Skip to content

Try defining volumes and volume mounts as dict #6102

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
wants to merge 9 commits into
base: main
Choose a base branch
from
Open

Try defining volumes and volume mounts as dict #6102

Changes from all commits
Commits
Show all changes
9 commits
Select commit Hold shift + click to select a range
28bfbf4
Try defining volumes and volume mounts as dict
sunu May 23, 2025
d5f15d4
Explicitly mount the extraFiles volumes
sunu May 27, 2025
b5613b8
create group shared folders if they dont exist
sunu May 27, 2025
1b2f5e1
fix indentation
sunu May 27, 2025
6267ef0
Mount individual group shared folders separately
sunu May 27, 2025
e008806
Fix linting errors
sunu May 29, 2025
ecc0b48
remove stray comment
sunu May 29, 2025
132b01c
Set storage.type to the string 'none'; not null
sunu Jun 18, 2025
ae51aed
[pre-commit.ci] auto fixes from pre-commit.com hooks
pre-commit-ci[bot] Jun 18, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
152 changes: 97 additions & 55 deletions config/clusters/maap/staging.values.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -22,28 +22,31 @@ jupyterhub:
- -c
- >
id &&
chown 1000:1000 /home/jovyan /home/jovyan/shared /home/jovyan/shared-public /home/jovyan/shared-group &&
if [ -d "/home/jovyan/shared-group" ] && [ "$(ls -A /home/jovyan/shared-group)" ]; then
chown 1000:1000 /home/jovyan/shared-group/* || true;
fi &&
chown 1000:1000 /home/jovyan /home/jovyan/shared /home/jovyan/shared-public &&
chown 1000:1000 /home/jovyan/shared-group/* &&
ls -lhd /home/jovyan
securityContext:
runAsUser: 0
volumeMounts:
- name: home
mountPath: /home/jovyan
subPath: '{escaped_username}'
# Mounted without readonly attribute here,
# so we can chown it appropriately
# Mounted without readonly attribute here,
# so we can chown it appropriately
- name: home
mountPath: /home/jovyan/shared
subPath: _shared
- name: home
mountPath: /home/jovyan/shared-public
subPath: _shared-public
- name: home
mountPath: /home/jovyan/shared-group
subPath: _shared-group
mountPath: /home/jovyan/shared-group/CPU_L
subPath: _shared-group/CPU_L
- name: home
mountPath: /home/jovyan/shared-group/GPU_T4
subPath: _shared-group/GPU_T4
storage:
type: none

profileList:
- display_name: Choose your environment and resources
Expand Down Expand Up @@ -229,6 +232,92 @@ jupyterhub:
config:
JupyterHub:
authenticator_class: generic-oauth
KubeSpawner:
volumes:
00-home-nfs:
name: home
persistentVolumeClaim:
claimName: home-nfs
01-dev-shm:
name: dev-shm
emptyDir:
medium: Memory
02-extra-files:
name: files
secret:
secretName: singleuser
items:
- key: ghsa-w3vc-fx9p-wp4v-check-patch-run
mode: 493
path: ghsa-w3vc-fx9p-wp4v-check-patch-run
- key: ipython_kernel_config.json
path: ipython_kernel_config.json
- key: jupyter_notebook_config.json
path: jupyter_notebook_config.json
- key: jupyter_server_config.json
path: jupyter_server_config.json
03-shared-group:
name: shared-group-placeholder
emptyDir:
medium: Memory
sizeLimit: 1Mi
volume_mounts:
00-home-nfs:
name: home
mountPath: /home/jovyan
subPath: '{escaped_username}'
01-home-shared:
name: home
mountPath: /home/jovyan/shared
subPath: _shared
readOnly: true
02-home-shared-group:
# overrides the root of the shared-group folder with an empty dir
# so that the user can't see the contents of other groups' folders
# that the user is not a member of
name: shared-group-placeholder
mountPath: /home/jovyan/shared-group
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Not sure if this the best approach to fix visibility of stale group shared folders. Please let me know if there's a better way to do this.

The concern is: If a user previously had a shared group folder mounted (e.g., to /home/jovyan/shared-group/<group-folder>), their underlying home PVC (<home-pvc>/<user>/) might now contain a persistent directory at shared-group/<group-folder> that was created by Kubernetes as a mount point.

Later, if the user is no longer in that group, the specific mount for the actual shared data is removed. However, the shared-group/<group-folder> directory within their personal PVC home will still be visible (as part of the main /home/jovyan mount). This can lead to confusion, showing outdated or empty folders for groups they no longer have access to.

03-home-shared-public:
name: home
mountPath: /home/jovyan/shared-public
subPath: _shared-public
04-dev-shm:
name: dev-shm
mountPath: /dev/shm
05-mount-ghsa-patch:
name: files
mountPath: /mnt/ghsa-w3vc-fx9p-wp4v/check-patch-run
subPath: ghsa-w3vc-fx9p-wp4v-check-patch-run
06-mount-ipython-config:
name: files
mountPath: /usr/local/etc/ipython/ipython_kernel_config.json
subPath: ipython_kernel_config.json
07-mount-jupyter-notebook-config:
name: files
mountPath: /usr/local/etc/jupyter/jupyter_notebook_config.json
subPath: jupyter_notebook_config.json
08-mount-jupyter-server-config:
name: files
mountPath: /usr/local/etc/jupyter/jupyter_server_config.json
subPath: jupyter_server_config.json
group_overrides:
# Explicitly mount the shared group folders based on group membership
00-group-CPU-L-extra-volume-mounts:
groups: [CPU:L]
spawner_override:
volume_mounts:
00-group-CPU-L-extra-volume-mounts:
name: home
mountPath: /home/jovyan/shared-group/CPU_L
subPath: _shared-group/CPU_L
01-group-GPU-T4-extra-volume-mounts:
groups: [GPU:T4]
spawner_override:
volume_mounts:
01-group-GPU-T4-extra-volume-mounts:
name: home
mountPath: /home/jovyan/shared-group/GPU_T4
subPath: _shared-group/GPU_T4
Authenticator:
admin_users: []
GitHubOAuthenticator:
Expand Down Expand Up @@ -261,53 +350,6 @@ jupyterhub:
- CPU:XXL
- CPU:XXXL
- GPU:T4
extraConfig:
00-volumes-and-volume-mounts-as-dict: |
# The base jupyterhub config in zero-to-jupyterhub defines
# volumes and volume_mounts as lists.
# But we can't add new volumes or volume_mounts to the list
# as that replaces the entire list.
# So we convert them to dictionaries, which allows us to
# add new volumes and volume_mounts as needed.
if isinstance(c.KubeSpawner.volumes, list):
existing_volumes = c.KubeSpawner.volumes
c.KubeSpawner.volumes = {}
for volume in existing_volumes:
c.KubeSpawner.volumes[volume["name"]] = volume
if isinstance(c.KubeSpawner.volume_mounts, list):
existing_volume_mounts = c.KubeSpawner.volume_mounts
c.KubeSpawner.volume_mounts = {}
for idx, volume_mount in enumerate(existing_volume_mounts):
c.KubeSpawner.volume_mounts[f"{idx}-{volume_mount['name']}"] = volume_mount
01-group-shared-directories: |
c.KubeSpawner.group_overrides = {
"00-group-CPU-L-extra-volume-mounts": {
"groups": ["CPU:L"],
"spawner_override": {
"volume_mounts": {
"00-group-CPU-L-shared-dir": {
"name": "home",
"mountPath": "/home/jovyan/shared-group/CPU_L",
"subPath": "_shared-group/CPU_L",
"readOnly": False
},
}
},
},
"01-group-GPU-T4-extra-volume-mounts": {
"groups": ["GPU:T4"],
"spawner_override": {
"volume_mounts": {
"00-group-GPU-T4-shared-dir": {
"name": "home",
"mountPath": "/home/jovyan/shared-group/GPU_T4",
"subPath": "_shared-group/GPU_T4",
"readOnly": False
},
}
},
}
}
ingress:
hosts: [staging.hub.maap.2i2c.cloud]
tls:
Expand Down
Loading