DaskHub helm chart #91
Conversation
There was a problem hiding this comment.
Thanks for taking this time to move this over @TomAugspurger.
I've left a few general comments.
| @@ -0,0 +1,25 @@ | |||
| apiVersion: v2 | |||
| name: daskhub | |||
| version: 0.0.1-set.by.chartpress | |||
There was a problem hiding this comment.
Does chartpress set this from the tag?
Currently with the dask chart we increment this each release. It is semi-automated today with this script.
https://github.com/dask/helm-chart/blob/master/ci/release.sh#L9
We should probably bring them in line. If chartpress can do this automatically from git tags I'd be in favour of that.
There was a problem hiding this comment.
This came from pangeo-data/helm-chart@66b7ccd (@consideRatio). But it looks like chartpress does indeed set it based on the tag + commit.
There was a problem hiding this comment.
Chartpress indeed sets the version based on a tag, number of commits since the tag, and the hash. But note that the tag needs to be on a commit in the branch, if the latest tag was on a tag not in the branch, chartpress would ignore it.
There was a problem hiding this comment.
Here's the output of chartpress --long
diff --git a/dask/Chart.yaml b/dask/Chart.yaml
index d79b1fd..ee832d7 100755
--- a/dask/Chart.yaml
+++ b/dask/Chart.yaml
@@ -1,7 +1,6 @@
----
apiVersion: v1
name: dask
-version: 4.3.1
+version: 4.3.1-n001.h7878309
appVersion: 2.23.0
description: Distributed computation in Python with task scheduling
home: https://dask.org
diff --git a/daskhub/Chart.yaml b/daskhub/Chart.yaml
index 48e1b7d..ac7a094 100644
--- a/daskhub/Chart.yaml
+++ b/daskhub/Chart.yaml
@@ -1,7 +1,7 @@
apiVersion: v2
name: daskhub
icon: https://avatars3.githubusercontent.com/u/17131925?v=3&s=200
-version: 0.0.1-set.by.chartpress
+version: 4.3.1-n008.hfc9e4ce
description: Multi-user JupyterHub and Dask deployment.
dependencies:
- name: jupyterhubSo things seems to be working OK. I assume that when we tag a release this will be set to the actual value?
daskhub/README.md
Outdated
| ```python | ||
| >>> from dask_gateway import Gateway | ||
| >>> gateway = dask_gateway.Gateway( | ||
| ... address="http://35.223.8.79", # traefik-us-central1b-dhub-dask-gateway |
There was a problem hiding this comment.
Are we not configuring this automatically?
There was a problem hiding this comment.
Unfortunately not :( In the "Configuring JupyterHub" section I give some details for how the administrator can set it for JupyterHub users.
If we can figure out how to set helm templated environment variables for the user then I think we can make this work.
There was a problem hiding this comment.
Ah right this is the template problem from earlier.
|
Just some thinking out loud here. The primary issue right now is that successful
ahead of time to get a usable deployment. If you don't know those, then you'll
This isn't an ideal user experience, but maybe it's good enough? In particular If people are broadly OK with that, I'll push up some documentation updates |
|
It would be great to try and find a solution to this. In the past when helm charts were stored in a central monorepo one of the criteria to get something merged was that you should be able to run I appreciate we may have to make some exceptions here as the z2jh requires manual generation of secrets, and so does not meet this bar. A couple of ideas:
|
I'll check. It's possibly that this will make the
I think that if jupyterhub called something like
I might have an idea... Earlier, you suggested adding these templated environment variables from a configmap. That didn't work for the singleuser case, since jupyterhub just wants a list of
|
Hmmm I'd like to clarify the issue/goal so I can think more clearly about it. My understanding of the goalIs it correct that you want to avoid end users needing to specify something like this? gateway = dask_gateway.Gateway(
address="http://35.223.8.79", # traefik-us-central1b-dhub-dask-gateway
)And preferably, you even hope to avoid asking admins to do something like below to avoid making their users specify something like above? For example, by embedding this logic directly into the DaskHub Helm chart? # values.yaml
jupyterhub:
singleuser:
extraEnv:
DASK_GATEWAY__ADDRESS: "http://traefik-dhub-dask-gateway"ThoughtsHmm... There are many ways to consider solving this, but I'm looking for a solution to be robust for a Helm chart user that wants to customize things further. Due to that, I want us to avoid claiming certain hooks etc in Z2JH / JupyterHub to be used solely by the DataHub helm chart developers and not by its users. Instead of going down the rabbit hole further, I note that @TomAugspurger wrote this earlier:
To be able to specify an environment variable in the z2jh Helm chart that we want set, that follows this specification somehow. Because, only with such specifications, one is able to for example mount an environment variable that reads something from a secret or similar. But, with this said, perhaps you could solve something even quicker? # values.yaml
jupyterhub:
singleuser:
extraEnv:
DASK_GATEWAY__ADDRESS: "http://traefik-$(SOME_ENV_TO_FIND_THE_HELM_RELEASE_NAME)-dask-gateway"ConclusionThe Z2JH helm chart doesn't mimic the k8s api specs for hub.extraEnv, or singleuser.extraEnv. This cause issues already reported, and solving that in a backwards compatible way is worth it for the Z2JH / KubeSpawner by its own, so if that would be sufficient to help you then I think I'd like to upstream the fix there. There are also a potential workarounds, but I don't want to spend much time on them as the complexity rise and it will have side-effects or add assumptions that can be broken by the users of the Helm chart for example. A potential workaround without much side-effect would be to use the current hub.extraEnv / singleuser.extraEnv to pass an k8s specified environment variable (syntax: Final note, there is also the k8s specification called |
My preference would be fixing jupyterhub/zero-to-jupyterhub-k8s#1103 upstream. Then we can create a config map with the templated value and pass it through as an environment variable. |
Could you clarify what the templates value is? Is it only the Helm release name? |
|
I think these are the values we'll need data:
DASK_GATEWAY__ADDRESS: "traefik-{{ .Release.Name }}-dask-gateway"
DASK_GATEWAY__PROXY_ADDRESS: "gateway://traefik-{{ .Release.Name }}-dask-gateway.{{ .Release.Namespace }}:8786"
DASKHUB_JUPYTERHUB_SERVICE_GATEWAY_URL: "http://traefik-{{ .Release.Name }}-dask-gateway.{{ .Release.Namespace }}"So
|
|
@TomAugspurger, and these are env vars to be set on the user pod rather than the hub pod, is that correct? |
|
In two places. The |
Do you mean an external address like a load balancer address? |
DASK_GATEWAY__ADDRESS and DASK_GATEWAY__PROXY_ADDRESS are environment variables to be set on the user server pod, but DASKHUB_JUPYTERHUB_SERVICE_GATEWAY_URL is an environment variable to be used by the hub pod? |
|
@consideRatio yes |
|
These environment variables are available on the singleuser pods by default I think. And these are available on the hub pod typically I think. Due to this, I think on the hub pod, you could do... # Default values.yaml of DataHub helm chart, with
# no risk of overriding a users configuration.
jupyterhub:
hub:
extraEnv:
# NOTE: we can remove the trailing .$(POD_NAMESPACE)
# if this address will be used by a pod in the same namespace
DASKHUB_JUPYTERHUB_SERVICE_GATEWAY_URL: "http://traefik-$(HELM_RELEASE_NAME)-dask-gateway.$(POD_NAMESPACE)"Or can we? These are variables coming from here, and if we add hub.extraEnv they will be appended, so can one rely on another? Hmmm... Yes I think so based on this example. If that would work, then we would also need HELM_RELEASE_NAME variable on the user pod, and POD_NAMESPACE as well. Which I think could make sense to add by default for user pods so they can be configured easier in these situations. |
Action points
|
|
One other thing that would be nice, is a definitive value of the JupyterHub URL that's available I think I can get this from helm, but I'm probably missing cases since I need to check for things like
I'll push an update shortly that should demonstrate this. |
|
OK, I'm reasonably happy with where things are at now. Out of the box, If you already know these, then you can just |
There was a problem hiding this comment.
Can I ask a bit about where/when/how the DASK_GATEWAY__ADDRESS env is used? Is it:
a) used mainly in the user pod, and
b) used to make pod->gateway requests or only browser->gateway?
and does the gateway service need to know its own public host?
There's a lot of complexity in trying to reliably retrieve the public hostname for the hub chart to get this to work by default more often than not, but part of the reason for that is that jupyterhub never needs to know its own name for external connections. Everything is handled via absolute paths and hosts are derived from requests, either by link URls and Location headers that are all href="/hub/..." or in the rare occasion that the host is needed, in a tornado handler retrieving it from the Request object. JupyterHub's point-to-point communications all use service names/ips which don't need to be publicly accessible. Would a similar approach work in this context, or does the public host need to be known in situations where a request info is not available?
Thinking about the components involved, I would think that the only thing you need to store is the address for pod->gateway connections, which should be the knowable internal service name, and public-facing URLs would be resolved at request-time and the only thing you need to set is the services path, /services/dask-gateway.
| DASK_GATEWAY__PROXY_ADDRESS: "gateway://traefik-{{ .Release.Name }}-dask-gateway.{{ .Release.Namespace }}:80" | ||
| DASKHUB_JUPYTERHUB_SERVICE_GATEWAY_URL: "http://traefik-{{ .Release.Name }}-dask-gateway.{{ .Release.Namespace }}" | ||
| # Try to detect the gateway address through a few means. | ||
| {{ if .Values.jupyterhub.proxy.https.hosts }} |
There was a problem hiding this comment.
Given the complexity of the Hub chart knowing its own public address (there are so many ways for people to set up ingresses, https, etc. for jupyterhub, some of which can be retrieved from the chart, some of which can't) and various sources it may come from, having a simple explicit override available in this chart may be worthwhile:
{{- if .Values.jupyterhubPublicHost }}
DASK_GATEWAY__ADDRESS: "{{ .Values.jupyterhubPublicHost }}/services/dask-gateway"
{{- else }}it's manual, but at least it will always work and isn't sensitive to what's going on in the hub chart.
|
Thanks Min, I think you've clarified the problem I've been having: separating singleuser-pod -> gateway-pod requests and browser -> gateway-pod requests. Fortunately the most recent dask-gateway (0.8.0) makes this easier. Since Then the only thing that needs to worry about the external address is Hopefully that all makes sense (I'm somewhat out of my element here). |
Since this is just for repr'ing the dashboard link on the gateway client in the browser, this could also be a relative url and things should work out. Something like |
|
Dang, that's awesome. Just confirmed that the relative So that'll completely remove the need for the hackiest parts of detecting the hub URL. Now we'll just have a simple configmap that templates in the release name, and a bit of logic in I'll push an update with that and some CI / frigate things shortly. |
|
One question for the folks experienced with JupyterHub: is this following warning expected during a I assume that's because jupyterhub:
hub:
extraEnv:
- name: DASK_GATEWAY__ADDRESS
valueFrom:
configMapKeyRef:
name: daskhub-config
key: DASK_GATEWAY__ADDRESSI can make an issue on z2jh if desired. |
|
OK @jacobtomlinson, things should be good here on my end. |
|
Thanks for the effort here @TomAugspurger. I think I'm going to merge as is and if we need to make any further changes we can do it in follow up PRs. |
|
Thanks for the help everyone!
…On Wed, Aug 26, 2020 at 6:16 AM Jacob Tomlinson ***@***.***> wrote:
Merged #91 <#91> into master.
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
<#91 (comment)>, or
unsubscribe
<https://github.com/notifications/unsubscribe-auth/AAKAOIU27HHMR4YGYHKFNOTSCTVIFANCNFSM4QBYUABA>
.
|
|
Should we add a deprecation notice to the old one and link folks over here? |
|
Yep, I was just looking into that. I can take care of it. Will you be able to help out with a release here @jacobtomlinson? Or do you know if there's a way to install a chart from master, or do we need a tag first? |
This implements a multi-user, dask-enabled JupyterHub helm chart that's based off the pangeo helm chart. I've called it "DaskHub" to reflect the multi-user component. The hope is that
helm install dask/daskis for single users, andhelm install dask/daskhubis for multiple users.The tl/dr is "daskhub = jupyterhub + dask-gateway configured with jupyterhub auth".
The Differences from the current pangeo helm chart are
and, most importantly, it doesn't use jupyter to proxy the dask-gateway traefik service. Instead, we make it public. There are ongoing discussions about how pangeo wants to do this. In all, it's a bit more generic and less opinionated than the current pangeo helm chart.
The major usability issue right now is the requirement for users to know either the traefik external-ip or the release name so that they can connect to the gateway. In the README I recommend that administrators set that manually. But it'd be nice to do that automatically. There's some discussion at #68 (comment) on this point. (It's unclear how to set a singleuser extraEnv variable with a value that needs to be templated to include the release name).
I gather that helm has tests. I should probably write some :)
Closes #68