nublado Helm values reference#
Helm values reference table for the nublado
application.
Key |
Type |
Default |
Description |
---|---|---|---|
cloudsql.affinity |
object |
|
Affinity rules for the Cloud SQL Proxy pod |
cloudsql.enabled |
bool |
|
Enable the Cloud SQL Auth Proxy, used with CloudSQL databases on Google Cloud. This will be run as a separate service, because shoehorning it into Zero to Jupyterhub’s extraContainers looks messy, and it’s not necessary that it be very performant. |
cloudsql.image.pullPolicy |
string |
|
Pull policy for Cloud SQL Auth Proxy images |
cloudsql.image.repository |
string |
|
Cloud SQL Auth Proxy image to use |
cloudsql.image.tag |
string |
|
Cloud SQL Auth Proxy tag to use |
cloudsql.instanceConnectionName |
string |
None, must be set if Cloud SQL Auth Proxy is enabled |
Instance connection name for a CloudSQL PostgreSQL instance |
cloudsql.nodeSelector |
object |
|
Node selection rules for the Cloud SQL Proxy pod |
cloudsql.podAnnotations |
object |
|
Annotations for the Cloud SQL Proxy pod |
cloudsql.resources |
object |
See |
Resource limits and requests for the Cloud SQL Proxy pod |
cloudsql.serviceAccount |
string |
None, must be set if Cloud SQL Auth Proxy is enabled |
The Google service account that has an IAM binding to the |
cloudsql.tolerations |
list |
|
Tolerations for the Cloud SQL Proxy pod |
controller.affinity |
object |
|
Affinity rules for the lab controller pod |
controller.config.fileserver.enabled |
bool |
|
Enable fileserver management |
controller.config.fileserver.image |
string |
|
Image for fileserver container |
controller.config.fileserver.namespace |
string |
|
Namespace for user fileservers |
controller.config.fileserver.pullPolicy |
string |
|
Pull policy for fileserver container |
controller.config.fileserver.tag |
string |
|
Tag for fileserver container |
controller.config.fileserver.timeout |
int |
|
Timeout for user fileservers, in seconds |
controller.config.images.aliasTags |
list |
|
Additional tags besides |
controller.config.images.cycle |
string |
|
Restrict images to this SAL cycle, if given. |
controller.config.images.numDailies |
int |
|
Number of most-recent dailies to prepull. |
controller.config.images.numReleases |
int |
|
Number of most-recent releases to prepull. |
controller.config.images.numWeeklies |
int |
|
Number of most-recent weeklies to prepull. |
controller.config.images.pin |
list |
|
List of additional image tags to prepull. Listing the image tagged as recommended here is recommended when using a Docker image source to ensure its name can be expanded properly in the menu. |
controller.config.images.recommendedTag |
string |
|
Tag marking the recommended image (shown first in the menu) |
controller.config.images.source |
object |
None, must be specified |
Source for prepulled images. For Docker, set |
controller.config.lab.application |
string |
See |
ArgcoCD application in which to collect user lab objects. |
controller.config.lab.env |
object |
See |
Environment variables to set for every user lab. |
controller.config.lab.files |
object |
See |
Files to be mounted as ConfigMaps inside the user lab pod. |
controller.config.lab.initcontainers |
list |
|
Containers run as init containers with each user pod. Each should set |
controller.config.lab.pullSecret |
string |
Do not use a pull secret |
Pull secret to use for labs. Set to the string |
controller.config.lab.secrets |
list |
|
Secrets to set in the user pods. Each should have a |
controller.config.lab.sizes |
object |
See |
Available lab sizes. Names must be chosen from |
controller.config.lab.volumes |
list |
|
Volumes that should be mounted in lab pods. This supports NFS, HostPath, and PVC volume types (differentiated in source.type) |
controller.config.safir.logLevel |
string |
|
Level of Python logging |
controller.config.safir.pathPrefix |
string |
|
Path prefix that will be routed to the controller |
controller.googleServiceAccount |
string |
None, must be set when using Google Artifact Registry |
If Google Artifact Registry is used as the image source, the Google service account that has an IAM binding to the |
controller.image.pullPolicy |
string |
|
Pull policy for the nublado image |
controller.image.repository |
string |
|
nublado image to use |
controller.image.tag |
string |
The appVersion of the chart |
Tag of nublado image to use |
controller.ingress.annotations |
object |
|
Additional annotations to add for the lab controller pod ingress |
controller.nodeSelector |
object |
|
Node selector rules for the lab controller pod |
controller.podAnnotations |
object |
|
Annotations for the lab controller pod |
controller.resources |
object |
|
Resource limits and requests for the lab controller pod |
controller.slackAlerts |
bool |
|
Whether to enable Slack alerts. If set to true, |
controller.tolerations |
list |
|
Tolerations for the lab controller pod |
global.baseUrl |
string |
Set by Argo CD |
Base URL for the environment |
global.host |
string |
Set by Argo CD |
Host name for ingress |
global.vaultSecretsPath |
string |
Set by Argo CD |
Base path for Vault secrets |
hub.internalDatabase |
bool |
|
Whether to use the cluster-internal PostgreSQL server instead of an external server. This is not used directly by the Nublado chart, but controls how the database password is managed. |
hub.timeout.spawn |
int |
|
Timeout for the Kubernetes spawn process in seconds. (Allow long enough to pull uncached images if needed.) |
hub.timeout.startup |
int |
|
Timeout for JupyterLab to start. Currently this sometimes takes over 60 seconds for reasons we don’t understand. |
jupyterhub.cull.enabled |
bool |
|
Enable the lab culler. |
jupyterhub.cull.every |
int |
600 (10 minutes) |
How frequently to check for idle labs in seconds |
jupyterhub.cull.maxAge |
int |
5184000 (60 days) |
Maximum age of a lab regardless of activity |
jupyterhub.cull.removeNamedServers |
bool |
|
Whether to remove named servers when culling their lab |
jupyterhub.cull.timeout |
int |
2592000 (30 days) |
Default idle timeout before the lab is automatically deleted in seconds |
jupyterhub.cull.users |
bool |
|
Whether to log out the server when culling their lab |
jupyterhub.hub.authenticatePrometheus |
bool |
|
Whether to require metrics requests to be authenticated |
jupyterhub.hub.baseUrl |
string |
|
Base URL on which JupyterHub listens |
jupyterhub.hub.containerSecurityContext |
object |
|
Security context for JupyterHub container |
jupyterhub.hub.db.password |
string |
Comes from nublado-secret |
Database password (not used) |
jupyterhub.hub.db.type |
string |
|
Type of database to use |
jupyterhub.hub.db.url |
string |
Use the in-cluster PostgreSQL installed by Phalanx |
URL of PostgreSQL server |
jupyterhub.hub.existingSecret |
string |
|
Existing secret to use for private keys |
jupyterhub.hub.extraEnv |
object |
Gets |
Additional environment variables to set |
jupyterhub.hub.extraVolumeMounts |
list |
|
Additional volume mounts for JupyterHub |
jupyterhub.hub.extraVolumes |
list |
The |
Additional volumes to make available to JupyterHub |
string |
|
Image to use for JupyterHub |
|
jupyterhub.hub.image.tag |
string |
|
Tag of image to use for JupyterHub |
jupyterhub.hub.loadRoles.server.scopes |
list |
|
Default scopes for the user’s lab, overridden to allow the lab to delete itself (which we use for our added menu items) |
jupyterhub.hub.networkPolicy.enabled |
bool |
|
Whether to enable the default |
jupyterhub.hub.resources |
object |
|
Resource limits and requests |
jupyterhub.ingress.enabled |
bool |
|
Whether to enable the default ingress |
jupyterhub.prePuller.continuous.enabled |
bool |
|
Whether to run the JupyterHub continuous prepuller (the Nublado controller does its own prepulling) |
jupyterhub.prePuller.hook.enabled |
bool |
|
Whether to run the JupyterHub hook prepuller (the Nublado controller does its own prepulling) |
jupyterhub.proxy.chp.networkPolicy.interNamespaceAccessLabels |
string |
|
Enable access to the proxy from other namespaces, since we put each user’s lab environment in its own namespace |
jupyterhub.proxy.service.type |
string |
|
Only expose the proxy to the cluster, overriding the default of exposing the proxy directly to the Internet |
jupyterhub.scheduling.userPlaceholder.enabled |
bool |
|
Whether to spawn placeholder pods representing fake users to force autoscaling in advance of running out of resources |
jupyterhub.scheduling.userScheduler.enabled |
bool |
|
Whether the user scheduler should be enabled |
jupyterhub.singleuser.cloudMetadata.blockWithIptables |
bool |
|
Whether to configure iptables to block cloud metadata endpoints. This is unnecessary in our environments (they are blocked by cluster configuration) and thus is disabled to reduce complexity. |
jupyterhub.singleuser.cmd |
string |
|
Start command for labs |
jupyterhub.singleuser.defaultUrl |
string |
|
Default URL prefix for lab endpoints |
proxy.ingress.annotations |
object |
Increase |
Additional annotations to add to the proxy ingress (also used to talk to JupyterHub and all user labs) |
secrets.templateSecrets |
bool |
|
Whether to use the new secrets management mechanism. If enabled, the Vault nublado secret will be split into a nublado secret for JupyterHub and a nublado-lab-secret secret used as a source for secret values for the user’s lab. |