Post to phabricator on PR close (#213)

Bug: T318703

manifests/psp.yaml

@@ -42,15 +42,16 @@ spec:
     - 'secret'
     - 'downwardAPI'
     - 'hostPath'
+    - 'nfs'
     - 'persistentVolumeClaim'
   allowedHostPaths:
-    - pathPrefix: '/public/dumps'
+    - pathPrefix: '/mnt/public/dumps'
       readOnly: true
     - pathPrefix: '/mnt/nfs'
       readOnly: true
     - pathPrefix: '/var/lib/sss/pipes'
       readOnly: false
-    - pathPrefix: '/data/project'
+    - pathPrefix: '/mnt/project'
       readOnly: false
 ---
 apiVersion: policy/v1beta1
@@ -95,6 +96,7 @@ spec:
     - 'secret'
     - 'downwardAPI'
     - 'hostPath'
+    - 'nfs'
     - 'persistentVolumeClaim'
   allowedHostPaths:
     - pathPrefix: '/public/dumps'

paws/nfs.yaml

@@ -0,0 +1,23 @@
+jupyterhub:
+  hub:
+    extraVolumes:
+    - name: homes
+      nfs:
+        server: 192.168.122.223
+        path: /mnt/project
+    - name: dumps
+      nfs:
+        server: 192.168.122.223
+        path: /mnt/public/dumps
+    # Without this, dumps becomes inaccessible and can hang the host
+    - name: dumps-src1
+      nfs:
+        server: 192.168.122.223
+        path: /mnt/nfs/dumps-labstore1007.wikimedia.org
+    - name: dumps-src2
+      nfs:
+        server: 192.168.122.223
+        path: /mnt/nfs/dumps-labstore1006.wikimedia.org
+    extraConfig:
+      00-myConfig: |
+          localdev = False

paws/production.yaml

@@ -9,6 +9,32 @@ dbProxy:
     tag: latest
 jupyterhub:
   hub:
+    extraVolumes:
+    - name: homes
+      nfs:
+        server: nfs-for-test-paws.admin.codfw1dev.wikimedia.cloud
+        #server: nfs-tools-project.svc.eqiad.wmnet
+        path: /mnt/project
+        #path: /srv/misc/shared/paws/project
+    - name: dumps
+      nfs:
+        server: nfs-for-test-paws.admin.codfw1dev.wikimedia.cloud
+        #server: labstore1007.wikimedia.org
+        path: /
+    # Without this, dumps becomes inaccessible and can hang the host
+    - name: dumps-src1
+      nfs:
+        server: nfs-for-test-paws.admin.codfw1dev.wikimedia.cloud
+        #server: labstore1007.wikimedia.org
+        path: /
+    - name: dumps-src2
+      nfs:
+        server: nfs-for-test-paws.admin.codfw1dev.wikimedia.cloud
+        #server: labstore1006.wikimedia.org
+        path: /
+    extraConfig:
+      00-myConfig: |
+          localdev = False
     db:
       type: mysql
       upgrade: true

paws/templates/frontpage.yaml

@@ -9,6 +9,7 @@ metadata:
     ingress.paws.wmcloud.org: front
   annotations:
     nginx.ingress.kubernetes.io/permanent-redirect: {{ .Values.paws.ingress.frontRedirect | quote }}
+    kubernetes.io/ingress.class: "nginx"
   name: paws-front-page
 spec:
   rules:

paws/templates/legacy.yaml

@@ -9,6 +9,7 @@ metadata:
   annotations:
     nginx.ingress.kubernetes.io/permanent-redirect: $scheme://{{ .Values.pawspublic.ingress.host }}/$2$is_args$args
     nginx.ingress.kubernetes.io/use-regex: "true"
+    kubernetes.io/ingress.class: "nginx"
   name: paws-public-legacy
 spec:
   rules:
@@ -34,6 +35,7 @@ metadata:
   annotations:
     nginx.ingress.kubernetes.io/permanent-redirect: $scheme://{{ index .Values.jupyterhub.ingress.hosts 0 }}/$2
     nginx.ingress.kubernetes.io/use-regex: "true"
+    kubernetes.io/ingress.class: "nginx"
   name: paws-legacy
 spec:
   rules:

paws/templates/localdev.yaml

@@ -11,7 +11,7 @@ spec:
   capacity:
     storage: 1Gi
   hostPath:
-    path: /data/project/paws/userhomes
+    path: /mnt/project/paws/userhomes
 ---
 apiVersion: v1
 kind: PersistentVolume
@@ -47,7 +47,7 @@ spec:
   capacity:
     storage: 1Gi
   hostPath:
-    path: /public/dumps
+    path: /mnt/public/dumps
 ---
 apiVersion: batch/v1
 kind: Job
@@ -84,5 +84,5 @@ spec:
       volumes:
         - name: security-disaster-only-for-minikube
           hostPath:
-            path: /data/project/paws/userhomes
+            path: /mnt/project/paws/userhomes
 {{ end }}

paws/templates/public.yaml

@@ -41,8 +41,15 @@ spec:
               cpu: "50m"
 
       volumes:
+{{ if .Values.localdev.enabled }}
         - hostPath:
-            path: /data/project/paws/userhomes
+            path: /mnt/project/paws/userhomes
+{{ else }}
+        - nfs:
+            server: nfs-for-test-paws.admin.codfw1dev.wikimedia.cloud
+            #server: nfs-tools-project.svc.eqiad.wmnet
+            path: /srv/misc/shared/paws/project/paws/userhomes
+{{ end }}
           name: pawshomes
 ---
 
@@ -83,8 +90,15 @@ spec:
               memory: "1000Mi"
               cpu: {{ .Values.pawspublic.renderer.cpu }}
       volumes:
+{{ if .Values.localdev.enabled }}
         - hostPath:
-            path: /data/project/paws/userhomes
+            path: /mnt/project/paws/userhomes
+{{ else }}
+        - nfs:
+            server: nfs-for-test-paws.admin.codfw1dev.wikimedia.cloud
+            #server: nfs-tools-project.svc.eqiad.wmnet
+            path: /srv/misc/shared/paws/project/paws/userhomes
+{{ end }}
           name: pawshomes
 ---
 apiVersion: autoscaling/v1
@@ -136,6 +150,8 @@ metadata:
   labels:
     name: paws-public-custom
     ingress.paws.wmcloud.org: public
+  annotations:
+    kubernetes.io/ingress.class: "nginx"
   name: paws-public-custom
 spec:
   rules:

paws/values.yaml

@@ -87,10 +87,10 @@ jupyterhub:
     extraVolumes:
       - name: homes
         hostPath:
-          path: /data/project
+          path: /mnt/project
       - name: dumps
         hostPath:
-          path: /public/dumps
+          path: /mnt/public/dumps
       # Without this, dumps becomes inaccessible and can hang the host
       - name: dumps-src1
         hostPath:
@@ -119,7 +119,9 @@ jupyterhub:
             return pod
 
           c.KubeSpawner.modify_pod_hook = fix_labels
-      myConfig: |
+      00-myConfig: |
+          localdev = True
+      10-myConfig: |
           import hmac
           import hashlib
           import subprocess
@@ -167,24 +169,50 @@ jupyterhub:
                   homedir = '/data/project/paws/userhomes/{}'.format(identity['sub'])
                   # Create the homedir so docker doesn't do it as root
                   os.makedirs(homedir, mode=0o755, exist_ok=True)
-                  spawner.volumes = [
-                      {
-                          'name': 'home',
-                          'hostPath': { 'path': homedir }
-                      },
-                      {
-                          'name': 'dumps',
-                          'hostPath': { 'path': '/public/dumps' }
-                      },
-                      {
-                          'name': 'dumps-src1',
-                          'hostPath': { 'path': '/mnt/nfs/dumps-clouddumps1002.wikimedia.org' }
-                      },
-                      {
-                          'name': 'dumps-src2',
-                          'hostPath': { 'path': '/mnt/nfs/dumps-clouddumps1001.wikimedia.org' }
-                      }
-                  ]
+                  if localdev == True:
+                      spawner.volumes = [
+                          {
+                              'name': 'home',
+                              'hostPath': { 'path': homedir }
+                          },
+                          {
+                              'name': 'dumps',
+                              'hostPath': { 'path': '/public/dumps' }
+                          },
+                          {
+                              'name': 'dumps-src1',
+                              'hostPath': { 'path': '/mnt/nfs/dumps-clouddumps1002.wikimedia.org' }
+                          },
+                          {
+                              'name': 'dumps-src2',
+                              'hostPath': { 'path': '/mnt/nfs/dumps-clouddumps1001.wikimedia.org' }
+                          }
+                      ]
+                  else:
+                      homenfs = '/mnt/project/paws/userhomes/{}'.format(identity['sub'])
+                      spawner.volumes = [
+                          {
+                              'name': 'home',
+                              'nfs': { 'server': 'nfs-for-test-paws.admin.codfw1dev.wikimedia.cloud', 'path': homenfs }
+                              #'nfs': { 'server': 'nfs-tools-project.svc.eqiad.wmnet', 'path': homenfs }
+                          },
+                          {
+                              'name': 'dumps',
+                              'nfs': { 'server': 'nfs-for-test-paws.admin.codfw1dev.wikimedia.cloud', 'path': '/' }
+                              #'nfs': { 'server': 'labstore1007.wikimedia.org', 'path': '/' }
+                          },
+                          {
+                              'name': 'dumps-src1',
+                              'nfs': { 'server': 'nfs-for-test-paws.admin.codfw1dev.wikimedia.cloud', 'path': '/' }
+                              #'nfs': { 'server': 'clouddumps1002.wikimedia.org', 'path': '/' }
+                          },
+                          {
+                              'name': 'dumps-src2',
+                              'nfs': { 'server': 'nfs-for-test-paws.admin.codfw1dev.wikimedia.cloud', 'path': '/' }
+                              #'nfs': { 'server': 'clouddumps1002.wikimedia.org', 'path': '/' }
+                          }
+                      ]
+
                   spawner.volume_mounts = [
                       {
                           'name': 'home',
@@ -235,6 +263,7 @@ jupyterhub:
         cpu: .2
   ingress:
     enabled: true
+    annotations: {kubernetes.io/ingress.class: "nginx"}
     hosts:
       - hub.paws.local
   # We are not on an autoscaling cluster, so we don't want this
@@ -255,10 +284,10 @@ jupyterhub:
       tag: pr-222 # singleuser tag managed by github actions
       pullPolicy: Always
     memory:
-      guarantee: 1G
+      guarantee: .1G
       limit: 3G
     cpu:
-      guarantee: .5
+      guarantee: .1
       limit: 1
     storage:
       type: none