Packages:
Resource Types:
| Name | Type | Description | Required |
|---|---|---|---|
| apiVersion | string | amalthea.dev/v1alpha1 | true |
| kind | string | JupyterServer | true |
| metadata | object | Refer to the Kubernetes API documentation for the fields of the `metadata` field. | true |
| spec | object |
User defined specification for a JupyterServer custom resource. |
false |
| status | object |
A field for Jupyter Server status information, do not modify. Default: map[children:map[] mainPod:map[]] |
false |
User defined specification for a JupyterServer custom resource.
| Name | Type | Description | Required |
|---|---|---|---|
| auth | object |
Settings defining access control to the jupyter server. Default: map[] |
false |
| culling | object |
Options about culling idle servers Default: map[] |
false |
| jupyterServer | object |
Configuration options (such as image to run) for the Jupyter server. See also https://jupyter-server.readthedocs.io/en/latest/other/full-config.html Default: map[] |
false |
| patches | []object |
Patches to be applied to the created child resources after template rendering. Currently json patches and json merge patches are supported. Default: [] |
false |
| routing | object |
Settings related to how the jupyter server will be exposed outside of the cluster. Default: map[] |
false |
| storage | object |
Settings to define storage to back the jupyter server. Default: map[] |
false |
Settings defining access control to the jupyter server.
| Name | Type | Description | Required |
|---|---|---|---|
| oidc | object |
Configuration for an OpenID connect provider to be used for access control to the jupyter server. Useful information can be found in the oauth2 proxy docs: https://oauth2-proxy.github.io/oauth2-proxy/docs/configuration/overview/ Default: map[] |
false |
| token | string |
A token that will be passed to the `--ServerApp.token` option when running the Jupyter server and needed when first accessing the Jupyter server. The options are:
- By leaving this field empty, a token will be autogenerated and
added under the key `ServerApp.token` to the secret which is created as a child of the custom resource object.
- Setting the token to an empty string "" runs the Jupyter server
container itself without any authentication. This is recommended when enabling OIDC as authentication and authorization are then handled by the dedicated plugins.
- Set an actual value here. Note that this string will be stored
in clear text as part of the custom resource object. This option is mostly useful for dev purposes. |
false |
Configuration for an OpenID connect provider to be used for access control to the jupyter server. Useful information can be found in the oauth2 proxy docs: https://oauth2-proxy.github.io/oauth2-proxy/docs/configuration/overview/
| Name | Type | Description | Required |
|---|---|---|---|
| authorizedEmails | []string |
List of users (identified by Email address read from the "email" OIDC claim) which are allowed to access this Jupyter session. This list is stored as a file and passed to the `--authenticated-emails-file` option (see https://oauth2-proxy.github.io/oauth2-proxy/docs/configuration/overview#command-line-options). Default: [] |
false |
| authorizedGroups | []string |
List of groups of users (read from the "groups" OIDC claim) which are allowed to access this Jupyter session. This list passed to the `--allowed-group` option (see https://oauth2-proxy.github.io/oauth2-proxy/docs/configuration/overview#command-line-options). Default: [] |
false |
| clientId | string |
The client id of the application registered with the OIDC provider, see `--client-id` here: https://oauth2-proxy.github.io/oauth2-proxy/docs/configuration/overview/#command-line-options |
false |
| clientSecret | object |
The client secret of the application registered with the OIDC provider. This secret can be given here explicitly as string or through a reference to an existing secret. Using the secret reference is the preferred option because it avoids storing the secret in clear text on the custom resource specification. See `--client-secret` here: https://oauth2-proxy.github.io/oauth2-proxy/docs/configuration/overview/#command-line-options |
false |
| enabled | boolean |
Default: false |
false |
| issuerUrl | string |
Issuer URL of the OIDC provider, see `--oidc-issuer-url` here: https://oauth2-proxy.github.io/oauth2-proxy/docs/configuration/overview/#command-line-options |
false |
The client secret of the application registered with the OIDC provider. This secret can be given here explicitly as string or through a reference to an existing secret. Using the secret reference is the preferred option because it avoids storing the secret in clear text on the custom resource specification. See --client-secret here: https://oauth2-proxy.github.io/oauth2-proxy/docs/configuration/overview/#command-line-options
| Name | Type | Description | Required |
|---|---|---|---|
| secretKeyRef | object |
A regular reference to the key/secret which holds the client secret of the application registered with the OIDC provider. Note that the secret has to be in the same namespace in which the custom resource object is going to be created. |
false |
| value | string |
The secret provided as a string value. |
false |
A regular reference to the key/secret which holds the client secret of the application registered with the OIDC provider. Note that the secret has to be in the same namespace in which the custom resource object is going to be created.
| Name | Type | Description | Required |
|---|---|---|---|
| key | string |
|
false |
| name | string |
|
false |
Options about culling idle servers
| Name | Type | Description | Required |
|---|---|---|---|
| failedSecondsThreshold | integer |
How long can a server be in failed state before it gets culled. A value of zero indicates that the server cannot be culled due to failing. Default: 0 Minimum: 0 |
false |
| hibernatedSecondsThreshold | integer |
Number of seconds where a server can be in hibernated state before it gets culled. A value of zero indicates that hibernated servers cannot be culled. Default: 0 Minimum: 0 |
false |
| idleSecondsThreshold | integer |
How long should a server be idle for before it is culled. A value of zero indicates that the server should never be culled for inactivity. Default: 0 Minimum: 0 |
false |
| maxAgeSecondsThreshold | integer |
The maximum allowed age for a session, regardless of whether it is active or not. A value of zero indicates that the server cannot be culled due to its age. Default: 0 Minimum: 0 |
false |
| startingSecondsThreshold | integer |
How long can a server be in starting state before it gets culled. A value of zero indicates that the server cannot be culled due to starting too long. Default: 0 Minimum: 0 |
false |
Configuration options (such as image to run) for the Jupyter server. See also https://jupyter-server.readthedocs.io/en/latest/other/full-config.html
| Name | Type | Description | Required |
|---|---|---|---|
| defaultUrl | string |
The default URL to redirect to from '/'. Frequently used values are '/lab' or '/rstudio'. Translates to `--ServerApp.default_url`. Default: /lab |
false |
| hibernated | boolean |
Whether the server is hibernated or not. Default: false |
false |
| image | string |
Default: jupyter/minimal-notebook:latest |
false |
| resources | object |
Regular K8s resource requests, will be set on the main notebook container. Default: map[] |
false |
| rootDir | string |
The absolute path to the root/notebook directory for the jupyter server. Should lead to a subdirectory of or match the path at storage.pvc.mountPath. Translates to `--ServerApp.root_dir`. Default: /home/jovyan/work |
false |
| Name | Type | Description | Required |
|---|---|---|---|
| patch | JSON |
|
false |
| type | enum |
Enum: application/json-patch+json, application/merge-patch+json |
false |
Settings related to how the jupyter server will be exposed outside of the cluster.
| Name | Type | Description | Required |
|---|---|---|---|
| host | string |
Host under which the server will be available (eg myserver.example.com), should not include the schema. |
false |
| ingressAnnotations | object |
Default: map[] |
false |
| path | string |
Optionally make the server available under some path. Default: / |
false |
| tls | object |
Settings for defining TLS termination by the ingress. Default: map[] |
false |
Settings for defining TLS termination by the ingress.
| Name | Type | Description | Required |
|---|---|---|---|
| enabled | boolean |
Default: false |
false |
| secretName | string |
The name of the K8s TLS secret. Might be pre-existing in the cluster or created under that name by a tool like cert manager when needed. |
false |
Settings to define storage to back the jupyter server.
| Name | Type | Description | Required |
|---|---|---|---|
| pvc | object |
Default: map[] |
false |
| size | int or string |
Size of the PVC or sizeLimit of the emptyDir volume which backs the session respectively. Default: 100Mi |
false |
| Name | Type | Description | Required |
|---|---|---|---|
| enabled | boolean |
Whether a PVC should be used to back the session. Defaults to 'false' in which case an emptyDir volume will be used. Default: false |
false |
| mountPath | string |
The absolute path to the location where the PVC should be mounted in the user session pod. Default: /home/jovyan/work |
false |
| storageClassName | string |
Storage class to be used for the PVC. If left empty, the default storage class defined for the cluster will be used. |
false |