08 +01:00			`extraFiles:`
			`jupyter_notebook_config:`
			`mountPath: /home/jovyan/.jupyter/jupyter_server_config.py`
			`stringData: \|`
			`import os`
			`c = get_config()`
			`c.NotebookApp.allow_origin = '*'`
			`c.NotebookApp.tornado_settings = {`
			`'headers': { 'Content-Security-Policy': "frame-ancestors *;" }`
			`}`
			`mode: 0644`