def get_pod_manifest(self): """ Make a pod manifest that will spawn current user's notebook pod. """ # Add a hack to ensure that no service accounts are mounted in spawned pods # This makes sure that we don't accidentally give access to the whole # kubernetes API to the users in the spawned pods. # See https://github.com/kubernetes/kubernetes/issues/16779#issuecomment-157460294 hack_volumes = [{ 'name': 'no-api-access-please', 'emptyDir': {} }] hack_volume_mounts = [{ 'name': 'no-api-access-please', 'mountPath': '/var/run/secrets/kubernetes.io/serviceaccount', 'readOnly': True }] return make_pod_spec( self.pod_name, self.singleuser_image_spec, self.singleuser_image_pull_policy, self.singleuser_uid, self.singleuser_fs_gid, self.get_env(), self._expand_all(self.volumes) + hack_volumes, self._expand_all(self.volume_mounts) + hack_volume_mounts, self.cpu_limit, self.cpu_guarantee, self.mem_limit, self.mem_guarantee, )
def test_set_pod_uid_fs_gid(): """ Test specification of the simplest possible pod specification """ assert make_pod_spec( name='test', image_spec='jupyter/singleuser:latest', env={}, volumes=[], volume_mounts=[], cmd=['jupyterhub-singleuser'], port=8888, cpu_limit=None, cpu_guarantee=None, mem_limit=None, mem_guarantee=None, run_as_uid=1000, fs_gid=1000, image_pull_policy='IfNotPresent', image_pull_secret=None, labels={} ) == { "metadata": { "name": "test", "labels": {}, }, "spec": { "securityContext": { "runAsUser": 1000, "fsGroup": 1000 }, "imagePullSecrets": [], "containers": [ { "env": [], "name": "notebook", "image": "jupyter/singleuser:latest", "imagePullPolicy": "IfNotPresent", "args": ["jupyterhub-singleuser"], "ports": [{ "containerPort": 8888 }], "volumeMounts": [], "resources": { "limits": { "cpu": None, "memory": None }, "requests": { "cpu": None, "memory": None } } } ], "volumes": [] }, "kind": "Pod", "apiVersion": "v1" }
def get_pod_manifest(self): """ Make a pod manifest that will spawn current user's notebook pod. """ # Add a hack to ensure that no service accounts are mounted in spawned pods # This makes sure that we don't accidentally give access to the whole # kubernetes API to the users in the spawned pods. # See https://github.com/kubernetes/kubernetes/issues/16779#issuecomment-157460294 hack_volumes = [{ 'name': 'no-api-access-please', 'emptyDir': {} }] hack_volume_mounts = [{ 'name': 'no-api-access-please', 'mountPath': '/var/run/secrets/kubernetes.io/serviceaccount', 'readOnly': True }] return make_pod_spec( self.pod_name, self.singleuser_image_spec, self.get_env(), self._expand_all(self.volumes) + hack_volumes, self._expand_all(self.volume_mounts) + hack_volume_mounts, self.cpu_limit, self.cpu_guarantee, self.mem_limit, self.mem_guarantee, )
def test_make_pod_with_env(): """ Test specification of a pod with custom environment variables """ assert make_pod_spec( name='test', image_spec='jupyter/singleuser:latest', env={ 'TEST_KEY': 'TEST_VALUE' }, volumes=[], volume_mounts=[], cmd=['jupyterhub-singleuser'], port=8888, cpu_limit=None, cpu_guarantee=None, mem_limit=None, mem_guarantee=None, image_pull_policy='IfNotPresent', image_pull_secret=None, run_as_uid=None, fs_gid=None, labels={}, ) == { "metadata": { "name": "test", "labels": {}, }, "spec": { "securityContext": {}, "imagePullSecrets": [], "containers": [ { "env": [{'name': 'TEST_KEY', 'value': 'TEST_VALUE'}], "name": "notebook", "image": "jupyter/singleuser:latest", "imagePullPolicy": "IfNotPresent", "args": ["jupyterhub-singleuser"], "ports": [{ "containerPort": 8888 }], "volumeMounts": [], "resources": { "limits": { "cpu": None, "memory": None }, "requests": { "cpu": None, "memory": None } } } ], "volumes": [] }, "kind": "Pod", "apiVersion": "v1" }
def test_make_pod_resources_all(): """ Test specifying all possible resource limits & guarantees """ assert make_pod_spec( name='test', image_spec='jupyter/singleuser:latest', env={}, volumes=[], volume_mounts=[], cpu_limit=2, cpu_guarantee=1, cmd=['jupyterhub-singleuser'], port=8888, mem_limit='1Gi', mem_guarantee='512Mi', image_pull_policy='IfNotPresent', image_pull_secret=None, run_as_uid=None, fs_gid=None, labels={} ) == { "metadata": { "name": "test", "labels": {}, }, "spec": { "securityContext": {}, "imagePullSecrets": [], "containers": [ { "env": [], "name": "notebook", "image": "jupyter/singleuser:latest", "imagePullPolicy": "IfNotPresent", "args": ["jupyterhub-singleuser"], "ports": [{ "containerPort": 8888 }], "volumeMounts": [], "resources": { "limits": { "cpu": 2, "memory": '1Gi' }, "requests": { "cpu": 1, "memory": '512Mi' } } } ], "volumes": [] }, "kind": "Pod", "apiVersion": "v1" }
def test_make_pod_with_image_pull_secrets(): """ Test specification of the simplest possible pod specification """ assert make_pod_spec( name='test', image_spec='jupyter/singleuser:latest', env={}, volumes=[], volume_mounts=[], cpu_limit=None, cpu_guarantee=None, mem_limit=None, mem_guarantee=None, run_as_uid=None, fs_gid=None, image_pull_policy='IfNotPresent', image_pull_secret='super-sekrit' ) == { "metadata": { "name": "test" }, "spec": { "securityContext": {}, "imagePullSecrets": [ {'name': 'super-sekrit'} ], "containers": [ { "env": [], "name": "notebook", "image": "jupyter/singleuser:latest", "imagePullPolicy": "IfNotPresent", "ports": [{ "containerPort": 8888 }], "volumeMounts": [], "resources": { "limits": { "cpu": None, "memory": None }, "requests": { "cpu": None, "memory": None } } } ], "volumes": [] }, "kind": "Pod", "apiVersion": "v1" }
def test_make_pod_with_env(): """ Test specification of a pod with custom environment variables """ assert make_pod_spec( name='test', image_spec='jupyter/singleuser:latest', env={ 'TEST_KEY': 'TEST_VALUE' }, volumes=[], volume_mounts=[], cpu_limit=None, cpu_guarantee=None, mem_limit=None, mem_guarantee=None ) == { "metadata": { "name": "test" }, "spec": { "containers": [ { "env": [{'name': 'TEST_KEY', 'value': 'TEST_VALUE'}], "name": "notebook", "image": "jupyter/singleuser:latest", "ports": [{ "containerPort": 8888 }], "volumeMounts": [], "resources": { "limits": { "cpu": None, "memory": None }, "requests": { "cpu": None, "memory": None } } } ], "volumes": [] }, "kind": "Pod", "apiVersion": "v1" }
def test_make_pod_with_env(): """ Test specification of a pod with custom environment variables """ assert make_pod_spec(name='test', image_spec='jupyter/singleuser:latest', env={'TEST_KEY': 'TEST_VALUE'}, volumes=[], volume_mounts=[], cpu_limit=None, cpu_guarantee=None, mem_limit=None, mem_guarantee=None) == { "metadata": { "name": "test" }, "spec": { "containers": [{ "env": [{ 'name': 'TEST_KEY', 'value': 'TEST_VALUE' }], "name": "notebook", "image": "jupyter/singleuser:latest", "ports": [{ "containerPort": 8888 }], "volumeMounts": [], "resources": { "limits": { "cpu": None, "memory": None }, "requests": { "cpu": None, "memory": None } } }], "volumes": [] }, "kind": "Pod", "apiVersion": "v1" }
def test_make_simplest_pod(): """ Test specification of the simplest possible pod specification """ assert make_pod_spec( name='test', image_spec='jupyter/singleuser:latest', env={}, volumes=[], volume_mounts=[], cpu_limit=None, cpu_guarantee=None, mem_limit=None, mem_guarantee=None ) == { "metadata": { "name": "test" }, "spec": { "containers": [ { "env": [], "name": "notebook", "image": "jupyter/singleuser:latest", "ports": [{ "containerPort": 8888 }], "volumeMounts": [], "resources": { "limits": { "cpu": None, "memory": None }, "requests": { "cpu": None, "memory": None } } } ], "volumes": [] }, "kind": "Pod", "apiVersion": "v1" }
def test_make_pod_resources_all(): """ Test specifying all possible resource limits & guarantees """ assert make_pod_spec( name='test', image_spec='jupyter/singleuser:latest', env={}, volumes=[], volume_mounts=[], cpu_limit=2, cpu_guarantee=1, mem_limit='1Gi', mem_guarantee='512Mi' ) == { "metadata": { "name": "test" }, "spec": { "containers": [ { "env": [], "name": "notebook", "image": "jupyter/singleuser:latest", "ports": [{ "containerPort": 8888 }], "volumeMounts": [], "resources": { "limits": { "cpu": 2, "memory": '1Gi' }, "requests": { "cpu": 1, "memory": '512Mi' } } } ], "volumes": [] }, "kind": "Pod", "apiVersion": "v1" }
def test_make_simplest_pod(): """ Test specification of the simplest possible pod specification """ assert make_pod_spec(name='test', image_spec='jupyter/singleuser:latest', env={}, volumes=[], volume_mounts=[], cpu_limit=None, cpu_guarantee=None, mem_limit=None, mem_guarantee=None) == { "metadata": { "name": "test" }, "spec": { "containers": [{ "env": [], "name": "notebook", "image": "jupyter/singleuser:latest", "ports": [{ "containerPort": 8888 }], "volumeMounts": [], "resources": { "limits": { "cpu": None, "memory": None }, "requests": { "cpu": None, "memory": None } } }], "volumes": [] }, "kind": "Pod", "apiVersion": "v1" }
def test_make_pod_resources_all(): """ Test specifying all possible resource limits & guarantees """ assert make_pod_spec(name='test', image_spec='jupyter/singleuser:latest', env={}, volumes=[], volume_mounts=[], cpu_limit=2, cpu_guarantee=1, mem_limit='1Gi', mem_guarantee='512Mi') == { "metadata": { "name": "test" }, "spec": { "containers": [{ "env": [], "name": "notebook", "image": "jupyter/singleuser:latest", "ports": [{ "containerPort": 8888 }], "volumeMounts": [], "resources": { "limits": { "cpu": 2, "memory": '1Gi' }, "requests": { "cpu": 1, "memory": '512Mi' } } }], "volumes": [] }, "kind": "Pod", "apiVersion": "v1" }