From be1d57ce26804edebaf5c3606d417ff0e638267c Mon Sep 17 00:00:00 2001 From: Silva Alejandro Ismael Date: Thu, 14 Dec 2023 13:24:08 -0300 Subject: [PATCH] Add staging and prod hubs to earthscope cluster --- config/clusters/earthscope/cluster.yaml | 18 ++- config/clusters/earthscope/common.values.yaml | 127 ++++++++++++++++-- .../earthscope/enc-prod.secret.values.yaml | 21 +++ .../earthscope/enc-staging.secret.values.yaml | 21 +++ config/clusters/earthscope/prod.values.yaml | 16 +++ .../clusters/earthscope/staging.values.yaml | 16 +++ 6 files changed, 206 insertions(+), 13 deletions(-) create mode 100644 config/clusters/earthscope/enc-prod.secret.values.yaml create mode 100644 config/clusters/earthscope/enc-staging.secret.values.yaml create mode 100644 config/clusters/earthscope/prod.values.yaml create mode 100644 config/clusters/earthscope/staging.values.yaml diff --git a/config/clusters/earthscope/cluster.yaml b/config/clusters/earthscope/cluster.yaml index 6c87d543e..0ba2dc184 100644 --- a/config/clusters/earthscope/cluster.yaml +++ b/config/clusters/earthscope/cluster.yaml @@ -9,4 +9,20 @@ support: helm_chart_values_files: - support.values.yaml - enc-support.secret.values.yaml -hubs: [] +hubs: + - name: staging + display_name: "EarthScope (staging)" + domain: staging.earthscope.2i2c.cloud + helm_chart: daskhub + helm_chart_values_files: + - common.values.yaml + - staging.values.yaml + - enc-staging.secret.values.yaml + - name: prod + display_name: "EarthScope (prod)" + domain: earthscope.2i2c.cloud + helm_chart: daskhub + helm_chart_values_files: + - common.values.yaml + - prod.values.yaml + - enc-prod.secret.values.yaml diff --git a/config/clusters/earthscope/common.values.yaml b/config/clusters/earthscope/common.values.yaml index 09fddb90e..f1a527c3a 100644 --- a/config/clusters/earthscope/common.values.yaml +++ b/config/clusters/earthscope/common.values.yaml @@ -1,12 +1,115 @@ -nfs: - pv: - # from https://docs.aws.amazon.com/efs/latest/ug/mounting-fs-nfs-mount-settings.html - mountOptions: - - rsize=1048576 - - wsize=1048576 - - timeo=600 - - soft # We pick soft over hard, so NFS lockups don't lead to hung processes - - retrans=2 - - noresvport - serverIP: fs-08e7747330d833d82.efs.us-east-2.amazonaws.com - baseShareName: / +basehub: + nfs: + pv: + # from https://docs.aws.amazon.com/efs/latest/ug/mounting-fs-nfs-mount-settings.html + mountOptions: + - rsize=1048576 + - wsize=1048576 + - timeo=600 + - soft # We pick soft over hard, so NFS lockups don't lead to hung processes + - retrans=2 + - noresvport + serverIP: fs-08e7747330d833d82.efs.us-east-2.amazonaws.com + baseShareName: / + jupyterhub: + custom: + 2i2c: + add_staff_user_ids_to_admin_users: true + add_staff_user_ids_of_type: "google" + homepage: + templateVars: + org: + url: https://www.earthscope.org/ + logo_url: https://drive.google.com/uc?export=view&id=1UUStqv7PBcxiIkzECUFKIdQKKIU8mXeb + designed_by: + name: "2i2c" + url: https://2i2c.org + operated_by: + name: "2i2c" + url: https://2i2c.org + funded_by: + name: "EarthScope Consortium" + url: https://www.earthscope.org/ + hub: + config: + JupyterHub: + authenticator_class: cilogon + CILogonOAuthenticator: + allowed_idps: + http://github.com/login/oauth/authorize: + default: true + username_derivation: + username_claim: "preferred_username" + http://google.com/accounts/o8/id: + username_derivation: + username_claim: email + Authenticator: + admin_users: + - timdittmann + - chad-earthscope + singleuser: + profileList: + - display_name: "Shared Small: 1-4 CPU, 8-32 GB" + description: "A shared machine, the recommended option until you experience a limitation." + profile_options: &profile_options + image: + display_name: Image + unlisted_choice: + enabled: True + display_name: "Custom image" + validation_regex: "^.+:.+$" + validation_message: "Must be a publicly available docker image, of form :" + kubespawner_override: + image: "{value}" + choices: + jupyter-scipy: + display_name: Jupyter + slug: jupyter-scipy + kubespawner_override: + image: jupyter/scipy-notebook:2023-06-27 + rocker-geospatial: + display_name: RStudio + slug: rocker-geospatial + kubespawner_override: + image: rocker/binder:4.3 + # Launch into RStudio after the user logs in + default_url: /rstudio + # Ensures container working dir is homedir + # https://github.com/2i2c-org/infrastructure/issues/2559 + working_dir: /home/rstudio + kubespawner_override: + mem_guarantee: 7.234G + cpu_guarantee: 0.1 + mem_limit: null + node_selector: + node.kubernetes.io/instance-type: r5.xlarge + + - display_name: "Small: 4 CPU, 32 GB" + description: "A dedicated machine for you." + profile_options: *profile_options + kubespawner_override: + mem_guarantee: 28.937G + cpu_guarantee: 0.4 + mem_limit: null + node_selector: + node.kubernetes.io/instance-type: r5.xlarge + + - display_name: "Medium: 16 CPU, 128 GB" + description: "A dedicated machine for you." + profile_options: *profile_options + kubespawner_override: + mem_guarantee: 120.513G + cpu_guarantee: 1.6 + mem_limit: null + node_selector: + node.kubernetes.io/instance-type: r5.4xlarge + + - display_name: "Large: 64 CPU, 512 GB" + description: "A dedicated machine for you" + profile_options: *profile_options + kubespawner_override: + mem_guarantee: 489.13G + cpu_guarantee: 6.4 + mem_limit: null + node_selector: + node.kubernetes.io/instance-type: r5.16xlarge diff --git a/config/clusters/earthscope/enc-prod.secret.values.yaml b/config/clusters/earthscope/enc-prod.secret.values.yaml new file mode 100644 index 000000000..323551895 --- /dev/null +++ b/config/clusters/earthscope/enc-prod.secret.values.yaml @@ -0,0 +1,21 @@ +basehub: + jupyterhub: + hub: + config: + CILogonOAuthenticator: + client_id: ENC[AES256_GCM,data:1C0ercYZjjc63vTPPcVa7B0Y1bnuawg854Yf3Kl4UnJ0gYuqem+zuv1lQfOzU8zKXy5L,iv:2IZjb7WzomJg8I9uDDXINjULJPXUBfJCldMOxH+B8tA=,tag:Dv1xaVkDCpI7/GLuGv6GzA==,type:str] + client_secret: ENC[AES256_GCM,data:2mGbTTnKcVZp57ZX2Tj2o+j2y0NfABPtTiV6sw3oWlR/t7w4fiFkSK9cyArnJwQfRjWc6M6NNB50A3zWZrKaoPLRj8Afiq8pFTjtRZnZGe5g4h2mXYg=,iv:xmJEHc2V0aG1KEh2eAPj80tZoNzFnBz42QdCSmzO2mc=,tag:+48SuYVdlJCizaYVMn9hrA==,type:str] +sops: + kms: [] + gcp_kms: + - resource_id: projects/two-eye-two-see/locations/global/keyRings/sops-keys/cryptoKeys/similar-hubs + created_at: "2023-12-14T18:24:33Z" + enc: CiUA4OM7eKr6IJS10QOinx3kZfdMUdO4HmyV6U+JIe+s7IqTAm1DEkkAjTWv+ifsDVRYeh6Gdg0+tLE53DfZfJP0xHGuo6yxdoREE2FGKpodr42/SaaTUt2k5zKlg6k9tOe4FgmRGCT5JjIltibg5hwU + azure_kv: [] + hc_vault: [] + age: [] + lastmodified: "2023-12-14T18:24:34Z" + mac: ENC[AES256_GCM,data:0Kde6XE/A7k9CwhxQFsa3I61ohr9WN7AO2haWkFETpDG+jXtU5MYkrScbwnlayLa0vM6vk2OfUxR6LrB9jPcxTx8+n2Pqx6kPTzgr8a8ORhG4xc6Lqj0a1KyDMdnGi5beqoXSxolPyd1mnSTAFAVIGwle37Gg0fIr0VFii9lsfQ=,iv:gPVYPvyTEriA9sxbmtMRo611b5dB5idYa0J+DtEYcaY=,tag:RNOItHNKtUGZ/UgfT1Ea2Q==,type:str] + pgp: [] + unencrypted_suffix: _unencrypted + version: 3.8.1 diff --git a/config/clusters/earthscope/enc-staging.secret.values.yaml b/config/clusters/earthscope/enc-staging.secret.values.yaml new file mode 100644 index 000000000..bab6d9977 --- /dev/null +++ b/config/clusters/earthscope/enc-staging.secret.values.yaml @@ -0,0 +1,21 @@ +basehub: + jupyterhub: + hub: + config: + CILogonOAuthenticator: + client_id: ENC[AES256_GCM,data:Lv/25K0A8CZs6dK20mujkn536hpreimP/MUqGOJ4cpXLTFnJNRmGkN7mYPC2klalEKcn,iv:nj4b7Y75A9wgg+w2XBas17Cs8Az3AzDkeO9u1ZwI1Jo=,tag:gCMMoa3iQWVRQvTQkCIkAg==,type:str] + client_secret: ENC[AES256_GCM,data:EAD3iQGXs7soD4VxRXol2YuuJBmOpDBbX5Cg+VyTk7xA7Jn715vZMNBeOKtal1a6kzyds3tuw+h+DWsF3Dod2MxHS7H4FARHLopP9xuAvS6Tw3mZZ28=,iv:F8CqwLYz7WR5qge0Yj91aU/w5pj6fiEaBvndVe4zvG4=,tag:60BekNlkRhf2a3Nkvo1kWg==,type:str] +sops: + kms: [] + gcp_kms: + - resource_id: projects/two-eye-two-see/locations/global/keyRings/sops-keys/cryptoKeys/similar-hubs + created_at: "2023-12-14T18:42:48Z" + enc: CiUA4OM7eGqP+F9UNcdWkWcEANT1YIeSiFyzogRgfD+PMhJISk+lEkkAjTWv+sk2C+z/gAjXwaTvoJEJKeuCyiegMLu8QTkJ1KCtcQEU52qv/gm6HvBAlQAnTUKxpQFejxzGOp/8+FNCZiAuaT2hHq1D + azure_kv: [] + hc_vault: [] + age: [] + lastmodified: "2023-12-14T18:42:52Z" + mac: ENC[AES256_GCM,data:DWO/hv47PbcFx8NATfOJrLUMkOV3dTUzr53nUtpDge+NseEOSoMKeEWz1L7jWYhM+Iga05csm78BT9c3gI921dKlOXRJ6fn1e5guxqKPOAuZugbWUeEqGa8Z26sAwuSRXIZyWiWDJZJThsNk4+s0s7vZmXcrGHGjWA3eCEvTwxE=,iv:9QDeyrmE0euFgqcvZMCuubNA44YB8x2Sa1CqEGJjKjM=,tag:qj5ZnX1TS2Lt4QbXuJFB0Q==,type:str] + pgp: [] + unencrypted_suffix: _unencrypted + version: 3.8.1 diff --git a/config/clusters/earthscope/prod.values.yaml b/config/clusters/earthscope/prod.values.yaml new file mode 100644 index 000000000..a850dd41e --- /dev/null +++ b/config/clusters/earthscope/prod.values.yaml @@ -0,0 +1,16 @@ +basehub: + jupyterhub: + ingress: + hosts: [earthscope.2i2c.cloud] + tls: + - hosts: [earthscope.2i2c.cloud] + secretName: https-auto-tls + custom: + homepage: + templateVars: + org: + name: "EarthScope" + hub: + config: + CILogonOAuthenticator: + oauth_callback_url: https://earthscope.2i2c.cloud/hub/oauth_callback diff --git a/config/clusters/earthscope/staging.values.yaml b/config/clusters/earthscope/staging.values.yaml new file mode 100644 index 000000000..bb621d843 --- /dev/null +++ b/config/clusters/earthscope/staging.values.yaml @@ -0,0 +1,16 @@ +basehub: + jupyterhub: + ingress: + hosts: [staging.earthscope.2i2c.cloud] + tls: + - hosts: [staging.earthscope.2i2c.cloud] + secretName: https-auto-tls + custom: + homepage: + templateVars: + org: + name: "EarthScope staging" + hub: + config: + CILogonOAuthenticator: + oauth_callback_url: https://staging.earthscope.2i2c.cloud/hub/oauth_callback