e-infra: development version with onedata (WIP)

e-infra-cz/deployments/e-infra-dev.yaml

+---
+# logo taken from https://www.cesnet.cz/gimg/default/3/4/2/342-e-INFRA_logo_RGB_lilek.png
+proxy:
+  service:
+    type: NodePort
+
+ingress:
+  enabled: true
+  annotations:
+    kubernetes.io/ingress.class: "nginx"
+    kubernetes.io/tls-acme: "true"
+  hosts:
+    - "{{ notebooks_einfra_dev_hostname }}"
+  tls:
+    - hosts:
+        - "{{ notebooks_einfra_dev_hostname }}"
+      secretName: acme-tls-hub
+
+singleuser:
+  # keep resource limits in sync with:
+  # - profileList
+  storage:
+    capacity: 10Gi
+    dynamic:
+      pvcNameTemplate: claim-{userid}{servername}
+      volumeNameTemplate: vol-{userid}{servername}
+      storageClass: csi-sc-cinderplugin
+    extraVolumes:
+      - name: cvmfs-host
+        hostPath:
+          path: /cvmfs
+          type: Directory
+      - name: oneclient
+        empty_dir:
+          sizeLimit: 1Gi
+    extraVolumeMounts:
+      - name: cvmfs-host
+        mountPath: "/cvmfs"
+      - name: oneclient
+        mountPath: '/mnt/oneclient'
+  memory:
+    limit: 4G
+    guarantee: 128M
+  cpu:
+    limit: 2
+    guarantee: .2
+  defaultUrl: "/lab"
+  image:
+    name: eginotebooks/single-user
+    tag: "sha-14443de"
+  profileList:
+    - display_name: Default environment - 4 GB RAM / 2 core
+      description: >
+        The default notebook environment includes Python, R, Julia and Octave kernels.
+      default: true
+      kubespawner_override:
+        args:
+          - "--CondaKernelSpecManager.env_filter='/opt/conda$'"
+
+hub:
+  db:
+    pvc:
+      storageClassName: csi-sc-cinderplugin
+  services:
+    status:
+      url: "http://status-web/"
+      admin: true
+    jwt:
+      url: "http://jwt/"
+      display: false
+  # recommended to keep in sync with common/playbooks/files/jupyterhub-jwt.yaml
+  # keep k8s-hub version in sync with ../playbooks/notebooks.yaml
+  image:
+    name: eginotebooks/hub
+    tag: "sha-123e370"
+  config:
+    Authenticator:
+      enable_auth_state: true
+      admin_groups:
+        - urn:geant:cesnet.cz:group:e-infra.cz:SP_Managers:e_INFRA_Jupyter_Notebooks#perun.cesnet.cz
+      allowed_groups:
+        - https://www.e-infra.cz/ns/user-eligible-v1-1y
+        # - urn:mace:terena.org:tcs:escience-user
+      claim_groups_key: "eduperson_entitlement"
+    OnedataAuthenticator:
+      oneprovider_host: "cloud2.onedata.e-infra.cz"
+      onezone_url: "https://onedata.e-infra.cz"
+      onezone_token_prefix: "e-infra:"
+      oneclient_token_name: "oneclient.{{ notebooks_einfra_dev_hostname }}"
+      onezone_token_name: "onezone.{{ notebooks_einfra_dev_hostname }}"
+      checkin_host: "{{ secrets['checkin_host']}}"
+      authorize_url: "https://{{ secrets['checkin_host']}}/oidc/authorize"
+      token_url: "https://{{ secrets['checkin_host']}}/oidc/token"
+      userdata_url: "https://{{ secrets['checkin_host']}}/oidc/userinfo"
+      introspect_url: "https://{{ secrets['checkin_host'] }}/oidc/introspect"
+      client_id: "{{ secrets['client_id'] }}"
+      client_secret: "{{ secrets['client_secret'] }}"
+      oauth_callback_url: "https://{{ notebooks_einfra_dev_hostname }}/hub/oauth_callback"
+      openid_configuration_url: "https://{{ secrets['checkin_host'] }}/oidc/.well-known/openid-configuration"
+      scope: ["openid", "profile", "email", "offline_access", "eduperson_entitlement"]
+      username_key: "sub"
+    OnedataSpawner:
+      sidecar_image: "eginotebooks/oneclient-sidecar:sha-dd3068b"
+      force_direct_io: true
+      http_timeout: 60
+      token_mount_path: "/var/run/secrets/oidc/"
+      args:
+        - "--FileCheckpoints.checkpoint_dir='/home/jovyan/.notebookCheckpoints'"
+    JupyterHub:
+      admin_access: true
+      authenticate_prometheus: false
+      authenticator_class: egi_notebooks_hub.onedata.OnedataAuthenticator
+      spawner_class: egi_notebooks_hub.onedata.OnedataSpawner
+  extraConfig:
+    egi-notebooks-welcome: |-
+      from egi_notebooks_hub.welcome import WelcomeHandler
+      c.JupyterHub.default_url = "/welcome"
+      c.JupyterHub.extra_handlers = [(r'/welcome', WelcomeHandler)]
+  templatePaths:
+    - /egi-notebooks-hub/templates
+  extraFiles:
+    e-infra-logo:
+      mountPath: /usr/local/share/jupyterhub/static/images/342-e-INFRA_logo_RGB_lilek.png
+      binaryData: {{ lookup('file', 'static/images/342-e-INFRA_logo_RGB_lilek.png') | b64encode }}
+{% for f in "401.html", "egi-login.html", "page.html" %}
+    {{ f }}:
+      mountPath: /egi-notebooks-hub/templates/{{ f }}
+      stringData: |-
+        {{ lookup('file', ('e-infra-templates', f) | path_join) | indent(8) }}
+{% endfor %}
+    egi.css:
+      mountPath: /usr/local/share/jupyterhub/static/css/egi.css
+      stringData: |-
+        {{ lookup('file', 'static/css/egi.css') | indent(8) }}

e-infra-cz/inventory/99-all.yaml

@@ -20,4 +20,6 @@ all:
     vault_mount_point: secrets/users/e1662e20-e34b-468c-b0ce-d899bc878364@egi.eu/e-infra
 
     notebooks_einfra_hostname: jupyter.e-infra.cz
+    # FIXME: jupyter-dev.e-infra.cz
+    notebooks_einfra_dev_hostname: notebooks-dev-e-infra.cloud.cesnet.cz
     grafana_hostname: grafana.jupyter.e-infra.cz