From 9e26843764516528c378824cde9d55e7c59b44ae Mon Sep 17 00:00:00 2001 From: Sarah Gibson Date: Fri, 22 Jul 2022 12:04:20 +0100 Subject: [PATCH 01/11] Add tfvars file to create awi-ciroh cluster --- terraform/gcp/projects/awi-ciroh.tfvars | 127 ++++++++++++++++++++++++ 1 file changed, 127 insertions(+) create mode 100644 terraform/gcp/projects/awi-ciroh.tfvars diff --git a/terraform/gcp/projects/awi-ciroh.tfvars b/terraform/gcp/projects/awi-ciroh.tfvars new file mode 100644 index 0000000000..e45921d4e2 --- /dev/null +++ b/terraform/gcp/projects/awi-ciroh.tfvars @@ -0,0 +1,127 @@ +prefix = "awi-ciroh" +project_id = "awi-ciroh-hubs" +zone = "us-central1-b" +region = "us-central1" +core_node_machine_type = "n1-highmem-4" +enable_network_policy = true +enable_filestore = true +filestore_capacity_gb = 1024 + +user_buckets = { + "scratch-staging": { + "delete_after": 7 + }, + "scratch": { + "delete_after": 7 + } +} + +# Setup notebook node pools +notebook_nodes = { + "small" : { + min : 0, + max : 100, + machine_type : "n1-standard-2", + labels: {}, + gpu: { + enabled: false, + type: "", + count: 0 + } + }, + "medium" : { + min : 0, + max : 100, + machine_type : "n1-standard-4", + labels: {}, + gpu: { + enabled: false, + type: "", + count: 0 + } + }, + "large" : { + min : 0, + max : 100, + machine_type : "n1-standard-8", + labels: {}, + gpu: { + enabled: false, + type: "", + count: 0 + } + }, + "huge" : { + min : 0, + max : 100, + machine_type : "n1-standard-16", + labels: {}, + gpu: { + enabled: false, + type: "", + count: 0 + } + }, +} + +dask_nodes = { + "small" : { + min : 0, + max : 100, + machine_type : "n1-standard-2", + labels: {}, + gpu: { + enabled: false, + type: "", + count: 0 + } + }, + "medium" : { + min : 0, + max : 100, + machine_type : "n1-standard-4", + labels: {}, + gpu: { + enabled: false, + type: "", + count: 0 + } + }, + "large" : { + min : 0, + max : 100, + machine_type : "n1-standard-8", + labels: {}, + gpu: { + enabled: false, + type: "", + count: 0 + } + }, + "huge" : { + min : 0, + max : 100, + machine_type : "n1-standard-16", + labels: {}, + gpu: { + enabled: false, + type: "", + count: 0 + } + }, +} + +hub_cloud_permissions = { + "staging" : { + requestor_pays : false, + bucket_admin_access: ["scratch-staging"], + hub_namespace: "staging" + }, + "prod" : { + requestor_pays : false, + bucket_admin_access: ["scratch"], + hub_namespace: "prod" + } +} + +container_repos = [ ] From 03597425bcdcb383d51b3794655e774c461ae07a Mon Sep 17 00:00:00 2001 From: Sarah Gibson Date: Fri, 22 Jul 2022 12:41:28 +0100 Subject: [PATCH 02/11] Correct project ID --- terraform/gcp/projects/awi-ciroh.tfvars | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/terraform/gcp/projects/awi-ciroh.tfvars b/terraform/gcp/projects/awi-ciroh.tfvars index e45921d4e2..5542c1c192 100644 --- a/terraform/gcp/projects/awi-ciroh.tfvars +++ b/terraform/gcp/projects/awi-ciroh.tfvars @@ -1,5 +1,5 @@ prefix = "awi-ciroh" -project_id = "awi-ciroh-hubs" +project_id = "awi-ciroh" zone = "us-central1-b" region = "us-central1" core_node_machine_type = "n1-highmem-4" From 49d875978ac0fab26c7e54195cecca2636bc2e07 Mon Sep 17 00:00:00 2001 From: Sarah Gibson Date: Fri, 22 Jul 2022 13:35:42 +0100 Subject: [PATCH 03/11] Export deployer credentials --- .../enc-deployer-credentials.secret.json | 30 +++++++++++++++++++ 1 file changed, 30 insertions(+) create mode 100644 config/clusters/awi-ciroh/enc-deployer-credentials.secret.json diff --git a/config/clusters/awi-ciroh/enc-deployer-credentials.secret.json b/config/clusters/awi-ciroh/enc-deployer-credentials.secret.json new file mode 100644 index 0000000000..da8b6a1edd --- /dev/null +++ b/config/clusters/awi-ciroh/enc-deployer-credentials.secret.json @@ -0,0 +1,30 @@ +{ + "type": "ENC[AES256_GCM,data:rVDZgI3GNdbROsqDiSui,iv:gtCERTK0r9iDCqa22uGC+Szgbg9BZoS6Ea9gFGlXS9U=,tag:1ISAR0INQ3meEgo1FJ+1RQ==,type:str]", + "project_id": "ENC[AES256_GCM,data:6Q3hOBlW75G/,iv:YlArR0lSSCmQrQvwOzBFijmaqnS2wk41YXE7Vi+0Up0=,tag:1pmYnHefQEJ92NYdQaR91g==,type:str]", + "private_key_id": "ENC[AES256_GCM,data:fos9gDkEOXSKKOiNd3Ilv3Qab5ZiDGX2CuceKRNhELe9sNAW+AlLFw==,iv:6gJooVQOYcE0CJ8ukxNRfOcqyx7yeknVkaxJXyjqCqc=,tag:r39R+1fkr2L5Q2YWJhstEQ==,type:str]", + "private_key": "ENC[AES256_GCM,data:clU7pBe1bow2+yQdMmp04I16bNtN7nlhXZhhtI0y18ihV+xUNQWuX/z3sXDvAaT8jrkcY9+P8ae9rNLKvZxGjKGCSsQhjd9C47S8W13HooMx54792LR+MIQoGn30oVaX0O91ov9VGr2+lPfpjZrIofwMxtd214JoU5BsmqRRVa2qrVc5fr88NH+xSDnpxDtkfPpH/oi0BQBMTZp0vHsUJarSdtfozKG2zRc/1gzzyZDhd7Yb/LSlWkZ9dlkjPxdrcmb+xkA8rzvFi/qcE+YQyjrZeX4Tm8mFgg+pStsQ7rPgTRFO4c+hP2MJ00YKy5OWr8lx1MMaj308qaUrFC8sidJqrU3xnZYAUEkmP7KEqEkcM6fX6+7IldPR/II/mEdoidYwGBxyAUW/hcgQQLW2OP75FejlSHjrWr7JBA6DDnUR4QguMdFEEzh7iOR5t9ClXcDHY5c5lGZqA7ZJTWnX+npdgg+adqveX1vV5RFeOzDJMo/8mJ4NTG+bqpWRc9WGqv3lZPTTywhKBodM+POv/8iHAM0DtU36JhRf7wJ8UNmGXunCFF6SnyMUlSyonxZeByXs2ikOOLoW4ZCZg8DaahEwa4Ju0sogYQiVgA0DJzbyCcQblVRuR4v2zaV8DdPwJNmxd2FERKuMG5mMu3RqH/WxrSnpFC/ofwRR2Aj1m4xtlGgC7A7LXe8kbpLUnk2VEBoV/6VS1EMxWESwZooVhdCItLoOm09YkttChJ9l5ei7+QdV+gF5MsjxOLJtwK11TSl6dEhWRV56SMWgs5iHaWFzCrOAAAQsaFp/qEfK/s/fn4S0uNQ+zmk8zL1+zdHfneK2HB8tUwQpXGbKgLJmTLPqiDwEqZD8DY89sZ0QiHdzzBfCau0uYRCoj4LHJ/CCqJ09S2Mb8ifgDWBfbDsSbo2C/f7YYTkfOCCrCEwy7++sOfU2bK2AG4T7I3Iw8dGqCllMcCuZGgGh2ckiB1bZIWzqQ2VpYoa1RlZJt12u9epEuGx+LHmTPZtEfdgN3peUGt3tSkoz8mUxzpqUFhM4AocQc7ZEPZZfkKVz0RJ5laP0ivuWAEFoLv1HFf511YRwwBdEAqXEKDjS2x8VeggbvrBMRPihNJBgqrHrpm9rCP+ynGzhVCfOFDNc0m6Z1/QbLILhGtbwD7AoId6lrbIxn8SK/5EniUIKpNKM8O0VjC+yZVlePE4FGaQiSB7Ze3IUkaCSybPpaIF967zmIpEXJHzodJR+KgiWPo5gRtfELjzMhVgOdCcxcGDl4E0r9tuYmDndL+KTMHK/Ex0LuWyaa3RJLGMUCFWEJFGBLO29+lKjsjCje2OvSSP7QHnqYpLs/odn+a84mskhCGnEJ0IoLlbGv+oLh+qbpHdzBQpBWvyPfQuuOQ3fko4X3UZ/csqN1QHuuydmVAoTvZf88r4UeXCd8wEtkMibTuEVjdwqiTShnfbPr5bddE5daP3OImR8S91dEu/wBg6m5HmcSlZDsBndrDi1dEnzlQXCNRCgeisFuzxQSsX75gbE6J3E9gQutdAbqcSkfH/eLu1fZGpDMJ4AZbpiCk1FXbGID5YJBM8PZx+3ZQ9xuevz17UdxDIwiz4iqa+FjMy8PhBmVWPA7OjRv1MRvu7Eh+nNJLQKlyMca5+tkMhbOpt1DNxiBr467lr15bh/9daBjmabZ0Tn+8LzXh0XbcSldfhV8fSjXuRbZcMHi+Xu9viaG+fKMcTsOBPitSdhEEdjNkZMuTeRxOGA4c4XdJhVE2lgLVyW5cXIErE/RiPJaVNFfGC1AhruZASQ2Zy/NEoqn9/dVmo/2Hqzu8P1EBwLZFPaEQ6/UnzEO2oO3KS0zj1aV7jxIElBYelJnteBfcyxQL5KnPzGqdIj9yIKxUl0YqifuTzVELDb3F7j7L5tCxcBNV9d5nS996obFcmvC2MWJCR/Fkz2iEZ6JmbSiOpqIXSrwhz8JUimtjpASSSQEghUA7feWTd0r0r4mlywoJrW3Dyqe+lm2f5742X2tqg0CeQfEH2yBDjBea5TAnu7dP6mgTE6X62Y8n581i50JdVF3ULxKlZJwgJrIHMHj7oKR+xwQCfAviiRY41JGDAathYyYXHvbFpmMBLj5skjMV9Qc6+baeujmAiEB9ob74NeBXNj0fNdp3BeFBcYPgkm4/KC3pukYqPqgCNv4U/pi8vq+2qxAld02O8NzK8Z3udzY8nhQrhw1eAcuUjrQKJFmj+APwwtOSLpkwHUVqdsskLA3wJr3FbBqHhYWNa5OCtohTdwxw==,iv:u7GcexKmN2Z2QIZwz87sieTVPjFf9sTf9UpRLhlxNcs=,tag:cZW7ULp4FJzE3hIQmyUpKw==,type:str]", + "client_email": "ENC[AES256_GCM,data:XhjtLStnbZ3GHVU6MBVPb8pb3uNF4VfAumKC3BkFuRl1J9w5ET/YK+CknNDQN5w7Gw==,iv:AEjrTG1AIwe7uehoQI/QHtCBJriPczBXc6TKJk9y800=,tag:4CpZZVIKC7oCFoez1pP/mw==,type:str]", + "client_id": "ENC[AES256_GCM,data:cObUV2WSsgRcnR+CnHz1AtoB8lqt,iv:lxvg2CB7op3UXqhANMCKLeYmL50d0KJncx8nvoieq90=,tag:MwyHadXUcDBOXfCgTa5wFg==,type:str]", + "auth_uri": "ENC[AES256_GCM,data:kj4KyYCX+OrZWI0jAujF5cItldOW1s/MK5IQn6I7RMW9VeGlYkTwqWc=,iv:wUjixxIWTHV8w5WPj4m0lR94QtakRTdEVn9wvLuRxs8=,tag:hy064A275hhFnxIDoZSwcQ==,type:str]", + "token_uri": "ENC[AES256_GCM,data:A+b5JsfA/CNgnHL71LniQOwUTVqohN9FHW77kT6Fxslg4/w=,iv:rf+vYtJw5gyQoNGG5fyrnQ/+CWxvUZyuRVQbd7A519g=,tag:WsC5WiyvxwM9a2lS+wjc/w==,type:str]", + "auth_provider_x509_cert_url": "ENC[AES256_GCM,data:07mhks8Aepm+AdlouzuEHVbb3iHuWgtMzGicS/R3+4hckZHKAXq1nP6U,iv:MHL4+4+uHzmeUba+h0U/fJjkzcQYhM+KYQGg9Mml4Ng=,tag:jIg+4kmPNK5dBCgicmXRXQ==,type:str]", + "client_x509_cert_url": "ENC[AES256_GCM,data:kx8585qOpsX3e4wgGBcHDEFvhhDiMF4j+N58eK0A+B3Bv70pN3koyKCTcIfZ+dN+AE6WlMkWfukN0L/o9dE9aLqoJ/94rDsQ8c1Bs87m2tDzlEsl5xFk9SHlktKdyqtQ2cGxeBM=,iv:W9NpXNxKQYAH2nik3AouxZphDRRsnip/MvOaoEcTitQ=,tag:i60OFvyqT8diiY+tb8cGRA==,type:str]", + "sops": { + "kms": null, + "gcp_kms": [ + { + "resource_id": "projects/two-eye-two-see/locations/global/keyRings/sops-keys/cryptoKeys/similar-hubs", + "created_at": "2022-07-22T12:34:15Z", + "enc": "CiQA4OM7eLt+V31ddphvE7qBor+7CHL8kjevJUA8P8FpNLKX9mwSSQBq6cPrLTaR1+BMLkP9C9IcUZTf1UoaR61XbSkWgntR0gXCyZO1KLUgxZqLq6uUmn1KqVFs2M/G+AGp/7Q5+0meRs4t87q0PFc=" + } + ], + "azure_kv": null, + "hc_vault": null, + "age": null, + "lastmodified": "2022-07-22T12:34:15Z", + "mac": "ENC[AES256_GCM,data:L4hjigtgor34OQ1r67HFQJWzrLgTzuLE3y2L9bN8tsj80kJpj7pFEZgtm5pH7mvUmTOPT3KZGEoCpUd3P75l8tBGe/dHplY77Ux7uxLIyvIflEsLxBDVcpyOoHN+9u4bUbW4yHXkVXVZ2cZ36bCRmDUDqgdwwSsygNQ5jZ0dDns=,iv:fcIpjvLGzpBlFYHLS4iX2XPNgKyAskcvCwvokfpAW5U=,tag:P2+WljAf5i02phwIK/KffA==,type:str]", + "pgp": null, + "unencrypted_suffix": "_unencrypted", + "version": "3.7.3" + } +} \ No newline at end of file From 8d381acc8917ff384de4cb8adaa2d5812c408651 Mon Sep 17 00:00:00 2001 From: Sarah Gibson Date: Fri, 22 Jul 2022 13:42:26 +0100 Subject: [PATCH 04/11] Exchange tabs for whitespace --- .../enc-deployer-credentials.secret.json | 56 +++++++++---------- 1 file changed, 28 insertions(+), 28 deletions(-) diff --git a/config/clusters/awi-ciroh/enc-deployer-credentials.secret.json b/config/clusters/awi-ciroh/enc-deployer-credentials.secret.json index da8b6a1edd..204a9a92e5 100644 --- a/config/clusters/awi-ciroh/enc-deployer-credentials.secret.json +++ b/config/clusters/awi-ciroh/enc-deployer-credentials.secret.json @@ -1,30 +1,30 @@ { - "type": "ENC[AES256_GCM,data:rVDZgI3GNdbROsqDiSui,iv:gtCERTK0r9iDCqa22uGC+Szgbg9BZoS6Ea9gFGlXS9U=,tag:1ISAR0INQ3meEgo1FJ+1RQ==,type:str]", - "project_id": "ENC[AES256_GCM,data:6Q3hOBlW75G/,iv:YlArR0lSSCmQrQvwOzBFijmaqnS2wk41YXE7Vi+0Up0=,tag:1pmYnHefQEJ92NYdQaR91g==,type:str]", - "private_key_id": "ENC[AES256_GCM,data:fos9gDkEOXSKKOiNd3Ilv3Qab5ZiDGX2CuceKRNhELe9sNAW+AlLFw==,iv:6gJooVQOYcE0CJ8ukxNRfOcqyx7yeknVkaxJXyjqCqc=,tag:r39R+1fkr2L5Q2YWJhstEQ==,type:str]", - "private_key": "ENC[AES256_GCM,data:clU7pBe1bow2+yQdMmp04I16bNtN7nlhXZhhtI0y18ihV+xUNQWuX/z3sXDvAaT8jrkcY9+P8ae9rNLKvZxGjKGCSsQhjd9C47S8W13HooMx54792LR+MIQoGn30oVaX0O91ov9VGr2+lPfpjZrIofwMxtd214JoU5BsmqRRVa2qrVc5fr88NH+xSDnpxDtkfPpH/oi0BQBMTZp0vHsUJarSdtfozKG2zRc/1gzzyZDhd7Yb/LSlWkZ9dlkjPxdrcmb+xkA8rzvFi/qcE+YQyjrZeX4Tm8mFgg+pStsQ7rPgTRFO4c+hP2MJ00YKy5OWr8lx1MMaj308qaUrFC8sidJqrU3xnZYAUEkmP7KEqEkcM6fX6+7IldPR/II/mEdoidYwGBxyAUW/hcgQQLW2OP75FejlSHjrWr7JBA6DDnUR4QguMdFEEzh7iOR5t9ClXcDHY5c5lGZqA7ZJTWnX+npdgg+adqveX1vV5RFeOzDJMo/8mJ4NTG+bqpWRc9WGqv3lZPTTywhKBodM+POv/8iHAM0DtU36JhRf7wJ8UNmGXunCFF6SnyMUlSyonxZeByXs2ikOOLoW4ZCZg8DaahEwa4Ju0sogYQiVgA0DJzbyCcQblVRuR4v2zaV8DdPwJNmxd2FERKuMG5mMu3RqH/WxrSnpFC/ofwRR2Aj1m4xtlGgC7A7LXe8kbpLUnk2VEBoV/6VS1EMxWESwZooVhdCItLoOm09YkttChJ9l5ei7+QdV+gF5MsjxOLJtwK11TSl6dEhWRV56SMWgs5iHaWFzCrOAAAQsaFp/qEfK/s/fn4S0uNQ+zmk8zL1+zdHfneK2HB8tUwQpXGbKgLJmTLPqiDwEqZD8DY89sZ0QiHdzzBfCau0uYRCoj4LHJ/CCqJ09S2Mb8ifgDWBfbDsSbo2C/f7YYTkfOCCrCEwy7++sOfU2bK2AG4T7I3Iw8dGqCllMcCuZGgGh2ckiB1bZIWzqQ2VpYoa1RlZJt12u9epEuGx+LHmTPZtEfdgN3peUGt3tSkoz8mUxzpqUFhM4AocQc7ZEPZZfkKVz0RJ5laP0ivuWAEFoLv1HFf511YRwwBdEAqXEKDjS2x8VeggbvrBMRPihNJBgqrHrpm9rCP+ynGzhVCfOFDNc0m6Z1/QbLILhGtbwD7AoId6lrbIxn8SK/5EniUIKpNKM8O0VjC+yZVlePE4FGaQiSB7Ze3IUkaCSybPpaIF967zmIpEXJHzodJR+KgiWPo5gRtfELjzMhVgOdCcxcGDl4E0r9tuYmDndL+KTMHK/Ex0LuWyaa3RJLGMUCFWEJFGBLO29+lKjsjCje2OvSSP7QHnqYpLs/odn+a84mskhCGnEJ0IoLlbGv+oLh+qbpHdzBQpBWvyPfQuuOQ3fko4X3UZ/csqN1QHuuydmVAoTvZf88r4UeXCd8wEtkMibTuEVjdwqiTShnfbPr5bddE5daP3OImR8S91dEu/wBg6m5HmcSlZDsBndrDi1dEnzlQXCNRCgeisFuzxQSsX75gbE6J3E9gQutdAbqcSkfH/eLu1fZGpDMJ4AZbpiCk1FXbGID5YJBM8PZx+3ZQ9xuevz17UdxDIwiz4iqa+FjMy8PhBmVWPA7OjRv1MRvu7Eh+nNJLQKlyMca5+tkMhbOpt1DNxiBr467lr15bh/9daBjmabZ0Tn+8LzXh0XbcSldfhV8fSjXuRbZcMHi+Xu9viaG+fKMcTsOBPitSdhEEdjNkZMuTeRxOGA4c4XdJhVE2lgLVyW5cXIErE/RiPJaVNFfGC1AhruZASQ2Zy/NEoqn9/dVmo/2Hqzu8P1EBwLZFPaEQ6/UnzEO2oO3KS0zj1aV7jxIElBYelJnteBfcyxQL5KnPzGqdIj9yIKxUl0YqifuTzVELDb3F7j7L5tCxcBNV9d5nS996obFcmvC2MWJCR/Fkz2iEZ6JmbSiOpqIXSrwhz8JUimtjpASSSQEghUA7feWTd0r0r4mlywoJrW3Dyqe+lm2f5742X2tqg0CeQfEH2yBDjBea5TAnu7dP6mgTE6X62Y8n581i50JdVF3ULxKlZJwgJrIHMHj7oKR+xwQCfAviiRY41JGDAathYyYXHvbFpmMBLj5skjMV9Qc6+baeujmAiEB9ob74NeBXNj0fNdp3BeFBcYPgkm4/KC3pukYqPqgCNv4U/pi8vq+2qxAld02O8NzK8Z3udzY8nhQrhw1eAcuUjrQKJFmj+APwwtOSLpkwHUVqdsskLA3wJr3FbBqHhYWNa5OCtohTdwxw==,iv:u7GcexKmN2Z2QIZwz87sieTVPjFf9sTf9UpRLhlxNcs=,tag:cZW7ULp4FJzE3hIQmyUpKw==,type:str]", - "client_email": "ENC[AES256_GCM,data:XhjtLStnbZ3GHVU6MBVPb8pb3uNF4VfAumKC3BkFuRl1J9w5ET/YK+CknNDQN5w7Gw==,iv:AEjrTG1AIwe7uehoQI/QHtCBJriPczBXc6TKJk9y800=,tag:4CpZZVIKC7oCFoez1pP/mw==,type:str]", - "client_id": "ENC[AES256_GCM,data:cObUV2WSsgRcnR+CnHz1AtoB8lqt,iv:lxvg2CB7op3UXqhANMCKLeYmL50d0KJncx8nvoieq90=,tag:MwyHadXUcDBOXfCgTa5wFg==,type:str]", - "auth_uri": "ENC[AES256_GCM,data:kj4KyYCX+OrZWI0jAujF5cItldOW1s/MK5IQn6I7RMW9VeGlYkTwqWc=,iv:wUjixxIWTHV8w5WPj4m0lR94QtakRTdEVn9wvLuRxs8=,tag:hy064A275hhFnxIDoZSwcQ==,type:str]", - "token_uri": "ENC[AES256_GCM,data:A+b5JsfA/CNgnHL71LniQOwUTVqohN9FHW77kT6Fxslg4/w=,iv:rf+vYtJw5gyQoNGG5fyrnQ/+CWxvUZyuRVQbd7A519g=,tag:WsC5WiyvxwM9a2lS+wjc/w==,type:str]", - "auth_provider_x509_cert_url": "ENC[AES256_GCM,data:07mhks8Aepm+AdlouzuEHVbb3iHuWgtMzGicS/R3+4hckZHKAXq1nP6U,iv:MHL4+4+uHzmeUba+h0U/fJjkzcQYhM+KYQGg9Mml4Ng=,tag:jIg+4kmPNK5dBCgicmXRXQ==,type:str]", - "client_x509_cert_url": "ENC[AES256_GCM,data:kx8585qOpsX3e4wgGBcHDEFvhhDiMF4j+N58eK0A+B3Bv70pN3koyKCTcIfZ+dN+AE6WlMkWfukN0L/o9dE9aLqoJ/94rDsQ8c1Bs87m2tDzlEsl5xFk9SHlktKdyqtQ2cGxeBM=,iv:W9NpXNxKQYAH2nik3AouxZphDRRsnip/MvOaoEcTitQ=,tag:i60OFvyqT8diiY+tb8cGRA==,type:str]", - "sops": { - "kms": null, - "gcp_kms": [ - { - "resource_id": "projects/two-eye-two-see/locations/global/keyRings/sops-keys/cryptoKeys/similar-hubs", - "created_at": "2022-07-22T12:34:15Z", - "enc": "CiQA4OM7eLt+V31ddphvE7qBor+7CHL8kjevJUA8P8FpNLKX9mwSSQBq6cPrLTaR1+BMLkP9C9IcUZTf1UoaR61XbSkWgntR0gXCyZO1KLUgxZqLq6uUmn1KqVFs2M/G+AGp/7Q5+0meRs4t87q0PFc=" - } - ], - "azure_kv": null, - "hc_vault": null, - "age": null, - "lastmodified": "2022-07-22T12:34:15Z", - "mac": "ENC[AES256_GCM,data:L4hjigtgor34OQ1r67HFQJWzrLgTzuLE3y2L9bN8tsj80kJpj7pFEZgtm5pH7mvUmTOPT3KZGEoCpUd3P75l8tBGe/dHplY77Ux7uxLIyvIflEsLxBDVcpyOoHN+9u4bUbW4yHXkVXVZ2cZ36bCRmDUDqgdwwSsygNQ5jZ0dDns=,iv:fcIpjvLGzpBlFYHLS4iX2XPNgKyAskcvCwvokfpAW5U=,tag:P2+WljAf5i02phwIK/KffA==,type:str]", - "pgp": null, - "unencrypted_suffix": "_unencrypted", - "version": "3.7.3" - } + "type": "ENC[AES256_GCM,data:B6W95LxaUWulJvbSLdJS,iv:xhh/MkavMK2JJn9TD1/98iqSZOgIFDyxJIeMxNzVT7A=,tag:/g1Dgp7amGGbcyTr96Wjgg==,type:str]", + "project_id": "ENC[AES256_GCM,data:CPH3onrD4LGo,iv:hsNWBRlufldZP3Y/suRouYMD9N49vOWQDIUhQahNvj4=,tag:e1zE2eC8c682cGeIFvEY/Q==,type:str]", + "private_key_id": "ENC[AES256_GCM,data:cn32PsIahW7Tp1jGq6BuI6t1WScDrDxazE55CBmJheQe037euyLfJg==,iv:NDeMEmpAZ4lrj7hza+2oSKlEAtAAlY+CBpeEWULu0fo=,tag:yJ4gUUsHGm0xZFKrS95C8g==,type:str]", + "private_key": "ENC[AES256_GCM,data:fnPqsTLom79p3vm3eAwEjjg2TprspJQTGohD6peedCU1T+wacwUdzUscWrl/tgZKsg1x6o5Z2voaweRXh6YAr8lDjiU1mQaeq5YiS7ZOf7Pm3JhQN3+qMXZ7iZxdeDn+mOMP+wmHXgqeR8Z14fcz/ToGWzdj5qeSfo9jZ2h3mC9fOXVlJGBPxiNotJOwQmpzAADAafKz7TuRcwedkQGE5DeTYZl8z3bsg+sXzb35tR4HUh4itqvPTtVcx8K3eM8NkGscxZheTmghmmkIm0Ho2W2wa6X+L+Z90jj8dh1jG+br6FAvb2Omi8kK96adkKh/4C6tfje/CEVgF193d7Zz/rQSTMqPmMBUhXcRpx1+jFs67QzDt3nXaArrmtK9D0Z6qesWNMdVMaLD5FBrKS0zQnFfG78jNbQDgFnpy7U8sc3hqO4yfc1jTJLY06OWfHuarhFUQCNfUFbsEteAjHvORQZuGXdBUgsJgNHXaXII3jr8GlHbsuHIIiEpalclJ3PjCFDTvE7C68uG5RdxbFqHRSehf1PCjMqd4fieI4xhjq5Y8Vq2EdAD/XDi/3i9lZqws9cQRbW661RCwYEj4VhMPsDAgfDjt4fSDo4Zzi9VggwTgcuPLQSIP8rt60oTI6kC8LaFJSiCgs6afH51Teu9KFxkmPJWIXKbW0Svjwt6tqh0GquG8Zr6NRScG0+OUN1n1RvNqp/+bHL6IWmWnHy2WVEmamttu8sKt9FeLn6mg/M38F2nsvLqjoGc2GO1hhPVLvTZWD86HhAccOtYAom2ayymwPBy42/6cCLd2FVTx0aVklrG7Rx7kGualb5vXKk7VSNIpZZ+zCVfjHzIcgrmLjBGB/tHwW8JrodeyfEQOcssGPQI2uhcyd9tdX2/vo53wv30QIGqNK3UreQOm2DBXuJYf1nYTJdg7YPbFlktdWaWQZVkrWX/smvOaGXEs0z1UlBE/5wh86e370bDNZB+j2F+IbAN2L+Aa+4bX7l6HLhsjESqoLLrPkuVSG84y+4KQQVwmlwWa6AaFA2ZuZQYGx6IJLVj7MP5LTLMNQwgg40fRCCkFyt521yUioxXtgCcuVOkV2tIEcLN/pJ3KbZM4EXsxUaHQxg71G4HeyBIlp9Bj9G4Xt8w5qRYTAYhxYtmJGN6pipSIhPNQpU352FxGqMbcYPCZfi/czAm+vJXue2kravJz9ur0A2QBp/IMqXM00cCxfBnQfN80YhRGzHE98gHWaqsSChYZ4tP5S3j2JYqDOzJcDuB+xXTlBSJdM3QxhZPAszlKfTaneMHIzWJOwu5gAyI1yCI+diO6qZ+DvvNkP9HS5dSgBl4+jBpJGfK9gfDhVFQvvOCqhMMZ1j+Cioz5Ys/IHCiWm92sUvJexOMGX0VBOWU82NfCaeMOrgKJ7QTpxde/sss0SPle5xjCzO1K9pKDPpMtCTkCHhVDoAQZD4d6fokevmfJdy0BqAsYuknehNLP3Qjoj9Qi8v26HXfST+bE4aHbxfUnX5QkaZpkAVshNUrs0Im/BWrtALh5jTMLnEDu+Fn4D3M6PoD3xIGYkme3ZFUKjv3kJ1eRFNtRKulj+JvYZWceoB/qO5ZiLsiDbiMeXBOddW/fyL+QDCsNLDo2lhXRmen7WB6mdzUh5H1JRRM4r+cjNYjVK0KM8ZqF87ljtyJY2IoTXuWs9OuUC7661OeAMoKOpQlRKKw5Krb39BYvNTPR04x9Ksttgg3MlD/WuW79na/XtOUPWgWANIF82tNl3JvJLIc/s4WdwHg64b7nhhC6stHa9vGsQm+3nk2EiUXOmwCSGf/jDDM12o/rQkHsXEk0ZZPJwin+PcGjiHpc6fgFT8mn7zfidGXmBGGGjn7DEXTKG9gOgtJcDKP1VInX3XyCo1wXRYp+U7ypWbukECEzBkEEVOFWZvrfPRrpDpRi5DkBVW0IMAkMVrnNGUjuttAEjUDjB3pzWHPAetA9RppvT/3ijr87UfOoNMGvKlyfqDIvgEk72wF5VOMQp6oCWzzRHvWaMLDtRznx8LAlji/Gzt5YXm4GKwju5R2Mij1euh0sK+BeIzZ8Z4pT6eY5DgCApx6sXdQaMkD/5LCJTYvSjYQpM4V77Wgmx7zfw3h4wGhLpOXtZj/0foqtZ2n549SNtLu7HJj1gXtoyR6luaBvO6BaVTzXBOiWHL/ChalAcXGVxtDHlfEf6vqeYpoy3cVTs6u0Ns5PjDWknkLOpFxpxBJ4oHcgCFSeyJLKLmIQnxYgMDimQOKPd/lcUHMdAfpaQ==,iv:DezDa0NAhZHb9AyLLdRznCUmBFg6c3B1MBJFez7FwFA=,tag:WkNLU8nvmHxKHLl2CL7WLQ==,type:str]", + "client_email": "ENC[AES256_GCM,data:steMxns+8FUsJWayj8PVXCUriJdPohqarJacsQbMEwlUs95dKKtu9aeoe3eLirOrqQ==,iv:4/H9rRQc+QMU1+CAvbyufunQH5taRAqzCuWy9LAAojY=,tag:z6GwlF2q63Vi0B5rAmm2RQ==,type:str]", + "client_id": "ENC[AES256_GCM,data:/yXxdCdqESBCfaYTQwC4X+xkhzM1,iv:VvgmHAQglQJo8RUW8JXz92ebItmoq+KQ5r0HQ3yWzGI=,tag:/bySMqd3sT59XUC7xWU/MQ==,type:str]", + "auth_uri": "ENC[AES256_GCM,data:BrCtbSvm/7khY6ZchgSdhitGd5OV8AwZL5sBUEnjJ2Mv7B2+RnwjT+Y=,iv:cFDc9hLzyrgoY8Q4JoeS+Eq0fmmqitKXYkok5qdyKCs=,tag:eqVuqHrsoOktY+OHhbmLuA==,type:str]", + "token_uri": "ENC[AES256_GCM,data:XkUCc1faKn7A3kNKvrfoDxs5yhGoA1gtH8mePl3iQBwesgs=,iv:7hBfSM3NL5MqcDbYNdejlCeLQ6ZLcYchqqKsE9SaRzQ=,tag:O9Ux81Uy/HbctrElBv6+PA==,type:str]", + "auth_provider_x509_cert_url": "ENC[AES256_GCM,data:Q/pt+tPqo9yTTcioP0KxpZv3uHAct3hQ7k2DRy268BAOUdY/Zo55C2+N,iv:BpBbw1IatWUEq0Fi0BTjse7z6kUC/j/6wsLhoz86PGE=,tag:WHa7XZNtXqmF5bXWr/LucA==,type:str]", + "client_x509_cert_url": "ENC[AES256_GCM,data:npjhPlmsWuX5px5IkdKm6lD23WqUtirNaVi3Hn1bgyloev5C5iXPrAWpNqkzL41Xd/jEe+H0JBUkVjfwaXlnNWB8xENN3Xaw8ZgR6EQ817dWzLLwHstroiRmCTgAnjFXteNE4Mk=,iv:5VCr4Kw50vHwrHwnfg+jWLNdmXTulQxNlwYFpuGOg5E=,tag:bErFMGLCprCT3BqaGITsxw==,type:str]", + "sops": { + "kms": null, + "gcp_kms": [ + { + "resource_id": "projects/two-eye-two-see/locations/global/keyRings/sops-keys/cryptoKeys/similar-hubs", + "created_at": "2022-07-22T12:41:11Z", + "enc": "CiQA4OM7eL6Rpb7sFtWDtsWa5hlXggQKmFDPvcL9U+NaxtY4qdkSSQBq6cPrhLklHu4cPSJWW4ViehBDpoXBQ40M7OZrAsevS6QZmW4tf6LAJisQMcdLlkAZdj5jFTTcEArBYiiHCLNLFjvb5VE3hDw=" + } + ], + "azure_kv": null, + "hc_vault": null, + "age": null, + "lastmodified": "2022-07-22T12:41:11Z", + "mac": "ENC[AES256_GCM,data:ktfyntFpvDTUjn16YYJEpl6c1r5nsNKfWelks6HbkMFV4CqrtiqJuofpip6t7dxDBN7EPI9Fsct/mI5Fu896nYaTct0H5f5YDEvUQLI6OJWbmqwEkLTolUT0OPpL8K6poKVHOV4pF41GX+fwHaHPzrEz9cgOnyF49csfYOqrqD0=,iv:ge74FMJa09Tk1jkBr295L1NhU6pSqWuaaSZ/lG98ggY=,tag:1EP95rTJEKFJXS+Q+BIJnw==,type:str]", + "pgp": null, + "unencrypted_suffix": "_unencrypted", + "version": "3.7.3" + } } \ No newline at end of file From bfae34114dd5cf38f0d2b749c5d7b20457052490 Mon Sep 17 00:00:00 2001 From: Sarah Gibson Date: Fri, 22 Jul 2022 13:44:19 +0100 Subject: [PATCH 05/11] Create a cluster.yaml file for awi-ciroh cluster --- config/clusters/awi-ciroh/cluster.yaml | 10 ++++++++++ 1 file changed, 10 insertions(+) create mode 100644 config/clusters/awi-ciroh/cluster.yaml diff --git a/config/clusters/awi-ciroh/cluster.yaml b/config/clusters/awi-ciroh/cluster.yaml new file mode 100644 index 0000000000..fb2ae0f4f8 --- /dev/null +++ b/config/clusters/awi-ciroh/cluster.yaml @@ -0,0 +1,10 @@ +name: awi-ciroh +provider: gcp +gcp: + key: enc-deployer-credentials.secret.json + project: awi-ciroh + cluster: awi-ciroh-cluster + zone: us-central1 +support: + helm_chart_values_files: [] +hubs: [] From 1a2b4bac86e60d942d5ae1aaf7838b391ebe66c3 Mon Sep 17 00:00:00 2001 From: Sarah Gibson Date: Fri, 22 Jul 2022 13:46:07 +0100 Subject: [PATCH 06/11] Add awi-ciroh cluster to workflows --- .github/workflows/deploy-hubs.yaml | 1 + .github/workflows/validate-clusters.yaml | 1 + 2 files changed, 2 insertions(+) diff --git a/.github/workflows/deploy-hubs.yaml b/.github/workflows/deploy-hubs.yaml index ad916e5f79..39615bf795 100644 --- a/.github/workflows/deploy-hubs.yaml +++ b/.github/workflows/deploy-hubs.yaml @@ -154,6 +154,7 @@ jobs: failure_uwhackweeks: "${{ steps.declare-failure-status.outputs.failure_uwhackweeks }}" failure_m2lines: "${{ steps.declare-failure-status.outputs.failure_m2lines }}" failure_linked-earth: "${{ steps.declare-failure-status.outputs.failure_linked-earth }}" + failure_awi-ciroh: "${{ steps.declare-failure-status.outputs.failure_awi-ciroh }}" # Only run this job on pushes to the default branch and when the job output is not # an empty list diff --git a/.github/workflows/validate-clusters.yaml b/.github/workflows/validate-clusters.yaml index 5bbf5a887b..0fdc5000f9 100644 --- a/.github/workflows/validate-clusters.yaml +++ b/.github/workflows/validate-clusters.yaml @@ -48,6 +48,7 @@ jobs: - cluster_name: utoronto - cluster_name: uwhackweeks - cluster_name: linked-earth + - cluster_name: awi-ciroh steps: - uses: actions/checkout@v3 From 097c04b0934061cd5f4ae233d88a1b49fc0ff72d Mon Sep 17 00:00:00 2001 From: Sarah Gibson Date: Fri, 22 Jul 2022 14:33:15 +0100 Subject: [PATCH 07/11] Add and deploy support components --- config/clusters/awi-ciroh/cluster.yaml | 4 +++- .../awi-ciroh/enc-grafana-token.secret.yaml | 15 +++++++++++++ .../awi-ciroh/enc-support.secret.values.yaml | 17 ++++++++++++++ config/clusters/awi-ciroh/support.values.yaml | 22 +++++++++++++++++++ 4 files changed, 57 insertions(+), 1 deletion(-) create mode 100644 config/clusters/awi-ciroh/enc-grafana-token.secret.yaml create mode 100644 config/clusters/awi-ciroh/enc-support.secret.values.yaml create mode 100644 config/clusters/awi-ciroh/support.values.yaml diff --git a/config/clusters/awi-ciroh/cluster.yaml b/config/clusters/awi-ciroh/cluster.yaml index fb2ae0f4f8..481a8d46e4 100644 --- a/config/clusters/awi-ciroh/cluster.yaml +++ b/config/clusters/awi-ciroh/cluster.yaml @@ -6,5 +6,7 @@ gcp: cluster: awi-ciroh-cluster zone: us-central1 support: - helm_chart_values_files: [] + helm_chart_values_files: + - support.values.yaml + - enc-support.secret.values.yaml hubs: [] diff --git a/config/clusters/awi-ciroh/enc-grafana-token.secret.yaml b/config/clusters/awi-ciroh/enc-grafana-token.secret.yaml new file mode 100644 index 0000000000..3a4d5c1971 --- /dev/null +++ b/config/clusters/awi-ciroh/enc-grafana-token.secret.yaml @@ -0,0 +1,15 @@ +grafana_token: ENC[AES256_GCM,data:+OUThpjv+1v9hqKv+JfWe4rnltl65PLV9QcMOKVDC45aYuqy/J3KqlbZ14MjIYm7j0q+klqSYAErUMXz2xz5kOP/GYl7Tp/IMqm7biROZvbXobJQknrY7dpprMfLr3rDGVP7mxjeIQY=,iv:Ac5rUy0OKV1E58SzI0Eo8447UYV2JV+AhbwxW/sQnGI=,tag:jf8TOjBKoHpfAv4bkB3jbw==,type:str] +sops: + kms: [] + gcp_kms: + - resource_id: projects/two-eye-two-see/locations/global/keyRings/sops-keys/cryptoKeys/similar-hubs + created_at: "2022-07-22T13:28:54Z" + enc: CiQA4OM7eD7s5S/11bmEflT74HXWUQUoKiKVsY8xcbyPBJMg6iUSSQBq6cPrcCIwL8cA9t2cIkom83I18hcx4AGDW0O/2q2c6VsQ8jT+l1yzrx7vsHASFMvErT7GRIv/Mjf5YZf7h9XssnQD8vJBL1Y= + azure_kv: [] + hc_vault: [] + age: [] + lastmodified: "2022-07-22T13:28:56Z" + mac: ENC[AES256_GCM,data:6OP0WpKAA8+0YX/R78ag2DLzyHJPtu6JmyjtBvtlwykW6XM0w0e2Z5tymeKezmr5QstLrq9DjDBj5BLzcz8QYhsDn719M+ynkGWXDIybrsWmKqgWyQfEPrTgCzN76t37Fc4kuV3f7EmY62P6PDv/c9ANQh4j/ZFVvLK4+pIZuhM=,iv:nIQEK0YTjwgEgs1vjzIyQc16i27VZmVDSGKhxHki/kQ=,tag:ztkLoiJlgYtYW7jVj813WQ==,type:str] + pgp: [] + unencrypted_suffix: _unencrypted + version: 3.7.3 diff --git a/config/clusters/awi-ciroh/enc-support.secret.values.yaml b/config/clusters/awi-ciroh/enc-support.secret.values.yaml new file mode 100644 index 0000000000..23e7d97ed0 --- /dev/null +++ b/config/clusters/awi-ciroh/enc-support.secret.values.yaml @@ -0,0 +1,17 @@ +prometheusIngressAuthSecret: + username: ENC[AES256_GCM,data:VdgjxTemXfrrWoSAbpJGuKQPnTKj2TRB+SMfdpc0UaCN4iW5ikJfp2ekoQGkSUoSMGOuGLXfr1Fzo6RSi3GRDw==,iv:bVhIOxIKCo9LWixZUarHkSKbr01N2j+S4uSGX9IDm3Y=,tag:Ys1JM7L30mjeDQCWZaPKVQ==,type:str] + password: ENC[AES256_GCM,data:D8/XRBacGtcKhd5BnzrLxV+IEXEvgo0c5KzrKR+BC/HEl5qUk8yPs7uZ0x2pAkZzgvkLz/FeqEej74X4ZW8Z1w==,iv:yC1uoNwmlu3FoVThfGQnSCICpuYxiPCzlc564Fe+/Tw=,tag:mgTCOfAqibEWXnjMFsa12Q==,type:str] +sops: + kms: [] + gcp_kms: + - resource_id: projects/two-eye-two-see/locations/global/keyRings/sops-keys/cryptoKeys/similar-hubs + created_at: "2022-07-22T12:53:22Z" + enc: CiQA4OM7eCF5GqKN81KPokviuGudRUr8JOlIhIzpOFX9ibQNvtISSQBq6cPr4yB7QLpQDW3t9W90Atdkwpsw8R9egbXcdyUwtUVFDtc1+2y5Nr1LnwY/lUwPs3p+sArrLKBQhRNy+s7wNPRmjDNbvmE= + azure_kv: [] + hc_vault: [] + age: [] + lastmodified: "2022-07-22T12:53:23Z" + mac: ENC[AES256_GCM,data:b7BvuPil5HrCcwJxc84x/Jqyj8aDEwGMIsYH4AAYwuU2BmheYHQYnJUISPzPz6EE5vHITtsU+5bkJozgNOfYQaOz4lbyWr2+nGyneHp2ugksd4MlmJzdWqmBhI7gMQmbRqMW+vTssNJ24c7jDnPmARtnLicqvEwOTfvSdiQVr44=,iv:XYIxoLpU3yGoO7f3RXbfZkDn/b2sS1rUwMerIxC+NY4=,tag:9+DVaMXNhQ+tmAuWfAmETA==,type:str] + pgp: [] + unencrypted_suffix: _unencrypted + version: 3.7.3 diff --git a/config/clusters/awi-ciroh/support.values.yaml b/config/clusters/awi-ciroh/support.values.yaml new file mode 100644 index 0000000000..46942132ad --- /dev/null +++ b/config/clusters/awi-ciroh/support.values.yaml @@ -0,0 +1,22 @@ +prometheusIngressAuthSecret: + enabled: true + +grafana: + ingress: + hosts: + - grafana.ciroh.awi.2i2c.cloud + tls: + - secretName: grafana-tls + hosts: + - grafana.ciroh.awi.2i2c.cloud + +prometheus: + server: + ingress: + enabled: true + hosts: + - prometheus.ciroh.awi.2i2c.cloud + tls: + - secretName: prometheus-tls + hosts: + - prometheus.ciroh.awi.2i2c.cloud From 9a3380873779b91b30468c534187ceca2ac27079 Mon Sep 17 00:00:00 2001 From: Sarah Gibson Date: Fri, 22 Jul 2022 15:18:01 +0100 Subject: [PATCH 08/11] Add hubs config --- config/clusters/awi-ciroh/cluster.yaml | 22 +++- config/clusters/awi-ciroh/common.values.yaml | 113 ++++++++++++++++++ .../awi-ciroh/enc-prod.secret.values.yaml | 21 ++++ .../awi-ciroh/enc-staging.secret.values.yaml | 21 ++++ config/clusters/awi-ciroh/prod.values.yaml | 13 ++ config/clusters/awi-ciroh/staging.values.yaml | 13 ++ 6 files changed, 202 insertions(+), 1 deletion(-) create mode 100644 config/clusters/awi-ciroh/common.values.yaml create mode 100644 config/clusters/awi-ciroh/enc-prod.secret.values.yaml create mode 100644 config/clusters/awi-ciroh/enc-staging.secret.values.yaml create mode 100644 config/clusters/awi-ciroh/prod.values.yaml create mode 100644 config/clusters/awi-ciroh/staging.values.yaml diff --git a/config/clusters/awi-ciroh/cluster.yaml b/config/clusters/awi-ciroh/cluster.yaml index 481a8d46e4..3b6cd7d23a 100644 --- a/config/clusters/awi-ciroh/cluster.yaml +++ b/config/clusters/awi-ciroh/cluster.yaml @@ -9,4 +9,24 @@ support: helm_chart_values_files: - support.values.yaml - enc-support.secret.values.yaml -hubs: [] +hubs: + - name: staging + display_name: "Alabama Water Institute: CIROH (staging)" + domain: staging.ciroh.awi.2i2c.cloud + helm_chart: daskhub + auth0: + enabled: false + helm_chart_values_files: + - common.values.yaml + - staging.values.yaml + - enc-staging.secret.values.yaml + - name: prod + display_name: "Alabama Water Institute: CIROH (prod)" + domain: ciroh.awi.2i2c.cloud + helm_chart: daskhub + auth0: + enabled: false + helm_chart_values_files: + - common.values.yaml + - prod.values.yaml + - enc-prod.secret.values.yaml diff --git a/config/clusters/awi-ciroh/common.values.yaml b/config/clusters/awi-ciroh/common.values.yaml new file mode 100644 index 0000000000..d4f120e3cb --- /dev/null +++ b/config/clusters/awi-ciroh/common.values.yaml @@ -0,0 +1,113 @@ +basehub: + nfs: + enabled: true + pv: + mountOptions: + - soft + - noatime + # Google FileStore IP + serverIP: 10.11.233.234 + # Name of Google Filestore share + baseShareName: /homes/ + jupyterhub: + proxy: + https: + enabled: false + custom: + 2i2c: + add_staff_user_ids_to_admin_users: true + add_staff_user_ids_of_type: "github" + homepage: + templateVars: + org: + name: Cooperative Institute for Research to Operations in Hydrology + url: http://ovpred.ua.edu/alabama-water-institute/ + logo_url: https://user-images.githubusercontent.com/1879041/174884338-ec97bec1-1cc9-4ad8-8f63-06de666b5012.png + designed_by: + name: 2i2c + url: https://2i2c.org + operated_by: + name: 2i2c + url: https://2i2c.org + funded_by: + name: National Oceanic and Atmospheric Administration + url: https://www.noaa.gov/ + hub: + config: + JupyterHub: + authenticator_class: github + Authenticator: + # This hub uses GitHub Orgs auth and so we don't set + # allowed_users in order to not deny access to valid members of + # the listed orgs. These people should have admin access though. + admin_users: + - jameshalgren + GitHubOAuthenticator: + allowed_organizations: + - 2i2c-org:tech-team + scope: + - read:org + singleuser: + image: + name: pangeo/pangeo-notebook + tag: "2022.07.13" + profileList: + # The mem-guarantees are here so k8s doesn't schedule other pods + # on these nodes. They need to be just under total allocatable + # RAM on a node, not total node capacity. Values calculated using + # https://learnk8s.io/kubernetes-instance-calculator + - display_name: "Small" + description: 5GB RAM, 2 CPUs + default: true + kubespawner_override: + mem_limit: 7G + mem_guarantee: 4.5G + node_selector: + node.kubernetes.io/instance-type: n1-standard-2 + - display_name: Medium + description: 11GB RAM, 4 CPUs + kubespawner_override: + mem_limit: 15G + mem_guarantee: 11G + node_selector: + node.kubernetes.io/instance-type: n1-standard-4 + - display_name: Large + description: 24GB RAM, 8 CPUs + kubespawner_override: + mem_limit: 30G + mem_guarantee: 24G + node_selector: + node.kubernetes.io/instance-type: n1-standard-8 + - display_name: Huge + description: 52GB RAM, 16 CPUs + kubespawner_override: + mem_limit: 60G + mem_guarantee: 52G + node_selector: + node.kubernetes.io/instance-type: n1-standard-16 + initContainers: + # Need to explicitly fix ownership here, since EFS doesn't do anonuid + - name: volume-mount-ownership-fix + image: busybox + command: + [ + "sh", + "-c", + "id && chown 1000:1000 /home/jovyan && ls -lhd /home/jovyan", + ] + securityContext: + runAsUser: 0 + volumeMounts: + - name: home + mountPath: /home/jovyan + subPath: "{username}" +dask-gateway: + gateway: + backend: + scheduler: + cores: + request: 0.8 + limit: 1 + memory: + request: 1G + limit: 2G diff --git a/config/clusters/awi-ciroh/enc-prod.secret.values.yaml b/config/clusters/awi-ciroh/enc-prod.secret.values.yaml new file mode 100644 index 0000000000..a24da2f7dc --- /dev/null +++ b/config/clusters/awi-ciroh/enc-prod.secret.values.yaml @@ -0,0 +1,21 @@ +basehub: + jupyterhub: + hub: + config: + GitHubOAuthenticator: + client_id: ENC[AES256_GCM,data:+BppDfhpn4ADDiV2ADDiTVcUU+0=,iv:W9XanGVtU5hyYvx9NHpPvi1irkkEvaYruY/owX2fA/s=,tag:U3gJmxJw7oLp/ydBZmx4ew==,type:str] + client_secret: ENC[AES256_GCM,data:0IQGQFGq+cloPDfiQHwbePh6KARWOkXQMApUqKie7xAltGhnu6DVVg==,iv:oGCkSXKZZf0/pNmrbFOyvabOvh0XfRZ9m1ntzR70ylo=,tag:KwcqDz4m38yznDCcRUpcag==,type:str] +sops: + kms: [] + gcp_kms: + - resource_id: projects/two-eye-two-see/locations/global/keyRings/sops-keys/cryptoKeys/similar-hubs + created_at: "2022-07-22T14:13:27Z" + enc: CiQA4OM7eBNZ8WN3D+dkOH0qM5DGpy0w5UdVE/lOx6m27KaNuAsSSQBq6cPrinz2sMn6rtS1M+5ZwmDucsuExqSJTGCEf5HPS47VKGp9HTBwEscrEInDrvzyJpzR6dtwIv/Gs0Mrbh06uiU/IquB4ns= + azure_kv: [] + hc_vault: [] + age: [] + lastmodified: "2022-07-22T14:13:28Z" + mac: ENC[AES256_GCM,data:itsG1rsJfr5HckXhC/hlfWO25FuAgHOCbzQdIbNoF+ydRzNFCr97djNtUeLwY9lwS/vSUcRg9Z6flSLQ4PQ0eUefcoBNnqe2/dFHADTf49DO/IbqN4oACydPTs1HGO6oWUZjh+oDVqLBuHQTIKbGv5mA6MhMs6NXMPQJHNpXC/M=,iv:ljPT3yzv3w/YEUeSjKUsVLun4kG7sIvGRFs21xTH0oM=,tag:kgrvyIuNGesJOtaqo2IzZw==,type:str] + pgp: [] + unencrypted_suffix: _unencrypted + version: 3.7.3 diff --git a/config/clusters/awi-ciroh/enc-staging.secret.values.yaml b/config/clusters/awi-ciroh/enc-staging.secret.values.yaml new file mode 100644 index 0000000000..67a8ea4641 --- /dev/null +++ b/config/clusters/awi-ciroh/enc-staging.secret.values.yaml @@ -0,0 +1,21 @@ +basehub: + jupyterhub: + hub: + config: + GitHubOAuthenticator: + client_id: ENC[AES256_GCM,data:ZWnG4XzOba5oks2OF2dyqNwKV1s=,iv:B7aPcMyIuT9DCjMMNCGvrB9OevJcO0Yp7AFOl8OOKOw=,tag:kTFEIiQpu7zlvssQOPXyMg==,type:str] + client_secret: ENC[AES256_GCM,data:/88D5GAymXPi97Zkux7DsqLEsWlER1U8cF9T0t4NQzEgbI35FK0eLw==,iv:RKNAOS6/EabjPzl42477z18iQt5r8bBskawzTaR9ziA=,tag:ls9svnZf3TP3DgmL3y0ujA==,type:str] +sops: + kms: [] + gcp_kms: + - resource_id: projects/two-eye-two-see/locations/global/keyRings/sops-keys/cryptoKeys/similar-hubs + created_at: "2022-07-22T13:54:59Z" + enc: CiQA4OM7eIdhmsUszpjRn7lyJDlxBG22ZPSiPDz/bRj0VrLwtu4SSQBq6cPrKZVyY/QNNpxYowYTiX6Rz4Df7y/BkhbZQ/WxYK9iceVHorr4CwmYrjPg4IlPbN2dQSIKZyE7ydSVBSGj0B1bRoipKDs= + azure_kv: [] + hc_vault: [] + age: [] + lastmodified: "2022-07-22T13:55:00Z" + mac: ENC[AES256_GCM,data:8nvA69PcsV43ikOdXUYp4Ah88b69zV/LXqoxuS2+t/D2If+0V4RoVL+gvRMr3w0BK+5K4tVC6umcWt4SK6KM6Vs7qDRzanf0gr1H/Bml+ORi2UPD+KC8W5b7wlweLQZVOO1bFGusFMb6yM+FlKYGMSQD7SnWTJrq5cK1RygPHZc=,iv:TM8vnGMXs1vLCTdXL2fxkOV+o8AbJmMOLwZhyMj62JQ=,tag:EWNyDZsRhgnCsSXCZEIxQA==,type:str] + pgp: [] + unencrypted_suffix: _unencrypted + version: 3.7.3 diff --git a/config/clusters/awi-ciroh/prod.values.yaml b/config/clusters/awi-ciroh/prod.values.yaml new file mode 100644 index 0000000000..72afc3018b --- /dev/null +++ b/config/clusters/awi-ciroh/prod.values.yaml @@ -0,0 +1,13 @@ +basehub: + userServiceAccount: + annotations: + iam.gke.io/gcp-service-account: awi-ciroh-prod@awi-ciroh.iam.gserviceaccount.com + jupyterhub: + singleuser: + extraEnv: + SCRATCH_BUCKET: gcs://awi-ciroh-scratch/$(JUPYTERHUB_USER) + PANGEO_SCRATCH: gcs://awi-ciroh-scratch/$(JUPYTERHUB_USER) + hub: + config: + GitHubOAuthenticator: + oauth_callback_url: "https://ciroh.awi.2i2c.cloud/hub/oauth_callback" diff --git a/config/clusters/awi-ciroh/staging.values.yaml b/config/clusters/awi-ciroh/staging.values.yaml new file mode 100644 index 0000000000..a1fd4f44bf --- /dev/null +++ b/config/clusters/awi-ciroh/staging.values.yaml @@ -0,0 +1,13 @@ +basehub: + userServiceAccount: + annotations: + iam.gke.io/gcp-service-account: awi-ciroh-staging@awi-ciroh.iam.gserviceaccount.com + jupyterhub: + singleuser: + extraEnv: + SCRATCH_BUCKET: gcs://awi-ciroh-scratch-staging/$(JUPYTERHUB_USER) + PANGEO_SCRATCH: gcs://awi-ciroh-scratch-staging/$(JUPYTERHUB_USER) + hub: + config: + GitHubOAuthenticator: + oauth_callback_url: "https://staging.ciroh.awi.2i2c.cloud/hub/oauth_callback" From d634ad2df8227c3c330f97bd73f2fd77a7114eba Mon Sep 17 00:00:00 2001 From: Sarah Gibson Date: Fri, 22 Jul 2022 15:19:24 +0100 Subject: [PATCH 09/11] Add awi-ciroh cluster to grafana dashboards workflow --- .github/workflows/deploy-grafana-dashboards.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/deploy-grafana-dashboards.yaml b/.github/workflows/deploy-grafana-dashboards.yaml index 19dbfb8f1a..5665dc2660 100644 --- a/.github/workflows/deploy-grafana-dashboards.yaml +++ b/.github/workflows/deploy-grafana-dashboards.yaml @@ -22,6 +22,7 @@ jobs: - cluster_name: pangeo-hubs - cluster_name: utoronto - cluster_name: uwhackweeks + - cluster_name: awi-ciroh steps: - name: Checkout repo uses: actions/checkout@v3 From c9262e25248aad4b9a3faeacc378441725cb6de5 Mon Sep 17 00:00:00 2001 From: Sarah Gibson Date: Mon, 25 Jul 2022 15:31:14 +0100 Subject: [PATCH 10/11] Update hub user image --- config/clusters/awi-ciroh/common.values.yaml | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/config/clusters/awi-ciroh/common.values.yaml b/config/clusters/awi-ciroh/common.values.yaml index d4f120e3cb..3d6b82dd1f 100644 --- a/config/clusters/awi-ciroh/common.values.yaml +++ b/config/clusters/awi-ciroh/common.values.yaml @@ -49,8 +49,9 @@ basehub: - read:org singleuser: image: - name: pangeo/pangeo-notebook - tag: "2022.07.13" + # Image build repo: https://github.com/2i2c-org/awi-ciroh-image + name: "quay.io/2i2c/awi-ciroh-image" + tag: "7b080bef9a29" profileList: # The mem-guarantees are here so k8s doesn't schedule other pods # on these nodes. They need to be just under total allocatable From 42dff3673b26f000ead0a1160faf84b111a0bccf Mon Sep 17 00:00:00 2001 From: Sarah Gibson Date: Mon, 25 Jul 2022 15:32:38 +0100 Subject: [PATCH 11/11] Add AWI and NOAA-OWP to list of allowed_organizations for auth --- config/clusters/awi-ciroh/common.values.yaml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/config/clusters/awi-ciroh/common.values.yaml b/config/clusters/awi-ciroh/common.values.yaml index 3d6b82dd1f..90f19a3004 100644 --- a/config/clusters/awi-ciroh/common.values.yaml +++ b/config/clusters/awi-ciroh/common.values.yaml @@ -44,7 +44,9 @@ basehub: - jameshalgren GitHubOAuthenticator: allowed_organizations: - - 2i2c-org:tech-team + - 2i2c-org + - alabamawaterinstitute + - NOAA-OWP scope: - read:org singleuser: