From add68c8999192d46d58fdc6e2aaa4011dc033357 Mon Sep 17 00:00:00 2001 From: Erik Sundell Date: Mon, 4 Jan 2021 11:15:12 +0100 Subject: [PATCH] docs: please make linkcheck, remove very old rbac section --- doc/source/administrator/advanced.md | 1 + doc/source/administrator/optimization.md | 6 +++-- doc/source/administrator/security.md | 4 +++ doc/source/administrator/upgrading.md | 25 ------------------- doc/source/conf.py | 2 ++ .../jupyterhub/customizing/user-management.md | 1 + doc/source/kubernetes/amazon/step-zero-aws.md | 2 +- doc/source/kubernetes/google/step-zero-gcp.md | 2 +- doc/source/kubernetes/ovh/step-zero-ovh.md | 4 +-- doc/source/kubernetes/setup-helm2.md | 2 +- doc/source/repo2docker.md | 2 +- doc/source/resources/glossary.md | 4 +-- doc/source/resources/tools.md | 2 +- 13 files changed, 21 insertions(+), 36 deletions(-) diff --git a/doc/source/administrator/advanced.md b/doc/source/administrator/advanced.md index 151e7fe442..97f8813eae 100644 --- a/doc/source/administrator/advanced.md +++ b/doc/source/administrator/advanced.md @@ -10,6 +10,7 @@ Most people setting up JupyterHubs on popular public clouds should not have to use any of this information, but these topics are essential for more complex installations. +(ingress)= ## Ingress If you are using a Kubernetes Cluster that does not provide public IPs for diff --git a/doc/source/administrator/optimization.md b/doc/source/administrator/optimization.md index bc07d96f40..c068378c85 100644 --- a/doc/source/administrator/optimization.md +++ b/doc/source/administrator/optimization.md @@ -56,6 +56,7 @@ singleuser: guarantee: 512M ``` +(pulling-images-before-users-arrive)= ## Pulling images before users arrive If a user pod is scheduled on a node requesting a Docker image that isn't @@ -119,6 +120,7 @@ situations: added, but at that point users are already waiting. To scale up nodes ahead of time we can use [user-placeholders](#scaling-up-in-time-user-placeholders). +(images-that-will-be-pulled)= ### The images that will be pulled The hook-image-puller and the continuous-image-puller has various sources @@ -233,7 +235,7 @@ and some JupyterHub pods (without a permissive Consider for example that many users arrive to your JupyterHub during the daytime. New nodes are added by the CA. Some system pod ends up on the new nodes along with the user pods for some reason. At night when the -[*culler*](/customizing/user-management.html#culling-user-pods) has removed many inactive +[*culler*](culling-user-pods) has removed many inactive pods from some nodes. They are now free from user pods but there is still a single system pod stopping the CA from removing the node. @@ -334,7 +336,7 @@ scheduling: **NOTE**: For the user scheduler to work well, you need old user pods to shut down at some point. Make sure to properly configure the -[*culler*](user-management.html#culling-user-pods). +[*culler*](culling-user-pods). ## Balancing "guaranteed" vs "maximum" memory and CPU diff --git a/doc/source/administrator/security.md b/doc/source/administrator/security.md index eece9ca511..2973d5836e 100644 --- a/doc/source/administrator/security.md +++ b/doc/source/administrator/security.md @@ -13,6 +13,7 @@ model itself, please report it to [security@ipython.org](mailto:security@ipython If you prefer to encrypt your security reports, you can use [this PGP public key](https://ipython.org/ipython-doc/2/_downloads/ipython_security.asc). +(https)= ## HTTPS This section describes how to enable HTTPS on your JupyterHub. The easiest way to do so is by using [Let's Encrypt](https://letsencrypt.org/), though we'll also cover how to set up your own HTTPS credentials. For more information @@ -28,6 +29,7 @@ on HTTPS security see the certificates section of [this blog post](https://blog. It is important that you wait - prematurely going to the next step might cause problems! +(setup-automatic-https)= ### Set up automatic HTTPS JupyterHub uses [Let's Encrypt](https://letsencrypt.org/) to automatically create @@ -68,6 +70,7 @@ The IP can be provided like: More info about this can be found on the [Configuration Reference](helm-chart-configuration-reference) page. *** +(setup-manual-https)= ### Set up manual HTTPS If you have your own HTTPS certificates & want to use those instead of the automatically provisioned Let's Encrypt ones, that's also possible. Note that this is considered an advanced option, so we recommend not doing it unless you have good reasons. @@ -182,6 +185,7 @@ In older clusters, you might have to do: kubectl --namespace=kube-system delete rc kubernetes-dashboard ``` +(rbac)= ## Use Role Based Access Control (RBAC) Kubernetes supports, and often requires, using [Role Based Access Control (RBAC)](https://kubernetes.io/docs/reference/access-authn-authz/rbac/) diff --git a/doc/source/administrator/upgrading.md b/doc/source/administrator/upgrading.md index 2a455f81b5..de0a64075c 100644 --- a/doc/source/administrator/upgrading.md +++ b/doc/source/administrator/upgrading.md @@ -97,31 +97,6 @@ will be performed automatically when you do a `helm upgrade`. 5. Remove the lines added in step 3, and do another [`helm upgrade`](#upgrade-command). -### [Role based access control](/security.html#use-role-based-access-control-rbac) - -[RBAC](https://kubernetes.io/docs/reference/access-authn-authz/rbac/) is the user security model -in Kubernetes that gives applications only as much access they need to the kubernetes -API and not more. Prior to this, applications were all running with the equivalent -of root on your Kubernetes cluster. This release adds appropriate roles for the -various components of JupyterHub, for much better ability to secure clusters. - -RBAC is turned on by default. But, if your cluster is older than 1.8, or you have RBAC -enforcement turned off, you might want to explicitly disable it. You can do so by adding -the following snippet to your `config.yaml`: - -```yaml -rbac: - enabled: false -``` - -This is especially true if you get an error like: - -``` -Error: the server rejected our request for an unknown reason (get clusterrolebindings.rbac.authorization.k8s.io) -``` - -when doing the upgrade! - ### Custom Docker Images: JupyterHub version match If you are using a custom built image, make sure that the version of the diff --git a/doc/source/conf.py b/doc/source/conf.py index 72fe2e8a49..fb1674e7ac 100644 --- a/doc/source/conf.py +++ b/doc/source/conf.py @@ -247,6 +247,8 @@ def parse_schema(d, md=[], depth=0, pre=""): "https://your-domain-name.com", # example "https://kubernetes.io/docs/tutorials/kubernetes-basics/", # works "https://cloud.ibm.com/kubernetes/catalog/create", # works + "https://portal.azure.com", # sign-in redirect noise + "https://console.cloud.google.com", # sign-in redirect noise ] linkcheck_anchors_ignore = [ "/#!", diff --git a/doc/source/jupyterhub/customizing/user-management.md b/doc/source/jupyterhub/customizing/user-management.md index 0592657d76..62a73b6b11 100644 --- a/doc/source/jupyterhub/customizing/user-management.md +++ b/doc/source/jupyterhub/customizing/user-management.md @@ -3,6 +3,7 @@ This section describes management of users and their permissions on JupyterHub. +(culling-user-pods)= ## Culling user pods JupyterHub will automatically delete any user pods that have no activity for a period of time. This helps free up computational resources and keeps diff --git a/doc/source/kubernetes/amazon/step-zero-aws.md b/doc/source/kubernetes/amazon/step-zero-aws.md index 4ec4962aa7..88b44f40b1 100644 --- a/doc/source/kubernetes/amazon/step-zero-aws.md +++ b/doc/source/kubernetes/amazon/step-zero-aws.md @@ -152,7 +152,7 @@ template you will use to setup and shape your cluster. You should see a list of two nodes, each beginning with `ip`. - If you want to use kubectl and helm locally (necessary for step #3 in [Setting up Helm](setup-helm#initialization)): + If you want to use kubectl and helm locally: * run the following on CI host: `kops export kubecfg` * copy the contents of `~/.kube/config` to the same place on your local system diff --git a/doc/source/kubernetes/google/step-zero-gcp.md b/doc/source/kubernetes/google/step-zero-gcp.md index 7ba6ceac4a..bd027bc296 100644 --- a/doc/source/kubernetes/google/step-zero-gcp.md +++ b/doc/source/kubernetes/google/step-zero-gcp.md @@ -38,7 +38,7 @@ your google cloud account. 2. **Use your own computer's terminal:** 1. Download and install the `gcloud` command line tool at its [install - page](https://cloud.google.com/sdk/install). It will help you + page](https://cloud.google.com/sdk/docs/install). It will help you create and communicate with a Kubernetes cluster. 2. Install `kubectl` (reads *kube control*), it is a tool for controlling Kubernetes clusters in general. From your terminal, enter: diff --git a/doc/source/kubernetes/ovh/step-zero-ovh.md b/doc/source/kubernetes/ovh/step-zero-ovh.md index e925f63acf..4fcadd6c29 100644 --- a/doc/source/kubernetes/ovh/step-zero-ovh.md +++ b/doc/source/kubernetes/ovh/step-zero-ovh.md @@ -1,8 +1,8 @@ (ovh)= -# Kubernetes on [OVHcloud](https://ovh.com/) (OVH) +# Kubernetes on [OVHcloud](https://www.ovh.ie/) (OVH) -[OVHcloud](https://ovh.com/) is a leader in the hosted private cloud services space in Europe. +[OVHcloud](https://www.ovh.ie/) is a leader in the hosted private cloud services space in Europe. They offer a managed Kubernetes service as well as a managed private registry for Docker images. diff --git a/doc/source/kubernetes/setup-helm2.md b/doc/source/kubernetes/setup-helm2.md index fe79e3b028..1cd085c543 100644 --- a/doc/source/kubernetes/setup-helm2.md +++ b/doc/source/kubernetes/setup-helm2.md @@ -69,7 +69,7 @@ cluster: kubectl create clusterrolebinding tiller --clusterrole cluster-admin --serviceaccount=kube-system:tiller ``` - See [our RBAC documentation](../administrator/security.html#use-role-based-access-control-rbac) for more information. + See [our RBAC documentation](rbac) for more information. 3. Initialize `helm` and `tiller`. ``` diff --git a/doc/source/repo2docker.md b/doc/source/repo2docker.md index df79a30f8e..02754789f2 100644 --- a/doc/source/repo2docker.md +++ b/doc/source/repo2docker.md @@ -20,7 +20,7 @@ matching version with the Helm chart. This documentation is for Helm chart If you can't find a pre-existing image that suits your needs, you can create your own image. An easy way to do this is with the package {term}`repo2docker`. -[repo2docker](https://github.com/jupyter/repo2docker) lets you quickly convert +[repo2docker](https://github.com/jupyterhub/repo2docker) lets you quickly convert a Git repository into a Docker image that can be used as a base for your JupyterHub instance. Anything inside the Git repository will exist in a user’s environment when they access your JupyterHub. diff --git a/doc/source/resources/glossary.md b/doc/source/resources/glossary.md index 90c90d4c5c..2a97856f84 100644 --- a/doc/source/resources/glossary.md +++ b/doc/source/resources/glossary.md @@ -97,7 +97,7 @@ Additions to the glossary are welcomed. Please add in alphabetical order. there is always X running pods of a kind. See the `Kubernetes documentation - `__ for more + `__ for more information. Kubernetes resource @@ -118,7 +118,7 @@ Additions to the glossary are welcomed. Please add in alphabetical order. With cluster autoscaling, a node pool can grow and shrink based on demand allowing you to save computational resources. - `repo2docker `_ + `repo2docker `_ A tool which lets you quickly convert a Git repository into a :term:`Docker image`. diff --git a/doc/source/resources/tools.md b/doc/source/resources/tools.md index fe26e9bf33..4c82c2c5c5 100644 --- a/doc/source/resources/tools.md +++ b/doc/source/resources/tools.md @@ -123,7 +123,7 @@ service that you want to run, which makes things easier to manage and keeps things more stable. For more information about pods, see the -[Kubernetes documentation about pods](https://kubernetes.io/docs/concepts/workloads/pods/pod-overview/). +[Kubernetes documentation about pods](https://kubernetes.io/docs/concepts/workloads/pods/). ### Deployments