From 6505dc18f247be0bb7a28ffe68a548763a679f07 Mon Sep 17 00:00:00 2001 From: Sarah Gibson Date: Tue, 23 Jul 2024 09:18:33 +0100 Subject: [PATCH 1/8] Remove 'interface' profile option --- .../2i2c-aws-us/neurohackademy.values.yaml | 20 ------------------- 1 file changed, 20 deletions(-) diff --git a/config/clusters/2i2c-aws-us/neurohackademy.values.yaml b/config/clusters/2i2c-aws-us/neurohackademy.values.yaml index c1be2a8cd8..aa47787633 100644 --- a/config/clusters/2i2c-aws-us/neurohackademy.values.yaml +++ b/config/clusters/2i2c-aws-us/neurohackademy.values.yaml @@ -54,29 +54,9 @@ jupyterhub: node_selector: node.kubernetes.io/instance-type: r5.xlarge 2i2c.org/community: neurohackademy - profile_options: &profile_options - interface: - display_name: Interface - choices: - tree: - display_name: Classic Notebook - slug: "tree" - kubespawner_override: - default_url: "/tree" - lab: - display_name: JupyterLab - slug: "lab" - kubespawner_override: - default_url: "/lab" - pull: - display_name: Pull curriculum repo and redirect to /lab - slug: "pull" - kubespawner_override: - default_url: "/git-pull?repo=https%3A%2F%2Fgithub.com%2FNeuroHackademy-2023%2Fcurriculum&urlpath=lab&branch=main" - display_name: GPU machine slug: gpu description: "Start a container on a dedicated node with a GPU" - profile_options: *profile_options kubespawner_override: mem_limit: null mem_guarantee: 14G From facfc77ef997c71f15752bc11197b6cfca2b83b9 Mon Sep 17 00:00:00 2001 From: Sarah Gibson Date: Tue, 23 Jul 2024 09:26:04 +0100 Subject: [PATCH 2/8] Use NASA-IMPACT/jupyterhub-gitpuller-init to pull the curriculum repo on server startup --- config/clusters/2i2c-aws-us/neurohackademy.values.yaml | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/config/clusters/2i2c-aws-us/neurohackademy.values.yaml b/config/clusters/2i2c-aws-us/neurohackademy.values.yaml index aa47787633..589dba6cb3 100644 --- a/config/clusters/2i2c-aws-us/neurohackademy.values.yaml +++ b/config/clusters/2i2c-aws-us/neurohackademy.values.yaml @@ -33,6 +33,16 @@ jupyterhub: [credential "https://github.com"] helper = !git-credential-github-app --app-key-file /etc/github/github-app-private-key.pem --app-id 356717 useHttpPath = true + initContainers: + - name: jupyterhub-gitpuller-init + image: public.ecr.aws/nasa-veda/jupyterhub-gitpuller-init:latest + env: + - name: TARGET_PATH + value: curriculum + - name: SOURCE_REPO + value: "https://github.com/NeuroHackademy2024/curriculum" + - name: SOURCE_BRANCH + value: "main" # User image: https://quay.io/repository/arokem/nh2023?tab=tags image: name: quay.io/arokem/nh2023 From ba14ab05636caa5515cd8f3d717acac35e58aa23 Mon Sep 17 00:00:00 2001 From: Sarah Gibson Date: Tue, 23 Jul 2024 10:45:21 +0100 Subject: [PATCH 3/8] Use kubespawner_override config for init_containers in profile list --- .../2i2c-aws-us/neurohackademy.values.yaml | 24 +++++++++++-------- 1 file changed, 14 insertions(+), 10 deletions(-) diff --git a/config/clusters/2i2c-aws-us/neurohackademy.values.yaml b/config/clusters/2i2c-aws-us/neurohackademy.values.yaml index 589dba6cb3..cbb6573fd8 100644 --- a/config/clusters/2i2c-aws-us/neurohackademy.values.yaml +++ b/config/clusters/2i2c-aws-us/neurohackademy.values.yaml @@ -33,16 +33,6 @@ jupyterhub: [credential "https://github.com"] helper = !git-credential-github-app --app-key-file /etc/github/github-app-private-key.pem --app-id 356717 useHttpPath = true - initContainers: - - name: jupyterhub-gitpuller-init - image: public.ecr.aws/nasa-veda/jupyterhub-gitpuller-init:latest - env: - - name: TARGET_PATH - value: curriculum - - name: SOURCE_REPO - value: "https://github.com/NeuroHackademy2024/curriculum" - - name: SOURCE_BRANCH - value: "main" # User image: https://quay.io/repository/arokem/nh2023?tab=tags image: name: quay.io/arokem/nh2023 @@ -64,6 +54,18 @@ jupyterhub: node_selector: node.kubernetes.io/instance-type: r5.xlarge 2i2c.org/community: neurohackademy + init_containers: &init_containers + # this container uses nbgitpuller to mount https://github.com/NeuroHackademy2024/curriculum for user pods + # image source: https://github.com/NASA-IMPACT/jupyterhub-gitpuller-init + - name: jupyterhub-gitpuller-init + image: public.ecr.aws/nasa-veda/jupyterhub-gitpuller-init:latest + env: + - name: TARGET_PATH + value: "curriculum" + - name: SOURCE_REPO + value: "https://github.com/NeuroHackademy2024/curriculum" + - name: SOURCE_BRANCH + value: "main" - display_name: GPU machine slug: gpu description: "Start a container on a dedicated node with a GPU" @@ -77,6 +79,7 @@ jupyterhub: 2i2c.org/community: neurohackademy extra_resource_limits: nvidia.com/gpu: "1" + init_containers: *init_containers - display_name: "Bring your own image" description: Specify your own docker image (must have python and jupyterhub installed in it) slug: custom @@ -90,6 +93,7 @@ jupyterhub: validation_message: "Must be a publicly available docker image, of form :" kubespawner_override: image: "{value}" + init_containers: *init_containers choices: {} hub: config: From b3754b756be4e1b5b9f65991685b7ef3149c0a78 Mon Sep 17 00:00:00 2001 From: Sarah Gibson Date: Tue, 23 Jul 2024 13:13:42 +0100 Subject: [PATCH 4/8] Try adding a volume mount? --- config/clusters/2i2c-aws-us/neurohackademy.values.yaml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/config/clusters/2i2c-aws-us/neurohackademy.values.yaml b/config/clusters/2i2c-aws-us/neurohackademy.values.yaml index cbb6573fd8..1288118c7b 100644 --- a/config/clusters/2i2c-aws-us/neurohackademy.values.yaml +++ b/config/clusters/2i2c-aws-us/neurohackademy.values.yaml @@ -66,6 +66,10 @@ jupyterhub: value: "https://github.com/NeuroHackademy2024/curriculum" - name: SOURCE_BRANCH value: "main" + volumeMounts: + - name: home + mountPath: /home/jovyan + subPath: "{username}" - display_name: GPU machine slug: gpu description: "Start a container on a dedicated node with a GPU" From baf67989355326adaa988062d009b20966f83cb6 Mon Sep 17 00:00:00 2001 From: "pre-commit-ci[bot]" <66853113+pre-commit-ci[bot]@users.noreply.github.com> Date: Tue, 23 Jul 2024 12:15:39 +0000 Subject: [PATCH 5/8] [pre-commit.ci] auto fixes from pre-commit.com hooks for more information, see https://pre-commit.ci --- config/clusters/2i2c-aws-us/neurohackademy.values.yaml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/config/clusters/2i2c-aws-us/neurohackademy.values.yaml b/config/clusters/2i2c-aws-us/neurohackademy.values.yaml index 1288118c7b..0f05681408 100644 --- a/config/clusters/2i2c-aws-us/neurohackademy.values.yaml +++ b/config/clusters/2i2c-aws-us/neurohackademy.values.yaml @@ -66,10 +66,10 @@ jupyterhub: value: "https://github.com/NeuroHackademy2024/curriculum" - name: SOURCE_BRANCH value: "main" - volumeMounts: - - name: home - mountPath: /home/jovyan - subPath: "{username}" + volumeMounts: + - name: home + mountPath: /home/jovyan + subPath: "{username}" - display_name: GPU machine slug: gpu description: "Start a container on a dedicated node with a GPU" From ab7b639cd0dc7ef2a94eb3a3e889fbc8ca3f94a5 Mon Sep 17 00:00:00 2001 From: Sarah Gibson Date: Tue, 23 Jul 2024 13:22:40 +0100 Subject: [PATCH 6/8] Add an ownership fix --- .../2i2c-aws-us/neurohackademy.values.yaml | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) diff --git a/config/clusters/2i2c-aws-us/neurohackademy.values.yaml b/config/clusters/2i2c-aws-us/neurohackademy.values.yaml index 1288118c7b..a627fca034 100644 --- a/config/clusters/2i2c-aws-us/neurohackademy.values.yaml +++ b/config/clusters/2i2c-aws-us/neurohackademy.values.yaml @@ -55,6 +55,25 @@ jupyterhub: node.kubernetes.io/instance-type: r5.xlarge 2i2c.org/community: neurohackademy init_containers: &init_containers + # Need to explicitly fix ownership here, as otherwise these directories will be owned + # by root on most NFS filesystems - neither EFS nor Google Filestore support anonuid + - name: volume-mount-ownership-fix + image: busybox:1.36.1 + command: + - sh + - -c + - id && chown 1000:1000 /home/jovyan /home/jovyan/shared && ls -lhd /home/jovyan + securityContext: + runAsUser: 0 + volumeMounts: + - name: home + mountPath: /home/jovyan + subPath: "{username}" + # mounted without readonly attribute here, + # so we can chown it appropriately + - name: home + mountPath: /home/jovyan/shared + subPath: _shared # this container uses nbgitpuller to mount https://github.com/NeuroHackademy2024/curriculum for user pods # image source: https://github.com/NASA-IMPACT/jupyterhub-gitpuller-init - name: jupyterhub-gitpuller-init From 735178fe70ac4a25cb52bc206a6cd2fca835d82e Mon Sep 17 00:00:00 2001 From: Sarah Gibson Date: Tue, 23 Jul 2024 13:25:27 +0100 Subject: [PATCH 7/8] Add securityContext to gitpuller ini container --- config/clusters/2i2c-aws-us/neurohackademy.values.yaml | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/config/clusters/2i2c-aws-us/neurohackademy.values.yaml b/config/clusters/2i2c-aws-us/neurohackademy.values.yaml index a627fca034..5772cc4b5a 100644 --- a/config/clusters/2i2c-aws-us/neurohackademy.values.yaml +++ b/config/clusters/2i2c-aws-us/neurohackademy.values.yaml @@ -88,7 +88,10 @@ jupyterhub: volumeMounts: - name: home mountPath: /home/jovyan - subPath: "{username}" + subPath: "{username}" + securityContext: + runAsUser: 1000 + runAsGroup: 1000 - display_name: GPU machine slug: gpu description: "Start a container on a dedicated node with a GPU" From 9b8e9da01b467640bf96fe0ee5487ea47cb44236 Mon Sep 17 00:00:00 2001 From: "pre-commit-ci[bot]" <66853113+pre-commit-ci[bot]@users.noreply.github.com> Date: Tue, 23 Jul 2024 12:26:52 +0000 Subject: [PATCH 8/8] [pre-commit.ci] auto fixes from pre-commit.com hooks for more information, see https://pre-commit.ci --- config/clusters/2i2c-aws-us/neurohackademy.values.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/config/clusters/2i2c-aws-us/neurohackademy.values.yaml b/config/clusters/2i2c-aws-us/neurohackademy.values.yaml index 5772cc4b5a..04c4e3885f 100644 --- a/config/clusters/2i2c-aws-us/neurohackademy.values.yaml +++ b/config/clusters/2i2c-aws-us/neurohackademy.values.yaml @@ -85,9 +85,9 @@ jupyterhub: value: "https://github.com/NeuroHackademy2024/curriculum" - name: SOURCE_BRANCH value: "main" - volumeMounts: - - name: home - mountPath: /home/jovyan + volumeMounts: + - name: home + mountPath: /home/jovyan subPath: "{username}" securityContext: runAsUser: 1000