From 26cbdaf7ab4d8eaad4b7a970c5513806eeb497af Mon Sep 17 00:00:00 2001 From: Sarah Gibson Date: Wed, 29 Jan 2025 11:25:51 +0000 Subject: [PATCH 1/2] pangeo-hubs: remove all hub config --- config/clusters/pangeo-hubs/cluster.yaml | 32 +---- .../clusters/pangeo-hubs/coessing.values.yaml | 73 ----------- .../clusters/pangeo-hubs/common.values.yaml | 119 ------------------ .../enc-coessing.secret.values.yaml | 21 ---- .../pangeo-hubs/enc-prod.secret.values.yaml | 21 ---- .../enc-staging.secret.values.yaml | 21 ---- config/clusters/pangeo-hubs/prod.values.yaml | 18 --- .../clusters/pangeo-hubs/staging.values.yaml | 18 --- 8 files changed, 1 insertion(+), 322 deletions(-) delete mode 100644 config/clusters/pangeo-hubs/coessing.values.yaml delete mode 100644 config/clusters/pangeo-hubs/common.values.yaml delete mode 100644 config/clusters/pangeo-hubs/enc-coessing.secret.values.yaml delete mode 100644 config/clusters/pangeo-hubs/enc-prod.secret.values.yaml delete mode 100644 config/clusters/pangeo-hubs/enc-staging.secret.values.yaml delete mode 100644 config/clusters/pangeo-hubs/prod.values.yaml delete mode 100644 config/clusters/pangeo-hubs/staging.values.yaml diff --git a/config/clusters/pangeo-hubs/cluster.yaml b/config/clusters/pangeo-hubs/cluster.yaml index 2cabc368a3..983e58d4e2 100644 --- a/config/clusters/pangeo-hubs/cluster.yaml +++ b/config/clusters/pangeo-hubs/cluster.yaml @@ -12,34 +12,4 @@ support: helm_chart_values_files: - support.values.yaml - enc-support.secret.values.yaml -hubs: - - name: staging - display_name: "Pangeo (staging)" - domain: staging.us-central1-b.gcp.pangeo.io - helm_chart: daskhub - helm_chart_values_files: - # The order in which you list files here is the order the will be passed - # to the helm upgrade command in, and that has meaning. Please check - # that you intend for these files to be applied in this order. - - common.values.yaml - - staging.values.yaml - - enc-staging.secret.values.yaml - - name: prod - display_name: "Pangeo (prod)" - domain: us-central1-b.gcp.pangeo.io - helm_chart: daskhub - helm_chart_values_files: - # The order in which you list files here is the order the will be passed - # to the helm upgrade command in, and that has meaning. Please check - # that you intend for these files to be applied in this order. - - common.values.yaml - - prod.values.yaml - - enc-prod.secret.values.yaml - - name: coessing - display_name: "COESSING" - domain: coessing.2i2c.cloud - helm_chart: daskhub - helm_chart_values_files: - - common.values.yaml - - coessing.values.yaml - - enc-coessing.secret.values.yaml +hubs: [] diff --git a/config/clusters/pangeo-hubs/coessing.values.yaml b/config/clusters/pangeo-hubs/coessing.values.yaml deleted file mode 100644 index 470f47ea95..0000000000 --- a/config/clusters/pangeo-hubs/coessing.values.yaml +++ /dev/null @@ -1,73 +0,0 @@ -basehub: - userServiceAccount: - annotations: - iam.gke.io/gcp-service-account: pangeo-hubs-coessing@pangeo-integration-te-3eea.iam.gserviceaccount.com - jupyterhub: - custom: - 2i2c: - add_staff_user_ids_to_admin_users: true - add_staff_user_ids_of_type: "google" - homepage: - templateVars: - org: - name: COESSING - url: https://coessing.org/ - logo_url: "https://coessing.files.wordpress.com/2016/08/ghana-logo-21.png?w=262&h=376&zoom=2" - ingress: - hosts: [coessing.2i2c.cloud] - tls: - - hosts: [coessing.2i2c.cloud] - secretName: https-auto-tls - singleuser: - extraEnv: - SCRATCH_BUCKET: gs://pangeo-hubs-coessing-scratch/$(JUPYTERHUB_USER) - PANGEO_SCRATCH: gs://pangeo-hubs-coessing-scratch/$(JUPYTERHUB_USER) - # No profiles - profileList: null - memory: - limit: 7G - guarantee: 4.5G - nodeSelector: - node.kubernetes.io/instance-type: n1-standard-2 - hub: - config: - JupyterHub: - authenticator_class: cilogon - CILogonOAuthenticator: - oauth_callback_url: "https://coessing.2i2c.cloud/hub/oauth_callback" - allowed_idps: - http://google.com/accounts/o8/id: - default: true - username_derivation: - username_claim: "email" - OAuthenticator: - # WARNING: Don't use allow_existing_users with config to allow an - # externally managed group of users, such as - # GitHubOAuthenticator.allowed_organizations, as it breaks a - # common expectations for an admin user. - # - # The broken expectation is that removing a user from the - # externally managed group implies that the user won't have - # access any more. In practice the user will still have - # access if it had logged in once before, as it then exists - # in JupyterHub's database of users. - # - allow_existing_users: True - Authenticator: - # WARNING: Removing a user from admin_users or allowed_users doesn't - # revoke admin status or access. - # - # OAuthenticator.allow_existing_users allows any user in the - # JupyterHub database of users able to login. This includes - # any previously logged in user or user previously listed in - # allowed_users or admin_users, as such users are added to - # JupyterHub's database on startup. - # - # To revoke admin status or access for a user when - # allow_existing_users is enabled, first remove the user from - # admin_users or allowed_users, then deploy the change, and - # finally revoke the admin status or delete the user via the - # /hub/admin panel. - # - admin_users: - - paigemar@umich.edu diff --git a/config/clusters/pangeo-hubs/common.values.yaml b/config/clusters/pangeo-hubs/common.values.yaml deleted file mode 100644 index 25f1b508ef..0000000000 --- a/config/clusters/pangeo-hubs/common.values.yaml +++ /dev/null @@ -1,119 +0,0 @@ -basehub: - nfs: - enabled: true - pv: - enabled: true - mountOptions: - - soft - - noatime - # Google FileStore IP - serverIP: 10.229.44.234 - # Name of Google Filestore share - baseShareName: /homes/ - dask-gateway: - enabled: true - gateway: - backend: - scheduler: - cores: - request: 0.8 - limit: 1 - memory: - request: 1G - limit: 2G - jupyterhub: - custom: - daskhubSetup: - enabled: true - 2i2c: - add_staff_user_ids_to_admin_users: true - add_staff_user_ids_of_type: "github" - homepage: - templateVars: - org: - name: Pangeo - url: https://pangeo.io - logo_url: "https://raw.githubusercontent.com/pangeo-data/pangeo/master/docs/_static/pangeo_simple_logo.svg" - designed_by: - name: 2i2c - url: https://2i2c.org - operated_by: - name: 2i2c - url: https://2i2c.org - funded_by: - name: NSF EarthCube Program (Award ICER-2026932) - url: "https://www.nsf.gov/awardsearch/showAward?AWD_ID=2026932" - hub: - allowNamedServers: true - config: - JupyterHub: - authenticator_class: github - GitHubOAuthenticator: - populate_teams_in_auth_state: true - allowed_organizations: - - pangeo-data:us-central1-b-gcp - scope: - - read:org - Authenticator: - enable_auth_state: true - admin_users: - - rabernat - - jhamman - - scottyhq - - TomAugspurger - singleuser: - cloudMetadata: - blockWithIptables: false - extraEnv: - GH_SCOPED_CREDS_CLIENT_ID: "Iv1.c90ee430400a347f" - GH_SCOPED_CREDS_APP_URL: https://github.com/apps/pangeo-gcp-hub-push-access - # User image repo: https://github.com/pangeo-data/pangeo-docker-images - image: - name: pangeo/pangeo-notebook - tag: "2023.01.03" - profileList: - # The mem-guarantees are here so k8s doesn't schedule other pods - # on these nodes. They need to be just under total allocatable - # RAM on a node, not total node capacity. Values calculated using - # https://learnk8s.io/kubernetes-instance-calculator - - display_name: "Small" - description: 5GB RAM, 2 CPUs - default: true - allowed_groups: - - pangeo-data:us-central1-b-gcp - - 2i2c-org:hub-access-for-2i2c-staff - kubespawner_override: - mem_limit: 7G - mem_guarantee: 4.5G - node_selector: - node.kubernetes.io/instance-type: n1-standard-2 - - display_name: Medium - description: 11GB RAM, 4 CPUs - allowed_groups: - - pangeo-data:us-central1-b-gcp - - 2i2c-org:hub-access-for-2i2c-staff - kubespawner_override: - mem_limit: 15G - mem_guarantee: 11G - node_selector: - node.kubernetes.io/instance-type: n1-standard-4 - - display_name: Large - description: 24GB RAM, 8 CPUs - allowed_groups: - - pangeo-data:cds-lab - - 2i2c-org:hub-access-for-2i2c-staff - kubespawner_override: - mem_limit: 30G - mem_guarantee: 24G - node_selector: - node.kubernetes.io/instance-type: n1-standard-8 - - display_name: Huge - description: 52GB RAM, 16 CPUs - allowed_groups: - - pangeo-data:cds-lab - - 2i2c-org:hub-access-for-2i2c-staff - kubespawner_override: - mem_limit: 60G - mem_guarantee: 52G - node_selector: - node.kubernetes.io/instance-type: n1-standard-16 diff --git a/config/clusters/pangeo-hubs/enc-coessing.secret.values.yaml b/config/clusters/pangeo-hubs/enc-coessing.secret.values.yaml deleted file mode 100644 index 66a8eb6151..0000000000 --- a/config/clusters/pangeo-hubs/enc-coessing.secret.values.yaml +++ /dev/null @@ -1,21 +0,0 @@ -basehub: - jupyterhub: - hub: - config: - CILogonOAuthenticator: - client_id: ENC[AES256_GCM,data:xWr14DxXaC6TS/XpinNtQ9d20IhHzHx9zwwxy/qW0Cu5gE2oq+OSrIjfx1ny2ERQtEb7,iv:TfBuHFVyQyCyXSqZ995m02jQJLVYYVSmyOB/FJA4oDI=,tag:nkbf2A5qnqH1cvuCCxX4pA==,type:str] - client_secret: ENC[AES256_GCM,data:bRbwQhUuGoGKxqAYcyUDKsy6eeuJ9bhWHK4yKl8R2Mbn9UvyeEYRWzwk4A3e1EWVQAC0rGXvbEK9AjGmGBeuGYxjtTg6+Dcjz9v25y0fqe034cttOBs=,iv:7Ef9Z3MaivnqoH8lyNPsQQ7Po4fJfqg/WBR1HFlZ56E=,tag:pKReSf/yeVralbxEG5Ut9g==,type:str] -sops: - kms: [] - gcp_kms: - - resource_id: projects/two-eye-two-see/locations/global/keyRings/sops-keys/cryptoKeys/similar-hubs - created_at: "2023-07-24T14:50:46Z" - enc: CiUA4OM7eGHpXkSlhxYskzt/fj6kS9055CrxVtHWRlRNNnLUnFwnEkkAyiwFHD6ptsIuEbkIVsI+JP6Fs/CHYvRbIrBd9TUZ90Hcsdl546WSzb2wOVLTzKSdkbkjGgSh66qWKU9J63Nq9waDB4qryTiB - azure_kv: [] - hc_vault: [] - age: [] - lastmodified: "2023-07-24T14:50:46Z" - mac: ENC[AES256_GCM,data:3kDn39wyJEsUzYCneATG/TxIT47pblXwk4kGFOW/sluDAURwu4MxDCgoObZKC4jNQH8O7JVd4KNpG5M1heSLj4LG7bGzAYjxczT8MHe1mmN0DFISf4KGcWmSjQv+kFOizWO33oiuI+C+PPvpEcsjqh9Bss9t/eTIwDIowhMHD5Q=,iv:QqPxlZTMEc4y8VR/7p4nAa+6Fi0rzyyTUoEeRlTykoc=,tag:NET2gzxphtEBj4n3TVUQsQ==,type:str] - pgp: [] - unencrypted_suffix: _unencrypted - version: 3.7.3 diff --git a/config/clusters/pangeo-hubs/enc-prod.secret.values.yaml b/config/clusters/pangeo-hubs/enc-prod.secret.values.yaml deleted file mode 100644 index ce64fca733..0000000000 --- a/config/clusters/pangeo-hubs/enc-prod.secret.values.yaml +++ /dev/null @@ -1,21 +0,0 @@ -basehub: - jupyterhub: - hub: - config: - GitHubOAuthenticator: - client_id: ENC[AES256_GCM,data:igGeiSC6AWsXr4exKRkaqWr+qXw=,iv:ezkaqQeHFtVKSRnw4TcLUm5byS/9kYVsdRsHogFlI+8=,tag:cFRQOiHGvkULW54bRopWBQ==,type:str] - client_secret: ENC[AES256_GCM,data:AGbw/6EqxEPSBdYSY4o6UlsytlXagLL5GiEBLShtTk9Oe2Z3KIjjlg==,iv:Bfg/FdRYyj7JxbXEz05FoHws7HfX5Lqi4/SURJWPpe8=,tag:FK1136OA/cRcxTUWiWfIiw==,type:str] -sops: - kms: [] - gcp_kms: - - resource_id: projects/two-eye-two-see/locations/global/keyRings/sops-keys/cryptoKeys/similar-hubs - created_at: "2022-02-24T18:31:21Z" - enc: CiQA4OM7eNU4/NC1GSyOypie5mku2r/szfsjQHdxf5CkEib8PWISSQDm5XgWPd3+MJEgP6vyMdkr+5xZCc0MbF1aoNtwLVU/Z9PKOZsw2UgcoYIAHxpoMCm9aC2mS+qZJyq7N5GnR0xxIc3cGMNybVo= - azure_kv: [] - hc_vault: [] - age: [] - lastmodified: "2022-02-24T18:31:21Z" - mac: ENC[AES256_GCM,data:/Mqdfjt2XeK3D4enkz8olaYpXufKg1HeNoRImxDX0O59zO0IxI43F1UudRp7PMmxzEl3GZntH0BNx/C00I4ozp4o355uqVcCFwOnREB58OSy1ZauiRE8wNKWcBElPDuWMSEgjk6spdkWbSkqbYZj1eZPIZnPD648nlj82H0ahT4=,iv:YJyVBV0VEwsn8pi6NIYNmP9rIMTu+iG8Pnw1LfoxGhA=,tag:FAhK0d6e1ejJ/XFbTFiFGg==,type:str] - pgp: [] - unencrypted_suffix: _unencrypted - version: 3.7.1 diff --git a/config/clusters/pangeo-hubs/enc-staging.secret.values.yaml b/config/clusters/pangeo-hubs/enc-staging.secret.values.yaml deleted file mode 100644 index e88f156eaa..0000000000 --- a/config/clusters/pangeo-hubs/enc-staging.secret.values.yaml +++ /dev/null @@ -1,21 +0,0 @@ -basehub: - jupyterhub: - hub: - config: - GitHubOAuthenticator: - client_id: ENC[AES256_GCM,data:+XHdeQmWgvTZXUzcV4LCUbt+YwQ=,iv:0mlc/xzfKfjuurFVgIUu130cG1FccrzF8ZS0Swdt9Po=,tag:EmxZ9PcfzbeQMTdEVtCsCA==,type:str] - client_secret: ENC[AES256_GCM,data:80nLDsxn/Hc5CWGN3tJaCrqfrYPhIu8g/0W+6VX7JE5+re6zFeTZ5g==,iv:A6Tt1rkO4BQABJAA8/HrhMv9cIDFJxQsZ5Kf8q5P2QY=,tag:XFkTX/G8rs0yBVscOvBccw==,type:str] -sops: - kms: [] - gcp_kms: - - resource_id: projects/two-eye-two-see/locations/global/keyRings/sops-keys/cryptoKeys/similar-hubs - created_at: "2022-02-24T18:04:17Z" - enc: CiQA4OM7eP6diuWK5cq1WJfLBHrUaMLetApVQYdQJjlOFUKSsHASSQDm5XgW8L7w2ZN+LPLHBMIcfpO6YIBeajtpkKFnTdpRgbhgR7+fb9p4HHT8z3H1U7nwKuOaQPtsXj2e8ZPjWr/2tqy6ramzlhU= - azure_kv: [] - hc_vault: [] - age: [] - lastmodified: "2022-02-24T18:04:17Z" - mac: ENC[AES256_GCM,data:Q6xwN04+nvoKRFz4M50k3YkICcUIybjzFQzz5hgjvPG6E7n/m6bjqkQZr89d5yhpNuHEm62/fQqTaVGftaXWV5KJIyTp+GWNnnikDafX/FFPUB4n1TCZ5sOMFc9oWK0Ysr6BKdGTg5bILgCvT5Ao/D2hsvMJ/uwF9CY3Dz8GFFA=,iv:Z27GVa49IguyAnOtgCJdX29xlWZ3iOydsr34DDHMNaY=,tag:EN2umfcSzQR/qVwVwz5+uw==,type:str] - pgp: [] - unencrypted_suffix: _unencrypted - version: 3.7.1 diff --git a/config/clusters/pangeo-hubs/prod.values.yaml b/config/clusters/pangeo-hubs/prod.values.yaml deleted file mode 100644 index e7c4e47bba..0000000000 --- a/config/clusters/pangeo-hubs/prod.values.yaml +++ /dev/null @@ -1,18 +0,0 @@ -basehub: - userServiceAccount: - annotations: - iam.gke.io/gcp-service-account: pangeo-hubs-prod@pangeo-integration-te-3eea.iam.gserviceaccount.com - jupyterhub: - ingress: - hosts: [us-central1-b.gcp.pangeo.io] - tls: - - hosts: [us-central1-b.gcp.pangeo.io] - secretName: https-auto-tls - hub: - config: - GitHubOAuthenticator: - oauth_callback_url: https://us-central1-b.gcp.pangeo.io/hub/oauth_callback - singleuser: - extraEnv: - SCRATCH_BUCKET: gs://pangeo-hubs-scratch/$(JUPYTERHUB_USER) - PANGEO_SCRATCH: gs://pangeo-hubs-scratch/$(JUPYTERHUB_USER) diff --git a/config/clusters/pangeo-hubs/staging.values.yaml b/config/clusters/pangeo-hubs/staging.values.yaml deleted file mode 100644 index 03229944da..0000000000 --- a/config/clusters/pangeo-hubs/staging.values.yaml +++ /dev/null @@ -1,18 +0,0 @@ -basehub: - userServiceAccount: - annotations: - iam.gke.io/gcp-service-account: pangeo-hubs-staging@pangeo-integration-te-3eea.iam.gserviceaccount.com - jupyterhub: - ingress: - hosts: [staging.us-central1-b.gcp.pangeo.io] - tls: - - hosts: [staging.us-central1-b.gcp.pangeo.io] - secretName: https-auto-tls - hub: - config: - GitHubOAuthenticator: - oauth_callback_url: https://staging.us-central1-b.gcp.pangeo.io/hub/oauth_callback - singleuser: - extraEnv: - SCRATCH_BUCKET: gs://pangeo-hubs-scratch-staging/$(JUPYTERHUB_USER) - PANGEO_SCRATCH: gs://pangeo-hubs-scratch-staging/$(JUPYTERHUB_USER) From 0835437bc17826763c9096f9100368e7a0905d22 Mon Sep 17 00:00:00 2001 From: Sarah Gibson Date: Wed, 29 Jan 2025 11:47:17 +0000 Subject: [PATCH 2/2] Remove pangeo-hubs config files and references --- .github/workflows/deploy-hubs.yaml | 2 - config/clusters/pangeo-hubs/cluster.yaml | 15 -- .../enc-deployer-credentials.secret.json | 30 ---- .../pangeo-hubs/enc-grafana-token.secret.yaml | 15 -- .../enc-support.secret.values.yaml | 22 --- .../clusters/pangeo-hubs/support.values.yaml | 43 ------ .../daemonset_requests.yaml | 6 - docs/topic/infrastructure/config.md | 2 +- terraform/gcp/projects/pangeo-hubs.tfvars | 131 ------------------ 9 files changed, 1 insertion(+), 265 deletions(-) delete mode 100644 config/clusters/pangeo-hubs/cluster.yaml delete mode 100644 config/clusters/pangeo-hubs/enc-deployer-credentials.secret.json delete mode 100644 config/clusters/pangeo-hubs/enc-grafana-token.secret.yaml delete mode 100644 config/clusters/pangeo-hubs/enc-support.secret.values.yaml delete mode 100644 config/clusters/pangeo-hubs/support.values.yaml delete mode 100644 terraform/gcp/projects/pangeo-hubs.tfvars diff --git a/.github/workflows/deploy-hubs.yaml b/.github/workflows/deploy-hubs.yaml index 2669b224f5..0a554c06b1 100644 --- a/.github/workflows/deploy-hubs.yaml +++ b/.github/workflows/deploy-hubs.yaml @@ -227,7 +227,6 @@ jobs: failure_nmfs-openscapes: ${{ steps.declare-failure.outputs.failure_nmfs-openscapes }} failure_openscapes: ${{ steps.declare-failure.outputs.failure_openscapes }} failure_opensci: ${{ steps.declare-failure.outputs.failure_opensci }} - failure_pangeo-hubs: ${{ steps.declare-failure.outputs.failure_pangeo-hubs }} failure_projectpythia: ${{ steps.declare-failure.outputs.failure_projectpythia }} failure_queensu: ${{ steps.declare-failure.outputs.failure_queensu }} failure_smithsonian: ${{ steps.declare-failure.outputs.failure_smithsonian }} @@ -465,7 +464,6 @@ jobs: failure_nmfs-openscapes_staging: ${{ steps.declare-failure.outputs.failure_nmfs-openscapes_staging }} failure_openscapes_staging: ${{ steps.declare-failure.outputs.failure_openscapes_staging }} failure_opensci_staging: ${{ steps.declare-failure.outputs.failure_opensci_staging }} - failure_pangeo-hubs_staging: ${{ steps.declare-failure.outputs.failure_pangeo-hubs_staging }} failure_projectpythia_staging: ${{ steps.declare-failure.outputs.failure_projectpythia_staging }} failure_queensu_staging: ${{ steps.declare-failure.outputs.failure_queensu_staging }} failure_smithsonian_staging: ${{ steps.declare-failure.outputs.failure_smithsonian_staging }} diff --git a/config/clusters/pangeo-hubs/cluster.yaml b/config/clusters/pangeo-hubs/cluster.yaml deleted file mode 100644 index 983e58d4e2..0000000000 --- a/config/clusters/pangeo-hubs/cluster.yaml +++ /dev/null @@ -1,15 +0,0 @@ -name: pangeo-hubs -provider: gcp # https://console.cloud.google.com/kubernetes/clusters/details/us-central1-b/pangeo-hubs-cluster/nodes?project=pangeo-integration-te-3eea -account: columbia -gcp: - key: enc-deployer-credentials.secret.json - project: pangeo-integration-te-3eea - cluster: pangeo-hubs-cluster - zone: us-central1-b - billing: - paid_by_us: false -support: - helm_chart_values_files: - - support.values.yaml - - enc-support.secret.values.yaml -hubs: [] diff --git a/config/clusters/pangeo-hubs/enc-deployer-credentials.secret.json b/config/clusters/pangeo-hubs/enc-deployer-credentials.secret.json deleted file mode 100644 index 9812ba8546..0000000000 --- a/config/clusters/pangeo-hubs/enc-deployer-credentials.secret.json +++ /dev/null @@ -1,30 +0,0 @@ -{ - "type": "ENC[AES256_GCM,data:BpYDstdNbfuh34obJRgg,iv:a9D8sCXijikpiA1TL0MEmWKNPTtVMCkUuHJAE3JY6Ug=,tag:tPOkdB9EJDHcuNnVwd9Lfg==,type:str]", - "project_id": "ENC[AES256_GCM,data:cwRsXyoRgCWsIt6ZLwXMaP+nPlGKymND3KM=,iv:iOwixFUlZq1DJy9fsX2NjiEFCTzDNbGLu9SaxFLSqyU=,tag:CSbC3Te/veHLVRCf4ngUdg==,type:str]", - "private_key_id": "ENC[AES256_GCM,data:b+YoQld80IpLUrSEMwV2WUWk1ExXffirUnH9YoC1HRnXEY0d9PqAPw==,iv:fdSA1sC1PqYGpVUedjr/ZYNbCpE0dx1zC3c7wBpZowc=,tag:350iE7A9HGlEajSTDXw07w==,type:str]", - "private_key": "ENC[AES256_GCM,data:d6HpRHUHsaRTz8cxfdGBOhgl5vrB2APTa5P6L+i9bE3Y9RDsAJpLiZJY4mLrkg26txiuZCLOOeOkgT+FOaNb9TOckwNrJfOV0IR8xcyBDT/WZVXuHthdTEhW6xwd8G5wV4EvH7/61I8hp3GQbPgRKjTgHiuI4Sjbc880R8hft59meJ35ewSWQ/1iS1Q6rinMvj11IZkZtdXIIVWiWVvF7oHBcwQn6uacDhkYx/KvS/mpvUiYWIy2233Jv3s8J4zjiurt7Zjpos+4ETdBUROV+5gA1c44Rtfz/NP7yj4rwtPp0WAD4fUdvqwlfC8atVbnfVVSQvefu5KCmUQhuMwsNQYfHxN/chBn8chSH2KMyWaU5s8xUBegDK1qw7fkt3DZ0Ci8eHZtCt+gWzzDEDDIuDTEpe/SfGdrhaP8o/f/J686yfIxIVtG0CwWmmTV42ujcrr3GatRpQ7U52LHIpG092iYELKPapTylVotGrHSDtlldetmNKuZbq2L2KusygUGB4AkFTJPlY68U+ysw/SWVRyc16whSKc5HcozoyyYayHrqzh1xd+tLLmwXiyccFEY+EXK7Gc3WRO7s03zgozCiFfXcAvQNB8B2H8SkiofJREvavHIBqDOOSqDYjFJJfOCr6KMhNxb152Bqa6ntkjPiTQ9dThZJ87z7Ep3p1cL3YzlELE8qSOzj6S8ERBTqZCgH9oeIO+oIPkNVw5T2C5QeFvEAtKD/jvlKYBL8+iFCtled7wj++BKNdQccNyg7I5u8iwlJ9GIFUMq+e+uX0f8uL8PDcNGVDEUJZtd4dJmawNm2ZDN8l8PQ7KJHH0G0Ty1+SYYjqv3LaOEf4VTpT+G5uBVXFtbAgo0ATgvRjs56tXSAxZfyqXjStG5O2KTqWk6gXSOd7f1kUr87FXORNjse2kmvx0iWgJ0NKe4MkSUP1Tcc7fp+E00yEdeIApmWxeZ+HrOVFiTLbVrTQZFE4j1Md+Htsp1p1Xr7H18ZV4of6s1xErDrdhY4s39VDx4fA8Sc77CDZ+Urw3NSLhD4/Ltxr5FX9wRJVRUdl0mL/7zc4V9aUd5QevhYR8r+miIw+EIWsifnV7D1+zDg4xu//66jW4pxUJOC9W9IyNWQnpzjJXOVGwmNt9K9MDEH34/uHL0h89jiD8MESMFhA75y5dnwjtKpyff0bDIeogyIHDMyF7FAdtWD7vIZe9XcYaSzqJF2cytt9xpFd67a210oaydBflrAowvUFsroxNbEUENQZ/2pM99TPKcd2bKiilCY/9EioFZbAU9zvLhgnlnDmOc9/4HVPUsk598cmhbr5i2WxuDGCT9hvXVjqLihvmvnUPtW+vhxKFzYuHazKn9cQ60NR1bK/Khwo5dcJBl7FqIt3eP80697oCma6pBBe+026rLVyT/wc6DkyXPcLwqYAnAgDiIQ2ubYfsohLordSUJ1OeUfHsPV+ByRO9SwKofGLq0KeKDLXsCqbSHoalvwqV+pADY5jW2FGuPOxOVW13LYYyF0huLC8gMy0dyIGlhCM8tk2QoPI0JX6AlJBAeapdjLKCA6lQj0oFOZT9RFwSVe7VK2ZXFXb5VU2QbN521m2idpz16dDjAWcHkhiDtCuT7fNxvjmpRTFL7Yc2anoluVGpLEuHRqiRzNnOCUXS87pY5BcfQOJQrCWXAH9YFuLihipib/Dyd4LRs5fOY6M9G8aTrhqmvfuIXa8+amxUcYrymmRJ2NACniLrbpO3PKGUk+YSCvTUsSdvcub7FKoHinlmRIXZ3IK3JDfOS54Pje+4GpxtGZwstkoExMPVA0FgHRpxQqFXnNfy9DopSI3/q3Y5FIAaRxFchnj/ImHUyd0AE1KsxVt/wLBaQK6UFRKsKBSJXY1RxAb0SRFbBkHKxvCdFnoP+zc5tXvdKx7Q1TQB1wW/lUIiSZeHZmkRbGlA2REzBxAFypaaX/eqHXE0Tj9nE2S7b5U3AcC1NJ8MOQT1KDQpAXfd3XE8yytCuyzJM5U2Uq6I0KPTovTfXt/mUiw10AphhcSK8Gakcvoa/7GBkNC5Uno5vF74sGRK3IBPZrq6CkbADv3vpAkwG+MFUdYivs4R9t4hHgfeRUTtslpX+u4Orp490djU+OeLywLA3FDP3jzoiS8ICiqFuUoObXwGCLU4dko1DiqceTOjlsJn4vjBDrMwBOtZd/ycEk7RfNNksz6L+fuF4N6ADlhcupbKiNtvVBnhw2Ym8J0DV5CUvinWApQSUmzMRWAhCeiHgl+9bqJ2SxpPt,iv:Tp8Dy8l26JpJyedw/mVeQKOr+PMm8aXg0oGnozmRS9k=,tag:Inw+hO/rRqVUdlC4s5Q5sg==,type:str]", - "client_email": "ENC[AES256_GCM,data:yqtWM20izp3xgNJN8VJIQZtbjV4JdD6JkmJq8A0x/MOB0TVtd8shAvbAMTwzEXN3641dXUohGXiVura/xgKGT7ydHmI=,iv:iGdMJ6gi0SOT25+jL3NAEYbgW/p5ASX336fxVxmnByw=,tag:o4AOBk2mGI3om8cBMGda3w==,type:str]", - "client_id": "ENC[AES256_GCM,data:ZFV8xCAnmcWVbg2BGkq0fPMDOCpw,iv:ADlvc7wuy/g8zqHtoDFS3QaDrcWxb8EMt9v7GtaMr68=,tag:Eo9vjMRj62XFngv2ehJVmA==,type:str]", - "auth_uri": "ENC[AES256_GCM,data:dkdzkT+x002mNF5GnyRE+B5yAX9hbpcn+pltt+L/Oy3m/v/y+MFt8/k=,iv:UHfEkTEIi7xkMzojknpd4n9ue/7woYE4j0tVK3B8LI0=,tag:ZDuMvTw8GH1R951QQY4sKg==,type:str]", - "token_uri": "ENC[AES256_GCM,data:jKl7rvk0fzAV7agx6e9BP6KMYNZuOXLqqvaEoAR0g93qBQw=,iv:wNzjWQx1KHMei0xgohS9FiatcGgRlJQkKxdrB80FTDY=,tag:Hb3BHQTweORaq7T8t5RTSg==,type:str]", - "auth_provider_x509_cert_url": "ENC[AES256_GCM,data:wdcXZMEJbcLO9E+KZQBYggj5vpXqvWa4ksTRIHgp4s0i4khH1PTKW8FV,iv:rNauzaC3Xt0bD6l6dCvePJqBc8AcEquWmnt7HErkz1M=,tag:e9+silsJAenBYNn0IBvq6Q==,type:str]", - "client_x509_cert_url": "ENC[AES256_GCM,data:VhQd72oZDQHwbWVdCBHaZ+DsKozdHtNPmK2vv6wtzICsvmFUHp0+YufSIRAVNYSePvO1+RKH8GT0M2WZF9rUqXGCdCIEcInkoTfQJFkTf/9eNeP8BiOTnj9ob+80en6EhBaVIkSonKtxBZI5J7L3JocsUEQO52wo,iv:3J3hH9TNzwtPmgLqHaEni8wmqU3bNpEZmQAEqoyOGNA=,tag:SbT34VjJUFgMkHi0TaoMxw==,type:str]", - "sops": { - "kms": null, - "gcp_kms": [ - { - "resource_id": "projects/two-eye-two-see/locations/global/keyRings/sops-keys/cryptoKeys/similar-hubs", - "created_at": "2021-08-23T14:45:15Z", - "enc": "CiQA4OM7eFa/9wYyRK80/kfn8b3mvJH1XOEuqeh3Yyq3g9k8/RgSSQB6TpsYPWrXiJDxyO9pJ1dH1AyZ632RMC5ldi/ZSEwPQiJeMABiePdgh3zMKJoQ0Gp3ZcyZL/biFKF21dgGrFyimGzNOk6CCXU=" - } - ], - "azure_kv": null, - "hc_vault": null, - "age": null, - "lastmodified": "2021-08-23T14:45:15Z", - "mac": "ENC[AES256_GCM,data:F5ULgkpVjuFgc1D3BdWMHMpfYn10c5pvok751WwYd6N3RePa4XsjgbUokmSmPvhi++lKNM6WSofMHAjPK72umFZrxe10ry6ynxP/76Dp6wQss6UrEVMzf+0FAkvw40BJi2AW8ikLsj5RDdKABKkKzZgxmReYcbaGVu5UmFDaJ3Q=,iv:bcavb+FIQbe0Ym4gGD4VKcqRzverxxFbVq+61vyTR6c=,tag:USyM7nVPDm7SiIbUXtNaxQ==,type:str]", - "pgp": null, - "unencrypted_suffix": "_unencrypted", - "version": "3.7.1" - } -} \ No newline at end of file diff --git a/config/clusters/pangeo-hubs/enc-grafana-token.secret.yaml b/config/clusters/pangeo-hubs/enc-grafana-token.secret.yaml deleted file mode 100644 index 78cf18e235..0000000000 --- a/config/clusters/pangeo-hubs/enc-grafana-token.secret.yaml +++ /dev/null @@ -1,15 +0,0 @@ -grafana_token: ENC[AES256_GCM,data:PqPoXfsEhnLb58lYqF0Jz6t629u1faiBtM04XeEtdxJf3tNaMHGYnuUBAIS5aw==,iv:BJSkFXScfma2DjK7z9OCRV5kdZcJ9TWep9P9/n32WUA=,tag:SstDgyI/B/tnXYq/6jfLtg==,type:str] -sops: - kms: [] - gcp_kms: - - resource_id: projects/two-eye-two-see/locations/global/keyRings/sops-keys/cryptoKeys/similar-hubs - created_at: "2022-11-24T12:32:39Z" - enc: CiUA4OM7eGZsQNWFy4JdJMgZAL3IdnyquzrXR9N/OCJBzs6NFslBEkkA+0T9hYQqxPdspKIcSLD/8qrpP54cpKgdQPSDiuo3HoGO85F3fY+DinTzP6HzfhrRAMV3+jXUIyasd0TgJsS0Rx6kZX+isKDu - azure_kv: [] - hc_vault: [] - age: [] - lastmodified: "2022-11-24T12:32:39Z" - mac: ENC[AES256_GCM,data:/m7k7WGFDbApISg4BPvzfMwEg4CIeKeQqfCfIPaSDetLsrQ+xlxAyTwYwAYuAhCRgFVGf6FSZL0VtFSsiKl1Sf1kJ5SQzw/WK3g+ur7VnMIaI7slEhqFvRe0rLBxjCTOMvlKIc428gqSXSzIBDGro1hfaKskUg+NyqRe0Gn88uc=,iv:7B58qwqLCdZ76QoS1wd97knjTvGe6cinSVFKYEO57u8=,tag:vaNgPa9CzcI4nWOoQr4ing==,type:str] - pgp: [] - unencrypted_suffix: _unencrypted - version: 3.7.3 diff --git a/config/clusters/pangeo-hubs/enc-support.secret.values.yaml b/config/clusters/pangeo-hubs/enc-support.secret.values.yaml deleted file mode 100644 index a2aac59ece..0000000000 --- a/config/clusters/pangeo-hubs/enc-support.secret.values.yaml +++ /dev/null @@ -1,22 +0,0 @@ -prometheusIngressAuthSecret: - username: ENC[AES256_GCM,data:Qq5cEmsWnutE+HvCvRcg/A+SdK1Thr+R6dRT6+b+qCEBYKpYG2Xrdcb2es65z5xZAx7tzTN6MhIWytrewYrbxQ==,iv:DEcYIRPizwe5Z6rz7tEqTiYJ/oiWDKErV17/Dsu4QNg=,tag:K+8QvYKysgUrzjy1dkhFJA==,type:str] - password: ENC[AES256_GCM,data:zVs5aFx9GmcbvwNxRXOy1OQGxvYiEkicKdV7p5SA1na795oIJP3ysCaWYPwVL+yNXy4kN6IJ2Ja2aFdcacjgcg==,iv:/d2WgJkinDTLMimGDMYsVZ6AsoGSKtIuhM8Y+rMf6YQ=,tag:0Rv/hEtnofkW3XdzagP4zA==,type:str] -grafana: - grafana.ini: - auth.github: - client_id: ENC[AES256_GCM,data:hovv82ysQi5EEx7dSzCKnpbZ/ys=,iv:In6DqW9UmX5diPRbAJ+79CT8iLtFKZdtoZXlNyeWqZA=,tag:SHFkGMT67aUAxqNrYUfN3Q==,type:str] - client_secret: ENC[AES256_GCM,data:BnpkCV+vIFKzXyq0ggbzTyS7RZyb7Ty8koYVsWkMwdrjXuvJuONGYQ==,iv:Lo8yOyNBB1HFwTlmaFhrQa4xzqy6fps9mMwE4wyIGUM=,tag:UPNVrq8K71Mh+qPFNN927Q==,type:str] -sops: - kms: [] - gcp_kms: - - resource_id: projects/two-eye-two-see/locations/global/keyRings/sops-keys/cryptoKeys/similar-hubs - created_at: "2022-03-14T20:52:45Z" - enc: CiQA4OM7eJtxMekwe8M2xF3+DD4ZunAeBVpTJD9wg1PKaJEy7kASSQDm5XgWsVdfRQVoQaTbAptAhyIRxdJKiLlAOxNTfUwsLXxRC30PYheM5d5nBv5Ah5e0xtxAdMrYEnJvwtUy7d6Ugek02bncmfg= - azure_kv: [] - hc_vault: [] - age: [] - lastmodified: "2023-02-08T14:09:30Z" - mac: ENC[AES256_GCM,data:EATjL6qOUjWvHUURy9zY1uspHFtXgZZEoxgCODNDbaBH0sLB/O4mvQRQI+LEEJnw0+kFI7KKTPhguqAjtoyhebSwTGH3t1YMkm2SzDBkKKFJCbA1foKXSDqat5dHIZbRJJDhHAOOU9s3DOOt0dxlbgVeeZk2laVBmsBy0+7SJqs=,iv:dtSKdm0YCOhgY8unlEjwlPXoLulXe2Bg1DfPMvDa3c4=,tag:F85IaKFSep7bw+aq4gnvTg==,type:str] - pgp: [] - unencrypted_suffix: _unencrypted - version: 3.7.2 diff --git a/config/clusters/pangeo-hubs/support.values.yaml b/config/clusters/pangeo-hubs/support.values.yaml deleted file mode 100644 index 33e2ec9ce0..0000000000 --- a/config/clusters/pangeo-hubs/support.values.yaml +++ /dev/null @@ -1,43 +0,0 @@ -grafana: - grafana.ini: - server: - root_url: https://grafana.gcp.pangeo.2i2c.cloud/ - auth.github: - enabled: true - allowed_organizations: 2i2c-org - ingress: - hosts: - - grafana.gcp.pangeo.2i2c.cloud - tls: - - secretName: grafana-tls - hosts: - - grafana.gcp.pangeo.2i2c.cloud - -# Disable the Admissions Validation Webhook and the port is not -# permitted on private GKE clusters -ingress-nginx: - controller: - admissionWebhooks: - enabled: false - -prometheusIngressAuthSecret: - enabled: true - -prometheus: - server: - # Bumped as part of https://github.com/2i2c-org/infrastructure/issues/4632 - persistentVolume: - size: 500Gi - ingress: - enabled: true - hosts: - - prometheus.gcp.pangeo.2i2c.cloud - tls: - - secretName: prometheus-tls - hosts: - - prometheus.gcp.pangeo.2i2c.cloud - resources: - requests: - memory: 24Gi - limits: - memory: 24Gi diff --git a/deployer/commands/generate/resource_allocation/daemonset_requests.yaml b/deployer/commands/generate/resource_allocation/daemonset_requests.yaml index 3806268993..a75fc39708 100644 --- a/deployer/commands/generate/resource_allocation/daemonset_requests.yaml +++ b/deployer/commands/generate/resource_allocation/daemonset_requests.yaml @@ -82,12 +82,6 @@ gke: cpu_requests: 354m memory_requests: 656Mi k8s_version: v1.29.1-gke.1589020 - pangeo-hubs: - requesting_daemon_sets: calico-node,fluentbit-gke,gke-metadata-server,gke-metrics-agent,ip-masq-agent,netd,pdcsi-node,support-cryptnono,support-prometheus-node-exporter - other_daemon_sets: "" - cpu_requests: 354m - memory_requests: 656Mi - k8s_version: v1.29.1-gke.1589020 eks: # Current overhead is 195m and 250Mi (May 15 2024 with EKS 1.29.4). # diff --git a/docs/topic/infrastructure/config.md b/docs/topic/infrastructure/config.md index d0fe8c7991..f119e3b5a4 100644 --- a/docs/topic/infrastructure/config.md +++ b/docs/topic/infrastructure/config.md @@ -68,7 +68,7 @@ A hub's helm chart values file can be encrypted as well, following the naming co ``` Where we run dedicated clusters that only host a `staging` and `prod` hub, we aggregate all helm chart values shared by each hub into a `common.values.yaml` file, and then describe the helm chart values specific to either `staging` or `prod` with a `staging.values.yaml` or `prod.values.yaml` file respectively. -See the [Pangeo config](https://github.com/2i2c-org/infrastructure/blob/HEAD/config/clusters/pangeo-hubs/cluster.yaml) for an example. +See the [Pangeo config](https://github.com/2i2c-org/infrastructure/blob/HEAD/config/clusters/kitware/cluster.yaml) for an example. ### Conventions for our configuration structure diff --git a/terraform/gcp/projects/pangeo-hubs.tfvars b/terraform/gcp/projects/pangeo-hubs.tfvars deleted file mode 100644 index 13cbf09c4f..0000000000 --- a/terraform/gcp/projects/pangeo-hubs.tfvars +++ /dev/null @@ -1,131 +0,0 @@ -# SETTING UP TO WORK WITH THIS FILE: -# ------------------------------------------------------------------------------- -# -# The terraform state associated with this file is stored in a dedicated GCP -# bucket, so a new terraform backend has to be chosen. Also, you will need to -# authenticate with a @columbia.edu account as our @2i2c.org accounts don't have -# access. -# -# This can look something like this: -# -# gcloud auth login --update-adc -# -# cd terraform/gcp -# rm -rf .terraform -# -# terraform init -backend-config backends/pangeo-backend.hcl -# terraform workspace select pangeo-hubs -# -# terraform apply --var-file projects/pangeo-hubs.tfvars -# -prefix = "pangeo-hubs" -project_id = "pangeo-integration-te-3eea" -zone = "us-central1-b" -region = "us-central1" -regional_cluster = false -core_node_machine_type = "n2-highmem-4" -enable_private_cluster = true -enable_logging = false - -# We don't have enough rights to make billing alerts -budget_alert_enabled = false -billing_account_id = "" - -k8s_versions = { - # NOTE: This isn't a regional cluster / highly available cluster, when - # upgrading the control plane, there will be ~5 minutes of k8s not being - # available making new server launches error etc. - min_master_version : "1.29.1-gke.1589018", - core_nodes_version : "1.29.1-gke.1589018", - notebook_nodes_version : "1.29.1-gke.1589018", - dask_nodes_version : "1.29.1-gke.1589018", -} - -# Multi-tenant cluster, network policy is required to enforce separation between hubs -enable_network_policy = true - -filestores = { - "filestore" = { capacity_gb = 5120 } -} - -user_buckets = { - "scratch-staging" : { - "delete_after" : 7 - }, - "scratch" : { - "delete_after" : 7 - }, - "coessing-scratch" : { - "delete_after" : 14 - } -} - -# Setup notebook node pools -notebook_nodes = { - "n2-highmem-4" : { - min : 0, - max : 100, - machine_type : "n2-highmem-4", - }, - "n2-highmem-16" : { - min : 0, - max : 100, - machine_type : "n2-highmem-16", - }, - "n2-highmem-64" : { - min : 0, - max : 100, - machine_type : "n2-highmem-64", - }, - "small" : { - min : 0, - max : 100, - machine_type : "n1-standard-2", - }, - "medium" : { - min : 0, - max : 100, - machine_type : "n1-standard-4", - }, - "large" : { - min : 0, - max : 100, - machine_type : "n1-standard-8", - }, - "huge" : { - min : 0, - max : 100, - machine_type : "n1-standard-16", - }, -} - -# Setup a single node pool for dask workers. -# -# A not yet fully established policy is being developed about using a single -# node pool, see https://github.com/2i2c-org/infrastructure/issues/2687. -# -dask_nodes = { - "n2-highmem-16" : { - min : 0, - max : 100, - machine_type : "n2-highmem-16", - }, -} - -hub_cloud_permissions = { - "staging" : { - allow_access_to_external_requester_pays_buckets : true, - bucket_admin_access : ["scratch-staging"], - hub_namespace : "staging" - }, - "prod" : { - allow_access_to_external_requester_pays_buckets : true, - bucket_admin_access : ["scratch"], - hub_namespace : "prod" - }, - "coessing" : { - allow_access_to_external_requester_pays_buckets : true, - bucket_admin_access : ["coessing-scratch"], - hub_namespace : "coessing" - }, -}