资料
- https://aws.amazon.com/cn/blogs/china/teach-you-how-to-handle-kubeflow-on-eks-2/
- https://hub.docker.com/r/jupyterhub/singleuser
在部署kubeflow的过程中意识到在jupyter中能够运行外部指令,如果在其中集成一个kubectl,就可以实现命令的重用,并且能够使用jupyter的功能来生成文档。
在docker hub搜索jupyter可以找到很多images,这里使用jupyterhub/singleuser
在docker上查看image的基本信息:
- 通过环境变量指定用户
- 入口为tini
- 暴露端口默认为8888
查看image基本信息
在docker上运行测试,默认用户为jovyan,需要修改为root
docker run -d -p 8888:8888 --name mynote -u root jupyterhub/singleuser
查看log并使用token登录即可
docker logs mynote
我们只需要在容器运行之后安装kubectl即可, 但是要确保pod具有权限访问集群中的资源
部署jupyterhub
创建所需的clusterrole,或者使用集群的cluster-admin。自定义角色可以按需控制权限
注意:需要在kube-system中部署,否则会报错没有权限(很奇怪)
apiVersion: v1
kind: ServiceAccount
metadata:
name: mynote-sa
namespace: kube-system
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: mynote-clusterrole
rules:
- apiGroups:
- "*"
resources:
- "*"
verbs:
- "*"
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: mynote-clusterrolebinding
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: cluster-admin
subjects:
- kind: ServiceAccount
name: mynote-sa
namespace: kube-system
创建deployment,需要注意:在args中开启root运行,["start-notebook.sh","--allow-root"]
apiVersion: apps/v1
kind: Deployment
metadata:
name: mynote
namespace: kube-system
spec:
selector:
matchLabels:
app: jupyter
replicas: 1
template:
metadata:
labels:
app: jupyter
spec:
serviceAccountName: mynote-sa
containers:
- name: jupyter
env:
- name: NB_USER
value: root
- name: NB_UID
value: "0"
- name: NB_GID
value: "0"
securityContext:
runAsUser: 0
args: ["start-notebook.sh","--allow-root"]
image: jupyterhub/singleuser
imagePullPolicy: IfNotPresent
暴露服务,方便起见,使用NodePort访问
kind: Service
apiVersion: v1
metadata:
name: mynote
namespace: kube-system
spec:
selector:
app: jupyter
ports:
- port: 8888
targetPort: 8888
type: NodePort
在pod上手动安装kubectl,也可以自己封装image简化这步
#!/bin/bash
set -x
wget https://s3.cn-north-1.amazonaws.com.cn/amazon-eks/1.23.7/2022-06-29/bin/linux/amd64/kubectl
chmod +x kubectl
mv kubectl /usr/bin
部署完成后,同样查看log日志找到token 52fd2867b168fc63f252f5e2731f41258ce8bbce258d2063
mynote-659948574c-cn4bq To access the server, open this file in a browser: mynote-659948574c-cn4bq file:///root/.local/share/jupyter/runtime/jpserver-18-open.html mynote-659948574c-cn4bq Or copy and paste one of these URLs: mynote-659948574c-cn4bq http://mynote-659948574c-cn4bq:8888/labtoken=52fd2867b168fc63f252f5e2731f41258ce8bbce258d2063
mynote-659948574c-cn4bq or http://127.0.0.1:8888/lab?token=52fd2867b168fc63f252f5e2731f41258ce8bbce258d2063
之后使用该token登录,创建notebook,也可以直接在此运行shell
执行测试命令