Jupyter Web App: Move manifests development upstream (kubeflow#5613)

As part of the work of wg-manifests for 1.3 (kubeflow/manifests#1735), we are moving manifests development in upstream repos. This gives the application developers full ownership of their manifests, tracked in a single place. This commit copies the manifests for application `Jupyter Web App` from path `apps/jupyter/jupyter-web-app/upstream` of kubeflow/manifests to path `components/crud-web-apps/jupyter/manifests` of the upstream repo (https://github.com/kubeflow/kubeflow). Signed-off-by: Yannis Zarkadas <[email protected]>
equinor · Mar 10, 2021 · 895655a · 895655a
1 parent c2a9b55
commit 895655a
Show file tree

Hide file tree

Showing 22 changed files with 849 additions and 0 deletions.
diff --git a/components/crud-web-apps/jupyter/manifests/base/cluster-role-binding.yaml b/components/crud-web-apps/jupyter/manifests/base/cluster-role-binding.yaml
@@ -0,0 +1,11 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: cluster-role-binding
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: cluster-role
+subjects:
+- kind: ServiceAccount
+  name: service-account
diff --git a/components/crud-web-apps/jupyter/manifests/base/cluster-role.yaml b/components/crud-web-apps/jupyter/manifests/base/cluster-role.yaml
@@ -0,0 +1,112 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: cluster-role
+rules:
+- apiGroups:
+  - ""
+  resources:
+  - namespaces
+  verbs:
+  - get
+  - list
+  - create
+  - delete
+- apiGroups:
+  - authorization.k8s.io
+  resources:
+  - subjectaccessreviews
+  verbs:
+  - create
+- apiGroups:
+  - kubeflow.org
+  resources:
+  - notebooks
+  - notebooks/finalizers
+  - poddefaults
+  verbs:
+  - get
+  - list
+  - create
+  - delete
+- apiGroups:
+  - ""
+  resources:
+  - persistentvolumeclaims
+  verbs:
+  - create
+  - delete
+  - get
+  - list
+- apiGroups:
+  - ""
+  resources:
+  - events
+  verbs:
+  - list
+- apiGroups:
+  - storage.k8s.io
+  resources:
+  - storageclasses
+  verbs:
+  - get
+  - list
+  - watch
+
+---
+
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: kubeflow-notebook-ui-admin
+  labels:
+    rbac.authorization.kubeflow.org/aggregate-to-kubeflow-admin: "true"
+rules: []
+
+---
+
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: kubeflow-notebook-ui-edit
+  labels:
+    rbac.authorization.kubeflow.org/aggregate-to-kubeflow-edit: "true"
+rules:
+- apiGroups:
+  - kubeflow.org
+  resources:
+  - notebooks
+  - notebooks/finalizers
+  - poddefaults
+  verbs:
+  - get
+  - list
+  - create
+  - delete
+
+---
+
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: kubeflow-notebook-ui-view
+  labels:
+    rbac.authorization.kubeflow.org/aggregate-to-kubeflow-view: "true"
+rules:
+- apiGroups:
+  - kubeflow.org
+  resources:
+  - notebooks
+  - notebooks/finalizers
+  - poddefaults
+  verbs:
+  - get
+  - list
+- apiGroups:
+  - storage.k8s.io
+  resources:
+  - storageclasses
+  verbs:
+  - get
+  - list
+  - watch
diff --git a/components/crud-web-apps/jupyter/manifests/base/configs/spawner_ui_config.yaml b/components/crud-web-apps/jupyter/manifests/base/configs/spawner_ui_config.yaml
@@ -0,0 +1,186 @@
+# Configuration file for the Jupyter UI.
+#
+# Each Jupyter UI option is configured by two keys: 'value' and 'readOnly'
+# - The 'value' key contains the default value
+# - The 'readOnly' key determines if the option will be available to users
+#
+# If the 'readOnly' key is present and set to 'true', the respective option
+# will be disabled for users and only set by the admin. Also when a
+# Notebook is POSTED to the API if a necessary field is not present then
+# the value from the config will be used.
+#
+# If the 'readOnly' key is missing (defaults to 'false'), the respective option
+# will be available for users to edit.
+#
+# Note that some values can be templated. Such values are the names of the
+# Volumes as well as their StorageClass
+spawnerFormDefaults:
+  image:
+    # The container Image for the user's Jupyter Notebook
+    # If readonly, this value must be a member of the list below
+    value: gcr.io/kubeflow-images-public/tensorflow-1.15.2-notebook-cpu:1.0.0
+    # The list of available standard container Images
+    options:
+      - gcr.io/kubeflow-images-public/tensorflow-1.15.2-notebook-cpu:1.0.0
+      - gcr.io/kubeflow-images-public/tensorflow-1.15.2-notebook-gpu:1.0.0
+      - gcr.io/kubeflow-images-public/tensorflow-2.1.0-notebook-cpu:1.0.0
+      - gcr.io/kubeflow-images-public/tensorflow-2.1.0-notebook-gpu:1.0.0
+    # By default, custom container Images are allowed
+    # Uncomment the following line to only enable standard container Images
+    readOnly: false
+  cpu:
+    # CPU for user's Notebook
+    value: '0.5'
+    readOnly: false
+  memory:
+    # Memory for user's Notebook
+    value: 1.0Gi
+    readOnly: false
+  workspaceVolume:
+    # Workspace Volume to be attached to user's Notebook
+    # Each Workspace Volume is declared with the following attributes:
+    # Type, Name, Size, MountPath and Access Mode
+    value:
+      type:
+        # The Type of the Workspace Volume
+        # Supported values: 'New', 'Existing'
+        value: New
+      name:
+        # The Name of the Workspace Volume
+        # Note that this is a templated value. Special values:
+        # {notebook-name}: Replaced with the name of the Notebook. The frontend
+        #                  will replace this value as the user types the name
+        value: 'workspace-{notebook-name}'
+      size:
+        # The Size of the Workspace Volume (in Gi)
+        value: '10Gi'
+      mountPath:
+        # The Path that the Workspace Volume will be mounted
+        value: /home/jovyan
+      accessModes:
+        # The Access Mode of the Workspace Volume
+        # Supported values: 'ReadWriteOnce', 'ReadWriteMany', 'ReadOnlyMany'
+        value: ReadWriteOnce
+      class:
+        # The StrageClass the PVC will use if type is New. Special values are:
+        # {none}: default StorageClass
+        # {empty}: empty string ""
+        value: '{none}'
+    readOnly: false
+  dataVolumes:
+    # List of additional Data Volumes to be attached to the user's Notebook
+    value: []
+    # Each Data Volume is declared with the following attributes:
+    # Type, Name, Size, MountPath and Access Mode
+    #
+    # For example, a list with 2 Data Volumes:
+    # value:
+    #   - value:
+    #       type:
+    #         value: New
+    #       name:
+    #         value: '{notebook-name}-vol-1'
+    #       size:
+    #         value: '10Gi'
+    #       class:
+    #         value: standard
+    #       mountPath:
+    #         value: /home/jovyan/vol-1
+    #       accessModes:
+    #         value: ReadWriteOnce
+    #       class:
+    #         value: {none}
+    #   - value:
+    #       type:
+    #         value: New
+    #       name:
+    #         value: '{notebook-name}-vol-2'
+    #       size:
+    #         value: '10Gi'
+    #       mountPath:
+    #         value: /home/jovyan/vol-2
+    #       accessModes:
+    #         value: ReadWriteMany
+    #       class:
+    #         value: {none}
+    readOnly: false
+  gpus:
+    # Number of GPUs to be assigned to the Notebook Container
+    value:
+      # values: "none", "1", "2", "4", "8"
+      num: "none"
+      # Determines what the UI will show and send to the backend
+      vendors:
+        - limitsKey: "nvidia.com/gpu"
+          uiName: "NVIDIA"
+        - limitsKey: "amd.com/gpu"
+          uiName: "AMD"
+      # Values: "" or a `limits-key` from the vendors list
+      vendor: ""
+    readOnly: false
+  shm:
+    value: true
+    readOnly: false
+  configurations:
+    # List of labels to be selected, these are the labels from PodDefaults
+    # value:
+    #   - add-gcp-secret
+    #   - default-editor
+    value: []
+    readOnly: false
+  affinityConfig:
+    # The default `configKey` from the options list
+    # If readonly, the default value will be the only option
+    value: "none"
+    # The list of available affinity configs
+    options:
+      - configKey: "none"
+        displayName: "None"
+        affinity: {}
+    # # (DESC) Pod gets an exclusive "n1-standard-2" Node
+    # # (TIP) set PreferNoSchedule taint on this node-pool
+    # # (TIP) enable cluster-autoscaler on this node-pool
+    # # (TIP) dont let users request more CPU/MEMORY than the size of this node
+    # - configKey: "exclusive__n1-standard-2"
+    #   displayName: "Exclusive: n1-standard-2"
+    #   affinity:
+    #     # (Require) Node having label: `node_pool=notebook-n1-standard-2`
+    #     nodeAffinity:
+    #       requiredDuringSchedulingIgnoredDuringExecution:
+    #         nodeSelectorTerms:
+    #           - matchExpressions:
+    #               - key: "node_pool"
+    #                 operator: "In"
+    #                 values:
+    #                   - "notebook-n1-standard-2"
+    #     # (Require) Node WITHOUT existing Pod having label: `notebook-name`
+    #     podAntiAffinity:
+    #       requiredDuringSchedulingIgnoredDuringExecution:
+    #         - labelSelector:
+    #             matchExpressions:
+    #               - key: "notebook-name"
+    #                 operator: "Exists"
+    #           namespaces: []
+    #           topologyKey: "kubernetes.io/hostname"
+    readOnly: false
+  tolerationGroup:
+    # The default `groupKey` from the options list
+    # If readonly, the default value will be the only option
+    value: "none"
+    # The list of available tolerationGroup configs
+    options:
+      - groupKey: "none"
+        displayName: "None"
+        tolerations: []
+    # - groupKey: "group_1"
+    #   displayName: "Group 1: description"
+    #   tolerations:
+    #     - key: "key1"
+    #       operator: "Equal"
+    #       value: "value1"
+    #       effect: "NoSchedule"
+    #     - key: "key2"
+    #       operator: "Equal"
+    #       value: "value2"
+    #       effect: "NoSchedule"
+    readOnly: false
diff --git a/components/crud-web-apps/jupyter/manifests/base/deployment.yaml b/components/crud-web-apps/jupyter/manifests/base/deployment.yaml
@@ -0,0 +1,24 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: deployment
+spec:
+  replicas: 1
+  template:
+    metadata:
+      annotations:
+        sidecar.istio.io/inject: "false"
+    spec:
+      containers:
+      - image: gcr.io/kubeflow-images-public/jupyter-web-app        
+        name: jupyter-web-app
+        ports:
+        - containerPort: 5000
+        volumeMounts:
+        - mountPath: /etc/config
+          name: config-volume
+      serviceAccountName: service-account
+      volumes:
+      - configMap:
+          name: jupyter-web-app-config
+        name: config-volume
diff --git a/components/crud-web-apps/jupyter/manifests/base/deployment_patch.yaml b/components/crud-web-apps/jupyter/manifests/base/deployment_patch.yaml
@@ -0,0 +1,27 @@
+# TODO(https://github.com/kubeflow/manifests/issues/774): This is a patch
+# that pulls out from core the parts that should be in pulled into stacks.
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: deployment
+spec:
+  template:
+    spec:
+      containers:
+      - name: jupyter-web-app
+        imagePullPolicy: $(policy)
+        env:
+        - name: ROK_SECRET_NAME
+          valueFrom:
+            configMapKeyRef:
+              name: parameters
+              key: ROK_SECRET_NAME
+        - name: UI
+          valueFrom:
+            configMapKeyRef:
+              name: parameters
+              key: UI
+        - name: USERID_HEADER
+          value: $(userid-header)
+        - name: USERID_PREFIX
+          value: $(userid-prefix)