Skip to content

Commit

Permalink
Merge pull request #5236 from GeorgianaElena/maap-hubs
Browse files Browse the repository at this point in the history
[maap] Add staging and prod hubs
  • Loading branch information
GeorgianaElena authored Dec 5, 2024
2 parents bd162e1 + a21f081 commit 47aa382
Show file tree
Hide file tree
Showing 7 changed files with 524 additions and 23 deletions.
39 changes: 16 additions & 23 deletions config/clusters/maap/cluster.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -12,26 +12,19 @@ support:
- support.values.yaml
- enc-support.secret.values.yaml
hubs:
[]
# Uncomment the lines below once the support infrastructure was deployed and
# you are ready to add the first cluster

# - name: staging
# # Tip: consider changing this to something more human friendly
# display_name: "maap - staging"
# domain: staging.maap.2i2c.cloud
# helm_chart: basehub
# helm_chart_values_files:
# - common.values.yaml
# - staging.values.yaml
# - enc-staging.secret.values.yaml

# - name: prod
# # Tip: consider changing this to something more human friendly
# display_name: "maap - prod"
# domain: prod.maap.2i2c.cloud
# helm_chart: basehub
# helm_chart_values_files:
# - common.values.yaml
# - prod.values.yaml
# - enc-prod.secret.values.yaml
- name: staging
display_name: "MAAP - staging"
domain: staging.hub.maap.2i2c.cloud
helm_chart: basehub
helm_chart_values_files:
- common.values.yaml
- staging.values.yaml
- enc-staging.secret.values.yaml
- name: prod
display_name: "MAAP - prod"
domain: hub.maap.2i2c.cloud
helm_chart: basehub
helm_chart_values_files:
- common.values.yaml
- prod.values.yaml
- enc-prod.secret.values.yaml
285 changes: 285 additions & 0 deletions config/clusters/maap/common.values.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,285 @@
nfs:
enabled: true
volumeReporter:
enabled: false
pv:
enabled: true
# from https://docs.aws.amazon.com/efs/latest/ug/mounting-fs-nfs-mount-settings.html
mountOptions:
- rsize=1048576
- wsize=1048576
- timeo=600
- soft # We pick soft over hard, so NFS lockups don't lead to hung processes
- retrans=2
- noresvport
baseShareName: /
dask-gateway:
enabled: true
jupyterhub:
custom:
daskhubSetup:
enabled: true
2i2c:
add_staff_user_ids_to_admin_users: true
add_staff_user_ids_of_type: "github"
jupyterhubConfigurator:
enabled: false
homepage:
templateVars:
org:
name: "The Multi-Mission Algorithm and Analysis Platform (MAAP)Project"
logo_url: https://maap-project.org/wp-content/uploads/2021/10/nasamaaplogo3.png
url: https://maap-project.org/
designed_by:
name: "2i2c"
url: https://2i2c.org
operated_by:
name: "2i2c"
url: https://2i2c.org
funded_by:
name: "NASA"
url: https://www.earthdata.nasa.gov/esds
hub:
allowNamedServers: true
config:
JupyterHub:
authenticator_class: github
GitHubOAuthenticator:
populate_teams_in_auth_state: true
allowed_organizations:
- MAAP-Project:data
- MAAP-Project:maap-all
- MAAP-Project:platform
- MAAP-Project:gpu
scope:
- read:org
Authenticator:
enable_auth_state: true
admin_users:
- freitagb
- wildintellect
singleuser:
cloudMetadata:
blockWithIptables: false
defaultUrl: /lab
initContainers:
- &volume_ownership_fix_initcontainer
name: volume-mount-ownership-fix
image: busybox:1.36.1
command:
- sh
- -c
- id && chown 1000:1000 /home/jovyan /home/jovyan/shared /home/jovyan/shared-public && ls -lhd /home/jovyan
securityContext:
runAsUser: 0
volumeMounts:
- name: home
mountPath: /home/jovyan
subPath: "{username}"
# Mounted without readonly attribute here,
# so we can chown it appropriately
- name: home
mountPath: /home/jovyan/shared
subPath: _shared
- name: home
mountPath: /home/jovyan/shared-public
subPath: _shared-public
storage:
extraVolumeMounts:
- name: home
mountPath: /home/jovyan/shared-public
subPath: _shared-public
readOnly: false
- name: home
mountPath: /home/rstudio/shared-public
subPath: _shared-public
readOnly: false
- name: home
mountPath: /home/jovyan/shared
subPath: _shared
readOnly: true
- name: dev-shm
mountPath: /dev/shm
profileList:
- display_name: Choose your environment and resources
default: true
profile_options:
image:
display_name: Environment
dynamic_image_building:
enabled: true
unlisted_choice:
enabled: True
display_name: "Custom image"
validation_regex: "^.+:.+$"
validation_message: "Must be a publicly available docker image, of form <image-name>:<tag>"
kubespawner_override:
image: "{value}"
choices:
01-modify-pangeo:
display_name: Modified Pangeo Notebook
description: Pangeo based notebook with a Python environment
kubespawner_override:
image: public.ecr.aws/nasa-veda/pangeo-notebook-veda-image:2024.08.18-v1
init_containers:
# Need to explicitly fix ownership here, as otherwise these directories will be owned
# by root on most NFS filesystems - neither EFS nor Google Filestore support anonuid
- *volume_ownership_fix_initcontainer
# this container uses nbgitpuller to mount https://github.com/NASA-IMPACT/veda-docs/ for user pods
# image source: https://github.com/NASA-IMPACT/jupyterhub-gitpuller-init
- name: jupyterhub-gitpuller-init
image: public.ecr.aws/nasa-veda/jupyterhub-gitpuller-init:97eb45f9d23b128aff810e45911857d5cffd05c2
env:
- name: TARGET_PATH
value: veda-docs
- name: SOURCE_REPO
value: "https://github.com/NASA-IMPACT/veda-docs"
volumeMounts:
- name: home
mountPath: /home/jovyan
subPath: "{username}"
securityContext:
runAsUser: 1000
runAsGroup: 1000
02-rocker:
display_name: Rocker Geospatial with RStudio
description: R environment with many geospatial libraries pre-installed
kubespawner_override:
image: rocker/binder:4.3
image_pull_policy: Always
# Launch RStudio after the user logs in
default_url: /rstudio
# Ensures container working dir is homedir
# https://github.com/2i2c-org/infrastructure/issues/2559
working_dir: /home/rstudio
03-qgis:
display_name: QGIS on Linux Desktop
description: Linux desktop in the browser, with qgis installed
kubespawner_override:
# Launch people directly into the Linux desktop when they start
default_url: /desktop
# Built from https://github.com/2i2c-org/nasa-qgis-image
image: quay.io/2i2c/nasa-qgis-image:d76118ea0c15
resource_allocation:
display_name: Resource Allocation
choices:
mem_1_9:
display_name: 1.9 GB RAM, upto 3.7 CPUs
kubespawner_override:
mem_guarantee: 1991244775
mem_limit: 1991244775
cpu_guarantee: 0.2328125
cpu_limit: 3.725
node_selector:
node.kubernetes.io/instance-type: r5.xlarge
default: true
mem_3_7:
display_name: 3.7 GB RAM, upto 3.7 CPUs
kubespawner_override:
mem_guarantee: 3982489550
mem_limit: 3982489550
cpu_guarantee: 0.465625
cpu_limit: 3.725
node_selector:
node.kubernetes.io/instance-type: r5.xlarge
mem_7_4:
display_name: 7.4 GB RAM, upto 3.7 CPUs
kubespawner_override:
mem_guarantee: 7964979101
mem_limit: 7964979101
cpu_guarantee: 0.93125
cpu_limit: 3.725
node_selector:
node.kubernetes.io/instance-type: r5.xlarge
mem_14_8:
display_name: 14.8 GB RAM, upto 3.7 CPUs
kubespawner_override:
mem_guarantee: 15929958203
mem_limit: 15929958203
cpu_guarantee: 1.8625
cpu_limit: 3.725
node_selector:
node.kubernetes.io/instance-type: r5.xlarge
mem_29_7:
display_name: 29.7 GB RAM, upto 3.7 CPUs
kubespawner_override:
mem_guarantee: 31859916406
mem_limit: 31859916406
cpu_guarantee: 3.725
cpu_limit: 3.725
node_selector:
node.kubernetes.io/instance-type: r5.xlarge
mem_60_6:
display_name: 60.6 GB RAM, upto 15.6 CPUs
kubespawner_override:
mem_guarantee: 65094448840
mem_limit: 65094448840
cpu_guarantee: 7.8475
cpu_limit: 15.695
node_selector:
node.kubernetes.io/instance-type: r5.4xlarge
mem_121_2:
display_name: 121.2 GB RAM, upto 15.6 CPUs
kubespawner_override:
mem_guarantee: 130188897681
mem_limit: 130188897681
cpu_guarantee: 15.695
cpu_limit: 15.695
node_selector:
node.kubernetes.io/instance-type: r5.4xlarge
- display_name: NVIDIA Tesla T4, ~16 GB, ~4 CPUs
description: "Start a container on a dedicated node with a GPU"
slug: "gpu"
allowed_groups:
- 2i2c-org:hub-access-for-2i2c-staff
- MAAP-Project:gpu
profile_options:
image:
display_name: Environment
dynamic_image_building:
enabled: true
unlisted_choice:
enabled: true
display_name: "Custom image"
validation_regex: "^.+:.+$"
validation_message: "Must be a publicly available docker image of form <image-name>:<tag>"
kubespawner_override:
image: "{value}"
choices:
pytorch:
display_name: Pangeo PyTorch ML Notebook
default: false
slug: "pytorch"
kubespawner_override:
image: "quay.io/pangeo/pytorch-notebook:2024.11.11"
tensorflow2:
display_name: Pangeo Tensorflow2 ML Notebook
default: true
slug: "tensorflow2"
kubespawner_override:
image: "quay.io/pangeo/ml-notebook:2024.11.11"
kubespawner_override:
environment:
NVIDIA_DRIVER_CAPABILITIES: compute,utility
mem_limit: null
mem_guarantee: 14G
node_selector:
node.kubernetes.io/instance-type: g4dn.xlarge
extra_resource_limits:
nvidia.com/gpu: "1"

scheduling:
userScheduler:
enabled: true

binderhub-service:
enabled: true
# Explicitly specify what nodes we want for our builds
# Otherwise we may scale up a larger node than needed
dockerApi:
nodeSelector:
node.kubernetes.io/instance-type: r5.xlarge
config:
KubernetesBuildExecutor:
node_selector:
node.kubernetes.io/instance-type: r5.xlarge
15 changes: 15 additions & 0 deletions config/clusters/maap/enc-grafana-token.secret.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,15 @@
grafana_token: ENC[AES256_GCM,data:JK3SCP6n4xnVIrfHNshsBa9jZ3du/cJMHtjVfCUyyGR3suJiu//vbcNI+F0f4g==,iv:usVO4kJ2h6h+AKtjpvx7yIHlf1luhZxkpN4S1eN5SbI=,tag:8Yx3e2VmZFnQvg0SfOGbrA==,type:str]
sops:
kms: []
gcp_kms:
- resource_id: projects/two-eye-two-see/locations/global/keyRings/sops-keys/cryptoKeys/similar-hubs
created_at: "2024-12-05T09:01:44Z"
enc: CiUA4OM7eGy0RJQC6pst8e8nNBK+GLL7dLDYCLmAdHvG9G/cG9WHEkkAnGhyNggsDFpcnzfY2IFQeB4c6IIJDwWTFxyIZ+G6W9S2ZSnG1cySSzAIgABqr5C285Zj1IXKYxtqNsr5tyhssXNhNTLhY3aZ
azure_kv: []
hc_vault: []
age: []
lastmodified: "2024-12-05T09:01:44Z"
mac: ENC[AES256_GCM,data:pBAmQAHXVZiXA8uB0ZZfYaJVRPNOOkEgc9MQHO/3YYuPwuc8hb0EP7IZREpkTxD7cRosAlTPovWq8++MROmsj/LI4M9XuQn1PwrKtMS0tBdDZnm8z2KHdnwwzEqpKB1wkyVLSNleqJHLDChuGjylhltFmSWoNrX2srTebgxqAe4=,iv:Lhc2RRqthvjEwSBOYMJmdCDz7C6If5kLwKPxBHW8dWc=,tag:AfeasGMp2P6uf9YhlZbNrw==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.8.1
31 changes: 31 additions & 0 deletions config/clusters/maap/enc-prod.secret.values.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,31 @@
jupyterhub:
hub:
config:
GitHubOAuthenticator:
client_id: ENC[AES256_GCM,data:SKjWcoVyc0Cep3e+bcW8cEaRlkk=,iv:+aXSXE9+hw1zW/kF6V/gNSR8YhTmEa7o4eJLYa80RGo=,tag:6ePElT0HaTiCKfpQLo3zDA==,type:str]
client_secret: ENC[AES256_GCM,data:XlxBcGhMNu8v4topVgUDlBAZd1zPWzlNWNf6g9IcqBRBQc6kzFrv4w==,iv:wf0Gn8sJn4nrJFl3eHhYYdO0C5iQD/5rvCgPfqG2Q20=,tag:Ed6qTXg/veJMUSkLhP65pg==,type:str]
imagePullSecret:
create: ENC[AES256_GCM,data:JYeecg==,iv:mRlD75gLu0i3IbHCwXfE5heMIR6zThpydwPTMx/7R4s=,tag:08ZzD7DYcAUI1bLn6Yz31Q==,type:bool]
registry: ENC[AES256_GCM,data:D+YkFNpPgQ==,iv:eyfTrk9SmXwYb0OQXxpalgcHVG8t+9uB4tTeGpJeuy8=,tag:oFLnoyuUQksbV+chemkMlg==,type:str]
username: ENC[AES256_GCM,data:aE4wnNp+ow7+NxMbzIiEXoPxlPYsMhRxcPWRno8kAvk=,iv:zXV5NqtqkD5MX7QV/zDkjGcNfrZtDwH1Ei8HGSEZJlc=,tag:iQrNn4YkuCrTnnL5ujh+WA==,type:str]
password: ENC[AES256_GCM,data:dg+MqXDco31BQA+kGKMLokVclahOdcLiN8udF+NNJYUf8OiJ1bAJf3hTVXEzKCbM0Y6pV9gzTXpgp3Cu22l9ZQ==,iv:Q1ypj9H+R9Kj0wC73YaJrMaTFmtmZLgvDw5KSsSMe+o=,tag:QVPcWdttedRQnu6ZuQwSXA==,type:str]
binderhub-service:
buildPodsRegistryCredentials:
password: ENC[AES256_GCM,data:FtKzW6cHWppcEu9lA4G9eC06jHU6/i9QfUlmzQQKhUTSISI2QX4ho9AFzWQvLiKqICHylJ47DY14QgrFJ/W1xg==,iv:m+DiUsCh7LH+d+TuN4CsTAxT8Y0VfNNTD/4WxMwwvi4=,tag:+lxUp6YNXzNv76kGFqCn1w==,type:str]
config:
DockerRegistry:
password: ENC[AES256_GCM,data:0QKcLMGCwGD32GvRbbrRPRXZBVIS976kZ6mO93OaCIPmZmmG7LMcAwVhXxr3qkfOm/q/lJUfJ3V+MkgOSBWQYw==,iv:JpsDlLIKVguSZLcppbTNMObpAo4yazNns41SibEIt0E=,tag:Tt0UT1Y7bwEdrTHfrK7lTg==,type:str]
sops:
kms: []
gcp_kms:
- resource_id: projects/two-eye-two-see/locations/global/keyRings/sops-keys/cryptoKeys/similar-hubs
created_at: "2024-08-28T17:11:51Z"
enc: CiUA4OM7eE42MAnJnSRbSgcixhYQanLcxwpkon6oodvg2vfsHlPuEkkA5dG1Q+XBCcm6hV3EDD8c3e85Wdjkcv5CgftsEAzTcvFNGuijE6dUcPxi8yRhjELV8cHYPOwXuFUkdlq3L6LekDrzZoda9fjH
azure_kv: []
hc_vault: []
age: []
lastmodified: "2024-12-05T13:23:16Z"
mac: ENC[AES256_GCM,data:cCP8Y5MIe62tonJSs1PmXfhpQxvDl2TuCmlBIDHRXISzAaV5ZjnhS1XCKq5SmcgJNB4Q3eN0/XsX4dA0cSfc1764xgO1DHZ/kKDvSUIt++/zwFXQkHOqx2Rguu4HY3J/mQDrWAONNTjQyIJFtlXE88i8TJq1f2kr2kr6dbVQ7NI=,iv:9BngLFIEL2u61Zf/KiPH6+KreDAiSKCjPGqf/wYIuDE=,tag:UXtqs4CTWdXr4wNGcgXRlQ==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.9.0
Loading

0 comments on commit 47aa382

Please sign in to comment.