k8s.yaml

apiVersion: apps/v1
kind: Deployment
metadata:
  name: jupyter-deployment
spec:
  replicas: 1
  strategy:
    type: "Recreate"
  selector:
    matchLabels:
      app: jupyter
  template:
    metadata:
      labels:
        app: jupyter
        pod.staroid.com/isolation: dedicated
        pod.staroid.com/instance-type: standard-2
    spec:
      automountServiceAccountToken: true
      securityContext:
        runAsUser: 1000 # will be overrided by staroid
        runAsGroup: 100 # writable directories are accessible with GID 100. see https://github.com/jupyter/docker-stacks/blob/master/base-notebook/Dockerfile
      containers:
      - name: jupyter
        image: jupyter
        command:
        - "bash"
        - "-c"
        - >-
          mkdir -p ~/.ssh && chmod 700 ~/.ssh &&
          echo -n "$(echo $MLFLOW_TRACKING_URI | sed 's/.*\(mlflow[^:]*\).*/\1/g') " >> ~/.ssh/known_hosts &&
          echo $MLFLOW_ARTIFACT_STORE_RSA_PUB | base64 --decode >> ~/.ssh/known_hosts &&
          echo $MLFLOW_ARTIFACT_STORE_RSA_PRI | base64 --decode >> ~/.ssh/id_rsa &&
          chmod 600 ~/.ssh/* &&
          jupyter-lab --ip='*' --NotebookApp.token='' --NotebookApp.password='' --NotebookApp.allow_origin='*'
        env:
        - name: JUPYTER_ENABLE_LAB
          value: "yes"
        envFrom:
        - configMapRef:
            name: mlflow-env
        volumeMounts:
          - name: work-volume
            mountPath: /home/jovyan/work
      volumes:
        - name: work-volume
          persistentVolumeClaim:
            claimName: work
---
kind: Service
apiVersion: v1
metadata:
  name: jupyter
spec:
  ports:
  - name: http
    port: 8888
  selector:
    app: jupyter
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
  name: work
  annotations:
    storage.staroid.com/scope: Instance
    storage.staroid.com/file-manager: "1000:100"
spec:
  storageClassName: nfs
  accessModes:
    - ReadWriteMany
  volumeMode: Filesystem
  resources:
    requests:
      storage: 1Gi