central.yaml

---
proxy:
  service:
    type: NodePort

ingress:
  enabled: true
  annotations:
    kubernetes.io/ingress.class: "nginx"
    kubernetes.io/tls-acme: "true"
  hosts:
    - eosc.zcu.cz
  tls:
    - hosts:
        - eosc.zcu.cz
      secretName: acme-tls-central

singleuser:
  storage:
    capacity: 20Gi
    dynamic:
      pvcNameTemplate: claim-{userid}{servername}
      volumeNameTemplate: vol-{userid}{servername}
      storageAccessModes: ["ReadWriteMany"]
    extraVolumes:
      - name: cvmfs-host
        hostPath:
          path: /cvmfs
          type: Directory
    extraVolumeMounts:
      - name: cvmfs-host
        mountPath: "/cvmfs:shared"
  lifecycleHooks:
    postStart:
      exec: { "command": ["/bin/sh", "-c", "ln -snf /cvmfs $HOME/cvmfs; mkdir -p /home/jovyan/.notebookCheckpoints"] }
  memory:
    limit: 6G
    guarantee: 128M
  cpu:
    limit: 2
    guarantee: .02
  defaultUrl: "/lab"
  # requires single-user image compatible with enterprise-gateway
  image:
    # https://github.com/valtri/egi-notebooks-images/tree/jupyter-4.x/single-user-gateway
    # (not compatible)
    # name: valtri/single-user-gateway
    # tag: "jupyter-4b"

    # name: elyra/nb2kg
    # tag: dev

    # hub-4.0.2 julia-1.10.0 lab-4.1.0 notebook-7.0.7 python-3.11.7
    name: quay.io/jupyter/datascience-notebook
    tag: 2024-02-06
  extraEnv:
    KG_REQUEST_TIMEOUT: "60"
    JUPYTER_GATEWAY_AUTH_TOKEN: "{{ gateways_token['cesnet-mcc'] }}"
    JUPYTER_GATEWAY_URL: "https://gateway-cesnet.eosc.zcu.cz"

hub:
  # services:
  #   status:
  #     url: "http://status-web/"
  #     admin: true
  image:
    name: valtri/hub
    tag: "3.x-eosc2" # EOSC, jupyter 3.1.0
  config:
    Authenticator:
      enable_auth_state: true
      admin_users:
        - 529a87e5ce04cd5ddd7161734d02df0e2199a11452430803e714cb1309cc3907@egi.eu
        - 025166931789a0f57793a6092726c2ad89387a4cc167e7c63c5d85fc91021d18@egi.eu
        - 7ce47695f1e7fc91a1156e672f4a47576559938cdbe840355e2429e3a05b4ff8@egi.eu
        # fdvorak2 @ aai.egi.eu
        - 52cc7599bd1553c9d63e34e4c90b7e84d44967490c28bb4c53fe97b0c881d677@egi.eu
        # fdvorak2 @ aai-dev.egi.eu
        - c481e0a85e1ae0a5a1480a63e62295ca2f9ac652244947995bd4a0210fbcb77c@egi.eu
        # jhradil3 @ aai-dev.egi.eu
        - 240c0594fe34ac26cffd82fd0ad85f29d9ad9dfbb46febb05ed42db0bff594d1@egi.eu
      # keep in sync with:
      # - cesnet/playbooks/templates/binder.yaml
      # - documentation/content/en/users/dev-env/notebooks/_index.md
      allowed_groups:
        - urn:geant:eosc-federation.eu:testing:group:eosc#testing.eosc-federation.eu
      auto_login: true
      claim_groups_key: "entitlements"
    EGICheckinAuthenticator:
      checkin_host: "{{ secret['checkin_host'] }}"
      authorize_url: "https://{{ secret['checkin_host'] }}/OIDC/authorization"
      token_url: "https://{{ secret['checkin_host'] }}/OIDC/token"
      userdata_url: "https://{{ secret['checkin_host'] }}/OIDC/userinfo"
      client_id: "{{ secret['client_id'] }}"
      client_secret: "{{ secret['client_secret'] }}"
      oauth_callback_url: "https://eosc.zcu.cz/hub/oauth_callback"
      scope: ["openid", "profile", "email", "offline_access", "entitlements"]
      username_key: "sub"
      extra_authorize_params:
        prompt: consent
    JupyterHub:
      admin_access: true
      authenticate_prometheus: false
      authenticator_class: egi_notebooks_hub.egiauthenticator.EGICheckinAuthenticator
      # spawner_class: kubespawner.KubeSpawner
      spawner_class: egi_notebooks_hub.egispawner.EGISpawner
      # c.B2DropSpawner.args = ["--FileCheckpoints.checkpoint_dir='/home/jovyan/.notebookCheckpoints'"]
  templatePaths:
    - /egi-notebooks-hub/templates