在aws fargate中运行的docker容器中生成jupyterhub单用户服务器
fargatespawner的Python项目详细描述
fargatespawner
在aws fargate中运行的docker容器中生成jupyterhub单用户笔记本服务器
安装
pip install fargatespawner
配置
要将jupyterhub配置为使用fargatespawner,可以将以下内容添加到您的jupyterhub_config.py
。
fromfargatespawnerimportFargateSpawnerc.JupyterHub.spawner_class=FargateSpawner
您还必须在jupyterhub_config.py
中对c.FargateSpawner
设置以下设置。它们都不是可选的。
Setting | Description | Example |
---|---|---|
^{ | The AWS region in which the tasks are launched. | ^{ |
^{ | The hostname of the AWS ECS API. Typically, this is of the form ^{ | ^{ |
^{ | The role the notebook tasks can assume. For example, in order for them to make requests to AWS, such as to use Jupyter S3 with role-based authentication. | ^{ |
^{ | The name of the ECS cluster in which the tasks are launched. | ^{ |
^{ | The name of the container in the task definition. | ^{ |
^{ | The family and revision (family:revision) or full ARN of the task definition that runs the notebooks. Typically, this task definition would specify a docker image that builds on one of those from https://github.com/jupyter/docker-stacks. | ^{ |
^{ | The security group(s) associated with the Fargate tasks. These must allow communication to and from the hub/proxy. More information, such as the ports used, is at https://jupyterhub.readthedocs.io/en/stable/getting-started/networking-basics.html. | ^{ |
^{ | The subnets associated with the Fargate tasks. | ^{ |
^{ | The port the notebook servers listen on. | ^{ |
^{ | The scheme used by the hub and proxy to connect to the notebook servers. At the time of writing ^{ | ^{ |
^{ | Additional arguments to be passed to ^{ | ^{ |
您还必须使用密钥进行身份验证,在这种情况下,您必须具有以下配置
fromfargatespawnerimportFargateSpawnerSecretAccessKeyAuthenticationc.FargateSpawner.authentication_class=FargateSpawnerSecretAccessKeyAuthentication
和上的以下设置c.FargateSpawnerSecretAccessKeyAuthentication
Setting | Description | Example |
---|---|---|
^{ | The ID of the AWS access key used to sign the requests to the AWS ECS API. | ommitted |
^{ | The secret part of the AWS access key used to sign the requests to the AWS ECS API . | ommitted |
或使用ecs容器中的角色进行身份验证,在这种情况下,您必须具有以下配置
fromfargatespawnerimportFargateSpawnerECSRoleAuthenticationc.FargateSpawner.authentication_class=FargateSpawnerECSRoleAuthentication
其中fargatespawnerecsroleauthentication没有可配置的选项。
运行时依赖项
生成程序被故意编写为除了jupyterhub所需的依赖项之外没有任何其他依赖项。
近似最小权限
为了让用户能够启动、监视和停止任务,他们应该具有以下权限。
{"Version":"2012-10-17","Statement":[{"Sid":"","Effect":"Allow","Action":"ecs:RunTask","Resource":"arn:aws:ecs:<aws_region>:<aws_account_id>:task-definition/<task_family>:*","Condition":{"ArnEquals":{"ecs:cluster":"arn:aws:ecs:<aws_region>:<aws_account_id>:cluster/<cluster_name>"}}},{"Sid":"","Effect":"Allow","Action":"ecs:StopTask","Resource":"arn:aws:ecs:<aws_region>:<aws_account_id>:task/*","Condition":{"ArnEquals":{"ecs:cluster":"arn:aws:ecs:<aws_region>:<aws_account_id>:cluster/<cluster_name>"}}},{"Sid":"","Effect":"Allow","Action":"ecs:DescribeTasks","Resource":"arn:aws:ecs:<aws_region>:<aws_account_id>:task/*","Condition":{"ArnEquals":{"ecs:cluster":"arn:aws:ecs:<aws_region>:<aws_account_id>:cluster/<cluster_name>"}}},{"Sid":"","Effect":"Allow","Action":"iam:PassRole","Resource":["arn:aws:iam::<aws_account_id>:role/<task-execution-role>","arn:aws:iam::<aws_account_id>:role/<task-role>"]}]}