def get_pod_manifest(self):
"""
Make a pod manifest that will spawn current user's notebook pod.
"""
# Add a hack to ensure that no service accounts are mounted in spawned pods
# This makes sure that we don't accidentally give access to the whole
# kubernetes API to the users in the spawned pods.
# See https://github.com/kubernetes/kubernetes/issues/16779#issuecomment-157460294
hack_volumes = [{
'name': 'no-api-access-please',
'emptyDir': {}
}]
hack_volume_mounts = [{
'name': 'no-api-access-please',
'mountPath': '/var/run/secrets/kubernetes.io/serviceaccount',
'readOnly': True
}]
return make_pod_spec(
self.pod_name,
self.singleuser_image_spec,
self.singleuser_image_pull_policy,
self.singleuser_uid,
self.singleuser_fs_gid,
self.get_env(),
self._expand_all(self.volumes) + hack_volumes,
self._expand_all(self.volume_mounts) + hack_volume_mounts,
self.cpu_limit,
self.cpu_guarantee,
self.mem_limit,
self.mem_guarantee,
)
def test_set_pod_uid_fs_gid():
"""
Test specification of the simplest possible pod specification
"""
assert make_pod_spec(
name='test',
image_spec='jupyter/singleuser:latest',
env={},
volumes=[],
volume_mounts=[],
cmd=['jupyterhub-singleuser'],
port=8888,
cpu_limit=None,
cpu_guarantee=None,
mem_limit=None,
mem_guarantee=None,
run_as_uid=1000,
fs_gid=1000,
image_pull_policy='IfNotPresent',
image_pull_secret=None,
labels={}
) == {
"metadata": {
"name": "test",
"labels": {},
},
"spec": {
"securityContext": {
"runAsUser": 1000,
"fsGroup": 1000
},
"imagePullSecrets": [],
"containers": [
{
"env": [],
"name": "notebook",
"image": "jupyter/singleuser:latest",
"imagePullPolicy": "IfNotPresent",
"args": ["jupyterhub-singleuser"],
"ports": [{
"containerPort": 8888
}],
"volumeMounts": [],
"resources": {
"limits": {
"cpu": None,
"memory": None
},
"requests": {
"cpu": None,
"memory": None
}
}
}
],
"volumes": []
},
"kind": "Pod",
"apiVersion": "v1"
}
def get_pod_manifest(self):
"""
Make a pod manifest that will spawn current user's notebook pod.
"""
# Add a hack to ensure that no service accounts are mounted in spawned pods
# This makes sure that we don't accidentally give access to the whole
# kubernetes API to the users in the spawned pods.
# See https://github.com/kubernetes/kubernetes/issues/16779#issuecomment-157460294
hack_volumes = [{
'name': 'no-api-access-please',
'emptyDir': {}
}]
hack_volume_mounts = [{
'name': 'no-api-access-please',
'mountPath': '/var/run/secrets/kubernetes.io/serviceaccount',
'readOnly': True
}]
return make_pod_spec(
self.pod_name,
self.singleuser_image_spec,
self.get_env(),
self._expand_all(self.volumes) + hack_volumes,
self._expand_all(self.volume_mounts) + hack_volume_mounts,
self.cpu_limit,
self.cpu_guarantee,
self.mem_limit,
self.mem_guarantee,
)
def test_make_pod_with_env():
"""
Test specification of a pod with custom environment variables
"""
assert make_pod_spec(
name='test',
image_spec='jupyter/singleuser:latest',
env={
'TEST_KEY': 'TEST_VALUE'
},
volumes=[],
volume_mounts=[],
cmd=['jupyterhub-singleuser'],
port=8888,
cpu_limit=None,
cpu_guarantee=None,
mem_limit=None,
mem_guarantee=None,
image_pull_policy='IfNotPresent',
image_pull_secret=None,
run_as_uid=None,
fs_gid=None,
labels={},
) == {
"metadata": {
"name": "test",
"labels": {},
},
"spec": {
"securityContext": {},
"imagePullSecrets": [],
"containers": [
{
"env": [{'name': 'TEST_KEY', 'value': 'TEST_VALUE'}],
"name": "notebook",
"image": "jupyter/singleuser:latest",
"imagePullPolicy": "IfNotPresent",
"args": ["jupyterhub-singleuser"],
"ports": [{
"containerPort": 8888
}],
"volumeMounts": [],
"resources": {
"limits": {
"cpu": None,
"memory": None
},
"requests": {
"cpu": None,
"memory": None
}
}
}
],
"volumes": []
},
"kind": "Pod",
"apiVersion": "v1"
}
def test_make_pod_resources_all():
"""
Test specifying all possible resource limits & guarantees
"""
assert make_pod_spec(
name='test',
image_spec='jupyter/singleuser:latest',
env={},
volumes=[],
volume_mounts=[],
cpu_limit=2,
cpu_guarantee=1,
cmd=['jupyterhub-singleuser'],
port=8888,
mem_limit='1Gi',
mem_guarantee='512Mi',
image_pull_policy='IfNotPresent',
image_pull_secret=None,
run_as_uid=None,
fs_gid=None,
labels={}
) == {
"metadata": {
"name": "test",
"labels": {},
},
"spec": {
"securityContext": {},
"imagePullSecrets": [],
"containers": [
{
"env": [],
"name": "notebook",
"image": "jupyter/singleuser:latest",
"imagePullPolicy": "IfNotPresent",
"args": ["jupyterhub-singleuser"],
"ports": [{
"containerPort": 8888
}],
"volumeMounts": [],
"resources": {
"limits": {
"cpu": 2,
"memory": '1Gi'
},
"requests": {
"cpu": 1,
"memory": '512Mi'
}
}
}
],
"volumes": []
},
"kind": "Pod",
"apiVersion": "v1"
}
def test_make_pod_with_image_pull_secrets():
"""
Test specification of the simplest possible pod specification
"""
assert make_pod_spec(
name='test',
image_spec='jupyter/singleuser:latest',
env={},
volumes=[],
volume_mounts=[],
cpu_limit=None,
cpu_guarantee=None,
mem_limit=None,
mem_guarantee=None,
run_as_uid=None,
fs_gid=None,
image_pull_policy='IfNotPresent',
image_pull_secret='super-sekrit'
) == {
"metadata": {
"name": "test"
},
"spec": {
"securityContext": {},
"imagePullSecrets": [
{'name': 'super-sekrit'}
],
"containers": [
{
"env": [],
"name": "notebook",
"image": "jupyter/singleuser:latest",
"imagePullPolicy": "IfNotPresent",
"ports": [{
"containerPort": 8888
}],
"volumeMounts": [],
"resources": {
"limits": {
"cpu": None,
"memory": None
},
"requests": {
"cpu": None,
"memory": None
}
}
}
],
"volumes": []
},
"kind": "Pod",
"apiVersion": "v1"
}
def test_make_pod_with_env():
"""
Test specification of a pod with custom environment variables
"""
assert make_pod_spec(
name='test',
image_spec='jupyter/singleuser:latest',
env={
'TEST_KEY': 'TEST_VALUE'
},
volumes=[],
volume_mounts=[],
cpu_limit=None,
cpu_guarantee=None,
mem_limit=None,
mem_guarantee=None
) == {
"metadata": {
"name": "test"
},
"spec": {
"containers": [
{
"env": [{'name': 'TEST_KEY', 'value': 'TEST_VALUE'}],
"name": "notebook",
"image": "jupyter/singleuser:latest",
"ports": [{
"containerPort": 8888
}],
"volumeMounts": [],
"resources": {
"limits": {
"cpu": None,
"memory": None
},
"requests": {
"cpu": None,
"memory": None
}
}
}
],
"volumes": []
},
"kind": "Pod",
"apiVersion": "v1"
}
def test_make_pod_with_env():
"""
Test specification of a pod with custom environment variables
"""
assert make_pod_spec(name='test',
image_spec='jupyter/singleuser:latest',
env={'TEST_KEY': 'TEST_VALUE'},
volumes=[],
volume_mounts=[],
cpu_limit=None,
cpu_guarantee=None,
mem_limit=None,
mem_guarantee=None) == {
"metadata": {
"name": "test"
},
"spec": {
"containers": [{
"env": [{
'name': 'TEST_KEY',
'value': 'TEST_VALUE'
}],
"name":
"notebook",
"image":
"jupyter/singleuser:latest",
"ports": [{
"containerPort": 8888
}],
"volumeMounts": [],
"resources": {
"limits": {
"cpu": None,
"memory": None
},
"requests": {
"cpu": None,
"memory": None
}
}
}],
"volumes": []
},
"kind": "Pod",
"apiVersion": "v1"
}
def test_make_simplest_pod():
"""
Test specification of the simplest possible pod specification
"""
assert make_pod_spec(
name='test',
image_spec='jupyter/singleuser:latest',
env={},
volumes=[],
volume_mounts=[],
cpu_limit=None,
cpu_guarantee=None,
mem_limit=None,
mem_guarantee=None
) == {
"metadata": {
"name": "test"
},
"spec": {
"containers": [
{
"env": [],
"name": "notebook",
"image": "jupyter/singleuser:latest",
"ports": [{
"containerPort": 8888
}],
"volumeMounts": [],
"resources": {
"limits": {
"cpu": None,
"memory": None
},
"requests": {
"cpu": None,
"memory": None
}
}
}
],
"volumes": []
},
"kind": "Pod",
"apiVersion": "v1"
}
def test_make_pod_resources_all():
"""
Test specifying all possible resource limits & guarantees
"""
assert make_pod_spec(
name='test',
image_spec='jupyter/singleuser:latest',
env={},
volumes=[],
volume_mounts=[],
cpu_limit=2,
cpu_guarantee=1,
mem_limit='1Gi',
mem_guarantee='512Mi'
) == {
"metadata": {
"name": "test"
},
"spec": {
"containers": [
{
"env": [],
"name": "notebook",
"image": "jupyter/singleuser:latest",
"ports": [{
"containerPort": 8888
}],
"volumeMounts": [],
"resources": {
"limits": {
"cpu": 2,
"memory": '1Gi'
},
"requests": {
"cpu": 1,
"memory": '512Mi'
}
}
}
],
"volumes": []
},
"kind": "Pod",
"apiVersion": "v1"
}
def test_make_simplest_pod():
"""
Test specification of the simplest possible pod specification
"""
assert make_pod_spec(name='test',
image_spec='jupyter/singleuser:latest',
env={},
volumes=[],
volume_mounts=[],
cpu_limit=None,
cpu_guarantee=None,
mem_limit=None,
mem_guarantee=None) == {
"metadata": {
"name": "test"
},
"spec": {
"containers": [{
"env": [],
"name":
"notebook",
"image":
"jupyter/singleuser:latest",
"ports": [{
"containerPort": 8888
}],
"volumeMounts": [],
"resources": {
"limits": {
"cpu": None,
"memory": None
},
"requests": {
"cpu": None,
"memory": None
}
}
}],
"volumes": []
},
"kind": "Pod",
"apiVersion": "v1"
}
def test_make_pod_resources_all():
"""
Test specifying all possible resource limits & guarantees
"""
assert make_pod_spec(name='test',
image_spec='jupyter/singleuser:latest',
env={},
volumes=[],
volume_mounts=[],
cpu_limit=2,
cpu_guarantee=1,
mem_limit='1Gi',
mem_guarantee='512Mi') == {
"metadata": {
"name": "test"
},
"spec": {
"containers": [{
"env": [],
"name":
"notebook",
"image":
"jupyter/singleuser:latest",
"ports": [{
"containerPort": 8888
}],
"volumeMounts": [],
"resources": {
"limits": {
"cpu": 2,
"memory": '1Gi'
},
"requests": {
"cpu": 1,
"memory": '512Mi'
}
}
}],
"volumes": []
},
"kind": "Pod",
"apiVersion": "v1"
}
