nublado Helm values reference#
Helm values reference table for the nublado
application.
Key |
Type |
Default |
Description |
---|---|---|---|
cloudsql.affinity |
object |
|
Affinity rules for the Cloud SQL Auth Proxy pod |
cloudsql.enabled |
bool |
|
Enable the Cloud SQL Auth Proxy, used with Cloud SQL databases on Google Cloud |
cloudsql.image.pullPolicy |
string |
|
Pull policy for Cloud SQL Auth Proxy images |
cloudsql.image.repository |
string |
|
Cloud SQL Auth Proxy image to use |
cloudsql.image.tag |
string |
|
Cloud SQL Auth Proxy tag to use |
cloudsql.instanceConnectionName |
string |
None, must be set if Cloud SQL Auth Proxy is enabled |
Instance connection name for a Cloud SQL PostgreSQL instance |
cloudsql.nodeSelector |
object |
|
Node selection rules for the Cloud SQL Auth Proxy pod |
cloudsql.podAnnotations |
object |
|
Annotations for the Cloud SQL Auth Proxy pod |
cloudsql.resources |
object |
See |
Resource limits and requests for the Cloud SQL Proxy pod |
cloudsql.serviceAccount |
string |
None, must be set if Cloud SQL Auth Proxy is enabled |
The Google service account that has an IAM binding to the |
cloudsql.tolerations |
list |
|
Tolerations for the Cloud SQL Auth Proxy pod |
controller.affinity |
object |
|
Affinity rules for the Nublado controller |
controller.config.fileserver.affinity |
object |
|
Affinity rules for user file server pods |
controller.config.fileserver.application |
string |
|
Argo CD application in which to collect user file servers |
controller.config.fileserver.creationTimeout |
int |
|
Timeout to wait for Kubernetes to create file servers, in seconds |
controller.config.fileserver.deleteTimeout |
int |
60 (1 minute) |
Timeout for deleting a user’s file server from Kubernetes, in seconds |
controller.config.fileserver.enabled |
bool |
|
Enable user file servers |
controller.config.fileserver.idleTimeout |
int |
|
Timeout for idle user fileservers, in seconds |
controller.config.fileserver.image.pullPolicy |
string |
|
Pull policy for file server image |
controller.config.fileserver.image.repository |
string |
|
File server image to use |
controller.config.fileserver.image.tag |
string |
|
Tag of file server image to use |
controller.config.fileserver.namespace |
string |
|
Namespace for user file servers |
controller.config.fileserver.nodeSelector |
object |
|
Node selector rules for user file server pods |
controller.config.fileserver.pathPrefix |
string |
|
Path prefix for user file servers |
controller.config.fileserver.resources |
object |
See |
Resource requests and limits for user file servers |
controller.config.fileserver.tolerations |
list |
|
Tolerations for user file server pods |
controller.config.fileserver.volumeMounts |
list |
|
Volumes that should be made available via WebDAV |
controller.config.images.aliasTags |
list |
|
Additional tags besides |
controller.config.images.cycle |
string |
|
Restrict images to this SAL cycle, if given. |
controller.config.images.numDailies |
int |
|
Number of most-recent dailies to prepull. |
controller.config.images.numReleases |
int |
|
Number of most-recent releases to prepull. |
controller.config.images.numWeeklies |
int |
|
Number of most-recent weeklies to prepull. |
controller.config.images.pin |
list |
|
List of additional image tags to prepull. Listing the image tagged as recommended here is recommended when using a Docker image source to ensure its name can be expanded properly in the menu. |
controller.config.images.recommendedTag |
string |
|
Tag marking the recommended image (shown first in the menu) |
controller.config.images.source |
object |
None, must be specified |
Source for prepulled images. For Docker, set |
controller.config.lab.affinity |
object |
|
Affinity rules for user lab pods |
controller.config.lab.application |
string |
|
Argo CD application in which to collect user lab objects |
controller.config.lab.deleteTimeout |
int |
60 (1 minute) |
Timeout for deleting a user’s lab resources from Kubernetes in seconds |
controller.config.lab.env |
object |
See |
Environment variables to set for every user lab |
controller.config.lab.extraAnnotations |
object |
|
Extra annotations to add to user lab pods |
controller.config.lab.files |
object |
See |
Files to be mounted as ConfigMaps inside the user lab pod. |
controller.config.lab.initContainers |
list |
|
Containers run as init containers with each user pod. Each should set |
controller.config.lab.installTsSalKafkaSecret |
bool |
|
Flag to put T&S SAL Kafka secrets into pod. |
controller.config.lab.namespacePrefix |
string |
|
Prefix for namespaces for user labs. To this will be added a dash ( |
controller.config.lab.nodeSelector |
object |
|
Node selector rules for user lab pods |
controller.config.lab.nss.baseGroup |
string |
See |
Base |
controller.config.lab.nss.basePasswd |
string |
See |
Base |
controller.config.lab.pullSecret |
string |
Do not use a pull secret |
Pull secret to use for labs. Set to the string |
controller.config.lab.secrets |
list |
|
Secrets to set in the user pods. Each should have a |
controller.config.lab.sizes |
list |
See |
Available lab sizes. Sizes must be chosen from |
controller.config.lab.spawnTimeout |
int |
|
How long to wait for Kubernetes to spawn a lab in seconds. This should generally be shorter than the spawn timeout set in JupyterHub. |
controller.config.lab.tolerations |
list |
|
Tolerations for user lab pods |
controller.config.lab.volumeMounts |
list |
|
Volumes that should be mounted in lab pods. |
controller.config.lab.volumes |
list |
|
Volumes that will be in lab pods or init containers. This supports NFS, HostPath, and PVC volume types (differentiated in source.type). |
controller.config.logLevel |
string |
|
Level of Python logging |
controller.config.pathPrefix |
string |
|
Path prefix that will be routed to the controller |
controller.googleServiceAccount |
string |
None, must be set when using Google Artifact Registry |
If Google Artifact Registry is used as the image source, the Google service account that has an IAM binding to the |
controller.image.pullPolicy |
string |
|
Pull policy for the controller image |
controller.image.repository |
string |
|
Nublado controller image to use |
controller.image.tag |
string |
The appVersion of the chart |
Tag of Nublado controller image to use |
controller.ingress.annotations |
object |
|
Additional annotations to add for the Nublado controller ingress |
controller.nodeSelector |
object |
|
Node selector rules for the Nublado controller |
controller.podAnnotations |
object |
|
Annotations for the Nublado controller |
controller.resources |
object |
See |
Resource limits and requests for the Nublado controller |
controller.slackAlerts |
bool |
|
Whether to enable Slack alerts. If set to true, |
controller.tolerations |
list |
|
Tolerations for the Nublado controller |
global.baseUrl |
string |
Set by Argo CD |
Base URL for the environment |
global.host |
string |
Set by Argo CD |
Host name for ingress |
global.vaultSecretsPath |
string |
Set by Argo CD |
Base path for Vault secrets |
hub.internalDatabase |
bool |
|
Whether to use the cluster-internal PostgreSQL server instead of an external server. This is not used directly by the Nublado chart, but controls how the database password is managed. |
hub.timeout.startup |
int |
|
Timeout for JupyterLab to start. Currently this sometimes takes over 60 seconds for reasons we don’t understand. |
jupyterhub.cull.enabled |
bool |
|
Enable the lab culler. |
jupyterhub.cull.every |
int |
600 (10 minutes) |
How frequently to check for idle labs in seconds |
jupyterhub.cull.maxAge |
int |
5184000 (60 days) |
Maximum age of a lab regardless of activity |
jupyterhub.cull.removeNamedServers |
bool |
|
Whether to remove named servers when culling their lab |
jupyterhub.cull.timeout |
int |
2592000 (30 days) |
Default idle timeout before the lab is automatically deleted in seconds |
jupyterhub.cull.users |
bool |
|
Whether to log out the server when culling their lab |
jupyterhub.hub.authenticatePrometheus |
bool |
|
Whether to require metrics requests to be authenticated |
jupyterhub.hub.baseUrl |
string |
|
Base URL on which JupyterHub listens |
jupyterhub.hub.containerSecurityContext |
object |
|
Security context for JupyterHub container |
jupyterhub.hub.db.password |
string |
Comes from nublado-secret |
Database password (not used) |
jupyterhub.hub.db.type |
string |
|
Type of database to use |
jupyterhub.hub.db.url |
string |
Use the in-cluster PostgreSQL installed by Phalanx |
URL of PostgreSQL server |
jupyterhub.hub.existingSecret |
string |
|
Existing secret to use for private keys |
jupyterhub.hub.extraEnv |
object |
Gets |
Additional environment variables to set |
jupyterhub.hub.extraVolumeMounts |
list |
|
Additional volume mounts for JupyterHub |
jupyterhub.hub.extraVolumes |
list |
The |
Additional volumes to make available to JupyterHub |
string |
|
Image to use for JupyterHub |
|
jupyterhub.hub.image.tag |
string |
|
Tag of image to use for JupyterHub |
jupyterhub.hub.loadRoles.server.scopes |
list |
|
Default scopes for the user’s lab, overridden to allow the lab to delete itself (which we use for our added menu items) |
jupyterhub.hub.networkPolicy.enabled |
bool |
|
Whether to enable the default |
jupyterhub.hub.resources |
object |
|
Resource limits and requests |
jupyterhub.ingress.enabled |
bool |
|
Whether to enable the default ingress. Should always be disabled since we install our own |
jupyterhub.prePuller.continuous.enabled |
bool |
|
Whether to run the JupyterHub continuous prepuller (the Nublado controller does its own prepulling) |
jupyterhub.prePuller.hook.enabled |
bool |
|
Whether to run the JupyterHub hook prepuller (the Nublado controller does its own prepulling) |
jupyterhub.proxy.chp.networkPolicy.interNamespaceAccessLabels |
string |
|
Enable access to the proxy from other namespaces, since we put each user’s lab environment in its own namespace |
jupyterhub.proxy.service.type |
string |
|
Only expose the proxy to the cluster, overriding the default of exposing the proxy directly to the Internet |
jupyterhub.scheduling.userPlaceholder.enabled |
bool |
|
Whether to spawn placeholder pods representing fake users to force autoscaling in advance of running out of resources |
jupyterhub.scheduling.userScheduler.enabled |
bool |
|
Whether the user scheduler should be enabled |
proxy.ingress.annotations |
object |
Increase |
Additional annotations to add to the proxy ingress (also used to talk to JupyterHub and all user labs) |
secrets.templateSecrets |
bool |
|
Whether to use the new secrets management mechanism. If enabled, the Vault nublado secret will be split into a nublado secret for JupyterHub and a nublado-lab-secret secret used as a source for secret values for the user’s lab. |