New docker stack for a headless kernel. It uses the new kernel gateway to provide websocket access without exposing the whole notebook UI.

Contribution (c) Copyright IBM Corp. 2015
2025-10-13 04:52:57 +00:00 · 2015-10-09 12:35:16 -05:00
parent c922d1f83e
commit 5f4d8225c0
4 changed files with 124 additions and 0 deletions
--- a/minimal-kernel/Dockerfile
+++ b/minimal-kernel/Dockerfile
@@ -0,0 +1,72 @@
+# Copyright (c) Jupyter Development Team.
+FROM debian:jessie
+
+MAINTAINER Jupyter Project <jupyter@googlegroups.com>
+
+USER root
+
+# Install all OS dependencies for fully functional notebook server
+ENV DEBIAN_FRONTEND noninteractive
+RUN apt-get update && apt-get install -yq --no-install-recommends \
+    git \
+    vim \
+    wget \
+    build-essential \
+    python-dev \
+    ca-certificates \
+    bzip2 \
+    unzip \
+    libsm6 \
+    pandoc \
+    sudo \
+    && apt-get clean
+
+# Install Tini
+RUN wget --quiet https://github.com/krallin/tini/releases/download/v0.6.0/tini && \
+    echo "d5ed732199c36a1189320e6c4859f0169e950692f451c03e7854243b95f4234b *tini" | sha256sum -c - && \
+    mv tini /usr/local/bin/tini && \
+    chmod +x /usr/local/bin/tini
+
+# Configure environment
+ENV CONDA_DIR /opt/conda
+ENV PATH $CONDA_DIR/bin:$PATH
+ENV SHELL /bin/bash
+ENV NB_USER jovyan
+ENV NB_UID 1000
+
+# Install conda
+RUN mkdir -p $CONDA_DIR && \
+    echo export PATH=$CONDA_DIR/bin:'$PATH' > /etc/profile.d/conda.sh && \
+    wget --quiet https://repo.continuum.io/miniconda/Miniconda3-3.9.1-Linux-x86_64.sh && \
+    echo "6c6b44acdd0bc4229377ee10d52c8ac6160c336d9cdd669db7371aa9344e1ac3 *Miniconda3-3.9.1-Linux-x86_64.sh" | sha256sum -c - && \
+    /bin/bash /Miniconda3-3.9.1-Linux-x86_64.sh -f -b -p $CONDA_DIR && \
+    rm Miniconda3-3.9.1-Linux-x86_64.sh && \
+    $CONDA_DIR/bin/conda install --yes conda==3.14.1
+
+# Create jovyan user with UID=1000 and in the 'users' group
+# Grant ownership over the conda dir and home dir, but stick the group as root.
+RUN useradd -m -s /bin/bash -N -u $NB_UID $NB_USER && \
+    mkdir /home/$NB_USER/work && \
+    mkdir /home/$NB_USER/.jupyter && \
+    mkdir /home/$NB_USER/.local && \
+    chown -R $NB_USER:users $CONDA_DIR && \
+    chown -R $NB_USER:users /home/$NB_USER
+
+# Install Kernel Gateway
+RUN cd /tmp && \
+    git clone https://github.com/jupyter-incubator/kernel_gateway.git && \
+    cd kernel_gateway && \
+    python setup.py sdist && \
+    pip install dist/kernel_gateway-*.tar.gz && \
+    rm -rf /tmp/kernel_gateway
+
+# Configure container startup
+EXPOSE 8888
+WORKDIR /home/$NB_USER/work
+ENTRYPOINT ["tini", "--"]
+CMD ["start.sh"]
+
+# Add local files as late as possible to avoid cache busting
+COPY start.sh /usr/local/bin/
+COPY jupyter_kernel_gateway_config.py /home/$NB_USER/.jupyter/
+RUN chown -R $NB_USER:users /home/$NB_USER/.jupyter
--- a/minimal-kernel/README.md
+++ b/minimal-kernel/README.md
@@ -0,0 +1,29 @@
+# Kernel Gateway Stack
+
+## What it Gives You
+* [Jupyter Kernel Gateway](https://github.com/jupyter-incubator/kernel_gateway) that spawns minimal Jupyter Python kernel
+* Conda Python 3.4.x
+* No preinstalled scientific computing packages
+* Unprivileged user `jovyan` (uid=1000, configurable, see options) in group `users` (gid=100) with ownership over `/home/jovyan` and `/opt/conda`
+* [tini](https://github.com/krallin/tini) as the container entrypoint and [start.sh](./start.sh) as the default command
+* Options for Port and Ip address
+
+
+## Basic Use
+
+The following command starts a container with the Kernel Gateway server listening for HTTP connections on port 8888.
+
+```
+docker run -d -p 8888:8888 jupyter/minimal-kernel
+```
+
+## Docker Options
+
+You may customize the execution of the Docker container and the Notebook server it contains with the following optional arguments.
+
+* `-e INTERFACE=10.10.10.10` - Configures Kernel Gateway to listen on the given interface. Defaults to '0.0.0.0', all interfaces, which is appropriate when running using default bridged Docker networking. When using Docker's `--net=host`, you may wish to use this option to specify a particular network interface.
+* `-e PORT=8888` - Configures Kernel Gateway to listen on the given port. Defaults to 8888, which is the port exposed within the Dockerfile for the image. When using Docker's `--net=host`, you may wish to use this option to specify a particular port.
+
+## Conda Environment
+
+The default Python 3.x [Conda environment](http://conda.pydata.org/docs/using/envs.html) resides in `/opt/conda`. The commands `ipython`, `python`, `pip`, `easy_install`, and `conda` (among others) are available in this environment.
--- a/minimal-kernel/jupyter_kernel_gateway_config.py
+++ b/minimal-kernel/jupyter_kernel_gateway_config.py
@@ -0,0 +1,7 @@
+# Copyright (c) Jupyter Development Team.
+
+import os
+
+c = get_config()
+c.KernelGatewayApp.ip = os.getenv('INTERFACE', '') or '0.0.0.0'
+c.KernelGatewayApp.port = int(os.getenv('PORT', '') or 8888)
--- a/minimal-kernel/start.sh
+++ b/minimal-kernel/start.sh
@@ -0,0 +1,16 @@
+#!/bin/bash
+
+# Change UID of NB_USER to NB_UID if it does not match
+if [ "$NB_UID" != $(id -u $NB_USER) ] ; then
+    usermod -u $NB_UID $NB_USER
+    chown -R $NB_UID $CONDA_DIR
+fi
+
+# Enable sudo if requested
+if [ ! -z "$GRANT_SUDO" ]; then
+    echo "$NB_USER ALL=(ALL) NOPASSWD:ALL" > /etc/sudoers.d/notebook
+fi
+
+# Start the notebook server
+exec su $NB_USER -c "env PATH=$PATH jupyter kernelgateway $@"
+