diff --git a/.circleci/config.yml b/.circleci/config.yml index 87016b1591..a664182417 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -71,7 +71,15 @@ jobs: export KUBECONFIG="$HOME/.kube/config" export HUB_URL=http://localhost:30080 . ./ci/common - pytest --verbose --color=yes ./tests -m 'not netpol' + # Print out logs & definition info from all pods if the tests fail + pytest --verbose --color=yes ./tests -m 'not netpol' || \ + kubectl get pod -o name | \ + xargs -I {} /bin/bash -c \ + "echo Logs for {} && \ + kubectl get {} -o yaml && \ + kubectl describe {} && \ + kubectl logs --all-containers {} && \ + echo --------------------------------" name: Run tests - run: diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml index 5a743f863c..4d3f01cbc0 100644 --- a/.github/workflows/publish.yml +++ b/.github/workflows/publish.yml @@ -31,7 +31,7 @@ jobs: # JupyterHub organization Helm chart repository. # # ref: https://github.com/jupyterhub/helm-chart - # ref: https://hub.docker.com/orgs/jupyterhub + # ref: https://quay.io/organization/jupyterhub publish: runs-on: ubuntu-22.04 @@ -108,7 +108,7 @@ jobs: # https://github.com/jupyterhub/zero-to-jupyterhub-k8s/settings/secrets/actions if: steps.publishing.outputs.publishing run: | - docker login -u "${{ secrets.DOCKER_USERNAME }}" -p "${{ secrets.DOCKER_PASSWORD }}" + docker login -u "${{ secrets.QUAY_USERNAME }}" -p "${{ secrets.QUAY_PASSWORD }}" quay.io - name: Configure a git user # Having a user.email and user.name configured with git is required to diff --git a/.github/workflows/test-chart.yaml b/.github/workflows/test-chart.yaml index 1e3d23fb40..93362a98fc 100644 --- a/.github/workflows/test-chart.yaml +++ b/.github/workflows/test-chart.yaml @@ -134,7 +134,7 @@ jobs: - k3s-channel: stable # also test hub-slim, and prePuller.hook test: install local-chart-extra-args: >- - --set hub.image.name=jupyterhub/k8s-hub-slim + --set hub.image.name=quay.io/jupyterhub/k8s-hub-slim --set prePuller.hook.enabled=true --set prePuller.hook.pullOnlyOnChanges=true - k3s-channel: v1.26 # also test hub.existingSecret diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index e607d4302d..eee8ebd800 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -331,7 +331,7 @@ Did you get an error like one of these below? # while running apt-get install while building a docker image with chartpress E: Failed to fetch http://archive.ubuntu.com/ubuntu/pool/main/r/rtmpdump/librtmp1_2.4+20151223.gitfa8646d.1-1_amd64.deb Could not connect to archive.ubuntu.com:80 (91.189.88.174). - connect (113: No route to host) Could not connect to archive.ubuntu.com:80 (91.189.88.31). - connect (113: No route to host) [IP: 91.189.88.174 80] # [...] -subprocess.CalledProcessError: Command '['docker', 'build', '-t', 'jupyterhub/k8s-hub:0.9-217f798', 'images/hub', '--build-arg', 'JUPYTERHUB_VERSION=git+https://github.com/jupyterhub/jupyterhub@master']' returned non-zero exit status 100. +subprocess.CalledProcessError: Command '['docker', 'build', '-t', 'quay.io/jupyterhub/k8s-hub:0.9-217f798', 'images/hub', '--build-arg', 'JUPYTERHUB_VERSION=git+https://github.com/jupyterhub/jupyterhub@master']' returned non-zero exit status 100. # while installing a dependency for our k8s cluster Unable to connect to the server: dial tcp: lookup docs.projectcalico.org on 127.0.0.53:53: read udp 127.0.0.1:56409->127.0.0.53:53: i/o timeout diff --git a/RELEASE.md b/RELEASE.md index d4a4b40ad6..fb6053979f 100644 --- a/RELEASE.md +++ b/RELEASE.md @@ -28,7 +28,7 @@ Also consider nudging dependent projects in the JupyterHub GitHub organization f These images version/tags are set in [values.yaml](jupyterhub/values.yaml), consider bumping the version of these as well. - [ ] [configurable-http-proxy](https://github.com/jupyterhub/configurable-http-proxy) - - [Available image tags](https://hub.docker.com/r/jupyterhub/configurable-http-proxy/tags) + - [Available image tags](https://quay.io/repository/jupyterhub/configurable-http-proxy?tab=tags) - values.yaml entry: `proxy.chp.image` - [ ] [traefik/traefik](https://github.com/traefik/traefik) - [Available image tags](https://hub.docker.com/_/traefik?tab=tags) diff --git a/chartpress.yaml b/chartpress.yaml index 3eaf6531f3..a0ce33efe6 100644 --- a/chartpress.yaml +++ b/chartpress.yaml @@ -12,7 +12,7 @@ charts: - name: jupyterhub # Dev: imagePrefix can be useful to override if you want to trial something # locally developed in a remote k8s cluster. - imagePrefix: jupyterhub/k8s- + imagePrefix: quay.io/jupyterhub/k8s- # baseVersion should be a -0.dev suffixed version, where the version should # be the next major, minor, or patch version depending on what we have # merged so far into the main branch. If for example we have merged a diff --git a/docs/source/administrator/security.md b/docs/source/administrator/security.md index 56edc67f56..9b34b041e7 100644 --- a/docs/source/administrator/security.md +++ b/docs/source/administrator/security.md @@ -61,7 +61,7 @@ changes to your `config.yaml` file: **NOTE:** -If the proxy service is of type `LoadBalancer`, which it is by default, then a specific static IP address can be requested (if available) instead of a dynamically acquired one. +If the proxy service is of type `LoadBalancer`, which it is by default, then a specific static IP address can be requested (if available) instead of a dynamically acquired one. Although not essential for HTTPS, using a static IP address is a recommended practice for domain names referencing fixed IPs. This ensures the same IP address for multiple deployments. The IP can be provided like: @@ -179,7 +179,7 @@ hub: # when debugging something from the hub pod. To use it, apply this # configuration. # - name: jupyterhub/k8s-hub-slim + name: quay.io/jupyterhub/k8s-hub-slim ``` ```{note} diff --git a/docs/source/administrator/services.md b/docs/source/administrator/services.md index 7fe8c64c8f..bd75524625 100644 --- a/docs/source/administrator/services.md +++ b/docs/source/administrator/services.md @@ -8,7 +8,7 @@ Services can be run [externally](https://jupyterhub.readthedocs.io/en/stable/get ## Hub-managed services in z2jh -A Hub-managed service will run in the same container/pod as the Hub itself. First, you'll need to install or copy the appropriate files for the service into your Hub image, either by creating a custom image derived from [`jupyterhub/k8s-hub`](https://hub.docker.com/r/jupyterhub/k8s-hub) or the [hub.extraFiles](schema_hub.extraFiles) configuration. Keep in mind that your Hub container may need to install dependency libraries like flask or fastapi, depending on the service. In those cases, you'll need a custom image. +A Hub-managed service will run in the same container/pod as the Hub itself. First, you'll need to install or copy the appropriate files for the service into your Hub image, either by creating a custom image derived from [`jupyterhub/k8s-hub`](https://quay.io/repository/jupyterhub/k8s-hub) or the [hub.extraFiles](schema_hub.extraFiles) configuration. Keep in mind that your Hub container may need to install dependency libraries like flask or fastapi, depending on the service. In those cases, you'll need a custom image. In addition to the code for the service, you need to modify the Hub Kubernetes Service object to include [multiple ports](https://kubernetes.io/docs/concepts/services-networking/service/#multi-port-services), and update the Hub Network Policy. If you want to allow access from all sources, you can use [hub.networkPolicy.allowedIngressPorts](schema_hub.networkPolicy.allowedIngressPorts). Otherwise if you want to more precisely control access, you can use [hub.networkPolicy.ingress](schema_hub.networkPolicy.ingress). @@ -18,8 +18,9 @@ In the following snippet, I'm using a custom image that copies over the applicat ```Dockerfile # Dockerfile -# 2.0.0 is latest stable release at the time of this writing -FROM jupyterhub/k8s-hub:2.0.0 +# 3.1.0 is latest stable release at the time of this writing +# Find all tags in https://quay.io/repository/jupyterhub/k8s-hub?tab=tags +FROM quay.io/jupyterhub/k8s-hub:3.1.0 # Depending on version, the k8s-hub image may have installed # pip packages as root, forcing you to install as root as well diff --git a/docs/source/changelog.md b/docs/source/changelog.md index 69f27d7131..56aeaf73e2 100644 --- a/docs/source/changelog.md +++ b/docs/source/changelog.md @@ -12,6 +12,42 @@ changes in pull requests], this list should be updated. [development releases]: https://hub.jupyter.org/helm-chart/#development-releases-jupyterhub [breaking changes in pull requests]: https://github.com/jupyterhub/zero-to-jupyterhub-k8s/pulls?q=is%3Apr+is%3Aclosed+label%3Abreaking +### Default image registry moved to [quay.io](https://quay.io) + +We have moved the registry where we publish our docker images from [Docker Hub](https://hub.docker.com) +to [Quay.io](https://quay.io). This move is to ensure our users are not [throttled by Docker Hub](https://docs.docker.com/docker-hub/download-rate-limit/), +and us maintainers don't have to apply for 'sponsored OSS Project' from docker each year. This +should have no material impact on your experience. + +For the benefit of people running older versions of z2jh and are throttled by dockerhub, +we have actually copied all our _released_ images from Docker Hub to Quay.io as well. +So you can opt in to using the images from Quay.io with the following config: + +```yaml +hub: + image: + name: quay.io/jupyterhub/k8s-hub +proxy: + chp: + image: + name: quay.io/jupyterhub/configurable-http-proxy + secretSync: + image: + name: quay.io/jupyterhub/k8s-secret-sync +singleuser: + networkTools: + image: + name: quay.io/jupyterhub/k8s-network-tools +prePuller: + hook: + image: + name: quay.io/jupyterhub/k8s-image-awaiter +``` + +You don't have to explicitly specify the tag, as the existing tags +will work. Note that this **only** works for _released_ versions of +z2jh - if you are using a _dev_ version of z2jh, this will not work. + ## 3.1 ### 3.1.0 - 2023-09-29 diff --git a/docs/source/repo2docker.md b/docs/source/repo2docker.md index ef370c9a9a..c43a8a4d26 100644 --- a/docs/source/repo2docker.md +++ b/docs/source/repo2docker.md @@ -72,9 +72,7 @@ to configure JupyterHub to build off of this image: 4. **Get credentials for a docker repository.** The image you will build for your JupyterHub must be made available by being - published to some container registry. You could for example use [Docker Hub](https://hub.docker.com/) or [Google Container Registry](https://cloud.google.com/artifact-registry). - - + published to some container registry. You could for example use [quay.io](https://quay.io) or [Docker Hub](https://hub.docker.com/). In the next step, you need an image reference for you and others to find your image with. @@ -85,10 +83,10 @@ to configure JupyterHub to build off of this image: /: ``` - An image reference on Google Container Registry: + An image reference on quay.io: ``` - gcr.io//: + quay.io//: ``` - Your image name can be anything memorable. diff --git a/images/hub/Dockerfile b/images/hub/Dockerfile index 83f5871e5d..7b9376c75c 100644 --- a/images/hub/Dockerfile +++ b/images/hub/Dockerfile @@ -33,7 +33,7 @@ RUN --mount=type=cache,target=${PIP_CACHE_DIR} \ # The final stage - slim version # ------------------------------ -# This stage is built and published as jupyterhub/k8s-hub-slim. It is meant to +# This stage is built and published as quay.io/jupyterhub/k8s-hub-slim. It is meant to # provide no non-essential packages. # FROM python:3.11-slim-bullseye as slim-stage diff --git a/images/singleuser-sample/Dockerfile b/images/singleuser-sample/Dockerfile index dc4da26bc1..9c7e73850c 100644 --- a/images/singleuser-sample/Dockerfile +++ b/images/singleuser-sample/Dockerfile @@ -45,8 +45,8 @@ RUN adduser \ ${NB_USER} RUN apt-get update \ - && apt-get upgrade -y \ - && apt-get install -y --no-install-recommends \ + && apt-get upgrade --yes \ + && apt-get install --yes --no-install-recommends \ ca-certificates \ dnsutils \ iputils-ping \ diff --git a/images/singleuser-sample/README.md b/images/singleuser-sample/README.md index d3b03cb07d..1a6e692a89 100644 --- a/images/singleuser-sample/README.md +++ b/images/singleuser-sample/README.md @@ -17,10 +17,10 @@ To quickly try out this Docker image on your computer: ```sh # with JupyterLab -docker run -it --rm -p 8888:8888 jupyterhub/k8s-singleuser-sample:2.0.0 -- jupyter lab --ip 0.0.0.0 +docker run -it --rm -p 8888:8888 quay.io/jupyterhub/k8s-singleuser-sample:2.0.0 -- jupyter lab --ip 0.0.0.0 ``` -This image available tags can be found [here](https://hub.docker.com/r/jupyterhub/k8s-singleuser-sample/tags/). +This image available tags can be found [here](https://quay.io/repository/jupyterhub/k8s-singleuser-sample?tab=tags). ## In the base-notebook image diff --git a/jupyterhub/values.yaml b/jupyterhub/values.yaml index 740b53e521..2f1a58ad4b 100644 --- a/jupyterhub/values.yaml +++ b/jupyterhub/values.yaml @@ -83,7 +83,7 @@ hub: extraVolumes: [] extraVolumeMounts: [] image: - name: jupyterhub/k8s-hub + name: quay.io/jupyterhub/k8s-hub tag: "set-by-chartpress" pullPolicy: pullSecrets: [] @@ -201,7 +201,7 @@ proxy: runAsGroup: 65534 # nobody group allowPrivilegeEscalation: false image: - name: jupyterhub/configurable-http-proxy + name: quay.io/jupyterhub/configurable-http-proxy # tag is automatically bumped to new patch versions by the # watch-dependencies.yaml workflow. # @@ -304,7 +304,7 @@ proxy: runAsGroup: 65534 # nobody group allowPrivilegeEscalation: false image: - name: jupyterhub/k8s-secret-sync + name: quay.io/jupyterhub/k8s-secret-sync tag: "set-by-chartpress" pullPolicy: pullSecrets: [] @@ -344,7 +344,7 @@ singleuser: preferred: [] networkTools: image: - name: jupyterhub/k8s-network-tools + name: quay.io/jupyterhub/k8s-network-tools tag: "set-by-chartpress" pullPolicy: pullSecrets: [] @@ -396,7 +396,7 @@ singleuser: volumeNameTemplate: volume-{username}{servername} storageAccessModes: [ReadWriteOnce] image: - name: jupyterhub/k8s-singleuser-sample + name: quay.io/jupyterhub/k8s-singleuser-sample tag: "set-by-chartpress" pullPolicy: pullSecrets: [] @@ -605,7 +605,7 @@ prePuller: pullOnlyOnChanges: true # image and the configuration below relates to the hook-image-awaiter Job image: - name: jupyterhub/k8s-image-awaiter + name: quay.io/jupyterhub/k8s-image-awaiter tag: "set-by-chartpress" pullPolicy: pullSecrets: []