You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: dockerfiles/Code/README.md
+39-3Lines changed: 39 additions & 3 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -38,7 +38,7 @@ those tools to Base notebook images or Course images. CPU and GPU Code images
38
38
are built from the same Dockerfile and differ only by `BASE_IMAGE`, so the Code
39
39
layer stays consistent across hardware targets.
40
40
41
-
The default Hub resource keys are `code-cpu` and `code-gpu`. Code-server launch behavior is configured through `custom.resources.metadata.<resource>.launchMode: code-server`, alongside the same `custom.resources.images`, `custom.resources.requirements`, and `custom.teams.mapping` model as notebook resources in `runtime/values.yaml`.
41
+
The default Hub resource keys are `code-cpu` and `code-gpu`. Code-server launch behavior is configured through `custom.resources.metadata.<resource>.launchMode: code-server`, alongside the same `custom.resources.images`, `custom.resources.requirements`, `custom.resources.metadata.<resource>.defaultPath`, and `custom.teams.mapping` model as notebook resources in `runtime/values.yaml`.
42
42
43
43
## Build Commands
44
44
@@ -86,7 +86,7 @@ images continue to share one package set and the Dockerfile remains small.
helpers, Pixi, and native build tools are installed in the image so cloned
101
109
projects can use source control, frontend workflows, sudo-free user package
@@ -108,6 +116,13 @@ home directory instead of `/usr/local`: `NPM_CONFIG_PREFIX` defaults to
108
116
This lets users install small project CLIs with commands such as
109
117
`npm install -g cowsay` without sudo or write access to system directories.
110
118
119
+
For code-server's outgoing link protection, the Hub automatically injects the
120
+
current public Hub host into `AUPLC_CODE_TRUSTED_DOMAINS` so the built-in
121
+
Back-to-Hub action can open `/hub/home` without an external-site confirmation.
122
+
Deployments that intentionally open additional trusted sites can set
123
+
`custom.codeServer.extraTrustedDomains` to host/domain entries such as
124
+
`docs.example.edu`; do not include URL schemes or paths.
125
+
111
126
Pixi is provided as the sudo-free, apt-like package manager for user-space
112
127
native tools and project environments. The image writes `/etc/pixi/config.toml`
113
128
so requests for `https://conda.anaconda.org/conda-forge` are redirected to the
@@ -138,7 +153,28 @@ downgrading a user-installed newer copy.
138
153
139
154
`--auth none` is acceptable only because JupyterHub and the JupyterHub proxy remain the authentication boundary. The user pod's port `8888` must stay private to the Hub/proxy path and must not be exposed directly through an unauthenticated service, ingress, or port-forward shared with untrusted users.
140
155
141
-
When users provide a Git repository on the spawn form, the existing init-container clone flow is reused. For resources with `launchMode: code-server`, the spawner points `AUPLC_CODE_WORKDIR` and the code-server `folder` URL parameter at the cloned directory so code-server opens the repository workspace. The launcher also passes `--ignore-last-opened` so a persisted previous workspace cannot override the requested folder.
156
+
When users provide a Git repository on the spawn form, the existing init-container clone flow is reused. For resources with `launchMode: code-server`, the spawner points `AUPLC_CODE_WORKDIR` at the cloned directory or explicit resource target path, and the launcher starts code-server with that folder so it opens the requested workspace. If neither Custom Repo nor `defaultPath` is set, the launcher opens the image `WORKDIR`. The launcher also passes `--ignore-last-opened` so a persisted previous workspace cannot override the requested folder.
157
+
158
+
A direct code-server URL with `?folder=<path>` works when the browser reaches
159
+
the proxied code-server root route. Hub spawn completion, however, redirects the
160
+
browser to the server base URL, and code-server doesn't consume
161
+
`JUPYTERHUB_DEFAULT_URL` by itself. AUPLC therefore keeps `AUPLC_CODE_WORKDIR` as
162
+
the reliable adapter between Hub resource selection and the code-server process.
0 commit comments