baschno/buun-stack
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix(jupyterhub): network policy

Browse Source
This commit is contained in:
Masaki Yatsu
2025-09-03 13:47:35 +09:00
parent 45bfe6c558
commit f967b93220
1 changed files with 25 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

34
jupyterhub/jupyterhub-values.gomplate.yaml
View File

@@ -141,6 +141,7 @@ singleuser:
extraEnv: extraEnv:
VAULT_ADDR: "{{ .Env.VAULT_ADDR }}" VAULT_ADDR: "{{ .Env.VAULT_ADDR }}"
networkPolicy: networkPolicy:
egress: egress:
- to: - to:
@@ -182,14 +183,29 @@ singleuser:
ports: ports:
- port: 8200 - port: 8200
protocol: TCP protocol: TCP
# Allow DNS resolution
- to:
- ipBlock:
cidr: 0.0.0.0/0
ports:
- port: 53
protocol: UDP
- port: 53
protocol: TCP
# Allow HTTP traffic
- to:
- ipBlock:
cidr: 0.0.0.0/0
ports:
- port: 80
protocol: TCP
# Allow HTTPS traffic
- to: - to:
- ipBlock: - ipBlock:
cidr: 0.0.0.0/0 cidr: 0.0.0.0/0
ports: ports:
- port: 443 - port: 443
protocol: TCP protocol: TCP
domains:
- '*.shds.dev'
image: image:
pullPolicy: IfNotPresent pullPolicy: IfNotPresent
@@ -248,6 +264,13 @@ singleuser:
# nvidia.com/gpu: "1" # nvidia.com/gpu: "1"
{{- end }} {{- end }}
cull:
enabled: true
timeout: 7200 # 2 hours idle timeout
every: 600 # Check every 10 minutes
adminUsers: true # Also cull admin users' server pods
users: false # Don't delete user accounts, only stop server pods
imagePullSecrets: imagePullSecrets:
- name: regcred - name: regcred
@@ -263,10 +286,3 @@ ingress:
tls: tls:
- hosts: - hosts:
- {{ .Env.JUPYTERHUB_HOST }} - {{ .Env.JUPYTERHUB_HOST }}
cull:
enabled: true
timeout: 7200 # 2 hours idle timeout
every: 600 # Check every 10 minutes
adminUsers: true # Also cull admin users' server pods
users: false # Don't delete user accounts, only stop server pods