# Copyright 2023 Google LLC # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. # This file can update the JupyterHub Helm chart's default configuration values. # # For reference see the configuration reference and default values, but make # sure to refer to the Helm chart version of interest to you! # # Introduction to YAML: https://www.youtube.com/watch?v=cdLNKUoMc6c # Chart config reference: https://zero-to-jupyterhub.readthedocs.io/en/stable/resources/reference.html # Chart default values: https://github.com/jupyterhub/zero-to-jupyterhub-k8s/blob/HEAD/jupyterhub/values.yaml # Available chart versions: https://jupyterhub.github.io/helm-chart/ hub: image: name: us-docker.pkg.dev/ai-on-gke/jupyterhub-authentication-class/jupyter-auth-class # This is the timestamp of the image, we should avoid using 'latest' tag: 'sample-public-image-1741648202' labels: ${indent(4, chomp(jsonencode(additional_labels)))} config: JupyterHub: authenticator_class: ${authenticator_class} GCPIAPAuthenticator: header_name: 'X-Goog-IAP-JWT-Assertion' project_id: '${project_id}' namespace: '${namespace}' service_name: '${service_name}' project_number: '${project_number}' Authenticator: admin_users: - admin allowed_users: - user DummyAuthenticator: password: ${password} networkPolicy: enabled: false prePuller: hook: enabled: false proxy: labels: ${indent(4, chomp(jsonencode(additional_labels)))} chp: networkPolicy: enabled: false service: type: ${service_type} annotations: beta.cloud.google.com/backend-config: '{"default": "${backend_config}"}' traefik: networkPolicy: enabled: false scheduling: userScheduler: enabled: false userPlaceholder: enabled: false singleuser: memory: limit: 16G guarantee: 16G cpu: limit: 8 guarantee: 8 extraResource: limits: ephemeral-storage: ${ephemeral_storage} guarantees: ephemeral-storage: ${ephemeral_storage} nodeSelector: iam.gke.io/gke-metadata-server-enabled: "true" extraEnv: # Used for GCSFuse to set the ephemeral storage as the home directory. If not set, it will show a permission error on the pod log when using GCSFuse. JUPYTER_ALLOW_INSECURE_WRITES: "true" CLOUDSQL_INSTANCE_CONNECTION_NAME: ${cloudsql_instance_connection_name} extraLabels: ${indent(4, chomp(jsonencode(additional_labels)))} image: name: ${notebook_image} tag: ${notebook_image_tag} startTimeout: 1000 extraAnnotations: gke-gcsfuse/volumes: "true" gke-gcsfuse/cpu-limit: "1" gke-gcsfuse/memory-limit: 2Gi gke-gcsfuse/ephemeral-storage-limit: 10Gi serviceAccountName: ${k8s_service_account} # Configure csi for gcsfuse storage: dynamic: pvcNameTemplate: claim-{username} extraVolumes: - name: data-vol csi: driver: gcsfuse.csi.storage.gke.io volumeAttributes: bucketName: ${gcs_bucket} mountOptions: "implicit-dirs,uid=1000,gid=100" - name: secret-volume secret: secretName: ${secret_name} optional: true extraVolumeMounts: - name: data-vol mountPath: /data - name: secret-volume mountPath: /etc/secret-volume readOnly: true profileList: - display_name: "CPU (C3)" description: "Creates CPU (C3) VMs as the compute for notebook execution." profile_options: storage: display_name: "Storage" choices: DefaultStorage: display_name: "Local (SSD)" kubespawner_override: default: true kubespawner_override: node_selector: cloud.google.com/compute-class: "Performance" cloud.google.com/machine-family: "c3" cloud.google.com/gke-ephemeral-storage-local-ssd: "true" default: true - display_name: "GPU (L4)" description: "Creates GPU VMs (L4) as the compute for notebook execution." profile_options: storage: display_name: "Storage" choices: DefaultStorage: display_name: "Local (SSD)" kubespawner_override: default: true kubespawner_override: image: ${notebook_image}:${notebook_image_tag} extra_resource_limits: nvidia.com/gpu: "2" extra_resource_guarantees: nvidia.com/gpu: "2" node_selector: cloud.google.com/compute-class: "Accelerator" cloud.google.com/gke-accelerator: "nvidia-l4" cloud.google.com/gke-ephemeral-storage-local-ssd: "true" cmd: null cloudMetadata: blockWithIptables: false networkPolicy: enabled: false