[ENH] Switch default and filesystem name envs (#1357)

* switch default and filesystem name envs

* change 'global' -> 'nebari-system'

* chore: update nebari-system to global

* fix changes

* Add custom override for default conda-store namespace

* Fix wrong variable name

* vm default namespace name field to conda-store class

Co-authored-by: iameskild <[email protected]>
Co-authored-by: Harsh Mishra <[email protected]>
Co-authored-by: eskild <[email protected]>

qhub/schema.py

@@ -125,6 +125,7 @@ class CondaStore(Base):
     extra_settings: typing.Optional[typing.Dict[str, typing.Any]] = {}
     extra_config: typing.Optional[str] = ""
     image_tag: typing.Optional[str] = ""
+    default_namespace: typing.Optional[str] = ""
 
 
 # ============= Terraform ===============

qhub/stages/input_vars.py

@@ -282,6 +282,9 @@ def stage_07_kubernetes_services(stage_outputs, config):
                 },
             }
         },
+        "conda-store-default-namespace": config.get("conda_store", {}).get(
+            "default_namespace", "nebari-git"
+        ),
         "conda-store-extra-settings": config.get("conda_store", {}).get(
             "extra_settings", {}
         ),

qhub/template/stages/07-kubernetes-services/conda-store.tf

@@ -49,11 +49,12 @@ module "kubernetes-conda-store-server" {
   external-url = var.endpoint
   realm_id     = var.realm_id
 
-  nfs_capacity          = var.conda-store-filesystem-storage
-  minio_capacity        = coalesce(var.conda-store-object-storage, var.conda-store-filesystem-storage)
-  node-group            = var.node_groups.general
-  conda-store-image     = var.conda-store-image
-  conda-store-image-tag = var.conda-store-image-tag
+  nfs_capacity           = var.conda-store-filesystem-storage
+  minio_capacity         = coalesce(var.conda-store-object-storage, var.conda-store-filesystem-storage)
+  node-group             = var.node_groups.general
+  conda-store-image      = var.conda-store-image
+  conda-store-image-tag  = var.conda-store-image-tag
+  default-namespace-name = var.conda-store-default-namespace
   environments = {
     for filename, environment in var.conda-store-environments :
     filename => yamlencode(environment)

qhub/template/stages/07-kubernetes-services/dask_gateway.tf

@@ -32,8 +32,9 @@ module "dask-gateway" {
   dask-etc-configmap-name = "dask-etc"
 
   # environments
-  conda-store-pvc   = module.conda-store-nfs-mount.persistent_volume_claim.name
-  conda-store-mount = "/home/conda"
+  conda-store-pvc               = module.conda-store-nfs-mount.persistent_volume_claim.name
+  conda-store-mount             = "/home/conda"
+  default-conda-store-namespace = var.conda-store-default-namespace
 
   # profiles
   profiles = var.dask-gateway-profiles

qhub/template/stages/07-kubernetes-services/jupyterhub.tf

@@ -101,6 +101,7 @@ module "jupyterhub" {
   conda-store-pvc                = module.conda-store-nfs-mount.persistent_volume_claim.name
   conda-store-mount              = "/home/conda"
   conda-store-environments       = var.conda-store-environments
+  default-conda-store-namespace  = var.conda-store-default-namespace
   conda-store-cdsdashboard-token = module.kubernetes-conda-store-server.service-tokens.cdsdashboards
   conda-store-service-name       = module.kubernetes-conda-store-server.service_name
 

qhub/template/stages/07-kubernetes-services/modules/kubernetes/services/conda-store/config/conda_store_config.py

@@ -41,6 +41,8 @@ def conda_store_config(path="/var/lib/conda-store/config.json"):
 c.S3Storage.region = "us-east-1"  # minio region default
 c.S3Storage.bucket_name = "conda-store"
 
+c.CondaStore.default_namespace = "global"
+c.CondaStore.filesystem_namespace = config["default-namespace"]
 
 # ==================================
 #        server settings
@@ -102,11 +104,12 @@ async def authenticate(self, request):
             if role in role_mappings
         }
         username = user_data["preferred_username"]
-        namespaces = {username, "default", "filesystem"}
+        default_namespace = config["default-namespace"]
+        namespaces = {username, "global", default_namespace}
         role_bindings = {
             f"{username}/*": {"admin"},
-            "filesystem/*": {"viewer"},
-            "default/*": roles,
+            f"{default_namespace}/*": {"viewer"},
+            "global/*": roles,
         }
 
         for group in user_data.get("groups", []):

qhub/template/stages/07-kubernetes-services/modules/kubernetes/services/conda-store/server.tf

@@ -23,6 +23,9 @@ resource "kubernetes_secret" "conda-store-secret" {
       postgres-password = module.postgresql.root_password
       postgres-service  = module.postgresql.service
       openid-config     = module.conda-store-openid-client.config
+      extra-settings    = var.extra-settings
+      extra-config      = var.extra-config
+      default-namespace = var.default-namespace-name
       service-tokens = {
         for service, value in var.services : base64encode(random_password.conda_store_service_token[service].result) => value
       }

qhub/template/stages/07-kubernetes-services/modules/kubernetes/services/conda-store/variables.tf

@@ -67,6 +67,11 @@ variable "extra-config" {
   default     = ""
 }
 
+variable "default-namespace-name" {
+  description = "Name of the default conda-store namespace"
+  type        = string
+}
+
 variable "services" {
   description = "Map of services tokens and scopes for conda-store"
   type        = map(any)

qhub/template/stages/07-kubernetes-services/modules/kubernetes/services/dask-gateway/files/gateway_config.py

@@ -227,7 +227,10 @@ def worker_profile(options, user):
 
 
 def user_options(user):
-    allowed_namespaces = set(["filesystem", "default", user.name] + list(user.groups))
+    default_namespace = config["default-conda-store-namespace"]
+    allowed_namespaces = set(
+        [default_namespace, "global", user.name] + list(user.groups)
+    )
     environments = {
         f"{namespace}/{name}": conda_prefix
         for namespace, name, conda_prefix in list_dask_environments(

qhub/template/stages/07-kubernetes-services/modules/kubernetes/services/dask-gateway/gateway.tf

@@ -17,6 +17,7 @@ resource "kubernetes_secret" "gateway" {
       cluster                              = var.cluster
       cluster-image                        = var.cluster-image
       profiles                             = var.profiles
+      default-conda-store-namespace        = var.default-conda-store-namespace
       conda-store-pvc                      = var.conda-store-pvc
       conda-store-mount                    = var.conda-store-mount
       worker-node-group                    = var.worker-node-group

qhub/template/stages/07-kubernetes-services/modules/kubernetes/services/dask-gateway/variables.tf

@@ -184,3 +184,8 @@ variable "conda-store-mount" {
   description = "Mount directory for conda-store environments"
   type        = string
 }
+
+variable "default-conda-store-namespace" {
+  description = "Default conda-store namespace"
+  type        = string
+}

qhub/template/stages/07-kubernetes-services/modules/kubernetes/services/jupyterhub/files/jupyterhub/03-profiles.py

@@ -141,6 +141,7 @@ def profile_conda_store_mounts(username, groups):
     """
     conda_store_pvc_name = z2jh.get_config("custom.conda-store-pvc")
     conda_store_mount = z2jh.get_config("custom.conda-store-mount")
+    default_namespace = z2jh.get_config("custom.default-conda-store-namespace")
 
     extra_pod_config = {
         "volumes": [
@@ -153,7 +154,7 @@ def profile_conda_store_mounts(username, groups):
         ]
     }
 
-    conda_store_namespaces = [username, "filesystem", "default"] + groups
+    conda_store_namespaces = [username, default_namespace, "global"] + groups
     extra_container_config = {
         "volumeMounts": [
             {
@@ -252,14 +253,15 @@ def configure_user(username, groups, uid=1000, gid=100):
     )
 
     # condarc to add all the namespaces user has access to
+    default_namespace = z2jh.get_config("custom.default-conda-store-namespace")
     condarc = json.dumps(
         {
             "envs_dirs": [
                 f"/home/conda/{_}/envs"
                 for _ in [
                     username,
-                    "filesystem",
-                    "default",
+                    default_namespace,
+                    "global",
                 ]
                 + groups
             ]

qhub/template/stages/07-kubernetes-services/modules/kubernetes/services/jupyterhub/main.tf

@@ -24,15 +24,16 @@ resource "helm_release" "jupyterhub" {
     jsonencode({
       # custom values can be accessed via z2jh.get_config('custom.<path>')
       custom = {
-        conda-store-service-name  = var.conda-store-service-name
-        theme                     = var.theme
-        profiles                  = var.profiles
-        cdsdashboards             = var.cdsdashboards
-        home-pvc                  = var.home-pvc
-        shared-pvc                = var.shared-pvc
-        conda-store-pvc           = var.conda-store-pvc
-        conda-store-mount         = var.conda-store-mount
-        conda-store-cdsdashboards = var.conda-store-cdsdashboard-token
+        theme                         = var.theme
+        profiles                      = var.profiles
+        cdsdashboards                 = var.cdsdashboards
+        home-pvc                      = var.home-pvc
+        shared-pvc                    = var.shared-pvc
+        conda-store-pvc               = var.conda-store-pvc
+        conda-store-mount             = var.conda-store-mount
+        default-conda-store-namespace = var.default-conda-store-namespace
+        conda-store-service-name      = var.conda-store-service-name
+        conda-store-cdsdashboards     = var.conda-store-cdsdashboard-token
         skel-mount = {
           name      = kubernetes_config_map.etc-skel.metadata.0.name
           namespace = kubernetes_config_map.etc-skel.metadata.0.namespace

qhub/template/stages/07-kubernetes-services/modules/kubernetes/services/jupyterhub/variables.tf

@@ -139,3 +139,8 @@ variable "jupyterhub-hub-extraEnv" {
   type        = string
   default     = "[]"
 }
+
+variable "default-conda-store-namespace" {
+  description = "Default conda-store namespace"
+  type        = string
+}

qhub/template/stages/07-kubernetes-services/variables.tf

@@ -38,6 +38,12 @@ variable "jupyterhub-hub-extraEnv" {
   default     = "[]"
 }
 
+variable "conda-store-default-namespace" {
+  description = "Default conda-store namespace name"
+  type        = string
+  default     = "nebari-git"
+}
+
 variable "conda-store-service-token-scopes" {
   description = "Map of services tokens and scopes for conda-store"
   type        = map(any)