Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Provision per-cluster support components #456

Merged
merged 2 commits into from
Jul 22, 2021

Conversation

yuvipanda
Copy link
Member

@yuvipanda yuvipanda commented Jun 8, 2021

  • Set up cert-manager explicitly, since it can not be set up as
    a dependent chart of our 'support' chart.
  • 'support' chart deploys prometheus, grafana and nginx-ingress
    in a standard configuration.
  • Allow per-cluster overrides with config under support/clusters.
  • Automates auth to cluster for automated deployment
  • Puts config overrides in same place as cluster config, to
    avoid duplication
  • Sets up HTTPS for the 2i2c pilot hubs grafana

Ref #388

TODO

  • Setup auth for grafana
  • Deploy with CI / CD

@yuvipanda yuvipanda marked this pull request as draft June 8, 2021 20:20
@yuvipanda yuvipanda changed the title Provision per-cluster support components [WIP] Provision per-cluster support components Jun 8, 2021
@yuvipanda yuvipanda force-pushed the support branch 2 times, most recently from b08b645 to f40f771 Compare June 9, 2021 11:27
yuvipanda added a commit to yuvipanda/pilot-hubs that referenced this pull request Jun 9, 2021
Multiple domains were supported primarily to make sure hubs
are reachable by both datahub.mills.edu and mills.cloudbank.2i2c.cloud.
In practice, nobody uses the second URL, and this just confuses
the deployer code. datahub.mills.edu is a CNAME to
mills.cloudbank.2i2c.cloud - but that doesn't require the latter
to actually serve any content (over HTTP). CNAME is a DNS feature,
so we don't actually have to do anything wrt HTTP serving.

Includes slight refactoring to make auth.KeyProvider a little more
agnostic to just using with JupyterHubs - could perhaps be used
with 2i2c-org#456 in providing
OAuth credentials for grafana too
support/values.yaml Outdated Show resolved Hide resolved
deployer/__main__.py Outdated Show resolved Hide resolved
yuvipanda added a commit to yuvipanda/pilot-hubs that referenced this pull request Jun 10, 2021
- Follow-up to 2i2c-org#458 -
  domain can not be list anymore with 2i2c-org#460
- Support components config for each cluster is also now present
  in the cluster.yaml config files, with
  2i2c-org#456. Even though
  that has not been merged yet, it is already deployed. This PR
  updates the schema to allow the support config.
@yuvipanda yuvipanda mentioned this pull request Jul 13, 2021
9 tasks
Eventually this should be per-cluster auth via auth0,
but this will do for now
yuvipanda added a commit to yuvipanda/pilot-hubs that referenced this pull request Jul 20, 2021
Without this we were flying blind.

Based off 2i2c-org#456
yuvipanda added a commit to yuvipanda/pilot-hubs that referenced this pull request Jul 20, 2021
Without this we were flying blind.

I manually updated the DNS records, and had to delete
`proxy-public` svc to get this to work.

Based off 2i2c-org#456
@yuvipanda yuvipanda changed the title [WIP] Provision per-cluster support components Provision per-cluster support components Jul 20, 2021
@yuvipanda yuvipanda marked this pull request as ready for review July 20, 2021 10:38
@yuvipanda yuvipanda requested a review from sgibson91 July 20, 2021 10:38
Copy link
Member

@sgibson91 sgibson91 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This looks great to me!

@yuvipanda
Copy link
Member Author

yuvipanda commented Jul 20, 2021

Copying testing instructions from #533 (comment):

  1. Add the 'support' key in your cluster.yaml, and change grafana DNS there accordingly
  2. Run python3 deployer deploy-support <cluster-name>
  3. Once it's deployed, look at the external ip of k -n support get svc support-ingress-nginx-controller, and make a DNS entry for the grafana DNS you picked in (1)
  4. The grafana username is admin, password is present in support/secrets.yaml (sops encrypted)
  5. Once done, try to deploy https://github.com/jupyterhub/jupyterhub-grafana to the grafana so we have useful dashboards
  6. Once this all works, let's document this

@damianavila
Copy link
Contributor

For future readers, this is not the complete PR as it is described in the first message.
The complement lives actually as part of another @yuvipanda's PR: #429.

Btw, @sgibson91, I think you will find that historical context useful as well 😉 .

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants