Commit ed8aa8fb authored by Craig Russell's avatar Craig Russell
Browse files

cleanup old value files

parent 6450c960
# Based on
# https://github.com/jupyterhub/mybinder.org-deploy/blob/d53420cdbc94d2148018594d33cd35810bbffbf1/mybinder/values.yaml#L164
ingress:
enabled: true
annotations:
kubernetes.io/ingress.class: nginx
nginx.ingress.kubernetes.io/rewrite-target: /
path: /grafana
hosts:
- idr-analysis.openmicroscopy.org
tls:
- hosts:
- idr-analysis.openmicroscopy.org
persistence:
enabled: true
size: 2G
storageClassName: gluster
accessModes:
- ReadWriteOnce
# https://github.com/kubernetes/charts/blob/master/stable/grafana/templates/configmap.yaml
# http://docs.grafana.org/installation/configuration/
env:
# TODO: GF_AUTH_ANONYMOUS_ENABLED: "true"
GF_AUTH_GITHUB_ENABLED: "true"
GF_AUTH_GITHUB_ALLOW_SIGN_UP: "true"
#GF_AUTH_GITHUB_CLIENT_ID: # GitLab secret
#GF_AUTH_GITHUB_CLIENT_SECRET: # GitLab secret
GF_AUTH_GITHUB_SCOPES: user:email,read:org
GF_AUTH_GITHUB_AUTH_URL: https://github.com/login/oauth/authorize
GF_AUTH_GITHUB_TOKEN_URL: https://github.com/login/oauth/access_token
GF_AUTH_GITHUB_API_URL: https://api.github.com/user
GF_AUTH_GITHUB_ALLOWED_ORGANIZATIONS: openmicroscopy
GF_SERVER_DOMAIN: idr-analysis.openmicroscopy.org
GF_SERVER_ROOT_URL: "https://%(domain)s/grafana/"
datasources:
datasources.yaml:
apiVersion: 1
datasources:
- name: Prometheus
type: prometheus
url: http://prometheus-server
access: proxy
isDefault: true
dashboardProviders:
dashboardproviders.yaml:
apiVersion: 1
providers:
- name: 'default'
orgId: 1
folder: ''
type: file
disableDeletion: false
editable: true
options:
path: /var/lib/grafana/dashboards/default
dashboards:
default:
# Install https://grafana.com/dashboards/5849
idr-jupyter-servers:
gnetId: 5849
revision: 1
datasource: Prometheus
# Install https://grafana.com/dashboards/6012
node-resources:
gnetId: 6012
revision: 2
datasource: Prometheus
# Configuration for JupyterHub staging deployment
# Overridden in production deployments
hub:
baseUrl: /staging/
db:
type: sqlite-memory
networkPolicy:
enabled: true
# Storing the db in memory means it's lost on restart
# This may help to avoid dangling servers
extraConfig: |
c.JupyterHub.cleanup_servers = True
auth:
type: tmp
proxy:
secretToken: { SECRET_JUPYTERHUB_PROXY_TOKEN }
service:
type: ClusterIP
networkPolicy:
enabled: true
cull:
timeout: 600
every: 300
singleuser:
storage:
type: none
image:
name: bioimagearchive/jupyter-hub-docker
tag: latest
startTimeout: 1800
cpu:
limit: 1
guarantee: 0.1
memory:
limit: 1G
guarantee: 256M
networkPolicy:
enabled: true
# Block all except:
# - internal DNS
# - EMBL-EBI and University of Dundee
egress:
- to:
- ipBlock:
cidr: 10.0.0.0/8
ports:
- port: 53
protocol: UDP
- to:
- ipBlock:
cidr: 193.60.0.0/14
- ipBlock:
cidr: 134.36.0.0/16
extraEnv:
IDR_HOST: idr.openmicroscopy.org
IDR_USER: public
JUPYTER_ENABLE_LAB: "true"
cmd: "/usr/local/bin/start-singleuser.sh"
prePuller:
hook:
# The pre-puller has been improved but if it still causes problems
# set enabled: false
enabled: true
ingress:
enabled: true
hosts:
- ""
- localhost
# annotations:
# kubernetes.io/ingress.class: nginx
# nginx.ingress.kubernetes.io/proxy-body-size: 2m
# tls:
# - hosts:
# - ""
hub:
baseUrl: /elixir/
extraEnv:
OAUTH2_AUTHORIZE_URL: https://login.elixir-czech.org/oidc/authorize
OAUTH2_TOKEN_URL: https://login.elixir-czech.org/oidc/token
OAUTH2_USERDATA_URL: https://login.elixir-czech.org/oidc/userinfo
OAUTH_CALLBACK_URL: https://idr-analysis.openmicroscopy.org/elixir/hub/oauth_callback
OAUTH_CLIENT_ID: # GitLab secret
OAUTH_CLIENT_SECRET: # GitLab secret
auth:
type: custom
custom:
className: oauthenticator.generic.GenericOAuthenticator
config:
username_key: sub
login_service: Elixir AAI
# singleuser:
# networkPolicy:
# # Allow
# # - internal DNS
# # - all EMBL-EBI and University of Dundee
# # - all HTTP and HTTPS
# egress:
# - to:
# - ipBlock:
# cidr: 10.0.0.0/8
# ports:
# - port: 53
# protocol: UDP
# - to:
# - ipBlock:
# cidr: 193.60.0.0/14
# - ipBlock:
# cidr: 134.36.0.0/16
# - to:
# ports:
# - port: 80
# protocol: TCP
# - port: 443
# protocol: TCP
ingress:
annotations:
kubernetes.io/ingress.class: nginx
nginx.ingress.kubernetes.io/proxy-body-size: 16m
nginx.ingress.kubernetes.io/proxy-read-timeout: 3600
nginx.ingress.kubernetes.io/proxy-send-timeout: 3600
hub:
baseUrl: /github
# services:
# dask-gateway:
# apiToken: ""
# db:
# type: sqlite-pvc
# pvc:
# storageClassName: gluster
extraConfig:
config: |
c.JupyterHub.cleanup_servers = False
auth:
admin:
access: true
users:
- ctr26
type: github
github:
clientId: ""
clientSecret: ""
callbackUrl: "http://45.86.170.228/github/hub/oauth_callback"
org_whitelist:
- "bioimagearchive"
orgWhitelist:
- "bioimagearchive"
scopes:
- "read:org"
cull:
timeout: 3600
every: 600
singleuser:
extraEnv:
GRANT_SUDO: "yes"
NOTEBOOK_ARGS: "--allow-root"
uid: 0
defaultUrl: "/lab"
storage:
capacity: 15G
extraVolumes:
- name: shm-volume
emptyDir:
medium: Memory
extraVolumeMounts:
- name: shm-volume
mountPath: /dev/shm
memory:
limit: 1G
guarantee: 1G
cpu:
limit: .5
guarantee: .5
lifecycleHooks:
postStart:
exec:
command: ["cp", "-a", "src", "target"]
profileList:
- display_name: "Minimal"
description: "Spawns a notebook server with 1G ram and 1 CPU core"
kubespawner_override:
cpu:
limit: .5
guarantee: .5
memory:
limit: 1G
guarantee: 1G
- display_name: "8GB - 2 core"
description: "Spawns a notebook server with 8Gb ram and 2 CPU cores"
kubespawner_override:
cpu:
limit: 4
guarantee: 2
memory:
limit: 8G
guarantee: 8G
- display_name: "16GB - 4 core"
description: "Spawns a notebook server with 16Gb ram and 4 CPU cores"
kubespawner_override:
cpu:
limit: 4
guarantee: 4
memory:
limit: 16G
guarantee: 16G
# networkPolicy:
# # Allow
# # - internal DNS
# # - all EMBL-EBI and University of Dundee
# # - all HTTP and HTTPS
# egress:
# - to:
# - ipBlock:
# cidr: 10.0.0.0/8
# ports:
# - port: 53
# protocol: UDP
# - to:
# - ipBlock:
# cidr: 193.60.0.0/14
# - ipBlock:
# cidr: 134.36.0.0/16
# - to:
# ports:
# - port: 80
# protocol: TCP
# - port: 443
# protocol: TCP
ingress:
enabled: true
hosts:
- localhost
- ""
# - http://45.86.170.228/
# annotations:
# kubernetes.io/ingress.class: nginx
# nginx.ingress.kubernetes.io/proxy-body-size: 16m
# nginx.ingress.kubernetes.io/proxy-read-timeout: 3600
# nginx.ingress.kubernetes.io/proxy-send-timeout: 3600
# https://zero-to-jupyterhub.readthedocs.io/en/latest/setup-jupyterhub.html
# Local deployment from git checkout of https://github.com/jupyterhub/zero-to-jupyterhub-k8s.git
# Commit 7e9089b46c23fc1177c17cf1bef74d137cbba2ef (v0.4-580-g7e9089b)
hub:
baseUrl: /sandbox
auth:
type: tmp
singleuser:
# Sudo access: might be dangerous with the wrong kubernetes security?
# extraEnv:
# GRANT_SUDO: "yes"
# NOTEBOOK_ARGS: "--allow-root"
# uid: 0
# Unsure if this is needed
cmd: start-singleuser.sh
# Use jupyterlab as default workspace
defaultUrl: "/lab"
#
# image:
# name: bioimagearchive/imageanalysis-notebook
# tag: latest
# storage:
# capacity: 15G
# extraVolumes:
# - name: shm-volume
# emptyDir:
# medium: Memory
# extraVolumeMounts:
# - name: shm-volume
# mountPath: /dev/shm
memory:
limit: 3G
guarantee: 1G
cpu:
limit: 2
guarantee: 1
lifecycleHooks:
postStart:
exec:
command: ["cp", "-a", "src", "target"]
# # Disable pre-puller, fails with rbac
# # https://github.com/jupyterhub/zero-to-jupyterhub-k8s/issues/118
# prePuller:
# enabled: false
ingress:
enabled: true
hosts:
- ""
- localhost
# annotations:
# nginx.ingress.kubernetes.io/rewrite-target: /$2
# nginx.ingress.kubernetes.io/ssl-redirect: "false"
# # # - jupyter.EXAMPLE.org
# # annotations:
# # kubernetes.io/ingress.class: nginx
# # ingress.kubernetes.io/proxy-body-size: 16m
# # ingress.kubernetes.io/proxy-read-timeout: 3600
# # ingress.kubernetes.io/proxy-send-timeout: 3600
# # kubernetes.io/tls-acme: 'true'
# # tls:
# # - hosts:
# # - "jupyter.EXAMPLE.org"
# # secretName: example-tls
## Enable ingress object, but the ingress controller needs to be installed
## for this to take effect.
# ingress:
# enabled: true
# annotations:
# ingress.kubernetes.io/proxy-body-size: 64m
# kubernetes.io/ingress.class: nginx
# kubernetes.io/tls-acme: "true"
# hosts:
# - jupyter.domain.com
# tls:
# - secretName: mysecret
# hosts:
# - jupyter.domain.com
hub:
baseUrl: /training/
singleuser:
image:
name: openmicroscopy/training-notebooks
tag: 0.7.2
# Increase resources since some training notebooks are resources intensive
cpu:
limit: 2
guarantee: 0.1
memory:
limit: 2G
guarantee: 512M
cull:
# Cull after 60 minutes of inactivity
timeout: 3600
every: 300
hub:
baseUrl: /vae/
db:
type: sqlite-pvc
pvc:
storageClassName: gluster
extraConfig:
config: |
c.JupyterHub.cleanup_servers = False
auth:
type: github
github:
clientId: # GitLab secret
clientSecret: # GitLab secret
callbackUrl: https://idr-analysis.openmicroscopy.org/vae/hub/oauth_callback
orgWhitelist:
- idr-contrib
scopes:
- read:org
admin:
users:
- jburel
- joshmoore
- manics
- sbesson
cull:
timeout: 3600
every: 600
singleuser:
storage:
type: dynamic
dynamic:
storageClass: gluster
# For gluster dynamic volumes the minimum is 1Gi
capacity: 100Mi
homeMountPath: /home/jovyan/scratch
extraVolumes:
- name: jupyterhub-sharedscratch-rw
persistentVolumeClaim:
claimName: jupyterhub-sharedscratch-rw
extraVolumeMounts:
- name: jupyterhub-sharedscratch-rw
mountPath: /home/jovyan/shared
# Official VAE users get extra resources
cpu:
limit: 2
guarantee: 0.1
memory:
limit: 2G
guarantee: 512M
networkPolicy:
# Allow
# - internal DNS
# - all EMBL-EBI and University of Dundee
# - all HTTP and HTTPS
egress:
- to:
- ipBlock:
cidr: 10.0.0.0/8
ports:
- port: 53
protocol: UDP
- to:
- ipBlock:
cidr: 193.60.0.0/14
- ipBlock:
cidr: 134.36.0.0/16
- to:
ports:
- port: 80
protocol: TCP
- port: 443
protocol: TCP
ingress:
annotations:
kubernetes.io/ingress.class: nginx
nginx.ingress.kubernetes.io/proxy-body-size: 16m
nginx.ingress.kubernetes.io/proxy-read-timeout: 3600
nginx.ingress.kubernetes.io/proxy-send-timeout: 3600
ingress:
hosts:
- minikube.local
tls:
- hosts:
- minikube.local
persistence:
enabled: true
size: 100M
storageClassName:
env:
GF_AUTH_ANONYMOUS_ENABLED: "true"
GF_AUTH_GITHUB_ENABLED: "false"
GF_SERVER_DOMAIN: minikube.local
ingress:
hosts:
- minikube.local
- ""
- localhost
tls:
- hosts:
- minikube.local
hub:
db:
pvc:
storageClassName:
auth:
github:
callbackUrl: https://minikube.local/vae/hub/oauth_callback
singleuser:
storage:
dynamic:
storageClass:
# extraVolumes: []
# extraVolumeMounts: []
prePuller:
hook:
enabled: true
hub:
db:
pvc:
storageClassName:
auth:
github:
callbackUrl: https://minikube.local/vae/hub/oauth_callback
hub:
extraEnv:
OAUTH_CALLBACK_URL: https://minikube.local/elixir/hub/oauth_callback
OAUTH_CLIENT_ID: # GitLab secret
OAUTH_CLIENT_SECRET: # GitLab secret
singleuser:
storage:
dynamic:
storageClass:
# extraVolumes: []
# extraVolumeMounts: []
prePuller:
hook:
enabled: true
server:
baseURL: https://minikube.local/prometheus
ingress:
annotations:
nginx.ingress.kubernetes.io/auth-type: null
nginx.ingress.kubernetes.io/auth-secret: null
nginx.ingress.kubernetes.io/auth-realm: null
hosts:
- minikube.local/prometheus
tls:
- hosts:
- minikube.local
persistentVolume:
size: 100M
storageClass:
# Based on
# https://github.com/jupyterhub/mybinder.org-deploy/blob/d53420cdbc94d2148018594d33cd35810bbffbf1/mybinder/values.yaml#L213
nodeExporter:
updateStrategy:
type: RollingUpdate
alertmanager: