Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add new cluster DANDI #3866

Merged
merged 10 commits into from
Mar 28, 2024
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions .github/workflows/deploy-grafana-dashboards.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -19,6 +19,7 @@ jobs:
- cluster_name: catalystproject-africa
- cluster_name: catalystproject-latam
- cluster_name: cloudbank
- cluster_name: dandi
- cluster_name: gridsst
- cluster_name: hhmi
- cluster_name: jupyter-meets-the-earth
Expand Down
10 changes: 10 additions & 0 deletions config/clusters/dandi/cluster.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,10 @@
name: dandi
provider: aws # https://2i2c.awsapps.com/start#/
aws:
key: enc-deployer-credentials.secret.json
clusterType: eks
clusterName: dandi
region: us-east-2
billing:
paid_by_us: true
hubs: []
25 changes: 25 additions & 0 deletions config/clusters/dandi/enc-deployer-credentials.secret.json
Original file line number Diff line number Diff line change
@@ -0,0 +1,25 @@
{
"AccessKey": {
"AccessKeyId": "ENC[AES256_GCM,data:MZvndzWpiNALn0MUbtuWFqvfMrs=,iv:RXY+LBR2QSjWEpm22qgQ624xHCqwUBONdniSrq9iG7w=,tag:v2Gtwist8G54LynyS4vR2Q==,type:str]",
"SecretAccessKey": "ENC[AES256_GCM,data:f+n68ir3cVWqnDvuR6o9x9fxgV4/enwE2Bo78j9hIt+G8/AG134lLw==,iv:/FMMU9SNiLEUQ1LlT7ZKHCJG95U/P4D4XiuAKoGjMj8=,tag:3Pt1VO6rmtuN6eDrYPUaqg==,type:str]",
"UserName": "ENC[AES256_GCM,data:3qGAxEFz8uzcxg3qNIixCstNFwveYpU=,iv:qBBr1YPyfRvV7uEgnthyLIAn1xjiOpn7bmhjbkdNyLI=,tag:tXWg2ECmaEoDQu0KW6GCEA==,type:str]"
},
"sops": {
"kms": null,
"gcp_kms": [
{
"resource_id": "projects/two-eye-two-see/locations/global/keyRings/sops-keys/cryptoKeys/similar-hubs",
"created_at": "2024-03-27T12:12:30Z",
"enc": "CiUA4OM7ePHBf6EWDiBZPv7fJqNwqMUaZZKrKM7SuoWALRxOcunIEkkAXoW3Jvx/Ofy9uDAtL9Vp1C5PY/Y3/NT0Qjm76bzBdBK8UC2egKTz3KYRA2U14G9X39SfqWXwSMz1czyFW2ojno2FxZMD7Rsh"
}
],
"azure_kv": null,
"hc_vault": null,
"age": null,
"lastmodified": "2024-03-27T12:12:31Z",
"mac": "ENC[AES256_GCM,data:QiHU3LnbaXx1ttSutGf+S+GPTSm6ujp7bM0NHZMw5AVy44bMlKl4p6D0yQXFdKmgg6tqA20cZUwk9KvCyuPZrtpwLurFAgpy5N1hToOXQTH9j+j2zslx62d6aj6ETwg5wfM416a2h+tuvws5WoX5RkCvFrUzdFeSv6rTh2CYo4c=,iv:AG1qDkpc5IgM2bB4hrHb13OSdspBUulNaWdRFaYrooc=,tag:2SR4yWgtgP9M6HBkxYmBkw==,type:str]",
"pgp": null,
"unencrypted_suffix": "_unencrypted",
"version": "3.7.3"
}
}
15 changes: 15 additions & 0 deletions config/clusters/dandi/enc-grafana-token.secret.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,15 @@
grafana_token: ENC[AES256_GCM,data:lIAqF3jj8MkwegfcSWQXYHgoCEEdaN8R5/UFSkBPdCBmwSb0wK0jtOQaNol1Xg==,iv:ephtL8S+djDG4vnRMZpjOo4uncEynzqCxUtic9MGA8A=,tag:HFA/Dvm7rLPuf7Fpt3dTgQ==,type:str]
sops:
kms: []
gcp_kms:
- resource_id: projects/two-eye-two-see/locations/global/keyRings/sops-keys/cryptoKeys/similar-hubs
created_at: "2024-03-28T11:08:02Z"
enc: CiUA4OM7eAt8g6jUz4eBmZDJnmBNBb46ry/gg48r3NGKbusMuMMJEkkAXoW3JrCEy5GKfXt3TKEDyUgUn7Ki48h7umK/oH7YH0p8sapZ6a9BjzcVTKEs+Qy2PUXb7cZ3gI4bycCRJGHEHUA03oOai4fA
azure_kv: []
hc_vault: []
age: []
lastmodified: "2024-03-28T11:08:03Z"
mac: ENC[AES256_GCM,data:0iv4bIKDkKN7eVaNrPvf9BrJ43daWZXrcy51i2GET3r8EUaPDAVfszAWvWF6FjZTfSMrVKKzfx78yJNY6R54cKrNW4vQRkAlVteiumO5kPAP1Z87t+NviDQkRTyjlslNzJaKuXeQCmp6HMZ7knmM9Hg4j2IQaSIip9tt6Rov7Ag=,iv:fU5xMf9z9NyMyJUefxymNFD88f92XovIizmZqud1nqM=,tag:o/gre7sph7io6QM2oWzKHA==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.7.3
22 changes: 22 additions & 0 deletions config/clusters/dandi/enc-support.secret.values.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,22 @@
prometheusIngressAuthSecret:
username: ENC[AES256_GCM,data:+JXHY1wulN6IygEkDNMlxcK50ockQE9sH0ToiQN75TVgnBJeF7WZ585eYAO0qE/hHikflTjzUSJSKqCjykLfBA==,iv:sfpnv8SpC8DscRUsDYC8pN4jQTuCGQui2FsS8U1uaJc=,tag:85daJ/ohklPZHqmr0UFG7w==,type:str]
password: ENC[AES256_GCM,data:vBtTP+jI9YvlZUoTuyBJAr5Qy8rSYiQ3hGxbAz2EaYCNqXXw3Z8ViLC7IkU+gnOVA3/hCOdhXVRzYMmQmL0EOg==,iv:Sq6tqsDrHPfVwkk6FaRdHDErHPuLazC1anP7d7tSzDs=,tag:baITohZhJ2O5ev2Lw+B6UQ==,type:str]
grafana:
grafana.ini:
auth.github:
client_id: ENC[AES256_GCM,data:n1xll1x3xnVNHhHPgenSIZFzM1g=,iv:OYVY4Yl9Nq2rIPY8RPOJyo/89EaMe6Rk6CTwOEmtRQA=,tag:RYM2V6OeB9GUr6oilzEaBQ==,type:str]
client_secret: ENC[AES256_GCM,data:M+pDBdHdPMz7S/xDnu1L9rpCtDTlJUBp+Ezyj+3azLWOt/znFtZefg==,iv:68/OFYD1W17/FXlrXHIKD0uvAMXJGc7C8ZE4DLwF4t8=,tag:60rY88mcFLf1P8hNAxjlRw==,type:str]
sops:
kms: []
gcp_kms:
- resource_id: projects/two-eye-two-see/locations/global/keyRings/sops-keys/cryptoKeys/similar-hubs
created_at: "2024-03-27T11:21:55Z"
enc: CiUA4OM7eAaMgnYa97RaqhQWDaQUF8GczZ9LF6inoy62e6rx8zL9EkkAXoW3JmDBwrmRIvDJV7JPY4Bl9h/twDG1USzByU2/9ZpmqhFAB9rKs7z3joeGH7cgoYXfUEhAFup3k0e+muBRVbgtITBJU2gw
azure_kv: []
hc_vault: []
age: []
lastmodified: "2024-03-28T11:26:56Z"
mac: ENC[AES256_GCM,data:M8W8ocrlctr44Ad3j0vBVtEBCN29YXAk8R97JuyeyHAwXRCzsEYOfP8aHM41R881+KXzqtO20/fHjL+P9McQM6KplQSiuiDBACjypXUioHz8Jnv+BghiMvvv4FRNt0gEaLK8TyXl0DUyewwxd2q/E0Bch4vr58WSQFJQA86+D+4=,iv:8/WxPGBJN4iSKjzp/+lTAPwgr+0wA8Rnwu3YpU7bQrY=,tag:yYgTC7xN7r6aoXS29lhH4g==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.7.3
32 changes: 32 additions & 0 deletions config/clusters/dandi/support.values.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,32 @@
prometheusIngressAuthSecret:
enabled: true

prometheus:
server:
ingress:
enabled: true
hosts:
- prometheus.dandi.2i2c.cloud
tls:
- secretName: prometheus-tls
hosts:
- prometheus.dandi.2i2c.cloud

grafana:
grafana.ini:
server:
root_url: https://grafana.dandi.2i2c.cloud/
auth.github:
enabled: true
# allowed_organizations should be a space separated list
allowed_organizations: 2i2c-org
auth.github:
enabled: true
allowed_organizations: 2i2c-org
ingress:
hosts:
- grafana.dandi.2i2c.cloud
tls:
- secretName: grafana-tls
hosts:
- grafana.dandi.2i2c.cloud
158 changes: 158 additions & 0 deletions eksctl/dandi.jsonnet
Original file line number Diff line number Diff line change
@@ -0,0 +1,158 @@
/*
This file is a jsonnet template of a eksctl's cluster configuration file,
that is used with the eksctl CLI to both update and initialize an AWS EKS
based cluster.

This file has in turn been generated from eksctl/template.jsonnet which is
relevant to compare with for changes over time.

To use jsonnet to generate an eksctl configuration file from this, do:

jsonnet dandi.jsonnet > dandi.eksctl.yaml

References:
- https://eksctl.io/usage/schema/
*/
local ng = import "./libsonnet/nodegroup.jsonnet";

// place all cluster nodes here
local clusterRegion = "us-east-2";
local masterAzs = ["us-east-2a", "us-east-2b", "us-east-2c"];
local nodeAz = "us-east-2a";

// Node definitions for notebook nodes. Config here is merged
// with our notebook node definition.
// A `node.kubernetes.io/instance-type label is added, so pods
// can request a particular kind of node with a nodeSelector
local notebookNodes = [
{ instanceType: "r5.xlarge" },
{ instanceType: "r5.4xlarge" },
{ instanceType: "r5.16xlarge" },
{
instanceType: "g4dn.xlarge",
tags+: {
"k8s.io/cluster-autoscaler/node-template/resources/nvidia.com/gpu": "1"
},
// Allow provisioning GPUs across all AZs, to prevent situation where all
// GPUs in a single AZ are in use and no new nodes can be spawned
availabilityZones: masterAzs,
},
{
instanceType: "g4dn.2xlarge",
tags+: {
"k8s.io/cluster-autoscaler/node-template/resources/nvidia.com/gpu": "1"
},
// Allow provisioning GPUs across all AZs, to prevent situation where all
// GPUs in a single AZ are in use and no new nodes can be spawned
availabilityZones: masterAzs,
}
];
local daskNodes = [
// Node definitions for dask worker nodes. Config here is merged
// with our dask worker node definition, which uses spot instances.
// A `node.kubernetes.io/instance-type label is set to the name of the
// *first* item in instanceDistribution.instanceTypes, to match
// what we do with notebook nodes. Pods can request a particular
// kind of node with a nodeSelector
//
// A not yet fully established policy is being developed about using a single
// node pool, see https://github.com/2i2c-org/infrastructure/issues/2687.
//
{ instancesDistribution+: { instanceTypes: ["r5.4xlarge"] }},
];


{
apiVersion: 'eksctl.io/v1alpha5',
kind: 'ClusterConfig',
metadata+: {
name: "dandi",
region: clusterRegion,
version: "1.29",
},
availabilityZones: masterAzs,
iam: {
withOIDC: true,
},
// If you add an addon to this config, run the create addon command.
//
// eksctl create addon --config-file=dandi.eksctl.yaml
//
addons: [
{
// aws-ebs-csi-driver ensures that our PVCs are bound to PVs that
// couple to AWS EBS based storage, without it expect to see pods
// mounting a PVC failing to schedule and PVC resources that are
// unbound.
//
// Related docs: https://docs.aws.amazon.com/eks/latest/userguide/managing-ebs-csi.html
//
name: 'aws-ebs-csi-driver',
version: "latest",
wellKnownPolicies: {
ebsCSIController: true,
},
},
],
nodeGroups: [
ng + {
namePrefix: 'core',
nameSuffix: 'a',
nameIncludeInstanceType: false,
availabilityZones: [nodeAz],
ssh: {
publicKeyPath: 'ssh-keys/dandi.key.pub'
},
instanceType: "r5.xlarge",
minSize: 1,
maxSize: 6,
labels+: {
"hub.jupyter.org/node-purpose": "core",
"k8s.dask.org/node-purpose": "core"
},
},
] + [
ng + {
namePrefix: 'nb',
availabilityZones: [nodeAz],
minSize: 0,
maxSize: 500,
instanceType: n.instanceType,
ssh: {
publicKeyPath: 'ssh-keys/dandi.key.pub'
},
labels+: {
"hub.jupyter.org/node-purpose": "user",
"k8s.dask.org/node-purpose": "scheduler"
},
taints+: {
"hub.jupyter.org_dedicated": "user:NoSchedule",
"hub.jupyter.org/dedicated": "user:NoSchedule"
},
} + n for n in notebookNodes
] + ( if daskNodes != null then
[
ng + {
namePrefix: 'dask',
availabilityZones: [nodeAz],
minSize: 0,
maxSize: 500,
ssh: {
publicKeyPath: 'ssh-keys/dandi.key.pub'
},
labels+: {
"k8s.dask.org/node-purpose": "worker"
},
taints+: {
"k8s.dask.org_dedicated" : "worker:NoSchedule",
"k8s.dask.org/dedicated" : "worker:NoSchedule"
},
instancesDistribution+: {
onDemandBaseCapacity: 0,
onDemandPercentageAboveBaseCapacity: 0,
spotAllocationStrategy: "capacity-optimized",
},
} + n for n in daskNodes
] else []
)
}
1 change: 1 addition & 0 deletions eksctl/ssh-keys/dandi.key.pub
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDGZlowSxxPZdz3HReqNh5jyzQU6eyswrD1RX/whPemNPedTc9JBsEFFMRJ25Wook3qlzwRJTPcnbdkRi869GMrimHmNn1qA/TFLWvNe0k2PwPLvLoMEYzxsqYT/xamvoc7FcG6F9LNXTl3IxsnXMn9nz1dKKXJr9Fxv0TirwYrpUVtdwosFzhEIbj51jT7A/2Ftt6OgkCoqmKz1ZSFyI5sk4jbjU/ZNfKHCI2iCLiOZtKZMrYZPUmLrPx+aeRvhjfHj7EwzU6Azcsbw836/swjjre8GbKTtpmAzsMUgcpsZp5q4a36kc/Di484iOYZI4oakuUYUMG9VqdKSEh53eFwAo6KrWN8IvzlS6LIgOJSZ6J8Yli4te57zJcBg221l9Wv23rHHDoRJ7c5RCLudUNqIoHzN4x3qp8c4nOyDBO1KH87OeUuQpgUJYPUPtZRnXp7BMO9VrnA6JuRg7uPBxyqOvy4kj5YwFBKsa88bd/NGMuL/IL7PfPSrpiG9k21DY0= [email protected]
21 changes: 21 additions & 0 deletions eksctl/ssh-keys/secret/dandi.key
Original file line number Diff line number Diff line change
@@ -0,0 +1,21 @@
{
"data": "ENC[AES256_GCM,data:djJvABFOD5g06XD7WNkX/EGRSzHE0knBgHKUrtJGullMNVye6gJsNsCOVmel3PIewQDFRM6uxMgQo8B2MBjlEWrn8+THavrRbaUhDSDM2nHKpBCtQjoFmKFKCD7c4XfTAoV+wvapiWBEs5/E4+ld8xTRaKwDTqmNV8LD7/egUzmLDqNEwG7CrpIVilKI8pWbTeoRQ3SPL1z/Y3ozoeI9lMheMCk8+Dr4vV/wbE8eSyOiCpypDruqtEuxkcavUu1O6CvO+X5Q1AiHKiTg1SbXOJ0iYCz6bj2ze7Bu7KI6nLTt933WfJ/XjWjwxhsjHYO6LGW6w440C1A6FWH7dcrRHNSXlV4slBviBHgPBkaXtfEpjS2gZLp88OrwiykDQNtAbK8IRcSlRsh7lQgXbYqO0sBBvnnjHdFcel6CBVaA9jAYQE/oRBV0/2pYhdAu9vf2bjBlNrVz3LoF8W0WkjkT2PTM+zbDyfriB5mMht/6+iHcmjJtC9W1rR9bx2b9v84ulYB04UVwqvrLxvuhswCkjNHI60aLuM8txfEM+K/qj0U01fZrUcdKPWJwpGbCuxt2pCDwdT0mTwEhJYc/heU/UT6LWhtcNz403e4g2dpJN3Hr5Djjhzu2T9mBX5u316lIuz+dCpgGFXCkisSoYbznYaN8btrrsQW0VVqqlmIs3CJCfs1MfvjcHWGtsUIF0b6uK5HtU/rrf0zyaWsWP1pM4Rocxn5CtXfEX2UF41XfJN+tWs04cI8gILCd0Ktr1d81fIIQQt2WArSI3yuOWv1kpjLWhanV3buTkZg+drhYxmQ0Iz+BfTavdXZledw17ye/1+zbNsBb0mG/DE3RWfs3KXxXbzn9bNFdECm5/431AmmRzQzhynpdcfI3pg1O2fR1w6gd7n4wioEWLemSoo+MNMzJnxw72rvbRdOOqPEnf43zVjxzKWSHHP2ClGOrNL5+00d4JRoa+IeWorUSWjMGsnspKlNkI/aXeODbYUKIdyRW4DPyDLtxt2y2VyJ/GPGSS76R/L0WgdamVMLFXFlBhqyLEkzWkfC3pyJr7lbBCS/P9uiWezjOS0ZKcTJ887AH9iIUJFEuXErIylVo35toTNDEYryD7T6ovI2TRE06HA5djvxqr1XROoFSNIoxX6uNEK+GVRmgroGP/aesnnPx9sdNvO//QXmGwr6r450ky1G6RvYcrcj7SxVHvgnlfzwM2htl0prkRFPmcJQ31eRAfWT6RZEJtSxGNklP/l/0BqiXLtNP8zEhu8khrGKKdfiNC6kGjvy8xO44mBGLQk0iuG3LAYJk1Nwv01QieqJIJs2bZMUXeAnCU8g9yyjuLBXmocBKnk9py//qvhzerxD6+xKsy/krBAak70c2cahbf0ZFiJA7TLuqs5c8FYxDlZwRJnFUEX0qMQFll++dz4VA65RVTEWy6UsrtXIN4WpA0bTLUNbSc0Ll7Mpe/dKMU7iF2JEnL8/WkkiYmuCjdACEFjUJGB+gezgU7m57FfB9kcO9ognYgHARXw9ikurL3uy0gsFgCbtMO07AhbkUZBqJRcZlpAME0LJQXgrhtPogyUgKyKT+20VgHwMq/HuuFaOhHYKc13b8A14l/Wo06AIBVwjrGbvUXxx339VwjLklcOc7+bhWsqnlU8ynuZYaygyeAEs/4xFrfuVOeSK951lwjjNqEWJhjAiBA7prCjzRwKVcsmpYM88BYB5d65MhnJhYX71W6WsWrfvA1YvieBrXoZAwOGUdCmKtAaWBborwzjv49hrqZnJiwxHFrRfDw9/sx6jrMwE28HdJLdjbYsLfO5RbX8D27n4NohfU8YBEh+DopEzw7bYyNcTRw+hzC7WGm9XrLEuCVPNzkBf+TR3gpsz4YGeiaSGYQws6IrS5TqGKFwlRu+1PrwZAW7jwLF366m4JeOSI2egnXQf0mOWlOpWEvpL1SRVcJAsJJeMy+SvPfW1mPgX5972lQdzVINOXYxpSfQhe1MRNKQDWM6/0kqus8erbbSUNTO/18nYwoZm0qgSnl285FGvc6e378ershTlD6EnZRQhZuUogK8H4VgSPDQTLKxRw/HinaQnxkCMDqZZVT7dxLKrOwbg45anSLFGqRlXVdT+cdB8D5UjYouRBi5qlwhS4TkDGSdCI2FV/A5AHQt1VYRlZp0amPsulmlOEZkDy8d9fxneAxztnX8EPvhOHkS/ElNuzJU/qSi0VBVdGF16Gwu39ErQ9wpe1LrhOL6wYvmZ2UwGQG/t6ufAFCXT1xJnN5Jpx5sKnzmbL9hhQvq9rtJv+3KTj9i42ESbN1EOIqm/X0CHniAQs/81Mye5LtB21fPrjlj8E1FbWWzNuknUA+isaMqq5u0mLE2QnPmOsV/44Ju7mfyG0ITj3gQU5SMHkHWVWDGYQvvz0sinKB4ODyaR31K344SdB4UV/3WePzKWDzHCdPk3tzuGRzycGESS0it1XgDaPYk7IccFaW2VlJ0IRrQfqH4hw/oSCt1msIX3sfcRFg2bHuyUnNfXSStZ6UaQwvYuQC+NqZxA2mgmkbCKgNr3gjyv+/b/nRfMhm1QNx0GOg4fwbj/BYWBJvB/08BIRPqhjNr3pYFReWIvj2ybYXC6FPIpXFFM9PljhQzdx9gVbd3e3e0kcpuPtm9L5Amilr/1PfTlteKKpkhhEm8I5MSXXIEuIlh6LxsIBQGShS13W82Nljdx8zYZkQx5wi0sGYSkSEENc1KED8B9F1fRe0wUo524IWz/yEjJQ0cPeOEA1lR8ngXxh33ISNA7AxATA686whs9FARDSReDzbmNIQ3TZa3s264V1TubR3Mc3okmBa0Y2WUuaoVnVALEtwDlNnW7zfvq3VWrrtHVq+j0KBARhN8gIptECbAycfKDNmvkqZEgjcAFL/0NYua4PT7OlLREWNobXc2AK64ao7TArdRlNBCyW5NCJyxC6g/WkLs6kFxEgFh1QtBGSafP6ys+3ude4rhVa0NBA76KV7ksYDZqshpl69wGwlHfztwI+06abqyi30Mg1Gt/ECRpPTsJI6ukvIB5S1C/053TbkJimGpSNsxvkLazAVsv95u+2/fLirYDxDqrAejt2wWyNwJFzIBrxLHBNkv4CBQp0fJCcr5/QHwrvq5MFGaf91IuL2vOqVc6VAOTUoywMS7bHXJqbeGakfmhwnUaGheUqStoW+580Mx6VQ6mWmU3s2I4lIc/PhVzm7N2jIYRnkIeqyt52AHSqblCqHi99wUZS+C1Wg/s/Bwm7IDRISuMynSYHMLbINr/a6P+ogj5t5smksT9fvgQt3a6/dMpbfuttnjPqdlcXYC84FWUvdnGffyk8jy77FVu7oQpahYnTRLdWh3hQoxQbQEphP6DKUi8XGPaz7EiOqgRrcA3X33KxbabuBeOsMcbKmL0rQinTJjtFuMj3dI6xkVp+evUm17+GAG7tBpp7N5LscwXP2a1nYmmYf/dQRL9CBSHG,iv:Vl9ffOkvOis3jj1VD/V20N9+AANdQlhWpGHSQ8kOdiQ=,tag:GAZnXhGY/lT1TFNxOK4loQ==,type:str]",
"sops": {
"kms": null,
"gcp_kms": [
{
"resource_id": "projects/two-eye-two-see/locations/global/keyRings/sops-keys/cryptoKeys/similar-hubs",
"created_at": "2024-03-27T11:21:55Z",
"enc": "CiUA4OM7eJAfCKW3LwPtVN6wuDBjgkRyoRqsV2qIxK/NvPy6FJztEkkAXoW3JibG4733q8SwyjMN+3eq8iRrDLguuGbIIe24XVQNn1hCYzKTV6OpWb9ADOJYkxa1jlCa/Oju+ijnKKoJ7fvs7fCrXWhx"
}
],
"azure_kv": null,
"hc_vault": null,
"age": null,
"lastmodified": "2024-03-27T11:21:55Z",
"mac": "ENC[AES256_GCM,data:hSkD4dbecoRyxTwy32akK99EflQkDcCZxwSzDLKZntiuR9aUimDo/R9Kq0bqRH8LnTQLBKCjrPhOHx7FuzciHVAnBBln90wjw73uKFv0OcLP+LBVMiebF0AcFS6/O3fccj6ArQLf8mKhuWMpNdTXeW39h6Njfl5uHDYZ5iMuDm8=,iv:mcIVuWdxCGMpzFxqDkz1xEnHMbtaZSAEvpylqEtYCs8=,tag:BV7vx0C1rTSZwqEwDMOakg==,type:str]",
"pgp": null,
"unencrypted_suffix": "_unencrypted",
"version": "3.7.3"
}
}
26 changes: 26 additions & 0 deletions terraform/aws/projects/dandi.tfvars
Original file line number Diff line number Diff line change
@@ -0,0 +1,26 @@
region = "us-east-2"

cluster_name = "dandi"

cluster_nodes_location = "us-east-2a"

user_buckets = {
"scratch-staging" : {
"delete_after" : 7
},
"scratch" : {
"delete_after" : 7
},
}


hub_cloud_permissions = {
"staging" : {
bucket_admin_access : ["scratch-staging"],
extra_iam_policy : ""
},
"prod" : {
bucket_admin_access : ["scratch"],
extra_iam_policy : ""
},
}