Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[maap] Add staging and prod hubs #5236

Merged
merged 9 commits into from
Dec 5, 2024
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
39 changes: 16 additions & 23 deletions config/clusters/maap/cluster.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -12,26 +12,19 @@ support:
- support.values.yaml
- enc-support.secret.values.yaml
hubs:
[]
# Uncomment the lines below once the support infrastructure was deployed and
# you are ready to add the first cluster

# - name: staging
# # Tip: consider changing this to something more human friendly
# display_name: "maap - staging"
# domain: staging.maap.2i2c.cloud
# helm_chart: basehub
# helm_chart_values_files:
# - common.values.yaml
# - staging.values.yaml
# - enc-staging.secret.values.yaml

# - name: prod
# # Tip: consider changing this to something more human friendly
# display_name: "maap - prod"
# domain: prod.maap.2i2c.cloud
# helm_chart: basehub
# helm_chart_values_files:
# - common.values.yaml
# - prod.values.yaml
# - enc-prod.secret.values.yaml
- name: staging
display_name: "MAAP - staging"
domain: staging.hub.maap.2i2c.cloud
helm_chart: basehub
helm_chart_values_files:
- common.values.yaml
- staging.values.yaml
- enc-staging.secret.values.yaml
- name: prod
display_name: "MAAP - prod"
domain: hub.maap.2i2c.cloud
helm_chart: basehub
helm_chart_values_files:
- common.values.yaml
- prod.values.yaml
- enc-prod.secret.values.yaml
285 changes: 285 additions & 0 deletions config/clusters/maap/common.values.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,285 @@
nfs:
enabled: true
volumeReporter:
enabled: false
pv:
enabled: true
# from https://docs.aws.amazon.com/efs/latest/ug/mounting-fs-nfs-mount-settings.html
mountOptions:
- rsize=1048576
- wsize=1048576
- timeo=600
- soft # We pick soft over hard, so NFS lockups don't lead to hung processes
- retrans=2
- noresvport
baseShareName: /
dask-gateway:
enabled: true
jupyterhub:
custom:
daskhubSetup:
enabled: true
2i2c:
add_staff_user_ids_to_admin_users: true
add_staff_user_ids_of_type: "github"
jupyterhubConfigurator:
enabled: false
homepage:
templateVars:
org:
name: "The Multi-Mission Algorithm and Analysis Platform (MAAP)Project"
logo_url: https://maap-project.org/wp-content/uploads/2021/10/nasamaaplogo3.png
url: https://maap-project.org/
designed_by:
name: "2i2c"
url: https://2i2c.org
operated_by:
name: "2i2c"
url: https://2i2c.org
funded_by:
name: "NASA"
url: https://www.earthdata.nasa.gov/esds
hub:
allowNamedServers: true
config:
JupyterHub:
authenticator_class: github
GitHubOAuthenticator:
populate_teams_in_auth_state: true
allowed_organizations:
- MAAP-Project:data
- MAAP-Project:maap-all
- MAAP-Project:platform
- MAAP-Project:gpu
scope:
- read:org
Authenticator:
enable_auth_state: true
admin_users:
- freitagb
- wildintellect
singleuser:
cloudMetadata:
blockWithIptables: false
defaultUrl: /lab
initContainers:
- &volume_ownership_fix_initcontainer
name: volume-mount-ownership-fix
image: busybox:1.36.1
command:
- sh
- -c
- id && chown 1000:1000 /home/jovyan /home/jovyan/shared /home/jovyan/shared-public && ls -lhd /home/jovyan
securityContext:
runAsUser: 0
volumeMounts:
- name: home
mountPath: /home/jovyan
subPath: "{username}"
# Mounted without readonly attribute here,
# so we can chown it appropriately
- name: home
mountPath: /home/jovyan/shared
subPath: _shared
- name: home
mountPath: /home/jovyan/shared-public
subPath: _shared-public
storage:
extraVolumeMounts:
- name: home
mountPath: /home/jovyan/shared-public
subPath: _shared-public
readOnly: false
- name: home
mountPath: /home/rstudio/shared-public
subPath: _shared-public
readOnly: false
- name: home
mountPath: /home/jovyan/shared
subPath: _shared
readOnly: true
- name: dev-shm
mountPath: /dev/shm
profileList:
- display_name: Choose your environment and resources
default: true
profile_options:
image:
display_name: Environment
dynamic_image_building:
enabled: true
unlisted_choice:
enabled: True
display_name: "Custom image"
validation_regex: "^.+:.+$"
validation_message: "Must be a publicly available docker image, of form <image-name>:<tag>"
kubespawner_override:
image: "{value}"
choices:
01-modify-pangeo:
display_name: Modified Pangeo Notebook
description: Pangeo based notebook with a Python environment
kubespawner_override:
image: public.ecr.aws/nasa-veda/pangeo-notebook-veda-image:2024.08.18-v1
init_containers:
# Need to explicitly fix ownership here, as otherwise these directories will be owned
# by root on most NFS filesystems - neither EFS nor Google Filestore support anonuid
- *volume_ownership_fix_initcontainer
# this container uses nbgitpuller to mount https://github.com/NASA-IMPACT/veda-docs/ for user pods
# image source: https://github.com/NASA-IMPACT/jupyterhub-gitpuller-init
- name: jupyterhub-gitpuller-init
image: public.ecr.aws/nasa-veda/jupyterhub-gitpuller-init:97eb45f9d23b128aff810e45911857d5cffd05c2
env:
- name: TARGET_PATH
value: veda-docs
- name: SOURCE_REPO
value: "https://github.com/NASA-IMPACT/veda-docs"
volumeMounts:
- name: home
mountPath: /home/jovyan
subPath: "{username}"
securityContext:
runAsUser: 1000
runAsGroup: 1000
02-rocker:
display_name: Rocker Geospatial with RStudio
description: R environment with many geospatial libraries pre-installed
kubespawner_override:
image: rocker/binder:4.3
image_pull_policy: Always
# Launch RStudio after the user logs in
default_url: /rstudio
# Ensures container working dir is homedir
# https://github.com/2i2c-org/infrastructure/issues/2559
working_dir: /home/rstudio
03-qgis:
display_name: QGIS on Linux Desktop
description: Linux desktop in the browser, with qgis installed
kubespawner_override:
# Launch people directly into the Linux desktop when they start
default_url: /desktop
# Built from https://github.com/2i2c-org/nasa-qgis-image
image: quay.io/2i2c/nasa-qgis-image:d76118ea0c15
resource_allocation:
display_name: Resource Allocation
choices:
mem_1_9:
display_name: 1.9 GB RAM, upto 3.7 CPUs
kubespawner_override:
mem_guarantee: 1991244775
mem_limit: 1991244775
cpu_guarantee: 0.2328125
cpu_limit: 3.725
node_selector:
node.kubernetes.io/instance-type: r5.xlarge
default: true
mem_3_7:
display_name: 3.7 GB RAM, upto 3.7 CPUs
kubespawner_override:
mem_guarantee: 3982489550
mem_limit: 3982489550
cpu_guarantee: 0.465625
cpu_limit: 3.725
node_selector:
node.kubernetes.io/instance-type: r5.xlarge
mem_7_4:
display_name: 7.4 GB RAM, upto 3.7 CPUs
kubespawner_override:
mem_guarantee: 7964979101
mem_limit: 7964979101
cpu_guarantee: 0.93125
cpu_limit: 3.725
node_selector:
node.kubernetes.io/instance-type: r5.xlarge
mem_14_8:
display_name: 14.8 GB RAM, upto 3.7 CPUs
kubespawner_override:
mem_guarantee: 15929958203
mem_limit: 15929958203
cpu_guarantee: 1.8625
cpu_limit: 3.725
node_selector:
node.kubernetes.io/instance-type: r5.xlarge
mem_29_7:
display_name: 29.7 GB RAM, upto 3.7 CPUs
kubespawner_override:
mem_guarantee: 31859916406
mem_limit: 31859916406
cpu_guarantee: 3.725
cpu_limit: 3.725
node_selector:
node.kubernetes.io/instance-type: r5.xlarge
mem_60_6:
display_name: 60.6 GB RAM, upto 15.6 CPUs
kubespawner_override:
mem_guarantee: 65094448840
mem_limit: 65094448840
cpu_guarantee: 7.8475
cpu_limit: 15.695
node_selector:
node.kubernetes.io/instance-type: r5.4xlarge
mem_121_2:
display_name: 121.2 GB RAM, upto 15.6 CPUs
kubespawner_override:
mem_guarantee: 130188897681
mem_limit: 130188897681
cpu_guarantee: 15.695
cpu_limit: 15.695
node_selector:
node.kubernetes.io/instance-type: r5.4xlarge
- display_name: NVIDIA Tesla T4, ~16 GB, ~4 CPUs
description: "Start a container on a dedicated node with a GPU"
slug: "gpu"
allowed_groups:
- 2i2c-org:hub-access-for-2i2c-staff
- MAAP-Project:gpu
profile_options:
image:
display_name: Environment
dynamic_image_building:
enabled: true
unlisted_choice:
enabled: true
display_name: "Custom image"
validation_regex: "^.+:.+$"
validation_message: "Must be a publicly available docker image of form <image-name>:<tag>"
kubespawner_override:
image: "{value}"
choices:
pytorch:
display_name: Pangeo PyTorch ML Notebook
default: false
slug: "pytorch"
kubespawner_override:
image: "quay.io/pangeo/pytorch-notebook:2024.11.11"
tensorflow2:
display_name: Pangeo Tensorflow2 ML Notebook
default: true
slug: "tensorflow2"
kubespawner_override:
image: "quay.io/pangeo/ml-notebook:2024.11.11"
kubespawner_override:
environment:
NVIDIA_DRIVER_CAPABILITIES: compute,utility
mem_limit: null
mem_guarantee: 14G
node_selector:
node.kubernetes.io/instance-type: g4dn.xlarge
extra_resource_limits:
nvidia.com/gpu: "1"

scheduling:
userScheduler:
enabled: true

binderhub-service:
enabled: true
# Explicitly specify what nodes we want for our builds
# Otherwise we may scale up a larger node than needed
dockerApi:
nodeSelector:
node.kubernetes.io/instance-type: r5.xlarge
config:
KubernetesBuildExecutor:
node_selector:
node.kubernetes.io/instance-type: r5.xlarge
15 changes: 15 additions & 0 deletions config/clusters/maap/enc-grafana-token.secret.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,15 @@
grafana_token: ENC[AES256_GCM,data:JK3SCP6n4xnVIrfHNshsBa9jZ3du/cJMHtjVfCUyyGR3suJiu//vbcNI+F0f4g==,iv:usVO4kJ2h6h+AKtjpvx7yIHlf1luhZxkpN4S1eN5SbI=,tag:8Yx3e2VmZFnQvg0SfOGbrA==,type:str]
sops:
kms: []
gcp_kms:
- resource_id: projects/two-eye-two-see/locations/global/keyRings/sops-keys/cryptoKeys/similar-hubs
created_at: "2024-12-05T09:01:44Z"
enc: CiUA4OM7eGy0RJQC6pst8e8nNBK+GLL7dLDYCLmAdHvG9G/cG9WHEkkAnGhyNggsDFpcnzfY2IFQeB4c6IIJDwWTFxyIZ+G6W9S2ZSnG1cySSzAIgABqr5C285Zj1IXKYxtqNsr5tyhssXNhNTLhY3aZ
azure_kv: []
hc_vault: []
age: []
lastmodified: "2024-12-05T09:01:44Z"
mac: ENC[AES256_GCM,data:pBAmQAHXVZiXA8uB0ZZfYaJVRPNOOkEgc9MQHO/3YYuPwuc8hb0EP7IZREpkTxD7cRosAlTPovWq8++MROmsj/LI4M9XuQn1PwrKtMS0tBdDZnm8z2KHdnwwzEqpKB1wkyVLSNleqJHLDChuGjylhltFmSWoNrX2srTebgxqAe4=,iv:Lhc2RRqthvjEwSBOYMJmdCDz7C6If5kLwKPxBHW8dWc=,tag:AfeasGMp2P6uf9YhlZbNrw==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.8.1
31 changes: 31 additions & 0 deletions config/clusters/maap/enc-prod.secret.values.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,31 @@
jupyterhub:
hub:
config:
GitHubOAuthenticator:
client_id: ENC[AES256_GCM,data:SKjWcoVyc0Cep3e+bcW8cEaRlkk=,iv:+aXSXE9+hw1zW/kF6V/gNSR8YhTmEa7o4eJLYa80RGo=,tag:6ePElT0HaTiCKfpQLo3zDA==,type:str]
client_secret: ENC[AES256_GCM,data:XlxBcGhMNu8v4topVgUDlBAZd1zPWzlNWNf6g9IcqBRBQc6kzFrv4w==,iv:wf0Gn8sJn4nrJFl3eHhYYdO0C5iQD/5rvCgPfqG2Q20=,tag:Ed6qTXg/veJMUSkLhP65pg==,type:str]
imagePullSecret:
create: ENC[AES256_GCM,data:JYeecg==,iv:mRlD75gLu0i3IbHCwXfE5heMIR6zThpydwPTMx/7R4s=,tag:08ZzD7DYcAUI1bLn6Yz31Q==,type:bool]
registry: ENC[AES256_GCM,data:D+YkFNpPgQ==,iv:eyfTrk9SmXwYb0OQXxpalgcHVG8t+9uB4tTeGpJeuy8=,tag:oFLnoyuUQksbV+chemkMlg==,type:str]
username: ENC[AES256_GCM,data:aE4wnNp+ow7+NxMbzIiEXoPxlPYsMhRxcPWRno8kAvk=,iv:zXV5NqtqkD5MX7QV/zDkjGcNfrZtDwH1Ei8HGSEZJlc=,tag:iQrNn4YkuCrTnnL5ujh+WA==,type:str]
password: ENC[AES256_GCM,data:dg+MqXDco31BQA+kGKMLokVclahOdcLiN8udF+NNJYUf8OiJ1bAJf3hTVXEzKCbM0Y6pV9gzTXpgp3Cu22l9ZQ==,iv:Q1ypj9H+R9Kj0wC73YaJrMaTFmtmZLgvDw5KSsSMe+o=,tag:QVPcWdttedRQnu6ZuQwSXA==,type:str]
binderhub-service:
buildPodsRegistryCredentials:
password: ENC[AES256_GCM,data:FtKzW6cHWppcEu9lA4G9eC06jHU6/i9QfUlmzQQKhUTSISI2QX4ho9AFzWQvLiKqICHylJ47DY14QgrFJ/W1xg==,iv:m+DiUsCh7LH+d+TuN4CsTAxT8Y0VfNNTD/4WxMwwvi4=,tag:+lxUp6YNXzNv76kGFqCn1w==,type:str]
config:
DockerRegistry:
password: ENC[AES256_GCM,data:0QKcLMGCwGD32GvRbbrRPRXZBVIS976kZ6mO93OaCIPmZmmG7LMcAwVhXxr3qkfOm/q/lJUfJ3V+MkgOSBWQYw==,iv:JpsDlLIKVguSZLcppbTNMObpAo4yazNns41SibEIt0E=,tag:Tt0UT1Y7bwEdrTHfrK7lTg==,type:str]
sops:
kms: []
gcp_kms:
- resource_id: projects/two-eye-two-see/locations/global/keyRings/sops-keys/cryptoKeys/similar-hubs
created_at: "2024-08-28T17:11:51Z"
enc: CiUA4OM7eE42MAnJnSRbSgcixhYQanLcxwpkon6oodvg2vfsHlPuEkkA5dG1Q+XBCcm6hV3EDD8c3e85Wdjkcv5CgftsEAzTcvFNGuijE6dUcPxi8yRhjELV8cHYPOwXuFUkdlq3L6LekDrzZoda9fjH
azure_kv: []
hc_vault: []
age: []
lastmodified: "2024-12-05T13:23:16Z"
mac: ENC[AES256_GCM,data:cCP8Y5MIe62tonJSs1PmXfhpQxvDl2TuCmlBIDHRXISzAaV5ZjnhS1XCKq5SmcgJNB4Q3eN0/XsX4dA0cSfc1764xgO1DHZ/kKDvSUIt++/zwFXQkHOqx2Rguu4HY3J/mQDrWAONNTjQyIJFtlXE88i8TJq1f2kr2kr6dbVQ7NI=,iv:9BngLFIEL2u61Zf/KiPH6+KreDAiSKCjPGqf/wYIuDE=,tag:UXtqs4CTWdXr4wNGcgXRlQ==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.9.0
Loading
Loading