From 082145d629ac9cf75f536eebd400646278fdad0a Mon Sep 17 00:00:00 2001 From: Simon Li Date: Thu, 16 Jan 2025 21:22:24 +0000 Subject: [PATCH 1/4] Switch to GitHub arm64 runners instead of CircleCI --- .circleci/config.yml | 109 ------------------------------ .github/workflows/test-chart.yaml | 10 ++- 2 files changed, 9 insertions(+), 110 deletions(-) delete mode 100644 .circleci/config.yml diff --git a/.circleci/config.yml b/.circleci/config.yml deleted file mode 100644 index d0914df3de..0000000000 --- a/.circleci/config.yml +++ /dev/null @@ -1,109 +0,0 @@ -# We use CircleCI to run a basic test for arm64. -# -# To reduce the complexity, we let this test verify our built images works with -# arm64, but doesn't test the acquisition of HTTPS certificates (because it -# requires a ACME server) or enforcement of the chart's NetworkPolicy resources -# (because it requires Calico or similar to do it robustly). -# -version: 2.1 - -orbs: - python: circleci/python@2.1.1 - -jobs: - # Testing on arm64 - # https://circleci.com/docs/using-arm/#using-arm-resources - test-arm: - machine: - image: ubuntu-2204:current - resource_class: arm.medium - steps: - - checkout - - # The k3s setup should be kept similar to how we do it in - # https://github.com/jupyterhub/action-k3s-helm. - - run: - name: Setup k3s - command: >- - curl -sfL https://get.k3s.io | - INSTALL_K3S_CHANNEL=latest sh -s - - --disable metrics-server - --disable traefik - --disable-network-policy - --docker - --egress-selector-mode=disabled - - - run: - name: Prepare a kubeconfig in ~/.kube/config - command: | - mkdir -p ~/.kube - sudo cat /etc/rancher/k3s/k3s.yaml > "$HOME/.kube/config" - chmod 600 "$HOME/.kube/config" - - - run: - name: Install dependencies - command: | - . ci/common - setup_helm - pip3 install --no-cache-dir -r dev-requirements.txt - - - run: - name: Run chartpress - command: | - export DOCKER_BUILDKIT=1 - chartpress - - - run: - name: Install local chart - command: | - export KUBECONFIG="$HOME/.kube/config" - helm upgrade --install jupyterhub ./jupyterhub \ - --wait \ - --values dev-config.yaml \ - --values dev-config-arm.yaml \ - --values dev-config-local-chart-extra-config.yaml - - - run: - name: Run tests - command: | - export KUBECONFIG="$HOME/.kube/config" - export HUB_URL=http://localhost:30080 - . ./ci/common - # Print out logs & definition info from all pods if the tests fail - pytest --verbose --color=yes ./tests -m 'not netpol' || \ - kubectl get pod -o name | \ - xargs -I {} /bin/bash -c \ - "echo Logs for {} && \ - kubectl get {} -o yaml && \ - kubectl describe {} && \ - kubectl logs --all-containers {} && \ - echo --------------------------------" - - - run: - name: k3s.service status - when: on_fail - command: | - systemctl status --no-pager --full k3s.service || true - - - run: - name: k3s.service logs - when: on_fail - command: | - journalctl --no-pager -xu k3s.service - - - run: - name: k8s namespace report - when: on_fail - environment: - NAMESPACE: "" - POD_SELECTOR: "" - IMPORTANT_WORKLOADS: "" - command: | - export KUBECONFIG="$HOME/.kube/config" - wget https://raw.githubusercontent.com/jupyterhub/action-k8s-namespace-report/v1.1.0/k8s-namespace-report - bash k8s-namespace-report - -workflows: - main: - jobs: - - test-arm diff --git a/.github/workflows/test-chart.yaml b/.github/workflows/test-chart.yaml index 57a2b6478c..c2abdfbfb1 100644 --- a/.github/workflows/test-chart.yaml +++ b/.github/workflows/test-chart.yaml @@ -114,7 +114,6 @@ jobs: continue-on-error: true test: - runs-on: ubuntu-24.04 timeout-minutes: 20 strategy: @@ -131,12 +130,15 @@ jobs: include: - k3s-channel: latest test: install + # Also test arm64 + os: ubuntu-24.04-arm - k3s-channel: stable # also test hub-slim, and prePuller.hook test: install local-chart-extra-args: >- --set hub.image.name=quay.io/jupyterhub/k8s-hub-slim --set prePuller.hook.enabled=true --set prePuller.hook.pullOnlyOnChanges=true + os: ubuntu-24.04 - k3s-channel: v1.31 # also test hub.existingSecret and subdomain_host test: install local-chart-extra-args: >- @@ -146,6 +148,7 @@ jobs: --set hub.config.CryptKeeper.keys[0]=cccc3333 --set hub.config.JupyterHub.subdomain_host=jupyterhub.example.org create-k8s-test-resources: true + os: ubuntu-24.04 # We run three upgrade tests where we first install an already released # Helm chart version and then upgrade to the version we are now @@ -174,6 +177,7 @@ jobs: --set hub.db.type=sqlite-pvc --set singleuser.storage.type=dynamic create-k8s-test-resources: true + os: ubuntu-24.04 - k3s-channel: v1.29 test: upgrade upgrade-from: dev @@ -184,6 +188,7 @@ jobs: local-chart-extra-args: >- --set hub.db.type=sqlite-pvc --set singleuser.storage.type=dynamic + os: ubuntu-24.04 - k3s-channel: v1.28 test: upgrade # We're testing hub.db.upgrade with PostgreSQL so this version must be old @@ -212,6 +217,9 @@ jobs: --set audit.logConnections=true --set audit.logDisconnections=true --set audit.clientMinMessages=debug + os: ubuntu-24.04 + + runs-on: ${{ matrix.os }} steps: - uses: actions/checkout@v4 From 06043e1df2fd124e40935ceb3b2b02d7201ba414 Mon Sep 17 00:00:00 2001 From: Simon Li Date: Sat, 18 Jan 2025 20:17:38 +0000 Subject: [PATCH 2/4] Try using openssl instead of minica in pebble-helm-chart --- .github/workflows/test-chart.yaml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/.github/workflows/test-chart.yaml b/.github/workflows/test-chart.yaml index c2abdfbfb1..79c1261863 100644 --- a/.github/workflows/test-chart.yaml +++ b/.github/workflows/test-chart.yaml @@ -248,7 +248,8 @@ jobs: # reach the ACME client in our autohttps pod. - name: Install local ACME server run: | - helm install pebble --repo https://hub.jupyter.org/helm-chart/ pebble --values dev-config-pebble.yaml + git clone -b openssl https://github.com/manics/pebble-helm-chart.git + helm install pebble ./pebble-helm-chart/pebble --values dev-config-pebble.yaml # Build our images if needed and update values.yaml with the tags - name: Install and run chartpress From 17933d52e26d45882d307a0093478348310f8f20 Mon Sep 17 00:00:00 2001 From: Simon Li Date: Sun, 19 Jan 2025 13:35:16 +0000 Subject: [PATCH 3/4] Use upstream newly released pebble-helm-chart This reverts commit 06043e1df2fd124e40935ceb3b2b02d7201ba414. --- .github/workflows/test-chart.yaml | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/.github/workflows/test-chart.yaml b/.github/workflows/test-chart.yaml index 79c1261863..c2abdfbfb1 100644 --- a/.github/workflows/test-chart.yaml +++ b/.github/workflows/test-chart.yaml @@ -248,8 +248,7 @@ jobs: # reach the ACME client in our autohttps pod. - name: Install local ACME server run: | - git clone -b openssl https://github.com/manics/pebble-helm-chart.git - helm install pebble ./pebble-helm-chart/pebble --values dev-config-pebble.yaml + helm install pebble --repo https://hub.jupyter.org/helm-chart/ pebble --values dev-config-pebble.yaml # Build our images if needed and update values.yaml with the tags - name: Install and run chartpress From 892dd0bcaa4729a3a7ef8242df87cef03d7c36d8 Mon Sep 17 00:00:00 2001 From: Simon Li Date: Sun, 19 Jan 2025 13:36:25 +0000 Subject: [PATCH 4/4] Delete dev-config-arm.yaml --- dev-config-arm.yaml | 4 ---- 1 file changed, 4 deletions(-) delete mode 100644 dev-config-arm.yaml diff --git a/dev-config-arm.yaml b/dev-config-arm.yaml deleted file mode 100644 index 68629665a9..0000000000 --- a/dev-config-arm.yaml +++ /dev/null @@ -1,4 +0,0 @@ -# Override some values in dev-config.yaml -proxy: - https: - enabled: false