-
Notifications
You must be signed in to change notification settings - Fork 65
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #5236 from GeorgianaElena/maap-hubs
[maap] Add staging and prod hubs
- Loading branch information
Showing
7 changed files
with
524 additions
and
23 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,285 @@ | ||
nfs: | ||
enabled: true | ||
volumeReporter: | ||
enabled: false | ||
pv: | ||
enabled: true | ||
# from https://docs.aws.amazon.com/efs/latest/ug/mounting-fs-nfs-mount-settings.html | ||
mountOptions: | ||
- rsize=1048576 | ||
- wsize=1048576 | ||
- timeo=600 | ||
- soft # We pick soft over hard, so NFS lockups don't lead to hung processes | ||
- retrans=2 | ||
- noresvport | ||
baseShareName: / | ||
dask-gateway: | ||
enabled: true | ||
jupyterhub: | ||
custom: | ||
daskhubSetup: | ||
enabled: true | ||
2i2c: | ||
add_staff_user_ids_to_admin_users: true | ||
add_staff_user_ids_of_type: "github" | ||
jupyterhubConfigurator: | ||
enabled: false | ||
homepage: | ||
templateVars: | ||
org: | ||
name: "The Multi-Mission Algorithm and Analysis Platform (MAAP)Project" | ||
logo_url: https://maap-project.org/wp-content/uploads/2021/10/nasamaaplogo3.png | ||
url: https://maap-project.org/ | ||
designed_by: | ||
name: "2i2c" | ||
url: https://2i2c.org | ||
operated_by: | ||
name: "2i2c" | ||
url: https://2i2c.org | ||
funded_by: | ||
name: "NASA" | ||
url: https://www.earthdata.nasa.gov/esds | ||
hub: | ||
allowNamedServers: true | ||
config: | ||
JupyterHub: | ||
authenticator_class: github | ||
GitHubOAuthenticator: | ||
populate_teams_in_auth_state: true | ||
allowed_organizations: | ||
- MAAP-Project:data | ||
- MAAP-Project:maap-all | ||
- MAAP-Project:platform | ||
- MAAP-Project:gpu | ||
scope: | ||
- read:org | ||
Authenticator: | ||
enable_auth_state: true | ||
admin_users: | ||
- freitagb | ||
- wildintellect | ||
singleuser: | ||
cloudMetadata: | ||
blockWithIptables: false | ||
defaultUrl: /lab | ||
initContainers: | ||
- &volume_ownership_fix_initcontainer | ||
name: volume-mount-ownership-fix | ||
image: busybox:1.36.1 | ||
command: | ||
- sh | ||
- -c | ||
- id && chown 1000:1000 /home/jovyan /home/jovyan/shared /home/jovyan/shared-public && ls -lhd /home/jovyan | ||
securityContext: | ||
runAsUser: 0 | ||
volumeMounts: | ||
- name: home | ||
mountPath: /home/jovyan | ||
subPath: "{username}" | ||
# Mounted without readonly attribute here, | ||
# so we can chown it appropriately | ||
- name: home | ||
mountPath: /home/jovyan/shared | ||
subPath: _shared | ||
- name: home | ||
mountPath: /home/jovyan/shared-public | ||
subPath: _shared-public | ||
storage: | ||
extraVolumeMounts: | ||
- name: home | ||
mountPath: /home/jovyan/shared-public | ||
subPath: _shared-public | ||
readOnly: false | ||
- name: home | ||
mountPath: /home/rstudio/shared-public | ||
subPath: _shared-public | ||
readOnly: false | ||
- name: home | ||
mountPath: /home/jovyan/shared | ||
subPath: _shared | ||
readOnly: true | ||
- name: dev-shm | ||
mountPath: /dev/shm | ||
profileList: | ||
- display_name: Choose your environment and resources | ||
default: true | ||
profile_options: | ||
image: | ||
display_name: Environment | ||
dynamic_image_building: | ||
enabled: true | ||
unlisted_choice: | ||
enabled: True | ||
display_name: "Custom image" | ||
validation_regex: "^.+:.+$" | ||
validation_message: "Must be a publicly available docker image, of form <image-name>:<tag>" | ||
kubespawner_override: | ||
image: "{value}" | ||
choices: | ||
01-modify-pangeo: | ||
display_name: Modified Pangeo Notebook | ||
description: Pangeo based notebook with a Python environment | ||
kubespawner_override: | ||
image: public.ecr.aws/nasa-veda/pangeo-notebook-veda-image:2024.08.18-v1 | ||
init_containers: | ||
# Need to explicitly fix ownership here, as otherwise these directories will be owned | ||
# by root on most NFS filesystems - neither EFS nor Google Filestore support anonuid | ||
- *volume_ownership_fix_initcontainer | ||
# this container uses nbgitpuller to mount https://github.com/NASA-IMPACT/veda-docs/ for user pods | ||
# image source: https://github.com/NASA-IMPACT/jupyterhub-gitpuller-init | ||
- name: jupyterhub-gitpuller-init | ||
image: public.ecr.aws/nasa-veda/jupyterhub-gitpuller-init:97eb45f9d23b128aff810e45911857d5cffd05c2 | ||
env: | ||
- name: TARGET_PATH | ||
value: veda-docs | ||
- name: SOURCE_REPO | ||
value: "https://github.com/NASA-IMPACT/veda-docs" | ||
volumeMounts: | ||
- name: home | ||
mountPath: /home/jovyan | ||
subPath: "{username}" | ||
securityContext: | ||
runAsUser: 1000 | ||
runAsGroup: 1000 | ||
02-rocker: | ||
display_name: Rocker Geospatial with RStudio | ||
description: R environment with many geospatial libraries pre-installed | ||
kubespawner_override: | ||
image: rocker/binder:4.3 | ||
image_pull_policy: Always | ||
# Launch RStudio after the user logs in | ||
default_url: /rstudio | ||
# Ensures container working dir is homedir | ||
# https://github.com/2i2c-org/infrastructure/issues/2559 | ||
working_dir: /home/rstudio | ||
03-qgis: | ||
display_name: QGIS on Linux Desktop | ||
description: Linux desktop in the browser, with qgis installed | ||
kubespawner_override: | ||
# Launch people directly into the Linux desktop when they start | ||
default_url: /desktop | ||
# Built from https://github.com/2i2c-org/nasa-qgis-image | ||
image: quay.io/2i2c/nasa-qgis-image:d76118ea0c15 | ||
resource_allocation: | ||
display_name: Resource Allocation | ||
choices: | ||
mem_1_9: | ||
display_name: 1.9 GB RAM, upto 3.7 CPUs | ||
kubespawner_override: | ||
mem_guarantee: 1991244775 | ||
mem_limit: 1991244775 | ||
cpu_guarantee: 0.2328125 | ||
cpu_limit: 3.725 | ||
node_selector: | ||
node.kubernetes.io/instance-type: r5.xlarge | ||
default: true | ||
mem_3_7: | ||
display_name: 3.7 GB RAM, upto 3.7 CPUs | ||
kubespawner_override: | ||
mem_guarantee: 3982489550 | ||
mem_limit: 3982489550 | ||
cpu_guarantee: 0.465625 | ||
cpu_limit: 3.725 | ||
node_selector: | ||
node.kubernetes.io/instance-type: r5.xlarge | ||
mem_7_4: | ||
display_name: 7.4 GB RAM, upto 3.7 CPUs | ||
kubespawner_override: | ||
mem_guarantee: 7964979101 | ||
mem_limit: 7964979101 | ||
cpu_guarantee: 0.93125 | ||
cpu_limit: 3.725 | ||
node_selector: | ||
node.kubernetes.io/instance-type: r5.xlarge | ||
mem_14_8: | ||
display_name: 14.8 GB RAM, upto 3.7 CPUs | ||
kubespawner_override: | ||
mem_guarantee: 15929958203 | ||
mem_limit: 15929958203 | ||
cpu_guarantee: 1.8625 | ||
cpu_limit: 3.725 | ||
node_selector: | ||
node.kubernetes.io/instance-type: r5.xlarge | ||
mem_29_7: | ||
display_name: 29.7 GB RAM, upto 3.7 CPUs | ||
kubespawner_override: | ||
mem_guarantee: 31859916406 | ||
mem_limit: 31859916406 | ||
cpu_guarantee: 3.725 | ||
cpu_limit: 3.725 | ||
node_selector: | ||
node.kubernetes.io/instance-type: r5.xlarge | ||
mem_60_6: | ||
display_name: 60.6 GB RAM, upto 15.6 CPUs | ||
kubespawner_override: | ||
mem_guarantee: 65094448840 | ||
mem_limit: 65094448840 | ||
cpu_guarantee: 7.8475 | ||
cpu_limit: 15.695 | ||
node_selector: | ||
node.kubernetes.io/instance-type: r5.4xlarge | ||
mem_121_2: | ||
display_name: 121.2 GB RAM, upto 15.6 CPUs | ||
kubespawner_override: | ||
mem_guarantee: 130188897681 | ||
mem_limit: 130188897681 | ||
cpu_guarantee: 15.695 | ||
cpu_limit: 15.695 | ||
node_selector: | ||
node.kubernetes.io/instance-type: r5.4xlarge | ||
- display_name: NVIDIA Tesla T4, ~16 GB, ~4 CPUs | ||
description: "Start a container on a dedicated node with a GPU" | ||
slug: "gpu" | ||
allowed_groups: | ||
- 2i2c-org:hub-access-for-2i2c-staff | ||
- MAAP-Project:gpu | ||
profile_options: | ||
image: | ||
display_name: Environment | ||
dynamic_image_building: | ||
enabled: true | ||
unlisted_choice: | ||
enabled: true | ||
display_name: "Custom image" | ||
validation_regex: "^.+:.+$" | ||
validation_message: "Must be a publicly available docker image of form <image-name>:<tag>" | ||
kubespawner_override: | ||
image: "{value}" | ||
choices: | ||
pytorch: | ||
display_name: Pangeo PyTorch ML Notebook | ||
default: false | ||
slug: "pytorch" | ||
kubespawner_override: | ||
image: "quay.io/pangeo/pytorch-notebook:2024.11.11" | ||
tensorflow2: | ||
display_name: Pangeo Tensorflow2 ML Notebook | ||
default: true | ||
slug: "tensorflow2" | ||
kubespawner_override: | ||
image: "quay.io/pangeo/ml-notebook:2024.11.11" | ||
kubespawner_override: | ||
environment: | ||
NVIDIA_DRIVER_CAPABILITIES: compute,utility | ||
mem_limit: null | ||
mem_guarantee: 14G | ||
node_selector: | ||
node.kubernetes.io/instance-type: g4dn.xlarge | ||
extra_resource_limits: | ||
nvidia.com/gpu: "1" | ||
|
||
scheduling: | ||
userScheduler: | ||
enabled: true | ||
|
||
binderhub-service: | ||
enabled: true | ||
# Explicitly specify what nodes we want for our builds | ||
# Otherwise we may scale up a larger node than needed | ||
dockerApi: | ||
nodeSelector: | ||
node.kubernetes.io/instance-type: r5.xlarge | ||
config: | ||
KubernetesBuildExecutor: | ||
node_selector: | ||
node.kubernetes.io/instance-type: r5.xlarge |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,15 @@ | ||
grafana_token: ENC[AES256_GCM,data:JK3SCP6n4xnVIrfHNshsBa9jZ3du/cJMHtjVfCUyyGR3suJiu//vbcNI+F0f4g==,iv:usVO4kJ2h6h+AKtjpvx7yIHlf1luhZxkpN4S1eN5SbI=,tag:8Yx3e2VmZFnQvg0SfOGbrA==,type:str] | ||
sops: | ||
kms: [] | ||
gcp_kms: | ||
- resource_id: projects/two-eye-two-see/locations/global/keyRings/sops-keys/cryptoKeys/similar-hubs | ||
created_at: "2024-12-05T09:01:44Z" | ||
enc: CiUA4OM7eGy0RJQC6pst8e8nNBK+GLL7dLDYCLmAdHvG9G/cG9WHEkkAnGhyNggsDFpcnzfY2IFQeB4c6IIJDwWTFxyIZ+G6W9S2ZSnG1cySSzAIgABqr5C285Zj1IXKYxtqNsr5tyhssXNhNTLhY3aZ | ||
azure_kv: [] | ||
hc_vault: [] | ||
age: [] | ||
lastmodified: "2024-12-05T09:01:44Z" | ||
mac: ENC[AES256_GCM,data:pBAmQAHXVZiXA8uB0ZZfYaJVRPNOOkEgc9MQHO/3YYuPwuc8hb0EP7IZREpkTxD7cRosAlTPovWq8++MROmsj/LI4M9XuQn1PwrKtMS0tBdDZnm8z2KHdnwwzEqpKB1wkyVLSNleqJHLDChuGjylhltFmSWoNrX2srTebgxqAe4=,iv:Lhc2RRqthvjEwSBOYMJmdCDz7C6If5kLwKPxBHW8dWc=,tag:AfeasGMp2P6uf9YhlZbNrw==,type:str] | ||
pgp: [] | ||
unencrypted_suffix: _unencrypted | ||
version: 3.8.1 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,31 @@ | ||
jupyterhub: | ||
hub: | ||
config: | ||
GitHubOAuthenticator: | ||
client_id: ENC[AES256_GCM,data:SKjWcoVyc0Cep3e+bcW8cEaRlkk=,iv:+aXSXE9+hw1zW/kF6V/gNSR8YhTmEa7o4eJLYa80RGo=,tag:6ePElT0HaTiCKfpQLo3zDA==,type:str] | ||
client_secret: ENC[AES256_GCM,data:XlxBcGhMNu8v4topVgUDlBAZd1zPWzlNWNf6g9IcqBRBQc6kzFrv4w==,iv:wf0Gn8sJn4nrJFl3eHhYYdO0C5iQD/5rvCgPfqG2Q20=,tag:Ed6qTXg/veJMUSkLhP65pg==,type:str] | ||
imagePullSecret: | ||
create: ENC[AES256_GCM,data:JYeecg==,iv:mRlD75gLu0i3IbHCwXfE5heMIR6zThpydwPTMx/7R4s=,tag:08ZzD7DYcAUI1bLn6Yz31Q==,type:bool] | ||
registry: ENC[AES256_GCM,data:D+YkFNpPgQ==,iv:eyfTrk9SmXwYb0OQXxpalgcHVG8t+9uB4tTeGpJeuy8=,tag:oFLnoyuUQksbV+chemkMlg==,type:str] | ||
username: ENC[AES256_GCM,data:aE4wnNp+ow7+NxMbzIiEXoPxlPYsMhRxcPWRno8kAvk=,iv:zXV5NqtqkD5MX7QV/zDkjGcNfrZtDwH1Ei8HGSEZJlc=,tag:iQrNn4YkuCrTnnL5ujh+WA==,type:str] | ||
password: ENC[AES256_GCM,data:dg+MqXDco31BQA+kGKMLokVclahOdcLiN8udF+NNJYUf8OiJ1bAJf3hTVXEzKCbM0Y6pV9gzTXpgp3Cu22l9ZQ==,iv:Q1ypj9H+R9Kj0wC73YaJrMaTFmtmZLgvDw5KSsSMe+o=,tag:QVPcWdttedRQnu6ZuQwSXA==,type:str] | ||
binderhub-service: | ||
buildPodsRegistryCredentials: | ||
password: ENC[AES256_GCM,data:FtKzW6cHWppcEu9lA4G9eC06jHU6/i9QfUlmzQQKhUTSISI2QX4ho9AFzWQvLiKqICHylJ47DY14QgrFJ/W1xg==,iv:m+DiUsCh7LH+d+TuN4CsTAxT8Y0VfNNTD/4WxMwwvi4=,tag:+lxUp6YNXzNv76kGFqCn1w==,type:str] | ||
config: | ||
DockerRegistry: | ||
password: ENC[AES256_GCM,data:0QKcLMGCwGD32GvRbbrRPRXZBVIS976kZ6mO93OaCIPmZmmG7LMcAwVhXxr3qkfOm/q/lJUfJ3V+MkgOSBWQYw==,iv:JpsDlLIKVguSZLcppbTNMObpAo4yazNns41SibEIt0E=,tag:Tt0UT1Y7bwEdrTHfrK7lTg==,type:str] | ||
sops: | ||
kms: [] | ||
gcp_kms: | ||
- resource_id: projects/two-eye-two-see/locations/global/keyRings/sops-keys/cryptoKeys/similar-hubs | ||
created_at: "2024-08-28T17:11:51Z" | ||
enc: CiUA4OM7eE42MAnJnSRbSgcixhYQanLcxwpkon6oodvg2vfsHlPuEkkA5dG1Q+XBCcm6hV3EDD8c3e85Wdjkcv5CgftsEAzTcvFNGuijE6dUcPxi8yRhjELV8cHYPOwXuFUkdlq3L6LekDrzZoda9fjH | ||
azure_kv: [] | ||
hc_vault: [] | ||
age: [] | ||
lastmodified: "2024-12-05T13:23:16Z" | ||
mac: ENC[AES256_GCM,data:cCP8Y5MIe62tonJSs1PmXfhpQxvDl2TuCmlBIDHRXISzAaV5ZjnhS1XCKq5SmcgJNB4Q3eN0/XsX4dA0cSfc1764xgO1DHZ/kKDvSUIt++/zwFXQkHOqx2Rguu4HY3J/mQDrWAONNTjQyIJFtlXE88i8TJq1f2kr2kr6dbVQ7NI=,iv:9BngLFIEL2u61Zf/KiPH6+KreDAiSKCjPGqf/wYIuDE=,tag:UXtqs4CTWdXr4wNGcgXRlQ==,type:str] | ||
pgp: [] | ||
unencrypted_suffix: _unencrypted | ||
version: 3.9.0 |
Oops, something went wrong.