From 903f4df987ab5bc731afd9bc3dc54ea91a04cdf8 Mon Sep 17 00:00:00 2001 From: YuviPanda Date: Thu, 18 Jul 2024 00:08:53 -0700 Subject: [PATCH 1/2] Complete AWI-CIROH migration - Change URLs - Enable dask-gateway - Use original GitHub apps - Enable buckets Ref https://github.com/2i2c-org/infrastructure/issues/4238 --- .../clusters/awi-ciroh-2/common.values.yaml | 29 +++++++----- .../awi-ciroh-2/enc-prod.secret.values.yaml | 14 +++--- .../enc-staging.secret.values.yaml | 14 +++--- config/clusters/awi-ciroh-2/prod.values.yaml | 14 +++--- .../clusters/awi-ciroh-2/staging.values.yaml | 15 +++---- .../clusters/awi-ciroh-2/support.values.yaml | 8 ++-- terraform/gcp/projects/awi-ciroh-2.tfvars | 44 +++++++++---------- 7 files changed, 70 insertions(+), 68 deletions(-) diff --git a/config/clusters/awi-ciroh-2/common.values.yaml b/config/clusters/awi-ciroh-2/common.values.yaml index 1ec9c30d2..6d8c2d10f 100644 --- a/config/clusters/awi-ciroh-2/common.values.yaml +++ b/config/clusters/awi-ciroh-2/common.values.yaml @@ -10,6 +10,17 @@ basehub: serverIP: 10.207.3.186 # Name of Google Filestore share baseShareName: /homes/ + dask-gateway: + enabled: true + gateway: + backend: + scheduler: + cores: + request: 0.8 + limit: 1 + memory: + request: 1G + limit: 2G jupyterhub: custom: 2i2c: @@ -17,6 +28,8 @@ basehub: add_staff_user_ids_of_type: "github" jupyterhubConfigurator: enabled: false + daskhubSetup: + enabled: true homepage: templateVars: org: @@ -32,6 +45,10 @@ basehub: funded_by: name: National Oceanic and Atmospheric Administration url: https://www.noaa.gov/ + singleuser: + defaultUrl: /lab + cloudMetadata: + blockWithIptables: false hub: config: JupyterHub: @@ -49,14 +66,4 @@ basehub: - jameshalgren - arpita0911patel - sepehrkrz - - benlee0423 -dask-gateway: - gateway: - backend: - scheduler: - cores: - request: 0.8 - limit: 1 - memory: - request: 1G - limit: 2G + - benlee0423 \ No newline at end of file diff --git a/config/clusters/awi-ciroh-2/enc-prod.secret.values.yaml b/config/clusters/awi-ciroh-2/enc-prod.secret.values.yaml index 0c3c5ded5..a24da2f7d 100644 --- a/config/clusters/awi-ciroh-2/enc-prod.secret.values.yaml +++ b/config/clusters/awi-ciroh-2/enc-prod.secret.values.yaml @@ -3,19 +3,19 @@ basehub: hub: config: GitHubOAuthenticator: - client_id: ENC[AES256_GCM,data:Bo57JSBLbCwrwYfzphTXi2QL6Z0=,iv:7p7yRO/H0oifryZq4Ptfsm4yovhHNBEdZFB7zIuqTYQ=,tag:JHuhjsf+cglkyrIdSXm4AA==,type:str] - client_secret: ENC[AES256_GCM,data:9TV4Er9Lxm0wSdRN6qVKSwZk93DiajTgnkFU0x8fpsY0J4mzxpFCxw==,iv:/GILImJVVZN4uceFZij0WquSajx5/rEAWLTN43m1vlo=,tag:5U14AsoJCtmcSD6QeX+Mvg==,type:str] + client_id: ENC[AES256_GCM,data:+BppDfhpn4ADDiV2ADDiTVcUU+0=,iv:W9XanGVtU5hyYvx9NHpPvi1irkkEvaYruY/owX2fA/s=,tag:U3gJmxJw7oLp/ydBZmx4ew==,type:str] + client_secret: ENC[AES256_GCM,data:0IQGQFGq+cloPDfiQHwbePh6KARWOkXQMApUqKie7xAltGhnu6DVVg==,iv:oGCkSXKZZf0/pNmrbFOyvabOvh0XfRZ9m1ntzR70ylo=,tag:KwcqDz4m38yznDCcRUpcag==,type:str] sops: kms: [] gcp_kms: - resource_id: projects/two-eye-two-see/locations/global/keyRings/sops-keys/cryptoKeys/similar-hubs - created_at: "2024-06-20T14:46:47Z" - enc: CiUA4OM7eFbLSApNlpxezXLGpUrm8y1v7gcpeI/0GMirTTKMNoB5EkkAWX/fce7ax2oOaKnXpBiLIo3/03dIXRrakGJJpI88110VyJXgHruhoTpkZTJlLVtSduKoOtX9YEdm0pZc1C0DUUbUw5H+Hdmu + created_at: "2022-07-22T14:13:27Z" + enc: CiQA4OM7eBNZ8WN3D+dkOH0qM5DGpy0w5UdVE/lOx6m27KaNuAsSSQBq6cPrinz2sMn6rtS1M+5ZwmDucsuExqSJTGCEf5HPS47VKGp9HTBwEscrEInDrvzyJpzR6dtwIv/Gs0Mrbh06uiU/IquB4ns= azure_kv: [] hc_vault: [] age: [] - lastmodified: "2024-06-20T14:46:48Z" - mac: ENC[AES256_GCM,data:kHPp/sGAWO/oceMlzXOszd93zIGiELRKa5xPBNIHy0EiDRMoTKxpCIg38r3FXRJuChSKoAaGphfyRHmQ9pzUTEhYM95Hvcp0RrhyAeniaqx1RVJZoTwvurBOBCfM1+tp9CDpvQCkjAFUbO2/F86mudIL5OPQExFSMFlbfif8ujY=,iv:lYVvOCe0rAexNZErCKLxtNdWYoqIWFUYB0ooC/OSqss=,tag:X+TvFmdXhWVYM5CtYtsDyA==,type:str] + lastmodified: "2022-07-22T14:13:28Z" + mac: ENC[AES256_GCM,data:itsG1rsJfr5HckXhC/hlfWO25FuAgHOCbzQdIbNoF+ydRzNFCr97djNtUeLwY9lwS/vSUcRg9Z6flSLQ4PQ0eUefcoBNnqe2/dFHADTf49DO/IbqN4oACydPTs1HGO6oWUZjh+oDVqLBuHQTIKbGv5mA6MhMs6NXMPQJHNpXC/M=,iv:ljPT3yzv3w/YEUeSjKUsVLun4kG7sIvGRFs21xTH0oM=,tag:kgrvyIuNGesJOtaqo2IzZw==,type:str] pgp: [] unencrypted_suffix: _unencrypted - version: 3.8.1 + version: 3.7.3 diff --git a/config/clusters/awi-ciroh-2/enc-staging.secret.values.yaml b/config/clusters/awi-ciroh-2/enc-staging.secret.values.yaml index e3e5d14bc..67a8ea464 100644 --- a/config/clusters/awi-ciroh-2/enc-staging.secret.values.yaml +++ b/config/clusters/awi-ciroh-2/enc-staging.secret.values.yaml @@ -3,19 +3,19 @@ basehub: hub: config: GitHubOAuthenticator: - client_id: ENC[AES256_GCM,data:aTNfrbgqiQrXHcJ4ZnXplRCJ1VM=,iv:a/8+P7Q2Uk83WBIM3mDkUUFzEPgFzzyLwxnLbHfvkuI=,tag:idZO5qgrydhr4p3ABi+IAw==,type:str] - client_secret: ENC[AES256_GCM,data:/mykxrtnpJTx6cdh1sq+MtfyG85O7Ih1hikafiv+SKyglpgnWevN6Q==,iv:pfEok8hI5M3fuHmAMt8eXnvuGSwbYfUMq2FI4BamXkM=,tag:R4capAnQl/xt3KJHDY3ejg==,type:str] + client_id: ENC[AES256_GCM,data:ZWnG4XzOba5oks2OF2dyqNwKV1s=,iv:B7aPcMyIuT9DCjMMNCGvrB9OevJcO0Yp7AFOl8OOKOw=,tag:kTFEIiQpu7zlvssQOPXyMg==,type:str] + client_secret: ENC[AES256_GCM,data:/88D5GAymXPi97Zkux7DsqLEsWlER1U8cF9T0t4NQzEgbI35FK0eLw==,iv:RKNAOS6/EabjPzl42477z18iQt5r8bBskawzTaR9ziA=,tag:ls9svnZf3TP3DgmL3y0ujA==,type:str] sops: kms: [] gcp_kms: - resource_id: projects/two-eye-two-see/locations/global/keyRings/sops-keys/cryptoKeys/similar-hubs - created_at: "2024-06-20T14:44:59Z" - enc: CiUA4OM7eGCDvcRrk8iQlzhDmQa4tS2q9Ix/lXicCbuResIFMiOREkkAWX/fcc1TnSGheuMHQDp3RI34SH5a19RlZh6L5TqqXzmnMeROxm/ccVwtW9MsIn0RPbUCSYmJ4CiCZ22inHC91BYkeP5x47LA + created_at: "2022-07-22T13:54:59Z" + enc: CiQA4OM7eIdhmsUszpjRn7lyJDlxBG22ZPSiPDz/bRj0VrLwtu4SSQBq6cPrKZVyY/QNNpxYowYTiX6Rz4Df7y/BkhbZQ/WxYK9iceVHorr4CwmYrjPg4IlPbN2dQSIKZyE7ydSVBSGj0B1bRoipKDs= azure_kv: [] hc_vault: [] age: [] - lastmodified: "2024-06-20T14:45:00Z" - mac: ENC[AES256_GCM,data:Umw3lTWDbqvqwVe6QGUt8YcHB8PpQhz52SFWdcCt2oOB/G9cFgNUgDWOG2Wip+3cHTsdWSW2nGVlP+rdUxvWcc8eyNVxrpGr+Foi+FsLFdE9qRInFf1Aum5aq+1/0yb/qJgIWwwD4MyTcMs6eCmaZldlyAlbxdj/sBCxVTYmOE4=,iv:ztnJfkhuXkJGrEMZcbFQhmgX3h7Tv2cR0M8s09k0YSA=,tag:aGX7z2gAIIJ0stZ8CHTOaA==,type:str] + lastmodified: "2022-07-22T13:55:00Z" + mac: ENC[AES256_GCM,data:8nvA69PcsV43ikOdXUYp4Ah88b69zV/LXqoxuS2+t/D2If+0V4RoVL+gvRMr3w0BK+5K4tVC6umcWt4SK6KM6Vs7qDRzanf0gr1H/Bml+ORi2UPD+KC8W5b7wlweLQZVOO1bFGusFMb6yM+FlKYGMSQD7SnWTJrq5cK1RygPHZc=,iv:TM8vnGMXs1vLCTdXL2fxkOV+o8AbJmMOLwZhyMj62JQ=,tag:EWNyDZsRhgnCsSXCZEIxQA==,type:str] pgp: [] unencrypted_suffix: _unencrypted - version: 3.8.1 + version: 3.7.3 diff --git a/config/clusters/awi-ciroh-2/prod.values.yaml b/config/clusters/awi-ciroh-2/prod.values.yaml index 11379432c..57fbeeecc 100644 --- a/config/clusters/awi-ciroh-2/prod.values.yaml +++ b/config/clusters/awi-ciroh-2/prod.values.yaml @@ -4,9 +4,9 @@ basehub: iam.gke.io/gcp-service-account: awi-ciroh-prod@ciroh-jupyterhub-423218.iam.gserviceaccount.com jupyterhub: ingress: - hosts: [ciroh2.awi.2i2c.cloud] + hosts: [ciroh.awi.2i2c.cloud] tls: - - hosts: [ciroh2.awi.2i2c.cloud] + - hosts: [ciroh.awi.2i2c.cloud] secretName: https-auto-tls singleuser: profileList: @@ -146,11 +146,11 @@ basehub: extra_resource_limits: nvidia.com/gpu: "1" # FIXME: Uncomment when buckets have been deployed - # extraEnv: - # SCRATCH_BUCKET: gs://awi-ciroh-scratch/$(JUPYTERHUB_USER) - # PANGEO_SCRATCH: gs://awi-ciroh-scratch/$(JUPYTERHUB_USER) - # PERSISTENT_BUCKET: gs://awi-ciroh-persistent/$(JUPYTERHUB_USER) + extraEnv: + SCRATCH_BUCKET: gs://awi-ciroh-scratch/$(JUPYTERHUB_USER) + PANGEO_SCRATCH: gs://awi-ciroh-scratch/$(JUPYTERHUB_USER) + PERSISTENT_BUCKET: gs://awi-ciroh-persistent/$(JUPYTERHUB_USER) hub: config: GitHubOAuthenticator: - oauth_callback_url: "https://ciroh2.awi.2i2c.cloud/hub/oauth_callback" + oauth_callback_url: "https://ciroh.awi.2i2c.cloud/hub/oauth_callback" diff --git a/config/clusters/awi-ciroh-2/staging.values.yaml b/config/clusters/awi-ciroh-2/staging.values.yaml index 446bdeadb..f87a8d928 100644 --- a/config/clusters/awi-ciroh-2/staging.values.yaml +++ b/config/clusters/awi-ciroh-2/staging.values.yaml @@ -4,9 +4,9 @@ basehub: iam.gke.io/gcp-service-account: awi-ciroh-staging@ciroh-jupyterhub-423218.iam.gserviceaccount.com jupyterhub: ingress: - hosts: [staging.ciroh2.awi.2i2c.cloud] + hosts: [staging.ciroh.awi.2i2c.cloud] tls: - - hosts: [staging.ciroh2.awi.2i2c.cloud] + - hosts: [staging.ciroh.awi.2i2c.cloud] secretName: https-auto-tls singleuser: profileList: @@ -122,11 +122,10 @@ basehub: node.kubernetes.io/instance-type: n1-highmem-8 extra_resource_limits: nvidia.com/gpu: "1" - # FIXME: Uncomment once buckets have been deployed - # extraEnv: - # SCRATCH_BUCKET: gs://awi-ciroh-scratch-staging/$(JUPYTERHUB_USER) - # PANGEO_SCRATCH: gs://awi-ciroh-scratch-staging/$(JUPYTERHUB_USER) - # PERSISTENT_BUCKET: gs://awi-ciroh-persistent-staging/$(JUPYTERHUB_USER) + extraEnv: + SCRATCH_BUCKET: gs://awi-ciroh-scratch-staging/$(JUPYTERHUB_USER) + PANGEO_SCRATCH: gs://awi-ciroh-scratch-staging/$(JUPYTERHUB_USER) + PERSISTENT_BUCKET: gs://awi-ciroh-persistent-staging/$(JUPYTERHUB_USER) hub: config: KubeSpawner: @@ -134,4 +133,4 @@ basehub: # make it easier to test custom images image_pull_policy: Always GitHubOAuthenticator: - oauth_callback_url: "https://staging.ciroh2.awi.2i2c.cloud/hub/oauth_callback" + oauth_callback_url: "https://staging.ciroh.awi.2i2c.cloud/hub/oauth_callback" diff --git a/config/clusters/awi-ciroh-2/support.values.yaml b/config/clusters/awi-ciroh-2/support.values.yaml index a1d837317..be9a39c56 100644 --- a/config/clusters/awi-ciroh-2/support.values.yaml +++ b/config/clusters/awi-ciroh-2/support.values.yaml @@ -6,19 +6,19 @@ prometheusIngressAuthSecret: grafana: ingress: hosts: - - grafana.ciroh2.awi.2i2c.cloud + - grafana.ciroh.awi.2i2c.cloud tls: - secretName: grafana-tls hosts: - - grafana.ciroh2.awi.2i2c.cloud + - grafana.ciroh.awi.2i2c.cloud prometheus: server: ingress: enabled: true hosts: - - prometheus.ciroh2.awi.2i2c.cloud + - prometheus.ciroh.awi.2i2c.cloud tls: - secretName: prometheus-tls hosts: - - prometheus.ciroh2.awi.2i2c.cloud + - prometheus.ciroh.awi.2i2c.cloud diff --git a/terraform/gcp/projects/awi-ciroh-2.tfvars b/terraform/gcp/projects/awi-ciroh-2.tfvars index 5026c921b..3d826b6d4 100644 --- a/terraform/gcp/projects/awi-ciroh-2.tfvars +++ b/terraform/gcp/projects/awi-ciroh-2.tfvars @@ -21,26 +21,24 @@ k8s_versions = { dask_nodes_version : "1.29.4-gke.1043002", } -# FIXME: Enable these buckets once the access policy restriction has been lifted -# on the project -# user_buckets = { -# "scratch-staging" : { -# "delete_after" : 7, -# "uniform_bucket_level_access_only": true -# }, -# "scratch" : { -# "delete_after" : 7, -# "uniform_bucket_level_access_only": true -# }, -# "persistent-staging" : { -# "delete_after" : null, -# "uniform_bucket_level_access_only": true -# }, -# "persistent" : { -# "delete_after" : null, -# "uniform_bucket_level_access_only": true -# } -# } +user_buckets = { + "scratch-staging" : { + "delete_after" : 7, + "uniform_bucket_level_access_only": true + }, + "scratch" : { + "delete_after" : 7, + "uniform_bucket_level_access_only": true + }, + "persistent-staging" : { + "delete_after" : null, + "uniform_bucket_level_access_only": true + }, + "persistent" : { + "delete_after" : null, + "uniform_bucket_level_access_only": true + } +} # Setup notebook node pools notebook_nodes = { @@ -88,13 +86,11 @@ dask_nodes = { # once bucket access policy restriction has been lifted from the project hub_cloud_permissions = { "staging" : { - # allow_access_to_external_requester_pays_buckets : false, - bucket_admin_access : [], + bucket_admin_access : ["scratch-staging", "persistent-staging"], hub_namespace : "staging" }, "prod" : { - # allow_access_to_external_requester_pays_buckets : false, - bucket_admin_access : [], + bucket_admin_access : ["scratch", "persistent"], hub_namespace : "prod" } } From a163356736fbf024323422b511e08731aad348c6 Mon Sep 17 00:00:00 2001 From: "pre-commit-ci[bot]" <66853113+pre-commit-ci[bot]@users.noreply.github.com> Date: Thu, 18 Jul 2024 07:10:09 +0000 Subject: [PATCH 2/2] [pre-commit.ci] auto fixes from pre-commit.com hooks for more information, see https://pre-commit.ci --- config/clusters/awi-ciroh-2/common.values.yaml | 2 +- terraform/gcp/projects/awi-ciroh-2.tfvars | 8 ++++---- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/config/clusters/awi-ciroh-2/common.values.yaml b/config/clusters/awi-ciroh-2/common.values.yaml index 6d8c2d10f..ac7245184 100644 --- a/config/clusters/awi-ciroh-2/common.values.yaml +++ b/config/clusters/awi-ciroh-2/common.values.yaml @@ -66,4 +66,4 @@ basehub: - jameshalgren - arpita0911patel - sepehrkrz - - benlee0423 \ No newline at end of file + - benlee0423 diff --git a/terraform/gcp/projects/awi-ciroh-2.tfvars b/terraform/gcp/projects/awi-ciroh-2.tfvars index 3d826b6d4..6228220cd 100644 --- a/terraform/gcp/projects/awi-ciroh-2.tfvars +++ b/terraform/gcp/projects/awi-ciroh-2.tfvars @@ -24,19 +24,19 @@ k8s_versions = { user_buckets = { "scratch-staging" : { "delete_after" : 7, - "uniform_bucket_level_access_only": true + "uniform_bucket_level_access_only" : true }, "scratch" : { "delete_after" : 7, - "uniform_bucket_level_access_only": true + "uniform_bucket_level_access_only" : true }, "persistent-staging" : { "delete_after" : null, - "uniform_bucket_level_access_only": true + "uniform_bucket_level_access_only" : true }, "persistent" : { "delete_after" : null, - "uniform_bucket_level_access_only": true + "uniform_bucket_level_access_only" : true } }