Merge pull request #4443 from yuvipanda/awi-2

Complete AWI-CIROH migration
2i2c-org · Jul 18, 2024 · 3ed7c04 · 3ed7c04
2 parents edc4e2b + a163356
commit 3ed7c04
Show file tree

Hide file tree

Showing 7 changed files with 69 additions and 67 deletions.
diff --git a/config/clusters/awi-ciroh-2/common.values.yaml b/config/clusters/awi-ciroh-2/common.values.yaml
@@ -10,13 +10,26 @@ basehub:
       serverIP: 10.207.3.186
       # Name of Google Filestore share
       baseShareName: /homes/
+  dask-gateway:
+    enabled: true
+    gateway:
+      backend:
+        scheduler:
+          cores:
+            request: 0.8
+            limit: 1
+          memory:
+            request: 1G
+            limit: 2G
   jupyterhub:
     custom:
       2i2c:
         add_staff_user_ids_to_admin_users: true
         add_staff_user_ids_of_type: "github"
       jupyterhubConfigurator:
         enabled: false
+      daskhubSetup:
+        enabled: true
       homepage:
         templateVars:
           org:
@@ -32,6 +45,10 @@ basehub:
           funded_by:
             name: National Oceanic and Atmospheric Administration
             url: https://www.noaa.gov/
+    singleuser:
+      defaultUrl: /lab
+      cloudMetadata:
+        blockWithIptables: false
     hub:
       config:
         JupyterHub:
@@ -50,13 +67,3 @@ basehub:
             - arpita0911patel
             - sepehrkrz
             - benlee0423
-dask-gateway:
-  gateway:
-    backend:
-      scheduler:
-        cores:
-          request: 0.8
-          limit: 1
-        memory:
-          request: 1G
-          limit: 2G
diff --git a/config/clusters/awi-ciroh-2/enc-prod.secret.values.yaml b/config/clusters/awi-ciroh-2/enc-prod.secret.values.yaml
@@ -3,19 +3,19 @@ basehub:
         hub:
             config:
                 GitHubOAuthenticator:
-                    client_id: ENC[AES256_GCM,data:Bo57JSBLbCwrwYfzphTXi2QL6Z0=,iv:7p7yRO/H0oifryZq4Ptfsm4yovhHNBEdZFB7zIuqTYQ=,tag:JHuhjsf+cglkyrIdSXm4AA==,type:str]
-                    client_secret: ENC[AES256_GCM,data:9TV4Er9Lxm0wSdRN6qVKSwZk93DiajTgnkFU0x8fpsY0J4mzxpFCxw==,iv:/GILImJVVZN4uceFZij0WquSajx5/rEAWLTN43m1vlo=,tag:5U14AsoJCtmcSD6QeX+Mvg==,type:str]
+                    client_id: ENC[AES256_GCM,data:+BppDfhpn4ADDiV2ADDiTVcUU+0=,iv:W9XanGVtU5hyYvx9NHpPvi1irkkEvaYruY/owX2fA/s=,tag:U3gJmxJw7oLp/ydBZmx4ew==,type:str]
+                    client_secret: ENC[AES256_GCM,data:0IQGQFGq+cloPDfiQHwbePh6KARWOkXQMApUqKie7xAltGhnu6DVVg==,iv:oGCkSXKZZf0/pNmrbFOyvabOvh0XfRZ9m1ntzR70ylo=,tag:KwcqDz4m38yznDCcRUpcag==,type:str]
 sops:
     kms: []
     gcp_kms:
         - resource_id: projects/two-eye-two-see/locations/global/keyRings/sops-keys/cryptoKeys/similar-hubs
-          created_at: "2024-06-20T14:46:47Z"
-          enc: CiUA4OM7eFbLSApNlpxezXLGpUrm8y1v7gcpeI/0GMirTTKMNoB5EkkAWX/fce7ax2oOaKnXpBiLIo3/03dIXRrakGJJpI88110VyJXgHruhoTpkZTJlLVtSduKoOtX9YEdm0pZc1C0DUUbUw5H+Hdmu
+          created_at: "2022-07-22T14:13:27Z"
+          enc: CiQA4OM7eBNZ8WN3D+dkOH0qM5DGpy0w5UdVE/lOx6m27KaNuAsSSQBq6cPrinz2sMn6rtS1M+5ZwmDucsuExqSJTGCEf5HPS47VKGp9HTBwEscrEInDrvzyJpzR6dtwIv/Gs0Mrbh06uiU/IquB4ns=
     azure_kv: []
     hc_vault: []
     age: []
-    lastmodified: "2024-06-20T14:46:48Z"
-    mac: ENC[AES256_GCM,data:kHPp/sGAWO/oceMlzXOszd93zIGiELRKa5xPBNIHy0EiDRMoTKxpCIg38r3FXRJuChSKoAaGphfyRHmQ9pzUTEhYM95Hvcp0RrhyAeniaqx1RVJZoTwvurBOBCfM1+tp9CDpvQCkjAFUbO2/F86mudIL5OPQExFSMFlbfif8ujY=,iv:lYVvOCe0rAexNZErCKLxtNdWYoqIWFUYB0ooC/OSqss=,tag:X+TvFmdXhWVYM5CtYtsDyA==,type:str]
+    lastmodified: "2022-07-22T14:13:28Z"
+    mac: ENC[AES256_GCM,data:itsG1rsJfr5HckXhC/hlfWO25FuAgHOCbzQdIbNoF+ydRzNFCr97djNtUeLwY9lwS/vSUcRg9Z6flSLQ4PQ0eUefcoBNnqe2/dFHADTf49DO/IbqN4oACydPTs1HGO6oWUZjh+oDVqLBuHQTIKbGv5mA6MhMs6NXMPQJHNpXC/M=,iv:ljPT3yzv3w/YEUeSjKUsVLun4kG7sIvGRFs21xTH0oM=,tag:kgrvyIuNGesJOtaqo2IzZw==,type:str]
     pgp: []
     unencrypted_suffix: _unencrypted
-    version: 3.8.1
+    version: 3.7.3
diff --git a/config/clusters/awi-ciroh-2/enc-staging.secret.values.yaml b/config/clusters/awi-ciroh-2/enc-staging.secret.values.yaml
@@ -3,19 +3,19 @@ basehub:
         hub:
             config:
                 GitHubOAuthenticator:
-                    client_id: ENC[AES256_GCM,data:aTNfrbgqiQrXHcJ4ZnXplRCJ1VM=,iv:a/8+P7Q2Uk83WBIM3mDkUUFzEPgFzzyLwxnLbHfvkuI=,tag:idZO5qgrydhr4p3ABi+IAw==,type:str]
-                    client_secret: ENC[AES256_GCM,data:/mykxrtnpJTx6cdh1sq+MtfyG85O7Ih1hikafiv+SKyglpgnWevN6Q==,iv:pfEok8hI5M3fuHmAMt8eXnvuGSwbYfUMq2FI4BamXkM=,tag:R4capAnQl/xt3KJHDY3ejg==,type:str]
+                    client_id: ENC[AES256_GCM,data:ZWnG4XzOba5oks2OF2dyqNwKV1s=,iv:B7aPcMyIuT9DCjMMNCGvrB9OevJcO0Yp7AFOl8OOKOw=,tag:kTFEIiQpu7zlvssQOPXyMg==,type:str]
+                    client_secret: ENC[AES256_GCM,data:/88D5GAymXPi97Zkux7DsqLEsWlER1U8cF9T0t4NQzEgbI35FK0eLw==,iv:RKNAOS6/EabjPzl42477z18iQt5r8bBskawzTaR9ziA=,tag:ls9svnZf3TP3DgmL3y0ujA==,type:str]
 sops:
     kms: []
     gcp_kms:
         - resource_id: projects/two-eye-two-see/locations/global/keyRings/sops-keys/cryptoKeys/similar-hubs
-          created_at: "2024-06-20T14:44:59Z"
-          enc: CiUA4OM7eGCDvcRrk8iQlzhDmQa4tS2q9Ix/lXicCbuResIFMiOREkkAWX/fcc1TnSGheuMHQDp3RI34SH5a19RlZh6L5TqqXzmnMeROxm/ccVwtW9MsIn0RPbUCSYmJ4CiCZ22inHC91BYkeP5x47LA
+          created_at: "2022-07-22T13:54:59Z"
+          enc: CiQA4OM7eIdhmsUszpjRn7lyJDlxBG22ZPSiPDz/bRj0VrLwtu4SSQBq6cPrKZVyY/QNNpxYowYTiX6Rz4Df7y/BkhbZQ/WxYK9iceVHorr4CwmYrjPg4IlPbN2dQSIKZyE7ydSVBSGj0B1bRoipKDs=
     azure_kv: []
     hc_vault: []
     age: []
-    lastmodified: "2024-06-20T14:45:00Z"
-    mac: ENC[AES256_GCM,data:Umw3lTWDbqvqwVe6QGUt8YcHB8PpQhz52SFWdcCt2oOB/G9cFgNUgDWOG2Wip+3cHTsdWSW2nGVlP+rdUxvWcc8eyNVxrpGr+Foi+FsLFdE9qRInFf1Aum5aq+1/0yb/qJgIWwwD4MyTcMs6eCmaZldlyAlbxdj/sBCxVTYmOE4=,iv:ztnJfkhuXkJGrEMZcbFQhmgX3h7Tv2cR0M8s09k0YSA=,tag:aGX7z2gAIIJ0stZ8CHTOaA==,type:str]
+    lastmodified: "2022-07-22T13:55:00Z"
+    mac: ENC[AES256_GCM,data:8nvA69PcsV43ikOdXUYp4Ah88b69zV/LXqoxuS2+t/D2If+0V4RoVL+gvRMr3w0BK+5K4tVC6umcWt4SK6KM6Vs7qDRzanf0gr1H/Bml+ORi2UPD+KC8W5b7wlweLQZVOO1bFGusFMb6yM+FlKYGMSQD7SnWTJrq5cK1RygPHZc=,iv:TM8vnGMXs1vLCTdXL2fxkOV+o8AbJmMOLwZhyMj62JQ=,tag:EWNyDZsRhgnCsSXCZEIxQA==,type:str]
     pgp: []
     unencrypted_suffix: _unencrypted
-    version: 3.8.1
+    version: 3.7.3
diff --git a/config/clusters/awi-ciroh-2/prod.values.yaml b/config/clusters/awi-ciroh-2/prod.values.yaml
@@ -4,9 +4,9 @@ basehub:
       iam.gke.io/gcp-service-account: awi-ciroh-prod@ciroh-jupyterhub-423218.iam.gserviceaccount.com
   jupyterhub:
     ingress:
-      hosts: [ciroh2.awi.2i2c.cloud]
+      hosts: [ciroh.awi.2i2c.cloud]
       tls:
-        - hosts: [ciroh2.awi.2i2c.cloud]
+        - hosts: [ciroh.awi.2i2c.cloud]
           secretName: https-auto-tls
     singleuser:
       profileList:
@@ -146,11 +146,11 @@ basehub:
             extra_resource_limits:
               nvidia.com/gpu: "1"
       # FIXME: Uncomment when buckets have been deployed
-      # extraEnv:
-      #   SCRATCH_BUCKET: gs://awi-ciroh-scratch/$(JUPYTERHUB_USER)
-      #   PANGEO_SCRATCH: gs://awi-ciroh-scratch/$(JUPYTERHUB_USER)
-      #   PERSISTENT_BUCKET: gs://awi-ciroh-persistent/$(JUPYTERHUB_USER)
+      extraEnv:
+        SCRATCH_BUCKET: gs://awi-ciroh-scratch/$(JUPYTERHUB_USER)
+        PANGEO_SCRATCH: gs://awi-ciroh-scratch/$(JUPYTERHUB_USER)
+        PERSISTENT_BUCKET: gs://awi-ciroh-persistent/$(JUPYTERHUB_USER)
     hub:
       config:
         GitHubOAuthenticator:
-          oauth_callback_url: "https://ciroh2.awi.2i2c.cloud/hub/oauth_callback"
+          oauth_callback_url: "https://ciroh.awi.2i2c.cloud/hub/oauth_callback"
diff --git a/config/clusters/awi-ciroh-2/staging.values.yaml b/config/clusters/awi-ciroh-2/staging.values.yaml
@@ -4,9 +4,9 @@ basehub:
       iam.gke.io/gcp-service-account: awi-ciroh-staging@ciroh-jupyterhub-423218.iam.gserviceaccount.com
   jupyterhub:
     ingress:
-      hosts: [staging.ciroh2.awi.2i2c.cloud]
+      hosts: [staging.ciroh.awi.2i2c.cloud]
       tls:
-        - hosts: [staging.ciroh2.awi.2i2c.cloud]
+        - hosts: [staging.ciroh.awi.2i2c.cloud]
           secretName: https-auto-tls
     singleuser:
       profileList:
@@ -122,16 +122,15 @@ basehub:
               node.kubernetes.io/instance-type: n1-highmem-8
             extra_resource_limits:
               nvidia.com/gpu: "1"
-      # FIXME: Uncomment once buckets have been deployed
-      # extraEnv:
-      #   SCRATCH_BUCKET: gs://awi-ciroh-scratch-staging/$(JUPYTERHUB_USER)
-      #   PANGEO_SCRATCH: gs://awi-ciroh-scratch-staging/$(JUPYTERHUB_USER)
-      #   PERSISTENT_BUCKET: gs://awi-ciroh-persistent-staging/$(JUPYTERHUB_USER)
+      extraEnv:
+        SCRATCH_BUCKET: gs://awi-ciroh-scratch-staging/$(JUPYTERHUB_USER)
+        PANGEO_SCRATCH: gs://awi-ciroh-scratch-staging/$(JUPYTERHUB_USER)
+        PERSISTENT_BUCKET: gs://awi-ciroh-persistent-staging/$(JUPYTERHUB_USER)
     hub:
       config:
         KubeSpawner:
           # Requested as part of https://2i2c.freshdesk.com/a/tickets/1607, to
           # make it easier to test custom images
           image_pull_policy: Always
         GitHubOAuthenticator:
-          oauth_callback_url: "https://staging.ciroh2.awi.2i2c.cloud/hub/oauth_callback"
+          oauth_callback_url: "https://staging.ciroh.awi.2i2c.cloud/hub/oauth_callback"
diff --git a/config/clusters/awi-ciroh-2/support.values.yaml b/config/clusters/awi-ciroh-2/support.values.yaml
@@ -6,19 +6,19 @@ prometheusIngressAuthSecret:
 grafana:
   ingress:
     hosts:
-      - grafana.ciroh2.awi.2i2c.cloud
+      - grafana.ciroh.awi.2i2c.cloud
     tls:
       - secretName: grafana-tls
         hosts:
-          - grafana.ciroh2.awi.2i2c.cloud
+          - grafana.ciroh.awi.2i2c.cloud
 
 prometheus:
   server:
     ingress:
       enabled: true
       hosts:
-        - prometheus.ciroh2.awi.2i2c.cloud
+        - prometheus.ciroh.awi.2i2c.cloud
       tls:
         - secretName: prometheus-tls
           hosts:
-            - prometheus.ciroh2.awi.2i2c.cloud
+            - prometheus.ciroh.awi.2i2c.cloud
diff --git a/terraform/gcp/projects/awi-ciroh-2.tfvars b/terraform/gcp/projects/awi-ciroh-2.tfvars
@@ -21,26 +21,24 @@ k8s_versions = {
   dask_nodes_version : "1.29.4-gke.1043002",
 }
 
-# FIXME: Enable these buckets once the access policy restriction has been lifted
-#        on the project
-# user_buckets = {
-#   "scratch-staging" : {
-#     "delete_after" : 7,
-#     "uniform_bucket_level_access_only": true
-#   },
-#   "scratch" : {
-#     "delete_after" : 7,
-#     "uniform_bucket_level_access_only": true
-#   },
-#   "persistent-staging" : {
-#     "delete_after" : null,
-#     "uniform_bucket_level_access_only": true
-#   },
-#   "persistent" : {
-#     "delete_after" : null,
-#     "uniform_bucket_level_access_only": true
-#   }
-# }
+user_buckets = {
+  "scratch-staging" : {
+    "delete_after" : 7,
+    "uniform_bucket_level_access_only" : true
+  },
+  "scratch" : {
+    "delete_after" : 7,
+    "uniform_bucket_level_access_only" : true
+  },
+  "persistent-staging" : {
+    "delete_after" : null,
+    "uniform_bucket_level_access_only" : true
+  },
+  "persistent" : {
+    "delete_after" : null,
+    "uniform_bucket_level_access_only" : true
+  }
+}
 
 # Setup notebook node pools
 notebook_nodes = {
@@ -88,13 +86,11 @@ dask_nodes = {
 #        once bucket access policy restriction has been lifted from the project
 hub_cloud_permissions = {
   "staging" : {
-    # allow_access_to_external_requester_pays_buckets : false,
-    bucket_admin_access : [],
+    bucket_admin_access : ["scratch-staging", "persistent-staging"],
     hub_namespace : "staging"
   },
   "prod" : {
-    # allow_access_to_external_requester_pays_buckets : false,
-    bucket_admin_access : [],
+    bucket_admin_access : ["scratch", "persistent"],
     hub_namespace : "prod"
   }
 }