diff --git a/config/hubs/pangeo-hubs.cluster.yaml b/config/hubs/pangeo-hubs.cluster.yaml index 090a1d5ae3..16d17185d9 100644 --- a/config/hubs/pangeo-hubs.cluster.yaml +++ b/config/hubs/pangeo-hubs.cluster.yaml @@ -24,14 +24,12 @@ support: controller: admissionWebhooks: enabled: false - nfs-server-provisioner: - enabled: false hubs: - name: staging domain: staging.pangeo.2i2c.cloud template: daskhub auth0: - connection: github + enabled: false config: &stagingConfig basehub: nfs: @@ -67,13 +65,21 @@ hubs: hub: config: Authenticator: - allowed_users: &staging_users + admin_users: - sgibson91 - yuvipanda - damianavila - choldgraf - rabernat - admin_users: *staging_users + JupyterHub: + authenticator_class: github + GitHubOAuthenticator: + oauth_callback_url: https://staging.pangeo.2i2c.cloud/hub/oauth_callback + allowed_organizations: + - pangeo-data:us-central1-b-gcp + - 2i2c-org:tech-team + scope: + - read:org singleuser: image: name: pangeo/pangeo-notebook @@ -143,4 +149,109 @@ hubs: template: daskhub auth0: connection: github - config: *stagingConfig + config: + basehub: + nfs: + enabled: true + pv: + mountOptions: + - soft + - noatime + # Google FileStore IP + serverIP: 10.229.44.234 + # Name of Google Filestore share + baseShareName: /homes/ + jupyterhub: + proxy: + https: + enabled: false + custom: + homepage: + templateVars: + org: + name: Pangeo + url: https://pangeo.io + logo_url: "https://raw.githubusercontent.com/pangeo-data/pangeo/master/docs/_static/pangeo_simple_logo.svg" + designed_by: + name: 2i2c + url: https://2i2c.org + operated_by: + name: 2i2c + url: https://2i2c.org + funded_by: + name: The Gordon and Betty Moore Foundation + url: https://www.moore.org/ + hub: + config: + Authenticator: + allowed_users: &prod_users + - sgibson91 + - yuvipanda + - damianavila + - choldgraf + - rabernat + admin_users: *prod_users + singleuser: + image: + name: pangeo/pangeo-notebook + tag: bcfacc5 + profileList: + # The mem-guarantees are here so k8s doesn't schedule other pods + # on these nodes. They need to be just under total allocatable + # RAM on a node, not total node capacity + - display_name: "Small (1 GB - 4 GB)" + default: true + kubespawner_override: + cpu_limit: 2 + cpu_guarantee: 0.3 + mem_limit: 4G + mem_guarantee: 1G + node_selector: + node.kubernetes.io/instance-type: n1-standard-4 + - display_name: "Medium (4 GB - 8 GB)" + kubespawner_override: + cpu_limit: 2 + cpu_guarantee: 1 + mem_limit: 8G + mem_guarantee: 4G + node_selector: + node.kubernetes.io/instance-type: n1-standard-8 + - display_name: "Large (12 GB - 16 GB)" + kubespawner_override: + cpu_limit: 4 + cpu_guarantee: 1 + mem_limit: 16G + mem_guarantee: 12G + node_selector: + node.kubernetes.io/instance-type: n1-standard-16 + - display_name: "ML Image - Large (12 GB - 16 GB)" + description: "https://github.com/pangeo-data/pangeo-docker-images/tree/master/ml-notebook" + kubespawner_override: + image: "pangeo/ml-notebook:master" + cpu_limit: 2 + cpu_guarantee: 1 + mem_limit: 16G + mem_guarantee: 12G + node_selector: + node.kubernetes.io/instance-type: n1-standard-16 + initContainers: + # Need to explicitly fix ownership here, since EFS doesn't do anonuid + - name: volume-mount-ownership-fix + image: busybox + command: ["sh", "-c", "id && chown 1000:1000 /home/jovyan && ls -lhd /home/jovyan"] + securityContext: + runAsUser: 0 + volumeMounts: + - name: home + mountPath: /home/jovyan + subPath: "{username}" + dask-gateway: + gateway: + backend: + scheduler: + cores: + request: 0.8 + limit: 1 + memory: + request: 1G + limit: 2G diff --git a/secrets/config/hubs/pangeo-hubs.cluster.yaml b/secrets/config/hubs/pangeo-hubs.cluster.yaml new file mode 100644 index 0000000000..03af51aed2 --- /dev/null +++ b/secrets/config/hubs/pangeo-hubs.cluster.yaml @@ -0,0 +1,24 @@ +hubs: + - name: ENC[AES256_GCM,data:Fn161Lzsng==,iv:PNitibdRvHzMaMU9IPqM0iMs+emXA9E6zelfTQB1BYM=,tag:rCY7acQFechcFSGy94RMzQ==,type:str] + config: + basehub: + jupyterhub: + hub: + config: + GitHubOAuthenticator: + client_id: ENC[AES256_GCM,data:HGNeAuzHqKgpPgxlqc/VDgGQX2o=,iv:D7Ms4JSrKUW5KfuNdAC/VOayYsFWaK3oJSUURjEeCTQ=,tag:eLf2IvkTmq0lyg+lEHWOSw==,type:str] + client_secret: ENC[AES256_GCM,data:/iilnqtJaEVNVLp8V4LOpQz8Q19ADr9Qdk1ul/EVlynzJbRQcJXZUA==,iv:gEGMykdY1LoLGSXxHvwREwZVVAfmKdAzU2ddqWKSeg4=,tag:YQWTlrvMJF3NGWIB++wJDg==,type:str] +sops: + kms: [] + gcp_kms: + - resource_id: projects/two-eye-two-see/locations/global/keyRings/sops-keys/cryptoKeys/similar-hubs + created_at: "2021-09-23T11:39:22Z" + enc: CiQA4OM7eNF5IudCQucrsGQG3wsRyoqPuaVA5SgIYHGJLcp5EucSSQC9ZQbLJ42M2kH6oTiAdH+xQrqwfVn2shiKrOzGOM35kfWXKpk0bHLxE0xkQrPdpxraFM24UjUxaEZd49h8lh41gt44Rw8j0oM= + azure_kv: [] + hc_vault: [] + age: [] + lastmodified: "2021-09-23T11:39:23Z" + mac: ENC[AES256_GCM,data:dyS/xZtXbiox31+3uO70lFkoHy/9IYBu1JhIXEZG1XNQqsWGUchRh2O85dS6bTSPtYVf+cTc/uwjsr8YfyzCDewWNxbXdqL51aAx2TFPGJcAtj+xC0ntuktJeLm3oY6rcs/GJ7XFFdx2crhKV9WOLony2havSJ1EuaMH+RUbUpQ=,iv:P4m/+cV6BSzlExyxcn0+56BLik09A60Hp4kvgA6xLAs=,tag:YjZinx3R4TRQx6xZTvw7Wg==,type:str] + pgp: [] + unencrypted_suffix: _unencrypted + version: 3.7.1