Objects

Helper methods for generating k8s API objects.

kubespawner.objects.make_pod(name, cmd, port, image, image_pull_policy, image_pull_secrets=None, node_selector=None, uid=None, gid=None, fs_gid=None, supplemental_gids=None, privileged=False, allow_privilege_escalation=True, container_security_context=None, pod_security_context=None, env=None, working_dir=None, volumes=None, volume_mounts=None, labels=None, annotations=None, cpu_limit=None, cpu_guarantee=None, mem_limit=None, mem_guarantee=None, extra_resource_limits=None, extra_resource_guarantees=None, lifecycle_hooks=None, init_containers=None, service_account=None, automount_service_account_token=None, extra_container_config=None, extra_pod_config=None, extra_containers=None, scheduler_name=None, tolerations=None, node_affinity_preferred=None, node_affinity_required=None, pod_affinity_preferred=None, pod_affinity_required=None, pod_anti_affinity_preferred=None, pod_anti_affinity_required=None, priority_class_name=None, ssl_secret_name=None, ssl_secret_mount_path=None, logger=None)

Make a k8s pod specification for running a user notebook.

Parameters:
  • name – Name of pod. Must be unique within the namespace the object is going to be created in. Must be a valid DNS label.
  • image – Image specification - usually a image name and tag in the form of image_name:tag. Same thing you would use with docker commandline arguments
  • image_pull_policy – Image pull policy - one of ‘Always’, ‘IfNotPresent’ or ‘Never’. Decides when kubernetes will check for a newer version of image and pull it when running a pod.
  • image_pull_secrets – Image pull secrets - a list of references to Kubernetes Secret resources with credentials to pull images from image registries. This list can either have strings in it or objects with the string value nested under a name field.
  • port – Port the notebook server is going to be listening on
  • cmd – The command used to execute the singleuser server.
  • node_selector – Dictionary Selector to match nodes where to launch the Pods
  • uid – The UID used to run single-user pods. The default is to run as the user specified in the Dockerfile, if this is set to None.
  • gid – The GID used to run single-user pods. The default is to run as the primary group of the user specified in the Dockerfile, if this is set to None. Setting this parameter requires that feature-gate RunAsGroup be enabled, otherwise the effective GID of the pod will be 0 (root). In addition, not setting gid once feature-gate RunAsGroup is enabled will also result in an effective GID of 0 (root).
  • fs_gid – The gid that will own any fresh volumes mounted into this pod, if using volume types that support this (such as GCE). This should be a group that the uid the process is running as should be a member of, so that it can read / write to the volumes mounted.
  • supplemental_gids – A list of GIDs that should be set as additional supplemental groups to the user that the container runs as. You may have to set this if you are deploying to an environment with RBAC/SCC enforced and pods run with a ‘restricted’ SCC which results in the image being run as an assigned user ID. The supplemental group IDs would need to include the corresponding group ID of the user ID the image normally would run as. The image must setup all directories/files any application needs access to, as group writable.
  • privileged – Whether the container should be run in privileged mode.
  • allow_privilege_escalation – Controls whether a process can gain more privileges than its parent process.
  • container_security_context – A kubernetes securityContext to apply to the container.
  • pod_security_context – A kubernetes securityContext to apply to the pod.
  • env – Dictionary of environment variables.
  • volumes – List of dictionaries containing the volumes of various types this pod will be using. See k8s documentation about volumes on how to specify these
  • volume_mounts – List of dictionaries mapping paths in the container and the volume( specified in volumes) that should be mounted on them. See the k8s documentaiton for more details
  • working_dir – String specifying the working directory for the notebook container
  • labels – Labels to add to the spawned pod.
  • annotations – Annotations to add to the spawned pod.
  • cpu_limit – Float specifying the max number of CPU cores the user’s pod is allowed to use.
  • cpu_guarantee – Float specifying the max number of CPU cores the user’s pod is guaranteed to have access to, by the scheduler.
  • mem_limit – String specifying the max amount of RAM the user’s pod is allowed to use. String instead of float/int since common suffixes are allowed
  • mem_guarantee – String specifying the max amount of RAM the user’s pod is guaranteed to have access to. String ins loat/int since common suffixes are allowed
  • lifecycle_hooks – Dictionary of lifecycle hooks
  • init_containers – List of initialization containers belonging to the pod.
  • service_account – Service account to mount on the pod. None disables mounting
  • extra_container_config – Extra configuration (e.g. envFrom) for notebook container which is not covered by parameters above.
  • extra_pod_config – Extra configuration (e.g. tolerations) for pod which is not covered by parameters above.
  • extra_containers – Extra containers besides notebook container. Used for some housekeeping jobs (e.g. crontab).
  • scheduler_name – The pod’s scheduler explicitly named.
  • tolerations

    Tolerations can allow a pod to schedule or execute on a tainted node. To learn more about pod tolerations, see https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/. Pass this field an array of “Toleration” objects.

  • node_affinity_preferred

    Affinities describe where pods prefer or require to be scheduled, they may prefer or require a node to have a certain label or be in proximity / remoteness to another pod. To learn more visit https://kubernetes.io/docs/concepts/configuration/assign-pod-node/

    Pass this field an array of “PreferredSchedulingTerm” objects.

  • node_affinity_required

    Affinities describe where pods prefer or require to be scheduled, they may prefer or require a node to have a certain label or be in proximity / remoteness to another pod. To learn more visit https://kubernetes.io/docs/concepts/configuration/assign-pod-node/

    Pass this field an array of “NodeSelectorTerm” objects.

  • pod_affinity_preferred

    Affinities describe where pods prefer or require to be scheduled, they may prefer or require a node to have a certain label or be in proximity / remoteness to another pod. To learn more visit https://kubernetes.io/docs/concepts/configuration/assign-pod-node/

    Pass this field an array of “WeightedPodAffinityTerm” objects.

  • pod_affinity_required

    Affinities describe where pods prefer or require to be scheduled, they may prefer or require a node to have a certain label or be in proximity / remoteness to another pod. To learn more visit https://kubernetes.io/docs/concepts/configuration/assign-pod-node/

    Pass this field an array of “PodAffinityTerm” objects.

  • pod_anti_affinity_preferred

    Affinities describe where pods prefer or require to be scheduled, they may prefer or require a node to have a certain label or be in proximity / remoteness to another pod. To learn more visit https://kubernetes.io/docs/concepts/configuration/assign-pod-node/

    Pass this field an array of “WeightedPodAffinityTerm” objects.

  • pod_anti_affinity_required

    Affinities describe where pods prefer or require to be scheduled, they may prefer or require a node to have a certain label or be in proximity / remoteness to another pod. To learn more visit https://kubernetes.io/docs/concepts/configuration/assign-pod-node/

    Pass this field an array of “PodAffinityTerm” objects.
  • priority_class_name – The name of the PriorityClass to be assigned the pod. This feature is Beta available in K8s 1.11 and GA in 1.14.
  • ssl_secret_name – Specifies the name of the ssl secret
  • ssl_secret_mount_path – Specifies the name of the ssl secret mount path for the pod
kubespawner.objects.make_pvc(name, storage_class, access_modes, selector, storage, labels=None, annotations=None)

Make a k8s pvc specification for running a user notebook.

Parameters:
  • name – Name of persistent volume claim. Must be unique within the namespace the object is going to be created in. Must be a valid DNS label.
  • storage_class – String of the name of the k8s Storage Class to use.
  • access_modes – A list of specifying what access mode the pod should have towards the pvc
  • selector – Dictionary Selector to match pvc to pv.
  • storage – The ammount of storage needed for the pvc