pluralsh · michaeljguarino · Apr 10, 2023 · Apr 10, 2023 · Apr 10, 2023
@@ -1,6 +1,9 @@
 dependencies:
 - name: jupyterhub
-  repository: https://charts.bitnami.com/bitnami
-  version: 3.0.12
-digest: sha256:7dbd4d47e44c4b1d35ad8ee1ccb3f52c3be682826399da28bffb98564b53938a
-generated: "2023-04-04T18:44:50.023965-10:00"
+  repository: https://jupyterhub.github.io/helm-chart/
+  version: 2.0.0
+- name: postgres
+  repository: https://pluralsh.github.io/module-library
+  version: 0.1.16
+digest: sha256:ffbd04f736eb925a2bad525b34393970e2915095021effc4155f31ee5adcc7fb
+generated: "2023-04-10T11:26:48.281791-04:00"
@@ -2,12 +2,16 @@ apiVersion: v2
 name: jupyterhub
 description: helm chart for jupyterhub
 type: application
-version: 0.1.2
+version: 0.1.3
 appVersion: "3.1.1"
 maintainers:
   - name: Samuel Gordalina
     email: samuel.gordalina@gmail.com
 dependencies:
   - name: jupyterhub
-    version: 3.0.12
-    repository: https://charts.bitnami.com/bitnami
+    version: 2.0.0
+    repository: https://jupyterhub.github.io/helm-chart/
+  - name: postgres
+    version: 0.1.16
+    repository: https://pluralsh.github.io/module-library
+    condition: postgres.enabled
@@ -1,7 +1,7 @@
 {{/*
 Expand the name of the chart.
 */}}
-{{- define "jupyterhub.name" -}}
+{{- define "jupyterhub-plural.name" -}}
 {{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
 {{- end }}
 
@@ -10,7 +10,7 @@ Create a default fully qualified app name.
 We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
 If release name contains chart name it will be used as a full name.
 */}}
-{{- define "jupyterhub.fullname" -}}
+{{- define "jupyterhub-plural.fullname" -}}
 {{- if .Values.fullnameOverride }}
 {{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
 {{- else }}
@@ -26,16 +26,16 @@ If release name contains chart name it will be used as a full name.
 {{/*
 Create chart name and version as used by the chart label.
 */}}
-{{- define "jupyterhub.chart" -}}
+{{- define "jupyterhub-plural.chart" -}}
 {{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
 {{- end }}
 
 {{/*
 Common labels
 */}}
-{{- define "jupyterhub.labels" -}}
-helm.sh/chart: {{ include "jupyterhub.chart" . }}
-{{ include "jupyterhub.selectorLabels" . }}
+{{- define "jupyterhub-plural.labels" -}}
+helm.sh/chart: {{ include "jupyterhub-plural.chart" . }}
+{{ include "jupyterhub-plural.selectorLabels" . }}
 {{- if .Chart.AppVersion }}
 app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
 {{- end }}
@@ -45,17 +45,17 @@ app.kubernetes.io/managed-by: {{ .Release.Service }}
 {{/*
 Selector labels
 */}}
-{{- define "jupyterhub.selectorLabels" -}}
-app.kubernetes.io/name: {{ include "jupyterhub.name" . }}
+{{- define "jupyterhub-plural.selectorLabels" -}}
+app.kubernetes.io/name: {{ include "jupyterhub-plural.name" . }}
 app.kubernetes.io/instance: {{ .Release.Name }}
 {{- end }}
 
 {{/*
 Create the name of the service account to use
 */}}
-{{- define "jupyterhub.serviceAccountName" -}}
+{{- define "jupyterhub-plural.serviceAccountName" -}}
 {{- if .Values.serviceAccount.create }}
-{{- default (include "jupyterhub.fullname" .) .Values.serviceAccount.name }}
+{{- default (include "jupyterhub-plural.fullname" .) .Values.serviceAccount.name }}
 {{- else }}
 {{- default "default" .Values.serviceAccount.name }}
 {{- end }}

@@ -4,7 +4,7 @@ metadata:
   name: scaling-manual
   labels:
     platform.plural.sh/pinned: 'true'
-{{ include "jupyterhub.labels" . | indent 4 }}
+{{ include "jupyterhub-plural.labels" . | indent 4 }}
 spec:
   name: JupyterHub Scaling
   description: overview of how to optimally scale your JupyterHub deployment
@@ -16,18 +16,18 @@ spec:
     prometheus:
       format: cpu
       legend: $pod
-      query: sum(rate(container_cpu_usage_seconds_total{namespace="{{ .Release.Namespace }}",pod=~"{{ include "jupyterhub.fullname" . }}.+"}[5m])) by (pod)
+      query: sum(rate(container_cpu_usage_seconds_total{namespace="{{ .Release.Namespace }}",pod=~"{{ include "jupyterhub-plural.fullname" . }}.+"}[5m])) by (pod)
   - name: jupyterhub-memory
     type: prometheus
     prometheus:
       format: memory
       legend: $pod
-      query: sum(container_memory_working_set_bytes{namespace="{{ .Release.Namespace }}",pod=~"{{ include "jupyterhub.fullname" . }}.+"}) by (pod)
+      query: sum(container_memory_working_set_bytes{namespace="{{ .Release.Namespace }}",pod=~"{{ include "jupyterhub-plural.fullname" . }}.+"}) by (pod)
   - name: jupyterhub
     type: kubernetes
     kubernetes:
       resource: deployment
-      name: {{ include "jupyterhub.fullname" . }}
+      name: {{ include "jupyterhub-plural.fullname" . }}
   actions:
   - name: scale
     action: config

@@ -0,0 +1,9 @@
+apiVersion: v1
+kind: Secret
+metadata:
+  name: jupyter.plural-postgres-jupyter.credentials.postgresql.acid.zalan.do
+  labels:
+{{ include "jupyterhub-plural.labels" . | indent 4 }}
+stringData:
+  username: jupyter
+  password: {{ .Values.postgres.password }}
@@ -1,46 +1,50 @@
+postgres:
+  team: plural
+  user: jupyter
+  dbName: jupyter
+  ownerChart: jupyterhub
+  infix: '-postgres'
+  password: REPLACE_ME
+
 jupyterhub:
   hub:
-    adminUser: admin
-    password: password
     # image:
     #   repository: dkr.plural.sh/jupyterhub/bitnami/jupyterhub
     #   tag: 3.1.1-debian-11-r20
-    metrics:
-      serviceMonitor:
-        enabled: true
-
+    db:
+      type: postgres
+    initContainers:
+    - name: wait-for-pg
+      image: gcr.io/pluralsh/busybox:latest
+      imagePullPolicy: IfNotPresent
+      command: [ "/bin/sh", "-c", "until nc -zv plural-postgres-jupyter 5432 -w1; do echo 'waiting for db'; sleep 1; done" ]
+    networkPolicy:
+      egress:
+      - to:
+        - ipBlock:
+            cidr: 0.0.0.0/0
+
   proxy:
-    # image:
-      # registry: dkr.plural.sh/jupyterhub/bitnami/configurable-http-proxy
-      # tag: 4.5.4-debian-11-r39
-    ingress:
-      enabled: true
-      path: /.*
-      ingressClassName: nginx
-      annotations:
-        kubernetes.io/tls-acme: "true"
-        cert-manager.io/cluster-issuer: letsencrypt-prod
-        nginx.ingress.kubernetes.io/force-ssl-redirect: 'true'
-        nginx.ingress.kubernetes.io/use-regex: "true"
-      hostname: chart-example.local
-      extraTls: []
     service:
-      public:
-        type: ClusterIP
-    metrics:
-      serviceMonitor:
-        enabled: true
-
-  singleuser:
-    # image:
-      # repository: dkr.plural.sh/jupyterhub/bitnami/jupyter-base-notebook
-      # tag: 3.1.1-debian-11-r20
-    notebookDir: /data
-    extraEnvVars:
-      HOME: /data
-      JUPYTERHUB_ROOT_DIR: /data
-
-  # auxiliaryImage:
-    # image:
-      # repository: dkr.plural.sh/jupyterhub/bitnami/bitnami-shell
-      # tag: 11-debian-11-r102
+      type: ClusterIP
+    chp:
+      networkPolicy:
+        ingress:
+        - ports:
+          - port: http
+          from:
+          - namespaceSelector:
+              matchLabels:
+                kubernetes.io/metadata.name: ingress-nginx
+  ingress:
+    enabled: true
+    ingressClassName: nginx
+    pathType: ImplementationSpecific
+    pathSuffix: '.*'
+    annotations:
+      kubernetes.io/tls-acme: "true"
+      cert-manager.io/cluster-issuer: letsencrypt-prod
+      nginx.ingress.kubernetes.io/force-ssl-redirect: 'true'
+      nginx.ingress.kubernetes.io/use-regex: "true"
+    hosts:
+    - example.com
@@ -1,15 +1,20 @@
 {{ $hostname := default "example.com" .Values.hostname }}
-{{ $password := dedupe . "jupyterhub.jupyterhub.hub.password" (randAlphaNum 30) }}
+{{ $jupyterPassword := dedupe . "jupyterhub.postgres.password" (randAlphaNum 20) }}
+{{ $jupyterDsn := default (printf "postgresql://jupyter:%s@plural-postgres-jupyter:5432/jupyter" $jupyterPassword) .Values.jupyterDsn }}
 
 global:
   application:
     links:
     - description: jupyterhub instance
       url: {{ $hostname }}
 
+postgres:
+  password: {{ $jupyterPassword }}
+
 jupyterhub:
   hub:
-    password: {{ $password }}
+    db:
+      url: {{ $jupyterDsn }}
     {{ if .OIDC }}
     config:
       GenericOAuthenticator:
@@ -21,16 +26,19 @@ jupyterhub:
         userdata_url: {{ .OIDC.Configuration.UserinfoEndpoint }}
         scope:
           - openid
+          - code
+          - offline
+          - offline_access
           - profile
         username_key: email
       JupyterHub:
         authenticator_class: generic-oauth
     {{ end }}
 
-  proxy:
-    ingress:
-      hostname: {{ $hostname }}
-      extraTls:
-        - hosts:
-          - {{ $hostname }}
-          secretName: jupyterhub-tls
+  ingress:
+    hosts:
+    - {{ $hostname }}
+    tls:
+    - hosts:
+      - {{ $hostname }}
+      secretName: jupyter-tls
@@ -1,5 +1,8 @@
 Your jupyterhub installation is available at https://{{ .Values.hostname }}
 
-You can login with
-  username: admin
-  password: {{ .jupyterhub.jupyterhub.hub.password }}
+{{ if .OIDC }}
+Your jupyterhub has been configured with OAuth against your plural account!
+{{ else }}
+You are using standard username/password authentication, so user management will be manual. We strongly recommend
+you consider installing with OIDC enabled
+{{ end }}
@@ -8,7 +8,7 @@ dependencies:
   - repo: ingress-nginx
     name: ingress-nginx-aws
 oidcSettings:
-  authMethod: POST
+  authMethod: BASIC
   uriFormat: https://{domain}/hub/oauth_callback
   domainKey: hostname
 sections:

@@ -8,7 +8,7 @@ dependencies:
   - repo: ingress-nginx
     name: ingress-nginx-azure
 oidcSettings:
-  authMethod: POST
+  authMethod: BASIC
   uriFormat: https://{domain}/hub/oauth_callback
   domainKey: hostname
 sections:

@@ -8,7 +8,7 @@ dependencies:
   - repo: ingress-nginx
     name: ingress-nginx-gcp
 oidcSettings:
-  authMethod: POST
+  authMethod: BASIC
   uriFormat: https://{domain}/hub/oauth_callback
   domainKey: hostname
 sections:

@@ -2,6 +2,7 @@ name: jupyterhub
 description: An application that you can use to create documents that contain live code, equations, visualizations, and text.
 category: DATA
 icon: plural/icons/jupyterhub.png
+release_status: ALPHA
 notes: plural/notes.tpl
 homepage: https://jupyter.org/hub
 gitUrl: https://github.com/jupyterhub/jupyterhub

@@ -8,3 +8,4 @@ docker.io:
     bitnami/configurable-http-proxy: (?:^v?4\.(?:[5-9]|[1-9][0-9]{1,})\.[0-9]+$)|(?:^v?(?:[5-9]|[1-9][0-9]{1,})\.[0-9]+?\.[0-9]+$)
     # >= 10
     bitnami/bitnami-shell: (?:^v?(?:[1-9][0-9]{1,})$)
+    jupyterhub/k8s-hub: ^v?[0-9]+\.[0-9]+?\.[0-9]+$