Comment on page
Upgrades
Overview of how to perform TileDB Cloud Enterprise upgrades
When new releases of TileDB Cloud Enterprises are announced you can easily upgrade your installation by first updating the helm repository:
helm repo update tiledb
After the repository is updated you can run the helm upgrade:
helm upgrade --install \
--namespace tiledb-cloud \
--values values.yaml \
tiledb-cloud \
tiledb/tiledb-cloud-enterprise
Starting from version 2.x.x a newer version of JupyterHub is used. JupyterHub Chart version 1.2.0 is used including support for JupyterHub 1.5.0. With the new version of JupyterHub there are a number of changes needed in your
values.yaml
file. Below we highlight the specific sections requiring changes.- Add
imagePullSecret
key underjupyterhub
section.
#########################################
# TileDB Cloud Hosted Notebook Settings #
#########################################
jupyterhub:
# REQUIRED: Set the private registry credentials, these are the same as the `imageCredentials` above
imagePullSecret:
password: ""
- Remove
imagePullSecret
key fromsingleuser
section.
singleuser:
# REQUIRED: Set the private registry credentials, these are the same as the `imageCredentials` above
imagePullSecret:
password: ""
- Please copy and page in a notepad the contents of
jupyterhub.auth
key, then remove it completely. You will need the values inclient_secret
andcryptoKey
fields.
auth:
type: custom
custom:
className: 'oauthenticator.tiledb.TileDBCloud'
config:
# REQUIRED: Set the oauth2 secret, this should be a secure value
# We recommend creating a random value with `openssl rand -hex 32`
client_secret: "Secret"
# REQUIRED: Set the domain for the jupyterhub and the oauth2 service
# it is likely you just need to replace `example.com` with your own internal domain
# This should match the ingress settings above and the hydra settings below
oauth_callback_url: "https://jupyterhub.tiledb.example.com/hub/oauth_callback"
token_url: "https://oauth2.tiledb.example.com/oauth2/token"
auth_url: "https://oauth2.tiledb.example.com/oauth2/auth"
userdata_url: "https://oauth2.tiledb.example.com/userinfo"
state:
# REQUIRED: Set the jupyterhub auth secret for persistence, this should be a secure value
# We recommend creating a random value with `openssl rand -hex 32`
cryptoKey: "Secret"
- Replace
jupyterhub.ingress.tls
key with the following.
tls:
# REQUIRED: set the TLS information for hosted notebooks
- hosts:
- jupyterhub.tiledb.example.com
secretName: jupyterhub-tls
# optional TLS
tls: []
- Replace initial contents of
jupyterhub.hub
key with the following:
hub:
# REQUIRED: Set the private registry credentials, these are the same as the `imageCredentials` above
imagePullSecret:
password: ""
config:
CryptKeeper:
# REQUIRED: Set the jupyterhub auth secret for persistence, this should be a secure value
# We recommend creating a random value with `openssl rand -hex 32`
keys:
- "Secret"
JupyterHub:
authenticator_class: oauthenticator.tiledb.TileDBCloud
TileDBCloud:
# REQUIRED: Set the oauth2 secret, this should be a secure value
# We recommend creating a random value with `openssl rand -hex
client_secret: "Secret"
# REQUIRED: Set the domain for the jupyterhub and the oauth2 service
# it is likely you just need to replace `example.com` with your own internal domain
# This should match the ingress settings above and the hydra settings below
oauth_callback_url: "http://jupyterhub.tiledb.example.com/hub/oauth_callback"
token_url: "http://oauth2.tiledb.example.com/oauth2/token"
auth_url: "http://oauth2.tiledb.example.com/oauth2/auth"
userdata_url: "http://oauth2.tiledb.example.com/userinfo"
In this step you need to fill-in the
Keys
and client_secret fields with values from the field jupyterhub.auth
that earlier were saved in a notepad.- In
hydra
section please replace the following fields as noted here:
# tls:
# allow_termination_from:
# Set to cluster IP
# - 172.20.0.0/12
# serve:
# tls:
# allow_termination_from:
# Set to cluster IP
# - 172.20.0.0/12
secrets:
# REQUIRED: Set the oauth2 secret, this should be a secure value
# We recommend creating a random value with `openssl rand -hex 32`
system: secret
cookie: secret
system:
- "secret"
cookie:
- "Secret"
dsn: "mysql://tiledb_user:password@tcp(tiledb-cloud-mariadb.tiledb-cloud.svc.cluster.local:3306)/tiledb_rest"
dsn: "mysql://tiledb_user:password@tcp(tiledb-cloud-mariadb.tiledb-cloud.svc.cluster.local:3306)/tiledb_rest?parseTime=true"
# Configure ingress for oauth2 service
ingress:
public:
annotations:
# Configure any needed annotations. For instance if you are using a different ingress besides nginx set that here
kubernetes.io/ingress.class: nginx
hosts:
# REQUIRED: set the ingress domain for oauth2 service
- host: "oauth2.tiledb.example.com"
paths: ["/"]
tls:
# REQUIRED: set the TLS information for oauth2 service
- hosts:
- "oauth2.tiledb.example.com"
secretName: hydra-tls
paths:
- path: /
pathType: ImplementationSpecific
# optional TLS
tls: []
Starting from version 2.4.x a newer version of JupyterHub is used. JupyterHub Chart version 2.0.0 is used including support for JupyterHub 3.0.0.
We also introduced a new version of JupyterHub Authenticator which is used automatically. This means that the
authenticator_class
is no longer needed in values.yaml
.Below we highlight the specific section that has to be removed.
jupyterhub:
hub:
config:
JupyterHub:
authenticator_class: oauthenticator.tiledb.Ti
Furthermore if
https
is not used, it must be disabled explicitly, as in the following example:tiledb-cloud-ui:
config:
isHttps: false
As part of JupyterHub 3.0.0, new version of Kubespawner is used, 4.2.0. Users who have overridden
jupyterhub.singleuser.profileList
in values.yaml
should update to latest structure. Here is and example usage of profileList
section which is also used in TileDB Enterprise Helm Chartjupyterhub:
singleuser:
profileList:
- display_name: "Basic Data Science"
slug: "basic_data_science"
description: "This image is based on the popular <a href='https://hub.docker.com/r/jupyter/tensorflow-notebook/' target='_blank'>jupyter/tensorflow-notebook</a> docker image with the TileDB libraries included. See the full list of <a href='https://docs.tiledb.com/cloud/concepts/tiledb-cloud-internals/jupyter-notebooks' target='_blank'>installed packages</a>."
package_list_url: "https://docs.tiledb.com/cloud/concepts/tiledb-cloud-internals/jupyter-notebooks"
kubespawner_override:
image: tiledbenterprise/notebook-python-r-julia:3.1.0
profile_options:
server:
display_name: 'Server profile'
choices:
small:
display_name: 'Small server'
description: Best for when you will be performing serverless operations or moderate analysis.
kubespawner_override:
mem_limit: "8G"
mem_guarantee: "8G"
memory_display: "8GB"
cpu_limit: 2
cpu_guarantee: 2
environment:
JUPYTER_IMAGE_NAME: "basic_data_science"
JUPYTER_IMAGE_SIZE: "small"
large:
display_name: 'Large server'
description: Best for when you need to perform large analysis in the notebook itself.
kubespawner_override:
mem_limit: "60G"
mem_guarantee: "60G"
memory_display: "60GB"
cpu_limit: 16
cpu_guarantee: 16
environment:
JUPYTER_IMAGE_NAME: "basic_data_science"
JUPYTER_IMAGE_SIZE: "large"
Starting with helm chart release 2.7, python is officially deprecated and scheduled for removal in January, 2024.
- Replace
annotations:
kubernetes.io/ingress.class: nginx
with
classname: nginx
in all ingress sections. Annotations are formally deprecated since Kubernetes 1.18, like in the following example:
ingress:
# Following lines have to be removed:
# annotations:
# kubernetes.io/ingress.class: nginx
paths:
- /v1
- /v2
className: nginx
- Support for GPUs is added in notebooks. Here is and example addition to the
profileList
section which is also used in TileDB Enterprise Helm Chart that includes a GPU entry:
jupyterhub:
singleuser:
profileList:
- display_name: "Basic Data Science"
slug: "basic_data_science"
description: "This image is based on the popular <a href='https://hub.docker.com/r/jupyter/tensorflow-notebook/' target='_blank'>jupyter/tensorflow-notebook</a> docker image with the TileDB libraries included. See the full list of <a href='https://docs.tiledb.com/cloud/concepts/tiledb-cloud-internals/jupyter-notebooks' target='_blank'>installed packages</a>."
package_list_url: "https://docs.tiledb.com/cloud/concepts/tiledb-cloud-internals/jupyter-notebooks"
kubespawner_override:
image: tiledbenterprise/notebook-python-r-julia:3.10.1
profile_options:
server:
display_name: 'Server profile'
choices:
small:
display_name: 'Small server'
description: Best for when you will be performing serverless operations or moderate analysis.
kubespawner_override:
mem_limit: "8G"
mem_guarantee: "8G"
memory_display: "8GB"
cpu_limit: 2
cpu_guarantee: 2
environment:
JUPYTER_IMAGE_NAME: "basic_data_science"
JUPYTER_IMAGE_SIZE: "small"
large:
display_name: 'Large server'
description: Best for when you need to perform large analysis in the notebook itself.
kubespawner_override:
mem_limit: "60G"
mem_guarantee: "60G"
memory_display: "60GB"
cpu_limit: 16
cpu_guarantee: 16
environment:
JUPYTER_IMAGE_NAME: "basic_data_science"
JUPYTER_IMAGE_SIZE: "large"
gpu_p2:
display_name: 'Nvidia V100 GPU server'
description: Best for when you need to perform ML or other CUDA enabled jobs in the notebook itself. A GPU instance might take an additional 5-10 minutes to launch.
kubespawner_override:
mem_limit: "60G"
mem_guarantee: "56G"
memory_display: "60GB"
cpu_limit: 3.5
cpu_guarantee: 3.5
cpu_display: "4"
extra_resource_limits:
nvidia.com/gpu: "1"
environment:
JUPYTER_IMAGE_NAME: "basic_data_science"
JUPYTER_IMAGE_SIZE: "gpu_p2_large"
Last modified 22d ago