Update Nublado to version 8.4.0

This release includes changes to hopefully improve scaling under
load, most notably not checking Kubernetes status of pods on every
JupyterHub request and increasing the frequency of background
reconciliation. It also adds support for event metrics.

applications/nublado/Chart.yaml

@@ -5,7 +5,7 @@ description: JupyterHub and custom spawner for the Rubin Science Platform
 sources:
   - https://github.com/lsst-sqre/nublado
 home: https://nublado.lsst.io/
-appVersion: 8.3.0
+appVersion: 8.4.0
 
 dependencies:
   - name: jupyterhub

applications/nublado/README.md

@@ -74,6 +74,11 @@ JupyterHub and custom spawner for the Rubin Science Platform
 | controller.config.lab.volumeMounts | list | `[]` | Volumes that should be mounted in lab pods. |
 | controller.config.lab.volumes | list | `[]` | Volumes that will be in lab pods or init containers. This supports NFS, HostPath, and PVC volume types (differentiated in source.type). |
 | controller.config.logLevel | string | `"INFO"` | Level of Python logging |
+| controller.config.metrics.application | string | `"nublado"` | Name under which to log metrics. Generally there is no reason to change this. |
+| controller.config.metrics.enabled | bool | `false` | Whether to enable sending metrics |
+| controller.config.metrics.events.topicPrefix | string | `"lsst.square.metrics.events"` | Topic prefix for events. It may sometimes be useful to change this in development environments. |
+| controller.config.metrics.schemaManager.registryUrl | string | Sasquatch in the local cluster | URL of the Confluent-compatible schema registry server |
+| controller.config.metrics.schemaManager.suffix | string | `""` | Suffix to add to all registered subjects. This is sometimes useful for experimentation during development. |
 | controller.config.pathPrefix | string | `"/nublado"` | Path prefix that will be routed to the controller |
 | controller.googleServiceAccount | string | None, must be set when using Google Artifact Registry | If Google Artifact Registry is used as the image source, the Google service account that has an IAM binding to the `nublado-controller` Kubernetes service account and has the Artifact Registry reader role |
 | controller.image.pullPolicy | string | `"IfNotPresent"` | Pull policy for the controller image |
@@ -110,7 +115,7 @@ JupyterHub and custom spawner for the Rubin Science Platform
 | jupyterhub.hub.extraVolumeMounts | list | `hub-config` and the Gafaelfawr token | Additional volume mounts for JupyterHub |
 | jupyterhub.hub.extraVolumes | list | The `hub-config` `ConfigMap` and the Gafaelfawr token | Additional volumes to make available to JupyterHub |
 | jupyterhub.hub.image.name | string | `"ghcr.io/lsst-sqre/nublado-jupyterhub"` | Image to use for JupyterHub |
-| jupyterhub.hub.image.tag | string | `"8.3.0"` | Tag of image to use for JupyterHub |
+| jupyterhub.hub.image.tag | string | `"8.4.0"` | Tag of image to use for JupyterHub |
 | jupyterhub.hub.loadRoles.server.scopes | list | `["self"]` | Default scopes for the user's lab, overridden to allow the lab to delete itself (which we use for our added menu items) |
 | jupyterhub.hub.networkPolicy.enabled | bool | `false` | Whether to enable the default `NetworkPolicy` (currently, the upstream one does not work correctly) |
 | jupyterhub.hub.resources | object | See `values.yaml` | Resource limits and requests |

applications/nublado/templates/controller-deployment.yaml

@@ -38,6 +38,24 @@ spec:
           env:
             - name: EXTERNAL_INSTANCE_URL
               value: {{ .Values.global.baseUrl | quote }}
+            {{- if .Values.controller.config.metrics.enabled }}
+            - name: "KAFKA_BOOTSTRAP_SERVERS"
+              valueFrom:
+                secretKeyRef:
+                  name: "nublado-kafka"
+                  key: "bootstrapServers"
+            - name: "KAFKA_SECURITY_PROTOCOL"
+              valueFrom:
+                secretKeyRef:
+                  name: "nublado-kafka"
+                  key: "securityProtocol"
+            - name: "KAFKA_CLIENT_CERT_PATH"
+              value: "/etc/nublado-kafka/user.crt"
+            - name: "KAFKA_CLIENT_KEY_PATH"
+              value: "/etc/nublado-kafka/user.key"
+            - name: "KAFKA_CLUSTER_CA_PATH"
+              value: "/etc/nublado-kafka/ca.crt"
+            {{- end }}
             {{- if .Values.controller.slackAlerts }}
             - name: "NUBLADO_SLACK_WEBHOOK"
               valueFrom:
@@ -66,6 +84,20 @@ spec:
               mountPath: "/etc/secrets"
               readOnly: true
             {{- end }}
+            {{- if .Values.controller.config.metrics.enabled }}
+            - name: "kafka"
+              mountPath: "/etc/nublado-kafka/ca.crt"
+              readOnly: true
+              subPath: "ssl.truststore.crt"
+            - name: "kafka"
+              mountPath: "/etc/nublado-kafka/user.crt"
+              readOnly: true
+              subPath: "ssl.keystore.crt"
+            - name: "kafka"
+              mountPath: "/etc/nublado-kafka/user.key"
+              readOnly: true
+              subPath: "ssl.keystore.key"
+            {{- end }}
             - name: "podinfo"
               mountPath: "/etc/podinfo"
       {{- with .Values.controller.nodeSelector }}
@@ -82,14 +114,19 @@ spec:
         {{- toYaml . | nindent 8 }}
       {{- end }}
       volumes:
+        - name: "config"
+          configMap:
+            name: "nublado-controller-config"
         {{- if eq "docker" .Values.controller.config.images.source.type }}
         - name: "docker-creds"
           secret:
             secretName: "pull-secret"
         {{- end }}
-        - name: "config"
-          configMap:
-            name: "nublado-controller-config"
+        {{- if .Values.controller.config.metrics.enabled }}
+        - name: "kafka"
+          secret:
+            secretName: "nublado-kafka"
+        {{- end }}
         - name: "podinfo"
           downwardAPI:
             items:

applications/nublado/templates/kafka-access.yaml

@@ -0,0 +1,16 @@
+{{- if .Values.controller.config.metrics.enabled -}}
+apiVersion: access.strimzi.io/v1alpha1
+kind: KafkaAccess
+metadata:
+  name: "nublado-kafka"
+spec:
+  kafka:
+    name: "sasquatch"
+    namespace: "sasquatch"
+    listener: "tls"
+  user:
+    kind: "KafkaUser"
+    apiGroup: "kafka.strimzi.io"
+    name: "app-metrics-nublado"
+    namespace: "sasquatch"
+{{- end }}

applications/nublado/values-base.yaml

@@ -32,7 +32,7 @@ controller:
         - name: "inithome"
           image:
             repository: "ghcr.io/lsst-sqre/nublado-inithome"
-            tag: "8.3.0"
+            tag: "8.4.0"
           privileged: true
           volumeMounts:
             - containerPath: "/home"

applications/nublado/values-idfdemo.yaml

@@ -28,7 +28,7 @@ controller:
         - name: "inithome"
           image:
             repository: "ghcr.io/lsst-sqre/nublado-inithome"
-            tag: "8.3.0"
+            tag: "8.4.0"
           privileged: true
           volumeMounts:
             - containerPath: "/home"

applications/nublado/values-idfdev.yaml

@@ -34,7 +34,7 @@ controller:
         - name: "inithome"
           image:
             repository: "ghcr.io/lsst-sqre/nublado-inithome"
-            tag: "8.3.0"
+            tag: "8.4.0"
           privileged: true
           volumeMounts:
             - containerPath: "/home"
@@ -77,6 +77,8 @@ controller:
           volumeName: "project"
         - containerPath: "/scratch"
           volumeName: "scratch"
+    metrics:
+      enabled: true
 jupyterhub:
   hub:
     db:

applications/nublado/values-idfint.yaml

@@ -44,7 +44,7 @@ controller:
         - name: "inithome"
           image:
             repository: "ghcr.io/lsst-sqre/nublado-inithome"
-            tag: "8.3.0"
+            tag: "8.4.0"
           privileged: true
           volumeMounts:
             - containerPath: "/home"

applications/nublado/values-idfprod.yaml

@@ -23,7 +23,7 @@ controller:
         - name: "inithome"
           image:
             repository: "ghcr.io/lsst-sqre/nublado-inithome"
-            tag: "8.3.0"
+            tag: "8.4.0"
           privileged: true
           volumeMounts:
             - containerPath: "/home"

applications/nublado/values-roe.yaml

@@ -14,7 +14,7 @@ controller:
         - name: "inithome"
           image:
             repository: "ghcr.io/lsst-sqre/nublado-inithome"
-            tag: "8.3.0"
+            tag: "8.4.0"
           privileged: true
           volumeMounts:
             - containerPath: "/home"

applications/nublado/values-summit.yaml

@@ -25,7 +25,7 @@ controller:
         - name: "inithome"
           image:
             repository: "ghcr.io/lsst-sqre/nublado-inithome"
-            tag: "8.3.0"
+            tag: "8.4.0"
           privileged: true
           volumeMounts:
             - containerPath: "/home"

applications/nublado/values-tucson-teststand.yaml

@@ -29,7 +29,7 @@ controller:
         - name: "inithome"
           image:
             repository: "ghcr.io/lsst-sqre/nublado-inithome"
-            tag: "8.3.0"
+            tag: "8.4.0"
           privileged: true
           volumeMounts:
             - containerPath: "/home"

applications/nublado/values.yaml

@@ -371,6 +371,28 @@ controller:
       #   readOnly: true
       #   volumeName: "project"
 
+    metrics:
+      # -- Whether to enable sending metrics
+      enabled: false
+
+      # -- Name under which to log metrics. Generally there is no reason to
+      # change this.
+      application: "nublado"
+
+      events:
+        # -- Topic prefix for events. It may sometimes be useful to change this
+        # in development environments.
+        topicPrefix: "lsst.square.metrics.events"
+
+      schemaManager:
+        # -- URL of the Confluent-compatible schema registry server
+        # @default -- Sasquatch in the local cluster
+        registryUrl: "http://sasquatch-schema-registry.sasquatch.svc.cluster.local:8081"
+
+        # -- Suffix to add to all registered subjects. This is sometimes useful
+        # for experimentation during development.
+        suffix: ""
+
 # JupyterHub configuration handled directly by this chart rather than by Zero
 # to JupyterHub.
 hub:
@@ -435,7 +457,7 @@ jupyterhub:
       name: "ghcr.io/lsst-sqre/nublado-jupyterhub"
 
       # -- Tag of image to use for JupyterHub
-      tag: "8.3.0"
+      tag: "8.4.0"
 
     # -- Resource limits and requests
     # @default -- See `values.yaml`

applications/sasquatch/charts/app-metrics/values.yaml

@@ -20,6 +20,9 @@ globalAppConfig:
       - "username"
       - "notebook"
       - "repo"
+  nublado:
+    influxTags:
+      - "username"
   wobbly:
     influxTags:
       - "service"

applications/sasquatch/values-idfdev.yaml

@@ -159,6 +159,7 @@ app-metrics:
   apps:
     - gafaelfawr
     - mobu
+    - nublado
     - wobbly
 
 backup: