How should I configure Daskhub helm chart to deploy Daskhub in a fully private EKS cluster?

bressanmarcos · February 13, 2022, 4:34pm

Hi,

I have EC2 machines deployed in a VPC with (almost) no access to the internet, where every user is supposed to connect to via VPN. A Windows Server provides an interface for those who work with Jupyter notebooks, but everthing happens behind a VPN.

I just deployed a fully private EKS cluster (there are no public endpoints), and wanted some help to deploy Daskhub in this scenario.

When I try it, I always get the chart to launch a internet-facing load balancer in the public subnet, but I don’t want any public endpoint to start. Every service should be available to internal access only.

Is there a way to make this load balancer an internal service instead in my VPC? Or use another type of Kubernetes service to achieve the same result, but in a private/local network?
What parameters should I deploy the chart with to get this result?

pavithraes · February 14, 2022, 2:27pm

@bressanmarcos Hi and welcome to Discourse! Could you please share some more details about how you’ve tried deploying Dask? Some minimal code/example would also be valuable!

I’m wondering if Dask Gateway can help here?

bressanmarcos · February 14, 2022, 6:02pm

So far, I’ve been struggling with running the chart:

helm upgrade --wait --install --render-subchart-notes     dhub dask/daskhub     --namespace=dhub     --values=secrets.yaml     --values=config.yaml

With the files:

# file: secrets.yaml
jupyterhub:
  hub:
    services:
      dask-gateway:
        apiToken: mytoken

dask-gateway:
  gateway:
    auth:
      jupyterhub:
        apiToken: mytoken

# config.yaml
jupyterhub.proxy.service.annotations:
        service.beta.kubernetes.io/aws-load-balancer-internal: 0.0.0.0/0

I did notice that even using this option to make the load balancer internal-facing, it will insist to create the LB in my public subnet, open to the world. My purpose is to make it an internal service only, for local access only.

bressanmarcos · February 14, 2022, 8:37pm

Nevermind, i just noticed my mistake: the config yaml file should look like this:

# config.yaml
jupyterhub:
  proxy:
    service:
      type: LoadBalancer
      annotations:
        service.beta.kubernetes.io/aws-load-balancer-internal: 0.0.0.0/0

This just shows how noob I am in Helm, LOL
Thanks anyway!

scharlottej13 · February 14, 2022, 9:23pm

Thanks @bressanmarcos for posting your resolution I’m sure it will be helpful for others!

Topic		Replies	Views
Use Daskhub in private EKS Cluster with custom CA certificates Distributed dask-gateway , distributed	2	754	May 4, 2022
Dask EC2 in Private Subnet Distributed distributed	2	271	May 31, 2022
Deploy dask gateway on Kubernetes as a JupyterHub service Deploying Dask kubernetes	8	1365	January 29, 2022
Running Dask on AKS Deploying Dask kubernetes	14	219	February 15, 2024
Dask in k8s external client access Deploying Dask kubernetes	5	478	February 21, 2022

How should I configure Daskhub helm chart to deploy Daskhub in a fully private EKS cluster?

Related topics