From de875b23ae07dd254d6757c1e3a99ee7d0f6d683 Mon Sep 17 00:00:00 2001 From: Russ Allbery Date: Fri, 12 Jan 2024 13:36:25 -0800 Subject: [PATCH] Deploy Nublado version 4.0.1 Fixes some security issues for user file servers. --- applications/nublado/Chart.yaml | 2 +- applications/nublado/README.md | 2 +- applications/nublado/values-base.yaml | 2 +- applications/nublado/values-ccin2p3.yaml | 2 +- applications/nublado/values-idfdev.yaml | 2 +- applications/nublado/values-idfint.yaml | 28 +++++++++---------- applications/nublado/values-idfprod.yaml | 22 +++++++-------- applications/nublado/values-roe.yaml | 2 +- applications/nublado/values-summit.yaml | 2 +- .../nublado/values-tucson-teststand.yaml | 2 +- applications/nublado/values.yaml | 2 +- 11 files changed, 34 insertions(+), 34 deletions(-) diff --git a/applications/nublado/Chart.yaml b/applications/nublado/Chart.yaml index 63214c7930..269be6d27a 100644 --- a/applications/nublado/Chart.yaml +++ b/applications/nublado/Chart.yaml @@ -5,7 +5,7 @@ description: JupyterHub and custom spawner for the Rubin Science Platform sources: - https://github.com/lsst-sqre/nublado home: https://nublado.lsst.io/ -appVersion: 4.0.0 +appVersion: 4.0.1 dependencies: - name: jupyterhub diff --git a/applications/nublado/README.md b/applications/nublado/README.md index 229aa84f73..ac8259d5fd 100644 --- a/applications/nublado/README.md +++ b/applications/nublado/README.md @@ -99,7 +99,7 @@ JupyterHub and custom spawner for the Rubin Science Platform | jupyterhub.hub.extraVolumeMounts | list | `hub-config` and the Gafaelfawr token | Additional volume mounts for JupyterHub | | jupyterhub.hub.extraVolumes | list | The `hub-config` `ConfigMap` and the Gafaelfawr token | Additional volumes to make available to JupyterHub | | jupyterhub.hub.image.name | string | `"ghcr.io/lsst-sqre/nublado-jupyterhub"` | Image to use for JupyterHub | -| jupyterhub.hub.image.tag | string | `"4.0.0"` | Tag of image to use for JupyterHub | +| jupyterhub.hub.image.tag | string | `"4.0.1"` | Tag of image to use for JupyterHub | | jupyterhub.hub.loadRoles.server.scopes | list | `["self"]` | Default scopes for the user's lab, overridden to allow the lab to delete itself (which we use for our added menu items) | | jupyterhub.hub.networkPolicy.enabled | bool | `false` | Whether to enable the default `NetworkPolicy` (currently, the upstream one does not work correctly) | | jupyterhub.hub.resources | object | `{"limits":{"cpu":"900m","memory":"1Gi"}}` | Resource limits and requests | diff --git a/applications/nublado/values-base.yaml b/applications/nublado/values-base.yaml index cec07cc809..31d68aef1a 100644 --- a/applications/nublado/values-base.yaml +++ b/applications/nublado/values-base.yaml @@ -24,7 +24,7 @@ controller: - name: "inithome" image: repository: "ghcr.io/lsst-sqre/nublado-inithome" - tag: "4.0.0" + tag: "4.0.1" privileged: true volumeMounts: - containerPath: "/home" diff --git a/applications/nublado/values-ccin2p3.yaml b/applications/nublado/values-ccin2p3.yaml index 26eff07b94..b4346fe3df 100644 --- a/applications/nublado/values-ccin2p3.yaml +++ b/applications/nublado/values-ccin2p3.yaml @@ -23,7 +23,7 @@ controller: - name: "inithome" image: repository: "ghcr.io/lsst-sqre/nublado-inithome" - tag: "4.0.0" + tag: "4.0.1" privileged: true volumeMounts: - containerPath: "/home" diff --git a/applications/nublado/values-idfdev.yaml b/applications/nublado/values-idfdev.yaml index 912be7e9ba..2d811a22c8 100644 --- a/applications/nublado/values-idfdev.yaml +++ b/applications/nublado/values-idfdev.yaml @@ -27,7 +27,7 @@ controller: - name: "inithome" image: repository: "ghcr.io/lsst-sqre/nublado-inithome" - tag: "4.0.0" + tag: "4.0.1" privileged: true volumeMounts: - containerPath: "/home" diff --git a/applications/nublado/values-idfint.yaml b/applications/nublado/values-idfint.yaml index 30acc816ec..d181716684 100644 --- a/applications/nublado/values-idfint.yaml +++ b/applications/nublado/values-idfint.yaml @@ -32,24 +32,11 @@ controller: NO_ACTIVITY_TIMEOUT: "432000" CULL_KERNEL_IDLE_TIMEOUT: "432000" CULL_TERMINAL_INACTIVE_TIMEOUT: "432000" - sizes: - - size: small - cpu: 1.0 - memory: 4Gi - - size: medium - cpu: 2.0 - memory: 8Gi - - size: large - cpu: 4.0 - memory: 16Gi - - size: huge - cpu: 8.0 - memory: 32Gi initContainers: - name: "inithome" image: repository: "ghcr.io/lsst-sqre/nublado-inithome" - tag: "4.0.0" + tag: "4.0.1" privileged: true volumeMounts: - containerPath: "/home" @@ -63,6 +50,19 @@ controller: secretKey: "butler-hmac-idf-creds.json" - secretName: "nublado-lab-secret" secretKey: "postgres-credentials.txt" + sizes: + - size: small + cpu: 1.0 + memory: 4Gi + - size: medium + cpu: 2.0 + memory: 8Gi + - size: large + cpu: 4.0 + memory: 16Gi + - size: huge + cpu: 8.0 + memory: 32Gi volumes: - name: "home" source: diff --git a/applications/nublado/values-idfprod.yaml b/applications/nublado/values-idfprod.yaml index 2971992ab2..6960cb560f 100644 --- a/applications/nublado/values-idfprod.yaml +++ b/applications/nublado/values-idfprod.yaml @@ -20,21 +20,11 @@ controller: NO_ACTIVITY_TIMEOUT: "432000" CULL_KERNEL_IDLE_TIMEOUT: "432000" CULL_TERMINAL_INACTIVE_TIMEOUT: "432000" - sizes: - - size: small - cpu: 1.0 - memory: 4Gi - - size: medium - cpu: 2.0 - memory: 8Gi - - size: large - cpu: 4.0 - memory: 16Gi initContainers: - name: "inithome" image: repository: "ghcr.io/lsst-sqre/nublado-inithome" - tag: "4.0.0" + tag: "4.0.1" privileged: true volumeMounts: - containerPath: "/home" @@ -48,6 +38,16 @@ controller: secretKey: "butler-hmac-idf-creds.json" - secretName: "nublado-lab-secret" secretKey: "postgres-credentials.txt" + sizes: + - size: small + cpu: 1.0 + memory: 4Gi + - size: medium + cpu: 2.0 + memory: 8Gi + - size: large + cpu: 4.0 + memory: 16Gi volumes: - name: "home" source: diff --git a/applications/nublado/values-roe.yaml b/applications/nublado/values-roe.yaml index 038a90ba3b..656504f0c5 100644 --- a/applications/nublado/values-roe.yaml +++ b/applications/nublado/values-roe.yaml @@ -14,7 +14,7 @@ controller: - name: "inithome" image: repository: "ghcr.io/lsst-sqre/nublado-inithome" - tag: "4.0.0" + tag: "4.0.1" privileged: true volumeMounts: - containerPath: "/home" diff --git a/applications/nublado/values-summit.yaml b/applications/nublado/values-summit.yaml index 5de07ebc7f..3db89c8105 100644 --- a/applications/nublado/values-summit.yaml +++ b/applications/nublado/values-summit.yaml @@ -24,7 +24,7 @@ controller: - name: "inithome" image: repository: "ghcr.io/lsst-sqre/nublado-inithome" - tag: "4.0.0" + tag: "4.0.1" privileged: true volumeMounts: - containerPath: "/home" diff --git a/applications/nublado/values-tucson-teststand.yaml b/applications/nublado/values-tucson-teststand.yaml index 87f165d915..7338e82020 100644 --- a/applications/nublado/values-tucson-teststand.yaml +++ b/applications/nublado/values-tucson-teststand.yaml @@ -24,7 +24,7 @@ controller: - name: "inithome" image: repository: "ghcr.io/lsst-sqre/nublado-inithome" - tag: "4.0.0" + tag: "4.0.1" privileged: true volumeMounts: - containerPath: "/home" diff --git a/applications/nublado/values.yaml b/applications/nublado/values.yaml index 01de1b9ec6..c3e21a764c 100644 --- a/applications/nublado/values.yaml +++ b/applications/nublado/values.yaml @@ -381,7 +381,7 @@ jupyterhub: name: "ghcr.io/lsst-sqre/nublado-jupyterhub" # -- Tag of image to use for JupyterHub - tag: "4.0.0" + tag: "4.0.1" # -- Resource limits and requests resources: