diff --git a/.github/workflows/deploy-grafana-dashboards.yaml b/.github/workflows/deploy-grafana-dashboards.yaml index 19dbfb8f1a..5665dc2660 100644 --- a/.github/workflows/deploy-grafana-dashboards.yaml +++ b/.github/workflows/deploy-grafana-dashboards.yaml @@ -22,6 +22,7 @@ jobs: - cluster_name: pangeo-hubs - cluster_name: utoronto - cluster_name: uwhackweeks + - cluster_name: awi-ciroh steps: - name: Checkout repo uses: actions/checkout@v3 diff --git a/.github/workflows/deploy-hubs.yaml b/.github/workflows/deploy-hubs.yaml index 301a5e0a3f..99a3980aaf 100644 --- a/.github/workflows/deploy-hubs.yaml +++ b/.github/workflows/deploy-hubs.yaml @@ -154,6 +154,7 @@ jobs: failure_uwhackweeks: "${{ steps.declare-failure-status.outputs.failure_uwhackweeks }}" failure_m2lines: "${{ steps.declare-failure-status.outputs.failure_m2lines }}" failure_linked-earth: "${{ steps.declare-failure-status.outputs.failure_linked-earth }}" + failure_awi-ciroh: "${{ steps.declare-failure-status.outputs.failure_awi-ciroh }}" # Only run this job on pushes to the default branch and when the job output is not # an empty list diff --git a/.github/workflows/validate-clusters.yaml b/.github/workflows/validate-clusters.yaml index 5bbf5a887b..0fdc5000f9 100644 --- a/.github/workflows/validate-clusters.yaml +++ b/.github/workflows/validate-clusters.yaml @@ -48,6 +48,7 @@ jobs: - cluster_name: utoronto - cluster_name: uwhackweeks - cluster_name: linked-earth + - cluster_name: awi-ciroh steps: - uses: actions/checkout@v3 diff --git a/config/clusters/awi-ciroh/cluster.yaml b/config/clusters/awi-ciroh/cluster.yaml new file mode 100644 index 0000000000..3b6cd7d23a --- /dev/null +++ b/config/clusters/awi-ciroh/cluster.yaml @@ -0,0 +1,32 @@ +name: awi-ciroh +provider: gcp +gcp: + key: enc-deployer-credentials.secret.json + project: awi-ciroh + cluster: awi-ciroh-cluster + zone: us-central1 +support: + helm_chart_values_files: + - support.values.yaml + - enc-support.secret.values.yaml +hubs: + - name: staging + display_name: "Alabama Water Institute: CIROH (staging)" + domain: staging.ciroh.awi.2i2c.cloud + helm_chart: daskhub + auth0: + enabled: false + helm_chart_values_files: + - common.values.yaml + - staging.values.yaml + - enc-staging.secret.values.yaml + - name: prod + display_name: "Alabama Water Institute: CIROH (prod)" + domain: ciroh.awi.2i2c.cloud + helm_chart: daskhub + auth0: + enabled: false + helm_chart_values_files: + - common.values.yaml + - prod.values.yaml + - enc-prod.secret.values.yaml diff --git a/config/clusters/awi-ciroh/common.values.yaml b/config/clusters/awi-ciroh/common.values.yaml new file mode 100644 index 0000000000..90f19a3004 --- /dev/null +++ b/config/clusters/awi-ciroh/common.values.yaml @@ -0,0 +1,116 @@ +basehub: + nfs: + enabled: true + pv: + mountOptions: + - soft + - noatime + # Google FileStore IP + serverIP: 10.11.233.234 + # Name of Google Filestore share + baseShareName: /homes/ + jupyterhub: + proxy: + https: + enabled: false + custom: + 2i2c: + add_staff_user_ids_to_admin_users: true + add_staff_user_ids_of_type: "github" + homepage: + templateVars: + org: + name: Cooperative Institute for Research to Operations in Hydrology + url: http://ovpred.ua.edu/alabama-water-institute/ + logo_url: https://user-images.githubusercontent.com/1879041/174884338-ec97bec1-1cc9-4ad8-8f63-06de666b5012.png + designed_by: + name: 2i2c + url: https://2i2c.org + operated_by: + name: 2i2c + url: https://2i2c.org + funded_by: + name: National Oceanic and Atmospheric Administration + url: https://www.noaa.gov/ + hub: + config: + JupyterHub: + authenticator_class: github + Authenticator: + # This hub uses GitHub Orgs auth and so we don't set + # allowed_users in order to not deny access to valid members of + # the listed orgs. These people should have admin access though. + admin_users: + - jameshalgren + GitHubOAuthenticator: + allowed_organizations: + - 2i2c-org + - alabamawaterinstitute + - NOAA-OWP + scope: + - read:org + singleuser: + image: + # Image build repo: https://github.com/2i2c-org/awi-ciroh-image + name: "quay.io/2i2c/awi-ciroh-image" + tag: "7b080bef9a29" + profileList: + # The mem-guarantees are here so k8s doesn't schedule other pods + # on these nodes. They need to be just under total allocatable + # RAM on a node, not total node capacity. Values calculated using + # https://learnk8s.io/kubernetes-instance-calculator + - display_name: "Small" + description: 5GB RAM, 2 CPUs + default: true + kubespawner_override: + mem_limit: 7G + mem_guarantee: 4.5G + node_selector: + node.kubernetes.io/instance-type: n1-standard-2 + - display_name: Medium + description: 11GB RAM, 4 CPUs + kubespawner_override: + mem_limit: 15G + mem_guarantee: 11G + node_selector: + node.kubernetes.io/instance-type: n1-standard-4 + - display_name: Large + description: 24GB RAM, 8 CPUs + kubespawner_override: + mem_limit: 30G + mem_guarantee: 24G + node_selector: + node.kubernetes.io/instance-type: n1-standard-8 + - display_name: Huge + description: 52GB RAM, 16 CPUs + kubespawner_override: + mem_limit: 60G + mem_guarantee: 52G + node_selector: + node.kubernetes.io/instance-type: n1-standard-16 + initContainers: + # Need to explicitly fix ownership here, since EFS doesn't do anonuid + - name: volume-mount-ownership-fix + image: busybox + command: + [ + "sh", + "-c", + "id && chown 1000:1000 /home/jovyan && ls -lhd /home/jovyan", + ] + securityContext: + runAsUser: 0 + volumeMounts: + - name: home + mountPath: /home/jovyan + subPath: "{username}" +dask-gateway: + gateway: + backend: + scheduler: + cores: + request: 0.8 + limit: 1 + memory: + request: 1G + limit: 2G diff --git a/config/clusters/awi-ciroh/enc-deployer-credentials.secret.json b/config/clusters/awi-ciroh/enc-deployer-credentials.secret.json new file mode 100644 index 0000000000..204a9a92e5 --- /dev/null +++ b/config/clusters/awi-ciroh/enc-deployer-credentials.secret.json @@ -0,0 +1,30 @@ +{ + "type": "ENC[AES256_GCM,data:B6W95LxaUWulJvbSLdJS,iv:xhh/MkavMK2JJn9TD1/98iqSZOgIFDyxJIeMxNzVT7A=,tag:/g1Dgp7amGGbcyTr96Wjgg==,type:str]", + "project_id": "ENC[AES256_GCM,data:CPH3onrD4LGo,iv:hsNWBRlufldZP3Y/suRouYMD9N49vOWQDIUhQahNvj4=,tag:e1zE2eC8c682cGeIFvEY/Q==,type:str]", + "private_key_id": "ENC[AES256_GCM,data:cn32PsIahW7Tp1jGq6BuI6t1WScDrDxazE55CBmJheQe037euyLfJg==,iv:NDeMEmpAZ4lrj7hza+2oSKlEAtAAlY+CBpeEWULu0fo=,tag:yJ4gUUsHGm0xZFKrS95C8g==,type:str]", + "private_key": "ENC[AES256_GCM,data:fnPqsTLom79p3vm3eAwEjjg2TprspJQTGohD6peedCU1T+wacwUdzUscWrl/tgZKsg1x6o5Z2voaweRXh6YAr8lDjiU1mQaeq5YiS7ZOf7Pm3JhQN3+qMXZ7iZxdeDn+mOMP+wmHXgqeR8Z14fcz/ToGWzdj5qeSfo9jZ2h3mC9fOXVlJGBPxiNotJOwQmpzAADAafKz7TuRcwedkQGE5DeTYZl8z3bsg+sXzb35tR4HUh4itqvPTtVcx8K3eM8NkGscxZheTmghmmkIm0Ho2W2wa6X+L+Z90jj8dh1jG+br6FAvb2Omi8kK96adkKh/4C6tfje/CEVgF193d7Zz/rQSTMqPmMBUhXcRpx1+jFs67QzDt3nXaArrmtK9D0Z6qesWNMdVMaLD5FBrKS0zQnFfG78jNbQDgFnpy7U8sc3hqO4yfc1jTJLY06OWfHuarhFUQCNfUFbsEteAjHvORQZuGXdBUgsJgNHXaXII3jr8GlHbsuHIIiEpalclJ3PjCFDTvE7C68uG5RdxbFqHRSehf1PCjMqd4fieI4xhjq5Y8Vq2EdAD/XDi/3i9lZqws9cQRbW661RCwYEj4VhMPsDAgfDjt4fSDo4Zzi9VggwTgcuPLQSIP8rt60oTI6kC8LaFJSiCgs6afH51Teu9KFxkmPJWIXKbW0Svjwt6tqh0GquG8Zr6NRScG0+OUN1n1RvNqp/+bHL6IWmWnHy2WVEmamttu8sKt9FeLn6mg/M38F2nsvLqjoGc2GO1hhPVLvTZWD86HhAccOtYAom2ayymwPBy42/6cCLd2FVTx0aVklrG7Rx7kGualb5vXKk7VSNIpZZ+zCVfjHzIcgrmLjBGB/tHwW8JrodeyfEQOcssGPQI2uhcyd9tdX2/vo53wv30QIGqNK3UreQOm2DBXuJYf1nYTJdg7YPbFlktdWaWQZVkrWX/smvOaGXEs0z1UlBE/5wh86e370bDNZB+j2F+IbAN2L+Aa+4bX7l6HLhsjESqoLLrPkuVSG84y+4KQQVwmlwWa6AaFA2ZuZQYGx6IJLVj7MP5LTLMNQwgg40fRCCkFyt521yUioxXtgCcuVOkV2tIEcLN/pJ3KbZM4EXsxUaHQxg71G4HeyBIlp9Bj9G4Xt8w5qRYTAYhxYtmJGN6pipSIhPNQpU352FxGqMbcYPCZfi/czAm+vJXue2kravJz9ur0A2QBp/IMqXM00cCxfBnQfN80YhRGzHE98gHWaqsSChYZ4tP5S3j2JYqDOzJcDuB+xXTlBSJdM3QxhZPAszlKfTaneMHIzWJOwu5gAyI1yCI+diO6qZ+DvvNkP9HS5dSgBl4+jBpJGfK9gfDhVFQvvOCqhMMZ1j+Cioz5Ys/IHCiWm92sUvJexOMGX0VBOWU82NfCaeMOrgKJ7QTpxde/sss0SPle5xjCzO1K9pKDPpMtCTkCHhVDoAQZD4d6fokevmfJdy0BqAsYuknehNLP3Qjoj9Qi8v26HXfST+bE4aHbxfUnX5QkaZpkAVshNUrs0Im/BWrtALh5jTMLnEDu+Fn4D3M6PoD3xIGYkme3ZFUKjv3kJ1eRFNtRKulj+JvYZWceoB/qO5ZiLsiDbiMeXBOddW/fyL+QDCsNLDo2lhXRmen7WB6mdzUh5H1JRRM4r+cjNYjVK0KM8ZqF87ljtyJY2IoTXuWs9OuUC7661OeAMoKOpQlRKKw5Krb39BYvNTPR04x9Ksttgg3MlD/WuW79na/XtOUPWgWANIF82tNl3JvJLIc/s4WdwHg64b7nhhC6stHa9vGsQm+3nk2EiUXOmwCSGf/jDDM12o/rQkHsXEk0ZZPJwin+PcGjiHpc6fgFT8mn7zfidGXmBGGGjn7DEXTKG9gOgtJcDKP1VInX3XyCo1wXRYp+U7ypWbukECEzBkEEVOFWZvrfPRrpDpRi5DkBVW0IMAkMVrnNGUjuttAEjUDjB3pzWHPAetA9RppvT/3ijr87UfOoNMGvKlyfqDIvgEk72wF5VOMQp6oCWzzRHvWaMLDtRznx8LAlji/Gzt5YXm4GKwju5R2Mij1euh0sK+BeIzZ8Z4pT6eY5DgCApx6sXdQaMkD/5LCJTYvSjYQpM4V77Wgmx7zfw3h4wGhLpOXtZj/0foqtZ2n549SNtLu7HJj1gXtoyR6luaBvO6BaVTzXBOiWHL/ChalAcXGVxtDHlfEf6vqeYpoy3cVTs6u0Ns5PjDWknkLOpFxpxBJ4oHcgCFSeyJLKLmIQnxYgMDimQOKPd/lcUHMdAfpaQ==,iv:DezDa0NAhZHb9AyLLdRznCUmBFg6c3B1MBJFez7FwFA=,tag:WkNLU8nvmHxKHLl2CL7WLQ==,type:str]", + "client_email": "ENC[AES256_GCM,data:steMxns+8FUsJWayj8PVXCUriJdPohqarJacsQbMEwlUs95dKKtu9aeoe3eLirOrqQ==,iv:4/H9rRQc+QMU1+CAvbyufunQH5taRAqzCuWy9LAAojY=,tag:z6GwlF2q63Vi0B5rAmm2RQ==,type:str]", + "client_id": "ENC[AES256_GCM,data:/yXxdCdqESBCfaYTQwC4X+xkhzM1,iv:VvgmHAQglQJo8RUW8JXz92ebItmoq+KQ5r0HQ3yWzGI=,tag:/bySMqd3sT59XUC7xWU/MQ==,type:str]", + "auth_uri": "ENC[AES256_GCM,data:BrCtbSvm/7khY6ZchgSdhitGd5OV8AwZL5sBUEnjJ2Mv7B2+RnwjT+Y=,iv:cFDc9hLzyrgoY8Q4JoeS+Eq0fmmqitKXYkok5qdyKCs=,tag:eqVuqHrsoOktY+OHhbmLuA==,type:str]", + "token_uri": "ENC[AES256_GCM,data:XkUCc1faKn7A3kNKvrfoDxs5yhGoA1gtH8mePl3iQBwesgs=,iv:7hBfSM3NL5MqcDbYNdejlCeLQ6ZLcYchqqKsE9SaRzQ=,tag:O9Ux81Uy/HbctrElBv6+PA==,type:str]", + "auth_provider_x509_cert_url": "ENC[AES256_GCM,data:Q/pt+tPqo9yTTcioP0KxpZv3uHAct3hQ7k2DRy268BAOUdY/Zo55C2+N,iv:BpBbw1IatWUEq0Fi0BTjse7z6kUC/j/6wsLhoz86PGE=,tag:WHa7XZNtXqmF5bXWr/LucA==,type:str]", + "client_x509_cert_url": "ENC[AES256_GCM,data:npjhPlmsWuX5px5IkdKm6lD23WqUtirNaVi3Hn1bgyloev5C5iXPrAWpNqkzL41Xd/jEe+H0JBUkVjfwaXlnNWB8xENN3Xaw8ZgR6EQ817dWzLLwHstroiRmCTgAnjFXteNE4Mk=,iv:5VCr4Kw50vHwrHwnfg+jWLNdmXTulQxNlwYFpuGOg5E=,tag:bErFMGLCprCT3BqaGITsxw==,type:str]", + "sops": { + "kms": null, + "gcp_kms": [ + { + "resource_id": "projects/two-eye-two-see/locations/global/keyRings/sops-keys/cryptoKeys/similar-hubs", + "created_at": "2022-07-22T12:41:11Z", + "enc": "CiQA4OM7eL6Rpb7sFtWDtsWa5hlXggQKmFDPvcL9U+NaxtY4qdkSSQBq6cPrhLklHu4cPSJWW4ViehBDpoXBQ40M7OZrAsevS6QZmW4tf6LAJisQMcdLlkAZdj5jFTTcEArBYiiHCLNLFjvb5VE3hDw=" + } + ], + "azure_kv": null, + "hc_vault": null, + "age": null, + "lastmodified": "2022-07-22T12:41:11Z", + "mac": "ENC[AES256_GCM,data:ktfyntFpvDTUjn16YYJEpl6c1r5nsNKfWelks6HbkMFV4CqrtiqJuofpip6t7dxDBN7EPI9Fsct/mI5Fu896nYaTct0H5f5YDEvUQLI6OJWbmqwEkLTolUT0OPpL8K6poKVHOV4pF41GX+fwHaHPzrEz9cgOnyF49csfYOqrqD0=,iv:ge74FMJa09Tk1jkBr295L1NhU6pSqWuaaSZ/lG98ggY=,tag:1EP95rTJEKFJXS+Q+BIJnw==,type:str]", + "pgp": null, + "unencrypted_suffix": "_unencrypted", + "version": "3.7.3" + } +} \ No newline at end of file diff --git a/config/clusters/awi-ciroh/enc-grafana-token.secret.yaml b/config/clusters/awi-ciroh/enc-grafana-token.secret.yaml new file mode 100644 index 0000000000..3a4d5c1971 --- /dev/null +++ b/config/clusters/awi-ciroh/enc-grafana-token.secret.yaml @@ -0,0 +1,15 @@ +grafana_token: ENC[AES256_GCM,data:+OUThpjv+1v9hqKv+JfWe4rnltl65PLV9QcMOKVDC45aYuqy/J3KqlbZ14MjIYm7j0q+klqSYAErUMXz2xz5kOP/GYl7Tp/IMqm7biROZvbXobJQknrY7dpprMfLr3rDGVP7mxjeIQY=,iv:Ac5rUy0OKV1E58SzI0Eo8447UYV2JV+AhbwxW/sQnGI=,tag:jf8TOjBKoHpfAv4bkB3jbw==,type:str] +sops: + kms: [] + gcp_kms: + - resource_id: projects/two-eye-two-see/locations/global/keyRings/sops-keys/cryptoKeys/similar-hubs + created_at: "2022-07-22T13:28:54Z" + enc: CiQA4OM7eD7s5S/11bmEflT74HXWUQUoKiKVsY8xcbyPBJMg6iUSSQBq6cPrcCIwL8cA9t2cIkom83I18hcx4AGDW0O/2q2c6VsQ8jT+l1yzrx7vsHASFMvErT7GRIv/Mjf5YZf7h9XssnQD8vJBL1Y= + azure_kv: [] + hc_vault: [] + age: [] + lastmodified: "2022-07-22T13:28:56Z" + mac: ENC[AES256_GCM,data:6OP0WpKAA8+0YX/R78ag2DLzyHJPtu6JmyjtBvtlwykW6XM0w0e2Z5tymeKezmr5QstLrq9DjDBj5BLzcz8QYhsDn719M+ynkGWXDIybrsWmKqgWyQfEPrTgCzN76t37Fc4kuV3f7EmY62P6PDv/c9ANQh4j/ZFVvLK4+pIZuhM=,iv:nIQEK0YTjwgEgs1vjzIyQc16i27VZmVDSGKhxHki/kQ=,tag:ztkLoiJlgYtYW7jVj813WQ==,type:str] + pgp: [] + unencrypted_suffix: _unencrypted + version: 3.7.3 diff --git a/config/clusters/awi-ciroh/enc-prod.secret.values.yaml b/config/clusters/awi-ciroh/enc-prod.secret.values.yaml new file mode 100644 index 0000000000..a24da2f7dc --- /dev/null +++ b/config/clusters/awi-ciroh/enc-prod.secret.values.yaml @@ -0,0 +1,21 @@ +basehub: + jupyterhub: + hub: + config: + GitHubOAuthenticator: + client_id: ENC[AES256_GCM,data:+BppDfhpn4ADDiV2ADDiTVcUU+0=,iv:W9XanGVtU5hyYvx9NHpPvi1irkkEvaYruY/owX2fA/s=,tag:U3gJmxJw7oLp/ydBZmx4ew==,type:str] + client_secret: ENC[AES256_GCM,data:0IQGQFGq+cloPDfiQHwbePh6KARWOkXQMApUqKie7xAltGhnu6DVVg==,iv:oGCkSXKZZf0/pNmrbFOyvabOvh0XfRZ9m1ntzR70ylo=,tag:KwcqDz4m38yznDCcRUpcag==,type:str] +sops: + kms: [] + gcp_kms: + - resource_id: projects/two-eye-two-see/locations/global/keyRings/sops-keys/cryptoKeys/similar-hubs + created_at: "2022-07-22T14:13:27Z" + enc: CiQA4OM7eBNZ8WN3D+dkOH0qM5DGpy0w5UdVE/lOx6m27KaNuAsSSQBq6cPrinz2sMn6rtS1M+5ZwmDucsuExqSJTGCEf5HPS47VKGp9HTBwEscrEInDrvzyJpzR6dtwIv/Gs0Mrbh06uiU/IquB4ns= + azure_kv: [] + hc_vault: [] + age: [] + lastmodified: "2022-07-22T14:13:28Z" + mac: ENC[AES256_GCM,data:itsG1rsJfr5HckXhC/hlfWO25FuAgHOCbzQdIbNoF+ydRzNFCr97djNtUeLwY9lwS/vSUcRg9Z6flSLQ4PQ0eUefcoBNnqe2/dFHADTf49DO/IbqN4oACydPTs1HGO6oWUZjh+oDVqLBuHQTIKbGv5mA6MhMs6NXMPQJHNpXC/M=,iv:ljPT3yzv3w/YEUeSjKUsVLun4kG7sIvGRFs21xTH0oM=,tag:kgrvyIuNGesJOtaqo2IzZw==,type:str] + pgp: [] + unencrypted_suffix: _unencrypted + version: 3.7.3 diff --git a/config/clusters/awi-ciroh/enc-staging.secret.values.yaml b/config/clusters/awi-ciroh/enc-staging.secret.values.yaml new file mode 100644 index 0000000000..67a8ea4641 --- /dev/null +++ b/config/clusters/awi-ciroh/enc-staging.secret.values.yaml @@ -0,0 +1,21 @@ +basehub: + jupyterhub: + hub: + config: + GitHubOAuthenticator: + client_id: ENC[AES256_GCM,data:ZWnG4XzOba5oks2OF2dyqNwKV1s=,iv:B7aPcMyIuT9DCjMMNCGvrB9OevJcO0Yp7AFOl8OOKOw=,tag:kTFEIiQpu7zlvssQOPXyMg==,type:str] + client_secret: ENC[AES256_GCM,data:/88D5GAymXPi97Zkux7DsqLEsWlER1U8cF9T0t4NQzEgbI35FK0eLw==,iv:RKNAOS6/EabjPzl42477z18iQt5r8bBskawzTaR9ziA=,tag:ls9svnZf3TP3DgmL3y0ujA==,type:str] +sops: + kms: [] + gcp_kms: + - resource_id: projects/two-eye-two-see/locations/global/keyRings/sops-keys/cryptoKeys/similar-hubs + created_at: "2022-07-22T13:54:59Z" + enc: CiQA4OM7eIdhmsUszpjRn7lyJDlxBG22ZPSiPDz/bRj0VrLwtu4SSQBq6cPrKZVyY/QNNpxYowYTiX6Rz4Df7y/BkhbZQ/WxYK9iceVHorr4CwmYrjPg4IlPbN2dQSIKZyE7ydSVBSGj0B1bRoipKDs= + azure_kv: [] + hc_vault: [] + age: [] + lastmodified: "2022-07-22T13:55:00Z" + mac: ENC[AES256_GCM,data:8nvA69PcsV43ikOdXUYp4Ah88b69zV/LXqoxuS2+t/D2If+0V4RoVL+gvRMr3w0BK+5K4tVC6umcWt4SK6KM6Vs7qDRzanf0gr1H/Bml+ORi2UPD+KC8W5b7wlweLQZVOO1bFGusFMb6yM+FlKYGMSQD7SnWTJrq5cK1RygPHZc=,iv:TM8vnGMXs1vLCTdXL2fxkOV+o8AbJmMOLwZhyMj62JQ=,tag:EWNyDZsRhgnCsSXCZEIxQA==,type:str] + pgp: [] + unencrypted_suffix: _unencrypted + version: 3.7.3 diff --git a/config/clusters/awi-ciroh/enc-support.secret.values.yaml b/config/clusters/awi-ciroh/enc-support.secret.values.yaml new file mode 100644 index 0000000000..23e7d97ed0 --- /dev/null +++ b/config/clusters/awi-ciroh/enc-support.secret.values.yaml @@ -0,0 +1,17 @@ +prometheusIngressAuthSecret: + username: ENC[AES256_GCM,data:VdgjxTemXfrrWoSAbpJGuKQPnTKj2TRB+SMfdpc0UaCN4iW5ikJfp2ekoQGkSUoSMGOuGLXfr1Fzo6RSi3GRDw==,iv:bVhIOxIKCo9LWixZUarHkSKbr01N2j+S4uSGX9IDm3Y=,tag:Ys1JM7L30mjeDQCWZaPKVQ==,type:str] + password: ENC[AES256_GCM,data:D8/XRBacGtcKhd5BnzrLxV+IEXEvgo0c5KzrKR+BC/HEl5qUk8yPs7uZ0x2pAkZzgvkLz/FeqEej74X4ZW8Z1w==,iv:yC1uoNwmlu3FoVThfGQnSCICpuYxiPCzlc564Fe+/Tw=,tag:mgTCOfAqibEWXnjMFsa12Q==,type:str] +sops: + kms: [] + gcp_kms: + - resource_id: projects/two-eye-two-see/locations/global/keyRings/sops-keys/cryptoKeys/similar-hubs + created_at: "2022-07-22T12:53:22Z" + enc: CiQA4OM7eCF5GqKN81KPokviuGudRUr8JOlIhIzpOFX9ibQNvtISSQBq6cPr4yB7QLpQDW3t9W90Atdkwpsw8R9egbXcdyUwtUVFDtc1+2y5Nr1LnwY/lUwPs3p+sArrLKBQhRNy+s7wNPRmjDNbvmE= + azure_kv: [] + hc_vault: [] + age: [] + lastmodified: "2022-07-22T12:53:23Z" + mac: ENC[AES256_GCM,data:b7BvuPil5HrCcwJxc84x/Jqyj8aDEwGMIsYH4AAYwuU2BmheYHQYnJUISPzPz6EE5vHITtsU+5bkJozgNOfYQaOz4lbyWr2+nGyneHp2ugksd4MlmJzdWqmBhI7gMQmbRqMW+vTssNJ24c7jDnPmARtnLicqvEwOTfvSdiQVr44=,iv:XYIxoLpU3yGoO7f3RXbfZkDn/b2sS1rUwMerIxC+NY4=,tag:9+DVaMXNhQ+tmAuWfAmETA==,type:str] + pgp: [] + unencrypted_suffix: _unencrypted + version: 3.7.3 diff --git a/config/clusters/awi-ciroh/prod.values.yaml b/config/clusters/awi-ciroh/prod.values.yaml new file mode 100644 index 0000000000..72afc3018b --- /dev/null +++ b/config/clusters/awi-ciroh/prod.values.yaml @@ -0,0 +1,13 @@ +basehub: + userServiceAccount: + annotations: + iam.gke.io/gcp-service-account: awi-ciroh-prod@awi-ciroh.iam.gserviceaccount.com + jupyterhub: + singleuser: + extraEnv: + SCRATCH_BUCKET: gcs://awi-ciroh-scratch/$(JUPYTERHUB_USER) + PANGEO_SCRATCH: gcs://awi-ciroh-scratch/$(JUPYTERHUB_USER) + hub: + config: + GitHubOAuthenticator: + oauth_callback_url: "https://ciroh.awi.2i2c.cloud/hub/oauth_callback" diff --git a/config/clusters/awi-ciroh/staging.values.yaml b/config/clusters/awi-ciroh/staging.values.yaml new file mode 100644 index 0000000000..a1fd4f44bf --- /dev/null +++ b/config/clusters/awi-ciroh/staging.values.yaml @@ -0,0 +1,13 @@ +basehub: + userServiceAccount: + annotations: + iam.gke.io/gcp-service-account: awi-ciroh-staging@awi-ciroh.iam.gserviceaccount.com + jupyterhub: + singleuser: + extraEnv: + SCRATCH_BUCKET: gcs://awi-ciroh-scratch-staging/$(JUPYTERHUB_USER) + PANGEO_SCRATCH: gcs://awi-ciroh-scratch-staging/$(JUPYTERHUB_USER) + hub: + config: + GitHubOAuthenticator: + oauth_callback_url: "https://staging.ciroh.awi.2i2c.cloud/hub/oauth_callback" diff --git a/config/clusters/awi-ciroh/support.values.yaml b/config/clusters/awi-ciroh/support.values.yaml new file mode 100644 index 0000000000..46942132ad --- /dev/null +++ b/config/clusters/awi-ciroh/support.values.yaml @@ -0,0 +1,22 @@ +prometheusIngressAuthSecret: + enabled: true + +grafana: + ingress: + hosts: + - grafana.ciroh.awi.2i2c.cloud + tls: + - secretName: grafana-tls + hosts: + - grafana.ciroh.awi.2i2c.cloud + +prometheus: + server: + ingress: + enabled: true + hosts: + - prometheus.ciroh.awi.2i2c.cloud + tls: + - secretName: prometheus-tls + hosts: + - prometheus.ciroh.awi.2i2c.cloud diff --git a/terraform/gcp/projects/awi-ciroh.tfvars b/terraform/gcp/projects/awi-ciroh.tfvars new file mode 100644 index 0000000000..5542c1c192 --- /dev/null +++ b/terraform/gcp/projects/awi-ciroh.tfvars @@ -0,0 +1,127 @@ +prefix = "awi-ciroh" +project_id = "awi-ciroh" +zone = "us-central1-b" +region = "us-central1" +core_node_machine_type = "n1-highmem-4" +enable_network_policy = true +enable_filestore = true +filestore_capacity_gb = 1024 + +user_buckets = { + "scratch-staging": { + "delete_after": 7 + }, + "scratch": { + "delete_after": 7 + } +} + +# Setup notebook node pools +notebook_nodes = { + "small" : { + min : 0, + max : 100, + machine_type : "n1-standard-2", + labels: {}, + gpu: { + enabled: false, + type: "", + count: 0 + } + }, + "medium" : { + min : 0, + max : 100, + machine_type : "n1-standard-4", + labels: {}, + gpu: { + enabled: false, + type: "", + count: 0 + } + }, + "large" : { + min : 0, + max : 100, + machine_type : "n1-standard-8", + labels: {}, + gpu: { + enabled: false, + type: "", + count: 0 + } + }, + "huge" : { + min : 0, + max : 100, + machine_type : "n1-standard-16", + labels: {}, + gpu: { + enabled: false, + type: "", + count: 0 + } + }, +} + +dask_nodes = { + "small" : { + min : 0, + max : 100, + machine_type : "n1-standard-2", + labels: {}, + gpu: { + enabled: false, + type: "", + count: 0 + } + }, + "medium" : { + min : 0, + max : 100, + machine_type : "n1-standard-4", + labels: {}, + gpu: { + enabled: false, + type: "", + count: 0 + } + }, + "large" : { + min : 0, + max : 100, + machine_type : "n1-standard-8", + labels: {}, + gpu: { + enabled: false, + type: "", + count: 0 + } + }, + "huge" : { + min : 0, + max : 100, + machine_type : "n1-standard-16", + labels: {}, + gpu: { + enabled: false, + type: "", + count: 0 + } + }, +} + +hub_cloud_permissions = { + "staging" : { + requestor_pays : false, + bucket_admin_access: ["scratch-staging"], + hub_namespace: "staging" + }, + "prod" : { + requestor_pays : false, + bucket_admin_access: ["scratch"], + hub_namespace: "prod" + } +} + +container_repos = [ ]