# Copyright 2023 Google LLC # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. # This file can update the JupyterHub Helm chart's default configuration values. # # For reference see the configuration reference and default values, but make # sure to refer to the Helm chart version of interest to you! # # Introduction to YAML: https://www.youtube.com/watch?v=cdLNKUoMc6c # Chart config reference: https://zero-to-jupyterhub.readthedocs.io/en/stable/resources/reference.html # Chart default values: https://github.com/jupyterhub/zero-to-jupyterhub-k8s/blob/HEAD/jupyterhub/values.yaml # Available chart versions: https://jupyterhub.github.io/helm-chart/ hub: image: name: us-docker.pkg.dev/ai-on-gke/jupyterhub-authentication-class/jupyter-auth-class # This is the timestamp of the image, we should avoid using 'latest' tag: 'sample-public-image-1741648202' labels: ${indent(4, chomp(jsonencode(additional_labels)))} config: JupyterHub: authenticator_class: ${authenticator_class} GCPIAPAuthenticator: header_name: 'X-Goog-IAP-JWT-Assertion' project_id: '${project_id}' namespace: '${namespace}' service_name: '${service_name}' project_number: '${project_number}' Authenticator: admin_users: - admin allowed_users: - user DummyAuthenticator: password: ${password} networkPolicy: enabled: false prePuller: hook: enabled: false proxy: labels: ${indent(4, chomp(jsonencode(additional_labels)))} chp: networkPolicy: enabled: false service: type: ${service_type} annotations: beta.cloud.google.com/backend-config: '{"default": "${backend_config}"}' traefik: networkPolicy: enabled: false scheduling: userScheduler: enabled: false singleuser: memory: limit: 32G guarantee: 8G cpu: limit: 8 guarantee: 8 extraResource: limits: ephemeral-storage: ${ephemeral_storage} guarantees: ephemeral-storage: ${ephemeral_storage} nodeSelector: iam.gke.io/gke-metadata-server-enabled: "true" extraEnv: # Used for GCSFuse to set the ephemeral storage as the home directory. If not set, it will show a permission error on the pod log when using GCSFuse. JUPYTER_ALLOW_INSECURE_WRITES: "true" CLOUDSQL_INSTANCE_CONNECTION_NAME: ${cloudsql_instance_connection_name} extraLabels: ${indent(4, chomp(jsonencode(additional_labels)))} image: name: ${notebook_image} tag: ${notebook_image_tag} startTimeout: 1000 extraAnnotations: gke-gcsfuse/volumes: "true" gke-gcsfuse/cpu-limit: "1" gke-gcsfuse/memory-limit: 2Gi gke-gcsfuse/ephemeral-storage-limit: 10Gi serviceAccountName: ${k8s_service_account} # Configure csi for gcsfuse storage: dynamic: pvcNameTemplate: claim-{username} extraVolumes: - name: data-vol csi: driver: gcsfuse.csi.storage.gke.io volumeAttributes: bucketName: ${gcs_bucket} mountOptions: "implicit-dirs,uid=1000,gid=100" - name: secret-volume secret: secretName: ${secret_name} optional: true extraVolumeMounts: - name: data-vol mountPath: /data - name: secret-volume mountPath: /etc/secret-volume readOnly: true # More info on kubespawner overrides: https://jupyterhub-kubespawner.readthedocs.io/en/latest/spawner.html#kubespawner.KubeSpawner # profile example: # - display_name: "Learning Data Science" # description: "Datascience Environment with Sample Notebooks" # kubespawner_override: # cpu_limit: .5 # cpu_guarantee: .5 # mem_limit: 1G # mem_guarantee: 1G # image: jupyter/datascience-notebook:2343e33dec46 # lifecycle_hooks: # postStart: # exec: # command: # - "sh" # - "-c" # - > # gitpuller https://github.com/data-8/materials-fa17 master materials-fa; profileList: - display_name: "CPU" description: "Creates CPU VMs as the compute for notebook execution." profile_options: storage: display_name: "Storage" choices: DefaultStorage: display_name: "DefaultStorage" kubespawner_override: default: true default: true cmd: null cloudMetadata: blockWithIptables: false networkPolicy: enabled: false