96 lines
3.2 KiB
YAML
96 lines
3.2 KiB
YAML
debug:
|
|
enabled: true
|
|
hub:
|
|
config:
|
|
Authenticator:
|
|
auto_login: true
|
|
enable_auth_state: true
|
|
JupyterHub:
|
|
tornado_settings:
|
|
headers: { 'Content-Security-Policy': "frame-ancestors *;" }
|
|
db:
|
|
pvc:
|
|
storageClassName: csi-sc-cinderplugin
|
|
extraConfig:
|
|
oauthCode: |
|
|
import os
|
|
from oauthenticator.generic import GenericOAuthenticator
|
|
|
|
keycloak_base = 'https://' + os.environ['OAUTH2_HOST'] + '/realms/' + os.environ['OAUTH2_REALM'] + '/protocol/openid-connect'
|
|
os.environ['OAUTH2_TOKEN_URL'] = keycloak_base + '/token'
|
|
os.environ['OAUTH2_AUTHORIZE_URL'] = keycloak_base + '/auth'
|
|
|
|
c.JupyterHub.authenticator_class = GenericOAuthenticator
|
|
|
|
c.OAuthenticator.client_id = os.environ['OAUTH2_CLIENT_ID']
|
|
c.OAuthenticator.client_secret = os.environ['OAUTH2_CLIENT_SECRET']
|
|
|
|
c.GenericOAuthenticator.token_url = os.environ['OAUTH2_TOKEN_URL']
|
|
c.GenericOAuthenticator.userdata_url = keycloak_base + '/userinfo'
|
|
c.GenericOAuthenticator.userdata_method = 'GET'
|
|
c.GenericOAuthenticator.userdata_params = {'state': 'state'}
|
|
c.GenericOAuthenticator.username_key = 'preferred_username'
|
|
c.GenericOAuthenticator.scope = ['openid', 'profile', 'email']
|
|
c.GenericOAuthenticator.admin_users = ['kano', 'benedith']
|
|
c.GenericOAuthenticator.allow_all = True
|
|
c.GenericOAuthenticator.authorize_url = os.environ['OAUTH2_AUTHORIZE_URL']
|
|
c.GenericOAuthenticator.enable_auth_state = True
|
|
c.GenericOAuthenticator.login_service = 'Keycloak'
|
|
c.GenericOAuthenticator.oauth_callback_url = 'https://' + os.environ['JUPYTER_HOST'] + '/hub/oauth_callback'
|
|
c.GenericOAuthenticator.refresh_pre_spawn = True
|
|
extraEnv:
|
|
JUPYTER_HOST: jupyter-test.streams.sunet.se
|
|
JUPYTERHUB_API_KEY:
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: jupyterhub-secrets
|
|
key: api-key
|
|
JUPYTERHUB_CRYPT_KEY:
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: jupyterhub-secrets
|
|
key: crypt-key
|
|
OAUTH2_CLIENT_ID:
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: keycloak-oauth-secrets
|
|
key: client-id
|
|
OAUTH2_CLIENT_SECRET:
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: keycloak-oauth-secrets
|
|
key: client-secret
|
|
OAUTH2_HOST: keycloak-test.streams.sunet.se
|
|
OAUTH2_REALM: streams
|
|
singleuser:
|
|
image:
|
|
name: quay.io/jupyter/datascience-notebook
|
|
tag: python-3.12.8
|
|
storage:
|
|
dynamic:
|
|
storageClass: csi-sc-cinderplugin
|
|
extraEnv:
|
|
JUPYTER_ENABLE_LAB: "yes"
|
|
JUPYTER_HOST: jupyter-test.streams.sunet.se
|
|
MINIO_ACCESS_KEY:
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: minio-credentials
|
|
key: MINIO_ACCESS_KEY
|
|
MINIO_SECRET_KEY:
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: minio-credentials
|
|
key: MINIO_SECRET_KEY
|
|
MINIO_ENDPOINT_URL: "https://s3.dco1.safedc.net"
|
|
extraFiles:
|
|
jupyter_notebook_config:
|
|
mountPath: /home/jovyan/.jupyter/jupyter_server_config.py
|
|
stringData: |
|
|
import os
|
|
c = get_config()
|
|
c.NotebookApp.allow_origin = '*'
|
|
c.NotebookApp.tornado_settings = {
|
|
'headers': { 'Content-Security-Policy': "frame-ancestors *;" }
|
|
}
|
|
mode: 0644
|