diff --git a/config/clusters/maap/cluster.yaml b/config/clusters/maap/cluster.yaml index c0a00cdab..2651417a5 100644 --- a/config/clusters/maap/cluster.yaml +++ b/config/clusters/maap/cluster.yaml @@ -12,26 +12,19 @@ support: - support.values.yaml - enc-support.secret.values.yaml hubs: - [] - # Uncomment the lines below once the support infrastructure was deployed and - # you are ready to add the first cluster - - # - name: staging - # # Tip: consider changing this to something more human friendly - # display_name: "maap - staging" - # domain: staging.maap.2i2c.cloud - # helm_chart: basehub - # helm_chart_values_files: - # - common.values.yaml - # - staging.values.yaml - # - enc-staging.secret.values.yaml - - # - name: prod - # # Tip: consider changing this to something more human friendly - # display_name: "maap - prod" - # domain: prod.maap.2i2c.cloud - # helm_chart: basehub - # helm_chart_values_files: - # - common.values.yaml - # - prod.values.yaml - # - enc-prod.secret.values.yaml + - name: staging + display_name: "MAAP - staging" + domain: staging.hub.maap.2i2c.cloud + helm_chart: basehub + helm_chart_values_files: + - common.values.yaml + - staging.values.yaml + - enc-staging.secret.values.yaml + - name: prod + display_name: "MAAP - prod" + domain: hub.maap.2i2c.cloud + helm_chart: basehub + helm_chart_values_files: + - common.values.yaml + - prod.values.yaml + - enc-prod.secret.values.yaml diff --git a/config/clusters/maap/common.values.yaml b/config/clusters/maap/common.values.yaml new file mode 100644 index 000000000..e04c68424 --- /dev/null +++ b/config/clusters/maap/common.values.yaml @@ -0,0 +1,285 @@ +nfs: + enabled: true + volumeReporter: + enabled: false + pv: + enabled: true + # from https://docs.aws.amazon.com/efs/latest/ug/mounting-fs-nfs-mount-settings.html + mountOptions: + - rsize=1048576 + - wsize=1048576 + - timeo=600 + - soft # We pick soft over hard, so NFS lockups don't lead to hung processes + - retrans=2 + - noresvport + baseShareName: / +dask-gateway: + enabled: true +jupyterhub: + custom: + daskhubSetup: + enabled: true + 2i2c: + add_staff_user_ids_to_admin_users: true + add_staff_user_ids_of_type: "github" + jupyterhubConfigurator: + enabled: false + homepage: + templateVars: + org: + name: "The Multi-Mission Algorithm and Analysis Platform (MAAP)Project" + logo_url: https://maap-project.org/wp-content/uploads/2021/10/nasamaaplogo3.png + url: https://maap-project.org/ + designed_by: + name: "2i2c" + url: https://2i2c.org + operated_by: + name: "2i2c" + url: https://2i2c.org + funded_by: + name: "NASA" + url: https://www.earthdata.nasa.gov/esds + hub: + allowNamedServers: true + config: + JupyterHub: + authenticator_class: github + GitHubOAuthenticator: + populate_teams_in_auth_state: true + allowed_organizations: + - MAAP-Project:data + - MAAP-Project:maap-all + - MAAP-Project:platform + - MAAP-Project:gpu + scope: + - read:org + Authenticator: + enable_auth_state: true + admin_users: + - freitagb + - wildintellect + singleuser: + cloudMetadata: + blockWithIptables: false + defaultUrl: /lab + initContainers: + - &volume_ownership_fix_initcontainer + name: volume-mount-ownership-fix + image: busybox:1.36.1 + command: + - sh + - -c + - id && chown 1000:1000 /home/jovyan /home/jovyan/shared /home/jovyan/shared-public && ls -lhd /home/jovyan + securityContext: + runAsUser: 0 + volumeMounts: + - name: home + mountPath: /home/jovyan + subPath: "{username}" + # Mounted without readonly attribute here, + # so we can chown it appropriately + - name: home + mountPath: /home/jovyan/shared + subPath: _shared + - name: home + mountPath: /home/jovyan/shared-public + subPath: _shared-public + storage: + extraVolumeMounts: + - name: home + mountPath: /home/jovyan/shared-public + subPath: _shared-public + readOnly: false + - name: home + mountPath: /home/rstudio/shared-public + subPath: _shared-public + readOnly: false + - name: home + mountPath: /home/jovyan/shared + subPath: _shared + readOnly: true + - name: dev-shm + mountPath: /dev/shm + profileList: + - display_name: Choose your environment and resources + default: true + profile_options: + image: + display_name: Environment + dynamic_image_building: + enabled: true + unlisted_choice: + enabled: True + display_name: "Custom image" + validation_regex: "^.+:.+$" + validation_message: "Must be a publicly available docker image, of form :" + kubespawner_override: + image: "{value}" + choices: + 01-modify-pangeo: + display_name: Modified Pangeo Notebook + description: Pangeo based notebook with a Python environment + kubespawner_override: + image: public.ecr.aws/nasa-veda/pangeo-notebook-veda-image:2024.08.18-v1 + init_containers: + # Need to explicitly fix ownership here, as otherwise these directories will be owned + # by root on most NFS filesystems - neither EFS nor Google Filestore support anonuid + - *volume_ownership_fix_initcontainer + # this container uses nbgitpuller to mount https://github.com/NASA-IMPACT/veda-docs/ for user pods + # image source: https://github.com/NASA-IMPACT/jupyterhub-gitpuller-init + - name: jupyterhub-gitpuller-init + image: public.ecr.aws/nasa-veda/jupyterhub-gitpuller-init:97eb45f9d23b128aff810e45911857d5cffd05c2 + env: + - name: TARGET_PATH + value: veda-docs + - name: SOURCE_REPO + value: "https://github.com/NASA-IMPACT/veda-docs" + volumeMounts: + - name: home + mountPath: /home/jovyan + subPath: "{username}" + securityContext: + runAsUser: 1000 + runAsGroup: 1000 + 02-rocker: + display_name: Rocker Geospatial with RStudio + description: R environment with many geospatial libraries pre-installed + kubespawner_override: + image: rocker/binder:4.3 + image_pull_policy: Always + # Launch RStudio after the user logs in + default_url: /rstudio + # Ensures container working dir is homedir + # https://github.com/2i2c-org/infrastructure/issues/2559 + working_dir: /home/rstudio + 03-qgis: + display_name: QGIS on Linux Desktop + description: Linux desktop in the browser, with qgis installed + kubespawner_override: + # Launch people directly into the Linux desktop when they start + default_url: /desktop + # Built from https://github.com/2i2c-org/nasa-qgis-image + image: quay.io/2i2c/nasa-qgis-image:d76118ea0c15 + resource_allocation: + display_name: Resource Allocation + choices: + mem_1_9: + display_name: 1.9 GB RAM, upto 3.7 CPUs + kubespawner_override: + mem_guarantee: 1991244775 + mem_limit: 1991244775 + cpu_guarantee: 0.2328125 + cpu_limit: 3.725 + node_selector: + node.kubernetes.io/instance-type: r5.xlarge + default: true + mem_3_7: + display_name: 3.7 GB RAM, upto 3.7 CPUs + kubespawner_override: + mem_guarantee: 3982489550 + mem_limit: 3982489550 + cpu_guarantee: 0.465625 + cpu_limit: 3.725 + node_selector: + node.kubernetes.io/instance-type: r5.xlarge + mem_7_4: + display_name: 7.4 GB RAM, upto 3.7 CPUs + kubespawner_override: + mem_guarantee: 7964979101 + mem_limit: 7964979101 + cpu_guarantee: 0.93125 + cpu_limit: 3.725 + node_selector: + node.kubernetes.io/instance-type: r5.xlarge + mem_14_8: + display_name: 14.8 GB RAM, upto 3.7 CPUs + kubespawner_override: + mem_guarantee: 15929958203 + mem_limit: 15929958203 + cpu_guarantee: 1.8625 + cpu_limit: 3.725 + node_selector: + node.kubernetes.io/instance-type: r5.xlarge + mem_29_7: + display_name: 29.7 GB RAM, upto 3.7 CPUs + kubespawner_override: + mem_guarantee: 31859916406 + mem_limit: 31859916406 + cpu_guarantee: 3.725 + cpu_limit: 3.725 + node_selector: + node.kubernetes.io/instance-type: r5.xlarge + mem_60_6: + display_name: 60.6 GB RAM, upto 15.6 CPUs + kubespawner_override: + mem_guarantee: 65094448840 + mem_limit: 65094448840 + cpu_guarantee: 7.8475 + cpu_limit: 15.695 + node_selector: + node.kubernetes.io/instance-type: r5.4xlarge + mem_121_2: + display_name: 121.2 GB RAM, upto 15.6 CPUs + kubespawner_override: + mem_guarantee: 130188897681 + mem_limit: 130188897681 + cpu_guarantee: 15.695 + cpu_limit: 15.695 + node_selector: + node.kubernetes.io/instance-type: r5.4xlarge + - display_name: NVIDIA Tesla T4, ~16 GB, ~4 CPUs + description: "Start a container on a dedicated node with a GPU" + slug: "gpu" + allowed_groups: + - 2i2c-org:hub-access-for-2i2c-staff + - MAAP-Project:gpu + profile_options: + image: + display_name: Environment + dynamic_image_building: + enabled: true + unlisted_choice: + enabled: true + display_name: "Custom image" + validation_regex: "^.+:.+$" + validation_message: "Must be a publicly available docker image of form :" + kubespawner_override: + image: "{value}" + choices: + pytorch: + display_name: Pangeo PyTorch ML Notebook + default: false + slug: "pytorch" + kubespawner_override: + image: "quay.io/pangeo/pytorch-notebook:2024.11.11" + tensorflow2: + display_name: Pangeo Tensorflow2 ML Notebook + default: true + slug: "tensorflow2" + kubespawner_override: + image: "quay.io/pangeo/ml-notebook:2024.11.11" + kubespawner_override: + environment: + NVIDIA_DRIVER_CAPABILITIES: compute,utility + mem_limit: null + mem_guarantee: 14G + node_selector: + node.kubernetes.io/instance-type: g4dn.xlarge + extra_resource_limits: + nvidia.com/gpu: "1" + + scheduling: + userScheduler: + enabled: true + +binderhub-service: + enabled: true + # Explicitly specify what nodes we want for our builds + # Otherwise we may scale up a larger node than needed + dockerApi: + nodeSelector: + node.kubernetes.io/instance-type: r5.xlarge + config: + KubernetesBuildExecutor: + node_selector: + node.kubernetes.io/instance-type: r5.xlarge diff --git a/config/clusters/maap/enc-grafana-token.secret.yaml b/config/clusters/maap/enc-grafana-token.secret.yaml new file mode 100644 index 000000000..44730a381 --- /dev/null +++ b/config/clusters/maap/enc-grafana-token.secret.yaml @@ -0,0 +1,15 @@ +grafana_token: ENC[AES256_GCM,data:JK3SCP6n4xnVIrfHNshsBa9jZ3du/cJMHtjVfCUyyGR3suJiu//vbcNI+F0f4g==,iv:usVO4kJ2h6h+AKtjpvx7yIHlf1luhZxkpN4S1eN5SbI=,tag:8Yx3e2VmZFnQvg0SfOGbrA==,type:str] +sops: + kms: [] + gcp_kms: + - resource_id: projects/two-eye-two-see/locations/global/keyRings/sops-keys/cryptoKeys/similar-hubs + created_at: "2024-12-05T09:01:44Z" + enc: CiUA4OM7eGy0RJQC6pst8e8nNBK+GLL7dLDYCLmAdHvG9G/cG9WHEkkAnGhyNggsDFpcnzfY2IFQeB4c6IIJDwWTFxyIZ+G6W9S2ZSnG1cySSzAIgABqr5C285Zj1IXKYxtqNsr5tyhssXNhNTLhY3aZ + azure_kv: [] + hc_vault: [] + age: [] + lastmodified: "2024-12-05T09:01:44Z" + mac: ENC[AES256_GCM,data:pBAmQAHXVZiXA8uB0ZZfYaJVRPNOOkEgc9MQHO/3YYuPwuc8hb0EP7IZREpkTxD7cRosAlTPovWq8++MROmsj/LI4M9XuQn1PwrKtMS0tBdDZnm8z2KHdnwwzEqpKB1wkyVLSNleqJHLDChuGjylhltFmSWoNrX2srTebgxqAe4=,iv:Lhc2RRqthvjEwSBOYMJmdCDz7C6If5kLwKPxBHW8dWc=,tag:AfeasGMp2P6uf9YhlZbNrw==,type:str] + pgp: [] + unencrypted_suffix: _unencrypted + version: 3.8.1 diff --git a/config/clusters/maap/enc-prod.secret.values.yaml b/config/clusters/maap/enc-prod.secret.values.yaml new file mode 100644 index 000000000..b1802f7c0 --- /dev/null +++ b/config/clusters/maap/enc-prod.secret.values.yaml @@ -0,0 +1,31 @@ +jupyterhub: + hub: + config: + GitHubOAuthenticator: + client_id: ENC[AES256_GCM,data:SKjWcoVyc0Cep3e+bcW8cEaRlkk=,iv:+aXSXE9+hw1zW/kF6V/gNSR8YhTmEa7o4eJLYa80RGo=,tag:6ePElT0HaTiCKfpQLo3zDA==,type:str] + client_secret: ENC[AES256_GCM,data:XlxBcGhMNu8v4topVgUDlBAZd1zPWzlNWNf6g9IcqBRBQc6kzFrv4w==,iv:wf0Gn8sJn4nrJFl3eHhYYdO0C5iQD/5rvCgPfqG2Q20=,tag:Ed6qTXg/veJMUSkLhP65pg==,type:str] + imagePullSecret: + create: ENC[AES256_GCM,data:JYeecg==,iv:mRlD75gLu0i3IbHCwXfE5heMIR6zThpydwPTMx/7R4s=,tag:08ZzD7DYcAUI1bLn6Yz31Q==,type:bool] + registry: ENC[AES256_GCM,data:D+YkFNpPgQ==,iv:eyfTrk9SmXwYb0OQXxpalgcHVG8t+9uB4tTeGpJeuy8=,tag:oFLnoyuUQksbV+chemkMlg==,type:str] + username: ENC[AES256_GCM,data:aE4wnNp+ow7+NxMbzIiEXoPxlPYsMhRxcPWRno8kAvk=,iv:zXV5NqtqkD5MX7QV/zDkjGcNfrZtDwH1Ei8HGSEZJlc=,tag:iQrNn4YkuCrTnnL5ujh+WA==,type:str] + password: ENC[AES256_GCM,data:dg+MqXDco31BQA+kGKMLokVclahOdcLiN8udF+NNJYUf8OiJ1bAJf3hTVXEzKCbM0Y6pV9gzTXpgp3Cu22l9ZQ==,iv:Q1ypj9H+R9Kj0wC73YaJrMaTFmtmZLgvDw5KSsSMe+o=,tag:QVPcWdttedRQnu6ZuQwSXA==,type:str] +binderhub-service: + buildPodsRegistryCredentials: + password: ENC[AES256_GCM,data:FtKzW6cHWppcEu9lA4G9eC06jHU6/i9QfUlmzQQKhUTSISI2QX4ho9AFzWQvLiKqICHylJ47DY14QgrFJ/W1xg==,iv:m+DiUsCh7LH+d+TuN4CsTAxT8Y0VfNNTD/4WxMwwvi4=,tag:+lxUp6YNXzNv76kGFqCn1w==,type:str] + config: + DockerRegistry: + password: ENC[AES256_GCM,data:0QKcLMGCwGD32GvRbbrRPRXZBVIS976kZ6mO93OaCIPmZmmG7LMcAwVhXxr3qkfOm/q/lJUfJ3V+MkgOSBWQYw==,iv:JpsDlLIKVguSZLcppbTNMObpAo4yazNns41SibEIt0E=,tag:Tt0UT1Y7bwEdrTHfrK7lTg==,type:str] +sops: + kms: [] + gcp_kms: + - resource_id: projects/two-eye-two-see/locations/global/keyRings/sops-keys/cryptoKeys/similar-hubs + created_at: "2024-08-28T17:11:51Z" + enc: CiUA4OM7eE42MAnJnSRbSgcixhYQanLcxwpkon6oodvg2vfsHlPuEkkA5dG1Q+XBCcm6hV3EDD8c3e85Wdjkcv5CgftsEAzTcvFNGuijE6dUcPxi8yRhjELV8cHYPOwXuFUkdlq3L6LekDrzZoda9fjH + azure_kv: [] + hc_vault: [] + age: [] + lastmodified: "2024-12-05T13:23:16Z" + mac: ENC[AES256_GCM,data:cCP8Y5MIe62tonJSs1PmXfhpQxvDl2TuCmlBIDHRXISzAaV5ZjnhS1XCKq5SmcgJNB4Q3eN0/XsX4dA0cSfc1764xgO1DHZ/kKDvSUIt++/zwFXQkHOqx2Rguu4HY3J/mQDrWAONNTjQyIJFtlXE88i8TJq1f2kr2kr6dbVQ7NI=,iv:9BngLFIEL2u61Zf/KiPH6+KreDAiSKCjPGqf/wYIuDE=,tag:UXtqs4CTWdXr4wNGcgXRlQ==,type:str] + pgp: [] + unencrypted_suffix: _unencrypted + version: 3.9.0 diff --git a/config/clusters/maap/enc-staging.secret.values.yaml b/config/clusters/maap/enc-staging.secret.values.yaml new file mode 100644 index 000000000..6542c9cb5 --- /dev/null +++ b/config/clusters/maap/enc-staging.secret.values.yaml @@ -0,0 +1,31 @@ +jupyterhub: + hub: + config: + GitHubOAuthenticator: + client_id: ENC[AES256_GCM,data:asirgqdeCkZqjqItFf/+/8XQg/8=,iv:t3zEcuO3oyyPrFW+3pN2nB+5HviGzRr+oK2op4s+0M8=,tag:vnPRSHriKYmNqJGNQXrjFw==,type:str] + client_secret: ENC[AES256_GCM,data:TtOH2w1o88Mtb/HCTOM+vdRQAnzVmgxfKPJtW88l6wCh/8+IRpnmPA==,iv:Ja/zw+dg8+EbQvFG6EqUXdEgkd7l6fyDSlnN4ey8u8U=,tag:rA5oasxwoTQ0ww61dVHC1w==,type:str] + imagePullSecret: + create: ENC[AES256_GCM,data:JYeecg==,iv:mRlD75gLu0i3IbHCwXfE5heMIR6zThpydwPTMx/7R4s=,tag:08ZzD7DYcAUI1bLn6Yz31Q==,type:bool] + registry: ENC[AES256_GCM,data:D+YkFNpPgQ==,iv:eyfTrk9SmXwYb0OQXxpalgcHVG8t+9uB4tTeGpJeuy8=,tag:oFLnoyuUQksbV+chemkMlg==,type:str] + username: ENC[AES256_GCM,data:aE4wnNp+ow7+NxMbzIiEXoPxlPYsMhRxcPWRno8kAvk=,iv:zXV5NqtqkD5MX7QV/zDkjGcNfrZtDwH1Ei8HGSEZJlc=,tag:iQrNn4YkuCrTnnL5ujh+WA==,type:str] + password: ENC[AES256_GCM,data:dg+MqXDco31BQA+kGKMLokVclahOdcLiN8udF+NNJYUf8OiJ1bAJf3hTVXEzKCbM0Y6pV9gzTXpgp3Cu22l9ZQ==,iv:Q1ypj9H+R9Kj0wC73YaJrMaTFmtmZLgvDw5KSsSMe+o=,tag:QVPcWdttedRQnu6ZuQwSXA==,type:str] +binderhub-service: + buildPodsRegistryCredentials: + password: ENC[AES256_GCM,data:FtKzW6cHWppcEu9lA4G9eC06jHU6/i9QfUlmzQQKhUTSISI2QX4ho9AFzWQvLiKqICHylJ47DY14QgrFJ/W1xg==,iv:m+DiUsCh7LH+d+TuN4CsTAxT8Y0VfNNTD/4WxMwwvi4=,tag:+lxUp6YNXzNv76kGFqCn1w==,type:str] + config: + DockerRegistry: + password: ENC[AES256_GCM,data:0QKcLMGCwGD32GvRbbrRPRXZBVIS976kZ6mO93OaCIPmZmmG7LMcAwVhXxr3qkfOm/q/lJUfJ3V+MkgOSBWQYw==,iv:JpsDlLIKVguSZLcppbTNMObpAo4yazNns41SibEIt0E=,tag:Tt0UT1Y7bwEdrTHfrK7lTg==,type:str] +sops: + kms: [] + gcp_kms: + - resource_id: projects/two-eye-two-see/locations/global/keyRings/sops-keys/cryptoKeys/similar-hubs + created_at: "2024-08-28T17:11:51Z" + enc: CiUA4OM7eE42MAnJnSRbSgcixhYQanLcxwpkon6oodvg2vfsHlPuEkkA5dG1Q+XBCcm6hV3EDD8c3e85Wdjkcv5CgftsEAzTcvFNGuijE6dUcPxi8yRhjELV8cHYPOwXuFUkdlq3L6LekDrzZoda9fjH + azure_kv: [] + hc_vault: [] + age: [] + lastmodified: "2024-12-05T12:56:40Z" + mac: ENC[AES256_GCM,data:kMn8LQq3x/hG9Sh07ohhp8q1EjPJmXL/oW+zaCHHcr5vnNIoJ8Cng+9/jAo4XCc2+ZdqiDi5kif8gzEKsFvQrMTjpTmh9JAsTl6rDkDWZ6DobnbWCqT36L2m5E5oLq+tBm4f1VKyNYnu3s8ymh6RlPz8ycu49CjSTqUl9zk3n4Y=,iv:VirUSbSpB8NjgpSSd0bu/Quu0RQwhlRnhTXFESa9Ax8=,tag:P/uquG9HqabljQbXWqqQQQ==,type:str] + pgp: [] + unencrypted_suffix: _unencrypted + version: 3.9.0 diff --git a/config/clusters/maap/prod.values.yaml b/config/clusters/maap/prod.values.yaml new file mode 100644 index 000000000..4f4402304 --- /dev/null +++ b/config/clusters/maap/prod.values.yaml @@ -0,0 +1,73 @@ +nfs: + pv: + serverIP: fs-024fede5429e74439.efs.us-west-2.amazonaws.com +userServiceAccount: + annotations: + eks.amazonaws.com/role-arn: arn:aws:iam::916098889494:role/maap-prod +jupyterhub: + singleuser: + extraEnv: + SCRATCH_BUCKET: s3://maap-scratch-prod/$(JUPYTERHUB_USER) + nodeSelector: + 2i2c/hub-name: prod + initContainers: + - &volume_ownership_fix_initcontainer + name: volume-mount-ownership-fix + image: busybox:1.36.1 + command: + - sh + - -c + - id && chown 1000:1000 /home/jovyan /home/jovyan/shared /home/jovyan/shared-public && ls -lhd /home/jovyan + securityContext: + runAsUser: 0 + volumeMounts: + - name: home + mountPath: /home/jovyan + subPath: "{username}" + # Mounted without readonly attribute here, + # so we can chown it appropriately + - name: home + mountPath: /home/jovyan/shared + subPath: _shared + - name: home + mountPath: /home/jovyan/shared-public + subPath: _shared-public + hub: + config: + GitHubOAuthenticator: + oauth_callback_url: https://hub.maap.2i2c.cloud/hub/oauth_callback + ingress: + hosts: [hub.maap.2i2c.cloud] + tls: + - hosts: [hub.maap.2i2c.cloud] + secretName: https-auto-tls + +dask-gateway: + gateway: + backend: + scheduler: + extraPodConfig: + nodeSelector: + 2i2c/hub-name: prod + worker: + extraPodConfig: + node_selector: + 2i2c/hub-name: prod + imagePullSecrets: [{ name: image-pull-secret }] + +binderhub-service: + dockerApi: + nodeSelector: + 2i2c/hub-name: prod + config: + KubernetesBuildExecutor: + node_selector: + 2i2c/hub-name: prod + BinderHub: + image_prefix: quay.io/maap-imagebuilding/prod- + DockerRegistry: + url: &url https://quay.io + username: &username maap-imagebuilding+image_builder + buildPodsRegistryCredentials: + server: *url + username: *username diff --git a/config/clusters/maap/staging.values.yaml b/config/clusters/maap/staging.values.yaml new file mode 100644 index 000000000..67c345e3e --- /dev/null +++ b/config/clusters/maap/staging.values.yaml @@ -0,0 +1,73 @@ +nfs: + pv: + serverIP: fs-0ab6afc7642f72b90.efs.us-west-2.amazonaws.com +userServiceAccount: + annotations: + eks.amazonaws.com/role-arn: arn:aws:iam::916098889494:role/maap-staging +jupyterhub: + singleuser: + extraEnv: + SCRATCH_BUCKET: s3://maap-scratch-staging/$(JUPYTERHUB_USER) + nodeSelector: + 2i2c/hub-name: staging + initContainers: + - &volume_ownership_fix_initcontainer + name: volume-mount-ownership-fix + image: busybox:1.36.1 + command: + - sh + - -c + - id && chown 1000:1000 /home/jovyan /home/jovyan/shared /home/jovyan/shared-public && ls -lhd /home/jovyan + securityContext: + runAsUser: 0 + volumeMounts: + - name: home + mountPath: /home/jovyan + subPath: "{username}" + # Mounted without readonly attribute here, + # so we can chown it appropriately + - name: home + mountPath: /home/jovyan/shared + subPath: _shared + - name: home + mountPath: /home/jovyan/shared-public + subPath: _shared-public + hub: + config: + GitHubOAuthenticator: + oauth_callback_url: https://staging.hub.maap.2i2c.cloud/hub/oauth_callback + ingress: + hosts: [staging.hub.maap.2i2c.cloud] + tls: + - hosts: [staging.hub.maap.2i2c.cloud] + secretName: https-auto-tls + +dask-gateway: + gateway: + backend: + scheduler: + extraPodConfig: + nodeSelector: + 2i2c/hub-name: staging + worker: + extraPodConfig: + node_selector: + 2i2c/hub-name: staging + imagePullSecrets: [{ name: image-pull-secret }] + +binderhub-service: + dockerApi: + nodeSelector: + 2i2c/hub-name: staging + config: + KubernetesBuildExecutor: + node_selector: + 2i2c/hub-name: staging + BinderHub: + image_prefix: quay.io/maap-imagebuilding/staging- + DockerRegistry: + url: &url https://quay.io + username: &username maap-imagebuilding+image_builder + buildPodsRegistryCredentials: + server: *url + username: *username