From 700b03587d13092d37be79b6baa091e6bbe2e5c0 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Franti=C5=A1ek=20Dvo=C5=99=C3=A1k?= <valtri@civ.zcu.cz>
Date: Mon, 22 Jul 2024 17:12:30 +0000
Subject: [PATCH] Deploy JupyterHub API JWT wrapper automatically

---
 cesnet-central/deployments/fullhub.yaml       |  1 +
 .../playbooks/files/jupyterhub-jwt.yaml       |  1 +
 common/playbooks/files/jupyterhub-jwt.yaml    | 51 +++++++++++++++++++
 common/playbooks/notebooks.yaml               | 18 +++++++
 staging1/deployments/hub.yaml                 |  1 +
 staging1/playbooks/files/jupyterhub-jwt.yaml  |  1 +
 testing/deployments/hub.yaml                  |  1 +
 testing/playbooks/files/jupyterhub-jwt.yaml   |  1 +
 8 files changed, 75 insertions(+)
 create mode 120000 cesnet-central/playbooks/files/jupyterhub-jwt.yaml
 create mode 100644 common/playbooks/files/jupyterhub-jwt.yaml
 create mode 120000 staging1/playbooks/files/jupyterhub-jwt.yaml
 create mode 120000 testing/playbooks/files/jupyterhub-jwt.yaml

diff --git a/cesnet-central/deployments/fullhub.yaml b/cesnet-central/deployments/fullhub.yaml
index d41b77e..4c933fc 100644
--- a/cesnet-central/deployments/fullhub.yaml
+++ b/cesnet-central/deployments/fullhub.yaml
@@ -112,6 +112,7 @@ hub:
     jwt:
       url: "http://jwt/"
       display: false
+  # recommended to keep in sync with common/playbooks/files/jupyterhub-jwt.yaml
   image:
     name: eginotebooks/hub
     tag: "sha-323c75e"
diff --git a/cesnet-central/playbooks/files/jupyterhub-jwt.yaml b/cesnet-central/playbooks/files/jupyterhub-jwt.yaml
new file mode 120000
index 0000000..59f9ac2
--- /dev/null
+++ b/cesnet-central/playbooks/files/jupyterhub-jwt.yaml
@@ -0,0 +1 @@
+../../../common/playbooks/files/jupyterhub-jwt.yaml
\ No newline at end of file
diff --git a/common/playbooks/files/jupyterhub-jwt.yaml b/common/playbooks/files/jupyterhub-jwt.yaml
new file mode 100644
index 0000000..a8d71b9
--- /dev/null
+++ b/common/playbooks/files/jupyterhub-jwt.yaml
@@ -0,0 +1,51 @@
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: jwt
+  labels:
+    app: jwt
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: jwt
+  template:
+    metadata:
+      labels:
+        name: jwt
+        app: jwt
+        hub.jupyter.org/network-access-hub: "true"
+    spec:
+      containers:
+        - name: jwt
+          # recommended to keep it in sync with */deployments/*.yaml
+          image: eginotebooks/hub:sha-323c75e
+          args:
+            - fastapi
+            - run
+            - /egi-notebooks-hub/egi_notebooks_hub/services/api_wrapper.py
+          env:
+            - name: JUPYTERHUB_SERVICE_PREFIX
+              value: "/services/jwt"
+            - name: JUPYTERHUB_API_URL
+              value: http://hub:8081/hub/api
+          ports:
+            - name: http
+              containerPort: 8000
+              protocol: TCP
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: jwt
+  labels:
+    app: jwt
+spec:
+  ports:
+    - port: 80
+      targetPort: http
+      protocol: TCP
+      name: http
+  selector:
+    app: jwt
diff --git a/common/playbooks/notebooks.yaml b/common/playbooks/notebooks.yaml
index 0c432cd..6b068de 100644
--- a/common/playbooks/notebooks.yaml
+++ b/common/playbooks/notebooks.yaml
@@ -100,6 +100,24 @@
       when: true
       with_fileglob:
         - "../deployments/*.yaml"
+
+    - name: Copy JWT wrapper for JupyterHub API
+      copy:
+        src: files/jupyterhub-jwt.yaml
+        dest: /tmp/jupyterhub-jwt.yaml
+        mode: 0644
+    - name: Configure JWT wrapper for JupyterHub API
+      vars:
+        name: "{{ item | basename | splitext | first }}"
+      command: |-
+        kubectl apply -n "{{ name }}" -f /tmp/jupyterhub-jwt.yaml
+      environment:
+        KUBECONFIG: /etc/kubernetes/admin.conf
+        PATH: /sbin:/bin:/usr/sbin:/usr/bin:/usr/local/bin
+      when: true
+      with_fileglob:
+        - "../deployments/*.yaml"
+
     # do the extra bits of configuration
     # here we should have all the namespaces, pre-requirements in place
     # XXX: this won't remove things that are delete from the directory
diff --git a/staging1/deployments/hub.yaml b/staging1/deployments/hub.yaml
index 62a5d60..8a3a9d5 100644
--- a/staging1/deployments/hub.yaml
+++ b/staging1/deployments/hub.yaml
@@ -130,6 +130,7 @@ hub:
     jwt:
       url: "http://jwt/"
       display: false
+  # recommended to keep in sync with common/playbooks/files/jupyterhub-jwt.yaml
   image:
     name: eginotebooks/hub
     tag: "sha-323c75e"
diff --git a/staging1/playbooks/files/jupyterhub-jwt.yaml b/staging1/playbooks/files/jupyterhub-jwt.yaml
new file mode 120000
index 0000000..59f9ac2
--- /dev/null
+++ b/staging1/playbooks/files/jupyterhub-jwt.yaml
@@ -0,0 +1 @@
+../../../common/playbooks/files/jupyterhub-jwt.yaml
\ No newline at end of file
diff --git a/testing/deployments/hub.yaml b/testing/deployments/hub.yaml
index 5d11306..3601118 100644
--- a/testing/deployments/hub.yaml
+++ b/testing/deployments/hub.yaml
@@ -131,6 +131,7 @@ hub:
     jwt:
       url: "http://jwt/"
       display: false
+  # recommended to keep in sync with common/playbooks/files/jupyterhub-jwt.yaml
   image:
     name: eginotebooks/hub
     tag: "sha-323c75e"
diff --git a/testing/playbooks/files/jupyterhub-jwt.yaml b/testing/playbooks/files/jupyterhub-jwt.yaml
new file mode 120000
index 0000000..59f9ac2
--- /dev/null
+++ b/testing/playbooks/files/jupyterhub-jwt.yaml
@@ -0,0 +1 @@
+../../../common/playbooks/files/jupyterhub-jwt.yaml
\ No newline at end of file
-- 
GitLab