From e3afae68392ce223e12e1fbb5d649a5060cabee8 Mon Sep 17 00:00:00 2001 From: Sarah Gibson Date: Tue, 1 Feb 2022 16:36:24 +0000 Subject: [PATCH 01/28] Create subdirs for each cluster and move config into them --- config/clusters/{ => 2i2c}/2i2c.cluster.yaml | 0 .../clusters/{ => azure.carbonplan}/azure.carbonplan.cluster.yaml | 0 config/clusters/{ => carbonplan}/carbonplan.cluster.yaml | 0 config/clusters/{ => cloudbank}/cloudbank.cluster.yaml | 0 config/clusters/{ => farallon}/farallon.cluster.yaml | 0 .../{ => justiceinnovationlab}/justiceinnovationlab.cluster.yaml | 0 config/clusters/{ => meom-ige}/meom-ige.cluster.yaml | 0 config/clusters/{ => openscapes}/openscapes.cluster.yaml | 0 config/clusters/{ => pangeo-hubs}/pangeo-hubs.cluster.yaml | 0 config/clusters/{ => utoronto}/utoronto.cluster.yaml | 0 10 files changed, 0 insertions(+), 0 deletions(-) rename config/clusters/{ => 2i2c}/2i2c.cluster.yaml (100%) rename config/clusters/{ => azure.carbonplan}/azure.carbonplan.cluster.yaml (100%) rename config/clusters/{ => carbonplan}/carbonplan.cluster.yaml (100%) rename config/clusters/{ => cloudbank}/cloudbank.cluster.yaml (100%) rename config/clusters/{ => farallon}/farallon.cluster.yaml (100%) rename config/clusters/{ => justiceinnovationlab}/justiceinnovationlab.cluster.yaml (100%) rename config/clusters/{ => meom-ige}/meom-ige.cluster.yaml (100%) rename config/clusters/{ => openscapes}/openscapes.cluster.yaml (100%) rename config/clusters/{ => pangeo-hubs}/pangeo-hubs.cluster.yaml (100%) rename config/clusters/{ => utoronto}/utoronto.cluster.yaml (100%) diff --git a/config/clusters/2i2c.cluster.yaml b/config/clusters/2i2c/2i2c.cluster.yaml similarity index 100% rename from config/clusters/2i2c.cluster.yaml rename to config/clusters/2i2c/2i2c.cluster.yaml diff --git a/config/clusters/azure.carbonplan.cluster.yaml b/config/clusters/azure.carbonplan/azure.carbonplan.cluster.yaml similarity index 100% rename from config/clusters/azure.carbonplan.cluster.yaml rename to config/clusters/azure.carbonplan/azure.carbonplan.cluster.yaml diff --git a/config/clusters/carbonplan.cluster.yaml b/config/clusters/carbonplan/carbonplan.cluster.yaml similarity index 100% rename from config/clusters/carbonplan.cluster.yaml rename to config/clusters/carbonplan/carbonplan.cluster.yaml diff --git a/config/clusters/cloudbank.cluster.yaml b/config/clusters/cloudbank/cloudbank.cluster.yaml similarity index 100% rename from config/clusters/cloudbank.cluster.yaml rename to config/clusters/cloudbank/cloudbank.cluster.yaml diff --git a/config/clusters/farallon.cluster.yaml b/config/clusters/farallon/farallon.cluster.yaml similarity index 100% rename from config/clusters/farallon.cluster.yaml rename to config/clusters/farallon/farallon.cluster.yaml diff --git a/config/clusters/justiceinnovationlab.cluster.yaml b/config/clusters/justiceinnovationlab/justiceinnovationlab.cluster.yaml similarity index 100% rename from config/clusters/justiceinnovationlab.cluster.yaml rename to config/clusters/justiceinnovationlab/justiceinnovationlab.cluster.yaml diff --git a/config/clusters/meom-ige.cluster.yaml b/config/clusters/meom-ige/meom-ige.cluster.yaml similarity index 100% rename from config/clusters/meom-ige.cluster.yaml rename to config/clusters/meom-ige/meom-ige.cluster.yaml diff --git a/config/clusters/openscapes.cluster.yaml b/config/clusters/openscapes/openscapes.cluster.yaml similarity index 100% rename from config/clusters/openscapes.cluster.yaml rename to config/clusters/openscapes/openscapes.cluster.yaml diff --git a/config/clusters/pangeo-hubs.cluster.yaml b/config/clusters/pangeo-hubs/pangeo-hubs.cluster.yaml similarity index 100% rename from config/clusters/pangeo-hubs.cluster.yaml rename to config/clusters/pangeo-hubs/pangeo-hubs.cluster.yaml diff --git a/config/clusters/utoronto.cluster.yaml b/config/clusters/utoronto/utoronto.cluster.yaml similarity index 100% rename from config/clusters/utoronto.cluster.yaml rename to config/clusters/utoronto/utoronto.cluster.yaml From cff8e0d8b3489e7d128789395d55edc5a89edbbf Mon Sep 17 00:00:00 2001 From: Sarah Gibson Date: Tue, 1 Feb 2022 16:36:43 +0000 Subject: [PATCH 02/28] Move staff.yaml up out of clusters dir --- config/{clusters => }/staff.yaml | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename config/{clusters => }/staff.yaml (100%) diff --git a/config/clusters/staff.yaml b/config/staff.yaml similarity index 100% rename from config/clusters/staff.yaml rename to config/staff.yaml From 0e62ea4ded9e1b1666a4c4aea2ed20df851abcbe Mon Sep 17 00:00:00 2001 From: Sarah Gibson Date: Tue, 1 Feb 2022 16:38:35 +0000 Subject: [PATCH 03/28] Update location of staff.yaml in deployer --- deployer/utils.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/deployer/utils.py b/deployer/utils.py index 4cc10c3742..8a8501ff4c 100644 --- a/deployer/utils.py +++ b/deployer/utils.py @@ -75,7 +75,7 @@ def replace_staff_placeholder(user_list, staff): def update_authenticator_config(config, helm_chart): """Prepare a hub's configuration file for deployment.""" # Load the staff config file - with open("config/clusters/staff.yaml") as f: + with open("config/staff.yaml") as f: staff = yaml.load(f) if "basehub" in helm_chart: From 2e1fd7e0c5880961284e1f013d64e4f361a62747 Mon Sep 17 00:00:00 2001 From: Sarah Gibson Date: Tue, 1 Feb 2022 16:38:49 +0000 Subject: [PATCH 04/28] Update link to staff.yaml in docs --- docs/topic/config.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/topic/config.md b/docs/topic/config.md index 2c0791060e..72a6f4ade8 100644 --- a/docs/topic/config.md +++ b/docs/topic/config.md @@ -39,4 +39,4 @@ When a new hub is created, we use one of these two placeholders to add 2i2c staf When a hub is deployed, these placeholders are removed, and the usernames corresponding to the correct staff list are added to the hub's Admin and Allowed users. -You can find the list of staff usernames at [`config/clusters/staff.yaml`](https://github.com/2i2c-org/infrastructure/tree/HEAD/config/clusters/staff.yaml). +You can find the list of staff usernames at [`config/staff.yaml`](https://github.com/2i2c-org/infrastructure/tree/HEAD/config/staff.yaml). From ee4e82c67c39905e83accd685259a3fdf86f0aec Mon Sep 17 00:00:00 2001 From: Sarah Gibson Date: Tue, 1 Feb 2022 17:03:09 +0000 Subject: [PATCH 05/28] Update deployer to recognise cluster subfolders --- deployer/__main__.py | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/deployer/__main__.py b/deployer/__main__.py index 11bce5cbb1..f4400796b4 100644 --- a/deployer/__main__.py +++ b/deployer/__main__.py @@ -28,7 +28,7 @@ def deploy_support(cluster_name): validate(cluster_name) config_file_path = ( - Path(os.getcwd()) / "config/clusters" / f"{cluster_name}.cluster.yaml" + Path(os.getcwd()) / "config/clusters"/ cluster_name / f"{cluster_name}.cluster.yaml" ) with open(config_file_path) as f: cluster = Cluster(yaml.load(f)) @@ -47,7 +47,7 @@ def deploy_jupyterhub_grafana(cluster_name): validate(cluster_name) config_file_path = ( - Path(os.getcwd()) / "config/clusters" / f"{cluster_name}.cluster.yaml" + Path(os.getcwd()) / "config/clusters" / cluster_name / f"{cluster_name}.cluster.yaml" ) with open(config_file_path) as f: cluster = Cluster(yaml.load(f)) @@ -158,7 +158,7 @@ def deploy(cluster_name, hub_name, skip_hub_health_test, config_path): SECRET_KEY = bytes.fromhex(config["secret_key"]) config_file_path = ( - Path(os.getcwd()) / "config/clusters" / f"{cluster_name}.cluster.yaml" + Path(os.getcwd()) / "config/clusters" / cluster_name / f"{cluster_name}.cluster.yaml" ) with open(config_file_path) as f: cluster = Cluster(yaml.load(f)) @@ -178,7 +178,7 @@ def deploy(cluster_name, hub_name, skip_hub_health_test, config_path): def validate(cluster_name): cluster_dir = Path(os.getcwd()) / "config/clusters" schema_file = cluster_dir / "schema.yaml" - config_file = cluster_dir / f"{cluster_name}.cluster.yaml" + config_file = cluster_dir / cluster_name / f"{cluster_name}.cluster.yaml" with open(config_file) as cf, open(schema_file) as sf: cluster_config = yaml.load(cf) schema = yaml.load(sf) From 7469921dc853066617b1ee8d238deaa056b8835d Mon Sep 17 00:00:00 2001 From: Sarah Gibson Date: Tue, 8 Feb 2022 10:24:31 +0000 Subject: [PATCH 06/28] Move UW Hackweeks config into it's own folder --- config/clusters/{ => uwhackweeks}/uwhackweeks.cluster.yaml | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename config/clusters/{ => uwhackweeks}/uwhackweeks.cluster.yaml (100%) diff --git a/config/clusters/uwhackweeks.cluster.yaml b/config/clusters/uwhackweeks/uwhackweeks.cluster.yaml similarity index 100% rename from config/clusters/uwhackweeks.cluster.yaml rename to config/clusters/uwhackweeks/uwhackweeks.cluster.yaml From 3c05e3544fd1e90eba9a8cee92c90f5088a0071f Mon Sep 17 00:00:00 2001 From: Sarah Gibson Date: Tue, 8 Feb 2022 10:33:28 +0000 Subject: [PATCH 07/28] Update the schema file --- config/clusters/schema.yaml | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/config/clusters/schema.yaml b/config/clusters/schema.yaml index 7e78e0853c..77c9e5062f 100644 --- a/config/clusters/schema.yaml +++ b/config/clusters/schema.yaml @@ -154,7 +154,7 @@ properties: - domain - auth0 - helm_chart - - config + - helm_chart_values_files items: - type: object additionalProperties: false @@ -239,7 +239,8 @@ properties: then: required: - connection - config: - type: object + helm_chart_values_files: + type: array description: | - YAML configuration that is passed through to helm. + A list of *.values.yaml files which, together, describe the complete + helm chart values for a single hub deployment. From a76ee064fc44a5b79edd3ca3b16961a1ab879185 Mon Sep 17 00:00:00 2001 From: Sarah Gibson Date: Tue, 8 Feb 2022 10:46:31 +0000 Subject: [PATCH 08/28] Rename pangeo-hubs cluster file and separate out helm chart values --- config/clusters/pangeo-hubs/cluster.yaml | 45 +++++ .../pangeo-hubs/pangeo-hubs.cluster.yaml | 181 ------------------ config/clusters/pangeo-hubs/prod.values.yaml | 6 + .../clusters/pangeo-hubs/staging.values.yaml | 124 ++++++++++++ 4 files changed, 175 insertions(+), 181 deletions(-) create mode 100644 config/clusters/pangeo-hubs/cluster.yaml delete mode 100644 config/clusters/pangeo-hubs/pangeo-hubs.cluster.yaml create mode 100644 config/clusters/pangeo-hubs/prod.values.yaml create mode 100644 config/clusters/pangeo-hubs/staging.values.yaml diff --git a/config/clusters/pangeo-hubs/cluster.yaml b/config/clusters/pangeo-hubs/cluster.yaml new file mode 100644 index 0000000000..fbb13a752b --- /dev/null +++ b/config/clusters/pangeo-hubs/cluster.yaml @@ -0,0 +1,45 @@ +name: pangeo-hubs +provider: gcp +gcp: + key: secrets/pangeo-hubs.json + project: pangeo-integration-te-3eea + cluster: pangeo-hubs-cluster + zone: us-central1-b +support: + config: + grafana: + ingress: + hosts: + - grafana.gcp.pangeo.2i2c.cloud + tls: + - secretName: grafana-tls + hosts: + - grafana.gcp.pangeo.2i2c.cloud + # Disable the Admissions Validation Webhook and the port is not + # permitted on private GKE clusters + ingress-nginx: + controller: + admissionWebhooks: + enabled: false + prometheus: + server: + resources: + limits: + cpu: 2 + memory: 12Gi +hubs: + - name: staging + domain: staging.us-central1-b.gcp.pangeo.io + helm_chart: daskhub + auth0: + enabled: false + helm_chart_values_files: + - staging.values.yaml + - name: prod + domain: us-central1-b.gcp.pangeo.io + helm_chart: daskhub + auth0: + enabled: false + helm_chart_values_files: + - staging.values.yaml + - prod.values.yaml diff --git a/config/clusters/pangeo-hubs/pangeo-hubs.cluster.yaml b/config/clusters/pangeo-hubs/pangeo-hubs.cluster.yaml deleted file mode 100644 index 06d9fc0b83..0000000000 --- a/config/clusters/pangeo-hubs/pangeo-hubs.cluster.yaml +++ /dev/null @@ -1,181 +0,0 @@ -name: pangeo-hubs -provider: gcp -gcp: - key: secrets/pangeo-hubs.json - project: pangeo-integration-te-3eea - cluster: pangeo-hubs-cluster - zone: us-central1-b -support: - config: - grafana: - ingress: - hosts: - - grafana.gcp.pangeo.2i2c.cloud - tls: - - secretName: grafana-tls - hosts: - - grafana.gcp.pangeo.2i2c.cloud - # Disable the Admissions Validation Webhook and the port is not - # permitted on private GKE clusters - ingress-nginx: - controller: - admissionWebhooks: - enabled: false - prometheus: - server: - resources: - limits: - cpu: 2 - memory: 12Gi -hubs: - - name: staging - domain: staging.us-central1-b.gcp.pangeo.io - helm_chart: daskhub - auth0: - enabled: false - config: - basehub: - nfs: &staging_nfs - enabled: true - pv: - mountOptions: - - soft - - noatime - # Google FileStore IP - serverIP: 10.229.44.234 - # Name of Google Filestore share - baseShareName: /homes/ - jupyterhub: - proxy: &staging_jhub_proxy - https: - enabled: false - custom: &staging_jhub_custom - cloudResources: - provider: gcp - gcp: - projectId: pangeo-integration-te-3eea - scratchBucket: - enabled: true - homepage: - templateVars: - org: - name: Pangeo - url: https://pangeo.io - logo_url: "https://raw.githubusercontent.com/pangeo-data/pangeo/master/docs/_static/pangeo_simple_logo.svg" - designed_by: - name: 2i2c - url: https://2i2c.org - operated_by: - name: 2i2c - url: https://2i2c.org - funded_by: - name: NSF EarthCube Program (Award ICER-2026932) - url: "https://www.nsf.gov/awardsearch/showAward?AWD_ID=2026932" - hub: - config: - Authenticator: &staging_jhub_authenticator - admin_users: - - - - rabernat - - jhamman - - scottyhq - - TomAugspurger - JupyterHub: &staging_jhub_jupyterhub - authenticator_class: github - GitHubOAuthenticator: - oauth_callback_url: https://staging.us-central1-b.gcp.pangeo.io/hub/oauth_callback - allowed_organizations: &staging_jhub_allowed_orgs - - pangeo-data:us-central1-b-gcp - - 2i2c-org:tech-team - scope: &staging_jhub_scope - - read:org - singleuser: &staging_jhub_singleuser - image: - name: pangeo/pangeo-notebook - tag: bcfacc5 - profileList: - # The mem-guarantees are here so k8s doesn't schedule other pods - # on these nodes. They need to be just under total allocatable - # RAM on a node, not total node capacity - - display_name: "Small (1 GB - 4 GB)" - default: true - kubespawner_override: - cpu_limit: 2 - cpu_guarantee: 0.3 - mem_limit: 4G - mem_guarantee: 1G - node_selector: - node.kubernetes.io/instance-type: n1-standard-4 - - display_name: "Medium (4 GB - 8 GB)" - kubespawner_override: - cpu_limit: 2 - cpu_guarantee: 1 - mem_limit: 8G - mem_guarantee: 4G - node_selector: - node.kubernetes.io/instance-type: n1-standard-8 - - display_name: "Large (12 GB - 16 GB)" - kubespawner_override: - cpu_limit: 4 - cpu_guarantee: 1 - mem_limit: 16G - mem_guarantee: 12G - node_selector: - node.kubernetes.io/instance-type: n1-standard-16 - - display_name: "ML Image - Large (12 GB - 16 GB)" - description: "https://github.com/pangeo-data/pangeo-docker-images/tree/master/ml-notebook" - kubespawner_override: - image: "pangeo/ml-notebook:master" - cpu_limit: 2 - cpu_guarantee: 1 - mem_limit: 16G - mem_guarantee: 12G - node_selector: - node.kubernetes.io/instance-type: n1-standard-16 - initContainers: - # Need to explicitly fix ownership here, since EFS doesn't do anonuid - - name: volume-mount-ownership-fix - image: busybox - command: - [ - "sh", - "-c", - "id && chown 1000:1000 /home/jovyan && ls -lhd /home/jovyan", - ] - securityContext: - runAsUser: 0 - volumeMounts: - - name: home - mountPath: /home/jovyan - subPath: "{username}" - dask-gateway: &staging_dask_gateway - gateway: - backend: - scheduler: - cores: - request: 0.8 - limit: 1 - memory: - request: 1G - limit: 2G - - name: prod - domain: us-central1-b.gcp.pangeo.io - helm_chart: daskhub - auth0: - enabled: false - config: - basehub: - nfs: *staging_nfs - jupyterhub: - proxy: *staging_jhub_proxy - custom: *staging_jhub_custom - hub: - config: - Authenticator: *staging_jhub_authenticator - JupyterHub: *staging_jhub_jupyterhub - GitHubOAuthenticator: - oauth_callback_url: https://us-central1-b.gcp.pangeo.io/hub/oauth_callback - allowed_organizations: *staging_jhub_allowed_orgs - scope: *staging_jhub_scope - singleuser: *staging_jhub_singleuser - dask-gateway: *staging_dask_gateway diff --git a/config/clusters/pangeo-hubs/prod.values.yaml b/config/clusters/pangeo-hubs/prod.values.yaml new file mode 100644 index 0000000000..37c41eaacf --- /dev/null +++ b/config/clusters/pangeo-hubs/prod.values.yaml @@ -0,0 +1,6 @@ +basehub: + jupyterhub: + hub: + config: + GitHubOAuthenticator: + oauth_callback_url: https://us-central1-b.gcp.pangeo.io/hub/oauth_callback diff --git a/config/clusters/pangeo-hubs/staging.values.yaml b/config/clusters/pangeo-hubs/staging.values.yaml new file mode 100644 index 0000000000..40df31c514 --- /dev/null +++ b/config/clusters/pangeo-hubs/staging.values.yaml @@ -0,0 +1,124 @@ +basehub: + nfs: + enabled: true + pv: + mountOptions: + - soft + - noatime + # Google FileStore IP + serverIP: 10.229.44.234 + # Name of Google Filestore share + baseShareName: /homes/ + jupyterhub: + proxy: + https: + enabled: false + custom: + cloudResources: + provider: gcp + gcp: + projectId: pangeo-integration-te-3eea + scratchBucket: + enabled: true + homepage: + templateVars: + org: + name: Pangeo + url: https://pangeo.io + logo_url: "https://raw.githubusercontent.com/pangeo-data/pangeo/master/docs/_static/pangeo_simple_logo.svg" + designed_by: + name: 2i2c + url: https://2i2c.org + operated_by: + name: 2i2c + url: https://2i2c.org + funded_by: + name: NSF EarthCube Program (Award ICER-2026932) + url: "https://www.nsf.gov/awardsearch/showAward?AWD_ID=2026932" + hub: + config: + Authenticator: + admin_users: + - + - rabernat + - jhamman + - scottyhq + - TomAugspurger + JupyterHub: + authenticator_class: github + GitHubOAuthenticator: + oauth_callback_url: https://staging.us-central1-b.gcp.pangeo.io/hub/oauth_callback + allowed_organizations: + - pangeo-data:us-central1-b-gcp + - 2i2c-org:tech-team + scope: + - read:org + singleuser: + image: + name: pangeo/pangeo-notebook + tag: bcfacc5 + profileList: + # The mem-guarantees are here so k8s doesn't schedule other pods + # on these nodes. They need to be just under total allocatable + # RAM on a node, not total node capacity + - display_name: "Small (1 GB - 4 GB)" + default: true + kubespawner_override: + cpu_limit: 2 + cpu_guarantee: 0.3 + mem_limit: 4G + mem_guarantee: 1G + node_selector: + node.kubernetes.io/instance-type: n1-standard-4 + - display_name: "Medium (4 GB - 8 GB)" + kubespawner_override: + cpu_limit: 2 + cpu_guarantee: 1 + mem_limit: 8G + mem_guarantee: 4G + node_selector: + node.kubernetes.io/instance-type: n1-standard-8 + - display_name: "Large (12 GB - 16 GB)" + kubespawner_override: + cpu_limit: 4 + cpu_guarantee: 1 + mem_limit: 16G + mem_guarantee: 12G + node_selector: + node.kubernetes.io/instance-type: n1-standard-16 + - display_name: "ML Image - Large (12 GB - 16 GB)" + description: "https://github.com/pangeo-data/pangeo-docker-images/tree/master/ml-notebook" + kubespawner_override: + image: "pangeo/ml-notebook:master" + cpu_limit: 2 + cpu_guarantee: 1 + mem_limit: 16G + mem_guarantee: 12G + node_selector: + node.kubernetes.io/instance-type: n1-standard-16 + initContainers: + # Need to explicitly fix ownership here, since EFS doesn't do anonuid + - name: volume-mount-ownership-fix + image: busybox + command: + [ + "sh", + "-c", + "id && chown 1000:1000 /home/jovyan && ls -lhd /home/jovyan", + ] + securityContext: + runAsUser: 0 + volumeMounts: + - name: home + mountPath: /home/jovyan + subPath: "{username}" +dask-gateway: + gateway: + backend: + scheduler: + cores: + request: 0.8 + limit: 1 + memory: + request: 1G + limit: 2G From f77376e26dcc746c252ae2f5aba51678323b6e03 Mon Sep 17 00:00:00 2001 From: Sarah Gibson Date: Tue, 8 Feb 2022 10:55:48 +0000 Subject: [PATCH 09/28] Update paths in the deployer to work with new folder structure --- deployer/__main__.py | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/deployer/__main__.py b/deployer/__main__.py index 9cc97b5c3e..79c25a02ba 100644 --- a/deployer/__main__.py +++ b/deployer/__main__.py @@ -32,7 +32,7 @@ def use_cluster_credentials(cluster_name): validate(cluster_name) config_file_path = Path(os.getcwd()).joinpath( - "config", "clusters", f"{cluster_name}.cluster.yaml" + "config", "clusters", cluster_name, "cluster.yaml" ) with open(config_file_path) as f: cluster = Cluster(yaml.load(f)) @@ -59,7 +59,7 @@ def deploy_support(cluster_name): validate(cluster_name) config_file_path = Path(os.getcwd()).joinpath( - "config", "clusters", cluster_name, f"{cluster_name}.cluster.yaml" + "config", "clusters", cluster_name, "cluster.yaml" ) with open(config_file_path) as f: cluster = Cluster(yaml.load(f)) @@ -82,7 +82,7 @@ def deploy_grafana_dashboards(cluster_name): validate(cluster_name) config_file_path = Path(os.getcwd()).joinpath( - "config", "clusters", cluster_name, f"{cluster_name}.cluster.yaml" + "config", "clusters", cluster_name, "cluster.yaml" ) with open(config_file_path) as f: cluster = Cluster(yaml.load(f)) @@ -205,7 +205,7 @@ def deploy(cluster_name, hub_name, skip_hub_health_test, config_path): SECRET_KEY = bytes.fromhex(config["secret_key"]) config_file_path = Path(os.getcwd()).joinpath( - "config", "clusters", cluster_name, f"{cluster_name}.cluster.yaml" + "config", "clusters", cluster_name, "cluster.yaml" ) with open(config_file_path) as f: cluster = Cluster(yaml.load(f)) @@ -227,7 +227,7 @@ def deploy(cluster_name, hub_name, skip_hub_health_test, config_path): def validate(cluster_name): cluster_dir = Path(os.getcwd()).joinpath("config", "clusters") schema_file = cluster_dir.joinpath("schema.yaml") - config_file = cluster_dir.joinpath(cluster_name, f"{cluster_name}.cluster.yaml") + config_file = cluster_dir.joinpath(cluster_name, "cluster.yaml") with open(config_file) as cf, open(schema_file) as sf: cluster_config = yaml.load(cf) schema = yaml.load(sf) From 5e7f9963762afe0be24729d0026a296e5dedea16 Mon Sep 17 00:00:00 2001 From: Sarah Gibson Date: Tue, 8 Feb 2022 14:05:57 +0000 Subject: [PATCH 10/28] First attempt to read in values files from a list --- deployer/hub.py | 16 ++++++++++------ 1 file changed, 10 insertions(+), 6 deletions(-) diff --git a/deployer/hub.py b/deployer/hub.py index 4f7c46393d..886690f2e2 100644 --- a/deployer/hub.py +++ b/deployer/hub.py @@ -533,6 +533,10 @@ def deploy(self, auth_provider, secret_key, skip_hub_health_test=False): """ Deploy this hub """ + # Find helm chart values files + cluster_dir = Path(os.getcwd()).joinpath("config", "clusters", self.cluster.spec["name"]) + values_files = [f"--values={cluster_dir.joinpath(values_file)}" for values_file in self.spec["helm_chart_values_files"]] + # Ensure helm charts are up to date os.chdir("helm-charts") subprocess.check_call(["helm", "dep", "up", "basehub"]) @@ -565,15 +569,11 @@ def deploy(self, auth_provider, secret_key, skip_hub_health_test=False): with tempfile.NamedTemporaryFile( mode="w" - ) as values_file, tempfile.NamedTemporaryFile( - mode="w" ) as generated_values_file, tempfile.NamedTemporaryFile( mode="w" ) as secret_values_file: - json.dump(self.spec["config"], values_file) json.dump(generated_values, generated_values_file) json.dump(secret_hub_config, secret_values_file) - values_file.flush() generated_values_file.flush() secret_values_file.flush() @@ -590,10 +590,14 @@ def deploy(self, auth_provider, secret_key, skip_hub_health_test=False): # priority over our generated values. Based on how helm does overrides, this means # we should put the config from config/clusters last. f"--values={generated_values_file.name}", - f"--values={values_file.name}", - f"--values={secret_values_file.name}", ] + # Add on the values files + cmd.extend(values_files) + + # Add on the secret file + cmd.append(f"--values={secret_values_file.name}") + print_colour(f"Running {' '.join(cmd)}") # Can't test without deploying, since our service token isn't set by default subprocess.check_call(cmd) From ad1cab5c9bcd5a969dd0c939a2c9b6e3850bcc52 Mon Sep 17 00:00:00 2001 From: "pre-commit-ci[bot]" <66853113+pre-commit-ci[bot]@users.noreply.github.com> Date: Tue, 8 Feb 2022 14:06:12 +0000 Subject: [PATCH 11/28] [pre-commit.ci] auto fixes from pre-commit.com hooks for more information, see https://pre-commit.ci --- deployer/hub.py | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/deployer/hub.py b/deployer/hub.py index 886690f2e2..174e959284 100644 --- a/deployer/hub.py +++ b/deployer/hub.py @@ -534,8 +534,13 @@ def deploy(self, auth_provider, secret_key, skip_hub_health_test=False): Deploy this hub """ # Find helm chart values files - cluster_dir = Path(os.getcwd()).joinpath("config", "clusters", self.cluster.spec["name"]) - values_files = [f"--values={cluster_dir.joinpath(values_file)}" for values_file in self.spec["helm_chart_values_files"]] + cluster_dir = Path(os.getcwd()).joinpath( + "config", "clusters", self.cluster.spec["name"] + ) + values_files = [ + f"--values={cluster_dir.joinpath(values_file)}" + for values_file in self.spec["helm_chart_values_files"] + ] # Ensure helm charts are up to date os.chdir("helm-charts") From a3e8b919730e690f8d74b50e11d96135b28819e6 Mon Sep 17 00:00:00 2001 From: Sarah Gibson Date: Tue, 8 Feb 2022 16:14:11 +0000 Subject: [PATCH 12/28] Update conf.py to work with new folder structure --- docs/conf.py | 24 ++++-------------------- 1 file changed, 4 insertions(+), 20 deletions(-) diff --git a/docs/conf.py b/docs/conf.py index 1a041ded82..3148663929 100644 --- a/docs/conf.py +++ b/docs/conf.py @@ -81,16 +81,9 @@ def setup(app): def render_hubs(): # Grab the latest list of clusters defined in infrastructure/ - clusters = Path("../config/clusters").glob("*") - # Add list of repos managed outside infrastructure - hub_list = [ - { - "name": "University of Toronto", - "domain": "jupyter.utoronto.ca", - "id": "utoronto", - "hub_type": "base-hub ([deployment repo](https://github.com/utoronto-2i2c/jupyterhub-deploy/))", - } - ] + clusters = Path("../config/clusters").glob("**/*cluster.yaml") + + hub_list = [] for cluster_info in clusters: if "schema" in cluster_info.name or "staff" in cluster_info.name: continue @@ -107,23 +100,14 @@ def render_hubs(): # For each hub in cluster, grab its metadata and add it to the list for hub in cluster["hubs"]: - config = hub["config"] - # Config is sometimes nested - if "basehub" in config: - hub_config = config["basehub"]["jupyterhub"] - else: - hub_config = config["jupyterhub"] # Domain can be a list if isinstance(hub["domain"], list): hub["domain"] = hub["domain"][0] hub_list.append( { - "name": hub_config["custom"]["homepage"]["templateVars"]["org"][ - "name" - ], - "domain": f"[{hub['domain']}](https://{hub['domain']})", "id": hub["name"], + "domain": f"[{hub['domain']}](https://{hub['domain']})", "hub_type": hub["helm_chart"], "grafana": grafana_url, } From 5d570fd84743925d9b604e2f92ad074b3fa22838 Mon Sep 17 00:00:00 2001 From: Sarah Gibson Date: Fri, 11 Feb 2022 10:31:28 +0000 Subject: [PATCH 13/28] Re-add hubs keys to pangeo-hubs/cluster.yaml --- config/clusters/pangeo-hubs/cluster.yaml | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/config/clusters/pangeo-hubs/cluster.yaml b/config/clusters/pangeo-hubs/cluster.yaml index a8d7133371..fbb13a752b 100644 --- a/config/clusters/pangeo-hubs/cluster.yaml +++ b/config/clusters/pangeo-hubs/cluster.yaml @@ -27,3 +27,19 @@ support: limits: cpu: 2 memory: 12Gi +hubs: + - name: staging + domain: staging.us-central1-b.gcp.pangeo.io + helm_chart: daskhub + auth0: + enabled: false + helm_chart_values_files: + - staging.values.yaml + - name: prod + domain: us-central1-b.gcp.pangeo.io + helm_chart: daskhub + auth0: + enabled: false + helm_chart_values_files: + - staging.values.yaml + - prod.values.yaml From 96f63c8b674ad7a34bdab300ecfbc9529157c605 Mon Sep 17 00:00:00 2001 From: Sarah Gibson Date: Fri, 11 Feb 2022 15:26:33 +0000 Subject: [PATCH 14/28] Separate out helm chart values for azure.carbonplan cluster --- .../azure.carbonplan.cluster.yaml | 216 ------------------ config/clusters/azure.carbonplan/cluster.yaml | 45 ++++ .../azure.carbonplan/staging.values.yaml | 173 ++++++++++++++ 3 files changed, 218 insertions(+), 216 deletions(-) delete mode 100644 config/clusters/azure.carbonplan/azure.carbonplan.cluster.yaml create mode 100644 config/clusters/azure.carbonplan/cluster.yaml create mode 100644 config/clusters/azure.carbonplan/staging.values.yaml diff --git a/config/clusters/azure.carbonplan/azure.carbonplan.cluster.yaml b/config/clusters/azure.carbonplan/azure.carbonplan.cluster.yaml deleted file mode 100644 index abbffe8f0c..0000000000 --- a/config/clusters/azure.carbonplan/azure.carbonplan.cluster.yaml +++ /dev/null @@ -1,216 +0,0 @@ -name: azure.carbonplan -provider: kubeconfig -kubeconfig: - file: secrets/azure.carbonplan.yaml -support: - config: - nvidiaDevicePlugin: - azure: - enabled: true - prometheus: - server: - resources: - requests: - cpu: 1 - memory: 4Gi - limits: - cpu: 4 - memory: 8Gi - grafana: - ingress: - hosts: - - grafana.azure.carbonplan.2i2c.cloud - tls: - - secretName: grafana-tls - hosts: - - grafana.azure.carbonplan.2i2c.cloud -hubs: - - name: staging - domain: staging.azure.carbonplan.2i2c.cloud - helm_chart: daskhub - auth0: - # connection update? Also ensure the basehub Helm chart is provided a - # matching value for jupyterhub.custom.2i2c.add_staff_user_ids_of_type! - connection: github - config: &carbonPlanHubConfig - basehub: - azureFile: - enabled: false - nfs: - enabled: true - pv: - # Recommended options from the Azure Portal UI for mounting the share - mountOptions: - - vers=4 - - minorversion=1 - - sec=sys - serverIP: 2i2ccarbonplanhubstorage.file.core.windows.net - # Trailing slash is important! - baseShareName: /2i2ccarbonplanhubstorage/homes/ - jupyterhub: - custom: - 2i2c: - add_staff_user_ids_to_admin_users: true - add_staff_user_ids_of_type: "github" - homepage: - templateVars: - org: - name: Carbon Plan - logo_url: https://pbs.twimg.com/profile_images/1262387945971101697/5q_X3Ruk_400x400.jpg - url: https://carbonplan.org - designed_by: - name: 2i2c - url: https://2i2c.org - operated_by: - name: 2i2c - url: https://2i2c.org - funded_by: - name: Carbon Plan - url: https://carbonplan.org - singleuser: - initContainers: - # Need to explicitly fix ownership here, since Azure File doesn't do anonuid - - name: volume-mount-ownership-fix - image: busybox - command: - [ - "sh", - "-c", - "id && chown 1000:1000 /home/jovyan && ls -lhd /home/jovyan", - ] - securityContext: - runAsUser: 0 - volumeMounts: - - name: home - mountPath: /home/jovyan - subPath: "{username}" - image: - name: carbonplan/cmip6-downscaling-single-user - tag: latest - profileList: - # The mem-guarantees are here so k8s doesn't schedule other pods - # on these nodes. - - display_name: "Small: E2s v4" - description: "~2 CPU, ~15G RAM" - kubespawner_override: - # Explicitly unset mem_limit, so it overrides the default memory limit we set in - # basehub/values.yaml - mem_limit: null - mem_guarantee: 12G - node_selector: - hub.jupyter.org/node-size: Standard_E2s_v4 - - display_name: "Medium: E4s v4" - description: "~4 CPU, ~30G RAM" - kubespawner_override: - mem_limit: null - mem_guarantee: 27G - node_selector: - hub.jupyter.org/node-size: Standard_E4s_v4 - - display_name: "Large: E8s v4" - description: "~8 CPU, ~60G RAM" - kubespawner_override: - mem_limit: null - mem_guarantee: 55G - node_selector: - hub.jupyter.org/node-size: Standard_E8s_v4 - - display_name: "Huge: E32s v4" - description: "~32 CPU, ~256G RAM" - kubespawner_override: - mem_limit: null - mem_guarantee: 235G - node_selector: - hub.jupyter.org/node-size: Standard_E32s_v4 - - display_name: "Very Huge: M64s v2" - description: "~64 CPU, ~1024G RAM" - kubespawner_override: - mem_limit: null - mem_guarantee: 950G - node_selector: - hub.jupyter.org/node-size: Standard_M64s_v2 - - display_name: "Very Very Huge: M128s v2" - description: "~128 CPU, ~2048G RAM" - kubespawner_override: - mem_limit: null - mem_guarantee: 1950G - node_selector: - hub.jupyter.org/node-size: Standard_M128s_v2 - - display_name: "GPU: NC24s v3" - description: "~24 CPU, ~90G RAM" - kubespawner_override: - image: "pangeo/ml-notebook:master" - mem_limit: null - mem_guarantee: 90G - environment: - { "NVIDIA_DRIVER_CAPABILITIES": "compute,utility" } - extra_resource_limits: - nvidia.com/gpu: "1" - node_selector: - hub.jupyter.org/node-size: Standard_NC24s_v3 - hub.jupyter.org/sku: gpu - scheduling: - userPlaceholder: - enabled: false - replicas: 0 - userScheduler: - enabled: false - proxy: - chp: - resources: - requests: - cpu: 0.5 - memory: 256Mi - limits: - cpu: 1 - memory: 4Gi - nodeSelector: {} - hub: - resources: - requests: - cpu: 0.5 - memory: 256Mi - limits: - cpu: 1 - memory: 4Gi - allowNamedServers: true - readinessProbe: - enabled: false - nodeSelector: {} - config: - Authenticator: - allowed_users: &users - - jhamman - - norlandrhagen - admin_users: *users - dask-gateway: - traefik: - resources: - requests: - cpu: 0.5 - memory: 512Mi - limits: - cpu: 2 - memory: 4Gi - controller: - resources: - requests: - cpu: 0.5 - memory: 512Mi - limits: - cpu: 2 - memory: 4Gi - gateway: - resources: - requests: - cpu: 0.5 - memory: 512Mi - limits: - cpu: 2 - memory: 4Gi - - name: prod - domain: prod.azure.carbonplan.2i2c.cloud - helm_chart: daskhub - auth0: - # connection update? Also ensure the basehub Helm chart is provided a - # matching value for jupyterhub.custom.2i2c.add_staff_user_ids_of_type! - connection: github - config: *carbonPlanHubConfig diff --git a/config/clusters/azure.carbonplan/cluster.yaml b/config/clusters/azure.carbonplan/cluster.yaml new file mode 100644 index 0000000000..99cb1eed61 --- /dev/null +++ b/config/clusters/azure.carbonplan/cluster.yaml @@ -0,0 +1,45 @@ +name: azure.carbonplan +provider: kubeconfig +kubeconfig: + file: secrets/azure.carbonplan.yaml +support: + config: + nvidiaDevicePlugin: + azure: + enabled: true + prometheus: + server: + resources: + requests: + cpu: 1 + memory: 4Gi + limits: + cpu: 4 + memory: 8Gi + grafana: + ingress: + hosts: + - grafana.azure.carbonplan.2i2c.cloud + tls: + - secretName: grafana-tls + hosts: + - grafana.azure.carbonplan.2i2c.cloud +hubs: + - name: staging + domain: staging.azure.carbonplan.2i2c.cloud + helm_chart: daskhub + auth0: + # connection update? Also ensure the basehub Helm chart is provided a + # matching value for jupyterhub.custom.2i2c.add_staff_user_ids_of_type! + connection: github + helm_chart_values_files: + - staging.values.yaml + - name: prod + domain: prod.azure.carbonplan.2i2c.cloud + helm_chart: daskhub + auth0: + # connection update? Also ensure the basehub Helm chart is provided a + # matching value for jupyterhub.custom.2i2c.add_staff_user_ids_of_type! + connection: github + helm_chart_values_files: + - staging.values.yaml diff --git a/config/clusters/azure.carbonplan/staging.values.yaml b/config/clusters/azure.carbonplan/staging.values.yaml new file mode 100644 index 0000000000..f598b1f85f --- /dev/null +++ b/config/clusters/azure.carbonplan/staging.values.yaml @@ -0,0 +1,173 @@ +basehub: + azureFile: + enabled: false + nfs: + enabled: true + pv: + # Recommended options from the Azure Portal UI for mounting the share + mountOptions: + - vers=4 + - minorversion=1 + - sec=sys + serverIP: 2i2ccarbonplanhubstorage.file.core.windows.net + # Trailing slash is important! + baseShareName: /2i2ccarbonplanhubstorage/homes/ + jupyterhub: + custom: + 2i2c: + add_staff_user_ids_to_admin_users: true + add_staff_user_ids_of_type: "github" + homepage: + templateVars: + org: + name: Carbon Plan + logo_url: https://pbs.twimg.com/profile_images/1262387945971101697/5q_X3Ruk_400x400.jpg + url: https://carbonplan.org + designed_by: + name: 2i2c + url: https://2i2c.org + operated_by: + name: 2i2c + url: https://2i2c.org + funded_by: + name: Carbon Plan + url: https://carbonplan.org + singleuser: + initContainers: + # Need to explicitly fix ownership here, since Azure File doesn't do anonuid + - name: volume-mount-ownership-fix + image: busybox + command: + [ + "sh", + "-c", + "id && chown 1000:1000 /home/jovyan && ls -lhd /home/jovyan", + ] + securityContext: + runAsUser: 0 + volumeMounts: + - name: home + mountPath: /home/jovyan + subPath: "{username}" + image: + name: carbonplan/cmip6-downscaling-single-user + tag: latest + profileList: + # The mem-guarantees are here so k8s doesn't schedule other pods + # on these nodes. + - display_name: "Small: E2s v4" + description: "~2 CPU, ~15G RAM" + kubespawner_override: + # Explicitly unset mem_limit, so it overrides the default memory limit we set in + # basehub/values.yaml + mem_limit: null + mem_guarantee: 12G + node_selector: + hub.jupyter.org/node-size: Standard_E2s_v4 + - display_name: "Medium: E4s v4" + description: "~4 CPU, ~30G RAM" + kubespawner_override: + mem_limit: null + mem_guarantee: 27G + node_selector: + hub.jupyter.org/node-size: Standard_E4s_v4 + - display_name: "Large: E8s v4" + description: "~8 CPU, ~60G RAM" + kubespawner_override: + mem_limit: null + mem_guarantee: 55G + node_selector: + hub.jupyter.org/node-size: Standard_E8s_v4 + - display_name: "Huge: E32s v4" + description: "~32 CPU, ~256G RAM" + kubespawner_override: + mem_limit: null + mem_guarantee: 235G + node_selector: + hub.jupyter.org/node-size: Standard_E32s_v4 + - display_name: "Very Huge: M64s v2" + description: "~64 CPU, ~1024G RAM" + kubespawner_override: + mem_limit: null + mem_guarantee: 950G + node_selector: + hub.jupyter.org/node-size: Standard_M64s_v2 + - display_name: "Very Very Huge: M128s v2" + description: "~128 CPU, ~2048G RAM" + kubespawner_override: + mem_limit: null + mem_guarantee: 1950G + node_selector: + hub.jupyter.org/node-size: Standard_M128s_v2 + - display_name: "GPU: NC24s v3" + description: "~24 CPU, ~90G RAM" + kubespawner_override: + image: "pangeo/ml-notebook:master" + mem_limit: null + mem_guarantee: 90G + environment: + { "NVIDIA_DRIVER_CAPABILITIES": "compute,utility" } + extra_resource_limits: + nvidia.com/gpu: "1" + node_selector: + hub.jupyter.org/node-size: Standard_NC24s_v3 + hub.jupyter.org/sku: gpu + scheduling: + userPlaceholder: + enabled: false + replicas: 0 + userScheduler: + enabled: false + proxy: + chp: + resources: + requests: + cpu: 0.5 + memory: 256Mi + limits: + cpu: 1 + memory: 4Gi + nodeSelector: {} + hub: + resources: + requests: + cpu: 0.5 + memory: 256Mi + limits: + cpu: 1 + memory: 4Gi + allowNamedServers: true + readinessProbe: + enabled: false + nodeSelector: {} + config: + Authenticator: + allowed_users: &users + - jhamman + - norlandrhagen + admin_users: *users +dask-gateway: + traefik: + resources: + requests: + cpu: 0.5 + memory: 512Mi + limits: + cpu: 2 + memory: 4Gi + controller: + resources: + requests: + cpu: 0.5 + memory: 512Mi + limits: + cpu: 2 + memory: 4Gi + gateway: + resources: + requests: + cpu: 0.5 + memory: 512Mi + limits: + cpu: 2 + memory: 4Gi From d3b0a0e9a89a0956556dc057d29b3bbf5175dbe3 Mon Sep 17 00:00:00 2001 From: Sarah Gibson Date: Fri, 11 Feb 2022 15:28:34 +0000 Subject: [PATCH 15/28] Restructure carbonplan config --- .../carbonplan/carbonplan.cluster.yaml | 223 ------------------ config/clusters/carbonplan/cluster.yaml | 50 ++++ .../clusters/carbonplan/staging.values.yaml | 175 ++++++++++++++ 3 files changed, 225 insertions(+), 223 deletions(-) delete mode 100644 config/clusters/carbonplan/carbonplan.cluster.yaml create mode 100644 config/clusters/carbonplan/cluster.yaml create mode 100644 config/clusters/carbonplan/staging.values.yaml diff --git a/config/clusters/carbonplan/carbonplan.cluster.yaml b/config/clusters/carbonplan/carbonplan.cluster.yaml deleted file mode 100644 index 7aee7690ff..0000000000 --- a/config/clusters/carbonplan/carbonplan.cluster.yaml +++ /dev/null @@ -1,223 +0,0 @@ -name: carbonplan -provider: aws -aws: - key: secrets/carbonplan.json - clusterType: eks - clusterName: carbonplanhub - region: us-west-2 -support: - config: - prometheus: - server: - resources: - requests: - cpu: 1 - memory: 4Gi - limits: - cpu: 4 - memory: 8Gi - cluster-autoscaler: - enabled: true - autoDiscovery: - clusterName: carbonplanhub - awsRegion: us-west-2 - grafana: - ingress: - hosts: - - grafana.carbonplan.2i2c.cloud - tls: - - secretName: grafana-tls - hosts: - - grafana.carbonplan.2i2c.cloud -hubs: - - name: staging - domain: staging.carbonplan.2i2c.cloud - helm_chart: daskhub - auth0: - # connection update? Also ensure the basehub Helm chart is provided a - # matching value for jupyterhub.custom.2i2c.add_staff_user_ids_of_type! - connection: github - config: &carbonPlanHubConfig - basehub: - nfs: - pv: - # from https://docs.aws.amazon.com/efs/latest/ug/mounting-fs-nfs-mount-settings.html - mountOptions: - - rsize=1048576 - - wsize=1048576 - - timeo=600 - - soft # We pick soft over hard, so NFS lockups don't lead to hung processes - - retrans=2 - - noresvport - serverIP: fs-8a4e4f8d.efs.us-west-2.amazonaws.com - baseShareName: / - jupyterhub: - custom: - 2i2c: - add_staff_user_ids_to_admin_users: true - add_staff_user_ids_of_type: "github" - homepage: - templateVars: - org: - name: Carbon Plan - logo_url: https://pbs.twimg.com/profile_images/1262387945971101697/5q_X3Ruk_400x400.jpg - url: https://carbonplan.org - designed_by: - name: 2i2c - url: https://2i2c.org - operated_by: - name: 2i2c - url: https://2i2c.org - funded_by: - name: Carbon Plan - url: https://carbonplan.org - singleuser: - serviceAccountName: cloud-user-sa - initContainers: - # Need to explicitly fix ownership here, since EFS doesn't do anonuid - - name: volume-mount-ownership-fix - image: busybox - command: - [ - "sh", - "-c", - "id && chown 1000:1000 /home/jovyan && ls -lhd /home/jovyan", - ] - securityContext: - runAsUser: 0 - volumeMounts: - - name: home - mountPath: /home/jovyan - subPath: "{username}" - image: - name: carbonplan/trace-python-notebook - tag: latest - profileList: - # The mem-guarantees are here so k8s doesn't schedule other pods - # on these nodes. - - display_name: "Small: r5.large" - description: "~2 CPU, ~15G RAM" - kubespawner_override: - # Expllicitly unset mem_limit, so it overrides the default memory limit we set in - # basehub/values.yaml - mem_limit: null - mem_guarantee: 12G - node_selector: - node.kubernetes.io/instance-type: r5.large - - display_name: "Medium: r5.xlarge" - description: "~4 CPU, ~30G RAM" - kubespawner_override: - mem_limit: null - mem_guarantee: 29G - node_selector: - node.kubernetes.io/instance-type: r5.xlarge - - display_name: "Large: r5.2xlarge" - description: "~8 CPU, ~60G RAM" - kubespawner_override: - mem_limit: null - mem_guarantee: 60G - node_selector: - node.kubernetes.io/instance-type: r5.2xlarge - - display_name: "Huge: r5.8xlarge" - description: "~32 CPU, ~256G RAM" - kubespawner_override: - mem_limit: null - mem_guarantee: 240G - node_selector: - node.kubernetes.io/instance-type: r5.8xlarge - - display_name: "Very Huge: x1.16xlarge" - description: "~64 CPU, ~976G RAM" - kubespawner_override: - mem_limit: null - mem_guarantee: 940G - node_selector: - node.kubernetes.io/instance-type: x1.16xlarge - - display_name: "Very Very Huge: x1.32xlarge" - description: "~128 CPU, ~1952G RAM" - kubespawner_override: - mem_limit: null - mem_guarantee: 1900G - node_selector: - node.kubernetes.io/instance-type: x1.32xlarge - scheduling: - userPlaceholder: - enabled: false - replicas: 0 - userScheduler: - enabled: false - proxy: - chp: - resources: - requests: - cpu: 0.5 - memory: 256Mi - limits: - cpu: 1 - memory: 4Gi - nodeSelector: {} - hub: - resources: - requests: - cpu: 0.5 - memory: 256Mi - limits: - cpu: 1 - memory: 4Gi - allowNamedServers: true - networkPolicy: - # FIXME: For dask gateway - enabled: false - readinessProbe: - enabled: false - nodeSelector: {} - config: - Authenticator: - allowed_users: &users - - jhamman - admin_users: *users - - dask-gateway: - traefik: - resources: - requests: - cpu: 0.5 - memory: 512Mi - limits: - cpu: 2 - memory: 4Gi - controller: - resources: - requests: - cpu: 0.5 - memory: 512Mi - limits: - cpu: 2 - memory: 4Gi - gateway: - backend: - scheduler: - extraPodConfig: - serviceAccountName: cloud-user-sa - worker: - extraPodConfig: - serviceAccountName: cloud-user-sa - resources: - requests: - cpu: 0.5 - memory: 512Mi - limits: - cpu: 2 - memory: 4Gi - # TODO: figure out a replacement for userLimits. - extraConfig: - idle: | - # timeout after 30 minutes of inactivity - c.KubeClusterConfig.idle_timeout = 1800 - - name: prod - domain: carbonplan.2i2c.cloud - helm_chart: daskhub - auth0: - # connection update? Also ensure the basehub Helm chart is provided a - # matching value for jupyterhub.custom.2i2c.add_staff_user_ids_of_type! - connection: github - config: *carbonPlanHubConfig diff --git a/config/clusters/carbonplan/cluster.yaml b/config/clusters/carbonplan/cluster.yaml new file mode 100644 index 0000000000..0c06da5482 --- /dev/null +++ b/config/clusters/carbonplan/cluster.yaml @@ -0,0 +1,50 @@ +name: carbonplan +provider: aws +aws: + key: secrets/carbonplan.json + clusterType: eks + clusterName: carbonplanhub + region: us-west-2 +support: + config: + prometheus: + server: + resources: + requests: + cpu: 1 + memory: 4Gi + limits: + cpu: 4 + memory: 8Gi + cluster-autoscaler: + enabled: true + autoDiscovery: + clusterName: carbonplanhub + awsRegion: us-west-2 + grafana: + ingress: + hosts: + - grafana.carbonplan.2i2c.cloud + tls: + - secretName: grafana-tls + hosts: + - grafana.carbonplan.2i2c.cloud +hubs: + - name: staging + domain: staging.carbonplan.2i2c.cloud + helm_chart: daskhub + auth0: + # connection update? Also ensure the basehub Helm chart is provided a + # matching value for jupyterhub.custom.2i2c.add_staff_user_ids_of_type! + connection: github + helm_chart_values_files: + - staging.values.yaml + - name: prod + domain: carbonplan.2i2c.cloud + helm_chart: daskhub + auth0: + # connection update? Also ensure the basehub Helm chart is provided a + # matching value for jupyterhub.custom.2i2c.add_staff_user_ids_of_type! + connection: github + helm_chart_values_files: + - staging.values.yaml diff --git a/config/clusters/carbonplan/staging.values.yaml b/config/clusters/carbonplan/staging.values.yaml new file mode 100644 index 0000000000..2659e8f0ca --- /dev/null +++ b/config/clusters/carbonplan/staging.values.yaml @@ -0,0 +1,175 @@ +basehub: + nfs: + pv: + # from https://docs.aws.amazon.com/efs/latest/ug/mounting-fs-nfs-mount-settings.html + mountOptions: + - rsize=1048576 + - wsize=1048576 + - timeo=600 + - soft # We pick soft over hard, so NFS lockups don't lead to hung processes + - retrans=2 + - noresvport + serverIP: fs-8a4e4f8d.efs.us-west-2.amazonaws.com + baseShareName: / + jupyterhub: + custom: + 2i2c: + add_staff_user_ids_to_admin_users: true + add_staff_user_ids_of_type: "github" + homepage: + templateVars: + org: + name: Carbon Plan + logo_url: https://pbs.twimg.com/profile_images/1262387945971101697/5q_X3Ruk_400x400.jpg + url: https://carbonplan.org + designed_by: + name: 2i2c + url: https://2i2c.org + operated_by: + name: 2i2c + url: https://2i2c.org + funded_by: + name: Carbon Plan + url: https://carbonplan.org + singleuser: + serviceAccountName: cloud-user-sa + initContainers: + # Need to explicitly fix ownership here, since EFS doesn't do anonuid + - name: volume-mount-ownership-fix + image: busybox + command: + [ + "sh", + "-c", + "id && chown 1000:1000 /home/jovyan && ls -lhd /home/jovyan", + ] + securityContext: + runAsUser: 0 + volumeMounts: + - name: home + mountPath: /home/jovyan + subPath: "{username}" + image: + name: carbonplan/trace-python-notebook + tag: latest + profileList: + # The mem-guarantees are here so k8s doesn't schedule other pods + # on these nodes. + - display_name: "Small: r5.large" + description: "~2 CPU, ~15G RAM" + kubespawner_override: + # Expllicitly unset mem_limit, so it overrides the default memory limit we set in + # basehub/values.yaml + mem_limit: null + mem_guarantee: 12G + node_selector: + node.kubernetes.io/instance-type: r5.large + - display_name: "Medium: r5.xlarge" + description: "~4 CPU, ~30G RAM" + kubespawner_override: + mem_limit: null + mem_guarantee: 29G + node_selector: + node.kubernetes.io/instance-type: r5.xlarge + - display_name: "Large: r5.2xlarge" + description: "~8 CPU, ~60G RAM" + kubespawner_override: + mem_limit: null + mem_guarantee: 60G + node_selector: + node.kubernetes.io/instance-type: r5.2xlarge + - display_name: "Huge: r5.8xlarge" + description: "~32 CPU, ~256G RAM" + kubespawner_override: + mem_limit: null + mem_guarantee: 240G + node_selector: + node.kubernetes.io/instance-type: r5.8xlarge + - display_name: "Very Huge: x1.16xlarge" + description: "~64 CPU, ~976G RAM" + kubespawner_override: + mem_limit: null + mem_guarantee: 940G + node_selector: + node.kubernetes.io/instance-type: x1.16xlarge + - display_name: "Very Very Huge: x1.32xlarge" + description: "~128 CPU, ~1952G RAM" + kubespawner_override: + mem_limit: null + mem_guarantee: 1900G + node_selector: + node.kubernetes.io/instance-type: x1.32xlarge + scheduling: + userPlaceholder: + enabled: false + replicas: 0 + userScheduler: + enabled: false + proxy: + chp: + resources: + requests: + cpu: 0.5 + memory: 256Mi + limits: + cpu: 1 + memory: 4Gi + nodeSelector: {} + hub: + resources: + requests: + cpu: 0.5 + memory: 256Mi + limits: + cpu: 1 + memory: 4Gi + allowNamedServers: true + networkPolicy: + # FIXME: For dask gateway + enabled: false + readinessProbe: + enabled: false + nodeSelector: {} + config: + Authenticator: + allowed_users: &users + - jhamman + admin_users: *users + +dask-gateway: + traefik: + resources: + requests: + cpu: 0.5 + memory: 512Mi + limits: + cpu: 2 + memory: 4Gi + controller: + resources: + requests: + cpu: 0.5 + memory: 512Mi + limits: + cpu: 2 + memory: 4Gi + gateway: + backend: + scheduler: + extraPodConfig: + serviceAccountName: cloud-user-sa + worker: + extraPodConfig: + serviceAccountName: cloud-user-sa + resources: + requests: + cpu: 0.5 + memory: 512Mi + limits: + cpu: 2 + memory: 4Gi + # TODO: figure out a replacement for userLimits. + extraConfig: + idle: | + # timeout after 30 minutes of inactivity + c.KubeClusterConfig.idle_timeout = 1800 From 50c9921d3dfe2e1f1f67f71ef192941f50a402ba Mon Sep 17 00:00:00 2001 From: Sarah Gibson Date: Fri, 11 Feb 2022 15:31:18 +0000 Subject: [PATCH 16/28] Restructure farallon config --- config/clusters/farallon/cluster.yaml | 27 +++ .../clusters/farallon/farallon.cluster.yaml | 167 ------------------ config/clusters/farallon/staging.values.yaml | 142 +++++++++++++++ 3 files changed, 169 insertions(+), 167 deletions(-) create mode 100644 config/clusters/farallon/cluster.yaml delete mode 100644 config/clusters/farallon/farallon.cluster.yaml create mode 100644 config/clusters/farallon/staging.values.yaml diff --git a/config/clusters/farallon/cluster.yaml b/config/clusters/farallon/cluster.yaml new file mode 100644 index 0000000000..c5288d0c5c --- /dev/null +++ b/config/clusters/farallon/cluster.yaml @@ -0,0 +1,27 @@ +name: farallon +provider: aws +aws: + key: secrets/farallon.json + clusterType: kops + clusterName: farallonhub.k8s.local + region: us-east-2 + stateStore: s3://2i2c-farallon-kops-state +hubs: + - name: staging + domain: staging.farallon.2i2c.cloud + helm_chart: daskhub + auth0: + # connection update? Also ensure the basehub Helm chart is provided a + # matching value for jupyterhub.custom.2i2c.add_staff_user_ids_of_type! + connection: github + helm_chart_values_files: + - staging.values.yaml + - name: prod + domain: farallon.2i2c.cloud + helm_chart: daskhub + auth0: + # connection update? Also ensure the basehub Helm chart is provided a + # matching value for jupyterhub.custom.2i2c.add_staff_user_ids_of_type! + connection: github + helm_chart_values_files: + - staging.values.yaml diff --git a/config/clusters/farallon/farallon.cluster.yaml b/config/clusters/farallon/farallon.cluster.yaml deleted file mode 100644 index a8c031941c..0000000000 --- a/config/clusters/farallon/farallon.cluster.yaml +++ /dev/null @@ -1,167 +0,0 @@ -name: farallon -provider: aws -aws: - key: secrets/farallon.json - clusterType: kops - clusterName: farallonhub.k8s.local - region: us-east-2 - stateStore: s3://2i2c-farallon-kops-state -hubs: - - name: staging - domain: staging.farallon.2i2c.cloud - helm_chart: daskhub - auth0: - # connection update? Also ensure the basehub Helm chart is provided a - # matching value for jupyterhub.custom.2i2c.add_staff_user_ids_of_type! - connection: github - config: &hubConfig - basehub: - nfs: - pv: - # from https://docs.aws.amazon.com/efs/latest/ug/mounting-fs-nfs-mount-settings.html - mountOptions: - - rsize=1048576 - - wsize=1048576 - - timeo=600 - - soft # We pick soft over hard, so NFS lockups don't lead to hung processes - - retrans=2 - - noresvport - serverIP: fs-cb9c65b0.efs.us-east-2.amazonaws.com - baseShareName: / - shareCreator: - tolerations: - - key: node-role.kubernetes.io/master - operator: "Exists" - effect: "NoSchedule" - jupyterhub: - custom: - 2i2c: - add_staff_user_ids_to_admin_users: true - add_staff_user_ids_of_type: "github" - homepage: - templateVars: - org: - name: Farallon Institute - logo_url: https://2i2c.org/media/logo.png - url: http://www.faralloninstitute.org/ - designed_by: - name: 2i2c - url: https://2i2c.org - operated_by: - name: 2i2c - url: https://2i2c.org - funded_by: - name: Farallon Institute - urL: http://www.faralloninstitute.org/ - singleuser: - initContainers: - # Need to explicitly fix ownership here, since EFS doesn't do anonuid - - name: volume-mount-ownership-fix - image: busybox - command: - [ - "sh", - "-c", - "id && chown 1000:1000 /home/jovyan && ls -lhd /home/jovyan", - ] - securityContext: - runAsUser: 0 - volumeMounts: - - name: home - mountPath: /home/jovyan - subPath: "{username}" - image: - name: 677861182063.dkr.ecr.us-east-2.amazonaws.com/2i2c-hub/user-image - tag: "5115e56" - profileList: - # The mem-guarantees are here so k8s doesn't schedule other pods - # on these nodes. - - display_name: "Default: m5.xlarge" - description: "~4CPUs & ~15GB RAM" - kubespawner_override: - # Expllicitly unset mem_limit, so it overrides the default memory limit we set in - # basehub/values.yaml - mem_limit: null - mem_guarantee: 14G - cpu_guarantee: 3 - node_selector: - node.kubernetes.io/instance-type: m5.xlarge - - display_name: "Default: m5.2xlarge" - description: "~8CPUs & ~30GB RAM" - kubespawner_override: - # Expllicitly unset mem_limit, so it overrides the default memory limit we set in - # basehub/values.yaml - mem_limit: null - mem_guarantee: 28G - cpu_guarantee: 7 - node_selector: - node.kubernetes.io/instance-type: m5.2xlarge - scheduling: - userPlaceholder: - enabled: false - replicas: 0 - userScheduler: - enabled: false - proxy: - service: - type: LoadBalancer - https: - enabled: true - chp: - nodeSelector: {} - tolerations: - - key: "node-role.kubernetes.io/master" - effect: "NoSchedule" - traefik: - nodeSelector: {} - tolerations: - - key: "node-role.kubernetes.io/master" - effect: "NoSchedule" - hub: - allowNamedServers: true - networkPolicy: - # FIXME: For dask gateway - enabled: false - readinessProbe: - enabled: false - nodeSelector: {} - config: - Authenticator: - allowed_users: &users - - caitlinkroeger - - cgentemann - - DaisyShi19 - - jeffdorman - - marisolgr - - trondkr - - zbird21 - admin_users: *users - tolerations: - - key: "node-role.kubernetes.io/master" - effect: "NoSchedule" - dask-gateway: - traefik: - tolerations: - - key: "node-role.kubernetes.io/master" - effect: "NoSchedule" - controller: - tolerations: - - key: "node-role.kubernetes.io/master" - effect: "NoSchedule" - gateway: - tolerations: - - key: "node-role.kubernetes.io/master" - effect: "NoSchedule" - # TODO: figure out a replacement for userLimits. - extraConfig: - idle: | - # timeout after 30 minutes of inactivity - c.KubeClusterConfig.idle_timeout = 1800 - - name: prod - domain: farallon.2i2c.cloud - helm_chart: daskhub - auth0: - # connection update? Also ensure the basehub Helm chart is provided a - # matching value for jupyterhub.custom.2i2c.add_staff_user_ids_of_type! - connection: github - config: *hubConfig diff --git a/config/clusters/farallon/staging.values.yaml b/config/clusters/farallon/staging.values.yaml new file mode 100644 index 0000000000..d1f07a81d1 --- /dev/null +++ b/config/clusters/farallon/staging.values.yaml @@ -0,0 +1,142 @@ +basehub: + nfs: + pv: + # from https://docs.aws.amazon.com/efs/latest/ug/mounting-fs-nfs-mount-settings.html + mountOptions: + - rsize=1048576 + - wsize=1048576 + - timeo=600 + - soft # We pick soft over hard, so NFS lockups don't lead to hung processes + - retrans=2 + - noresvport + serverIP: fs-cb9c65b0.efs.us-east-2.amazonaws.com + baseShareName: / + shareCreator: + tolerations: + - key: node-role.kubernetes.io/master + operator: "Exists" + effect: "NoSchedule" + jupyterhub: + custom: + 2i2c: + add_staff_user_ids_to_admin_users: true + add_staff_user_ids_of_type: "github" + homepage: + templateVars: + org: + name: Farallon Institute + logo_url: https://2i2c.org/media/logo.png + url: http://www.faralloninstitute.org/ + designed_by: + name: 2i2c + url: https://2i2c.org + operated_by: + name: 2i2c + url: https://2i2c.org + funded_by: + name: Farallon Institute + urL: http://www.faralloninstitute.org/ + singleuser: + initContainers: + # Need to explicitly fix ownership here, since EFS doesn't do anonuid + - name: volume-mount-ownership-fix + image: busybox + command: + [ + "sh", + "-c", + "id && chown 1000:1000 /home/jovyan && ls -lhd /home/jovyan", + ] + securityContext: + runAsUser: 0 + volumeMounts: + - name: home + mountPath: /home/jovyan + subPath: "{username}" + image: + name: 677861182063.dkr.ecr.us-east-2.amazonaws.com/2i2c-hub/user-image + tag: "5115e56" + profileList: + # The mem-guarantees are here so k8s doesn't schedule other pods + # on these nodes. + - display_name: "Default: m5.xlarge" + description: "~4CPUs & ~15GB RAM" + kubespawner_override: + # Expllicitly unset mem_limit, so it overrides the default memory limit we set in + # basehub/values.yaml + mem_limit: null + mem_guarantee: 14G + cpu_guarantee: 3 + node_selector: + node.kubernetes.io/instance-type: m5.xlarge + - display_name: "Default: m5.2xlarge" + description: "~8CPUs & ~30GB RAM" + kubespawner_override: + # Expllicitly unset mem_limit, so it overrides the default memory limit we set in + # basehub/values.yaml + mem_limit: null + mem_guarantee: 28G + cpu_guarantee: 7 + node_selector: + node.kubernetes.io/instance-type: m5.2xlarge + scheduling: + userPlaceholder: + enabled: false + replicas: 0 + userScheduler: + enabled: false + proxy: + service: + type: LoadBalancer + https: + enabled: true + chp: + nodeSelector: {} + tolerations: + - key: "node-role.kubernetes.io/master" + effect: "NoSchedule" + traefik: + nodeSelector: {} + tolerations: + - key: "node-role.kubernetes.io/master" + effect: "NoSchedule" + hub: + allowNamedServers: true + networkPolicy: + # FIXME: For dask gateway + enabled: false + readinessProbe: + enabled: false + nodeSelector: {} + config: + Authenticator: + allowed_users: &users + - caitlinkroeger + - cgentemann + - DaisyShi19 + - jeffdorman + - marisolgr + - trondkr + - zbird21 + admin_users: *users + tolerations: + - key: "node-role.kubernetes.io/master" + effect: "NoSchedule" +dask-gateway: + traefik: + tolerations: + - key: "node-role.kubernetes.io/master" + effect: "NoSchedule" + controller: + tolerations: + - key: "node-role.kubernetes.io/master" + effect: "NoSchedule" + gateway: + tolerations: + - key: "node-role.kubernetes.io/master" + effect: "NoSchedule" + # TODO: figure out a replacement for userLimits. + extraConfig: + idle: | + # timeout after 30 minutes of inactivity + c.KubeClusterConfig.idle_timeout = 1800 From 5091f94dda4f0b0fd6f36a5b5199abaeccab6f7f Mon Sep 17 00:00:00 2001 From: Sarah Gibson Date: Fri, 11 Feb 2022 15:33:16 +0000 Subject: [PATCH 17/28] Restructure justiceinnovationlab cluster --- .../justiceinnovationlab/cluster.yaml | 23 +++ .../justiceinnovationlab.cluster.yaml | 133 ------------------ .../justiceinnovationlab/staging.values.yaml | 112 +++++++++++++++ 3 files changed, 135 insertions(+), 133 deletions(-) create mode 100644 config/clusters/justiceinnovationlab/cluster.yaml delete mode 100644 config/clusters/justiceinnovationlab/justiceinnovationlab.cluster.yaml create mode 100644 config/clusters/justiceinnovationlab/staging.values.yaml diff --git a/config/clusters/justiceinnovationlab/cluster.yaml b/config/clusters/justiceinnovationlab/cluster.yaml new file mode 100644 index 0000000000..27311feb6b --- /dev/null +++ b/config/clusters/justiceinnovationlab/cluster.yaml @@ -0,0 +1,23 @@ +name: justiceinnovationlab +provider: kubeconfig +kubeconfig: + file: secrets/justiceinnovationlab.yaml +hubs: + - name: staging + domain: staging.justiceinnovationlab.2i2c.cloud + helm_chart: daskhub + auth0: + # connection update? Also ensure the basehub Helm chart is provided a + # matching value for jupyterhub.custom.2i2c.add_staff_user_ids_of_type! + connection: github + helm_chart_values_files: + - staging.values.yaml + - name: prod + domain: justiceinnovationlab.2i2c.cloud + helm_chart: daskhub + auth0: + # connection update? Also ensure the basehub Helm chart is provided a + # matching value for jupyterhub.custom.2i2c.add_staff_user_ids_of_type! + connection: github + helm_chart_values_files: + - staging.values.yaml diff --git a/config/clusters/justiceinnovationlab/justiceinnovationlab.cluster.yaml b/config/clusters/justiceinnovationlab/justiceinnovationlab.cluster.yaml deleted file mode 100644 index 1347d8a87f..0000000000 --- a/config/clusters/justiceinnovationlab/justiceinnovationlab.cluster.yaml +++ /dev/null @@ -1,133 +0,0 @@ -name: justiceinnovationlab -provider: kubeconfig -kubeconfig: - file: secrets/justiceinnovationlab.yaml -hubs: - - name: staging - domain: staging.justiceinnovationlab.2i2c.cloud - helm_chart: daskhub - auth0: - # connection update? Also ensure the basehub Helm chart is provided a - # matching value for jupyterhub.custom.2i2c.add_staff_user_ids_of_type! - connection: github - config: &hubConfig - scratchBucket: - enabled: false - basehub: - azureFile: - enabled: true - nfs: - enabled: false - shareCreator: - enabled: false - jupyterhub: - custom: - 2i2c: - add_staff_user_ids_to_admin_users: true - add_staff_user_ids_of_type: "github" - homepage: - templateVars: - org: - name: Justice Innovation Lab - logo_url: "https://images.squarespace-cdn.com/content/5ee35ddb35affc21b29c0fd6/1596634079158-KLDENW5BSW2HQW4ZO0EH/JIL-Logo-Digital.png?format=1500w&content-type=image%2Fpng" - url: https://www.justiceinnovationlab.org/ - designed_by: - name: 2i2c - url: https://2i2c.org - operated_by: - name: 2i2c - url: https://2i2c.org - funded_by: - name: Justice Innovation Lab - url: https://www.justiceinnovationlab.org/ - singleuser: - profileList: - # The mem-guarantees are here so k8s doesn't schedule other pods - # on these nodes. - - display_name: "Small" - description: "~4 CPU, ~16G RAM" - kubespawner_override: - # Expllicitly unset mem_limit, so it overrides the default memory limit we set in - # basehub/values.yaml - mem_limit: null - mem_guarantee: 12G - node_selector: - node.kubernetes.io/instance-type: Standard_E2s_v4 - - display_name: "Medium:" - description: "~4 CPU, ~32G RAM" - kubespawner_override: - mem_limit: null - mem_guarantee: 28G - node_selector: - node.kubernetes.io/instance-type: Standard_E4s_v4 - - display_name: "Large" - description: "~8 CPU, ~64G RAM" - kubespawner_override: - mem_limit: null - mem_guarantee: 59G - node_selector: - node.kubernetes.io/instance-type: Standard_E8s_v4 - - display_name: "Huge" - description: "~32 CPU, ~256G RAM" - kubespawner_override: - mem_limit: null - mem_guarantee: 230G - node_selector: - node.kubernetes.io/instance-type: Standard_E32s_v4 - defaultUrl: /lab - image: - name: quay.io/2i2c/justiceinnovationlab-image - tag: 37c73413ba42 - storage: - type: none - extraVolumes: - - name: home - persistentVolumeClaim: - claimName: home-azurefile - scheduling: - userPlaceholder: - enabled: false - replicas: 0 - userScheduler: - enabled: false - proxy: - service: - type: LoadBalancer - https: - enabled: true - hub: - allowNamedServers: true - config: - Authenticator: - # Only allow admin users + users added via the UI - admin_users: &users - - donaldbraman - - JILPulvino - allowed_users: *users - extraConfig: - 10-dynamic-subpath: | - import os - pod_namespace = os.environ['POD_NAMESPACE'] - # FIXME: This isn't setting up _shared dirs properly - c.KubeSpawner.volume_mounts = [ - { - "mountPath": "/home/jovyan", - "name": "home", - "subPath": f"{pod_namespace}/{{username}}" - }, - ] - - networkPolicy: - # FIXME: For dask gateway - enabled: false - readinessProbe: - enabled: false - nodeSelector: {} - - name: prod - domain: justiceinnovationlab.2i2c.cloud - helm_chart: daskhub - auth0: - # connection update? Also ensure the basehub Helm chart is provided a - # matching value for jupyterhub.custom.2i2c.add_staff_user_ids_of_type! - connection: github - config: *hubConfig diff --git a/config/clusters/justiceinnovationlab/staging.values.yaml b/config/clusters/justiceinnovationlab/staging.values.yaml new file mode 100644 index 0000000000..8bfb192e64 --- /dev/null +++ b/config/clusters/justiceinnovationlab/staging.values.yaml @@ -0,0 +1,112 @@ +scratchBucket: + enabled: false +basehub: + azureFile: + enabled: true + nfs: + enabled: false + shareCreator: + enabled: false + jupyterhub: + custom: + 2i2c: + add_staff_user_ids_to_admin_users: true + add_staff_user_ids_of_type: "github" + homepage: + templateVars: + org: + name: Justice Innovation Lab + logo_url: "https://images.squarespace-cdn.com/content/5ee35ddb35affc21b29c0fd6/1596634079158-KLDENW5BSW2HQW4ZO0EH/JIL-Logo-Digital.png?format=1500w&content-type=image%2Fpng" + url: https://www.justiceinnovationlab.org/ + designed_by: + name: 2i2c + url: https://2i2c.org + operated_by: + name: 2i2c + url: https://2i2c.org + funded_by: + name: Justice Innovation Lab + url: https://www.justiceinnovationlab.org/ + singleuser: + profileList: + # The mem-guarantees are here so k8s doesn't schedule other pods + # on these nodes. + - display_name: "Small" + description: "~4 CPU, ~16G RAM" + kubespawner_override: + # Expllicitly unset mem_limit, so it overrides the default memory limit we set in + # basehub/values.yaml + mem_limit: null + mem_guarantee: 12G + node_selector: + node.kubernetes.io/instance-type: Standard_E2s_v4 + - display_name: "Medium:" + description: "~4 CPU, ~32G RAM" + kubespawner_override: + mem_limit: null + mem_guarantee: 28G + node_selector: + node.kubernetes.io/instance-type: Standard_E4s_v4 + - display_name: "Large" + description: "~8 CPU, ~64G RAM" + kubespawner_override: + mem_limit: null + mem_guarantee: 59G + node_selector: + node.kubernetes.io/instance-type: Standard_E8s_v4 + - display_name: "Huge" + description: "~32 CPU, ~256G RAM" + kubespawner_override: + mem_limit: null + mem_guarantee: 230G + node_selector: + node.kubernetes.io/instance-type: Standard_E32s_v4 + defaultUrl: /lab + image: + name: quay.io/2i2c/justiceinnovationlab-image + tag: 37c73413ba42 + storage: + type: none + extraVolumes: + - name: home + persistentVolumeClaim: + claimName: home-azurefile + scheduling: + userPlaceholder: + enabled: false + replicas: 0 + userScheduler: + enabled: false + proxy: + service: + type: LoadBalancer + https: + enabled: true + hub: + allowNamedServers: true + config: + Authenticator: + # Only allow admin users + users added via the UI + admin_users: &users + - donaldbraman + - JILPulvino + allowed_users: *users + extraConfig: + 10-dynamic-subpath: | + import os + pod_namespace = os.environ['POD_NAMESPACE'] + # FIXME: This isn't setting up _shared dirs properly + c.KubeSpawner.volume_mounts = [ + { + "mountPath": "/home/jovyan", + "name": "home", + "subPath": f"{pod_namespace}/{{username}}" + }, + ] + + networkPolicy: + # FIXME: For dask gateway + enabled: false + readinessProbe: + enabled: false + nodeSelector: {} From 092568bf3bdaf8b924fc98c8f5fad3a68ca6267d Mon Sep 17 00:00:00 2001 From: Sarah Gibson Date: Fri, 11 Feb 2022 15:35:03 +0000 Subject: [PATCH 18/28] Restructure meom-ige cluster --- config/clusters/meom-ige/cluster.yaml | 26 +++ .../clusters/meom-ige/meom-ige.cluster.yaml | 148 ------------------ config/clusters/meom-ige/staging.values.yaml | 124 +++++++++++++++ 3 files changed, 150 insertions(+), 148 deletions(-) create mode 100644 config/clusters/meom-ige/cluster.yaml delete mode 100644 config/clusters/meom-ige/meom-ige.cluster.yaml create mode 100644 config/clusters/meom-ige/staging.values.yaml diff --git a/config/clusters/meom-ige/cluster.yaml b/config/clusters/meom-ige/cluster.yaml new file mode 100644 index 0000000000..846d1a43ea --- /dev/null +++ b/config/clusters/meom-ige/cluster.yaml @@ -0,0 +1,26 @@ +name: meom-ige +provider: gcp +gcp: + key: secrets/meom.json + project: meom-ige-cnrs + cluster: meom-ige-cluster + zone: us-central1-b +hubs: + - name: staging + domain: staging.meom-ige.2i2c.cloud + helm_chart: daskhub + auth0: + # connection update? Also ensure the basehub Helm chart is provided a + # matching value for jupyterhub.custom.2i2c.add_staff_user_ids_of_type! + connection: github + helm_chart_values_files: + - staging.values.yaml + - name: prod + domain: meom-ige.2i2c.cloud + helm_chart: daskhub + auth0: + # connection update? Also ensure the basehub Helm chart is provided a + # matching value for jupyterhub.custom.2i2c.add_staff_user_ids_of_type! + connection: github + helm_chart_values_files: + - staging.values.yaml diff --git a/config/clusters/meom-ige/meom-ige.cluster.yaml b/config/clusters/meom-ige/meom-ige.cluster.yaml deleted file mode 100644 index c3b9d78026..0000000000 --- a/config/clusters/meom-ige/meom-ige.cluster.yaml +++ /dev/null @@ -1,148 +0,0 @@ -name: meom-ige -provider: gcp -gcp: - key: secrets/meom.json - project: meom-ige-cnrs - cluster: meom-ige-cluster - zone: us-central1-b -hubs: - - name: staging - domain: staging.meom-ige.2i2c.cloud - helm_chart: daskhub - auth0: - # connection update? Also ensure the basehub Helm chart is provided a - # matching value for jupyterhub.custom.2i2c.add_staff_user_ids_of_type! - connection: github - config: &meomConfig - basehub: - nfs: - pv: - # from https://docs.aws.amazon.com/efs/latest/ug/mounting-fs-nfs-mount-settings.html - mountOptions: - - rsize=1048576 - - wsize=1048576 - - timeo=600 - - soft # We pick soft over hard, so NFS lockups don't lead to hung processes - - retrans=2 - - noresvport - serverIP: nfs-server-01 - baseShareName: /export/home-01/homes/ - jupyterhub: - custom: - 2i2c: - add_staff_user_ids_to_admin_users: true - add_staff_user_ids_of_type: "github" - homepage: - templateVars: - org: - name: "SWOT Ocean Pangeo Team" - logo_url: https://2i2c.org/media/logo.png - url: https://meom-group.github.io/ - designed_by: - name: 2i2c - url: https://2i2c.org - operated_by: - name: 2i2c - url: https://2i2c.org - funded_by: - name: SWOT Ocean Pangeo Team - url: https://meom-group.github.io/ - singleuser: - extraEnv: - DATA_BUCKET: gcs://meom-ige-data - SCRATCH_BUCKET: "gcs://meom-ige-scratch/$(JUPYTERHUB_USER)" - profileList: - # The mem-guarantees are here so k8s doesn't schedule other pods - # on these nodes. They need to be just under total allocatable - # RAM on a node, not total node capacity - - display_name: "Small" - description: "~2 CPU, ~8G RAM" - kubespawner_override: - mem_limit: 8G - mem_guarantee: 5G - node_selector: - node.kubernetes.io/instance-type: n1-standard-2 - - display_name: "Medium" - description: "~8 CPU, ~32G RAM" - kubespawner_override: - mem_limit: 32G - mem_guarantee: 25G - node_selector: - node.kubernetes.io/instance-type: n1-standard-8 - - display_name: "Large" - description: "~16 CPU, ~64G RAM" - kubespawner_override: - mem_limit: 64G - mem_guarantee: 50G - node_selector: - node.kubernetes.io/instance-type: n1-standard-16 - - display_name: "Very Large" - description: "~32 CPU, ~128G RAM" - kubespawner_override: - mem_limit: 128G - mem_guarantee: 100G - node_selector: - node.kubernetes.io/instance-type: n1-standard-32 - - display_name: "Huge" - description: "~64 CPU, ~256G RAM" - kubespawner_override: - mem_limit: 256G - mem_guarantee: 220G - node_selector: - node.kubernetes.io/instance-type: n1-standard-64 - defaultUrl: /lab - image: - name: pangeo/pangeo-notebook - tag: 2021.07.17 - scheduling: - userPlaceholder: - enabled: false - replicas: 0 - userScheduler: - enabled: false - proxy: - service: - type: LoadBalancer - https: - enabled: true - chp: - resources: - requests: - # FIXME: We want no guarantees here!!! - # This is lowest possible value - cpu: 0.01 - memory: 1Mi - hub: - resources: - requests: - # FIXME: We want no guarantees here!!! - # This is lowest possible value - cpu: 0.01 - memory: 1Mi - config: - Authenticator: - allowed_users: &users - - roxyboy - - lesommer - - auraoupa - admin_users: *users - - allowNamedServers: true - networkPolicy: - # FIXME: For dask gateway - enabled: false - readinessProbe: - enabled: false - dask-gateway: - extraConfig: - idle: | - # timeout after 30 minutes of inactivity - c.KubeClusterConfig.idle_timeout = 1800 - - name: prod - domain: meom-ige.2i2c.cloud - helm_chart: daskhub - auth0: - # connection update? Also ensure the basehub Helm chart is provided a - # matching value for jupyterhub.custom.2i2c.add_staff_user_ids_of_type! - connection: github - config: *meomConfig diff --git a/config/clusters/meom-ige/staging.values.yaml b/config/clusters/meom-ige/staging.values.yaml new file mode 100644 index 0000000000..ca3f4ce9c2 --- /dev/null +++ b/config/clusters/meom-ige/staging.values.yaml @@ -0,0 +1,124 @@ +basehub: + nfs: + pv: + # from https://docs.aws.amazon.com/efs/latest/ug/mounting-fs-nfs-mount-settings.html + mountOptions: + - rsize=1048576 + - wsize=1048576 + - timeo=600 + - soft # We pick soft over hard, so NFS lockups don't lead to hung processes + - retrans=2 + - noresvport + serverIP: nfs-server-01 + baseShareName: /export/home-01/homes/ + jupyterhub: + custom: + 2i2c: + add_staff_user_ids_to_admin_users: true + add_staff_user_ids_of_type: "github" + homepage: + templateVars: + org: + name: "SWOT Ocean Pangeo Team" + logo_url: https://2i2c.org/media/logo.png + url: https://meom-group.github.io/ + designed_by: + name: 2i2c + url: https://2i2c.org + operated_by: + name: 2i2c + url: https://2i2c.org + funded_by: + name: SWOT Ocean Pangeo Team + url: https://meom-group.github.io/ + singleuser: + extraEnv: + DATA_BUCKET: gcs://meom-ige-data + SCRATCH_BUCKET: "gcs://meom-ige-scratch/$(JUPYTERHUB_USER)" + profileList: + # The mem-guarantees are here so k8s doesn't schedule other pods + # on these nodes. They need to be just under total allocatable + # RAM on a node, not total node capacity + - display_name: "Small" + description: "~2 CPU, ~8G RAM" + kubespawner_override: + mem_limit: 8G + mem_guarantee: 5G + node_selector: + node.kubernetes.io/instance-type: n1-standard-2 + - display_name: "Medium" + description: "~8 CPU, ~32G RAM" + kubespawner_override: + mem_limit: 32G + mem_guarantee: 25G + node_selector: + node.kubernetes.io/instance-type: n1-standard-8 + - display_name: "Large" + description: "~16 CPU, ~64G RAM" + kubespawner_override: + mem_limit: 64G + mem_guarantee: 50G + node_selector: + node.kubernetes.io/instance-type: n1-standard-16 + - display_name: "Very Large" + description: "~32 CPU, ~128G RAM" + kubespawner_override: + mem_limit: 128G + mem_guarantee: 100G + node_selector: + node.kubernetes.io/instance-type: n1-standard-32 + - display_name: "Huge" + description: "~64 CPU, ~256G RAM" + kubespawner_override: + mem_limit: 256G + mem_guarantee: 220G + node_selector: + node.kubernetes.io/instance-type: n1-standard-64 + defaultUrl: /lab + image: + name: pangeo/pangeo-notebook + tag: 2021.07.17 + scheduling: + userPlaceholder: + enabled: false + replicas: 0 + userScheduler: + enabled: false + proxy: + service: + type: LoadBalancer + https: + enabled: true + chp: + resources: + requests: + # FIXME: We want no guarantees here!!! + # This is lowest possible value + cpu: 0.01 + memory: 1Mi + hub: + resources: + requests: + # FIXME: We want no guarantees here!!! + # This is lowest possible value + cpu: 0.01 + memory: 1Mi + config: + Authenticator: + allowed_users: &users + - roxyboy + - lesommer + - auraoupa + admin_users: *users + + allowNamedServers: true + networkPolicy: + # FIXME: For dask gateway + enabled: false + readinessProbe: + enabled: false +dask-gateway: + extraConfig: + idle: | + # timeout after 30 minutes of inactivity + c.KubeClusterConfig.idle_timeout = 1800 From 45e421ae10e4349c004893b9dcf5cd0967f8c4d0 Mon Sep 17 00:00:00 2001 From: "pre-commit-ci[bot]" <66853113+pre-commit-ci[bot]@users.noreply.github.com> Date: Fri, 11 Feb 2022 15:35:28 +0000 Subject: [PATCH 19/28] [pre-commit.ci] auto fixes from pre-commit.com hooks for more information, see https://pre-commit.ci --- config/clusters/azure.carbonplan/staging.values.yaml | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/config/clusters/azure.carbonplan/staging.values.yaml b/config/clusters/azure.carbonplan/staging.values.yaml index f598b1f85f..18971acf7e 100644 --- a/config/clusters/azure.carbonplan/staging.values.yaml +++ b/config/clusters/azure.carbonplan/staging.values.yaml @@ -105,8 +105,7 @@ basehub: image: "pangeo/ml-notebook:master" mem_limit: null mem_guarantee: 90G - environment: - { "NVIDIA_DRIVER_CAPABILITIES": "compute,utility" } + environment: { "NVIDIA_DRIVER_CAPABILITIES": "compute,utility" } extra_resource_limits: nvidia.com/gpu: "1" node_selector: From f77509c3cc11b835cf42cf9c0c4e758fe5ca44eb Mon Sep 17 00:00:00 2001 From: Sarah Gibson Date: Fri, 11 Feb 2022 15:37:52 +0000 Subject: [PATCH 20/28] Restructure openscapes cluster --- config/clusters/openscapes/cluster.yaml | 50 +++++ .../openscapes/openscapes.cluster.yaml | 175 ------------------ .../clusters/openscapes/staging.values.yaml | 127 +++++++++++++ 3 files changed, 177 insertions(+), 175 deletions(-) create mode 100644 config/clusters/openscapes/cluster.yaml delete mode 100644 config/clusters/openscapes/openscapes.cluster.yaml create mode 100644 config/clusters/openscapes/staging.values.yaml diff --git a/config/clusters/openscapes/cluster.yaml b/config/clusters/openscapes/cluster.yaml new file mode 100644 index 0000000000..764c297a2b --- /dev/null +++ b/config/clusters/openscapes/cluster.yaml @@ -0,0 +1,50 @@ +name: openscapes +provider: aws +aws: + key: secrets/openscapes.json + clusterType: eks + clusterName: openscapeshub + region: us-west-2 +support: + config: + prometheus: + server: + resources: + requests: + cpu: 1 + memory: 4Gi + limits: + cpu: 4 + memory: 8Gi + cluster-autoscaler: + enabled: true + autoDiscovery: + clusterName: openscapeshub + awsRegion: us-west-2 + grafana: + ingress: + hosts: + - grafana.openscapes.2i2c.cloud + tls: + - secretName: grafana-tls + hosts: + - grafana.openscapes.2i2c.cloud +hubs: + - name: staging + domain: staging.openscapes.2i2c.cloud + helm_chart: daskhub + auth0: + # connection update? Also ensure the basehub Helm chart is provided a + # matching value for jupyterhub.custom.2i2c.add_staff_user_ids_of_type! + connection: github + helm_chart_values_files: + - staging.values.yaml + - name: prod + domain: openscapes.2i2c.cloud + helm_chart: daskhub + auth0: + # connection update? Also ensure the basehub Helm chart is provided a + # matching value for jupyterhub.custom.2i2c.add_staff_user_ids_of_type! + connection: github + helm_chart_values_files: + - staging.values.yaml diff --git a/config/clusters/openscapes/openscapes.cluster.yaml b/config/clusters/openscapes/openscapes.cluster.yaml deleted file mode 100644 index af73d17129..0000000000 --- a/config/clusters/openscapes/openscapes.cluster.yaml +++ /dev/null @@ -1,175 +0,0 @@ -name: openscapes -provider: aws -aws: - key: secrets/openscapes.json - clusterType: eks - clusterName: openscapeshub - region: us-west-2 -support: - config: - prometheus: - server: - resources: - requests: - cpu: 1 - memory: 4Gi - limits: - cpu: 4 - memory: 8Gi - cluster-autoscaler: - enabled: true - autoDiscovery: - clusterName: openscapeshub - awsRegion: us-west-2 - grafana: - ingress: - hosts: - - grafana.openscapes.2i2c.cloud - tls: - - secretName: grafana-tls - hosts: - - grafana.openscapes.2i2c.cloud -hubs: - - name: staging - domain: staging.openscapes.2i2c.cloud - helm_chart: daskhub - auth0: - # connection update? Also ensure the basehub Helm chart is provided a - # matching value for jupyterhub.custom.2i2c.add_staff_user_ids_of_type! - connection: github - config: &openscapesHubConfig - scratchBucket: - enabled: false - basehub: - nfs: - pv: - # from https://docs.aws.amazon.com/efs/latest/ug/mounting-fs-nfs-mount-settings.html - mountOptions: - - rsize=1048576 - - wsize=1048576 - - timeo=600 - - soft # We pick soft over hard, so NFS lockups don't lead to hung processes - - retrans=2 - - noresvport - serverIP: fs-b25253b5.efs.us-west-2.amazonaws.com - baseShareName: / - jupyterhub: - custom: - 2i2c: - add_staff_user_ids_to_admin_users: true - add_staff_user_ids_of_type: "github" - homepage: - templateVars: - org: - name: Openscapes - logo_url: https://www.openscapes.org/img/logo.png - url: https://www.openscapes.org/ - designed_by: - name: 2i2c - url: https://2i2c.org - operated_by: - name: 2i2c - url: https://2i2c.org - funded_by: - name: Openscapes - url: https://www.openscapes.org/ - singleuser: - serviceAccountName: cloud-user-sa - defaultUrl: /lab - initContainers: - # Need to explicitly fix ownership here, since EFS doesn't do anonuid - - name: volume-mount-ownership-fix - image: busybox - command: - [ - "sh", - "-c", - "id && chown 1000:1000 /home/jovyan /home/jovyan/shared && ls -lhd /home/jovyan", - ] - securityContext: - runAsUser: 0 - volumeMounts: - - name: home - mountPath: /home/jovyan - subPath: "{username}" - - name: home - mountPath: /home/jovyan/shared - subPath: _shared - - image: - name: 783616723547.dkr.ecr.us-west-2.amazonaws.com/user-image - tag: "d78bb6c" - storage: - extraVolumeMounts: - - name: home - mountPath: /home/jovyan/shared - subPath: _shared - readOnly: false - profileList: - # The mem-guarantees are here so k8s doesn't schedule other pods - # on these nodes. - - display_name: "Small: m5.large" - description: "~2 CPU, ~8G RAM" - kubespawner_override: - # Expllicitly unset mem_limit, so it overrides the default memory limit we set in - # basehub/values.yaml - mem_limit: null - mem_guarantee: 6.5G - node_selector: - node.kubernetes.io/instance-type: m5.large - - display_name: "Medium: m5.xlarge" - description: "~4 CPU, ~15G RAM" - kubespawner_override: - mem_limit: null - mem_guarantee: 12G - node_selector: - node.kubernetes.io/instance-type: m5.xlarge - - display_name: "Large: m5.2xlarge" - description: "~8 CPU, ~30G RAM" - kubespawner_override: - mem_limit: null - mem_guarantee: 26G - node_selector: - node.kubernetes.io/instance-type: m5.2xlarge - - display_name: "Huge: m5.8xlarge" - description: "~32 CPU, ~128G RAM" - kubespawner_override: - mem_limit: null - mem_guarantee: 115G - node_selector: - node.kubernetes.io/instance-type: m5.8xlarge - scheduling: - userPlaceholder: - enabled: false - replicas: 0 - userScheduler: - enabled: false - hub: - allowNamedServers: true - networkPolicy: - # FIXME: For dask gateway - enabled: false - readinessProbe: - enabled: false - config: - Authenticator: - admin_users: &users - - amfriesz - - jules32 - - erinmr - - betolink - # Without this, any GitHub user can authenticate - allowed_users: *users - dask-gateway: - extraConfig: - idle: | - # timeout after 30 minutes of inactivity - c.KubeClusterConfig.idle_timeout = 1800 - - name: prod - domain: openscapes.2i2c.cloud - helm_chart: daskhub - auth0: - # connection update? Also ensure the basehub Helm chart is provided a - # matching value for jupyterhub.custom.2i2c.add_staff_user_ids_of_type! - connection: github - config: *openscapesHubConfig diff --git a/config/clusters/openscapes/staging.values.yaml b/config/clusters/openscapes/staging.values.yaml new file mode 100644 index 0000000000..05912e6c6b --- /dev/null +++ b/config/clusters/openscapes/staging.values.yaml @@ -0,0 +1,127 @@ +scratchBucket: + enabled: false +basehub: + nfs: + pv: + # from https://docs.aws.amazon.com/efs/latest/ug/mounting-fs-nfs-mount-settings.html + mountOptions: + - rsize=1048576 + - wsize=1048576 + - timeo=600 + - soft # We pick soft over hard, so NFS lockups don't lead to hung processes + - retrans=2 + - noresvport + serverIP: fs-b25253b5.efs.us-west-2.amazonaws.com + baseShareName: / + jupyterhub: + custom: + 2i2c: + add_staff_user_ids_to_admin_users: true + add_staff_user_ids_of_type: "github" + homepage: + templateVars: + org: + name: Openscapes + logo_url: https://www.openscapes.org/img/logo.png + url: https://www.openscapes.org/ + designed_by: + name: 2i2c + url: https://2i2c.org + operated_by: + name: 2i2c + url: https://2i2c.org + funded_by: + name: Openscapes + url: https://www.openscapes.org/ + singleuser: + serviceAccountName: cloud-user-sa + defaultUrl: /lab + initContainers: + # Need to explicitly fix ownership here, since EFS doesn't do anonuid + - name: volume-mount-ownership-fix + image: busybox + command: + [ + "sh", + "-c", + "id && chown 1000:1000 /home/jovyan /home/jovyan/shared && ls -lhd /home/jovyan", + ] + securityContext: + runAsUser: 0 + volumeMounts: + - name: home + mountPath: /home/jovyan + subPath: "{username}" + - name: home + mountPath: /home/jovyan/shared + subPath: _shared + + image: + name: 783616723547.dkr.ecr.us-west-2.amazonaws.com/user-image + tag: "d78bb6c" + storage: + extraVolumeMounts: + - name: home + mountPath: /home/jovyan/shared + subPath: _shared + readOnly: false + profileList: + # The mem-guarantees are here so k8s doesn't schedule other pods + # on these nodes. + - display_name: "Small: m5.large" + description: "~2 CPU, ~8G RAM" + kubespawner_override: + # Expllicitly unset mem_limit, so it overrides the default memory limit we set in + # basehub/values.yaml + mem_limit: null + mem_guarantee: 6.5G + node_selector: + node.kubernetes.io/instance-type: m5.large + - display_name: "Medium: m5.xlarge" + description: "~4 CPU, ~15G RAM" + kubespawner_override: + mem_limit: null + mem_guarantee: 12G + node_selector: + node.kubernetes.io/instance-type: m5.xlarge + - display_name: "Large: m5.2xlarge" + description: "~8 CPU, ~30G RAM" + kubespawner_override: + mem_limit: null + mem_guarantee: 26G + node_selector: + node.kubernetes.io/instance-type: m5.2xlarge + - display_name: "Huge: m5.8xlarge" + description: "~32 CPU, ~128G RAM" + kubespawner_override: + mem_limit: null + mem_guarantee: 115G + node_selector: + node.kubernetes.io/instance-type: m5.8xlarge + scheduling: + userPlaceholder: + enabled: false + replicas: 0 + userScheduler: + enabled: false + hub: + allowNamedServers: true + networkPolicy: + # FIXME: For dask gateway + enabled: false + readinessProbe: + enabled: false + config: + Authenticator: + admin_users: &users + - amfriesz + - jules32 + - erinmr + - betolink + # Without this, any GitHub user can authenticate + allowed_users: *users +dask-gateway: + extraConfig: + idle: | + # timeout after 30 minutes of inactivity + c.KubeClusterConfig.idle_timeout = 1800 From da6e1719110909740e2864f29aaa9da5adecadc0 Mon Sep 17 00:00:00 2001 From: Sarah Gibson Date: Fri, 11 Feb 2022 15:41:56 +0000 Subject: [PATCH 21/28] Refactor utoronto cluster --- config/clusters/utoronto/cluster.yaml | 36 ++++ config/clusters/utoronto/prod.values.yaml | 15 ++ config/clusters/utoronto/staging.values.yaml | 100 +++++++++++ .../clusters/utoronto/utoronto.cluster.yaml | 157 ------------------ 4 files changed, 151 insertions(+), 157 deletions(-) create mode 100644 config/clusters/utoronto/cluster.yaml create mode 100644 config/clusters/utoronto/prod.values.yaml create mode 100644 config/clusters/utoronto/staging.values.yaml delete mode 100644 config/clusters/utoronto/utoronto.cluster.yaml diff --git a/config/clusters/utoronto/cluster.yaml b/config/clusters/utoronto/cluster.yaml new file mode 100644 index 0000000000..00c25e559c --- /dev/null +++ b/config/clusters/utoronto/cluster.yaml @@ -0,0 +1,36 @@ +name: utoronto +provider: kubeconfig +kubeconfig: + file: secrets/utoronto.yaml +support: + config: + prometheus: + server: + resources: + requests: + cpu: 0.5 + memory: 4Gi + limits: + cpu: 2 + memory: 16Gi + grafana: + ingress: + hosts: + - grafana.utoronto.2i2c.cloud + tls: + - secretName: grafana-tls + hosts: + - grafana.utoronto.2i2c.cloud +hubs: + - name: staging + domain: staging.utoronto.2i2c.cloud + helm_chart: basehub + auth0: + enabled: false + config: + - name: prod + domain: jupyter.utoronto.ca + helm_chart: basehub + auth0: + enabled: false + config: diff --git a/config/clusters/utoronto/prod.values.yaml b/config/clusters/utoronto/prod.values.yaml new file mode 100644 index 0000000000..101a8b4987 --- /dev/null +++ b/config/clusters/utoronto/prod.values.yaml @@ -0,0 +1,15 @@ +jupyterhub: + hub: + db: + pvc: + # Default seems too slow for our database, causes very bad response times + storageClassName: managed-premium + # prod also stores logs, so let's make it big + storage: 10Gi + config: + AzureAdOAuthenticator: + username_claim: oid + login_service: "University of Toronto ID" + oauth_callback_url: https://jupyter.utoronto.ca/hub/oauth_callback + tenant_id: 78aac226-2f03-4b4d-9037-b46d56c55210 + logout_redirect_url: https://login.microsoftonline.com/common/oauth2/logout?post_logout_redirect_uri=https://jupyter.utoronto.ca diff --git a/config/clusters/utoronto/staging.values.yaml b/config/clusters/utoronto/staging.values.yaml new file mode 100644 index 0000000000..5546e56fb1 --- /dev/null +++ b/config/clusters/utoronto/staging.values.yaml @@ -0,0 +1,100 @@ +nfs: + enabled: true + pv: + # Recommended options from the Azure Portal UI for mounting the share + mountOptions: + - vers=4 + - minorversion=1 + - sec=sys + serverIP: 2i2cutorontohubstorage.file.core.windows.net + # Trailing slash is important! + baseShareName: /2i2cutorontohubstorage/homes/ +jupyterhub: + # pre-puller is necessary as the image is pretty big, and + # pulling during first user spawn might cause timeouts. + # Only required on staging hub though, as they share the same + # cluster, and staging is always deployed before prod + prePuller: + continuous: + enabled: true + hook: + enabled: true + custom: + homepage: + templateVars: + org: + name: University of Toronto + logo_url: https://raw.githubusercontent.com/utoronto-2i2c/homepage/master/extra-assets/images/home-hero.png + url: https://www.utoronto.ca/ + designed_by: + name: 2i2c + url: https://2i2c.org + operated_by: + name: 2i2c + url: https://2i2c.org + funded_by: + name: University of Toronto + url: https://www.utoronto.ca/ + announcements: + - | +
+

* NEW * Jupyter Support Website

+ + We have started a JupyterHub support website with documentation and tip sheets, and we will be adding more on an + ongoing basis. To reach the support site, please visit: https://act.utoronto.ca/jupyterhub-support/. +
+ singleuser: + extraFiles: + github-app-private-key.pem: + mountPath: /etc/github/github-app-private-key.pem + gitconfig: + mountPath: /etc/gitconfig + # app-id comes from https://github.com/organizations/utoronto-2i2c/settings/apps/utoronto-jupyterhub-private-cloner + stringData: | + [credential "https://github.com"] + helper = !git-credential-github-app --app-key-file /etc/github/github-app-private-key.pem --app-id 93515 + useHttpPath = true + initContainers: + # Need to explicitly fix ownership here, since Azure File doesn't do anonuid + - name: volume-mount-ownership-fix + image: busybox + command: + [ + "sh", + "-c", + "id && chown 1000:1000 /home/jovyan && ls -lhd /home/jovyan", + ] + securityContext: + runAsUser: 0 + volumeMounts: + - name: home + mountPath: /home/jovyan + subPath: "{username}" + image: + name: quay.io/2i2c/utoronto-image + tag: f3069be5964c + hub: + db: + pvc: + # Default seems too slow for our database, causes very bad response times + storageClassName: managed-premium + readinessProbe: + enabled: false + config: + Authenticator: + enable_auth_state: false + admin_users: + - 7c76d04b-2a80-4db1-b985-a2d2fa2f708c + - 09056164-42f5-4113-9fd7-dd852e63ff1d + - adb7ebad-9fb8-481a-bc2c-6c0a8b6de670 + JupyterHub: + authenticator_class: azuread + concurrent_spawn_limit: 100 + # We wanna keep logs long term, primarily for analytics + extra_log_file: /srv/jupyterhub/jupyterhub.log + AzureAdOAuthenticator: + username_claim: oid + login_service: "University of Toronto ID" + oauth_callback_url: https://staging.utoronto.2i2c.cloud/hub/oauth_callback + tenant_id: 78aac226-2f03-4b4d-9037-b46d56c55210 + logout_redirect_url: https://login.microsoftonline.com/common/oauth2/logout?post_logout_redirect_uri=https://staging.utoronto.2i2c.cloud diff --git a/config/clusters/utoronto/utoronto.cluster.yaml b/config/clusters/utoronto/utoronto.cluster.yaml deleted file mode 100644 index e11670da88..0000000000 --- a/config/clusters/utoronto/utoronto.cluster.yaml +++ /dev/null @@ -1,157 +0,0 @@ -name: utoronto -provider: kubeconfig -kubeconfig: - file: secrets/utoronto.yaml -support: - config: - prometheus: - server: - resources: - requests: - cpu: 0.5 - memory: 4Gi - limits: - cpu: 2 - memory: 16Gi - grafana: - ingress: - hosts: - - grafana.utoronto.2i2c.cloud - tls: - - secretName: grafana-tls - hosts: - - grafana.utoronto.2i2c.cloud -hubs: - - name: staging - domain: staging.utoronto.2i2c.cloud - helm_chart: basehub - auth0: - enabled: false - config: - nfs: &staging_nfs - enabled: true - pv: - # Recommended options from the Azure Portal UI for mounting the share - mountOptions: - - vers=4 - - minorversion=1 - - sec=sys - serverIP: 2i2cutorontohubstorage.file.core.windows.net - # Trailing slash is important! - baseShareName: /2i2cutorontohubstorage/homes/ - jupyterhub: - # pre-puller is necessary as the image is pretty big, and - # pulling during first user spawn might cause timeouts. - # Only required on staging hub though, as they share the same - # cluster, and staging is always deployed before prod - prePuller: - continuous: - enabled: true - hook: - enabled: true - custom: &staging_jhub_custom - homepage: - templateVars: - org: - name: University of Toronto - logo_url: https://raw.githubusercontent.com/utoronto-2i2c/homepage/master/extra-assets/images/home-hero.png - url: https://www.utoronto.ca/ - designed_by: - name: 2i2c - url: https://2i2c.org - operated_by: - name: 2i2c - url: https://2i2c.org - funded_by: - name: University of Toronto - url: https://www.utoronto.ca/ - announcements: - - | -
-

* NEW * Jupyter Support Website

- - We have started a JupyterHub support website with documentation and tip sheets, and we will be adding more on an - ongoing basis. To reach the support site, please visit: https://act.utoronto.ca/jupyterhub-support/. -
- singleuser: &staging_jhub_singleuser - extraFiles: - github-app-private-key.pem: - mountPath: /etc/github/github-app-private-key.pem - gitconfig: - mountPath: /etc/gitconfig - # app-id comes from https://github.com/organizations/utoronto-2i2c/settings/apps/utoronto-jupyterhub-private-cloner - stringData: | - [credential "https://github.com"] - helper = !git-credential-github-app --app-key-file /etc/github/github-app-private-key.pem --app-id 93515 - useHttpPath = true - initContainers: - # Need to explicitly fix ownership here, since Azure File doesn't do anonuid - - name: volume-mount-ownership-fix - image: busybox - command: - [ - "sh", - "-c", - "id && chown 1000:1000 /home/jovyan && ls -lhd /home/jovyan", - ] - securityContext: - runAsUser: 0 - volumeMounts: - - name: home - mountPath: /home/jovyan - subPath: "{username}" - image: - name: quay.io/2i2c/utoronto-image - tag: f3069be5964c - hub: - db: - pvc: - # Default seems too slow for our database, causes very bad response times - storageClassName: managed-premium - readinessProbe: &staging_jhub_redinessProbe - enabled: false - config: - Authenticator: &staging_jhub_authenticator - enable_auth_state: false - admin_users: - - 7c76d04b-2a80-4db1-b985-a2d2fa2f708c - - 09056164-42f5-4113-9fd7-dd852e63ff1d - - adb7ebad-9fb8-481a-bc2c-6c0a8b6de670 - JupyterHub: &staging_jhub_jupyterhub - authenticator_class: azuread - concurrent_spawn_limit: 100 - # We wanna keep logs long term, primarily for analytics - extra_log_file: /srv/jupyterhub/jupyterhub.log - AzureAdOAuthenticator: - username_claim: oid - login_service: "University of Toronto ID" - oauth_callback_url: https://staging.utoronto.2i2c.cloud/hub/oauth_callback - tenant_id: 78aac226-2f03-4b4d-9037-b46d56c55210 - logout_redirect_url: https://login.microsoftonline.com/common/oauth2/logout?post_logout_redirect_uri=https://staging.utoronto.2i2c.cloud - - name: prod - domain: jupyter.utoronto.ca - helm_chart: basehub - auth0: - enabled: false - config: - nfs: *staging_nfs - jupyterhub: - custom: *staging_jhub_custom - singleuser: *staging_jhub_singleuser - hub: - db: - pvc: - # Default seems too slow for our database, causes very bad response times - storageClassName: managed-premium - # prod also stores logs, so let's make it big - storage: 10Gi - readinessProbe: *staging_jhub_redinessProbe - config: - Authenticator: *staging_jhub_authenticator - JupyterHub: *staging_jhub_jupyterhub - AzureAdOAuthenticator: - username_claim: oid - login_service: "University of Toronto ID" - oauth_callback_url: https://jupyter.utoronto.ca/hub/oauth_callback - tenant_id: 78aac226-2f03-4b4d-9037-b46d56c55210 - logout_redirect_url: https://login.microsoftonline.com/common/oauth2/logout?post_logout_redirect_uri=https://jupyter.utoronto.ca From 6016595652833b40c322ec7685b36a8ac40f2f90 Mon Sep 17 00:00:00 2001 From: Sarah Gibson Date: Fri, 11 Feb 2022 15:43:46 +0000 Subject: [PATCH 22/28] Add helm_chart_values_files to utoronto/cluster.yaml --- config/clusters/utoronto/cluster.yaml | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/config/clusters/utoronto/cluster.yaml b/config/clusters/utoronto/cluster.yaml index 00c25e559c..0aba5bc304 100644 --- a/config/clusters/utoronto/cluster.yaml +++ b/config/clusters/utoronto/cluster.yaml @@ -27,10 +27,13 @@ hubs: helm_chart: basehub auth0: enabled: false - config: + helm_chart_values_files: + - staging.values.yaml - name: prod domain: jupyter.utoronto.ca helm_chart: basehub auth0: enabled: false - config: + helm_chart_values_files: + - staging.values.yaml + - prod.values.yaml From 04d9e1e10e8ada985ed5aaf7e5f9256702eb95b2 Mon Sep 17 00:00:00 2001 From: Sarah Gibson Date: Fri, 11 Feb 2022 15:50:07 +0000 Subject: [PATCH 23/28] Refactor uwhackweeks structure --- config/clusters/uwhackweeks/cluster.yaml | 51 +++++ config/clusters/uwhackweeks/prod.values.yaml | 6 + .../clusters/uwhackweeks/staging.values.yaml | 135 +++++++++++++ .../uwhackweeks/uwhackweeks.cluster.yaml | 182 ------------------ .../config/clusters/uwhackweeks.cluster.yaml | 24 ++- 5 files changed, 203 insertions(+), 195 deletions(-) create mode 100644 config/clusters/uwhackweeks/cluster.yaml create mode 100644 config/clusters/uwhackweeks/prod.values.yaml create mode 100644 config/clusters/uwhackweeks/staging.values.yaml delete mode 100644 config/clusters/uwhackweeks/uwhackweeks.cluster.yaml diff --git a/config/clusters/uwhackweeks/cluster.yaml b/config/clusters/uwhackweeks/cluster.yaml new file mode 100644 index 0000000000..cc3f642c00 --- /dev/null +++ b/config/clusters/uwhackweeks/cluster.yaml @@ -0,0 +1,51 @@ +name: uwhackweeks +provider: aws +aws: + key: secrets/uwhackweeks.json + clusterType: eks + clusterName: uwhackweeks + region: us-west-2 +support: + config: + prometheus: + server: + resources: + requests: + cpu: 1 + memory: 4Gi + limits: + cpu: 4 + memory: 8Gi + cluster-autoscaler: + enabled: true + autoDiscovery: + clusterName: uwhackweeks + awsRegion: us-west-2 + grafana: + ingress: + hosts: + - grafana.uwhackweeks.2i2c.cloud + tls: + - secretName: grafana-tls + hosts: + - grafana.uwhackweeks.2i2c.cloud +hubs: + - name: staging + domain: staging.uwhackweeks.2i2c.cloud + helm_chart: daskhub + auth0: + # connection update? Also ensure the basehub Helm chart is provided a + # matching value for jupyterhub.custom.2i2c.add_staff_user_ids_of_type! + connection: github + helm_chart_values_files: + - staging.values.yaml + - name: prod + domain: uwhackweeks.2i2c.cloud + helm_chart: daskhub + auth0: + # connection update? Also ensure the basehub Helm chart is provided a + # matching value for jupyterhub.custom.2i2c.add_staff_user_ids_of_type! + connection: github + helm_chart_values_files: + - staging.values.yaml + - prod.values.yaml diff --git a/config/clusters/uwhackweeks/prod.values.yaml b/config/clusters/uwhackweeks/prod.values.yaml new file mode 100644 index 0000000000..635cd6d3d5 --- /dev/null +++ b/config/clusters/uwhackweeks/prod.values.yaml @@ -0,0 +1,6 @@ +basehub: + jupyterhub: + hub: + config: + GitHubOAuthenticator: + oauth_callback_url: https://uwhackweeks.2i2c.cloud/hub/oauth_callback diff --git a/config/clusters/uwhackweeks/staging.values.yaml b/config/clusters/uwhackweeks/staging.values.yaml new file mode 100644 index 0000000000..50e1ddc007 --- /dev/null +++ b/config/clusters/uwhackweeks/staging.values.yaml @@ -0,0 +1,135 @@ +scratchBucket: + enabled: false +basehub: + nfs: + pv: + # from https://docs.aws.amazon.com/efs/latest/ug/mounting-fs-nfs-mount-settings.html + mountOptions: + - rsize=1048576 + - wsize=1048576 + - timeo=600 + - soft # We pick soft over hard, so NFS lockups don't lead to hung processes + - retrans=2 + - noresvport + serverIP: fs-0b36aa23f1d92e4da.efs.us-west-2.amazonaws.com + baseShareName: / + jupyterhub: + custom: + 2i2c: + add_staff_user_ids_to_admin_users: true + add_staff_user_ids_of_type: "github" + homepage: + templateVars: + org: + name: ICESat Hackweek + logo_url: https://icesat-2hackweek.github.io/assets/images/ICESat2.png + url: https://icesat-2hackweek.github.io + designed_by: + name: 2i2c + url: https://2i2c.org + operated_by: + name: 2i2c + url: https://2i2c.org + funded_by: + name: + url: https://www.openscapes.org/ + singleuser: + serviceAccountName: cloud-user-sa + defaultUrl: /lab + initContainers: + # Need to explicitly fix ownership here, since EFS doesn't do anonuid + - name: volume-mount-ownership-fix + image: busybox + command: + [ + "sh", + "-c", + "id && chown 1000:1000 /home/jovyan /home/jovyan/shared && ls -lhd /home/jovyan", + ] + securityContext: + runAsUser: 0 + volumeMounts: + - name: home + mountPath: /home/jovyan + subPath: "{username}" + - name: home + mountPath: /home/jovyan/shared + subPath: _shared + image: + name: quay.io/uwhackweek/icesat2 + tag: "2022.02.03" + storage: + extraVolumeMounts: + - name: home + mountPath: /home/jovyan/shared + subPath: _shared + readOnly: false + profileList: + # The mem-guarantees are here so k8s doesn't schedule other pods + # on these nodes. + - display_name: "Small: m5.large" + description: "~2 CPU, ~8G RAM" + kubespawner_override: + # Expllicitly unset mem_limit, so it overrides the default memory limit we set in + # basehub/values.yaml + mem_limit: null + mem_guarantee: 6.5G + node_selector: + node.kubernetes.io/instance-type: m5.large + - display_name: "Medium: m5.xlarge" + description: "~4 CPU, ~15G RAM" + kubespawner_override: + mem_limit: null + mem_guarantee: 12G + node_selector: + node.kubernetes.io/instance-type: m5.xlarge + - display_name: "Large: m5.2xlarge" + description: "~8 CPU, ~30G RAM" + kubespawner_override: + mem_limit: null + mem_guarantee: 26G + node_selector: + node.kubernetes.io/instance-type: m5.2xlarge + - display_name: "Huge: m5.8xlarge" + description: "~32 CPU, ~128G RAM" + kubespawner_override: + mem_limit: null + mem_guarantee: 115G + node_selector: + node.kubernetes.io/instance-type: m5.8xlarge + scheduling: + userPlaceholder: + enabled: false + replicas: 0 + userScheduler: + enabled: false + hub: + allowNamedServers: true + networkPolicy: + # FIXME: For dask gateway + enabled: false + readinessProbe: + enabled: false + config: + JupyterHub: + authenticator_class: github + GitHubOAuthenticator: + oauth_callback_url: https://staging.uwhackweeks.2i2c.cloud/hub/oauth_callback + allowed_organizations: + - 2i2c-org + - ICESAT-2HackWeek:jupyterhub-2022 + scope: + - read:user + - read:org + Authenticator: + # This hub uses GitHub Orgs/Teams auth and so we do not set + # allowed_users in order to not deny access to valid members of + # the listed Orgs/Teams. The following people should have admin + # access though. + admin_users: + - scottyhq +dask-gateway: + extraConfig: + idle: | + # timeout after 30 minutes of inactivity + c.KubeClusterConfig.idle_timeout = 1800 diff --git a/config/clusters/uwhackweeks/uwhackweeks.cluster.yaml b/config/clusters/uwhackweeks/uwhackweeks.cluster.yaml deleted file mode 100644 index 0892a02ba4..0000000000 --- a/config/clusters/uwhackweeks/uwhackweeks.cluster.yaml +++ /dev/null @@ -1,182 +0,0 @@ -name: uwhackweeks -provider: aws -aws: - key: secrets/uwhackweeks.json - clusterType: eks - clusterName: uwhackweeks - region: us-west-2 -support: - config: - prometheus: - server: - resources: - requests: - cpu: 1 - memory: 4Gi - limits: - cpu: 4 - memory: 8Gi - cluster-autoscaler: - enabled: true - autoDiscovery: - clusterName: uwhackweeks - awsRegion: us-west-2 - grafana: - ingress: - hosts: - - grafana.uwhackweeks.2i2c.cloud - tls: - - secretName: grafana-tls - hosts: - - grafana.uwhackweeks.2i2c.cloud -hubs: - - name: staging - domain: staging.uwhackweeks.2i2c.cloud - helm_chart: daskhub - auth0: - # connection update? Also ensure the basehub Helm chart is provided a - # matching value for jupyterhub.custom.2i2c.add_staff_user_ids_of_type! - connection: github - config: &uwhackweeksConfig - scratchBucket: - enabled: false - basehub: - nfs: - pv: - # from https://docs.aws.amazon.com/efs/latest/ug/mounting-fs-nfs-mount-settings.html - mountOptions: - - rsize=1048576 - - wsize=1048576 - - timeo=600 - - soft # We pick soft over hard, so NFS lockups don't lead to hung processes - - retrans=2 - - noresvport - serverIP: fs-0b36aa23f1d92e4da.efs.us-west-2.amazonaws.com - baseShareName: / - jupyterhub: - custom: - 2i2c: - add_staff_user_ids_to_admin_users: true - add_staff_user_ids_of_type: "github" - homepage: - templateVars: - org: - name: ICESat Hackweek - logo_url: https://icesat-2hackweek.github.io/assets/images/ICESat2.png - url: https://icesat-2hackweek.github.io - designed_by: - name: 2i2c - url: https://2i2c.org - operated_by: - name: 2i2c - url: https://2i2c.org - funded_by: - name: - url: https://www.openscapes.org/ - singleuser: - serviceAccountName: cloud-user-sa - defaultUrl: /lab - initContainers: - # Need to explicitly fix ownership here, since EFS doesn't do anonuid - - name: volume-mount-ownership-fix - image: busybox - command: - [ - "sh", - "-c", - "id && chown 1000:1000 /home/jovyan /home/jovyan/shared && ls -lhd /home/jovyan", - ] - securityContext: - runAsUser: 0 - volumeMounts: - - name: home - mountPath: /home/jovyan - subPath: "{username}" - - name: home - mountPath: /home/jovyan/shared - subPath: _shared - image: - name: quay.io/uwhackweek/icesat2 - tag: "2022.02.03" - storage: - extraVolumeMounts: - - name: home - mountPath: /home/jovyan/shared - subPath: _shared - readOnly: false - profileList: - # The mem-guarantees are here so k8s doesn't schedule other pods - # on these nodes. - - display_name: "Small: m5.large" - description: "~2 CPU, ~8G RAM" - kubespawner_override: - # Expllicitly unset mem_limit, so it overrides the default memory limit we set in - # basehub/values.yaml - mem_limit: null - mem_guarantee: 6.5G - node_selector: - node.kubernetes.io/instance-type: m5.large - - display_name: "Medium: m5.xlarge" - description: "~4 CPU, ~15G RAM" - kubespawner_override: - mem_limit: null - mem_guarantee: 12G - node_selector: - node.kubernetes.io/instance-type: m5.xlarge - - display_name: "Large: m5.2xlarge" - description: "~8 CPU, ~30G RAM" - kubespawner_override: - mem_limit: null - mem_guarantee: 26G - node_selector: - node.kubernetes.io/instance-type: m5.2xlarge - - display_name: "Huge: m5.8xlarge" - description: "~32 CPU, ~128G RAM" - kubespawner_override: - mem_limit: null - mem_guarantee: 115G - node_selector: - node.kubernetes.io/instance-type: m5.8xlarge - scheduling: - userPlaceholder: - enabled: false - replicas: 0 - userScheduler: - enabled: false - hub: - allowNamedServers: true - networkPolicy: - # FIXME: For dask gateway - enabled: false - readinessProbe: - enabled: false - config: - JupyterHub: - authenticator_class: github - GitHubOAuthenticator: - allowed_organizations: - - 2i2c-org - - ICESAT-2HackWeek:jupyterhub-2022 - scope: - - read:user - - read:org - Authenticator: - # This hub uses GitHub Orgs/Teams auth and so we do not set - # allowed_users in order to not deny access to valid members of - # the listed Orgs/Teams. The following people should have admin - # access though. - admin_users: - - scottyhq - dask-gateway: - extraConfig: - idle: | - # timeout after 30 minutes of inactivity - c.KubeClusterConfig.idle_timeout = 1800 - - name: prod - domain: uwhackweeks.2i2c.cloud - helm_chart: daskhub - auth0: - # connection update? Also ensure the basehub Helm chart is provided a - # matching value for jupyterhub.custom.2i2c.add_staff_user_ids_of_type! - connection: github - config: *uwhackweeksConfig diff --git a/secrets/config/clusters/uwhackweeks.cluster.yaml b/secrets/config/clusters/uwhackweeks.cluster.yaml index 72525e713a..2c868d0b13 100644 --- a/secrets/config/clusters/uwhackweeks.cluster.yaml +++ b/secrets/config/clusters/uwhackweeks.cluster.yaml @@ -1,36 +1,34 @@ -grafana_token: ENC[AES256_GCM,data:MbF6Wn7IJbbCjAraido0fWV8035wzNoslDzPyfju6kax69wfZYZZHNC6btqbF8Zloqo0kNZOjhxlSjtcI3qdgMuGFNXY4diIUHLguhTN0qrIok0F,iv:LqkWTZGgwBETfb35BSEroREtssCaitFqPR+jRLdzW6g=,tag:4u3G0CTQzeekaDsDI6BDZQ==,type:str] +grafana_token: ENC[AES256_GCM,data:txwzDKVhrhxn01yVOMnvWWFP+7cSD6S790Y4dwrisenaKmaO9d690/ve9no/WZVTx9n2az3ZnyiWJ+L6zqt1fJNHMYY8/Wxsn1PCn1jssAGjAAe2,iv:I0Prnq5nMPvymUPv3c7galJ0q/mHeey+Q0QXawoWhMY=,tag:zySLCko+7QZq9vOBkF3Q7g==,type:str] hubs: - - name: ENC[AES256_GCM,data:z9O9eYfl+g==,iv:wIvhKgrB+yi8f2aUnWFYbiOlWZ1cbkcZZL4zG12Vd1c=,tag:NemRl/Gqc2n2hlr9gzCI0A==,type:str] + - name: ENC[AES256_GCM,data:d1rC8AnDew==,iv:A32IOaglfzNeKqzp1GblWYyX4g2aCvWUsb6wjv6W3GQ=,tag:mYpef5Q/BfsuT/MVT95zxQ==,type:str] config: basehub: jupyterhub: hub: config: GitHubOAuthenticator: - oauth_callback_url: ENC[AES256_GCM,data:u+TYGHNKyEaysSdo+a4nR+/9iyYhQXVWrSmzTIGhmHH3X3iWXVHFidARDML5f9vD93E8OUZzQsNE,iv:hGlIck1tzeL8g1Xtc4GMvfRVX5tpDnadVkSqGfNFsFY=,tag:v7/s7UwDAFOs0/C5z1J2Tg==,type:str] - client_id: ENC[AES256_GCM,data:RdqlglpnJ+VKarx3KlWhnS00VaA=,iv:FS14ihzja3Yd6/oOxjpte6zxXK9EBXUfFe+n3mVjOUQ=,tag:lEpGLot5VVqHr6cV3+vLbQ==,type:str] - client_secret: ENC[AES256_GCM,data:MwPPG9cqATZ0vUjfOFODDlxO6A6Avtki/bjcJvvfEwsZYnckOj1W4w==,iv:eLLalGHe0kTSzzohuPR3kUoqS3zlICP/ArKu0pZ+wLI=,tag:RIajflkLuWami8R/bBnzeQ==,type:str] - - name: ENC[AES256_GCM,data:K4zY8A==,iv:KsbEz4hJartHsMFdkPs0+iC/XPlqsMLiNJ6xHFrsIw4=,tag:T6HVpb7ypJDAHTGjylkRlw==,type:str] + client_id: ENC[AES256_GCM,data:+k3+oT9FK+CgeaRZDvUMfLNwJpA=,iv:MIRkWGgtJKm6GhTUEG0l3dCs2jrsMASIhGmmycSKAVA=,tag:fc74vTFL1yG7EaPCYY85pg==,type:str] + client_secret: ENC[AES256_GCM,data:AlC3Q0ssE9v9K6WXp32ditRR/+1SN05yZGyRIlLtk8kfGoQXFSl2kQ==,iv:aoO5/yIaN9oU3no/bRR8AOoLfMVTfaiigoC/6xzDJqU=,tag:idyp9mxGAn56s8wJwSLgZw==,type:str] + - name: ENC[AES256_GCM,data:WxtbVw==,iv:J9r5RVhUaBIGOcWVCIunF+vlgTlTkiUwm4d4pLXq0xI=,tag:69E71ZfQ2jwYkNuPydYH8g==,type:str] config: basehub: jupyterhub: hub: config: GitHubOAuthenticator: - oauth_callback_url: ENC[AES256_GCM,data:FTLJrCCQ7WzTWxFU8GcVq4JgIPQIiBY/gZZeddQQkOBkgkToGsCOxoCXOkKq6R+3ng==,iv:8Tp1dPfPejsOW5NPNbwrjISaqDrR3JyWiJzHnwwBd+U=,tag:irEWgFjcXJevRFlO/nq14A==,type:str] - client_id: ENC[AES256_GCM,data:8iTJ4o7mPUdjtXT7K2xU+rJrnTA=,iv:FCjIF4c34lrhr2jeWXUJNCpU/pn5sR7NCHMM0zWoY1w=,tag:qOd2CRKegpCIufbajYw5BA==,type:str] - client_secret: ENC[AES256_GCM,data:PzpaVgOIxdRaIkIhjTaNDXhHxlLDeiB7Box4RDzgV0JnK5+ElTAshA==,iv:rJvSae2itP2HSLp/hyu3t+sfsmrXyxJ3K3239LcobZ0=,tag:H+tKqOOtn+d57HmI02Bpvg==,type:str] + client_id: ENC[AES256_GCM,data:lL4NFHlrzYD0NFZqGVOkZ0Q2ijQ=,iv:esN0Ol8Z2vwl00+yyqv4ZNblzHV+SLZNmTsG4sDTeUU=,tag:izvV139JE67/aXgirH2rNg==,type:str] + client_secret: ENC[AES256_GCM,data:xCre9lo27kbAiSuFCKZ95CmhLBJ9YFmA0zqTIttGHqwS3lNm8mcSIg==,iv:XThG374PGmBzjgBeAWfX76eFgmpgfVwEMbvo0Ax/6Ks=,tag:5ae7Y0MumfSK747o1zaNJA==,type:str] sops: kms: [] gcp_kms: - resource_id: projects/two-eye-two-see/locations/global/keyRings/sops-keys/cryptoKeys/similar-hubs - created_at: "2022-02-07T15:26:36Z" - enc: CiQA4OM7eAK/UyUTkkb/TrqxCygeVW8RMDMiG2LKvjozBXVSySASSQAZvYDZz2/Rn3zhoJtNkpGFcBt9SF/2T90Zu4xgb0sNiq342QnentLTC/QX1nyuJSVBnR7y2+XY/9GGuONB4TyCaofTCms5mH8= + created_at: "2022-02-11T15:52:25Z" + enc: CiQA4OM7eKoxSQpzJgFjZW9ur7vMcEamVAsCombLNcBlZNBIJRcSSQAZvYDZK01SDcic/ZI33XVTpAjTXAmtd7iWigdNcZEboFcnEdgQDTR+/SsNyPZUPZwLL5DpTxisOjzk5nfNdGg+nyUqMg6n+EY= azure_kv: [] hc_vault: [] age: [] - lastmodified: "2022-02-07T17:11:41Z" - mac: ENC[AES256_GCM,data:lS9IFUwrPOrcrSRWgo/EvMFTiZFInvpNIO9tBcHEIVpoVE5rVZblL58RdtDyxX6W5D7FPK1K/wkIgVZFMT27jJLFTZqwH4QgQbJ1JRUwqTnP3l5DE13RircQUDdj6pzsgMgXX2eE29SydSdsSVej45+GjT82MFmzfVwOZKRxB8E=,iv:+uh554lj/0DwgnsU98EKecPw33IZuaojYhyt1/0C9aY=,tag:Kp7fZXe8sf3mrIpOXWYGYg==,type:str] + lastmodified: "2022-02-11T15:52:26Z" + mac: ENC[AES256_GCM,data:UGeQY+fyUuWPLAqmPlzyAHyygqSP/PcvgJYqqi3yzwvsQT0itxHVUm5Kiu604CbyJ9djWUq/cQIIVfyiumAxX3v2KQAMa89H1xeDX7q1VqwHGvRd6DEosyMhBEDBNr+pToDEZytRnpHjtqb7TL/0k+OFyfNdyA91Y8+qjwm0+vg=,iv:Hfm2EyqAFy/og4yVIOr0Y7KLcFnu/LP4j0Wf9cWWDsc=,tag:64uF4ak/anaNzkPaD5Vs4g==,type:str] pgp: [] unencrypted_suffix: _unencrypted version: 3.7.1 From d61979d677bc29da2aa7869676b42dd0447be900 Mon Sep 17 00:00:00 2001 From: Sarah Gibson Date: Fri, 11 Feb 2022 16:11:31 +0000 Subject: [PATCH 24/28] Refactor 2i2c cluster structure --- config/clusters/2i2c/2i2c.cluster.yaml | 616 +--------------- config/clusters/2i2c/anu.values.yaml | 38 + config/clusters/2i2c/aup.values.yaml | 31 + .../2i2c/catalyst-cooperative.values.yaml | 42 ++ config/clusters/2i2c/cluster.yaml | 698 ++++++++++++++++++ config/clusters/2i2c/dask-staging.values.yaml | 37 + config/clusters/2i2c/demo.values.yaml | 26 + config/clusters/2i2c/earthlab.values.yaml | 26 + .../2i2c/justiceinnovationlab.values.yaml | 31 + config/clusters/2i2c/ohw.values.yaml | 67 ++ .../clusters/2i2c/paleohack2021.values.yaml | 46 ++ config/clusters/2i2c/peddie.values.yaml | 28 + config/clusters/2i2c/pfw.values.yaml | 28 + config/clusters/2i2c/staging.values.yaml | 30 + config/clusters/2i2c/utexas.values.yaml | 147 ++++ 15 files changed, 1301 insertions(+), 590 deletions(-) create mode 100644 config/clusters/2i2c/anu.values.yaml create mode 100644 config/clusters/2i2c/aup.values.yaml create mode 100644 config/clusters/2i2c/catalyst-cooperative.values.yaml create mode 100644 config/clusters/2i2c/cluster.yaml create mode 100644 config/clusters/2i2c/dask-staging.values.yaml create mode 100644 config/clusters/2i2c/demo.values.yaml create mode 100644 config/clusters/2i2c/earthlab.values.yaml create mode 100644 config/clusters/2i2c/justiceinnovationlab.values.yaml create mode 100644 config/clusters/2i2c/ohw.values.yaml create mode 100644 config/clusters/2i2c/paleohack2021.values.yaml create mode 100644 config/clusters/2i2c/peddie.values.yaml create mode 100644 config/clusters/2i2c/pfw.values.yaml create mode 100644 config/clusters/2i2c/staging.values.yaml create mode 100644 config/clusters/2i2c/utexas.values.yaml diff --git a/config/clusters/2i2c/2i2c.cluster.yaml b/config/clusters/2i2c/2i2c.cluster.yaml index 558b98e46f..f67f9cdf3e 100644 --- a/config/clusters/2i2c/2i2c.cluster.yaml +++ b/config/clusters/2i2c/2i2c.cluster.yaml @@ -24,37 +24,8 @@ hubs: # connection update? Also ensure the basehub Helm chart is provided a # matching value for jupyterhub.custom.2i2c.add_staff_user_ids_of_type! connection: google-oauth2 - config: - docs_service: - enabled: true - repo: https://github.com/jupyterhub/nbgitpuller - branch: gh-pages - jupyterhub: - custom: - 2i2c: - add_staff_user_ids_to_admin_users: true - add_staff_user_ids_of_type: "google" - homepage: - templateVars: - org: - name: 2i2c Staging - url: https://2i2c.org - logo_url: https://2i2c.org/media/logo.png - designed_by: - name: 2i2c - url: https://2i2c.org - operated_by: - name: 2i2c - url: https://2i2c.org - funded_by: - name: 2i2c - url: https://2i2c.org - hub: - config: - Authenticator: - allowed_users: &staging_users - - colliand@gmail.com - admin_users: *staging_users + helm_chart_values_files: + - staging.values.yaml - name: dask-staging domain: dask-staging.pilot.2i2c.cloud helm_chart: daskhub @@ -62,44 +33,8 @@ hubs: # connection update? Also ensure the basehub Helm chart is provided a # matching value for jupyterhub.custom.2i2c.add_staff_user_ids_of_type! connection: google-oauth2 - config: - basehub: - jupyterhub: - custom: - cloudResources: - provider: gcp - gcp: - projectId: two-eye-two-see - scratchBucket: - enabled: true - 2i2c: - add_staff_user_ids_to_admin_users: true - add_staff_user_ids_of_type: "google" - homepage: - templateVars: - org: - name: 2i2c Dask Staging - url: https://2i2c.org - logo_url: https://2i2c.org/media/logo.png - designed_by: - name: 2i2c - url: https://2i2c.org - operated_by: - name: 2i2c - url: https://2i2c.org - funded_by: - name: 2i2c - url: https://2i2c.org - singleuser: - image: - name: pangeo/pangeo-notebook - tag: 2021.02.19 - hub: - config: - Authenticator: - allowed_users: &dask_staging_users - - colliand@gmail.com - admin_users: *dask_staging_users + helm_chart_values_files: + - dask-staging.values.yaml - name: demo domain: demo.pilot.2i2c.cloud helm_chart: basehub @@ -107,33 +42,8 @@ hubs: # connection update? Also ensure the basehub Helm chart is provided a # matching value for jupyterhub.custom.2i2c.add_staff_user_ids_of_type! connection: CILogon - config: - jupyterhub: - custom: - 2i2c: - add_staff_user_ids_to_admin_users: true - add_staff_user_ids_of_type: "google" - homepage: - templateVars: - org: - name: 2i2c Demo Hub - url: https://2i2c.org - logo_url: https://2i2c.org/media/logo.png - designed_by: - name: 2i2c - url: https://2i2c.org - operated_by: - name: 2i2c - url: https://2i2c.org - funded_by: - name: 2i2c - url: https://2i2c.org - hub: - config: - Authenticator: - # We do not define allowed_users here since only usernames matching this regex will be allowed to login into the hub. - # Ref: https://jupyterhub.readthedocs.io/en/stable/api/auth.html#jupyterhub.auth.Authenticator.username_pattern - username_pattern: '^(.+@2i2c\.org|deployment-service-check)$' + helm_chart_values_files: + - demo.values.yaml - name: ohw domain: ohw.pilot.2i2c.cloud helm_chart: daskhub @@ -141,74 +51,8 @@ hubs: # connection update? Also ensure the basehub Helm chart is provided a # matching value for jupyterhub.custom.2i2c.add_staff_user_ids_of_type! connection: github - config: - basehub: - jupyterhub: - prePuller: - continuous: - enabled: true - singleuser: - networkPolicy: - # In clusters with NetworkPolicy enabled, do not - # allow outbound internet access that's not DNS, HTTP or HTTPS - # For OHW, we allow 8080 (for DAP) and 22 (for ssh) - # https://github.com/2i2c-org/pilot-hubs/issues/549#issuecomment-892276020 - enabled: true - egress: - - ports: - - port: 53 - protocol: UDP - - ports: - - port: 80 - protocol: TCP - - ports: - - port: 443 - protocol: TCP - - ports: - - port: 8080 - protocol: TCP - - ports: - - port: 22 - protocol: TCP - image: - name: ghcr.io/oceanhackweek/jupyer-image - tag: 9efd4fb - memory: - # Increase memory alloted during the workshop - # https://github.com/2i2c-org/pilot-hubs/issues/549#issuecomment-891264570 - guarantee: 7G - limit: 8G - custom: - cloudResources: - provider: gcp - gcp: - projectId: two-eye-two-see - scratchBucket: - enabled: true - 2i2c: - add_staff_user_ids_to_admin_users: true - add_staff_user_ids_of_type: "github" - homepage: - templateVars: - org: - name: Ocean Hack Week - logo_url: https://avatars.githubusercontent.com/u/33128979 - url: https://oceanhackweek.github.io/ - designed_by: - name: 2i2c - url: https://2i2c.org - operated_by: - name: 2i2c - url: https://2i2c.org - funded_by: - name: 2i2c - url: https://2i2c.org - hub: - config: - Authenticator: - allowed_users: &ohw_users - - ocefpaf - admin_users: *ohw_users + helm_chart_values_files: + - ohw.values.yaml - name: justiceinnovationlab domain: justiceinnovationlab.pilot.2i2c.cloud helm_chart: basehub @@ -216,38 +60,8 @@ hubs: # connection update? Also ensure the basehub Helm chart is provided a # matching value for jupyterhub.custom.2i2c.add_staff_user_ids_of_type! connection: github - config: - jupyterhub: - custom: - 2i2c: - add_staff_user_ids_to_admin_users: true - add_staff_user_ids_of_type: "github" - homepage: - templateVars: - org: - name: Justice Innovation Lab - logo_url: "https://images.squarespace-cdn.com/content/5ee35ddb35affc21b29c0fd6/1596634079158-KLDENW5BSW2HQW4ZO0EH/JIL-Logo-Digital.png?format=1500w&content-type=image%2Fpng" - url: https://www.justiceinnovationlab.org/ - designed_by: - name: 2i2c - url: https://2i2c.org - operated_by: - name: 2i2c - url: https://2i2c.org - funded_by: - name: 2i2c - url: https://2i2c.org - hub: - config: - Authenticator: - admin_users: &jil_admin_users - - donaldbraman - - JILPulvino - # 2022-02-10 Sarah Gibson: I added in allowed_users here even though - # I know we will be decomissioning this hub soon, just so that it's - # no longer open to everyone with a GitHub account. Please revert - # if this was not the correct thing to do. - allowed_users: *jil_admin_users + helm_chart_values_files: + - justiceinnovationlab.values.yaml - name: pfw domain: pfw.pilot.2i2c.cloud helm_chart: basehub @@ -255,35 +69,8 @@ hubs: # connection update? Also ensure the basehub Helm chart is provided a # matching value for jupyterhub.custom.2i2c.add_staff_user_ids_of_type! connection: github - config: - jupyterhub: - custom: - 2i2c: - add_staff_user_ids_to_admin_users: true - add_staff_user_ids_of_type: "github" - homepage: - templateVars: - org: - name: Purdue Fort Wayne - logo_url: https://upload.wikimedia.org/wikipedia/en/thumb/1/14/Purdue_Fort_Wayne_Mastodons_logo.svg/400px-Purdue_Fort_Wayne_Mastodons_logo.svg.png - url: https://www.pfw.edu/ - designed_by: - name: 2i2c - url: https://2i2c.org - operated_by: - name: 2i2c - url: https://2i2c.org - funded_by: - name: JROST & IOI - url: https://investinopen.org/blog/jrost-rapid-response-fund-awardees - hub: - config: - Authenticator: - allowed_users: &pfw_users - - colliand - - alessandromariaselvitella - - fosterk86 - admin_users: *pfw_users + helm_chart_values_files: + - pfw.values.yaml - name: peddie domain: peddie.pilot.2i2c.cloud helm_chart: basehub @@ -291,35 +78,8 @@ hubs: # connection update? Also ensure the basehub Helm chart is provided a # matching value for jupyterhub.custom.2i2c.add_staff_user_ids_of_type! connection: google-oauth2 - config: - jupyterhub: - custom: - 2i2c: - add_staff_user_ids_to_admin_users: true - add_staff_user_ids_of_type: "google" - homepage: - templateVars: - org: - name: Peddie Academy - logo_url: https://resources.finalsite.net/images/f_auto,q_auto,t_image_size_1/v1564687841/peddie/l4yufwwdksquxu2yetv6/PeddieSealPMS289.png - url: http://peddie.org/ - designed_by: - name: 2i2c - url: https://2i2c.org - operated_by: - name: 2i2c - url: https://2i2c.org - funded_by: - name: JROST & IOI - url: https://investinopen.org/blog/jrost-rapid-response-fund-awardees - hub: - config: - Authenticator: - allowed_users: &peddie_users - - rbennett@peddie.org - - msawula@peddie.org - - ericvd@berkeley.edu - admin_users: *peddie_users + helm_chart_values_files: + - peddie.values.yaml - name: catalyst-cooperative domain: catalyst-cooperative.pilot.2i2c.cloud helm_chart: daskhub @@ -327,49 +87,8 @@ hubs: # connection update? Also ensure the basehub Helm chart is provided a # matching value for jupyterhub.custom.2i2c.add_staff_user_ids_of_type! connection: google-oauth2 - config: - basehub: - jupyterhub: - singleuser: - image: - name: catalystcoop/pudl-jupyter - tag: 2021.11.11 - memory: - limit: 6G - guarantee: 4G - custom: - 2i2c: - add_staff_user_ids_to_admin_users: true - add_staff_user_ids_of_type: "google" - cloudResources: - provider: gcp - gcp: - projectId: two-eye-two-see - scratchBucket: - enabled: true - homepage: - templateVars: - org: - name: Catalyst Cooperative - logo_url: https://catalyst.coop/files/2018/06/SimpleSquareWalking.png - url: https://catalyst.coop/ - designed_by: - name: 2i2c - url: https://2i2c.org - operated_by: - name: 2i2c - url: https://2i2c.org - funded_by: - name: 2i2c - url: https://2i2c.org - hub: - config: - Authenticator: - allowed_users: &catalyst_users - - zane.selvans@catalyst.coop - - cgosnell@catalyst.coop - - colliand@gmail.com - admin_users: *catalyst_users + helm_chart_values_files: + - catalyst-cooperative.values.yaml - name: earthlab domain: earthlab.pilot.2i2c.cloud helm_chart: basehub @@ -377,33 +96,8 @@ hubs: # connection update? Also ensure the basehub Helm chart is provided a # matching value for jupyterhub.custom.2i2c.add_staff_user_ids_of_type! connection: github - config: - jupyterhub: - custom: - 2i2c: - add_staff_user_ids_to_admin_users: true - add_staff_user_ids_of_type: "github" - homepage: - templateVars: - org: - name: EarthLab - logo_url: https://pbs.twimg.com/profile_images/1102342372438925312/64xKJFPk.png - url: https://www.colorado.edu/earthlab/ - designed_by: - name: 2i2c - url: https://2i2c.org - operated_by: - name: 2i2c - url: https://2i2c.org - funded_by: - name: JROST & IOI - url: https://investinopen.org/blog/jrost-rapid-response-fund-awardees - hub: - config: - Authenticator: - allowed_users: &earthlab_users - - lwasser - admin_users: *earthlab_users + helm_chart_values_files: + - earthlab.values.yaml - name: paleohack2021 domain: paleohack2021.hackathon.2i2c.cloud helm_chart: basehub @@ -411,53 +105,8 @@ hubs: # connection update? Also ensure the basehub Helm chart is provided a # matching value for jupyterhub.custom.2i2c.add_staff_user_ids_of_type! connection: github - config: - jupyterhub: - scheduling: - userPlaceholder: - # Not needed anymore, hackathon is over - replicas: 0 - userScheduler: - # Each user gets almost 1 anyway - enabled: true - custom: - 2i2c: - add_staff_user_ids_to_admin_users: true - add_staff_user_ids_of_type: "github" - homepage: - templateVars: - org: - name: "PaleoHack 2021" - logo_url: "https://raw.githubusercontent.com/LinkedEarth/Logos/master/pyleoclim_logo_full_white.png" - url: "https://linkedearth.github.io/paleoHackathon/" - designed_by: - name: 2i2c - url: https://2i2c.org - operated_by: - name: 2i2c - url: https://2i2c.org - funded_by: - name: "NSF Paleo Perspectives on Climate Change program" - url: "https://www.nsf.gov/funding/pgm_summ.jsp?pims_id=5750" - singleuser: - memory: - guarantee: 256M - limit: 4G - cpu: - guarantee: 0.1 - limit: 2 - image: - name: quay.io/2i2c/paleohack-2021 - tag: 7534858b1098 - hub: - config: - Authenticator: - allowed_users: &paleohack_users - - CommonClimate - - khider - - fzhu2e - - alexkjames - admin_users: *paleohack_users + helm_chart_values_files: + - paleohack2021.values.yaml - name: aup domain: aup.pilot.2i2c.cloud helm_chart: basehub @@ -465,82 +114,15 @@ hubs: # connection update? Also ensure the basehub Helm chart is provided a # matching value for jupyterhub.custom.2i2c.add_staff_user_ids_of_type! connection: github - config: - jupyterhub: - custom: - 2i2c: - add_staff_user_ids_to_admin_users: true - add_staff_user_ids_of_type: "github" - homepage: - templateVars: - org: - name: The American University of Paris - logo_url: https://www.aup.edu/sites/default/files/images/widget-assets/image/auplogo.jpeg - url: https://www.aup.edu/ - designed_by: - name: 2i2c - url: https://2i2c.org - operated_by: - name: 2i2c - url: https://2i2c.org - funded_by: - name: AUP - url: https://www.aup.edu/ - singleuser: - memory: - limit: 2G - guarantee: 2G - hub: - config: - Authenticator: - allowed_users: &aup_users - - swalker - - shaolintl - admin_users: *aup_users + helm_chart_values_files: + - aup.values.yaml - name: anu domain: anu.pilot.2i2c.cloud helm_chart: basehub auth0: connection: CILogon - config: - jupyterhub: - custom: - 2i2c: - add_staff_user_ids_to_admin_users: true - add_staff_user_ids_of_type: "google" - homepage: - templateVars: - org: - name: The Australian National University - logo_url: https://upload.wikimedia.org/wikipedia/en/thumb/4/4c/Australian_National_University_%28emblem%29.svg/320px-Australian_National_University_%28emblem%29.svg.png - url: https://www.anu.edu.au/ - designed_by: - name: 2i2c - url: https://2i2c.org - operated_by: - name: 2i2c - url: https://2i2c.org - funded_by: - name: ANU - url: https://www.anu.edu.au/ - singleuser: - memory: - limit: 2G - guarantee: 2G - cpu: - guarantee: 1 - limit: 2 - image: - name: quay.io/mmcky/anu-emet2007 - tag: b7937f446fe6 - hub: - config: - Authenticator: - admin_users: - - matthew.mckay@anu.edu.au - # We do not define allowed_users here since only usernames matching this regex will be allowed to login into the hub. - # Ref: https://jupyterhub.readthedocs.io/en/stable/api/auth.html#jupyterhub.auth.Authenticator.username_pattern - username_pattern: '^(.+@2i2c\.org|.+@anu\.edu\.au|deployment-service-check)$' + helm_chart_values_files: + - anu.values.yaml - name: utexas domain: utexas.pilot.2i2c.cloud helm_chart: basehub @@ -548,151 +130,5 @@ hubs: # connection update? Also ensure the basehub Helm chart is provided a # matching value for jupyterhub.custom.2i2c.add_staff_user_ids_of_type! connection: github - config: - jupyterhub: - custom: - 2i2c: - add_staff_user_ids_to_admin_users: true - add_staff_user_ids_of_type: "github" - homepage: - templateVars: - org: - name: University of Texas - logo_url: https://upload.wikimedia.org/wikipedia/en/thumb/e/e1/University_of_Texas_at_Austin_seal.svg/300px-University_of_Texas_at_Austin_seal.svg.png - url: https://www.utexas.edu/ - designed_by: - name: 2i2c - url: https://2i2c.org - operated_by: - name: 2i2c - url: https://2i2c.org - funded_by: - name: JROST & IOI - url: https://investinopen.org/blog/jrost-rapid-response-fund-awardees - hub: - extraConfig: - # Create persistent disks for each user in the hub to store postgresql data in - 100-create-postgres-pvc: | - from jupyterhub.utils import exponential_backoff - from kubespawner.objects import make_pvc - from functools import partial - - def make_extra_pvc(component, name_template, storage_class, storage_capacity, spawner): - """ - Create a PVC resource for storing database contents - """ - labels = spawner._build_common_labels({}) - labels.update({ - 'component': component - }) - annotations = spawner._build_common_annotations({}) - storage_selector = spawner._expand_all(spawner.storage_selector) - return make_pvc( - name=spawner._expand_all(name_template), - storage_class=storage_class, - access_modes=['ReadWriteOnce'], - selector={}, - storage=storage_capacity, - labels=labels, - annotations=annotations - ) - - # 1Gi seems the smallest PVC you can make - anything smaller than that is rounded up to 1Gi - make_db_pvc = partial(make_extra_pvc, 'postgres-storage', 'postgres-{username}', 'standard-rwo', '1Gi') - - async def ensure_db_pvc(spawner): - """" - Ensure a PVC is created for this user's database volume - """ - pvc = make_db_pvc(spawner) - # If there's a timeout, just let it propagate to the user - await exponential_backoff( - partial(spawner._make_create_pvc_request, pvc, spawner.k8s_api_request_timeout), - f'Could not create pvc {pvc.metadata.name}', - # Each req should be given k8s_api_request_timeout seconds. - timeout=spawner.k8s_api_request_retry_timeout - ) - c.Spawner.pre_spawn_hook = ensure_db_pvc - config: - Authenticator: - allowed_users: &utexas_demo_users - - jameshowison - admin_users: *utexas_demo_users - singleuser: - storage: - extraVolumes: - - name: postgres-db - persistentVolumeClaim: - claimName: "postgres-{username}" - extraVolumeMounts: - - name: postgres-db - mountPath: /var/lib/postgresql/data - # postgres recommends against mounting a volume directly here - # So we put data in a subpath - subPath: data - initContainers: - # /var/lib/postgresql should be writeable by uid 1000, so students - # can blow out their db directories if need to. Also lets postgres actually - # write to its data directory - - name: postgres-volume-mount-hack - image: busybox - command: - - sh - - -c - - "id && chown -R 1000:1000 /var/lib/postgresql && ls -lhd /var/lib/postgresql" - securityContext: - runAsUser: 0 - volumeMounts: - - name: postgres-db - mountPath: /var/lib/postgresql/data - # postgres recommends against mounting a volume directly here - # So we put data in a subpath - subPath: data - extraContainers: - - name: pgadmin4 - image: dpage/pgadmin4 - env: - # Users use this to login to pgadmin4 itself - # Access to that is secured with jupyter-server-proxy - - name: PGADMIN_DEFAULT_EMAIL - value: jovyan@jovyan.org - - name: PGADMIN_DEFAULT_PASSWORD - value: jovyan - # Don't allow outside users to even connect to pgadmin4 - - name: PGADMIN_LISTEN_ADDRESS - value: "127.0.0.1" - - name: PGADMIN_LISTEN_PORT - value: "5050" - # Tell pgadmin4 what base_url it's running under - - name: SCRIPT_NAME - # FIXME: This doesn't work with named servers, - # https://github.com/jupyterhub/kubespawner/pull/565 fixes this - value: "/user/{username}/proxy/absolute/5050" - - name: postgres - image: postgres:10 - resources: - limits: - # Best effort only. No more than 1 CPU - memory: 512Mi - cpu: 1.0 - requests: - # If we don't set requests, k8s sets requests == limits! - memory: 64Mi - cpu: 0.01 - env: - - name: POSTGRES_HOST_AUTH_METHOD - value: "trust" - - name: POSTGRES_USER - value: "jovyan" - securityContext: - runAsUser: 1000 - fsGroup: 1000 - volumeMounts: - - name: home - mountPath: /home/jovyan - subPath: "{username}" - - name: postgres-db - mountPath: /var/lib/postgresql/data - # postgres recommends against mounting a volume directly here - # So we put data in a subpath - subPath: data + helm_chart_values_files: + - utexas.values.yaml diff --git a/config/clusters/2i2c/anu.values.yaml b/config/clusters/2i2c/anu.values.yaml new file mode 100644 index 0000000000..3570151387 --- /dev/null +++ b/config/clusters/2i2c/anu.values.yaml @@ -0,0 +1,38 @@ +jupyterhub: + custom: + 2i2c: + add_staff_user_ids_to_admin_users: true + add_staff_user_ids_of_type: "google" + homepage: + templateVars: + org: + name: The Australian National University + logo_url: https://upload.wikimedia.org/wikipedia/en/thumb/4/4c/Australian_National_University_%28emblem%29.svg/320px-Australian_National_University_%28emblem%29.svg.png + url: https://www.anu.edu.au/ + designed_by: + name: 2i2c + url: https://2i2c.org + operated_by: + name: 2i2c + url: https://2i2c.org + funded_by: + name: ANU + url: https://www.anu.edu.au/ + singleuser: + memory: + limit: 2G + guarantee: 2G + cpu: + guarantee: 1 + limit: 2 + image: + name: quay.io/mmcky/anu-emet2007 + tag: b7937f446fe6 + hub: + config: + Authenticator: + admin_users: + - matthew.mckay@anu.edu.au + # We do not define allowed_users here since only usernames matching this regex will be allowed to login into the hub. + # Ref: https://jupyterhub.readthedocs.io/en/stable/api/auth.html#jupyterhub.auth.Authenticator.username_pattern + username_pattern: '^(.+@2i2c\.org|.+@anu\.edu\.au|deployment-service-check)$' diff --git a/config/clusters/2i2c/aup.values.yaml b/config/clusters/2i2c/aup.values.yaml new file mode 100644 index 0000000000..db09310a9f --- /dev/null +++ b/config/clusters/2i2c/aup.values.yaml @@ -0,0 +1,31 @@ +jupyterhub: + custom: + 2i2c: + add_staff_user_ids_to_admin_users: true + add_staff_user_ids_of_type: "github" + homepage: + templateVars: + org: + name: The American University of Paris + logo_url: https://www.aup.edu/sites/default/files/images/widget-assets/image/auplogo.jpeg + url: https://www.aup.edu/ + designed_by: + name: 2i2c + url: https://2i2c.org + operated_by: + name: 2i2c + url: https://2i2c.org + funded_by: + name: AUP + url: https://www.aup.edu/ + singleuser: + memory: + limit: 2G + guarantee: 2G + hub: + config: + Authenticator: + allowed_users: &aup_users + - swalker + - shaolintl + admin_users: *aup_users diff --git a/config/clusters/2i2c/catalyst-cooperative.values.yaml b/config/clusters/2i2c/catalyst-cooperative.values.yaml new file mode 100644 index 0000000000..1146b1f0a2 --- /dev/null +++ b/config/clusters/2i2c/catalyst-cooperative.values.yaml @@ -0,0 +1,42 @@ +basehub: + jupyterhub: + singleuser: + image: + name: catalystcoop/pudl-jupyter + tag: 2021.11.11 + memory: + limit: 6G + guarantee: 4G + custom: + 2i2c: + add_staff_user_ids_to_admin_users: true + add_staff_user_ids_of_type: "google" + cloudResources: + provider: gcp + gcp: + projectId: two-eye-two-see + scratchBucket: + enabled: true + homepage: + templateVars: + org: + name: Catalyst Cooperative + logo_url: https://catalyst.coop/files/2018/06/SimpleSquareWalking.png + url: https://catalyst.coop/ + designed_by: + name: 2i2c + url: https://2i2c.org + operated_by: + name: 2i2c + url: https://2i2c.org + funded_by: + name: 2i2c + url: https://2i2c.org + hub: + config: + Authenticator: + allowed_users: &catalyst_users + - zane.selvans@catalyst.coop + - cgosnell@catalyst.coop + - colliand@gmail.com + admin_users: *catalyst_users diff --git a/config/clusters/2i2c/cluster.yaml b/config/clusters/2i2c/cluster.yaml new file mode 100644 index 0000000000..558b98e46f --- /dev/null +++ b/config/clusters/2i2c/cluster.yaml @@ -0,0 +1,698 @@ +name: 2i2c +image_repo: "quay.io/2i2c/2i2c-hubs-image" +provider: gcp +gcp: + key: secrets/2i2c.json + project: two-eye-two-see + cluster: pilot-hubs-cluster + zone: us-central1-b +support: + config: + grafana: + ingress: + hosts: + - grafana.pilot.2i2c.cloud + tls: + - secretName: grafana-tls + hosts: + - grafana.pilot.2i2c.cloud +hubs: + - name: staging + domain: staging.pilot.2i2c.cloud + helm_chart: basehub + auth0: + # connection update? Also ensure the basehub Helm chart is provided a + # matching value for jupyterhub.custom.2i2c.add_staff_user_ids_of_type! + connection: google-oauth2 + config: + docs_service: + enabled: true + repo: https://github.com/jupyterhub/nbgitpuller + branch: gh-pages + jupyterhub: + custom: + 2i2c: + add_staff_user_ids_to_admin_users: true + add_staff_user_ids_of_type: "google" + homepage: + templateVars: + org: + name: 2i2c Staging + url: https://2i2c.org + logo_url: https://2i2c.org/media/logo.png + designed_by: + name: 2i2c + url: https://2i2c.org + operated_by: + name: 2i2c + url: https://2i2c.org + funded_by: + name: 2i2c + url: https://2i2c.org + hub: + config: + Authenticator: + allowed_users: &staging_users + - colliand@gmail.com + admin_users: *staging_users + - name: dask-staging + domain: dask-staging.pilot.2i2c.cloud + helm_chart: daskhub + auth0: + # connection update? Also ensure the basehub Helm chart is provided a + # matching value for jupyterhub.custom.2i2c.add_staff_user_ids_of_type! + connection: google-oauth2 + config: + basehub: + jupyterhub: + custom: + cloudResources: + provider: gcp + gcp: + projectId: two-eye-two-see + scratchBucket: + enabled: true + 2i2c: + add_staff_user_ids_to_admin_users: true + add_staff_user_ids_of_type: "google" + homepage: + templateVars: + org: + name: 2i2c Dask Staging + url: https://2i2c.org + logo_url: https://2i2c.org/media/logo.png + designed_by: + name: 2i2c + url: https://2i2c.org + operated_by: + name: 2i2c + url: https://2i2c.org + funded_by: + name: 2i2c + url: https://2i2c.org + singleuser: + image: + name: pangeo/pangeo-notebook + tag: 2021.02.19 + hub: + config: + Authenticator: + allowed_users: &dask_staging_users + - colliand@gmail.com + admin_users: *dask_staging_users + - name: demo + domain: demo.pilot.2i2c.cloud + helm_chart: basehub + auth0: + # connection update? Also ensure the basehub Helm chart is provided a + # matching value for jupyterhub.custom.2i2c.add_staff_user_ids_of_type! + connection: CILogon + config: + jupyterhub: + custom: + 2i2c: + add_staff_user_ids_to_admin_users: true + add_staff_user_ids_of_type: "google" + homepage: + templateVars: + org: + name: 2i2c Demo Hub + url: https://2i2c.org + logo_url: https://2i2c.org/media/logo.png + designed_by: + name: 2i2c + url: https://2i2c.org + operated_by: + name: 2i2c + url: https://2i2c.org + funded_by: + name: 2i2c + url: https://2i2c.org + hub: + config: + Authenticator: + # We do not define allowed_users here since only usernames matching this regex will be allowed to login into the hub. + # Ref: https://jupyterhub.readthedocs.io/en/stable/api/auth.html#jupyterhub.auth.Authenticator.username_pattern + username_pattern: '^(.+@2i2c\.org|deployment-service-check)$' + - name: ohw + domain: ohw.pilot.2i2c.cloud + helm_chart: daskhub + auth0: + # connection update? Also ensure the basehub Helm chart is provided a + # matching value for jupyterhub.custom.2i2c.add_staff_user_ids_of_type! + connection: github + config: + basehub: + jupyterhub: + prePuller: + continuous: + enabled: true + singleuser: + networkPolicy: + # In clusters with NetworkPolicy enabled, do not + # allow outbound internet access that's not DNS, HTTP or HTTPS + # For OHW, we allow 8080 (for DAP) and 22 (for ssh) + # https://github.com/2i2c-org/pilot-hubs/issues/549#issuecomment-892276020 + enabled: true + egress: + - ports: + - port: 53 + protocol: UDP + - ports: + - port: 80 + protocol: TCP + - ports: + - port: 443 + protocol: TCP + - ports: + - port: 8080 + protocol: TCP + - ports: + - port: 22 + protocol: TCP + image: + name: ghcr.io/oceanhackweek/jupyer-image + tag: 9efd4fb + memory: + # Increase memory alloted during the workshop + # https://github.com/2i2c-org/pilot-hubs/issues/549#issuecomment-891264570 + guarantee: 7G + limit: 8G + custom: + cloudResources: + provider: gcp + gcp: + projectId: two-eye-two-see + scratchBucket: + enabled: true + 2i2c: + add_staff_user_ids_to_admin_users: true + add_staff_user_ids_of_type: "github" + homepage: + templateVars: + org: + name: Ocean Hack Week + logo_url: https://avatars.githubusercontent.com/u/33128979 + url: https://oceanhackweek.github.io/ + designed_by: + name: 2i2c + url: https://2i2c.org + operated_by: + name: 2i2c + url: https://2i2c.org + funded_by: + name: 2i2c + url: https://2i2c.org + hub: + config: + Authenticator: + allowed_users: &ohw_users + - ocefpaf + admin_users: *ohw_users + - name: justiceinnovationlab + domain: justiceinnovationlab.pilot.2i2c.cloud + helm_chart: basehub + auth0: + # connection update? Also ensure the basehub Helm chart is provided a + # matching value for jupyterhub.custom.2i2c.add_staff_user_ids_of_type! + connection: github + config: + jupyterhub: + custom: + 2i2c: + add_staff_user_ids_to_admin_users: true + add_staff_user_ids_of_type: "github" + homepage: + templateVars: + org: + name: Justice Innovation Lab + logo_url: "https://images.squarespace-cdn.com/content/5ee35ddb35affc21b29c0fd6/1596634079158-KLDENW5BSW2HQW4ZO0EH/JIL-Logo-Digital.png?format=1500w&content-type=image%2Fpng" + url: https://www.justiceinnovationlab.org/ + designed_by: + name: 2i2c + url: https://2i2c.org + operated_by: + name: 2i2c + url: https://2i2c.org + funded_by: + name: 2i2c + url: https://2i2c.org + hub: + config: + Authenticator: + admin_users: &jil_admin_users + - donaldbraman + - JILPulvino + # 2022-02-10 Sarah Gibson: I added in allowed_users here even though + # I know we will be decomissioning this hub soon, just so that it's + # no longer open to everyone with a GitHub account. Please revert + # if this was not the correct thing to do. + allowed_users: *jil_admin_users + - name: pfw + domain: pfw.pilot.2i2c.cloud + helm_chart: basehub + auth0: + # connection update? Also ensure the basehub Helm chart is provided a + # matching value for jupyterhub.custom.2i2c.add_staff_user_ids_of_type! + connection: github + config: + jupyterhub: + custom: + 2i2c: + add_staff_user_ids_to_admin_users: true + add_staff_user_ids_of_type: "github" + homepage: + templateVars: + org: + name: Purdue Fort Wayne + logo_url: https://upload.wikimedia.org/wikipedia/en/thumb/1/14/Purdue_Fort_Wayne_Mastodons_logo.svg/400px-Purdue_Fort_Wayne_Mastodons_logo.svg.png + url: https://www.pfw.edu/ + designed_by: + name: 2i2c + url: https://2i2c.org + operated_by: + name: 2i2c + url: https://2i2c.org + funded_by: + name: JROST & IOI + url: https://investinopen.org/blog/jrost-rapid-response-fund-awardees + hub: + config: + Authenticator: + allowed_users: &pfw_users + - colliand + - alessandromariaselvitella + - fosterk86 + admin_users: *pfw_users + - name: peddie + domain: peddie.pilot.2i2c.cloud + helm_chart: basehub + auth0: + # connection update? Also ensure the basehub Helm chart is provided a + # matching value for jupyterhub.custom.2i2c.add_staff_user_ids_of_type! + connection: google-oauth2 + config: + jupyterhub: + custom: + 2i2c: + add_staff_user_ids_to_admin_users: true + add_staff_user_ids_of_type: "google" + homepage: + templateVars: + org: + name: Peddie Academy + logo_url: https://resources.finalsite.net/images/f_auto,q_auto,t_image_size_1/v1564687841/peddie/l4yufwwdksquxu2yetv6/PeddieSealPMS289.png + url: http://peddie.org/ + designed_by: + name: 2i2c + url: https://2i2c.org + operated_by: + name: 2i2c + url: https://2i2c.org + funded_by: + name: JROST & IOI + url: https://investinopen.org/blog/jrost-rapid-response-fund-awardees + hub: + config: + Authenticator: + allowed_users: &peddie_users + - rbennett@peddie.org + - msawula@peddie.org + - ericvd@berkeley.edu + admin_users: *peddie_users + - name: catalyst-cooperative + domain: catalyst-cooperative.pilot.2i2c.cloud + helm_chart: daskhub + auth0: + # connection update? Also ensure the basehub Helm chart is provided a + # matching value for jupyterhub.custom.2i2c.add_staff_user_ids_of_type! + connection: google-oauth2 + config: + basehub: + jupyterhub: + singleuser: + image: + name: catalystcoop/pudl-jupyter + tag: 2021.11.11 + memory: + limit: 6G + guarantee: 4G + custom: + 2i2c: + add_staff_user_ids_to_admin_users: true + add_staff_user_ids_of_type: "google" + cloudResources: + provider: gcp + gcp: + projectId: two-eye-two-see + scratchBucket: + enabled: true + homepage: + templateVars: + org: + name: Catalyst Cooperative + logo_url: https://catalyst.coop/files/2018/06/SimpleSquareWalking.png + url: https://catalyst.coop/ + designed_by: + name: 2i2c + url: https://2i2c.org + operated_by: + name: 2i2c + url: https://2i2c.org + funded_by: + name: 2i2c + url: https://2i2c.org + hub: + config: + Authenticator: + allowed_users: &catalyst_users + - zane.selvans@catalyst.coop + - cgosnell@catalyst.coop + - colliand@gmail.com + admin_users: *catalyst_users + - name: earthlab + domain: earthlab.pilot.2i2c.cloud + helm_chart: basehub + auth0: + # connection update? Also ensure the basehub Helm chart is provided a + # matching value for jupyterhub.custom.2i2c.add_staff_user_ids_of_type! + connection: github + config: + jupyterhub: + custom: + 2i2c: + add_staff_user_ids_to_admin_users: true + add_staff_user_ids_of_type: "github" + homepage: + templateVars: + org: + name: EarthLab + logo_url: https://pbs.twimg.com/profile_images/1102342372438925312/64xKJFPk.png + url: https://www.colorado.edu/earthlab/ + designed_by: + name: 2i2c + url: https://2i2c.org + operated_by: + name: 2i2c + url: https://2i2c.org + funded_by: + name: JROST & IOI + url: https://investinopen.org/blog/jrost-rapid-response-fund-awardees + hub: + config: + Authenticator: + allowed_users: &earthlab_users + - lwasser + admin_users: *earthlab_users + - name: paleohack2021 + domain: paleohack2021.hackathon.2i2c.cloud + helm_chart: basehub + auth0: + # connection update? Also ensure the basehub Helm chart is provided a + # matching value for jupyterhub.custom.2i2c.add_staff_user_ids_of_type! + connection: github + config: + jupyterhub: + scheduling: + userPlaceholder: + # Not needed anymore, hackathon is over + replicas: 0 + userScheduler: + # Each user gets almost 1 anyway + enabled: true + custom: + 2i2c: + add_staff_user_ids_to_admin_users: true + add_staff_user_ids_of_type: "github" + homepage: + templateVars: + org: + name: "PaleoHack 2021" + logo_url: "https://raw.githubusercontent.com/LinkedEarth/Logos/master/pyleoclim_logo_full_white.png" + url: "https://linkedearth.github.io/paleoHackathon/" + designed_by: + name: 2i2c + url: https://2i2c.org + operated_by: + name: 2i2c + url: https://2i2c.org + funded_by: + name: "NSF Paleo Perspectives on Climate Change program" + url: "https://www.nsf.gov/funding/pgm_summ.jsp?pims_id=5750" + singleuser: + memory: + guarantee: 256M + limit: 4G + cpu: + guarantee: 0.1 + limit: 2 + image: + name: quay.io/2i2c/paleohack-2021 + tag: 7534858b1098 + hub: + config: + Authenticator: + allowed_users: &paleohack_users + - CommonClimate + - khider + - fzhu2e + - alexkjames + admin_users: *paleohack_users + - name: aup + domain: aup.pilot.2i2c.cloud + helm_chart: basehub + auth0: + # connection update? Also ensure the basehub Helm chart is provided a + # matching value for jupyterhub.custom.2i2c.add_staff_user_ids_of_type! + connection: github + config: + jupyterhub: + custom: + 2i2c: + add_staff_user_ids_to_admin_users: true + add_staff_user_ids_of_type: "github" + homepage: + templateVars: + org: + name: The American University of Paris + logo_url: https://www.aup.edu/sites/default/files/images/widget-assets/image/auplogo.jpeg + url: https://www.aup.edu/ + designed_by: + name: 2i2c + url: https://2i2c.org + operated_by: + name: 2i2c + url: https://2i2c.org + funded_by: + name: AUP + url: https://www.aup.edu/ + singleuser: + memory: + limit: 2G + guarantee: 2G + hub: + config: + Authenticator: + allowed_users: &aup_users + - swalker + - shaolintl + admin_users: *aup_users + - name: anu + domain: anu.pilot.2i2c.cloud + helm_chart: basehub + auth0: + connection: CILogon + config: + jupyterhub: + custom: + 2i2c: + add_staff_user_ids_to_admin_users: true + add_staff_user_ids_of_type: "google" + homepage: + templateVars: + org: + name: The Australian National University + logo_url: https://upload.wikimedia.org/wikipedia/en/thumb/4/4c/Australian_National_University_%28emblem%29.svg/320px-Australian_National_University_%28emblem%29.svg.png + url: https://www.anu.edu.au/ + designed_by: + name: 2i2c + url: https://2i2c.org + operated_by: + name: 2i2c + url: https://2i2c.org + funded_by: + name: ANU + url: https://www.anu.edu.au/ + singleuser: + memory: + limit: 2G + guarantee: 2G + cpu: + guarantee: 1 + limit: 2 + image: + name: quay.io/mmcky/anu-emet2007 + tag: b7937f446fe6 + hub: + config: + Authenticator: + admin_users: + - matthew.mckay@anu.edu.au + # We do not define allowed_users here since only usernames matching this regex will be allowed to login into the hub. + # Ref: https://jupyterhub.readthedocs.io/en/stable/api/auth.html#jupyterhub.auth.Authenticator.username_pattern + username_pattern: '^(.+@2i2c\.org|.+@anu\.edu\.au|deployment-service-check)$' + - name: utexas + domain: utexas.pilot.2i2c.cloud + helm_chart: basehub + auth0: + # connection update? Also ensure the basehub Helm chart is provided a + # matching value for jupyterhub.custom.2i2c.add_staff_user_ids_of_type! + connection: github + config: + jupyterhub: + custom: + 2i2c: + add_staff_user_ids_to_admin_users: true + add_staff_user_ids_of_type: "github" + homepage: + templateVars: + org: + name: University of Texas + logo_url: https://upload.wikimedia.org/wikipedia/en/thumb/e/e1/University_of_Texas_at_Austin_seal.svg/300px-University_of_Texas_at_Austin_seal.svg.png + url: https://www.utexas.edu/ + designed_by: + name: 2i2c + url: https://2i2c.org + operated_by: + name: 2i2c + url: https://2i2c.org + funded_by: + name: JROST & IOI + url: https://investinopen.org/blog/jrost-rapid-response-fund-awardees + hub: + extraConfig: + # Create persistent disks for each user in the hub to store postgresql data in + 100-create-postgres-pvc: | + from jupyterhub.utils import exponential_backoff + from kubespawner.objects import make_pvc + from functools import partial + + def make_extra_pvc(component, name_template, storage_class, storage_capacity, spawner): + """ + Create a PVC resource for storing database contents + """ + labels = spawner._build_common_labels({}) + labels.update({ + 'component': component + }) + annotations = spawner._build_common_annotations({}) + storage_selector = spawner._expand_all(spawner.storage_selector) + return make_pvc( + name=spawner._expand_all(name_template), + storage_class=storage_class, + access_modes=['ReadWriteOnce'], + selector={}, + storage=storage_capacity, + labels=labels, + annotations=annotations + ) + + # 1Gi seems the smallest PVC you can make - anything smaller than that is rounded up to 1Gi + make_db_pvc = partial(make_extra_pvc, 'postgres-storage', 'postgres-{username}', 'standard-rwo', '1Gi') + + async def ensure_db_pvc(spawner): + """" + Ensure a PVC is created for this user's database volume + """ + pvc = make_db_pvc(spawner) + # If there's a timeout, just let it propagate to the user + await exponential_backoff( + partial(spawner._make_create_pvc_request, pvc, spawner.k8s_api_request_timeout), + f'Could not create pvc {pvc.metadata.name}', + # Each req should be given k8s_api_request_timeout seconds. + timeout=spawner.k8s_api_request_retry_timeout + ) + c.Spawner.pre_spawn_hook = ensure_db_pvc + config: + Authenticator: + allowed_users: &utexas_demo_users + - jameshowison + admin_users: *utexas_demo_users + singleuser: + storage: + extraVolumes: + - name: postgres-db + persistentVolumeClaim: + claimName: "postgres-{username}" + extraVolumeMounts: + - name: postgres-db + mountPath: /var/lib/postgresql/data + # postgres recommends against mounting a volume directly here + # So we put data in a subpath + subPath: data + initContainers: + # /var/lib/postgresql should be writeable by uid 1000, so students + # can blow out their db directories if need to. Also lets postgres actually + # write to its data directory + - name: postgres-volume-mount-hack + image: busybox + command: + - sh + - -c + - "id && chown -R 1000:1000 /var/lib/postgresql && ls -lhd /var/lib/postgresql" + securityContext: + runAsUser: 0 + volumeMounts: + - name: postgres-db + mountPath: /var/lib/postgresql/data + # postgres recommends against mounting a volume directly here + # So we put data in a subpath + subPath: data + extraContainers: + - name: pgadmin4 + image: dpage/pgadmin4 + env: + # Users use this to login to pgadmin4 itself + # Access to that is secured with jupyter-server-proxy + - name: PGADMIN_DEFAULT_EMAIL + value: jovyan@jovyan.org + - name: PGADMIN_DEFAULT_PASSWORD + value: jovyan + # Don't allow outside users to even connect to pgadmin4 + - name: PGADMIN_LISTEN_ADDRESS + value: "127.0.0.1" + - name: PGADMIN_LISTEN_PORT + value: "5050" + # Tell pgadmin4 what base_url it's running under + - name: SCRIPT_NAME + # FIXME: This doesn't work with named servers, + # https://github.com/jupyterhub/kubespawner/pull/565 fixes this + value: "/user/{username}/proxy/absolute/5050" + - name: postgres + image: postgres:10 + resources: + limits: + # Best effort only. No more than 1 CPU + memory: 512Mi + cpu: 1.0 + requests: + # If we don't set requests, k8s sets requests == limits! + memory: 64Mi + cpu: 0.01 + env: + - name: POSTGRES_HOST_AUTH_METHOD + value: "trust" + - name: POSTGRES_USER + value: "jovyan" + securityContext: + runAsUser: 1000 + fsGroup: 1000 + volumeMounts: + - name: home + mountPath: /home/jovyan + subPath: "{username}" + - name: postgres-db + mountPath: /var/lib/postgresql/data + # postgres recommends against mounting a volume directly here + # So we put data in a subpath + subPath: data diff --git a/config/clusters/2i2c/dask-staging.values.yaml b/config/clusters/2i2c/dask-staging.values.yaml new file mode 100644 index 0000000000..4ecc41f012 --- /dev/null +++ b/config/clusters/2i2c/dask-staging.values.yaml @@ -0,0 +1,37 @@ +basehub: + jupyterhub: + custom: + cloudResources: + provider: gcp + gcp: + projectId: two-eye-two-see + scratchBucket: + enabled: true + 2i2c: + add_staff_user_ids_to_admin_users: true + add_staff_user_ids_of_type: "google" + homepage: + templateVars: + org: + name: 2i2c Dask Staging + url: https://2i2c.org + logo_url: https://2i2c.org/media/logo.png + designed_by: + name: 2i2c + url: https://2i2c.org + operated_by: + name: 2i2c + url: https://2i2c.org + funded_by: + name: 2i2c + url: https://2i2c.org + singleuser: + image: + name: pangeo/pangeo-notebook + tag: 2021.02.19 + hub: + config: + Authenticator: + allowed_users: &dask_staging_users + - colliand@gmail.com + admin_users: *dask_staging_users diff --git a/config/clusters/2i2c/demo.values.yaml b/config/clusters/2i2c/demo.values.yaml new file mode 100644 index 0000000000..1b33e0bfaa --- /dev/null +++ b/config/clusters/2i2c/demo.values.yaml @@ -0,0 +1,26 @@ +jupyterhub: + custom: + 2i2c: + add_staff_user_ids_to_admin_users: true + add_staff_user_ids_of_type: "google" + homepage: + templateVars: + org: + name: 2i2c Demo Hub + url: https://2i2c.org + logo_url: https://2i2c.org/media/logo.png + designed_by: + name: 2i2c + url: https://2i2c.org + operated_by: + name: 2i2c + url: https://2i2c.org + funded_by: + name: 2i2c + url: https://2i2c.org + hub: + config: + Authenticator: + # We do not define allowed_users here since only usernames matching this regex will be allowed to login into the hub. + # Ref: https://jupyterhub.readthedocs.io/en/stable/api/auth.html#jupyterhub.auth.Authenticator.username_pattern + username_pattern: '^(.+@2i2c\.org|deployment-service-check)$' diff --git a/config/clusters/2i2c/earthlab.values.yaml b/config/clusters/2i2c/earthlab.values.yaml new file mode 100644 index 0000000000..3c52faed85 --- /dev/null +++ b/config/clusters/2i2c/earthlab.values.yaml @@ -0,0 +1,26 @@ +jupyterhub: + custom: + 2i2c: + add_staff_user_ids_to_admin_users: true + add_staff_user_ids_of_type: "github" + homepage: + templateVars: + org: + name: EarthLab + logo_url: https://pbs.twimg.com/profile_images/1102342372438925312/64xKJFPk.png + url: https://www.colorado.edu/earthlab/ + designed_by: + name: 2i2c + url: https://2i2c.org + operated_by: + name: 2i2c + url: https://2i2c.org + funded_by: + name: JROST & IOI + url: https://investinopen.org/blog/jrost-rapid-response-fund-awardees + hub: + config: + Authenticator: + allowed_users: &earthlab_users + - lwasser + admin_users: *earthlab_users diff --git a/config/clusters/2i2c/justiceinnovationlab.values.yaml b/config/clusters/2i2c/justiceinnovationlab.values.yaml new file mode 100644 index 0000000000..7ce5e0bd79 --- /dev/null +++ b/config/clusters/2i2c/justiceinnovationlab.values.yaml @@ -0,0 +1,31 @@ +jupyterhub: + custom: + 2i2c: + add_staff_user_ids_to_admin_users: true + add_staff_user_ids_of_type: "github" + homepage: + templateVars: + org: + name: Justice Innovation Lab + logo_url: "https://images.squarespace-cdn.com/content/5ee35ddb35affc21b29c0fd6/1596634079158-KLDENW5BSW2HQW4ZO0EH/JIL-Logo-Digital.png?format=1500w&content-type=image%2Fpng" + url: https://www.justiceinnovationlab.org/ + designed_by: + name: 2i2c + url: https://2i2c.org + operated_by: + name: 2i2c + url: https://2i2c.org + funded_by: + name: 2i2c + url: https://2i2c.org + hub: + config: + Authenticator: + admin_users: &jil_admin_users + - donaldbraman + - JILPulvino + # 2022-02-10 Sarah Gibson: I added in allowed_users here even though + # I know we will be decomissioning this hub soon, just so that it's + # no longer open to everyone with a GitHub account. Please revert + # if this was not the correct thing to do. + allowed_users: *jil_admin_users diff --git a/config/clusters/2i2c/ohw.values.yaml b/config/clusters/2i2c/ohw.values.yaml new file mode 100644 index 0000000000..a14e7c8815 --- /dev/null +++ b/config/clusters/2i2c/ohw.values.yaml @@ -0,0 +1,67 @@ +basehub: + jupyterhub: + prePuller: + continuous: + enabled: true + singleuser: + networkPolicy: + # In clusters with NetworkPolicy enabled, do not + # allow outbound internet access that's not DNS, HTTP or HTTPS + # For OHW, we allow 8080 (for DAP) and 22 (for ssh) + # https://github.com/2i2c-org/pilot-hubs/issues/549#issuecomment-892276020 + enabled: true + egress: + - ports: + - port: 53 + protocol: UDP + - ports: + - port: 80 + protocol: TCP + - ports: + - port: 443 + protocol: TCP + - ports: + - port: 8080 + protocol: TCP + - ports: + - port: 22 + protocol: TCP + image: + name: ghcr.io/oceanhackweek/jupyer-image + tag: 9efd4fb + memory: + # Increase memory alloted during the workshop + # https://github.com/2i2c-org/pilot-hubs/issues/549#issuecomment-891264570 + guarantee: 7G + limit: 8G + custom: + cloudResources: + provider: gcp + gcp: + projectId: two-eye-two-see + scratchBucket: + enabled: true + 2i2c: + add_staff_user_ids_to_admin_users: true + add_staff_user_ids_of_type: "github" + homepage: + templateVars: + org: + name: Ocean Hack Week + logo_url: https://avatars.githubusercontent.com/u/33128979 + url: https://oceanhackweek.github.io/ + designed_by: + name: 2i2c + url: https://2i2c.org + operated_by: + name: 2i2c + url: https://2i2c.org + funded_by: + name: 2i2c + url: https://2i2c.org + hub: + config: + Authenticator: + allowed_users: &ohw_users + - ocefpaf + admin_users: *ohw_users diff --git a/config/clusters/2i2c/paleohack2021.values.yaml b/config/clusters/2i2c/paleohack2021.values.yaml new file mode 100644 index 0000000000..8c2ecf3a4b --- /dev/null +++ b/config/clusters/2i2c/paleohack2021.values.yaml @@ -0,0 +1,46 @@ +jupyterhub: + scheduling: + userPlaceholder: + # Not needed anymore, hackathon is over + replicas: 0 + userScheduler: + # Each user gets almost 1 anyway + enabled: true + custom: + 2i2c: + add_staff_user_ids_to_admin_users: true + add_staff_user_ids_of_type: "github" + homepage: + templateVars: + org: + name: "PaleoHack 2021" + logo_url: "https://raw.githubusercontent.com/LinkedEarth/Logos/master/pyleoclim_logo_full_white.png" + url: "https://linkedearth.github.io/paleoHackathon/" + designed_by: + name: 2i2c + url: https://2i2c.org + operated_by: + name: 2i2c + url: https://2i2c.org + funded_by: + name: "NSF Paleo Perspectives on Climate Change program" + url: "https://www.nsf.gov/funding/pgm_summ.jsp?pims_id=5750" + singleuser: + memory: + guarantee: 256M + limit: 4G + cpu: + guarantee: 0.1 + limit: 2 + image: + name: quay.io/2i2c/paleohack-2021 + tag: 7534858b1098 + hub: + config: + Authenticator: + allowed_users: &paleohack_users + - CommonClimate + - khider + - fzhu2e + - alexkjames + admin_users: *paleohack_users diff --git a/config/clusters/2i2c/peddie.values.yaml b/config/clusters/2i2c/peddie.values.yaml new file mode 100644 index 0000000000..9cc9975766 --- /dev/null +++ b/config/clusters/2i2c/peddie.values.yaml @@ -0,0 +1,28 @@ +jupyterhub: + custom: + 2i2c: + add_staff_user_ids_to_admin_users: true + add_staff_user_ids_of_type: "google" + homepage: + templateVars: + org: + name: Peddie Academy + logo_url: https://resources.finalsite.net/images/f_auto,q_auto,t_image_size_1/v1564687841/peddie/l4yufwwdksquxu2yetv6/PeddieSealPMS289.png + url: http://peddie.org/ + designed_by: + name: 2i2c + url: https://2i2c.org + operated_by: + name: 2i2c + url: https://2i2c.org + funded_by: + name: JROST & IOI + url: https://investinopen.org/blog/jrost-rapid-response-fund-awardees + hub: + config: + Authenticator: + allowed_users: &peddie_users + - rbennett@peddie.org + - msawula@peddie.org + - ericvd@berkeley.edu + admin_users: *peddie_users diff --git a/config/clusters/2i2c/pfw.values.yaml b/config/clusters/2i2c/pfw.values.yaml new file mode 100644 index 0000000000..3c3997bc62 --- /dev/null +++ b/config/clusters/2i2c/pfw.values.yaml @@ -0,0 +1,28 @@ +jupyterhub: + custom: + 2i2c: + add_staff_user_ids_to_admin_users: true + add_staff_user_ids_of_type: "github" + homepage: + templateVars: + org: + name: Purdue Fort Wayne + logo_url: https://upload.wikimedia.org/wikipedia/en/thumb/1/14/Purdue_Fort_Wayne_Mastodons_logo.svg/400px-Purdue_Fort_Wayne_Mastodons_logo.svg.png + url: https://www.pfw.edu/ + designed_by: + name: 2i2c + url: https://2i2c.org + operated_by: + name: 2i2c + url: https://2i2c.org + funded_by: + name: JROST & IOI + url: https://investinopen.org/blog/jrost-rapid-response-fund-awardees + hub: + config: + Authenticator: + allowed_users: &pfw_users + - colliand + - alessandromariaselvitella + - fosterk86 + admin_users: *pfw_users diff --git a/config/clusters/2i2c/staging.values.yaml b/config/clusters/2i2c/staging.values.yaml new file mode 100644 index 0000000000..7254f8b055 --- /dev/null +++ b/config/clusters/2i2c/staging.values.yaml @@ -0,0 +1,30 @@ +docs_service: + enabled: true + repo: https://github.com/jupyterhub/nbgitpuller + branch: gh-pages +jupyterhub: + custom: + 2i2c: + add_staff_user_ids_to_admin_users: true + add_staff_user_ids_of_type: "google" + homepage: + templateVars: + org: + name: 2i2c Staging + url: https://2i2c.org + logo_url: https://2i2c.org/media/logo.png + designed_by: + name: 2i2c + url: https://2i2c.org + operated_by: + name: 2i2c + url: https://2i2c.org + funded_by: + name: 2i2c + url: https://2i2c.org + hub: + config: + Authenticator: + allowed_users: &staging_users + - colliand@gmail.com + admin_users: *staging_users diff --git a/config/clusters/2i2c/utexas.values.yaml b/config/clusters/2i2c/utexas.values.yaml new file mode 100644 index 0000000000..684d68873e --- /dev/null +++ b/config/clusters/2i2c/utexas.values.yaml @@ -0,0 +1,147 @@ +jupyterhub: + custom: + 2i2c: + add_staff_user_ids_to_admin_users: true + add_staff_user_ids_of_type: "github" + homepage: + templateVars: + org: + name: University of Texas + logo_url: https://upload.wikimedia.org/wikipedia/en/thumb/e/e1/University_of_Texas_at_Austin_seal.svg/300px-University_of_Texas_at_Austin_seal.svg.png + url: https://www.utexas.edu/ + designed_by: + name: 2i2c + url: https://2i2c.org + operated_by: + name: 2i2c + url: https://2i2c.org + funded_by: + name: JROST & IOI + url: https://investinopen.org/blog/jrost-rapid-response-fund-awardees + hub: + extraConfig: + # Create persistent disks for each user in the hub to store postgresql data in + 100-create-postgres-pvc: | + from jupyterhub.utils import exponential_backoff + from kubespawner.objects import make_pvc + from functools import partial + + def make_extra_pvc(component, name_template, storage_class, storage_capacity, spawner): + """ + Create a PVC resource for storing database contents + """ + labels = spawner._build_common_labels({}) + labels.update({ + 'component': component + }) + annotations = spawner._build_common_annotations({}) + storage_selector = spawner._expand_all(spawner.storage_selector) + return make_pvc( + name=spawner._expand_all(name_template), + storage_class=storage_class, + access_modes=['ReadWriteOnce'], + selector={}, + storage=storage_capacity, + labels=labels, + annotations=annotations + ) + + # 1Gi seems the smallest PVC you can make - anything smaller than that is rounded up to 1Gi + make_db_pvc = partial(make_extra_pvc, 'postgres-storage', 'postgres-{username}', 'standard-rwo', '1Gi') + + async def ensure_db_pvc(spawner): + """" + Ensure a PVC is created for this user's database volume + """ + pvc = make_db_pvc(spawner) + # If there's a timeout, just let it propagate to the user + await exponential_backoff( + partial(spawner._make_create_pvc_request, pvc, spawner.k8s_api_request_timeout), + f'Could not create pvc {pvc.metadata.name}', + # Each req should be given k8s_api_request_timeout seconds. + timeout=spawner.k8s_api_request_retry_timeout + ) + c.Spawner.pre_spawn_hook = ensure_db_pvc + config: + Authenticator: + allowed_users: &utexas_demo_users + - jameshowison + admin_users: *utexas_demo_users + singleuser: + storage: + extraVolumes: + - name: postgres-db + persistentVolumeClaim: + claimName: "postgres-{username}" + extraVolumeMounts: + - name: postgres-db + mountPath: /var/lib/postgresql/data + # postgres recommends against mounting a volume directly here + # So we put data in a subpath + subPath: data + initContainers: + # /var/lib/postgresql should be writeable by uid 1000, so students + # can blow out their db directories if need to. Also lets postgres actually + # write to its data directory + - name: postgres-volume-mount-hack + image: busybox + command: + - sh + - -c + - "id && chown -R 1000:1000 /var/lib/postgresql && ls -lhd /var/lib/postgresql" + securityContext: + runAsUser: 0 + volumeMounts: + - name: postgres-db + mountPath: /var/lib/postgresql/data + # postgres recommends against mounting a volume directly here + # So we put data in a subpath + subPath: data + extraContainers: + - name: pgadmin4 + image: dpage/pgadmin4 + env: + # Users use this to login to pgadmin4 itself + # Access to that is secured with jupyter-server-proxy + - name: PGADMIN_DEFAULT_EMAIL + value: jovyan@jovyan.org + - name: PGADMIN_DEFAULT_PASSWORD + value: jovyan + # Don't allow outside users to even connect to pgadmin4 + - name: PGADMIN_LISTEN_ADDRESS + value: "127.0.0.1" + - name: PGADMIN_LISTEN_PORT + value: "5050" + # Tell pgadmin4 what base_url it's running under + - name: SCRIPT_NAME + # FIXME: This doesn't work with named servers, + # https://github.com/jupyterhub/kubespawner/pull/565 fixes this + value: "/user/{username}/proxy/absolute/5050" + - name: postgres + image: postgres:10 + resources: + limits: + # Best effort only. No more than 1 CPU + memory: 512Mi + cpu: 1.0 + requests: + # If we don't set requests, k8s sets requests == limits! + memory: 64Mi + cpu: 0.01 + env: + - name: POSTGRES_HOST_AUTH_METHOD + value: "trust" + - name: POSTGRES_USER + value: "jovyan" + securityContext: + runAsUser: 1000 + fsGroup: 1000 + volumeMounts: + - name: home + mountPath: /home/jovyan + subPath: "{username}" + - name: postgres-db + mountPath: /var/lib/postgresql/data + # postgres recommends against mounting a volume directly here + # So we put data in a subpath + subPath: data From ecf10c511241de16bd87b7479c9cbc5bd59ed01d Mon Sep 17 00:00:00 2001 From: Sarah Gibson Date: Fri, 11 Feb 2022 16:14:42 +0000 Subject: [PATCH 25/28] Correctly rename 2i2c cluster.yaml file --- config/clusters/2i2c/2i2c.cluster.yaml | 134 ------ config/clusters/2i2c/cluster.yaml | 616 ++----------------------- 2 files changed, 26 insertions(+), 724 deletions(-) delete mode 100644 config/clusters/2i2c/2i2c.cluster.yaml diff --git a/config/clusters/2i2c/2i2c.cluster.yaml b/config/clusters/2i2c/2i2c.cluster.yaml deleted file mode 100644 index f67f9cdf3e..0000000000 --- a/config/clusters/2i2c/2i2c.cluster.yaml +++ /dev/null @@ -1,134 +0,0 @@ -name: 2i2c -image_repo: "quay.io/2i2c/2i2c-hubs-image" -provider: gcp -gcp: - key: secrets/2i2c.json - project: two-eye-two-see - cluster: pilot-hubs-cluster - zone: us-central1-b -support: - config: - grafana: - ingress: - hosts: - - grafana.pilot.2i2c.cloud - tls: - - secretName: grafana-tls - hosts: - - grafana.pilot.2i2c.cloud -hubs: - - name: staging - domain: staging.pilot.2i2c.cloud - helm_chart: basehub - auth0: - # connection update? Also ensure the basehub Helm chart is provided a - # matching value for jupyterhub.custom.2i2c.add_staff_user_ids_of_type! - connection: google-oauth2 - helm_chart_values_files: - - staging.values.yaml - - name: dask-staging - domain: dask-staging.pilot.2i2c.cloud - helm_chart: daskhub - auth0: - # connection update? Also ensure the basehub Helm chart is provided a - # matching value for jupyterhub.custom.2i2c.add_staff_user_ids_of_type! - connection: google-oauth2 - helm_chart_values_files: - - dask-staging.values.yaml - - name: demo - domain: demo.pilot.2i2c.cloud - helm_chart: basehub - auth0: - # connection update? Also ensure the basehub Helm chart is provided a - # matching value for jupyterhub.custom.2i2c.add_staff_user_ids_of_type! - connection: CILogon - helm_chart_values_files: - - demo.values.yaml - - name: ohw - domain: ohw.pilot.2i2c.cloud - helm_chart: daskhub - auth0: - # connection update? Also ensure the basehub Helm chart is provided a - # matching value for jupyterhub.custom.2i2c.add_staff_user_ids_of_type! - connection: github - helm_chart_values_files: - - ohw.values.yaml - - name: justiceinnovationlab - domain: justiceinnovationlab.pilot.2i2c.cloud - helm_chart: basehub - auth0: - # connection update? Also ensure the basehub Helm chart is provided a - # matching value for jupyterhub.custom.2i2c.add_staff_user_ids_of_type! - connection: github - helm_chart_values_files: - - justiceinnovationlab.values.yaml - - name: pfw - domain: pfw.pilot.2i2c.cloud - helm_chart: basehub - auth0: - # connection update? Also ensure the basehub Helm chart is provided a - # matching value for jupyterhub.custom.2i2c.add_staff_user_ids_of_type! - connection: github - helm_chart_values_files: - - pfw.values.yaml - - name: peddie - domain: peddie.pilot.2i2c.cloud - helm_chart: basehub - auth0: - # connection update? Also ensure the basehub Helm chart is provided a - # matching value for jupyterhub.custom.2i2c.add_staff_user_ids_of_type! - connection: google-oauth2 - helm_chart_values_files: - - peddie.values.yaml - - name: catalyst-cooperative - domain: catalyst-cooperative.pilot.2i2c.cloud - helm_chart: daskhub - auth0: - # connection update? Also ensure the basehub Helm chart is provided a - # matching value for jupyterhub.custom.2i2c.add_staff_user_ids_of_type! - connection: google-oauth2 - helm_chart_values_files: - - catalyst-cooperative.values.yaml - - name: earthlab - domain: earthlab.pilot.2i2c.cloud - helm_chart: basehub - auth0: - # connection update? Also ensure the basehub Helm chart is provided a - # matching value for jupyterhub.custom.2i2c.add_staff_user_ids_of_type! - connection: github - helm_chart_values_files: - - earthlab.values.yaml - - name: paleohack2021 - domain: paleohack2021.hackathon.2i2c.cloud - helm_chart: basehub - auth0: - # connection update? Also ensure the basehub Helm chart is provided a - # matching value for jupyterhub.custom.2i2c.add_staff_user_ids_of_type! - connection: github - helm_chart_values_files: - - paleohack2021.values.yaml - - name: aup - domain: aup.pilot.2i2c.cloud - helm_chart: basehub - auth0: - # connection update? Also ensure the basehub Helm chart is provided a - # matching value for jupyterhub.custom.2i2c.add_staff_user_ids_of_type! - connection: github - helm_chart_values_files: - - aup.values.yaml - - name: anu - domain: anu.pilot.2i2c.cloud - helm_chart: basehub - auth0: - connection: CILogon - helm_chart_values_files: - - anu.values.yaml - - name: utexas - domain: utexas.pilot.2i2c.cloud - helm_chart: basehub - auth0: - # connection update? Also ensure the basehub Helm chart is provided a - # matching value for jupyterhub.custom.2i2c.add_staff_user_ids_of_type! - connection: github - helm_chart_values_files: - - utexas.values.yaml diff --git a/config/clusters/2i2c/cluster.yaml b/config/clusters/2i2c/cluster.yaml index 558b98e46f..f67f9cdf3e 100644 --- a/config/clusters/2i2c/cluster.yaml +++ b/config/clusters/2i2c/cluster.yaml @@ -24,37 +24,8 @@ hubs: # connection update? Also ensure the basehub Helm chart is provided a # matching value for jupyterhub.custom.2i2c.add_staff_user_ids_of_type! connection: google-oauth2 - config: - docs_service: - enabled: true - repo: https://github.com/jupyterhub/nbgitpuller - branch: gh-pages - jupyterhub: - custom: - 2i2c: - add_staff_user_ids_to_admin_users: true - add_staff_user_ids_of_type: "google" - homepage: - templateVars: - org: - name: 2i2c Staging - url: https://2i2c.org - logo_url: https://2i2c.org/media/logo.png - designed_by: - name: 2i2c - url: https://2i2c.org - operated_by: - name: 2i2c - url: https://2i2c.org - funded_by: - name: 2i2c - url: https://2i2c.org - hub: - config: - Authenticator: - allowed_users: &staging_users - - colliand@gmail.com - admin_users: *staging_users + helm_chart_values_files: + - staging.values.yaml - name: dask-staging domain: dask-staging.pilot.2i2c.cloud helm_chart: daskhub @@ -62,44 +33,8 @@ hubs: # connection update? Also ensure the basehub Helm chart is provided a # matching value for jupyterhub.custom.2i2c.add_staff_user_ids_of_type! connection: google-oauth2 - config: - basehub: - jupyterhub: - custom: - cloudResources: - provider: gcp - gcp: - projectId: two-eye-two-see - scratchBucket: - enabled: true - 2i2c: - add_staff_user_ids_to_admin_users: true - add_staff_user_ids_of_type: "google" - homepage: - templateVars: - org: - name: 2i2c Dask Staging - url: https://2i2c.org - logo_url: https://2i2c.org/media/logo.png - designed_by: - name: 2i2c - url: https://2i2c.org - operated_by: - name: 2i2c - url: https://2i2c.org - funded_by: - name: 2i2c - url: https://2i2c.org - singleuser: - image: - name: pangeo/pangeo-notebook - tag: 2021.02.19 - hub: - config: - Authenticator: - allowed_users: &dask_staging_users - - colliand@gmail.com - admin_users: *dask_staging_users + helm_chart_values_files: + - dask-staging.values.yaml - name: demo domain: demo.pilot.2i2c.cloud helm_chart: basehub @@ -107,33 +42,8 @@ hubs: # connection update? Also ensure the basehub Helm chart is provided a # matching value for jupyterhub.custom.2i2c.add_staff_user_ids_of_type! connection: CILogon - config: - jupyterhub: - custom: - 2i2c: - add_staff_user_ids_to_admin_users: true - add_staff_user_ids_of_type: "google" - homepage: - templateVars: - org: - name: 2i2c Demo Hub - url: https://2i2c.org - logo_url: https://2i2c.org/media/logo.png - designed_by: - name: 2i2c - url: https://2i2c.org - operated_by: - name: 2i2c - url: https://2i2c.org - funded_by: - name: 2i2c - url: https://2i2c.org - hub: - config: - Authenticator: - # We do not define allowed_users here since only usernames matching this regex will be allowed to login into the hub. - # Ref: https://jupyterhub.readthedocs.io/en/stable/api/auth.html#jupyterhub.auth.Authenticator.username_pattern - username_pattern: '^(.+@2i2c\.org|deployment-service-check)$' + helm_chart_values_files: + - demo.values.yaml - name: ohw domain: ohw.pilot.2i2c.cloud helm_chart: daskhub @@ -141,74 +51,8 @@ hubs: # connection update? Also ensure the basehub Helm chart is provided a # matching value for jupyterhub.custom.2i2c.add_staff_user_ids_of_type! connection: github - config: - basehub: - jupyterhub: - prePuller: - continuous: - enabled: true - singleuser: - networkPolicy: - # In clusters with NetworkPolicy enabled, do not - # allow outbound internet access that's not DNS, HTTP or HTTPS - # For OHW, we allow 8080 (for DAP) and 22 (for ssh) - # https://github.com/2i2c-org/pilot-hubs/issues/549#issuecomment-892276020 - enabled: true - egress: - - ports: - - port: 53 - protocol: UDP - - ports: - - port: 80 - protocol: TCP - - ports: - - port: 443 - protocol: TCP - - ports: - - port: 8080 - protocol: TCP - - ports: - - port: 22 - protocol: TCP - image: - name: ghcr.io/oceanhackweek/jupyer-image - tag: 9efd4fb - memory: - # Increase memory alloted during the workshop - # https://github.com/2i2c-org/pilot-hubs/issues/549#issuecomment-891264570 - guarantee: 7G - limit: 8G - custom: - cloudResources: - provider: gcp - gcp: - projectId: two-eye-two-see - scratchBucket: - enabled: true - 2i2c: - add_staff_user_ids_to_admin_users: true - add_staff_user_ids_of_type: "github" - homepage: - templateVars: - org: - name: Ocean Hack Week - logo_url: https://avatars.githubusercontent.com/u/33128979 - url: https://oceanhackweek.github.io/ - designed_by: - name: 2i2c - url: https://2i2c.org - operated_by: - name: 2i2c - url: https://2i2c.org - funded_by: - name: 2i2c - url: https://2i2c.org - hub: - config: - Authenticator: - allowed_users: &ohw_users - - ocefpaf - admin_users: *ohw_users + helm_chart_values_files: + - ohw.values.yaml - name: justiceinnovationlab domain: justiceinnovationlab.pilot.2i2c.cloud helm_chart: basehub @@ -216,38 +60,8 @@ hubs: # connection update? Also ensure the basehub Helm chart is provided a # matching value for jupyterhub.custom.2i2c.add_staff_user_ids_of_type! connection: github - config: - jupyterhub: - custom: - 2i2c: - add_staff_user_ids_to_admin_users: true - add_staff_user_ids_of_type: "github" - homepage: - templateVars: - org: - name: Justice Innovation Lab - logo_url: "https://images.squarespace-cdn.com/content/5ee35ddb35affc21b29c0fd6/1596634079158-KLDENW5BSW2HQW4ZO0EH/JIL-Logo-Digital.png?format=1500w&content-type=image%2Fpng" - url: https://www.justiceinnovationlab.org/ - designed_by: - name: 2i2c - url: https://2i2c.org - operated_by: - name: 2i2c - url: https://2i2c.org - funded_by: - name: 2i2c - url: https://2i2c.org - hub: - config: - Authenticator: - admin_users: &jil_admin_users - - donaldbraman - - JILPulvino - # 2022-02-10 Sarah Gibson: I added in allowed_users here even though - # I know we will be decomissioning this hub soon, just so that it's - # no longer open to everyone with a GitHub account. Please revert - # if this was not the correct thing to do. - allowed_users: *jil_admin_users + helm_chart_values_files: + - justiceinnovationlab.values.yaml - name: pfw domain: pfw.pilot.2i2c.cloud helm_chart: basehub @@ -255,35 +69,8 @@ hubs: # connection update? Also ensure the basehub Helm chart is provided a # matching value for jupyterhub.custom.2i2c.add_staff_user_ids_of_type! connection: github - config: - jupyterhub: - custom: - 2i2c: - add_staff_user_ids_to_admin_users: true - add_staff_user_ids_of_type: "github" - homepage: - templateVars: - org: - name: Purdue Fort Wayne - logo_url: https://upload.wikimedia.org/wikipedia/en/thumb/1/14/Purdue_Fort_Wayne_Mastodons_logo.svg/400px-Purdue_Fort_Wayne_Mastodons_logo.svg.png - url: https://www.pfw.edu/ - designed_by: - name: 2i2c - url: https://2i2c.org - operated_by: - name: 2i2c - url: https://2i2c.org - funded_by: - name: JROST & IOI - url: https://investinopen.org/blog/jrost-rapid-response-fund-awardees - hub: - config: - Authenticator: - allowed_users: &pfw_users - - colliand - - alessandromariaselvitella - - fosterk86 - admin_users: *pfw_users + helm_chart_values_files: + - pfw.values.yaml - name: peddie domain: peddie.pilot.2i2c.cloud helm_chart: basehub @@ -291,35 +78,8 @@ hubs: # connection update? Also ensure the basehub Helm chart is provided a # matching value for jupyterhub.custom.2i2c.add_staff_user_ids_of_type! connection: google-oauth2 - config: - jupyterhub: - custom: - 2i2c: - add_staff_user_ids_to_admin_users: true - add_staff_user_ids_of_type: "google" - homepage: - templateVars: - org: - name: Peddie Academy - logo_url: https://resources.finalsite.net/images/f_auto,q_auto,t_image_size_1/v1564687841/peddie/l4yufwwdksquxu2yetv6/PeddieSealPMS289.png - url: http://peddie.org/ - designed_by: - name: 2i2c - url: https://2i2c.org - operated_by: - name: 2i2c - url: https://2i2c.org - funded_by: - name: JROST & IOI - url: https://investinopen.org/blog/jrost-rapid-response-fund-awardees - hub: - config: - Authenticator: - allowed_users: &peddie_users - - rbennett@peddie.org - - msawula@peddie.org - - ericvd@berkeley.edu - admin_users: *peddie_users + helm_chart_values_files: + - peddie.values.yaml - name: catalyst-cooperative domain: catalyst-cooperative.pilot.2i2c.cloud helm_chart: daskhub @@ -327,49 +87,8 @@ hubs: # connection update? Also ensure the basehub Helm chart is provided a # matching value for jupyterhub.custom.2i2c.add_staff_user_ids_of_type! connection: google-oauth2 - config: - basehub: - jupyterhub: - singleuser: - image: - name: catalystcoop/pudl-jupyter - tag: 2021.11.11 - memory: - limit: 6G - guarantee: 4G - custom: - 2i2c: - add_staff_user_ids_to_admin_users: true - add_staff_user_ids_of_type: "google" - cloudResources: - provider: gcp - gcp: - projectId: two-eye-two-see - scratchBucket: - enabled: true - homepage: - templateVars: - org: - name: Catalyst Cooperative - logo_url: https://catalyst.coop/files/2018/06/SimpleSquareWalking.png - url: https://catalyst.coop/ - designed_by: - name: 2i2c - url: https://2i2c.org - operated_by: - name: 2i2c - url: https://2i2c.org - funded_by: - name: 2i2c - url: https://2i2c.org - hub: - config: - Authenticator: - allowed_users: &catalyst_users - - zane.selvans@catalyst.coop - - cgosnell@catalyst.coop - - colliand@gmail.com - admin_users: *catalyst_users + helm_chart_values_files: + - catalyst-cooperative.values.yaml - name: earthlab domain: earthlab.pilot.2i2c.cloud helm_chart: basehub @@ -377,33 +96,8 @@ hubs: # connection update? Also ensure the basehub Helm chart is provided a # matching value for jupyterhub.custom.2i2c.add_staff_user_ids_of_type! connection: github - config: - jupyterhub: - custom: - 2i2c: - add_staff_user_ids_to_admin_users: true - add_staff_user_ids_of_type: "github" - homepage: - templateVars: - org: - name: EarthLab - logo_url: https://pbs.twimg.com/profile_images/1102342372438925312/64xKJFPk.png - url: https://www.colorado.edu/earthlab/ - designed_by: - name: 2i2c - url: https://2i2c.org - operated_by: - name: 2i2c - url: https://2i2c.org - funded_by: - name: JROST & IOI - url: https://investinopen.org/blog/jrost-rapid-response-fund-awardees - hub: - config: - Authenticator: - allowed_users: &earthlab_users - - lwasser - admin_users: *earthlab_users + helm_chart_values_files: + - earthlab.values.yaml - name: paleohack2021 domain: paleohack2021.hackathon.2i2c.cloud helm_chart: basehub @@ -411,53 +105,8 @@ hubs: # connection update? Also ensure the basehub Helm chart is provided a # matching value for jupyterhub.custom.2i2c.add_staff_user_ids_of_type! connection: github - config: - jupyterhub: - scheduling: - userPlaceholder: - # Not needed anymore, hackathon is over - replicas: 0 - userScheduler: - # Each user gets almost 1 anyway - enabled: true - custom: - 2i2c: - add_staff_user_ids_to_admin_users: true - add_staff_user_ids_of_type: "github" - homepage: - templateVars: - org: - name: "PaleoHack 2021" - logo_url: "https://raw.githubusercontent.com/LinkedEarth/Logos/master/pyleoclim_logo_full_white.png" - url: "https://linkedearth.github.io/paleoHackathon/" - designed_by: - name: 2i2c - url: https://2i2c.org - operated_by: - name: 2i2c - url: https://2i2c.org - funded_by: - name: "NSF Paleo Perspectives on Climate Change program" - url: "https://www.nsf.gov/funding/pgm_summ.jsp?pims_id=5750" - singleuser: - memory: - guarantee: 256M - limit: 4G - cpu: - guarantee: 0.1 - limit: 2 - image: - name: quay.io/2i2c/paleohack-2021 - tag: 7534858b1098 - hub: - config: - Authenticator: - allowed_users: &paleohack_users - - CommonClimate - - khider - - fzhu2e - - alexkjames - admin_users: *paleohack_users + helm_chart_values_files: + - paleohack2021.values.yaml - name: aup domain: aup.pilot.2i2c.cloud helm_chart: basehub @@ -465,82 +114,15 @@ hubs: # connection update? Also ensure the basehub Helm chart is provided a # matching value for jupyterhub.custom.2i2c.add_staff_user_ids_of_type! connection: github - config: - jupyterhub: - custom: - 2i2c: - add_staff_user_ids_to_admin_users: true - add_staff_user_ids_of_type: "github" - homepage: - templateVars: - org: - name: The American University of Paris - logo_url: https://www.aup.edu/sites/default/files/images/widget-assets/image/auplogo.jpeg - url: https://www.aup.edu/ - designed_by: - name: 2i2c - url: https://2i2c.org - operated_by: - name: 2i2c - url: https://2i2c.org - funded_by: - name: AUP - url: https://www.aup.edu/ - singleuser: - memory: - limit: 2G - guarantee: 2G - hub: - config: - Authenticator: - allowed_users: &aup_users - - swalker - - shaolintl - admin_users: *aup_users + helm_chart_values_files: + - aup.values.yaml - name: anu domain: anu.pilot.2i2c.cloud helm_chart: basehub auth0: connection: CILogon - config: - jupyterhub: - custom: - 2i2c: - add_staff_user_ids_to_admin_users: true - add_staff_user_ids_of_type: "google" - homepage: - templateVars: - org: - name: The Australian National University - logo_url: https://upload.wikimedia.org/wikipedia/en/thumb/4/4c/Australian_National_University_%28emblem%29.svg/320px-Australian_National_University_%28emblem%29.svg.png - url: https://www.anu.edu.au/ - designed_by: - name: 2i2c - url: https://2i2c.org - operated_by: - name: 2i2c - url: https://2i2c.org - funded_by: - name: ANU - url: https://www.anu.edu.au/ - singleuser: - memory: - limit: 2G - guarantee: 2G - cpu: - guarantee: 1 - limit: 2 - image: - name: quay.io/mmcky/anu-emet2007 - tag: b7937f446fe6 - hub: - config: - Authenticator: - admin_users: - - matthew.mckay@anu.edu.au - # We do not define allowed_users here since only usernames matching this regex will be allowed to login into the hub. - # Ref: https://jupyterhub.readthedocs.io/en/stable/api/auth.html#jupyterhub.auth.Authenticator.username_pattern - username_pattern: '^(.+@2i2c\.org|.+@anu\.edu\.au|deployment-service-check)$' + helm_chart_values_files: + - anu.values.yaml - name: utexas domain: utexas.pilot.2i2c.cloud helm_chart: basehub @@ -548,151 +130,5 @@ hubs: # connection update? Also ensure the basehub Helm chart is provided a # matching value for jupyterhub.custom.2i2c.add_staff_user_ids_of_type! connection: github - config: - jupyterhub: - custom: - 2i2c: - add_staff_user_ids_to_admin_users: true - add_staff_user_ids_of_type: "github" - homepage: - templateVars: - org: - name: University of Texas - logo_url: https://upload.wikimedia.org/wikipedia/en/thumb/e/e1/University_of_Texas_at_Austin_seal.svg/300px-University_of_Texas_at_Austin_seal.svg.png - url: https://www.utexas.edu/ - designed_by: - name: 2i2c - url: https://2i2c.org - operated_by: - name: 2i2c - url: https://2i2c.org - funded_by: - name: JROST & IOI - url: https://investinopen.org/blog/jrost-rapid-response-fund-awardees - hub: - extraConfig: - # Create persistent disks for each user in the hub to store postgresql data in - 100-create-postgres-pvc: | - from jupyterhub.utils import exponential_backoff - from kubespawner.objects import make_pvc - from functools import partial - - def make_extra_pvc(component, name_template, storage_class, storage_capacity, spawner): - """ - Create a PVC resource for storing database contents - """ - labels = spawner._build_common_labels({}) - labels.update({ - 'component': component - }) - annotations = spawner._build_common_annotations({}) - storage_selector = spawner._expand_all(spawner.storage_selector) - return make_pvc( - name=spawner._expand_all(name_template), - storage_class=storage_class, - access_modes=['ReadWriteOnce'], - selector={}, - storage=storage_capacity, - labels=labels, - annotations=annotations - ) - - # 1Gi seems the smallest PVC you can make - anything smaller than that is rounded up to 1Gi - make_db_pvc = partial(make_extra_pvc, 'postgres-storage', 'postgres-{username}', 'standard-rwo', '1Gi') - - async def ensure_db_pvc(spawner): - """" - Ensure a PVC is created for this user's database volume - """ - pvc = make_db_pvc(spawner) - # If there's a timeout, just let it propagate to the user - await exponential_backoff( - partial(spawner._make_create_pvc_request, pvc, spawner.k8s_api_request_timeout), - f'Could not create pvc {pvc.metadata.name}', - # Each req should be given k8s_api_request_timeout seconds. - timeout=spawner.k8s_api_request_retry_timeout - ) - c.Spawner.pre_spawn_hook = ensure_db_pvc - config: - Authenticator: - allowed_users: &utexas_demo_users - - jameshowison - admin_users: *utexas_demo_users - singleuser: - storage: - extraVolumes: - - name: postgres-db - persistentVolumeClaim: - claimName: "postgres-{username}" - extraVolumeMounts: - - name: postgres-db - mountPath: /var/lib/postgresql/data - # postgres recommends against mounting a volume directly here - # So we put data in a subpath - subPath: data - initContainers: - # /var/lib/postgresql should be writeable by uid 1000, so students - # can blow out their db directories if need to. Also lets postgres actually - # write to its data directory - - name: postgres-volume-mount-hack - image: busybox - command: - - sh - - -c - - "id && chown -R 1000:1000 /var/lib/postgresql && ls -lhd /var/lib/postgresql" - securityContext: - runAsUser: 0 - volumeMounts: - - name: postgres-db - mountPath: /var/lib/postgresql/data - # postgres recommends against mounting a volume directly here - # So we put data in a subpath - subPath: data - extraContainers: - - name: pgadmin4 - image: dpage/pgadmin4 - env: - # Users use this to login to pgadmin4 itself - # Access to that is secured with jupyter-server-proxy - - name: PGADMIN_DEFAULT_EMAIL - value: jovyan@jovyan.org - - name: PGADMIN_DEFAULT_PASSWORD - value: jovyan - # Don't allow outside users to even connect to pgadmin4 - - name: PGADMIN_LISTEN_ADDRESS - value: "127.0.0.1" - - name: PGADMIN_LISTEN_PORT - value: "5050" - # Tell pgadmin4 what base_url it's running under - - name: SCRIPT_NAME - # FIXME: This doesn't work with named servers, - # https://github.com/jupyterhub/kubespawner/pull/565 fixes this - value: "/user/{username}/proxy/absolute/5050" - - name: postgres - image: postgres:10 - resources: - limits: - # Best effort only. No more than 1 CPU - memory: 512Mi - cpu: 1.0 - requests: - # If we don't set requests, k8s sets requests == limits! - memory: 64Mi - cpu: 0.01 - env: - - name: POSTGRES_HOST_AUTH_METHOD - value: "trust" - - name: POSTGRES_USER - value: "jovyan" - securityContext: - runAsUser: 1000 - fsGroup: 1000 - volumeMounts: - - name: home - mountPath: /home/jovyan - subPath: "{username}" - - name: postgres-db - mountPath: /var/lib/postgresql/data - # postgres recommends against mounting a volume directly here - # So we put data in a subpath - subPath: data + helm_chart_values_files: + - utexas.values.yaml From ee88e06ba7147b93981d56b2d65bbd5b2d94f36e Mon Sep 17 00:00:00 2001 From: Sarah Gibson Date: Fri, 11 Feb 2022 16:28:01 +0000 Subject: [PATCH 26/28] Restructure cloudbank cluster --- config/clusters/cloudbank/avc.values.yaml | 31 + config/clusters/cloudbank/ccsf.values.yaml | 30 + .../clusters/cloudbank/cloudbank.cluster.yaml | 575 ------------------ config/clusters/cloudbank/clovis.values.yaml | 28 + config/clusters/cloudbank/cluster.yaml | 149 +++++ config/clusters/cloudbank/csu.values.yaml | 43 ++ config/clusters/cloudbank/demo.values.yaml | 43 ++ .../clusters/cloudbank/elcamino.values.yaml | 33 + config/clusters/cloudbank/howard.values.yaml | 29 + config/clusters/cloudbank/lassen.values.yaml | 28 + config/clusters/cloudbank/mills.values.yaml | 31 + config/clusters/cloudbank/palomar.values.yaml | 29 + config/clusters/cloudbank/sbcc.values.yaml | 28 + config/clusters/cloudbank/sjcc.values.yaml | 29 + config/clusters/cloudbank/skyline.values.yaml | 29 + config/clusters/cloudbank/spelman.values.yaml | 29 + 16 files changed, 589 insertions(+), 575 deletions(-) create mode 100644 config/clusters/cloudbank/avc.values.yaml create mode 100644 config/clusters/cloudbank/ccsf.values.yaml delete mode 100644 config/clusters/cloudbank/cloudbank.cluster.yaml create mode 100644 config/clusters/cloudbank/clovis.values.yaml create mode 100644 config/clusters/cloudbank/cluster.yaml create mode 100644 config/clusters/cloudbank/csu.values.yaml create mode 100644 config/clusters/cloudbank/demo.values.yaml create mode 100644 config/clusters/cloudbank/elcamino.values.yaml create mode 100644 config/clusters/cloudbank/howard.values.yaml create mode 100644 config/clusters/cloudbank/lassen.values.yaml create mode 100644 config/clusters/cloudbank/mills.values.yaml create mode 100644 config/clusters/cloudbank/palomar.values.yaml create mode 100644 config/clusters/cloudbank/sbcc.values.yaml create mode 100644 config/clusters/cloudbank/sjcc.values.yaml create mode 100644 config/clusters/cloudbank/skyline.values.yaml create mode 100644 config/clusters/cloudbank/spelman.values.yaml diff --git a/config/clusters/cloudbank/avc.values.yaml b/config/clusters/cloudbank/avc.values.yaml new file mode 100644 index 0000000000..67a4871099 --- /dev/null +++ b/config/clusters/cloudbank/avc.values.yaml @@ -0,0 +1,31 @@ +jupyterhub: + custom: + 2i2c: + add_staff_user_ids_to_admin_users: true + add_staff_user_ids_of_type: "google" + homepage: + templateVars: + org: + name: Antelope Valley College + logo_url: https://www.avc.edu/themes/avc/logo.png + url: https://www.avc.edu/ + designed_by: + name: 2i2c + url: https://2i2c.org + operated_by: + name: CloudBank + url: http://cloudbank.org/ + funded_by: + name: CloudBank + url: http://cloudbank.org/ + hub: + config: + Authenticator: + allowed_users: &avc_users + - aculich@berkeley.edu + - sean.smorris@berkeley.edu + - rbiritwum@avc.edu + - jbrownlow@avc.edu + - wkitto1@avc.edu + - rbiritwum@gmail.com + admin_users: *avc_users diff --git a/config/clusters/cloudbank/ccsf.values.yaml b/config/clusters/cloudbank/ccsf.values.yaml new file mode 100644 index 0000000000..3d2fc51c3c --- /dev/null +++ b/config/clusters/cloudbank/ccsf.values.yaml @@ -0,0 +1,30 @@ +jupyterhub: + custom: + 2i2c: + add_staff_user_ids_to_admin_users: true + add_staff_user_ids_of_type: "google" + homepage: + templateVars: + org: + name: City College SF + logo_url: https://www.ccsf.edu/sites/default/files/inline-images/CCSF%20LOGO.png + url: https://www.ccsf.edu/ + designed_by: + name: 2i2c + url: https://2i2c.org + operated_by: + name: CloudBank + url: http://cloudbank.org/ + funded_by: + name: CloudBank + url: http://cloudbank.org/ + hub: + config: + Authenticator: + allowed_users: &ccsf_users + - ericvd@gmail.com + - sean.smorris@berkeley.edu + - shawn.wiggins@mail.ccsf.edu + - craig.persiko@mail.ccsf.edu + - efuchs@mail.ccsf.edu + admin_users: *ccsf_users diff --git a/config/clusters/cloudbank/cloudbank.cluster.yaml b/config/clusters/cloudbank/cloudbank.cluster.yaml deleted file mode 100644 index 0e13835d89..0000000000 --- a/config/clusters/cloudbank/cloudbank.cluster.yaml +++ /dev/null @@ -1,575 +0,0 @@ -name: cloudbank -image_repo: "quay.io/2i2c/2i2c-hubs-image" -provider: gcp -gcp: - key: secrets/cloudbank.json - project: cb-1003-1696 - cluster: cb-cluster - zone: us-central1-b -support: - config: - grafana: - ingress: - hosts: - - grafana.cloudbank.2i2c.cloud - tls: - - secretName: grafana-tls - hosts: - - grafana.cloudbank.2i2c.cloud -hubs: - - name: spelman - domain: spelman.cloudbank.2i2c.cloud - helm_chart: basehub - auth0: - # connection update? Also ensure the basehub Helm chart is provided a - # matching value for jupyterhub.custom.2i2c.add_staff_user_ids_of_type! - connection: google-oauth2 - config: - jupyterhub: - custom: - 2i2c: - add_staff_user_ids_to_admin_users: true - add_staff_user_ids_of_type: "google" - homepage: - templateVars: - org: - name: Spelman College - logo_url: https://www.spelman.edu/images/communications/splogotagblk.png - url: https://www.spelman.edu/ - designed_by: - name: 2i2c - url: https://2i2c.org - operated_by: - name: CloudBank - url: http://cloudbank.org/ - funded_by: - name: CloudBank - url: http://cloudbank.org/ - hub: - config: - Authenticator: - allowed_users: &spelman_users - - colliand@gmail.com - - ericvd@gmail.com - - sean.smorris@berkeley.edu - - jerry.volcy@gmail.com - admin_users: *spelman_users - - name: ccsf - domain: ccsf.cloudbank.2i2c.cloud - helm_chart: basehub - auth0: - # connection update? Also ensure the basehub Helm chart is provided a - # matching value for jupyterhub.custom.2i2c.add_staff_user_ids_of_type! - connection: google-oauth2 - config: - jupyterhub: - custom: - 2i2c: - add_staff_user_ids_to_admin_users: true - add_staff_user_ids_of_type: "google" - homepage: - templateVars: - org: - name: City College SF - logo_url: https://www.ccsf.edu/sites/default/files/inline-images/CCSF%20LOGO.png - url: https://www.ccsf.edu/ - designed_by: - name: 2i2c - url: https://2i2c.org - operated_by: - name: CloudBank - url: http://cloudbank.org/ - funded_by: - name: CloudBank - url: http://cloudbank.org/ - hub: - config: - Authenticator: - allowed_users: &ccsf_users - - ericvd@gmail.com - - sean.smorris@berkeley.edu - - shawn.wiggins@mail.ccsf.edu - - craig.persiko@mail.ccsf.edu - - efuchs@mail.ccsf.edu - admin_users: *ccsf_users - - name: elcamino - domain: elcamino.cloudbank.2i2c.cloud - helm_chart: basehub - auth0: - # connection update? Also ensure the basehub Helm chart is provided a - # matching value for jupyterhub.custom.2i2c.add_staff_user_ids_of_type! - connection: google-oauth2 - config: - jupyterhub: - custom: - 2i2c: - add_staff_user_ids_to_admin_users: true - add_staff_user_ids_of_type: "google" - homepage: - templateVars: - org: - name: El Camino College - logo_url: https://www.elcamino.edu/_resources/images/logo.png - url: https://www.elcamino.edu/ - designed_by: - name: 2i2c - url: https://2i2c.org - operated_by: - name: CloudBank - url: http://cloudbank.org/ - funded_by: - name: CloudBank - url: http://cloudbank.org/ - - singleuser: - memory: - limit: 2G - guarantee: 2G - hub: - config: - Authenticator: - allowed_users: &elcamino_users - - ericvd@gmail.com - - sean.smorris@berkeley.edu - - solomonrussell@gmail.com - admin_users: *elcamino_users - - name: howard - domain: howard.cloudbank.2i2c.cloud - helm_chart: basehub - auth0: - # connection update? Also ensure the basehub Helm chart is provided a - # matching value for jupyterhub.custom.2i2c.add_staff_user_ids_of_type! - connection: google-oauth2 - config: - jupyterhub: - custom: - 2i2c: - add_staff_user_ids_to_admin_users: true - add_staff_user_ids_of_type: "google" - homepage: - templateVars: - org: - name: Howard University - logo_url: https://upload.wikimedia.org/wikipedia/en/a/a3/Howard_University_seal.svg - url: https://home.howard.edu/ - designed_by: - name: 2i2c - url: https://2i2c.org - operated_by: - name: CloudBank - url: http://cloudbank.org/ - funded_by: - name: CloudBank - url: http://cloudbank.org/ - hub: - config: - Authenticator: - allowed_users: &howard_users - - ericvd@berkeley.edu - - gwashington@scs.howard.edu - - anthony.fgordon64@gmail.com - - mikayladorange@gmail.com - admin_users: *howard_users - - name: skyline - domain: skyline.cloudbank.2i2c.cloud - helm_chart: basehub - auth0: - # connection update? Also ensure the basehub Helm chart is provided a - # matching value for jupyterhub.custom.2i2c.add_staff_user_ids_of_type! - connection: google-oauth2 - config: - jupyterhub: - custom: - 2i2c: - add_staff_user_ids_to_admin_users: true - add_staff_user_ids_of_type: "google" - homepage: - templateVars: - org: - name: Skyline College - logo_url: http://skylinecollege.edu/mcpr/images/logos/png/skyline_logo_horiz_cmyk.png - url: https://www.skylinecollege.edu/ - designed_by: - name: 2i2c - url: https://2i2c.org - operated_by: - name: CloudBank - url: http://cloudbank.org/ - funded_by: - name: CloudBank - url: http://cloudbank.org/ - hub: - config: - Authenticator: - allowed_users: &skyline_users - - ericvd@gmail.com - - sean.smorris@berkeley.edu - - dhum1@my.smccd.edu - - kayvanm@gmail.com - admin_users: *skyline_users - - name: demo - domain: demo.cloudbank.2i2c.cloud - helm_chart: basehub - auth0: - # connection update? Also ensure the basehub Helm chart is provided a - # matching value for jupyterhub.custom.2i2c.add_staff_user_ids_of_type! - connection: password - password: - database_name: database-demo - config: - jupyterhub: - prePuller: - continuous: - enabled: true - hook: - enabled: true - singleuser: - memory: - guarantee: 512M - limit: 1G - custom: - 2i2c: - add_staff_user_ids_to_admin_users: true - add_staff_user_ids_of_type: "google" - homepage: - templateVars: - org: - name: 2i2c / CloudBank Hubs Demo - logo_url: https://www.cloudbank.org/sites/default/files/file_fields/logo.png - url: https://2i2c.org/pilot/ - designed_by: - name: 2i2c - url: https://2i2c.org - operated_by: - name: CloudBank - url: http://cloudbank.org/ - funded_by: - name: CloudBank - url: http://cloudbank.org/ - hub: - config: - Authenticator: - # Everyone should be able to sign up, so we don't set allowed_users - # These folks should still have admin tho - admin_users: - - ericvd@gmail.com - - sean.smorris@berkeley.edu - cull: - # Cull after 30min of inactivity - every: 300 - timeout: 1800 - # No pods over 12h long - maxAge: 43200 - - name: lassen - domain: lassen.cloudbank.2i2c.cloud - helm_chart: basehub - auth0: - # connection update? Also ensure the basehub Helm chart is provided a - # matching value for jupyterhub.custom.2i2c.add_staff_user_ids_of_type! - connection: google-oauth2 - config: - jupyterhub: - custom: - 2i2c: - add_staff_user_ids_to_admin_users: true - add_staff_user_ids_of_type: "google" - homepage: - templateVars: - org: - name: Lassen College - logo_url: https://www.lassencollege.edu/about/governance/graphic-standards/Documents/District-Logo-Standards/LCC-Athletic-Logo-on-blk.jpg - url: http://www.lassencollege.edu/ - designed_by: - name: 2i2c - url: https://2i2c.org - operated_by: - name: CloudBank - url: http://cloudbank.org/ - funded_by: - name: CloudBank - url: http://cloudbank.org/ - hub: - config: - Authenticator: - allowed_users: &lassen_users - - ericvd@gmail.com - - sean.smorris@berkeley.edu - - camacho@lassencollege.edu - admin_users: *lassen_users - - name: clovis - domain: clovis.cloudbank.2i2c.cloud - helm_chart: basehub - auth0: - # connection update? Also ensure the basehub Helm chart is provided a - # matching value for jupyterhub.custom.2i2c.add_staff_user_ids_of_type! - connection: google-oauth2 - config: - jupyterhub: - custom: - 2i2c: - add_staff_user_ids_to_admin_users: true - add_staff_user_ids_of_type: "google" - homepage: - templateVars: - org: - name: Clovis College - logo_url: https://www.scccd.edu/_files/images/clovis-logo-bubble-6.png - url: https://www.cloviscollege.edu/ - designed_by: - name: 2i2c - url: https://2i2c.org - operated_by: - name: CloudBank - url: http://cloudbank.org/ - funded_by: - name: CloudBank - url: http://cloudbank.org/ - hub: - config: - Authenticator: - allowed_users: &clovis_users - - ericvd@gmail.com - - sean.smorris@berkeley.edu - - william.kerney@cloviscollege.edu - admin_users: *clovis_users - - name: sbcc - domain: sbcc.cloudbank.2i2c.cloud - helm_chart: basehub - auth0: - # connection update? Also ensure the basehub Helm chart is provided a - # matching value for jupyterhub.custom.2i2c.add_staff_user_ids_of_type! - connection: google-oauth2 - config: - jupyterhub: - custom: - 2i2c: - add_staff_user_ids_to_admin_users: true - add_staff_user_ids_of_type: "google" - homepage: - templateVars: - org: - name: Santa Barbara City College - logo_url: https://upload.wikimedia.org/wikipedia/commons/thumb/a/a6/Santa_Barbara_City_College.svg/1200px-Santa_Barbara_City_College.svg.png - url: https://www.sbcc.edu/ - designed_by: - name: 2i2c - url: https://2i2c.org - operated_by: - name: CloudBank - url: http://cloudbank.org/ - funded_by: - name: CloudBank - url: http://cloudbank.org/ - hub: - config: - Authenticator: - allowed_users: &sbcc_users - - ericvd@gmail.com - - sean.smorris@berkeley.edu - - nfguebels@pipeline.sbcc.edu - admin_users: *sbcc_users - - name: mills - domain: datahub.mills.edu - helm_chart: basehub - auth0: - # connection update? Also ensure the basehub Helm chart is provided a - # matching value for jupyterhub.custom.2i2c.add_staff_user_ids_of_type! - connection: google-oauth2 - config: - jupyterhub: - custom: - 2i2c: - add_staff_user_ids_to_admin_users: true - add_staff_user_ids_of_type: "google" - homepage: - templateVars: - org: - name: Mills College - logo_url: https://upload.wikimedia.org/wikipedia/commons/4/40/Mills_College_wordmark.svg - url: https://www.mills.edu/ - designed_by: - name: 2i2c - url: https://2i2c.org - operated_by: - name: CloudBank - url: http://cloudbank.org/ - funded_by: - name: CloudBank - url: http://cloudbank.org/ - hub: - config: - Authenticator: - admin_users: &mills_admins - - aculich@berkeley.edu - - jpercy@berkeley.edu - - akonrad@mills.edu - - wang@mills.edu - # We do not define allowed_users here since only usernames matching this regex will be allowed to login into the hub. - # Ref: https://jupyterhub.readthedocs.io/en/stable/api/auth.html#jupyterhub.auth.Authenticator.username_pattern - username_pattern: '^(.+@mills\.edu|.+@2i2c\.org|aculich@berkeley\.edu|jpercy@berkeley\.edu|deployment-service-check)$' - - name: palomar - domain: palomar.cloudbank.2i2c.cloud - helm_chart: basehub - auth0: - # connection update? Also ensure the basehub Helm chart is provided a - # matching value for jupyterhub.custom.2i2c.add_staff_user_ids_of_type! - connection: google-oauth2 - config: - jupyterhub: - custom: - 2i2c: - add_staff_user_ids_to_admin_users: true - add_staff_user_ids_of_type: "google" - homepage: - templateVars: - org: - name: Palomar Community College - logo_url: https://www2.palomar.edu/pages/guidelines/files/2016/03/webGuide_screened_2-color_light.jpg - url: https://www2.palomar.edu/ - designed_by: - name: 2i2c - url: https://2i2c.org - operated_by: - name: CloudBank - url: http://cloudbank.org/ - funded_by: - name: CloudBank - url: http://cloudbank.org/ - hub: - config: - Authenticator: - allowed_users: &palomar_users - - aculich@berkeley.edu - - sean.smorris@berkeley.edu - - tcanon@palomar.edu - - PChen@palomar.edu - admin_users: *palomar_users - - name: sjcc - domain: sjcc.cloudbank.2i2c.cloud - helm_chart: basehub - auth0: - # connection update? Also ensure the basehub Helm chart is provided a - # matching value for jupyterhub.custom.2i2c.add_staff_user_ids_of_type! - connection: google-oauth2 - config: - jupyterhub: - custom: - 2i2c: - add_staff_user_ids_to_admin_users: true - add_staff_user_ids_of_type: "google" - homepage: - templateVars: - org: - name: San Jose Community College - logo_url: https://upload.wikimedia.org/wikipedia/commons/c/cf/SJCC_logo.png - url: https://www.sjcc.edu/ - designed_by: - name: 2i2c - url: https://2i2c.org - operated_by: - name: CloudBank - url: http://cloudbank.org/ - funded_by: - name: CloudBank - url: http://cloudbank.org/ - hub: - config: - Authenticator: - allowed_users: &sjcc_users - - aculich@berkeley.edu - - sean.smorris@berkeley.edu - - christiaan.desmond@sjcc.edu - - sanjay.dorairaj@sjcc.edu - admin_users: *sjcc_users - - name: avc - domain: avc.cloudbank.2i2c.cloud - helm_chart: basehub - auth0: - # connection update? Also ensure the basehub Helm chart is provided a - # matching value for jupyterhub.custom.2i2c.add_staff_user_ids_of_type! - connection: google-oauth2 - config: - jupyterhub: - custom: - 2i2c: - add_staff_user_ids_to_admin_users: true - add_staff_user_ids_of_type: "google" - homepage: - templateVars: - org: - name: Antelope Valley College - logo_url: https://www.avc.edu/themes/avc/logo.png - url: https://www.avc.edu/ - designed_by: - name: 2i2c - url: https://2i2c.org - operated_by: - name: CloudBank - url: http://cloudbank.org/ - funded_by: - name: CloudBank - url: http://cloudbank.org/ - hub: - config: - Authenticator: - allowed_users: &avc_users - - aculich@berkeley.edu - - sean.smorris@berkeley.edu - - rbiritwum@avc.edu - - jbrownlow@avc.edu - - wkitto1@avc.edu - - rbiritwum@gmail.com - admin_users: *avc_users - - name: csu - domain: csu.cloudbank.2i2c.cloud - helm_chart: basehub - auth0: - # connection update? Also ensure the basehub Helm chart is provided a - # matching value for jupyterhub.custom.2i2c.add_staff_user_ids_of_type! - connection: password - password: - database_name: database-csu - config: - jupyterhub: - prePuller: - continuous: - enabled: true - hook: - enabled: true - singleuser: - memory: - guarantee: 512M - limit: 1G - custom: - 2i2c: - add_staff_user_ids_to_admin_users: true - add_staff_user_ids_of_type: "google" - homepage: - templateVars: - org: - name: California State Universities demonstration hubs - logo_url: https://www.calstate.edu/_catalogs/masterpage/assets/images/logo.png - url: https://www.calstate.edu/ - designed_by: - name: 2i2c - url: https://2i2c.org - operated_by: - name: CloudBank - url: http://cloudbank.org/ - funded_by: - name: CloudBank - url: http://cloudbank.org/ - hub: - config: - Authenticator: - # Everyone should be able to sign up, so we don't set allowed_users - # These folks should still have admin though - admin_users: - - ericvd@gmail.com - - sean.smorris@berkeley.edu - cull: - # Cull after 30min of inactivity - every: 300 - timeout: 1800 - # No pods over 12h long - maxAge: 43200 diff --git a/config/clusters/cloudbank/clovis.values.yaml b/config/clusters/cloudbank/clovis.values.yaml new file mode 100644 index 0000000000..e98488357c --- /dev/null +++ b/config/clusters/cloudbank/clovis.values.yaml @@ -0,0 +1,28 @@ +jupyterhub: + custom: + 2i2c: + add_staff_user_ids_to_admin_users: true + add_staff_user_ids_of_type: "google" + homepage: + templateVars: + org: + name: Clovis College + logo_url: https://www.scccd.edu/_files/images/clovis-logo-bubble-6.png + url: https://www.cloviscollege.edu/ + designed_by: + name: 2i2c + url: https://2i2c.org + operated_by: + name: CloudBank + url: http://cloudbank.org/ + funded_by: + name: CloudBank + url: http://cloudbank.org/ + hub: + config: + Authenticator: + allowed_users: &clovis_users + - ericvd@gmail.com + - sean.smorris@berkeley.edu + - william.kerney@cloviscollege.edu + admin_users: *clovis_users diff --git a/config/clusters/cloudbank/cluster.yaml b/config/clusters/cloudbank/cluster.yaml new file mode 100644 index 0000000000..fbcbbd006a --- /dev/null +++ b/config/clusters/cloudbank/cluster.yaml @@ -0,0 +1,149 @@ +name: cloudbank +image_repo: "quay.io/2i2c/2i2c-hubs-image" +provider: gcp +gcp: + key: secrets/cloudbank.json + project: cb-1003-1696 + cluster: cb-cluster + zone: us-central1-b +support: + config: + grafana: + ingress: + hosts: + - grafana.cloudbank.2i2c.cloud + tls: + - secretName: grafana-tls + hosts: + - grafana.cloudbank.2i2c.cloud +hubs: + - name: spelman + domain: spelman.cloudbank.2i2c.cloud + helm_chart: basehub + auth0: + # connection update? Also ensure the basehub Helm chart is provided a + # matching value for jupyterhub.custom.2i2c.add_staff_user_ids_of_type! + connection: google-oauth2 + helm_chart_values_files: + - spelman.values.yaml + - name: ccsf + domain: ccsf.cloudbank.2i2c.cloud + helm_chart: basehub + auth0: + # connection update? Also ensure the basehub Helm chart is provided a + # matching value for jupyterhub.custom.2i2c.add_staff_user_ids_of_type! + connection: google-oauth2 + helm_chart_values_files: + - ccsf.values.yaml + - name: elcamino + domain: elcamino.cloudbank.2i2c.cloud + helm_chart: basehub + auth0: + # connection update? Also ensure the basehub Helm chart is provided a + # matching value for jupyterhub.custom.2i2c.add_staff_user_ids_of_type! + connection: google-oauth2 + helm_chart_values_files: + - elcamino.values.yaml + - name: howard + domain: howard.cloudbank.2i2c.cloud + helm_chart: basehub + auth0: + # connection update? Also ensure the basehub Helm chart is provided a + # matching value for jupyterhub.custom.2i2c.add_staff_user_ids_of_type! + connection: google-oauth2 + helm_chart_values_files: + - howard.values.yaml + - name: skyline + domain: skyline.cloudbank.2i2c.cloud + helm_chart: basehub + auth0: + # connection update? Also ensure the basehub Helm chart is provided a + # matching value for jupyterhub.custom.2i2c.add_staff_user_ids_of_type! + connection: google-oauth2 + helm_chart_values_files: + - skyline.values.yaml + - name: demo + domain: demo.cloudbank.2i2c.cloud + helm_chart: basehub + auth0: + # connection update? Also ensure the basehub Helm chart is provided a + # matching value for jupyterhub.custom.2i2c.add_staff_user_ids_of_type! + connection: password + password: + database_name: database-demo + helm_chart_values_files: + - demo.values.yaml + - name: lassen + domain: lassen.cloudbank.2i2c.cloud + helm_chart: basehub + auth0: + # connection update? Also ensure the basehub Helm chart is provided a + # matching value for jupyterhub.custom.2i2c.add_staff_user_ids_of_type! + connection: google-oauth2 + helm_chart_values_files: + - lassen.values.yaml + - name: clovis + domain: clovis.cloudbank.2i2c.cloud + helm_chart: basehub + auth0: + # connection update? Also ensure the basehub Helm chart is provided a + # matching value for jupyterhub.custom.2i2c.add_staff_user_ids_of_type! + connection: google-oauth2 + helm_chart_values_files: + - clovis.values.yaml + - name: sbcc + domain: sbcc.cloudbank.2i2c.cloud + helm_chart: basehub + auth0: + # connection update? Also ensure the basehub Helm chart is provided a + # matching value for jupyterhub.custom.2i2c.add_staff_user_ids_of_type! + connection: google-oauth2 + helm_chart_values_files: + - sbcc.values.yaml + - name: mills + domain: datahub.mills.edu + helm_chart: basehub + auth0: + # connection update? Also ensure the basehub Helm chart is provided a + # matching value for jupyterhub.custom.2i2c.add_staff_user_ids_of_type! + connection: google-oauth2 + helm_chart_values_files: + - mills.values.yaml + - name: palomar + domain: palomar.cloudbank.2i2c.cloud + helm_chart: basehub + auth0: + # connection update? Also ensure the basehub Helm chart is provided a + # matching value for jupyterhub.custom.2i2c.add_staff_user_ids_of_type! + connection: google-oauth2 + helm_chart_values_files: + - palomar.values.yaml + - name: sjcc + domain: sjcc.cloudbank.2i2c.cloud + helm_chart: basehub + auth0: + # connection update? Also ensure the basehub Helm chart is provided a + # matching value for jupyterhub.custom.2i2c.add_staff_user_ids_of_type! + connection: google-oauth2 + helm_chart_values_files: + - sjcc.values.yaml + - name: avc + domain: avc.cloudbank.2i2c.cloud + helm_chart: basehub + auth0: + # connection update? Also ensure the basehub Helm chart is provided a + # matching value for jupyterhub.custom.2i2c.add_staff_user_ids_of_type! + connection: google-oauth2 + helm_chart_values_files: + - avc.values.yaml + - name: csu + domain: csu.cloudbank.2i2c.cloud + helm_chart: basehub + auth0: + # connection update? Also ensure the basehub Helm chart is provided a + # matching value for jupyterhub.custom.2i2c.add_staff_user_ids_of_type! + connection: password + password: + database_name: database-csu + helm_chart_values_files: + - csu.values.yaml diff --git a/config/clusters/cloudbank/csu.values.yaml b/config/clusters/cloudbank/csu.values.yaml new file mode 100644 index 0000000000..275f189aa6 --- /dev/null +++ b/config/clusters/cloudbank/csu.values.yaml @@ -0,0 +1,43 @@ +jupyterhub: + prePuller: + continuous: + enabled: true + hook: + enabled: true + singleuser: + memory: + guarantee: 512M + limit: 1G + custom: + 2i2c: + add_staff_user_ids_to_admin_users: true + add_staff_user_ids_of_type: "google" + homepage: + templateVars: + org: + name: California State Universities demonstration hubs + logo_url: https://www.calstate.edu/_catalogs/masterpage/assets/images/logo.png + url: https://www.calstate.edu/ + designed_by: + name: 2i2c + url: https://2i2c.org + operated_by: + name: CloudBank + url: http://cloudbank.org/ + funded_by: + name: CloudBank + url: http://cloudbank.org/ + hub: + config: + Authenticator: + # Everyone should be able to sign up, so we don't set allowed_users + # These folks should still have admin though + admin_users: + - ericvd@gmail.com + - sean.smorris@berkeley.edu + cull: + # Cull after 30min of inactivity + every: 300 + timeout: 1800 + # No pods over 12h long + maxAge: 43200 diff --git a/config/clusters/cloudbank/demo.values.yaml b/config/clusters/cloudbank/demo.values.yaml new file mode 100644 index 0000000000..1e8ba6f414 --- /dev/null +++ b/config/clusters/cloudbank/demo.values.yaml @@ -0,0 +1,43 @@ +jupyterhub: + prePuller: + continuous: + enabled: true + hook: + enabled: true + singleuser: + memory: + guarantee: 512M + limit: 1G + custom: + 2i2c: + add_staff_user_ids_to_admin_users: true + add_staff_user_ids_of_type: "google" + homepage: + templateVars: + org: + name: 2i2c / CloudBank Hubs Demo + logo_url: https://www.cloudbank.org/sites/default/files/file_fields/logo.png + url: https://2i2c.org/pilot/ + designed_by: + name: 2i2c + url: https://2i2c.org + operated_by: + name: CloudBank + url: http://cloudbank.org/ + funded_by: + name: CloudBank + url: http://cloudbank.org/ + hub: + config: + Authenticator: + # Everyone should be able to sign up, so we don't set allowed_users + # These folks should still have admin tho + admin_users: + - ericvd@gmail.com + - sean.smorris@berkeley.edu + cull: + # Cull after 30min of inactivity + every: 300 + timeout: 1800 + # No pods over 12h long + maxAge: 43200 diff --git a/config/clusters/cloudbank/elcamino.values.yaml b/config/clusters/cloudbank/elcamino.values.yaml new file mode 100644 index 0000000000..306b4a9012 --- /dev/null +++ b/config/clusters/cloudbank/elcamino.values.yaml @@ -0,0 +1,33 @@ +jupyterhub: + custom: + 2i2c: + add_staff_user_ids_to_admin_users: true + add_staff_user_ids_of_type: "google" + homepage: + templateVars: + org: + name: El Camino College + logo_url: https://www.elcamino.edu/_resources/images/logo.png + url: https://www.elcamino.edu/ + designed_by: + name: 2i2c + url: https://2i2c.org + operated_by: + name: CloudBank + url: http://cloudbank.org/ + funded_by: + name: CloudBank + url: http://cloudbank.org/ + + singleuser: + memory: + limit: 2G + guarantee: 2G + hub: + config: + Authenticator: + allowed_users: &elcamino_users + - ericvd@gmail.com + - sean.smorris@berkeley.edu + - solomonrussell@gmail.com + admin_users: *elcamino_users diff --git a/config/clusters/cloudbank/howard.values.yaml b/config/clusters/cloudbank/howard.values.yaml new file mode 100644 index 0000000000..67e45d330c --- /dev/null +++ b/config/clusters/cloudbank/howard.values.yaml @@ -0,0 +1,29 @@ +jupyterhub: + custom: + 2i2c: + add_staff_user_ids_to_admin_users: true + add_staff_user_ids_of_type: "google" + homepage: + templateVars: + org: + name: Howard University + logo_url: https://upload.wikimedia.org/wikipedia/en/a/a3/Howard_University_seal.svg + url: https://home.howard.edu/ + designed_by: + name: 2i2c + url: https://2i2c.org + operated_by: + name: CloudBank + url: http://cloudbank.org/ + funded_by: + name: CloudBank + url: http://cloudbank.org/ + hub: + config: + Authenticator: + allowed_users: &howard_users + - ericvd@berkeley.edu + - gwashington@scs.howard.edu + - anthony.fgordon64@gmail.com + - mikayladorange@gmail.com + admin_users: *howard_users diff --git a/config/clusters/cloudbank/lassen.values.yaml b/config/clusters/cloudbank/lassen.values.yaml new file mode 100644 index 0000000000..381ea62200 --- /dev/null +++ b/config/clusters/cloudbank/lassen.values.yaml @@ -0,0 +1,28 @@ +jupyterhub: + custom: + 2i2c: + add_staff_user_ids_to_admin_users: true + add_staff_user_ids_of_type: "google" + homepage: + templateVars: + org: + name: Lassen College + logo_url: https://www.lassencollege.edu/about/governance/graphic-standards/Documents/District-Logo-Standards/LCC-Athletic-Logo-on-blk.jpg + url: http://www.lassencollege.edu/ + designed_by: + name: 2i2c + url: https://2i2c.org + operated_by: + name: CloudBank + url: http://cloudbank.org/ + funded_by: + name: CloudBank + url: http://cloudbank.org/ + hub: + config: + Authenticator: + allowed_users: &lassen_users + - ericvd@gmail.com + - sean.smorris@berkeley.edu + - camacho@lassencollege.edu + admin_users: *lassen_users diff --git a/config/clusters/cloudbank/mills.values.yaml b/config/clusters/cloudbank/mills.values.yaml new file mode 100644 index 0000000000..d06e500129 --- /dev/null +++ b/config/clusters/cloudbank/mills.values.yaml @@ -0,0 +1,31 @@ +jupyterhub: + custom: + 2i2c: + add_staff_user_ids_to_admin_users: true + add_staff_user_ids_of_type: "google" + homepage: + templateVars: + org: + name: Mills College + logo_url: https://upload.wikimedia.org/wikipedia/commons/4/40/Mills_College_wordmark.svg + url: https://www.mills.edu/ + designed_by: + name: 2i2c + url: https://2i2c.org + operated_by: + name: CloudBank + url: http://cloudbank.org/ + funded_by: + name: CloudBank + url: http://cloudbank.org/ + hub: + config: + Authenticator: + admin_users: &mills_admins + - aculich@berkeley.edu + - jpercy@berkeley.edu + - akonrad@mills.edu + - wang@mills.edu + # We do not define allowed_users here since only usernames matching this regex will be allowed to login into the hub. + # Ref: https://jupyterhub.readthedocs.io/en/stable/api/auth.html#jupyterhub.auth.Authenticator.username_pattern + username_pattern: '^(.+@mills\.edu|.+@2i2c\.org|aculich@berkeley\.edu|jpercy@berkeley\.edu|deployment-service-check)$' diff --git a/config/clusters/cloudbank/palomar.values.yaml b/config/clusters/cloudbank/palomar.values.yaml new file mode 100644 index 0000000000..d349ee1c0a --- /dev/null +++ b/config/clusters/cloudbank/palomar.values.yaml @@ -0,0 +1,29 @@ +jupyterhub: + custom: + 2i2c: + add_staff_user_ids_to_admin_users: true + add_staff_user_ids_of_type: "google" + homepage: + templateVars: + org: + name: Palomar Community College + logo_url: https://www2.palomar.edu/pages/guidelines/files/2016/03/webGuide_screened_2-color_light.jpg + url: https://www2.palomar.edu/ + designed_by: + name: 2i2c + url: https://2i2c.org + operated_by: + name: CloudBank + url: http://cloudbank.org/ + funded_by: + name: CloudBank + url: http://cloudbank.org/ + hub: + config: + Authenticator: + allowed_users: &palomar_users + - aculich@berkeley.edu + - sean.smorris@berkeley.edu + - tcanon@palomar.edu + - PChen@palomar.edu + admin_users: *palomar_users diff --git a/config/clusters/cloudbank/sbcc.values.yaml b/config/clusters/cloudbank/sbcc.values.yaml new file mode 100644 index 0000000000..2c6dfcc303 --- /dev/null +++ b/config/clusters/cloudbank/sbcc.values.yaml @@ -0,0 +1,28 @@ +jupyterhub: + custom: + 2i2c: + add_staff_user_ids_to_admin_users: true + add_staff_user_ids_of_type: "google" + homepage: + templateVars: + org: + name: Santa Barbara City College + logo_url: https://upload.wikimedia.org/wikipedia/commons/thumb/a/a6/Santa_Barbara_City_College.svg/1200px-Santa_Barbara_City_College.svg.png + url: https://www.sbcc.edu/ + designed_by: + name: 2i2c + url: https://2i2c.org + operated_by: + name: CloudBank + url: http://cloudbank.org/ + funded_by: + name: CloudBank + url: http://cloudbank.org/ + hub: + config: + Authenticator: + allowed_users: &sbcc_users + - ericvd@gmail.com + - sean.smorris@berkeley.edu + - nfguebels@pipeline.sbcc.edu + admin_users: *sbcc_users diff --git a/config/clusters/cloudbank/sjcc.values.yaml b/config/clusters/cloudbank/sjcc.values.yaml new file mode 100644 index 0000000000..d9a2292cb8 --- /dev/null +++ b/config/clusters/cloudbank/sjcc.values.yaml @@ -0,0 +1,29 @@ +jupyterhub: + custom: + 2i2c: + add_staff_user_ids_to_admin_users: true + add_staff_user_ids_of_type: "google" + homepage: + templateVars: + org: + name: San Jose Community College + logo_url: https://upload.wikimedia.org/wikipedia/commons/c/cf/SJCC_logo.png + url: https://www.sjcc.edu/ + designed_by: + name: 2i2c + url: https://2i2c.org + operated_by: + name: CloudBank + url: http://cloudbank.org/ + funded_by: + name: CloudBank + url: http://cloudbank.org/ + hub: + config: + Authenticator: + allowed_users: &sjcc_users + - aculich@berkeley.edu + - sean.smorris@berkeley.edu + - christiaan.desmond@sjcc.edu + - sanjay.dorairaj@sjcc.edu + admin_users: *sjcc_users diff --git a/config/clusters/cloudbank/skyline.values.yaml b/config/clusters/cloudbank/skyline.values.yaml new file mode 100644 index 0000000000..be4aa6390a --- /dev/null +++ b/config/clusters/cloudbank/skyline.values.yaml @@ -0,0 +1,29 @@ +jupyterhub: + custom: + 2i2c: + add_staff_user_ids_to_admin_users: true + add_staff_user_ids_of_type: "google" + homepage: + templateVars: + org: + name: Skyline College + logo_url: http://skylinecollege.edu/mcpr/images/logos/png/skyline_logo_horiz_cmyk.png + url: https://www.skylinecollege.edu/ + designed_by: + name: 2i2c + url: https://2i2c.org + operated_by: + name: CloudBank + url: http://cloudbank.org/ + funded_by: + name: CloudBank + url: http://cloudbank.org/ + hub: + config: + Authenticator: + allowed_users: &skyline_users + - ericvd@gmail.com + - sean.smorris@berkeley.edu + - dhum1@my.smccd.edu + - kayvanm@gmail.com + admin_users: *skyline_users diff --git a/config/clusters/cloudbank/spelman.values.yaml b/config/clusters/cloudbank/spelman.values.yaml new file mode 100644 index 0000000000..62b7ff6da4 --- /dev/null +++ b/config/clusters/cloudbank/spelman.values.yaml @@ -0,0 +1,29 @@ +jupyterhub: + custom: + 2i2c: + add_staff_user_ids_to_admin_users: true + add_staff_user_ids_of_type: "google" + homepage: + templateVars: + org: + name: Spelman College + logo_url: https://www.spelman.edu/images/communications/splogotagblk.png + url: https://www.spelman.edu/ + designed_by: + name: 2i2c + url: https://2i2c.org + operated_by: + name: CloudBank + url: http://cloudbank.org/ + funded_by: + name: CloudBank + url: http://cloudbank.org/ + hub: + config: + Authenticator: + allowed_users: &spelman_users + - colliand@gmail.com + - ericvd@gmail.com + - sean.smorris@berkeley.edu + - jerry.volcy@gmail.com + admin_users: *spelman_users From d633a61ab1cf640a61b791fa23ded53c66df904b Mon Sep 17 00:00:00 2001 From: Sarah Gibson Date: Fri, 11 Feb 2022 16:35:48 +0000 Subject: [PATCH 27/28] Add in-line comments noting the importance of values file ordering --- config/clusters/2i2c/cluster.yaml | 39 +++++++++++++++++ config/clusters/azure.carbonplan/cluster.yaml | 6 +++ config/clusters/carbonplan/cluster.yaml | 6 +++ config/clusters/cloudbank/cluster.yaml | 42 +++++++++++++++++++ config/clusters/farallon/cluster.yaml | 6 +++ .../justiceinnovationlab/cluster.yaml | 6 +++ config/clusters/meom-ige/cluster.yaml | 6 +++ config/clusters/openscapes/cluster.yaml | 6 +++ config/clusters/pangeo-hubs/cluster.yaml | 6 +++ config/clusters/utoronto/cluster.yaml | 6 +++ config/clusters/uwhackweeks/cluster.yaml | 6 +++ 11 files changed, 135 insertions(+) diff --git a/config/clusters/2i2c/cluster.yaml b/config/clusters/2i2c/cluster.yaml index f67f9cdf3e..44e0288363 100644 --- a/config/clusters/2i2c/cluster.yaml +++ b/config/clusters/2i2c/cluster.yaml @@ -25,6 +25,9 @@ hubs: # matching value for jupyterhub.custom.2i2c.add_staff_user_ids_of_type! connection: google-oauth2 helm_chart_values_files: + # The order in which you list files here is the order the will be passed + # to the helm upgrade command in, and that has meaning. Please check + # that you intend for these files to be applied in this order. - staging.values.yaml - name: dask-staging domain: dask-staging.pilot.2i2c.cloud @@ -34,6 +37,9 @@ hubs: # matching value for jupyterhub.custom.2i2c.add_staff_user_ids_of_type! connection: google-oauth2 helm_chart_values_files: + # The order in which you list files here is the order the will be passed + # to the helm upgrade command in, and that has meaning. Please check + # that you intend for these files to be applied in this order. - dask-staging.values.yaml - name: demo domain: demo.pilot.2i2c.cloud @@ -43,6 +49,9 @@ hubs: # matching value for jupyterhub.custom.2i2c.add_staff_user_ids_of_type! connection: CILogon helm_chart_values_files: + # The order in which you list files here is the order the will be passed + # to the helm upgrade command in, and that has meaning. Please check + # that you intend for these files to be applied in this order. - demo.values.yaml - name: ohw domain: ohw.pilot.2i2c.cloud @@ -52,6 +61,9 @@ hubs: # matching value for jupyterhub.custom.2i2c.add_staff_user_ids_of_type! connection: github helm_chart_values_files: + # The order in which you list files here is the order the will be passed + # to the helm upgrade command in, and that has meaning. Please check + # that you intend for these files to be applied in this order. - ohw.values.yaml - name: justiceinnovationlab domain: justiceinnovationlab.pilot.2i2c.cloud @@ -61,6 +73,9 @@ hubs: # matching value for jupyterhub.custom.2i2c.add_staff_user_ids_of_type! connection: github helm_chart_values_files: + # The order in which you list files here is the order the will be passed + # to the helm upgrade command in, and that has meaning. Please check + # that you intend for these files to be applied in this order. - justiceinnovationlab.values.yaml - name: pfw domain: pfw.pilot.2i2c.cloud @@ -70,6 +85,9 @@ hubs: # matching value for jupyterhub.custom.2i2c.add_staff_user_ids_of_type! connection: github helm_chart_values_files: + # The order in which you list files here is the order the will be passed + # to the helm upgrade command in, and that has meaning. Please check + # that you intend for these files to be applied in this order. - pfw.values.yaml - name: peddie domain: peddie.pilot.2i2c.cloud @@ -79,6 +97,9 @@ hubs: # matching value for jupyterhub.custom.2i2c.add_staff_user_ids_of_type! connection: google-oauth2 helm_chart_values_files: + # The order in which you list files here is the order the will be passed + # to the helm upgrade command in, and that has meaning. Please check + # that you intend for these files to be applied in this order. - peddie.values.yaml - name: catalyst-cooperative domain: catalyst-cooperative.pilot.2i2c.cloud @@ -88,6 +109,9 @@ hubs: # matching value for jupyterhub.custom.2i2c.add_staff_user_ids_of_type! connection: google-oauth2 helm_chart_values_files: + # The order in which you list files here is the order the will be passed + # to the helm upgrade command in, and that has meaning. Please check + # that you intend for these files to be applied in this order. - catalyst-cooperative.values.yaml - name: earthlab domain: earthlab.pilot.2i2c.cloud @@ -97,6 +121,9 @@ hubs: # matching value for jupyterhub.custom.2i2c.add_staff_user_ids_of_type! connection: github helm_chart_values_files: + # The order in which you list files here is the order the will be passed + # to the helm upgrade command in, and that has meaning. Please check + # that you intend for these files to be applied in this order. - earthlab.values.yaml - name: paleohack2021 domain: paleohack2021.hackathon.2i2c.cloud @@ -106,6 +133,9 @@ hubs: # matching value for jupyterhub.custom.2i2c.add_staff_user_ids_of_type! connection: github helm_chart_values_files: + # The order in which you list files here is the order the will be passed + # to the helm upgrade command in, and that has meaning. Please check + # that you intend for these files to be applied in this order. - paleohack2021.values.yaml - name: aup domain: aup.pilot.2i2c.cloud @@ -115,6 +145,9 @@ hubs: # matching value for jupyterhub.custom.2i2c.add_staff_user_ids_of_type! connection: github helm_chart_values_files: + # The order in which you list files here is the order the will be passed + # to the helm upgrade command in, and that has meaning. Please check + # that you intend for these files to be applied in this order. - aup.values.yaml - name: anu domain: anu.pilot.2i2c.cloud @@ -122,6 +155,9 @@ hubs: auth0: connection: CILogon helm_chart_values_files: + # The order in which you list files here is the order the will be passed + # to the helm upgrade command in, and that has meaning. Please check + # that you intend for these files to be applied in this order. - anu.values.yaml - name: utexas domain: utexas.pilot.2i2c.cloud @@ -131,4 +167,7 @@ hubs: # matching value for jupyterhub.custom.2i2c.add_staff_user_ids_of_type! connection: github helm_chart_values_files: + # The order in which you list files here is the order the will be passed + # to the helm upgrade command in, and that has meaning. Please check + # that you intend for these files to be applied in this order. - utexas.values.yaml diff --git a/config/clusters/azure.carbonplan/cluster.yaml b/config/clusters/azure.carbonplan/cluster.yaml index 99cb1eed61..0152bba516 100644 --- a/config/clusters/azure.carbonplan/cluster.yaml +++ b/config/clusters/azure.carbonplan/cluster.yaml @@ -33,6 +33,9 @@ hubs: # matching value for jupyterhub.custom.2i2c.add_staff_user_ids_of_type! connection: github helm_chart_values_files: + # The order in which you list files here is the order the will be passed + # to the helm upgrade command in, and that has meaning. Please check + # that you intend for these files to be applied in this order. - staging.values.yaml - name: prod domain: prod.azure.carbonplan.2i2c.cloud @@ -42,4 +45,7 @@ hubs: # matching value for jupyterhub.custom.2i2c.add_staff_user_ids_of_type! connection: github helm_chart_values_files: + # The order in which you list files here is the order the will be passed + # to the helm upgrade command in, and that has meaning. Please check + # that you intend for these files to be applied in this order. - staging.values.yaml diff --git a/config/clusters/carbonplan/cluster.yaml b/config/clusters/carbonplan/cluster.yaml index 0c06da5482..99fee22d88 100644 --- a/config/clusters/carbonplan/cluster.yaml +++ b/config/clusters/carbonplan/cluster.yaml @@ -38,6 +38,9 @@ hubs: # matching value for jupyterhub.custom.2i2c.add_staff_user_ids_of_type! connection: github helm_chart_values_files: + # The order in which you list files here is the order the will be passed + # to the helm upgrade command in, and that has meaning. Please check + # that you intend for these files to be applied in this order. - staging.values.yaml - name: prod domain: carbonplan.2i2c.cloud @@ -47,4 +50,7 @@ hubs: # matching value for jupyterhub.custom.2i2c.add_staff_user_ids_of_type! connection: github helm_chart_values_files: + # The order in which you list files here is the order the will be passed + # to the helm upgrade command in, and that has meaning. Please check + # that you intend for these files to be applied in this order. - staging.values.yaml diff --git a/config/clusters/cloudbank/cluster.yaml b/config/clusters/cloudbank/cluster.yaml index fbcbbd006a..e0b7cdfda8 100644 --- a/config/clusters/cloudbank/cluster.yaml +++ b/config/clusters/cloudbank/cluster.yaml @@ -25,6 +25,9 @@ hubs: # matching value for jupyterhub.custom.2i2c.add_staff_user_ids_of_type! connection: google-oauth2 helm_chart_values_files: + # The order in which you list files here is the order the will be passed + # to the helm upgrade command in, and that has meaning. Please check + # that you intend for these files to be applied in this order. - spelman.values.yaml - name: ccsf domain: ccsf.cloudbank.2i2c.cloud @@ -34,6 +37,9 @@ hubs: # matching value for jupyterhub.custom.2i2c.add_staff_user_ids_of_type! connection: google-oauth2 helm_chart_values_files: + # The order in which you list files here is the order the will be passed + # to the helm upgrade command in, and that has meaning. Please check + # that you intend for these files to be applied in this order. - ccsf.values.yaml - name: elcamino domain: elcamino.cloudbank.2i2c.cloud @@ -43,6 +49,9 @@ hubs: # matching value for jupyterhub.custom.2i2c.add_staff_user_ids_of_type! connection: google-oauth2 helm_chart_values_files: + # The order in which you list files here is the order the will be passed + # to the helm upgrade command in, and that has meaning. Please check + # that you intend for these files to be applied in this order. - elcamino.values.yaml - name: howard domain: howard.cloudbank.2i2c.cloud @@ -52,6 +61,9 @@ hubs: # matching value for jupyterhub.custom.2i2c.add_staff_user_ids_of_type! connection: google-oauth2 helm_chart_values_files: + # The order in which you list files here is the order the will be passed + # to the helm upgrade command in, and that has meaning. Please check + # that you intend for these files to be applied in this order. - howard.values.yaml - name: skyline domain: skyline.cloudbank.2i2c.cloud @@ -61,6 +73,9 @@ hubs: # matching value for jupyterhub.custom.2i2c.add_staff_user_ids_of_type! connection: google-oauth2 helm_chart_values_files: + # The order in which you list files here is the order the will be passed + # to the helm upgrade command in, and that has meaning. Please check + # that you intend for these files to be applied in this order. - skyline.values.yaml - name: demo domain: demo.cloudbank.2i2c.cloud @@ -72,6 +87,9 @@ hubs: password: database_name: database-demo helm_chart_values_files: + # The order in which you list files here is the order the will be passed + # to the helm upgrade command in, and that has meaning. Please check + # that you intend for these files to be applied in this order. - demo.values.yaml - name: lassen domain: lassen.cloudbank.2i2c.cloud @@ -81,6 +99,9 @@ hubs: # matching value for jupyterhub.custom.2i2c.add_staff_user_ids_of_type! connection: google-oauth2 helm_chart_values_files: + # The order in which you list files here is the order the will be passed + # to the helm upgrade command in, and that has meaning. Please check + # that you intend for these files to be applied in this order. - lassen.values.yaml - name: clovis domain: clovis.cloudbank.2i2c.cloud @@ -90,6 +111,9 @@ hubs: # matching value for jupyterhub.custom.2i2c.add_staff_user_ids_of_type! connection: google-oauth2 helm_chart_values_files: + # The order in which you list files here is the order the will be passed + # to the helm upgrade command in, and that has meaning. Please check + # that you intend for these files to be applied in this order. - clovis.values.yaml - name: sbcc domain: sbcc.cloudbank.2i2c.cloud @@ -99,6 +123,9 @@ hubs: # matching value for jupyterhub.custom.2i2c.add_staff_user_ids_of_type! connection: google-oauth2 helm_chart_values_files: + # The order in which you list files here is the order the will be passed + # to the helm upgrade command in, and that has meaning. Please check + # that you intend for these files to be applied in this order. - sbcc.values.yaml - name: mills domain: datahub.mills.edu @@ -108,6 +135,9 @@ hubs: # matching value for jupyterhub.custom.2i2c.add_staff_user_ids_of_type! connection: google-oauth2 helm_chart_values_files: + # The order in which you list files here is the order the will be passed + # to the helm upgrade command in, and that has meaning. Please check + # that you intend for these files to be applied in this order. - mills.values.yaml - name: palomar domain: palomar.cloudbank.2i2c.cloud @@ -117,6 +147,9 @@ hubs: # matching value for jupyterhub.custom.2i2c.add_staff_user_ids_of_type! connection: google-oauth2 helm_chart_values_files: + # The order in which you list files here is the order the will be passed + # to the helm upgrade command in, and that has meaning. Please check + # that you intend for these files to be applied in this order. - palomar.values.yaml - name: sjcc domain: sjcc.cloudbank.2i2c.cloud @@ -126,6 +159,9 @@ hubs: # matching value for jupyterhub.custom.2i2c.add_staff_user_ids_of_type! connection: google-oauth2 helm_chart_values_files: + # The order in which you list files here is the order the will be passed + # to the helm upgrade command in, and that has meaning. Please check + # that you intend for these files to be applied in this order. - sjcc.values.yaml - name: avc domain: avc.cloudbank.2i2c.cloud @@ -135,6 +171,9 @@ hubs: # matching value for jupyterhub.custom.2i2c.add_staff_user_ids_of_type! connection: google-oauth2 helm_chart_values_files: + # The order in which you list files here is the order the will be passed + # to the helm upgrade command in, and that has meaning. Please check + # that you intend for these files to be applied in this order. - avc.values.yaml - name: csu domain: csu.cloudbank.2i2c.cloud @@ -146,4 +185,7 @@ hubs: password: database_name: database-csu helm_chart_values_files: + # The order in which you list files here is the order the will be passed + # to the helm upgrade command in, and that has meaning. Please check + # that you intend for these files to be applied in this order. - csu.values.yaml diff --git a/config/clusters/farallon/cluster.yaml b/config/clusters/farallon/cluster.yaml index c5288d0c5c..3235ff102b 100644 --- a/config/clusters/farallon/cluster.yaml +++ b/config/clusters/farallon/cluster.yaml @@ -15,6 +15,9 @@ hubs: # matching value for jupyterhub.custom.2i2c.add_staff_user_ids_of_type! connection: github helm_chart_values_files: + # The order in which you list files here is the order the will be passed + # to the helm upgrade command in, and that has meaning. Please check + # that you intend for these files to be applied in this order. - staging.values.yaml - name: prod domain: farallon.2i2c.cloud @@ -24,4 +27,7 @@ hubs: # matching value for jupyterhub.custom.2i2c.add_staff_user_ids_of_type! connection: github helm_chart_values_files: + # The order in which you list files here is the order the will be passed + # to the helm upgrade command in, and that has meaning. Please check + # that you intend for these files to be applied in this order. - staging.values.yaml diff --git a/config/clusters/justiceinnovationlab/cluster.yaml b/config/clusters/justiceinnovationlab/cluster.yaml index 27311feb6b..449392e1a4 100644 --- a/config/clusters/justiceinnovationlab/cluster.yaml +++ b/config/clusters/justiceinnovationlab/cluster.yaml @@ -11,6 +11,9 @@ hubs: # matching value for jupyterhub.custom.2i2c.add_staff_user_ids_of_type! connection: github helm_chart_values_files: + # The order in which you list files here is the order the will be passed + # to the helm upgrade command in, and that has meaning. Please check + # that you intend for these files to be applied in this order. - staging.values.yaml - name: prod domain: justiceinnovationlab.2i2c.cloud @@ -20,4 +23,7 @@ hubs: # matching value for jupyterhub.custom.2i2c.add_staff_user_ids_of_type! connection: github helm_chart_values_files: + # The order in which you list files here is the order the will be passed + # to the helm upgrade command in, and that has meaning. Please check + # that you intend for these files to be applied in this order. - staging.values.yaml diff --git a/config/clusters/meom-ige/cluster.yaml b/config/clusters/meom-ige/cluster.yaml index 846d1a43ea..37f58664dc 100644 --- a/config/clusters/meom-ige/cluster.yaml +++ b/config/clusters/meom-ige/cluster.yaml @@ -14,6 +14,9 @@ hubs: # matching value for jupyterhub.custom.2i2c.add_staff_user_ids_of_type! connection: github helm_chart_values_files: + # The order in which you list files here is the order the will be passed + # to the helm upgrade command in, and that has meaning. Please check + # that you intend for these files to be applied in this order. - staging.values.yaml - name: prod domain: meom-ige.2i2c.cloud @@ -23,4 +26,7 @@ hubs: # matching value for jupyterhub.custom.2i2c.add_staff_user_ids_of_type! connection: github helm_chart_values_files: + # The order in which you list files here is the order the will be passed + # to the helm upgrade command in, and that has meaning. Please check + # that you intend for these files to be applied in this order. - staging.values.yaml diff --git a/config/clusters/openscapes/cluster.yaml b/config/clusters/openscapes/cluster.yaml index 764c297a2b..dfed037e6a 100644 --- a/config/clusters/openscapes/cluster.yaml +++ b/config/clusters/openscapes/cluster.yaml @@ -38,6 +38,9 @@ hubs: # matching value for jupyterhub.custom.2i2c.add_staff_user_ids_of_type! connection: github helm_chart_values_files: + # The order in which you list files here is the order the will be passed + # to the helm upgrade command in, and that has meaning. Please check + # that you intend for these files to be applied in this order. - staging.values.yaml - name: prod domain: openscapes.2i2c.cloud @@ -47,4 +50,7 @@ hubs: # matching value for jupyterhub.custom.2i2c.add_staff_user_ids_of_type! connection: github helm_chart_values_files: + # The order in which you list files here is the order the will be passed + # to the helm upgrade command in, and that has meaning. Please check + # that you intend for these files to be applied in this order. - staging.values.yaml diff --git a/config/clusters/pangeo-hubs/cluster.yaml b/config/clusters/pangeo-hubs/cluster.yaml index fbb13a752b..28a1e988cb 100644 --- a/config/clusters/pangeo-hubs/cluster.yaml +++ b/config/clusters/pangeo-hubs/cluster.yaml @@ -34,6 +34,9 @@ hubs: auth0: enabled: false helm_chart_values_files: + # The order in which you list files here is the order the will be passed + # to the helm upgrade command in, and that has meaning. Please check + # that you intend for these files to be applied in this order. - staging.values.yaml - name: prod domain: us-central1-b.gcp.pangeo.io @@ -41,5 +44,8 @@ hubs: auth0: enabled: false helm_chart_values_files: + # The order in which you list files here is the order the will be passed + # to the helm upgrade command in, and that has meaning. Please check + # that you intend for these files to be applied in this order. - staging.values.yaml - prod.values.yaml diff --git a/config/clusters/utoronto/cluster.yaml b/config/clusters/utoronto/cluster.yaml index 0aba5bc304..eb9cea7019 100644 --- a/config/clusters/utoronto/cluster.yaml +++ b/config/clusters/utoronto/cluster.yaml @@ -28,6 +28,9 @@ hubs: auth0: enabled: false helm_chart_values_files: + # The order in which you list files here is the order the will be passed + # to the helm upgrade command in, and that has meaning. Please check + # that you intend for these files to be applied in this order. - staging.values.yaml - name: prod domain: jupyter.utoronto.ca @@ -35,5 +38,8 @@ hubs: auth0: enabled: false helm_chart_values_files: + # The order in which you list files here is the order the will be passed + # to the helm upgrade command in, and that has meaning. Please check + # that you intend for these files to be applied in this order. - staging.values.yaml - prod.values.yaml diff --git a/config/clusters/uwhackweeks/cluster.yaml b/config/clusters/uwhackweeks/cluster.yaml index cc3f642c00..71ea2656b0 100644 --- a/config/clusters/uwhackweeks/cluster.yaml +++ b/config/clusters/uwhackweeks/cluster.yaml @@ -38,6 +38,9 @@ hubs: # matching value for jupyterhub.custom.2i2c.add_staff_user_ids_of_type! connection: github helm_chart_values_files: + # The order in which you list files here is the order the will be passed + # to the helm upgrade command in, and that has meaning. Please check + # that you intend for these files to be applied in this order. - staging.values.yaml - name: prod domain: uwhackweeks.2i2c.cloud @@ -47,5 +50,8 @@ hubs: # matching value for jupyterhub.custom.2i2c.add_staff_user_ids_of_type! connection: github helm_chart_values_files: + # The order in which you list files here is the order the will be passed + # to the helm upgrade command in, and that has meaning. Please check + # that you intend for these files to be applied in this order. - staging.values.yaml - prod.values.yaml From 2d6acfc627911ae4d71d7d0f1affdf9c85e574db Mon Sep 17 00:00:00 2001 From: Sarah Gibson Date: Fri, 11 Feb 2022 16:39:00 +0000 Subject: [PATCH 28/28] Update CI/CD to use new folder layout in logic --- .github/workflows/deploy-hubs.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/deploy-hubs.yaml b/.github/workflows/deploy-hubs.yaml index c4c6e2899d..9061840b3e 100644 --- a/.github/workflows/deploy-hubs.yaml +++ b/.github/workflows/deploy-hubs.yaml @@ -68,13 +68,13 @@ jobs: - ".github/workflows/deploy-hubs.yaml" - ".github/actions/deploy/*" - - name: Check which cluster.yaml file has changed (if any) + - name: Check which cluster directory has changes (if any) uses: dorny/paths-filter@v2 id: config_files with: filters: | hub_config: - - "config/clusters/${{ matrix.cluster_name }}.cluster.yaml" + - "config/clusters/${{ matrix.cluster_name }}/**" - name: Setup gcloud if: |