From e5aa421599dbe2c8b848cb66826cbc8ae5597195 Mon Sep 17 00:00:00 2001 From: Sarah Gibson Date: Tue, 15 Oct 2019 10:53:28 +0100 Subject: [PATCH 01/66] Ignore vscode settings --- .gitignore | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.gitignore b/.gitignore index fe9276ec6..d71590d86 100644 --- a/.gitignore +++ b/.gitignore @@ -13,3 +13,5 @@ mybinder/requirements.lock docs/_build travis/crypt-key env + +.vscode From 304292527ca666df2a3dcbcfb195d406503578eb Mon Sep 17 00:00:00 2001 From: Sarah Gibson Date: Tue, 15 Oct 2019 11:00:15 +0100 Subject: [PATCH 02/66] Add Turing config file - Copy ovh.yaml to turing.yaml - Remove refs to ovh throughout - Leave blank the things I don't know yet :smile: --- config/turing.yaml | 191 +++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 191 insertions(+) create mode 100644 config/turing.yaml diff --git a/config/turing.yaml b/config/turing.yaml new file mode 100644 index 000000000..d2e3c1836 --- /dev/null +++ b/config/turing.yaml @@ -0,0 +1,191 @@ +projectName: turing + +binderhub: + config: + BinderHub: + pod_quota: 120 + hub_url: # + badge_base_url: https://mybinder.org + image_prefix: + sticky_builds: true + DockerRegistry: + token_url: + registry: + url: + + replicas: 1 + + resources: + requests: + cpu: "0.25" + memory: 1Gi + limits: + cpu: "2" + memory: 1Gi + + extraVolumes: + - name: secrets + secret: + secretName: events-archiver-secrets + extraVolumeMounts: + - name: secrets + mountPath: /secrets + readOnly: true + extraEnv: + - name: GOOGLE_APPLICATION_CREDENTIALS + value: /secrets/service-account.json + + ingress: + hosts: + - # + - # + + jupyterhub: + hub: + resources: + requests: + cpu: "0.25" + memory: 1Gi + limits: + cpu: "2" + memory: 1Gi + singleuser: + memory: + guarantee: 550M + limit: 2G + cpu: + guarantee: 0.01 + limit: 1 + proxy: + https: + type: offload + chp: + resources: + requests: + memory: 320Mi + cpu: "0.1" + limits: + memory: 320Mi + cpu: "0.5" + nginx: + resources: + requests: + memory: 512Mi + cpu: "0.25" + limits: + memory: 512Mi + cpu: 1 + + ingress: + annotations: + kubernetes.io/ingress.class: nginx + kubernetes.io/tls-acme: 'false' + hosts: + - # + tls: + - secretName: tls-crt + hosts: + - # + + scheduling: + userScheduler: + enabled: false + podPriority: + enabled: true + userPlaceholder: + enabled: true + replicas: 5 + +grafana: + ingress: + annotations: + kubernetes.io/ingress.class: nginx + kubernetes.io/tls-acme: 'false' + hosts: + - # + tls: + - hosts: + - # + secretName: tls-crt + datasources: + datasources.yaml: + apiVersion: 1 + datasources: + - name: prometheus + orgId: 1 + type: prometheus + url: # + access: direct + isDefault: true + editable: false + +prometheus: + server: + ingress: + annotations: + kubernetes.io/ingress.class: nginx + kubernetes.io/tls-acme: 'false' + hosts: + - # + tls: + - hosts: + - # + secretName: tls-crt + +nginx-ingress: + controller: + hostNetwork: true + replicaCount: 1 + scope: + enabled: false + + +static: + ingress: + annotations: + kubernetes.io/ingress.class: nginx + kubernetes.io/tls-acme: 'false' + hosts: + - # + tls: + - hosts: + - # + secretName: tls-crt + +redirector: + redirects: + - type: host + host: + from: # + to: # + - type: host + host: + from: # + to: mybinder.readthedocs.io + - type: host + host: + from: # + to: play.nteract.io + +matomo: + enabled: false + db: + instanceName: binder-staging:us-central1:matomo + trustedHosts: + - # + ingress: + hosts: + - # + +analyticsPublisher: + enabled: false + project: binder-turing + events: + sourceBucket: mybinder-staging-events-raw-export + destinationBucket: mybinder-staging-events-archive + +gcsProxy: + enabled: false + buckets: + - name: mybinder-staging-events-archive + host: # From 3803833a841449d4cdf1f8d2938bb0c7288df335 Mon Sep 17 00:00:00 2001 From: Sarah Gibson Date: Tue, 15 Oct 2019 11:05:03 +0100 Subject: [PATCH 03/66] Add turing_mybinder_org_ingress.yaml file - Configuring ingress for turing.mybinder.org - May need replacing with test subdomain --- .../turing/turing_mybinder_org_ingress.yaml | 22 +++++++++++++++++++ 1 file changed, 22 insertions(+) create mode 100644 config/turing/turing_mybinder_org_ingress.yaml diff --git a/config/turing/turing_mybinder_org_ingress.yaml b/config/turing/turing_mybinder_org_ingress.yaml new file mode 100644 index 000000000..c0810fbbe --- /dev/null +++ b/config/turing/turing_mybinder_org_ingress.yaml @@ -0,0 +1,22 @@ +apiVersion: extensions/v1beta1 +kind: Ingress +metadata: + name: turing-mybinder-org + annotations: + kubernetes.io/tls-acme: "true" + kubernetes.io/ingress.class: "nginx" +spec: + rules: + # May need to be replaced with a dummy for testing + - host: turing.mybinder.org + http: + paths: + - path: / + backend: + serviceName: binder + servicePort: 8585 + tls: + - secretName: kubelego-tls-binder-turing + hosts: + # May need to be replaced with a dummy for testing + - "turing.mybinder.org" From 3c8b6818d195735282a2ca8608d46bfdd5b86758 Mon Sep 17 00:00:00 2001 From: Sarah Gibson Date: Tue, 15 Oct 2019 11:23:48 +0100 Subject: [PATCH 04/66] Filling in config/turing.yaml - Took some guesses at the various hosts --- config/turing.yaml | 51 +++++++++++++++++++++++----------------------- 1 file changed, 25 insertions(+), 26 deletions(-) diff --git a/config/turing.yaml b/config/turing.yaml index d2e3c1836..967f6246d 100644 --- a/config/turing.yaml +++ b/config/turing.yaml @@ -4,14 +4,14 @@ binderhub: config: BinderHub: pod_quota: 120 - hub_url: # + hub_url: https://hub.turing.mybinder.org badge_base_url: https://mybinder.org - image_prefix: + image_prefix: turingmybinderregistry.azurecr.io/binder-prod/binder-prod- sticky_builds: true DockerRegistry: - token_url: + token_url: https://turingmybinderregistry.azurecr.io/oauth2/token?service=turingmybinderregistry.azurecr.io registry: - url: + url: https://turingmybinderregistry.azurecr.io replicas: 1 @@ -37,8 +37,7 @@ binderhub: ingress: hosts: - - # - - # + - turing.mybinder.org jupyterhub: hub: @@ -81,11 +80,11 @@ binderhub: kubernetes.io/ingress.class: nginx kubernetes.io/tls-acme: 'false' hosts: - - # + - hub.turing.mybinder.org tls: - secretName: tls-crt hosts: - - # + - hub.turing.mybinder.org scheduling: userScheduler: @@ -102,11 +101,11 @@ grafana: kubernetes.io/ingress.class: nginx kubernetes.io/tls-acme: 'false' hosts: - - # + - grafana-turing.mybinder.org tls: - hosts: - - # - secretName: tls-crt + - grafana-turing.mybinder.org + secretName: tls-crt-turing datasources: datasources.yaml: apiVersion: 1 @@ -114,7 +113,7 @@ grafana: - name: prometheus orgId: 1 type: prometheus - url: # + url: https://prometheus-turing.mybinder.org access: direct isDefault: true editable: false @@ -126,11 +125,11 @@ prometheus: kubernetes.io/ingress.class: nginx kubernetes.io/tls-acme: 'false' hosts: - - # + - prometheus-turing.mybinder.org tls: - hosts: - - # - secretName: tls-crt + - prometheus-turing.mybinder.org + secretName: tls-crt-turing nginx-ingress: controller: @@ -146,25 +145,25 @@ static: kubernetes.io/ingress.class: nginx kubernetes.io/tls-acme: 'false' hosts: - - # + - static-turing.mybinder.org tls: - hosts: - - # - secretName: tls-crt + - static-turing.mybinder.org + secretName: tls-crt-turing redirector: redirects: - type: host - host: - from: # - to: # + # host: + # from: beta-binder.mybinder.ovh + # to: binder.mybinder.ovh - type: host host: - from: # + from: docs-turing.mybinder.org to: mybinder.readthedocs.io - type: host host: - from: # + from: playground-turing.mybinder.org to: play.nteract.io matomo: @@ -172,10 +171,10 @@ matomo: db: instanceName: binder-staging:us-central1:matomo trustedHosts: - - # + - staging-turing.mybinder.org ingress: hosts: - - # + - staging-turing.mybinder.org analyticsPublisher: enabled: false @@ -188,4 +187,4 @@ gcsProxy: enabled: false buckets: - name: mybinder-staging-events-archive - host: # + host: archive-analytics-staging-turing.mybinder.org From 34a13c8067236b535f0ee4f2aafd2be5423fcd0a Mon Sep 17 00:00:00 2001 From: Sarah Gibson Date: Wed, 16 Oct 2019 09:52:27 +0100 Subject: [PATCH 05/66] Add turing secrets --- secrets/config/turing.yaml | Bin 0 -> 386 bytes 1 file changed, 0 insertions(+), 0 deletions(-) create mode 100644 secrets/config/turing.yaml diff --git a/secrets/config/turing.yaml b/secrets/config/turing.yaml new file mode 100644 index 0000000000000000000000000000000000000000..eec4ca6fece585e448d3786501167e49a2911acb GIT binary patch literal 386 zcmV-|0e$`eM@dveQdv+`0Jn5E4$@kTvHPYcZ*+n{t*Z~~dEByEBO+iri0&OGwBOkK zQZy}BKg01Jod)Pr!|NgU^Xg+yf6Oc&r9`qHD~E2hY9|h4%8GeG6df6LWYfFQXEAmW zXEY}VVko{HLHuhvo1zf$_|w4uW%wzCDNwM_Dp~J`Q+HdFETc*ezC9UJR)fPO+$mCA zU?|4S&w?m~WT4U*&-E`0w~;Agg9#Q50Bp>Zcz|f96a|zfAfFv3Xw&B+#}4RW)d@Q9 zJoD9Wrm(PJuAtIQTFLS0-opH47_!m0nD&mw&Q(8$Ru3V^ebleuO!_?=5Y$k;t_ zee49i$x#%>dlVphvZmUH+t1c{J`@D7&J(k8Vl-f>mGdNQ=eR{sbw}tN5@13iNYe^# gtu=!Cf Date: Wed, 16 Oct 2019 10:36:30 +0100 Subject: [PATCH 06/66] Add turing k8s auth to deploy.py --- deploy.py | 30 ++++++++++++++++++++++++++++++ secrets/turing-auth-key-prod.json | Bin 0 -> 193 bytes 2 files changed, 30 insertions(+) create mode 100644 secrets/turing-auth-key-prod.json diff --git a/deploy.py b/deploy.py index 6c74d9a63..a897cc78c 100755 --- a/deploy.py +++ b/deploy.py @@ -13,6 +13,34 @@ HERE = os.path.dirname(__file__) ABSOLUTE_HERE = os.path.dirname(os.path.realpath(__file__)) +def setup_auth_turing(): + """ + Set up athentication with Turing k8s cluster on Azure. + """ + # Read in auth info + azure_file = os.path.join(HERE, "turing-auth-key-prod.json") + with open(azure_file, "r") as stream: + azure = json.load(stream) + + # Login in to Azure + login_cmd = [ + "az", "login", "--service-principal", + "--username", azure["sp-app-id"], + "--password", azure["sp-app-key"], + "--tenant", azure["tenant"] + ] + subprocess.check_output(login_cmd) + + # Set kubeconfig + creds_cmd = [ + "az", "aks", "get-credentials", + "--name", "prod", + "--resource-group", "binder-prod" + + ] + stdout = subprocess.check_output(creds_cmd) + print(stdout.decode('utf-8')) + def setup_auth_ovh(release, cluster): """ @@ -181,6 +209,8 @@ def main(): if args.cluster == 'binder-ovh': setup_auth_ovh(args.release, args.cluster) + elif args.cluster == 'turing': + setup_auth_turing() else: setup_auth_gcloud(args.release, args.cluster) diff --git a/secrets/turing-auth-key-prod.json b/secrets/turing-auth-key-prod.json new file mode 100644 index 0000000000000000000000000000000000000000..bda7c6478129a4907e14de06d3460eca763775da GIT binary patch literal 193 zcmV;y06zZ!M@dveQdv+`09O_8Vrb+}HllY@D&;qT=MQ~FJkBZrt7z8miT-h3Uk=Al zF1$(|qanltE;z2T8g6eu-vjlOtCGuTW;+yNhlxo|db)yNiUXyeI5g~mW^{<^`amNf z*79v=oIeNJ7!7@&V#dI##}{}kU*Rfv*&4*K;fH)1A92vukx&_z@sM}MVBdBjy-m#- vcuQq)jm0qkqqm+Yh-|)&P{6X?)p}@vydYv$TR0(fu&h-HKQFS(9NHnRf_+(m literal 0 HcmV?d00001 From 740a1907d99bcc136c1283ec21a09997a354468a Mon Sep 17 00:00:00 2001 From: Sarah Gibson Date: Wed, 16 Oct 2019 10:38:58 +0100 Subject: [PATCH 07/66] Correct path to Azure auth key file --- deploy.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/deploy.py b/deploy.py index a897cc78c..de80ad3de 100755 --- a/deploy.py +++ b/deploy.py @@ -18,7 +18,7 @@ def setup_auth_turing(): Set up athentication with Turing k8s cluster on Azure. """ # Read in auth info - azure_file = os.path.join(HERE, "turing-auth-key-prod.json") + azure_file = os.path.join(ABSOLUTE_HERE, "secrets", "turing-auth-key-prod.json") with open(azure_file, "r") as stream: azure = json.load(stream) From 91084fa55cdea5eb36794edf65fb3dc89bba1069 Mon Sep 17 00:00:00 2001 From: Sarah Gibson Date: Wed, 16 Oct 2019 10:47:13 +0100 Subject: [PATCH 08/66] Add Turing cluster to Travis deployment: --- .travis.yml | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/.travis.yml b/.travis.yml index f80d1275b..866bd5d24 100644 --- a/.travis.yml +++ b/.travis.yml @@ -32,6 +32,9 @@ before_deploy: - | # Stage 1: Install gcloud SDK curl -L https://dl.google.com/dl/cloudsdk/channels/rapid/downloads/google-cloud-sdk-173.0.0-linux-x86_64.tar.gz | tar --directory ${HOME} --extract --gzip --file - +- | + # Stage 1: Install Azure CLI + curl -L https://aka.ms/InstallAzureCli | bash - | # Stage 1: Install Kubectl mkdir -p ${HOME}/bin @@ -90,12 +93,17 @@ before_deploy: - | # Stage 5, Step 3: Deploy to production on ovh k8s python ./deploy.py ovh binder-ovh +- | + # Stage 5, Step 4: Deploy to production on Turing k8s + python ./deploy.py prod turing - | # Stage 5, Step 4: Verify production works travis_retry py.test -vx -n 2 --binder-url=https://gke.mybinder.org --hub-url=https://hub.gke.mybinder.org - | # Stage 5, Step 5: Verify production on ovh k8s works travis_retry py.test -vx -n 2 --binder-url=https://ovh.mybinder.org --hub-url=https://hub-binder.mybinder.ovh +- # Stage 5, Step 6: Verify production on Turing k8s works + travis_retry py.test -vx -n 2 --binder-url=https://turing.mybinder.org --hub-url=https://hub.turing.mybinder.org env: From b4ce725b3d210e0eb608f6ba2954d439594fa5d5 Mon Sep 17 00:00:00 2001 From: Sarah Gibson <44771837+sgibson91@users.noreply.github.com> Date: Wed, 16 Oct 2019 11:12:38 +0100 Subject: [PATCH 09/66] Update .travis.yml Thanks @manics! Co-Authored-By: Simon Li --- .travis.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/.travis.yml b/.travis.yml index 866bd5d24..8b44871a5 100644 --- a/.travis.yml +++ b/.travis.yml @@ -102,7 +102,8 @@ before_deploy: - | # Stage 5, Step 5: Verify production on ovh k8s works travis_retry py.test -vx -n 2 --binder-url=https://ovh.mybinder.org --hub-url=https://hub-binder.mybinder.ovh -- # Stage 5, Step 6: Verify production on Turing k8s works +- | + # Stage 5, Step 6: Verify production on Turing k8s works travis_retry py.test -vx -n 2 --binder-url=https://turing.mybinder.org --hub-url=https://hub.turing.mybinder.org From d36d083e3b3860e8e8b252c6571a5769722e4e6e Mon Sep 17 00:00:00 2001 From: Sarah Gibson Date: Tue, 22 Oct 2019 10:00:12 +0100 Subject: [PATCH 10/66] Remove turing ingress yaml file --- .../turing/turing_mybinder_org_ingress.yaml | 22 ------------------- 1 file changed, 22 deletions(-) delete mode 100644 config/turing/turing_mybinder_org_ingress.yaml diff --git a/config/turing/turing_mybinder_org_ingress.yaml b/config/turing/turing_mybinder_org_ingress.yaml deleted file mode 100644 index c0810fbbe..000000000 --- a/config/turing/turing_mybinder_org_ingress.yaml +++ /dev/null @@ -1,22 +0,0 @@ -apiVersion: extensions/v1beta1 -kind: Ingress -metadata: - name: turing-mybinder-org - annotations: - kubernetes.io/tls-acme: "true" - kubernetes.io/ingress.class: "nginx" -spec: - rules: - # May need to be replaced with a dummy for testing - - host: turing.mybinder.org - http: - paths: - - path: / - backend: - serviceName: binder - servicePort: 8585 - tls: - - secretName: kubelego-tls-binder-turing - hosts: - # May need to be replaced with a dummy for testing - - "turing.mybinder.org" From b04b5effd73b1d8151694b443021cf5c606eb0f6 Mon Sep 17 00:00:00 2001 From: Sarah Gibson Date: Tue, 22 Oct 2019 10:01:55 +0100 Subject: [PATCH 11/66] Remove unnecessary keys from turing.yaml --- config/turing.yaml | 44 -------------------------------------------- 1 file changed, 44 deletions(-) diff --git a/config/turing.yaml b/config/turing.yaml index 967f6246d..0c01ae124 100644 --- a/config/turing.yaml +++ b/config/turing.yaml @@ -138,53 +138,9 @@ nginx-ingress: scope: enabled: false - -static: - ingress: - annotations: - kubernetes.io/ingress.class: nginx - kubernetes.io/tls-acme: 'false' - hosts: - - static-turing.mybinder.org - tls: - - hosts: - - static-turing.mybinder.org - secretName: tls-crt-turing - -redirector: - redirects: - - type: host - # host: - # from: beta-binder.mybinder.ovh - # to: binder.mybinder.ovh - - type: host - host: - from: docs-turing.mybinder.org - to: mybinder.readthedocs.io - - type: host - host: - from: playground-turing.mybinder.org - to: play.nteract.io - -matomo: - enabled: false - db: - instanceName: binder-staging:us-central1:matomo - trustedHosts: - - staging-turing.mybinder.org - ingress: - hosts: - - staging-turing.mybinder.org - analyticsPublisher: enabled: false project: binder-turing events: sourceBucket: mybinder-staging-events-raw-export destinationBucket: mybinder-staging-events-archive - -gcsProxy: - enabled: false - buckets: - - name: mybinder-staging-events-archive - host: archive-analytics-staging-turing.mybinder.org From 53ff2930eb77a407736eeacab557d715fb768938 Mon Sep 17 00:00:00 2001 From: Sarah Gibson Date: Tue, 22 Oct 2019 10:11:34 +0100 Subject: [PATCH 12/66] Replacing subdomains with temp ones --- config/turing.yaml | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/config/turing.yaml b/config/turing.yaml index 0c01ae124..4b43cbae8 100644 --- a/config/turing.yaml +++ b/config/turing.yaml @@ -4,7 +4,7 @@ binderhub: config: BinderHub: pod_quota: 120 - hub_url: https://hub.turing.mybinder.org + hub_url: http://hub.turing.10.0.0.1.xip.io badge_base_url: https://mybinder.org image_prefix: turingmybinderregistry.azurecr.io/binder-prod/binder-prod- sticky_builds: true @@ -37,7 +37,7 @@ binderhub: ingress: hosts: - - turing.mybinder.org + - turing.10.0.0.1.xip.io jupyterhub: hub: @@ -80,11 +80,11 @@ binderhub: kubernetes.io/ingress.class: nginx kubernetes.io/tls-acme: 'false' hosts: - - hub.turing.mybinder.org + - hub.turing.10.0.0.1.xip.io tls: - secretName: tls-crt hosts: - - hub.turing.mybinder.org + - hub.turing.10.0.0.1.xip.io scheduling: userScheduler: @@ -101,10 +101,10 @@ grafana: kubernetes.io/ingress.class: nginx kubernetes.io/tls-acme: 'false' hosts: - - grafana-turing.mybinder.org + - grafana-turing.10.0.0.1.xip.io tls: - hosts: - - grafana-turing.mybinder.org + - grafana-turing.10.0.0.1.xip.io secretName: tls-crt-turing datasources: datasources.yaml: @@ -113,7 +113,7 @@ grafana: - name: prometheus orgId: 1 type: prometheus - url: https://prometheus-turing.mybinder.org + url: https://prometheus-turing.10.0.0.1.xip.io access: direct isDefault: true editable: false @@ -125,10 +125,10 @@ prometheus: kubernetes.io/ingress.class: nginx kubernetes.io/tls-acme: 'false' hosts: - - prometheus-turing.mybinder.org + - prometheus-turing.10.0.0.1.xip.io tls: - hosts: - - prometheus-turing.mybinder.org + - prometheus-turing.10.0.0.1.xip.io secretName: tls-crt-turing nginx-ingress: From c1608585c42818629aba5f2cffa955d56a7124e0 Mon Sep 17 00:00:00 2001 From: Sarah Gibson Date: Tue, 22 Oct 2019 10:16:28 +0100 Subject: [PATCH 13/66] Correct dict key in deploy.py --- deploy.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/deploy.py b/deploy.py index de80ad3de..be72a7702 100755 --- a/deploy.py +++ b/deploy.py @@ -27,7 +27,7 @@ def setup_auth_turing(): "az", "login", "--service-principal", "--username", azure["sp-app-id"], "--password", azure["sp-app-key"], - "--tenant", azure["tenant"] + "--tenant", azure["tenant-id"] ] subprocess.check_output(login_cmd) From 16d4058d1151882776c8216a23d47c7d287912ab Mon Sep 17 00:00:00 2001 From: Sarah Gibson Date: Tue, 22 Oct 2019 12:34:19 +0100 Subject: [PATCH 14/66] Correct args to deploy.py --- .travis.yml | 2 +- deploy.py | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.travis.yml b/.travis.yml index 8b44871a5..5a6d82533 100644 --- a/.travis.yml +++ b/.travis.yml @@ -95,7 +95,7 @@ before_deploy: python ./deploy.py ovh binder-ovh - | # Stage 5, Step 4: Deploy to production on Turing k8s - python ./deploy.py prod turing + python ./deploy.py turing turing - | # Stage 5, Step 4: Verify production works travis_retry py.test -vx -n 2 --binder-url=https://gke.mybinder.org --hub-url=https://hub.gke.mybinder.org diff --git a/deploy.py b/deploy.py index be72a7702..738c13ddf 100755 --- a/deploy.py +++ b/deploy.py @@ -198,7 +198,7 @@ def main(): argparser.add_argument( 'release', help="Release to deploy", - choices=['staging', 'prod', 'ovh'] + choices=['staging', 'prod', 'ovh', 'turing'] ) argparser.add_argument( 'cluster', From 32cf2222df9d293e8af2ce962ce2bec3786f392d Mon Sep 17 00:00:00 2001 From: Sarah Gibson Date: Tue, 22 Oct 2019 12:55:24 +0100 Subject: [PATCH 15/66] Expose configMap as variable to secret/ban.py This commit implements @minrk's suggestion of exposing a configMap as a variable. This (hopefully) circumvents the issue that the AKS cluster runs coredns whereas GKE runs kube-dns. --- deploy.py | 23 +++++++++++++++++------ secrets/ban.py | Bin 1953 -> 2094 bytes 2 files changed, 17 insertions(+), 6 deletions(-) diff --git a/deploy.py b/deploy.py index 738c13ddf..e4cd08c45 100755 --- a/deploy.py +++ b/deploy.py @@ -144,13 +144,20 @@ def setup_helm(release): ]) -def deploy(release): +def deploy(release, cluster): """Deploy jupyterhub""" print(BOLD + GREEN + f"Updating network-bans for {release}" + NC, flush=True) - subprocess.check_call([ - "python3", - "secrets/ban.py", - ]) + if cluster == "turing": + subprocess.check_call([ + "python3", + "secrets/ban.py", + "turing", + ]) + else: + subprocess.check_call([ + "python3", + "secrets/ban.py", + ]) print(BOLD + GREEN + f"Starting helm upgrade for {release}" + NC, flush=True) helm = [ @@ -215,7 +222,11 @@ def main(): setup_auth_gcloud(args.release, args.cluster) setup_helm(args.release) - deploy(args.release) + + if args.cluster == 'turing': + deploy(args.release, "turing") + else: + deploy(args.release) if __name__ == '__main__': diff --git a/secrets/ban.py b/secrets/ban.py index 8690fa3f9b264b80286acf28688309a04d4d9976..46fcd7322d3575253e6e704511a7b8b16e47d21e 100755 GIT binary patch literal 2094 zcmV+}2+{WdM@dveQdv+`0NU*pG%~qq`}dF`VjPOIZCQ{Vp8>WV2P_FBKpLf&S%0Q~ z9rIw@%z8O%jG?y9{TXdI`-E0#8aZ72J7tMkvEqVI%Ix_dm1Z-h6`Ur?&Je#&K8VUR zyWgh>bZbu>mYfqrX(@K`p{FC0enX&^_v^%VSx@C;T9%NEAea(ubUDG)(TR7fMnE^a zmO|0)5JD&R$FUh8X4t&)o$s3FH2suLjJ`9@&CH;daP(6pJT0Yp5LIIH75>d2OtGt;2xM(SA z`BUvcCy=pz%yUHF!j~nx!(?OET@!c1ou`b3(fy}&71^kQwwyd2!#kHEf~)�?jv zATm}#*R_yhVbILR=4I-z>iu-QG*AUVzwjQKap|G9&Mfy9_w!k}YtL&Vnt14u5}t@l z$p0YrVzAu@O9JJ?uWPaIP4}_$N5baw8nXfDQbQ7E8MQZ=z`TiU|5LkOMz?-Bm?VEQ z>$(kc{&vk;4{UmNalBv)0li>@o?>LpG-q6j^NNF*Xs=&zMJ$47fRq1d?BZqt&xU4S zk=5&@K7(gn)#8qZl`G24fJV#piwldut;~vGWnD_SWV^bHvM61;Q;*1OT85KGYbwH? z^v_;xd*2gWD!Gk%-1PdnP5jBMDntta6r_!Q?;y#YZBQ}6bR5R>M(~7Uv|3U72}t`Z zbCkE+NR6?dp^QeXXxYVQ1Dh^s|3_k`ay$B&R{CBl#k_h%FoCd2RdeNCm9{)bvRA1q3OX z*=>cq^(kbu#kUQTkr)zXDfAk$9N-dfNto1902Z7{FRRpb%jlypM%S!k`|fQx4aT#H zfU4Vg3eDq5-P?ux!p+0b<9FST3ACb(0EF2wxmKtTg1U}dHuyY9*Ib*b>*=Ur{HHxJ z)|zp%m}Uv0Xa3}sp#{`hXGk-gG3MV1Y2g;*bj}Dl~iolwJGMkaHSqMWyPAm(z zYZJOf#b+#=ig(Ifdx=ZNz@#mRe$dr(IbMczl&G}0DsKPN#l%jN#)FE#-+gz1bU9c) zoEvhQuC>rTl;`TGx~Pd${6v2V*4u1RZ&B2Ps~aYr%aaof=~TCU6{AF%Bv!qGdHkeE z^@T~#XAg~)&z_`_uzsR=4mAhh)jdCuK;zZw@R|Q*ZdL%6YL|W>4Q!wnB1(M8R#G2* zx|k1>GQJv94jtnb;JFp?A+^|7nM1KY-cS;7X3E?Jb19>jtQ-Ak-T|BJVdL%iU1947 zF`M=K)k#FH)ua8&wGe2#$Z==XuoRpw6V~yWpR|-`7(P> zDD`T9tY9laCEy+t8F^Ai>Y+8xhTbG;Y>V%KAW;G3KkBLR}A32msPvmh~Xb+?sWd>^`+ zyEv0k#@uK=YtI60%6^5z9}9`lWsR8FpiJUZ>QZYx=|sk|TVQUMTZI`?8mFH8MSK77 zJ>byDwqMO%Az`bsGR@DMx6yN3itg zd(4g$*ob!zdQmX^q#n1OWN=;P+nAx)J85?S^~S4VIQs1|OJTq1`hvGSV7w!jb_^!? zQg7*U4>8XdADHzUq-BUU*BK#Udy`bJ{#-}Qc!j}$Scm6p&$`~^cKB6y2&3uYKtUv1 z(hfn~Bw@8nLyInSxW2lkJ^g!RCtbt#8Tq)6t6~9$7*${(6YirPJt5V%aDhjId@lao z9p=6+mQ*6GH$=ZRzvxyl4|+|bIg}=cygOM~ZI77yBZkuO1}H&ciT4qm9#DVnZR$U8 z(*Y~DFar|**~Yz`kx&`+B_bb^##n^EO?iUYx3T_`hCli#%!bVquMsWu1%6sBbA|Py zat;p^knOdkqstH7<{f>vp;n*aa+ literal 1953 zcmV;S2VVF9M@dveQdv+`0H?mSnNFbeY6H!N(!j{W0Vc8;mNNvHQB!}4=n*g(t97{J zH;AsY7@*k|(^!U|H|%uvzfyp7Iv2}de#s_WK7BOFZ~7Bsg3GR(F#Tsh1ThPoSTcIM z>#?VBD(8^CzW7B;0d(3D@`lZYyE&BdWSg8Y_$N)7(YYFweE-8czc|ijIP7+RWeT8Z z26eF|_hWq#8B0ICdL1??kslMrpfNP(t&H4HLs1SvKEcj0LEdWs0f5jah^5V#Bb^JvBdQq5>wRF5rs`ywXUnQKHf1-( zL=fpdt`4Kb^EE3=cZ!_o?HwE$&3IV5_1G}8qmHpWNfac_e`4B@9WpJ!;!`>NmDh zV4Bll>iR<8R9T&xNm)#FptHn{l!w!&u9v-6&NsDy)P=(s!`6Lez*jB$Ji7^F8vM>c znd?JmcnYtgj!NigA6OeP`k1w9dV$VHNuaAK-ulU!=~yrq??U52)AI(f^U5%icKOObL6T$uvMKk} zVPNJTnZQ3bqpzRlddx#tort}6TwYpjclEsBxAp_PnQr&$ZOk(~tFu~?VO7n{VVCd2 z?|O|C}5mZ z=)sCAfNy!oE8904Vj5`c_$l3^4bn5LQl}Tz;b|dpL?NQeLD76s`abL1&`5i+8eXaQ z_JnStR|6`Q{56|`&C=p<`cSzPjRN&)i9Uqp%JZJACV$XejjXBJb|Sx>Uc_~G^&a8M zk!pB3Weh&O2M4t%vU+94qf}3+-b|QcCfx%QdbQI)tFB?Roj~f`TA6x1>SfXQ8QRs{ z{)d0JIHdPX8@7aC6jO5;`F%O8DYKn4aS{ZOgAsJQxf{gJQ&y`yUhSPLg05NB(Apem z3>{L##sn4G^B>9dZ@+@0aZO&D1Z{!aU3q#^jETd-Q}Q`sk`X*zL@^(*{S) zDw2tOMUJYUQk~>Li2eNo^K)*MN7f=}=(2z7Z~uA&xJ z;fKWQiXH${JMaYheSpiM z8{YGuVALGhlk`n?ee7w1@#H0UeZd#1n{1fRa>4C2hsvMR8Z?RMF=?$^wVW04w^y&3 zm;}?du8)Kuc{6~SWwh&RgZP9Yi%8a7Qr|JcqCUZIT8BwWo3YnjyTENZnUVtN3OXtR zn%2$3-5VVV9Ecv`tiVK1l`#m|wf+-tr=&cHz8YUT@zS6UHF%f6DpJw4@?&0&Chv^| zg!WabeG?(q8Ldp_*`DkhJ9@J;!iR^cco=eJ_Mt&!U#jjto62b1wNuHAKWe3Mc+6OqpH zW|8WMuR3O~M{w9qa1@(zLvQ6{tLfM4*vQkpoXTj#L;zPJ7OO7}y+Z3GG2)>edr}7x zc(D_A3K#gdBZ{-{}7fN|L^Rr25s6Ti^iw z&B6pu>&Fd|tz)DIH%VSzNqt9Z`(>Epr;bP~!38Ur5!W~O=fvy7rWeh>+>-oV8Kdzk z@9WZz^>MM0MnzN=LEcU;HTb>d9YK|?7frE$Hag^`YqV*KLkj&#OB1E*iw)}DO()Y} z$oHMGO2F`Ec7egjG`av2P)kI(_q#c>0oCj`C51DFeExzFV=I`WBbQ}BW Date: Tue, 22 Oct 2019 14:02:06 +0100 Subject: [PATCH 16/66] Updating deploy.py and ban.py --- deploy.py | 6 +++--- secrets/ban.py | Bin 2094 -> 2102 bytes 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/deploy.py b/deploy.py index e4cd08c45..fad2c3ebe 100755 --- a/deploy.py +++ b/deploy.py @@ -13,7 +13,7 @@ HERE = os.path.dirname(__file__) ABSOLUTE_HERE = os.path.dirname(os.path.realpath(__file__)) -def setup_auth_turing(): +def setup_auth_turing(cluster): """ Set up athentication with Turing k8s cluster on Azure. """ @@ -34,7 +34,7 @@ def setup_auth_turing(): # Set kubeconfig creds_cmd = [ "az", "aks", "get-credentials", - "--name", "prod", + "--name", cluster, "--resource-group", "binder-prod" ] @@ -217,7 +217,7 @@ def main(): if args.cluster == 'binder-ovh': setup_auth_ovh(args.release, args.cluster) elif args.cluster == 'turing': - setup_auth_turing() + setup_auth_turing(args.cluster) else: setup_auth_gcloud(args.release, args.cluster) diff --git a/secrets/ban.py b/secrets/ban.py index 46fcd7322d3575253e6e704511a7b8b16e47d21e..02962c0fc66154b7830ddec09876fbeea4208aca 100755 GIT binary patch literal 2102 zcmV-62+8*VM@dveQdv+`01REX`-o{3q&J_Z{chji)D&WHG`4YI1asi;!#hm_=iFLd zs(2U3uPn;fm!eV6dqmhqIK56^lMM5PY3y$X18vy*<$~su$fRk+cSi%%;EW=`2u_*T zg0NKEyo0FWa1M|F5)9~h{?xDpo`h^7?5%5PCK*|Z_!#0NNF@f~UqB518tc-K&d^Um zZQ_H-8D@>We$Z)o@9q3*g2YzR25zv4&fX0k*XHuagUy<1XQWl8J&1naym0F!^UN1n zK~Dc9AvIRbLFhaSVnXvk!uen*GirA3OZ+1e+-3ZO>_P1avd4z>E2(6 z#$sK~zsDb<&pbC4W`Ic)iH12_nc@h5DU4^X%Zj8L>~nG8G|_ICm9{HaC5j?guSe8q z8~_yh++Mc-;J}8x{tBooB4G0+u*u*e=857brkvB3gxZD83 ziU1Xmxu=g;GgKP*b42-q7(dXiZLW#YTyFMXvjh7K%&{7<0BW=>N(j=hk0mx`nZE2h z{FDJ5G_K!`h?P8*Y@4^`S7TZapmrFuJ!BL!I*!T|MV%WiFSZiOU)*}g9L%G+TLmW zE&{Rr{Wd%eWXX2$jP6^$vy~a=+6+(if(oerb&n&>r81t+PFGvbLc~WzS3IWH8~{9- zk1$(3H3rn}6Qt35N?`y>9WDtu0Iw*)rcmJjouzkBUj;69H z4KM{b@tY=X8D$60$v@~19@CTSa*r{g8hA17!ryX;JZ)X?&BC|BIy!K*3++sY!=S_X z)aq*Ws@iwYk@0DB5!M_yxE9PN>q*>An(EgLG?*%cA)M^kPiot1Ba+|n%{0NYyILys zio`WUbWHj+wtQ-G?CzNUcfzlxH0vmplg_^5H`ikAKaa_Y-TUvw1thv(5b56$cimv5 z-#eH-yv85Hdr$hJ9TN~>o@v6yKerHUz_Ov=#Vd7C(TDJ)ND#R&U>z=yTq{`e{!f8l zRdN^?;ME3HCM(%_GQ#@q{1!wbS^U-k3nmb9$41fX;cTt6Y}mhoWe|5=+$)t0jB&!p+jllj4g|L|)p@{Mzz zvcJs0$}ho;$^sj~My#M@USELb26!6@gDwgqC#ztJUYb~gciL6~bW%&819}$*h=PyP zF(@UMS^RrWf=xy*nFa1jcWJNHd~KiK_1o2%IV~zTC2#uo7SjCWF-m|N>|jm0a2{r) z>g^Yi{Y`6&_T36xjabT+F3OyW#yFvqgS{4&9k^|t4g@sEYRPcZ20y1(t;QG{w*p($ zoKajjHQPGOqdrOZp6lWIjA}r{GTFA;-wqLzwYrSZqiSm{9SjkCmku0OFdQ(&pS(>% zys|zyP!@BT-2c)Ta@ICRW>E>b^;dt&q89WeFPucQUdba^%xQk;s>GeVle9*Vv8tEk- z3NcH%l2guaZ%iV#Ke~XSUdo-i@uW%Ng_iI++!Uz1hXe3n2&ch0>f%}BvLOy?TYZxK zfInD~l;b!NG1*Rh*LrVd+01c(PyQY8`y{{&(W-M?DoVvfGN!KbKKpsP7EgZhp*m+S z(DaH?2rv?TauZ>_iD<0JKL_QFa@>n#0x_f$NvBY~T=Uh5AJI14@QR<$#5NJA&3aM3 zq*YVb2O=jCu#NIZt1*PhhAx0qv(;9qQE{HMEFuitq8Eqv?Q|f>)(sUV>2G~vHzA}K zwVJp)`1hSX_dW$uPO-j_g}RV1#jA3#cF#^q$rjhLH0QL8`&;SY-z&WhBlCA38@su| zGwLzmT1!+qSdMt{GRS}dvOwXI@DL+V;~A+<$AVBT29+DDhylbvIg56&W5L&6VbeGN!fyOOZb-tRz*r~W z_U-W*Sk2VFQbP9F-W(Q;`Pgr}l9xSd?t&Zb3YEfE-q4o(tMRq@!E5Sv^iO*wRzkDL zrZ2}*evsuSyxZc&yp~k{U+*OBps>VMSu*0drz1T)Y<+LJZ3U~NG4MN4WiHM}^5}D#TzY=yJEbP#2dZK1BCOI$!}z)Uq;R ziTO*EN7M3}q^Q(%_0iS_PpVfc$y@v2p=r1V4Igat6`Ma%&ba4&lcToh%~1p@7!bB+ z$ehqjSmG3R>BaTE7tZ3h(8139cnCFs8U-r4B^2qhp`Y!6y}lF7VX!8#+R??6-eY*> z%3WM16$XU2e67+_=TH>6_y}>~;(h5g7aW9Rl(Aja6otb!e57oyGuWF@F`{qM&&+T* z`(^cZ?TpNJ`0GBfV5eMjSC%!O@AHOSap;q)fh*o|jd3L1A~pcM(I&;3f%@t=df g!2Y9rsDu3z23x@0HwC`gj%u^88AjN4O|cuUh@1^0_5c6? literal 2094 zcmV+}2+{WdM@dveQdv+`0NU*pG%~qq`}dF`VjPOIZCQ{Vp8>WV2P_FBKpLf&S%0Q~ z9rIw@%z8O%jG?y9{TXdI`-E0#8aZ72J7tMkvEqVI%Ix_dm1Z-h6`Ur?&Je#&K8VUR zyWgh>bZbu>mYfqrX(@K`p{FC0enX&^_v^%VSx@C;T9%NEAea(ubUDG)(TR7fMnE^a zmO|0)5JD&R$FUh8X4t&)o$s3FH2suLjJ`9@&CH;daP(6pJT0Yp5LIIH75>d2OtGt;2xM(SA z`BUvcCy=pz%yUHF!j~nx!(?OET@!c1ou`b3(fy}&71^kQwwyd2!#kHEf~)�?jv zATm}#*R_yhVbILR=4I-z>iu-QG*AUVzwjQKap|G9&Mfy9_w!k}YtL&Vnt14u5}t@l z$p0YrVzAu@O9JJ?uWPaIP4}_$N5baw8nXfDQbQ7E8MQZ=z`TiU|5LkOMz?-Bm?VEQ z>$(kc{&vk;4{UmNalBv)0li>@o?>LpG-q6j^NNF*Xs=&zMJ$47fRq1d?BZqt&xU4S zk=5&@K7(gn)#8qZl`G24fJV#piwldut;~vGWnD_SWV^bHvM61;Q;*1OT85KGYbwH? z^v_;xd*2gWD!Gk%-1PdnP5jBMDntta6r_!Q?;y#YZBQ}6bR5R>M(~7Uv|3U72}t`Z zbCkE+NR6?dp^QeXXxYVQ1Dh^s|3_k`ay$B&R{CBl#k_h%FoCd2RdeNCm9{)bvRA1q3OX z*=>cq^(kbu#kUQTkr)zXDfAk$9N-dfNto1902Z7{FRRpb%jlypM%S!k`|fQx4aT#H zfU4Vg3eDq5-P?ux!p+0b<9FST3ACb(0EF2wxmKtTg1U}dHuyY9*Ib*b>*=Ur{HHxJ z)|zp%m}Uv0Xa3}sp#{`hXGk-gG3MV1Y2g;*bj}Dl~iolwJGMkaHSqMWyPAm(z zYZJOf#b+#=ig(Ifdx=ZNz@#mRe$dr(IbMczl&G}0DsKPN#l%jN#)FE#-+gz1bU9c) zoEvhQuC>rTl;`TGx~Pd${6v2V*4u1RZ&B2Ps~aYr%aaof=~TCU6{AF%Bv!qGdHkeE z^@T~#XAg~)&z_`_uzsR=4mAhh)jdCuK;zZw@R|Q*ZdL%6YL|W>4Q!wnB1(M8R#G2* zx|k1>GQJv94jtnb;JFp?A+^|7nM1KY-cS;7X3E?Jb19>jtQ-Ak-T|BJVdL%iU1947 zF`M=K)k#FH)ua8&wGe2#$Z==XuoRpw6V~yWpR|-`7(P> zDD`T9tY9laCEy+t8F^Ai>Y+8xhTbG;Y>V%KAW;G3KkBLR}A32msPvmh~Xb+?sWd>^`+ zyEv0k#@uK=YtI60%6^5z9}9`lWsR8FpiJUZ>QZYx=|sk|TVQUMTZI`?8mFH8MSK77 zJ>byDwqMO%Az`bsGR@DMx6yN3itg zd(4g$*ob!zdQmX^q#n1OWN=;P+nAx)J85?S^~S4VIQs1|OJTq1`hvGSV7w!jb_^!? zQg7*U4>8XdADHzUq-BUU*BK#Udy`bJ{#-}Qc!j}$Scm6p&$`~^cKB6y2&3uYKtUv1 z(hfn~Bw@8nLyInSxW2lkJ^g!RCtbt#8Tq)6t6~9$7*${(6YirPJt5V%aDhjId@lao z9p=6+mQ*6GH$=ZRzvxyl4|+|bIg}=cygOM~ZI77yBZkuO1}H&ciT4qm9#DVnZR$U8 z(*Y~DFar|**~Yz`kx&`+B_bb^##n^EO?iUYx3T_`hCli#%!bVquMsWu1%6sBbA|Py zat;p^knOdkqstH7<{f>vp;n*aa+ From 47efb4b6f2b074707583305de0e3d260ae7fc76f Mon Sep 17 00:00:00 2001 From: Sarah Gibson Date: Tue, 22 Oct 2019 15:06:12 +0100 Subject: [PATCH 17/66] Revert "Remove unnecessary keys from turing.yaml" This reverts commit b04b5effd73b1d8151694b443021cf5c606eb0f6. --- config/turing.yaml | 44 ++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 44 insertions(+) diff --git a/config/turing.yaml b/config/turing.yaml index 4b43cbae8..1a52b3673 100644 --- a/config/turing.yaml +++ b/config/turing.yaml @@ -138,9 +138,53 @@ nginx-ingress: scope: enabled: false + +static: + ingress: + annotations: + kubernetes.io/ingress.class: nginx + kubernetes.io/tls-acme: 'false' + hosts: + - static-turing.mybinder.org + tls: + - hosts: + - static-turing.mybinder.org + secretName: tls-crt-turing + +redirector: + redirects: + - type: host + # host: + # from: beta-binder.mybinder.ovh + # to: binder.mybinder.ovh + - type: host + host: + from: docs-turing.mybinder.org + to: mybinder.readthedocs.io + - type: host + host: + from: playground-turing.mybinder.org + to: play.nteract.io + +matomo: + enabled: false + db: + instanceName: binder-staging:us-central1:matomo + trustedHosts: + - staging-turing.mybinder.org + ingress: + hosts: + - staging-turing.mybinder.org + analyticsPublisher: enabled: false project: binder-turing events: sourceBucket: mybinder-staging-events-raw-export destinationBucket: mybinder-staging-events-archive + +gcsProxy: + enabled: false + buckets: + - name: mybinder-staging-events-archive + host: archive-analytics-staging-turing.mybinder.org From c876f7a77e2b4b7b3bf3dda2a88f6eecd1561c8f Mon Sep 17 00:00:00 2001 From: Sarah Gibson Date: Tue, 22 Oct 2019 15:07:22 +0100 Subject: [PATCH 18/66] Revert "Remove turing ingress yaml file" This reverts commit d36d083e3b3860e8e8b252c6571a5769722e4e6e. --- .../turing/turing_mybinder_org_ingress.yaml | 22 +++++++++++++++++++ 1 file changed, 22 insertions(+) create mode 100644 config/turing/turing_mybinder_org_ingress.yaml diff --git a/config/turing/turing_mybinder_org_ingress.yaml b/config/turing/turing_mybinder_org_ingress.yaml new file mode 100644 index 000000000..c0810fbbe --- /dev/null +++ b/config/turing/turing_mybinder_org_ingress.yaml @@ -0,0 +1,22 @@ +apiVersion: extensions/v1beta1 +kind: Ingress +metadata: + name: turing-mybinder-org + annotations: + kubernetes.io/tls-acme: "true" + kubernetes.io/ingress.class: "nginx" +spec: + rules: + # May need to be replaced with a dummy for testing + - host: turing.mybinder.org + http: + paths: + - path: / + backend: + serviceName: binder + servicePort: 8585 + tls: + - secretName: kubelego-tls-binder-turing + hosts: + # May need to be replaced with a dummy for testing + - "turing.mybinder.org" From ea9cf378e6eb72a58dc9095183d844120419720a Mon Sep 17 00:00:00 2001 From: Sarah Gibson Date: Mon, 25 Nov 2019 11:01:38 +0000 Subject: [PATCH 19/66] Update secrets/ban.py to match master branch I had a merge conflict on my federation pull request that was difficult to resolve because VSCode couldn't render the diff, I assume because of the encryption. So what I'm doing in this commit is copying the file from git pull master and pasting it into the file on my branch and hoping that resolves the conflict. --- secrets/ban.py | Bin 2102 -> 2027 bytes 1 file changed, 0 insertions(+), 0 deletions(-) diff --git a/secrets/ban.py b/secrets/ban.py index 02962c0fc66154b7830ddec09876fbeea4208aca..60a76a78ac412c8d8a3e3b4b36b6b944b1b80efa 100755 GIT binary patch literal 2027 zcmVpfQX8uc;(LpWiN|(+{*NKeVzhD3OiyQsEci9WyM-|A%B~@n?psG-8koy5Wgo2h zHcK(mipMCq78jY_JN9?n*s5OQ4fU4=Wxsw*H6T>-NZ-b02|4QQo1}(6Gdc^ho`LJ! zXY9C`F{U4J*e(<^#@nZM(<2rwHxEC=*1dU5A70zF5M95K>Scu>Hs)T7X}msg!F;`g zJYE&E<^cYffgf56Di|5XE}%ab$MPVfWSW&7SLO5#mu^ICAI1*YF7&uD>Y_w?QH!S3 zJ4N|ud-6`mE_BrnV0wr6nS>)!5WHXTxrElEP^%k_3-ks=jv9{1ub#_2Ch{p`m2Es<`R+b9J9pwE$VCyIUJ$8^xvhh?aX2H7^E^BVk zsvDq79F6Oe+#Q%(2BzybjZZ?-F}Z^k;DDvK zHM1-K6N98fcJBK79%{nbqm!>~Q!Pq@kOQOwzJ7SW0h% zdwQ8PRS~5It*D1Fbd-W^F??z5Zr%IYG#FOC<4o5Lr5aaSMp2`8TpPP5zU!<}$9IKQ*NtfG$!yBr{XQF)17C?%>X8|oKdZY+&vdsNhu|+o zAR)-o5efROV~(^hf_%j7UP!>ykBzil^dKqIUJIFFF7^_of~UVAceNm>+ZsZ{#j>Oe zG{33^nFRplA`=ey+IIAc@vDx+&q6Pce`;}{ zsIPy#($m*l=S^XgCf>;)8@@NUVLfe+q7v+1+HHwccHdnu3T+CDVhXSmm@^(f=yJOT zM;6|rC6>8&Qs-&Ofn42$^I$@d_uaNPN4QU)(wNd04++qQZFV%{59Z1?!oJBY?(r4; zhz!vZn$rS2taY!SB6@(G9^tnOSqHBuis_*s=e&MG_{gS|*v5dyti7%#mpJ~x3@uS2XsgRx3;)XvS{M&ug zx`xP5@h&WU>RsWXVXiGb1*BmnIwK>?p;W1oOYRvZ{BnM{Cq8zxwLsaIFu2!Gloouk>EVfiCb2F$o3&N4{o0`c^!s~grz-wf{ z`7wyY>}qHm+OM&A`!xn~*1^qu>pv)Yl()w3xW*q2CY{R~{v^l&Gef9QHRbV8egnJr z*DRR7C|>vONEx!~I@Ac#B;8d5D7kHo9~P?VPXdVHTlJ7`mC2z$I539sJ>PsSZ6zb) JX4uX}U51B^2e$wK literal 2102 zcmV-62+8*VM@dveQdv+`01REX`-o{3q&J_Z{chji)D&WHG`4YI1asi;!#hm_=iFLd zs(2U3uPn;fm!eV6dqmhqIK56^lMM5PY3y$X18vy*<$~su$fRk+cSi%%;EW=`2u_*T zg0NKEyo0FWa1M|F5)9~h{?xDpo`h^7?5%5PCK*|Z_!#0NNF@f~UqB518tc-K&d^Um zZQ_H-8D@>We$Z)o@9q3*g2YzR25zv4&fX0k*XHuagUy<1XQWl8J&1naym0F!^UN1n zK~Dc9AvIRbLFhaSVnXvk!uen*GirA3OZ+1e+-3ZO>_P1avd4z>E2(6 z#$sK~zsDb<&pbC4W`Ic)iH12_nc@h5DU4^X%Zj8L>~nG8G|_ICm9{HaC5j?guSe8q z8~_yh++Mc-;J}8x{tBooB4G0+u*u*e=857brkvB3gxZD83 ziU1Xmxu=g;GgKP*b42-q7(dXiZLW#YTyFMXvjh7K%&{7<0BW=>N(j=hk0mx`nZE2h z{FDJ5G_K!`h?P8*Y@4^`S7TZapmrFuJ!BL!I*!T|MV%WiFSZiOU)*}g9L%G+TLmW zE&{Rr{Wd%eWXX2$jP6^$vy~a=+6+(if(oerb&n&>r81t+PFGvbLc~WzS3IWH8~{9- zk1$(3H3rn}6Qt35N?`y>9WDtu0Iw*)rcmJjouzkBUj;69H z4KM{b@tY=X8D$60$v@~19@CTSa*r{g8hA17!ryX;JZ)X?&BC|BIy!K*3++sY!=S_X z)aq*Ws@iwYk@0DB5!M_yxE9PN>q*>An(EgLG?*%cA)M^kPiot1Ba+|n%{0NYyILys zio`WUbWHj+wtQ-G?CzNUcfzlxH0vmplg_^5H`ikAKaa_Y-TUvw1thv(5b56$cimv5 z-#eH-yv85Hdr$hJ9TN~>o@v6yKerHUz_Ov=#Vd7C(TDJ)ND#R&U>z=yTq{`e{!f8l zRdN^?;ME3HCM(%_GQ#@q{1!wbS^U-k3nmb9$41fX;cTt6Y}mhoWe|5=+$)t0jB&!p+jllj4g|L|)p@{Mzz zvcJs0$}ho;$^sj~My#M@USELb26!6@gDwgqC#ztJUYb~gciL6~bW%&819}$*h=PyP zF(@UMS^RrWf=xy*nFa1jcWJNHd~KiK_1o2%IV~zTC2#uo7SjCWF-m|N>|jm0a2{r) z>g^Yi{Y`6&_T36xjabT+F3OyW#yFvqgS{4&9k^|t4g@sEYRPcZ20y1(t;QG{w*p($ zoKajjHQPGOqdrOZp6lWIjA}r{GTFA;-wqLzwYrSZqiSm{9SjkCmku0OFdQ(&pS(>% zys|zyP!@BT-2c)Ta@ICRW>E>b^;dt&q89WeFPucQUdba^%xQk;s>GeVle9*Vv8tEk- z3NcH%l2guaZ%iV#Ke~XSUdo-i@uW%Ng_iI++!Uz1hXe3n2&ch0>f%}BvLOy?TYZxK zfInD~l;b!NG1*Rh*LrVd+01c(PyQY8`y{{&(W-M?DoVvfGN!KbKKpsP7EgZhp*m+S z(DaH?2rv?TauZ>_iD<0JKL_QFa@>n#0x_f$NvBY~T=Uh5AJI14@QR<$#5NJA&3aM3 zq*YVb2O=jCu#NIZt1*PhhAx0qv(;9qQE{HMEFuitq8Eqv?Q|f>)(sUV>2G~vHzA}K zwVJp)`1hSX_dW$uPO-j_g}RV1#jA3#cF#^q$rjhLH0QL8`&;SY-z&WhBlCA38@su| zGwLzmT1!+qSdMt{GRS}dvOwXI@DL+V;~A+<$AVBT29+DDhylbvIg56&W5L&6VbeGN!fyOOZb-tRz*r~W z_U-W*Sk2VFQbP9F-W(Q;`Pgr}l9xSd?t&Zb3YEfE-q4o(tMRq@!E5Sv^iO*wRzkDL zrZ2}*evsuSyxZc&yp~k{U+*OBps>VMSu*0drz1T)Y<+LJZ3U~NG4MN4WiHM}^5}D#TzY=yJEbP#2dZK1BCOI$!}z)Uq;R ziTO*EN7M3}q^Q(%_0iS_PpVfc$y@v2p=r1V4Igat6`Ma%&ba4&lcToh%~1p@7!bB+ z$ehqjSmG3R>BaTE7tZ3h(8139cnCFs8U-r4B^2qhp`Y!6y}lF7VX!8#+R??6-eY*> z%3WM16$XU2e67+_=TH>6_y}>~;(h5g7aW9Rl(Aja6otb!e57oyGuWF@F`{qM&&+T* z`(^cZ?TpNJ`0GBfV5eMjSC%!O@AHOSap;q)fh*o|jd3L1A~pcM(I&;3f%@t=df g!2Y9rsDu3z23x@0HwC`gj%u^88AjN4O|cuUh@1^0_5c6? From 2f9eac5f6ac4d7a1863063220b2b74ee0f857850 Mon Sep 17 00:00:00 2001 From: Sarah Gibson Date: Mon, 25 Nov 2019 11:06:12 +0000 Subject: [PATCH 20/66] Remove vscode from .gitignore --- .gitignore | 2 -- 1 file changed, 2 deletions(-) diff --git a/.gitignore b/.gitignore index d71590d86..fe9276ec6 100644 --- a/.gitignore +++ b/.gitignore @@ -13,5 +13,3 @@ mybinder/requirements.lock docs/_build travis/crypt-key env - -.vscode From 0e52984e4dc67a3127d5f247c5c4d7b1db86950a Mon Sep 17 00:00:00 2001 From: Sarah Gibson Date: Mon, 25 Nov 2019 11:42:19 +0000 Subject: [PATCH 21/66] Updating secrets/ban.py for turing cluster Turing cluster uses coredns, not kube-dns. Added if statement to catch this difference when updating network bans. --- secrets/ban.py | Bin 2027 -> 2204 bytes 1 file changed, 0 insertions(+), 0 deletions(-) diff --git a/secrets/ban.py b/secrets/ban.py index 60a76a78ac412c8d8a3e3b4b36b6b944b1b80efa..6b003283539c39963fb55bf10253f90fc9750ac6 100755 GIT binary patch literal 2204 zcmV;N2xIpEM@dveQdv+`0EJ?8AHY1*?gX-QE+uBy!Oj8A;9c}zPwN-I_ElXb5V8Re zFOyIP&T?ro8)@SvYzI6>dnfMZgMD40vQ@n3a2 z7E^nDPF-BU z0Cr+rq9=6ngRJpWNb7(;wuepghM=z21Jhta2Y{8_g%Az&<1+rQ0Y>u}6HvFw%$}y{ zfJrdB^O}ypnJ z8mW_mGl1z+ZOrH<)6T;q6<%)z#Ce2wVBtt3ED}N6TlQ%|$m}4{(!aveE1_K6KdHIx zi8w0DfN8Y2XPjp@c&)qoySP!vAK*vtG+V!LAwB*Q7`|&UZ6q8K7DBTh?aqDp)g9v( zNucY!4H2dmMM0wVSQPaGH!YTYsGPM0TP|$}>{GoiqD8xl8U~JcrBV+68bmw5msA6X+LJ^wR0i2QyZ7pPG zb#!o49ahKd*p_m_sdF!CMC9X9pdCrWsGyZZ7^kWk&fLI+$-VJn%5YVj6{4dPnM)1# z&GnM;4L4vt47g33HYS^7_8+hX6W+EDtjT${(8^>sE4b?qp}~4C_>-oSu<^XAaZo+z zz>Ih1!^tWK87X5CNTN#*^fW z;(FXO-2H|tdD<)e5to=^NKWr;7A){GXKBqeh9pFbz)z2O`WQMRGQ&Ujr#Vi z?$)uSD{Sz?MM6Q1f=n21kAFNUz}R2?g!t(pHs$vdu4E zMl!beE755xfd{!~C^4^Ys)`YqNWZBx3d=!aoUf&))ud$WL*1?Ango}ANGPYcdiT8y zCVNE!XFsHMh;V@TX#m@)tOgJf^lR)_5Q?bU!$H%+ZdYsbz3Z-D)$|A4o95E3?!l@z{%8-|p|s6TsqvMowW)vK>UtzTQTHm@D|XvgizQ=>!oEUSEUncY+K z=7Cw`qk*7pw24J#JdNCt(`E>6*R?avK_LGIKCt?iC$V6Dw_IHD0flMLr+L82_|5*% zjRos|X@X$C?T|jI?VnXm^}YIZ?7Bx;r3f>9f1iqdmdjh3lBii#6deHqE;;t+LTN`K zZ`()sxtK+t!EBk)f%=#JHYB&*jxp<%FGF*H zw1&=~6&pTeNklVN=7ogMt{uQG_`a$JjVxRtJcHZ65H$*_K#)q&O(vOaDl}IfGu-*KOnJX?KZ`!Q-D`)H*qJggR?-muD!2M@|P#>^St1-T~{(xz0z+gn;5wm z)dN8umDEdUWf*?TLM9FnQ5|bQU7J1K2a$>x(EV` z1XE>j#bpH?RiUAZzu?YrDxGae>BIk?ojj4d3I|kxz|+)2FpPpzyV9AS%_OoEmaP^< zkpJ(70nkdoAE?vC1tJkY=b?J@rtid?#j-@d?&Pp`XK|RB#SLF`9zWSYaLQo4F36`R zE6gI%WQ`r&;kO-k-sy86aF4C|{&8U*QqYBZHnxBT^2)VhS?{j2x6Hk?vVl)(;SMoI zgi-vM6)PBCl&d3^+EQUbI2s)eG&i~CrHt5)RB3`kqOQ;WY(sT){$7Zefxv5oVWu0A zBMjE>^?*$r_X|%K+^Zi4iVpK@%qRyX}!jm{D9iWR4~3GB<9c2g44OudN6KW zY+IAcl0Xicz`Iz!HOx(bE@A}^b7|((K1!@Q&vf;nAcA*hOXC1~DbSt#$1aS`D}B6~ z&*O3L(0qgxt_s!_9VPo=aLh&4IlM`B9<%GnU<@){(`t>&`Iv9nj;}0ZZz5@)x{WQx!S2D91fK-jUZ}OX5Ag_w=*LDC&$TLed^se3G5Fr zvBOOJ<2T5nqT@A$X(6)NR0Wddy7x^Ugc#D&k^8r{OiO9#&U^SK3|#`43+&zY?+3)& zMzj)u0VmbD8h#j!sC<8F;?gY9mihcf@Eb&J-@^u!-F)FxRao>G)b%U1L^ ej+w?IkW?idKUi)0cdJ?*^DK~vEL4)gvWE(UFHpfQX8uc;(LpWiN|(+{*NKeVzhD3OiyQsEci9WyM-|A%B~@n?psG-8koy5Wgo2h zHcK(mipMCq78jY_JN9?n*s5OQ4fU4=Wxsw*H6T>-NZ-b02|4QQo1}(6Gdc^ho`LJ! zXY9C`F{U4J*e(<^#@nZM(<2rwHxEC=*1dU5A70zF5M95K>Scu>Hs)T7X}msg!F;`g zJYE&E<^cYffgf56Di|5XE}%ab$MPVfWSW&7SLO5#mu^ICAI1*YF7&uD>Y_w?QH!S3 zJ4N|ud-6`mE_BrnV0wr6nS>)!5WHXTxrElEP^%k_3-ks=jv9{1ub#_2Ch{p`m2Es<`R+b9J9pwE$VCyIUJ$8^xvhh?aX2H7^E^BVk zsvDq79F6Oe+#Q%(2BzybjZZ?-F}Z^k;DDvK zHM1-K6N98fcJBK79%{nbqm!>~Q!Pq@kOQOwzJ7SW0h% zdwQ8PRS~5It*D1Fbd-W^F??z5Zr%IYG#FOC<4o5Lr5aaSMp2`8TpPP5zU!<}$9IKQ*NtfG$!yBr{XQF)17C?%>X8|oKdZY+&vdsNhu|+o zAR)-o5efROV~(^hf_%j7UP!>ykBzil^dKqIUJIFFF7^_of~UVAceNm>+ZsZ{#j>Oe zG{33^nFRplA`=ey+IIAc@vDx+&q6Pce`;}{ zsIPy#($m*l=S^XgCf>;)8@@NUVLfe+q7v+1+HHwccHdnu3T+CDVhXSmm@^(f=yJOT zM;6|rC6>8&Qs-&Ofn42$^I$@d_uaNPN4QU)(wNd04++qQZFV%{59Z1?!oJBY?(r4; zhz!vZn$rS2taY!SB6@(G9^tnOSqHBuis_*s=e&MG_{gS|*v5dyti7%#mpJ~x3@uS2XsgRx3;)XvS{M&ug zx`xP5@h&WU>RsWXVXiGb1*BmnIwK>?p;W1oOYRvZ{BnM{Cq8zxwLsaIFu2!Gloouk>EVfiCb2F$o3&N4{o0`c^!s~grz-wf{ z`7wyY>}qHm+OM&A`!xn~*1^qu>pv)Yl()w3xW*q2CY{R~{v^l&Gef9QHRbV8egnJr z*DRR7C|>vONEx!~I@Ac#B;8d5D7kHo9~P?VPXdVHTlJ7`mC2z$I539sJ>PsSZ6zb) JX4uX}U51B^2e$wK From b31a8bd6c15dc176e4bd52667a0931bb5c8c5a1e Mon Sep 17 00:00:00 2001 From: Sarah Gibson Date: Mon, 25 Nov 2019 13:06:24 +0000 Subject: [PATCH 22/66] Update turing config --- config/turing.yaml | 27 ++++++++++++++------------- 1 file changed, 14 insertions(+), 13 deletions(-) diff --git a/config/turing.yaml b/config/turing.yaml index 1a52b3673..35e26f4ef 100644 --- a/config/turing.yaml +++ b/config/turing.yaml @@ -37,6 +37,7 @@ binderhub: ingress: hosts: + - binder.turing.10.0.0.1.xip.io - turing.10.0.0.1.xip.io jupyterhub: @@ -105,7 +106,7 @@ grafana: tls: - hosts: - grafana-turing.10.0.0.1.xip.io - secretName: tls-crt-turing + secretName: tls-crt datasources: datasources.yaml: apiVersion: 1 @@ -129,7 +130,7 @@ prometheus: tls: - hosts: - prometheus-turing.10.0.0.1.xip.io - secretName: tls-crt-turing + secretName: tls-crt nginx-ingress: controller: @@ -145,25 +146,25 @@ static: kubernetes.io/ingress.class: nginx kubernetes.io/tls-acme: 'false' hosts: - - static-turing.mybinder.org + - static-turing.10.0.0.1.xip.io tls: - hosts: - - static-turing.mybinder.org - secretName: tls-crt-turing + - static-turing.10.0.0.1.xip.io + secretName: tls-crt redirector: redirects: - type: host - # host: - # from: beta-binder.mybinder.ovh - # to: binder.mybinder.ovh + host: + from: beta-binder.turing.10.0.0.1.xip.io + to: turing.10.0.0.1.xip.io - type: host host: - from: docs-turing.mybinder.org + from: docs-mybinder.turing.10.0.0.1.xip.io to: mybinder.readthedocs.io - type: host host: - from: playground-turing.mybinder.org + from: playground-turing.10.0.0.1.xip.io to: play.nteract.io matomo: @@ -171,10 +172,10 @@ matomo: db: instanceName: binder-staging:us-central1:matomo trustedHosts: - - staging-turing.mybinder.org + - staging-mybinder.turing.10.0.0.1.xip.io ingress: hosts: - - staging-turing.mybinder.org + - staging-mybinder.turing.10.0.0.1.xip.io analyticsPublisher: enabled: false @@ -187,4 +188,4 @@ gcsProxy: enabled: false buckets: - name: mybinder-staging-events-archive - host: archive-analytics-staging-turing.mybinder.org + host: archive-analytics-staging-mybinder.turing.10.0.0.1.xip.io From d6271239ece4bdb0182ac621485d4e853fb31ad5 Mon Sep 17 00:00:00 2001 From: Sarah Gibson Date: Tue, 26 Nov 2019 10:52:34 +0000 Subject: [PATCH 23/66] Add empty serviceAccountField for matomo --- config/turing.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/config/turing.yaml b/config/turing.yaml index 35e26f4ef..e8b75b398 100644 --- a/config/turing.yaml +++ b/config/turing.yaml @@ -171,6 +171,7 @@ matomo: enabled: false db: instanceName: binder-staging:us-central1:matomo + serviceAccountKey: "" trustedHosts: - staging-mybinder.turing.10.0.0.1.xip.io ingress: From c201d2f8888e51a08a9c5e494e66b0e24f550c21 Mon Sep 17 00:00:00 2001 From: Sarah Gibson Date: Tue, 26 Nov 2019 10:52:57 +0000 Subject: [PATCH 24/66] Add missing arg to func in deploy.py --- deploy.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/deploy.py b/deploy.py index fad2c3ebe..321e54bf3 100755 --- a/deploy.py +++ b/deploy.py @@ -226,7 +226,7 @@ def main(): if args.cluster == 'turing': deploy(args.release, "turing") else: - deploy(args.release) + deploy(args.release, args.cluster) if __name__ == '__main__': From 0c6ecdf3ea1dc7857f36c4ed2ad0ee2cc08503dd Mon Sep 17 00:00:00 2001 From: Sarah Gibson Date: Tue, 26 Nov 2019 15:15:20 +0000 Subject: [PATCH 25/66] Remove events-archiver-secrets volume mount --- config/turing.yaml | 4 ---- 1 file changed, 4 deletions(-) diff --git a/config/turing.yaml b/config/turing.yaml index e8b75b398..a9efd017b 100644 --- a/config/turing.yaml +++ b/config/turing.yaml @@ -23,10 +23,6 @@ binderhub: cpu: "2" memory: 1Gi - extraVolumes: - - name: secrets - secret: - secretName: events-archiver-secrets extraVolumeMounts: - name: secrets mountPath: /secrets From ae5fc8077c92b048ffdb99a70f169e493578d0fc Mon Sep 17 00:00:00 2001 From: Sarah Gibson Date: Tue, 26 Nov 2019 15:27:48 +0000 Subject: [PATCH 26/66] Remove turing ingress yaml --- .../turing/turing_mybinder_org_ingress.yaml | 22 ------------------- 1 file changed, 22 deletions(-) delete mode 100644 config/turing/turing_mybinder_org_ingress.yaml diff --git a/config/turing/turing_mybinder_org_ingress.yaml b/config/turing/turing_mybinder_org_ingress.yaml deleted file mode 100644 index c0810fbbe..000000000 --- a/config/turing/turing_mybinder_org_ingress.yaml +++ /dev/null @@ -1,22 +0,0 @@ -apiVersion: extensions/v1beta1 -kind: Ingress -metadata: - name: turing-mybinder-org - annotations: - kubernetes.io/tls-acme: "true" - kubernetes.io/ingress.class: "nginx" -spec: - rules: - # May need to be replaced with a dummy for testing - - host: turing.mybinder.org - http: - paths: - - path: / - backend: - serviceName: binder - servicePort: 8585 - tls: - - secretName: kubelego-tls-binder-turing - hosts: - # May need to be replaced with a dummy for testing - - "turing.mybinder.org" From be56858b9d0650b1ceae988e40b55e1f9b5ecbb2 Mon Sep 17 00:00:00 2001 From: Sarah Gibson Date: Tue, 26 Nov 2019 15:27:59 +0000 Subject: [PATCH 27/66] Revert "Remove events-archiver-secrets volume mount" This reverts commit 0c6ecdf3ea1dc7857f36c4ed2ad0ee2cc08503dd. --- config/turing.yaml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/config/turing.yaml b/config/turing.yaml index a9efd017b..e8b75b398 100644 --- a/config/turing.yaml +++ b/config/turing.yaml @@ -23,6 +23,10 @@ binderhub: cpu: "2" memory: 1Gi + extraVolumes: + - name: secrets + secret: + secretName: events-archiver-secrets extraVolumeMounts: - name: secrets mountPath: /secrets From 5c6fdc7063f6e57b1b8c422d4eebf3a9a2feb3d0 Mon Sep 17 00:00:00 2001 From: Tim Head Date: Fri, 29 Nov 2019 07:56:52 +0100 Subject: [PATCH 28/66] Tweaking Turing --- .travis.yml | 1 + config/turing.yaml | 58 +++++++++++++++++--------------------- deploy.py | 2 ++ mybinder/requirements.yaml | 7 +++++ mybinder/values.yaml | 3 ++ 5 files changed, 39 insertions(+), 32 deletions(-) diff --git a/.travis.yml b/.travis.yml index 5a6d82533..219983bbf 100644 --- a/.travis.yml +++ b/.travis.yml @@ -62,6 +62,7 @@ before_deploy: # Stage 2, Step 2: Set up helm! helm init --client-only helm repo add jupyterhub https://jupyterhub.github.io/helm-chart + helm repo add jetstack https://charts.jetstack.io helm repo update (cd mybinder && helm dep up) - | diff --git a/config/turing.yaml b/config/turing.yaml index e8b75b398..cd024516f 100644 --- a/config/turing.yaml +++ b/config/turing.yaml @@ -1,10 +1,16 @@ projectName: turing +tags: + kubelego: false + certmanager: true + binderhub: + extraConfig: + 01-eventlog: "" config: BinderHub: pod_quota: 120 - hub_url: http://hub.turing.10.0.0.1.xip.io + hub_url: http://hub.turing.wtte.ch badge_base_url: https://mybinder.org image_prefix: turingmybinderregistry.azurecr.io/binder-prod/binder-prod- sticky_builds: true @@ -23,22 +29,12 @@ binderhub: cpu: "2" memory: 1Gi - extraVolumes: - - name: secrets - secret: - secretName: events-archiver-secrets - extraVolumeMounts: - - name: secrets - mountPath: /secrets - readOnly: true - extraEnv: - - name: GOOGLE_APPLICATION_CREDENTIALS - value: /secrets/service-account.json - ingress: hosts: - - binder.turing.10.0.0.1.xip.io - - turing.10.0.0.1.xip.io + - binder.turing.wtte.ch + annotations: + kubernetes.io/ingress.class: nginx + cert-manager.io/cluster-issuer: letsencrypt-prod jupyterhub: hub: @@ -57,8 +53,6 @@ binderhub: guarantee: 0.01 limit: 1 proxy: - https: - type: offload chp: resources: requests: @@ -79,13 +73,13 @@ binderhub: ingress: annotations: kubernetes.io/ingress.class: nginx - kubernetes.io/tls-acme: 'false' + cert-manager.io/cluster-issuer: letsencrypt-prod hosts: - - hub.turing.10.0.0.1.xip.io + - hub.turing.wtte.ch tls: - secretName: tls-crt hosts: - - hub.turing.10.0.0.1.xip.io + - hub.turing.wtte.ch scheduling: userScheduler: @@ -100,13 +94,14 @@ grafana: ingress: annotations: kubernetes.io/ingress.class: nginx - kubernetes.io/tls-acme: 'false' + kubernetes.io/tls-acme: 'true' hosts: - - grafana-turing.10.0.0.1.xip.io + - grafana.turing.wtte.ch tls: - - hosts: - - grafana-turing.10.0.0.1.xip.io - secretName: tls-crt + - secretName: tls-crt + hosts: + - grafana.turing.wtte.ch + datasources: datasources.yaml: apiVersion: 1 @@ -114,7 +109,7 @@ grafana: - name: prometheus orgId: 1 type: prometheus - url: https://prometheus-turing.10.0.0.1.xip.io + url: https://prometheus.turing.wtte.ch access: direct isDefault: true editable: false @@ -126,18 +121,17 @@ prometheus: kubernetes.io/ingress.class: nginx kubernetes.io/tls-acme: 'false' hosts: - - prometheus-turing.10.0.0.1.xip.io + - prometheus.turing.wtte.ch tls: - hosts: - - prometheus-turing.10.0.0.1.xip.io + - prometheus.turing.wtte.ch secretName: tls-crt + nginx-ingress: controller: - hostNetwork: true - replicaCount: 1 - scope: - enabled: false + service: + loadBalancerIP: 51.105.186.97 static: diff --git a/deploy.py b/deploy.py index 321e54bf3..c958dea59 100755 --- a/deploy.py +++ b/deploy.py @@ -13,10 +13,12 @@ HERE = os.path.dirname(__file__) ABSOLUTE_HERE = os.path.dirname(os.path.realpath(__file__)) + def setup_auth_turing(cluster): """ Set up athentication with Turing k8s cluster on Azure. """ + return # Read in auth info azure_file = os.path.join(ABSOLUTE_HERE, "secrets", "turing-auth-key-prod.json") with open(azure_file, "r") as stream: diff --git a/mybinder/requirements.yaml b/mybinder/requirements.yaml index b362db485..29e8e96e5 100644 --- a/mybinder/requirements.yaml +++ b/mybinder/requirements.yaml @@ -11,6 +11,13 @@ dependencies: - name: kube-lego version: 0.4.2 repository: https://kubernetes-charts.storage.googleapis.com + tags: + - kubelego + - name: cert-manager + version: v0.12.0-beta.1 + repository: https://charts.jetstack.io + tagsg: + - certmanager - name: binderhub version: 0.1.0-456.7e32ac0 repository: https://jupyterhub.github.io/helm-chart diff --git a/mybinder/values.yaml b/mybinder/values.yaml index 3248de1ca..844bbc08e 100644 --- a/mybinder/values.yaml +++ b/mybinder/values.yaml @@ -1,3 +1,6 @@ +tags: + kubelego: true + etcJupyter: jupyter_notebook_config.json: NotebookApp: From ca690ef3b2dae5ecb801ec9e5c597c1023472386 Mon Sep 17 00:00:00 2001 From: Tim Head Date: Fri, 29 Nov 2019 11:47:24 +0100 Subject: [PATCH 29/66] Update mybinder/requirements.yaml Co-Authored-By: Sarah Gibson <44771837+sgibson91@users.noreply.github.com> --- mybinder/requirements.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/mybinder/requirements.yaml b/mybinder/requirements.yaml index 29e8e96e5..6214e085f 100644 --- a/mybinder/requirements.yaml +++ b/mybinder/requirements.yaml @@ -16,7 +16,7 @@ dependencies: - name: cert-manager version: v0.12.0-beta.1 repository: https://charts.jetstack.io - tagsg: + tags: - certmanager - name: binderhub version: 0.1.0-456.7e32ac0 From 7f364111ee349ddcfc710fe56ea772f4788ff519 Mon Sep 17 00:00:00 2001 From: Sarah Gibson Date: Mon, 2 Dec 2019 10:38:23 +0000 Subject: [PATCH 30/66] Remove temp return line --- deploy.py | 1 - 1 file changed, 1 deletion(-) diff --git a/deploy.py b/deploy.py index c958dea59..16044bb53 100755 --- a/deploy.py +++ b/deploy.py @@ -18,7 +18,6 @@ def setup_auth_turing(cluster): """ Set up athentication with Turing k8s cluster on Azure. """ - return # Read in auth info azure_file = os.path.join(ABSOLUTE_HERE, "secrets", "turing-auth-key-prod.json") with open(azure_file, "r") as stream: From daa9e1d09010deb7475d1448a714ca050ef51358 Mon Sep 17 00:00:00 2001 From: Sarah Gibson Date: Tue, 3 Dec 2019 15:36:15 +0000 Subject: [PATCH 31/66] Reduce turing pod quota --- config/turing.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/config/turing.yaml b/config/turing.yaml index cd024516f..ba77d32dc 100644 --- a/config/turing.yaml +++ b/config/turing.yaml @@ -9,7 +9,7 @@ binderhub: 01-eventlog: "" config: BinderHub: - pod_quota: 120 + pod_quota: 20 hub_url: http://hub.turing.wtte.ch badge_base_url: https://mybinder.org image_prefix: turingmybinderregistry.azurecr.io/binder-prod/binder-prod- From e5849206f44618d32929bf2c294b3a5109c1619a Mon Sep 17 00:00:00 2001 From: Sarah Gibson Date: Fri, 6 Dec 2019 13:50:28 +0000 Subject: [PATCH 32/66] Change turing domain name --- config/turing.yaml | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/config/turing.yaml b/config/turing.yaml index ba77d32dc..f8b5061e0 100644 --- a/config/turing.yaml +++ b/config/turing.yaml @@ -10,7 +10,7 @@ binderhub: config: BinderHub: pod_quota: 20 - hub_url: http://hub.turing.wtte.ch + hub_url: http://testhub.hub23.turing.ac.uk badge_base_url: https://mybinder.org image_prefix: turingmybinderregistry.azurecr.io/binder-prod/binder-prod- sticky_builds: true @@ -31,7 +31,7 @@ binderhub: ingress: hosts: - - binder.turing.wtte.ch + - testbinder.hub23.turing.ac.uk annotations: kubernetes.io/ingress.class: nginx cert-manager.io/cluster-issuer: letsencrypt-prod @@ -75,11 +75,11 @@ binderhub: kubernetes.io/ingress.class: nginx cert-manager.io/cluster-issuer: letsencrypt-prod hosts: - - hub.turing.wtte.ch + - testhub.hub23.turing.ac.uk tls: - secretName: tls-crt hosts: - - hub.turing.wtte.ch + - testhub.hub23.turing.ac.uk scheduling: userScheduler: @@ -96,11 +96,11 @@ grafana: kubernetes.io/ingress.class: nginx kubernetes.io/tls-acme: 'true' hosts: - - grafana.turing.wtte.ch + - grafana.hub23.turing.ac.uk tls: - secretName: tls-crt hosts: - - grafana.turing.wtte.ch + - grafana.hub23.turing.ac.uk datasources: datasources.yaml: @@ -109,7 +109,7 @@ grafana: - name: prometheus orgId: 1 type: prometheus - url: https://prometheus.turing.wtte.ch + url: https://prometheus.hub23.turing.ac.uk access: direct isDefault: true editable: false @@ -121,10 +121,10 @@ prometheus: kubernetes.io/ingress.class: nginx kubernetes.io/tls-acme: 'false' hosts: - - prometheus.turing.wtte.ch + - prometheus.hub23.turing.ac.uk tls: - hosts: - - prometheus.turing.wtte.ch + - prometheus.hub23.turing.ac.uk secretName: tls-crt From fcca53de77800740a0414cd1a795cd7a10a7a213 Mon Sep 17 00:00:00 2001 From: Sarah Gibson Date: Fri, 6 Dec 2019 13:54:23 +0000 Subject: [PATCH 33/66] Add certmanager cluster issuer --- mybinder/templates/clusterissuer.yaml | 34 +++++++++++++++++++++++++++ 1 file changed, 34 insertions(+) create mode 100644 mybinder/templates/clusterissuer.yaml diff --git a/mybinder/templates/clusterissuer.yaml b/mybinder/templates/clusterissuer.yaml new file mode 100644 index 000000000..fa94ddc19 --- /dev/null +++ b/mybinder/templates/clusterissuer.yaml @@ -0,0 +1,34 @@ +--- +apiVersion: certmanager.k8s.io/v1alpha1 +kind: ClusterIssuer +metadata: + name: prod + labels: + helm.sh/chart: {{ include "mybinder.chart" . }} + app.kubernetes.io/name: {{ include "mybinder.name" . }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} +spec: + acme: + server: https://acme-v02.api.letsencrypt.org/directory + email: {{ .Values.letsencrypt.contactEmail }} + privateKeySecretRef: + name: prod-acme-key + http01: {} +--- +apiVersion: certmanager.k8s.io/v1alpha1 +kind: ClusterIssuer +metadata: + name: staging + labels: + helm.sh/chart: {{ include "mybinder.chart" . }} + app.kubernetes.io/name: {{ include "mybinder.name" . }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} +spec: + acme: + server: https://acme-staging-v02.api.letsencrypt.org/directory + email: {{ .Values.letsencrypt.contactEmail }} + privateKeySecretRef: + name: staging-acme-key + http01: {} From a607a18b0212f9e571faef42eaba18bee3a8b2e0 Mon Sep 17 00:00:00 2001 From: Sarah Gibson Date: Fri, 6 Dec 2019 14:02:39 +0000 Subject: [PATCH 34/66] Add lets encrypt contact email to turing config --- config/turing.yaml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/config/turing.yaml b/config/turing.yaml index f8b5061e0..c201710b3 100644 --- a/config/turing.yaml +++ b/config/turing.yaml @@ -4,6 +4,9 @@ tags: kubelego: false certmanager: true +letsencrypt: + contactEmail: drsarahlgibson@gmail.com + binderhub: extraConfig: 01-eventlog: "" From 1af09a3ea90bc2065f6285caea43bc827e11b177 Mon Sep 17 00:00:00 2001 From: Sarah Gibson Date: Fri, 6 Dec 2019 14:25:20 +0000 Subject: [PATCH 35/66] Delete cluster issuer --- mybinder/templates/clusterissuer.yaml | 34 --------------------------- 1 file changed, 34 deletions(-) delete mode 100644 mybinder/templates/clusterissuer.yaml diff --git a/mybinder/templates/clusterissuer.yaml b/mybinder/templates/clusterissuer.yaml deleted file mode 100644 index fa94ddc19..000000000 --- a/mybinder/templates/clusterissuer.yaml +++ /dev/null @@ -1,34 +0,0 @@ ---- -apiVersion: certmanager.k8s.io/v1alpha1 -kind: ClusterIssuer -metadata: - name: prod - labels: - helm.sh/chart: {{ include "mybinder.chart" . }} - app.kubernetes.io/name: {{ include "mybinder.name" . }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/instance: {{ .Release.Name }} -spec: - acme: - server: https://acme-v02.api.letsencrypt.org/directory - email: {{ .Values.letsencrypt.contactEmail }} - privateKeySecretRef: - name: prod-acme-key - http01: {} ---- -apiVersion: certmanager.k8s.io/v1alpha1 -kind: ClusterIssuer -metadata: - name: staging - labels: - helm.sh/chart: {{ include "mybinder.chart" . }} - app.kubernetes.io/name: {{ include "mybinder.name" . }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/instance: {{ .Release.Name }} -spec: - acme: - server: https://acme-staging-v02.api.letsencrypt.org/directory - email: {{ .Values.letsencrypt.contactEmail }} - privateKeySecretRef: - name: staging-acme-key - http01: {} From f300d016e1a5c68ecbdba8f036edc2755102ff58 Mon Sep 17 00:00:00 2001 From: Sarah Gibson Date: Fri, 6 Dec 2019 14:29:40 +0000 Subject: [PATCH 36/66] Use letsencrypt-staging in turing config --- config/turing.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/config/turing.yaml b/config/turing.yaml index c201710b3..72ce2d204 100644 --- a/config/turing.yaml +++ b/config/turing.yaml @@ -37,7 +37,7 @@ binderhub: - testbinder.hub23.turing.ac.uk annotations: kubernetes.io/ingress.class: nginx - cert-manager.io/cluster-issuer: letsencrypt-prod + cert-manager.io/cluster-issuer: letsencrypt-staging jupyterhub: hub: From 02d07bfe95c7ca95cb60d8898f073a0a4c726014 Mon Sep 17 00:00:00 2001 From: Sarah Gibson Date: Fri, 6 Dec 2019 14:30:03 +0000 Subject: [PATCH 37/66] Add cert-manager cluster issuer file --- mybinder/cluster-issuer.yaml | 15 +++++++++++++++ 1 file changed, 15 insertions(+) create mode 100644 mybinder/cluster-issuer.yaml diff --git a/mybinder/cluster-issuer.yaml b/mybinder/cluster-issuer.yaml new file mode 100644 index 000000000..4dd54433f --- /dev/null +++ b/mybinder/cluster-issuer.yaml @@ -0,0 +1,15 @@ +apiVersion: cert-manager.io/v1alpha2 +kind: ClusterIssuer +metadata: + name: letsencrypt-staging + namespace: turing +spec: + acme: + server: https://acme-staging-v02.api.letsencrypt.org/directory + email: drsarahlgibson@gmail.com + privateKeySecretRef: + name: letsencrypt-staging + solvers: + - http01: + ingress: + class: nginx From 8bff176cf2e26b3faf959ca745b76f74d4189a95 Mon Sep 17 00:00:00 2001 From: Sarah Gibson Date: Fri, 6 Dec 2019 14:33:57 +0000 Subject: [PATCH 38/66] Configure certmanager --- config/turing.yaml | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/config/turing.yaml b/config/turing.yaml index 72ce2d204..e2cd07ff4 100644 --- a/config/turing.yaml +++ b/config/turing.yaml @@ -135,6 +135,8 @@ nginx-ingress: controller: service: loadBalancerIP: 51.105.186.97 + config: + proxy-body-size: 64m static: @@ -187,3 +189,9 @@ gcsProxy: buckets: - name: mybinder-staging-events-archive host: archive-analytics-staging-mybinder.turing.10.0.0.1.xip.io + +certmanager: + ingressShim: + defaultIssuerName: "staging" + defaultIssuerKind: "ClusterIssuer" + defaultACMEChallengeType: "http01" From ab79ae30c00449767cf682f3e5fe99012776f508 Mon Sep 17 00:00:00 2001 From: Sarah Gibson Date: Fri, 6 Dec 2019 14:40:03 +0000 Subject: [PATCH 39/66] Configure lets encrypt staging --- config/turing.yaml | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/config/turing.yaml b/config/turing.yaml index e2cd07ff4..28154f1d0 100644 --- a/config/turing.yaml +++ b/config/turing.yaml @@ -38,6 +38,11 @@ binderhub: annotations: kubernetes.io/ingress.class: nginx cert-manager.io/cluster-issuer: letsencrypt-staging + kubernetes.io/tls-acme: "true" + tls: + - secretName: tls-crt + hosts: + - testbinder.hub23.turing.ac.uk jupyterhub: hub: @@ -76,7 +81,8 @@ binderhub: ingress: annotations: kubernetes.io/ingress.class: nginx - cert-manager.io/cluster-issuer: letsencrypt-prod + cert-manager.io/cluster-issuer: letsencrypt-staging + kubernetes.io/tls-acme: "true" hosts: - testhub.hub23.turing.ac.uk tls: From 6ecab8ea92b103c9af25fa54ed76cd4ef3a2225d Mon Sep 17 00:00:00 2001 From: Sarah Gibson Date: Fri, 6 Dec 2019 14:43:54 +0000 Subject: [PATCH 40/66] Configure prod lets encrypt --- config/turing.yaml | 6 +++--- mybinder/cluster-issuer.yaml | 17 +++++++++++++++++ 2 files changed, 20 insertions(+), 3 deletions(-) diff --git a/config/turing.yaml b/config/turing.yaml index 28154f1d0..1101f9a45 100644 --- a/config/turing.yaml +++ b/config/turing.yaml @@ -37,7 +37,7 @@ binderhub: - testbinder.hub23.turing.ac.uk annotations: kubernetes.io/ingress.class: nginx - cert-manager.io/cluster-issuer: letsencrypt-staging + cert-manager.io/cluster-issuer: letsencrypt-prod kubernetes.io/tls-acme: "true" tls: - secretName: tls-crt @@ -81,7 +81,7 @@ binderhub: ingress: annotations: kubernetes.io/ingress.class: nginx - cert-manager.io/cluster-issuer: letsencrypt-staging + cert-manager.io/cluster-issuer: letsencrypt-prod kubernetes.io/tls-acme: "true" hosts: - testhub.hub23.turing.ac.uk @@ -198,6 +198,6 @@ gcsProxy: certmanager: ingressShim: - defaultIssuerName: "staging" + defaultIssuerName: "prod" defaultIssuerKind: "ClusterIssuer" defaultACMEChallengeType: "http01" diff --git a/mybinder/cluster-issuer.yaml b/mybinder/cluster-issuer.yaml index 4dd54433f..b9b0466ed 100644 --- a/mybinder/cluster-issuer.yaml +++ b/mybinder/cluster-issuer.yaml @@ -1,3 +1,4 @@ +--- apiVersion: cert-manager.io/v1alpha2 kind: ClusterIssuer metadata: @@ -13,3 +14,19 @@ spec: - http01: ingress: class: nginx +--- +apiVersion: cert-manager.io/v1alpha2 +kind: ClusterIssuer +metadata: + name: letsencrypt-prod + namespace: turing +spec: + acme: + server: https://acme-v02.api.letsencrypt.org/directory + email: drsarahlgibson@gmail.com + privateKeySecretRef: + name: letsencrypt-prod + solvers: + - http01: + ingress: + class: nginx From bc1d204cb8e41319d4f61f8a4be1222642cce902 Mon Sep 17 00:00:00 2001 From: Sarah Gibson Date: Fri, 6 Dec 2019 15:15:10 +0000 Subject: [PATCH 41/66] Include turing cluster in the federation --- config/staging.yaml | 3 ++- mybinder/values.yaml | 7 ++++++- 2 files changed, 8 insertions(+), 2 deletions(-) diff --git a/config/staging.yaml b/config/staging.yaml index 00930ee4c..eb01e5eca 100644 --- a/config/staging.yaml +++ b/config/staging.yaml @@ -122,5 +122,6 @@ federationRedirect: weight: 1 health: https://gke2.staging.mybinder.org/health versions: https://gke2.staging.mybinder.org/versions - # unset the gesis entry + # unset the gesis and turing entries gesis: null + turing: null diff --git a/mybinder/values.yaml b/mybinder/values.yaml index 844bbc08e..3a7570cf7 100644 --- a/mybinder/values.yaml +++ b/mybinder/values.yaml @@ -430,7 +430,7 @@ federationRedirect: hosts: gke: url: https://gke.mybinder.org - weight: 66 + weight: 65 health: https://gke.mybinder.org/health versions: https://gke.mybinder.org/versions prime: true @@ -444,3 +444,8 @@ federationRedirect: weight: 15 health: https://gesis.mybinder.org/health versions: https://gesis.mybinder.org/versions + turing: + url: https://testbinder.hub23.turing.ac.uk + weight: 1 + health: https://testbinder.hub23.turing.ac.uk/health + versions: https://testbinder.hub23.turing.ac.uk/versions From f93b9f083f83b0e370a5462e43098c142e4620cb Mon Sep 17 00:00:00 2001 From: Sarah Gibson Date: Fri, 6 Dec 2019 15:23:46 +0000 Subject: [PATCH 42/66] Neaten up deploy.py --- deploy.py | 12 ++++-------- 1 file changed, 4 insertions(+), 8 deletions(-) diff --git a/deploy.py b/deploy.py index 16044bb53..865a0ba05 100755 --- a/deploy.py +++ b/deploy.py @@ -145,14 +145,14 @@ def setup_helm(release): ]) -def deploy(release, cluster): +def deploy(release): """Deploy jupyterhub""" print(BOLD + GREEN + f"Updating network-bans for {release}" + NC, flush=True) - if cluster == "turing": + if release == "turing": subprocess.check_call([ "python3", "secrets/ban.py", - "turing", + release, ]) else: subprocess.check_call([ @@ -223,11 +223,7 @@ def main(): setup_auth_gcloud(args.release, args.cluster) setup_helm(args.release) - - if args.cluster == 'turing': - deploy(args.release, "turing") - else: - deploy(args.release, args.cluster) + deploy(args.release) if __name__ == '__main__': From e9d81ca76e07ec8e295f91ca817f6167c97c10b3 Mon Sep 17 00:00:00 2001 From: Sarah Gibson Date: Tue, 10 Dec 2019 10:12:35 +0000 Subject: [PATCH 43/66] Add ingress file for redirection to turing.mybinder.org --- .../turing/turing_mybinder_org_ingress.yaml | 20 +++++++++++++++++++ 1 file changed, 20 insertions(+) create mode 100644 config/turing/turing_mybinder_org_ingress.yaml diff --git a/config/turing/turing_mybinder_org_ingress.yaml b/config/turing/turing_mybinder_org_ingress.yaml new file mode 100644 index 000000000..2ad505cc3 --- /dev/null +++ b/config/turing/turing_mybinder_org_ingress.yaml @@ -0,0 +1,20 @@ +apiVersion: extensions/v1beta1 +kind: Ingress +metadata: + name: turing-mybinder-org + annotations: + kubernetes.io/tls-acme: "true" + kubernetes.io/ingress.class: "nginx" +spec: + rules: + - host: turing.mybinder.org + http: + paths: + - path: / + backend: + serviceName: binder + servicePort: 8585 + tls: + - secretName: tls-binder-turing + hosts: + - "turing.mybinder.org" From 603ff21cab98e16bd6ccf9ccc05adce09823cf48 Mon Sep 17 00:00:00 2001 From: Sarah Gibson Date: Tue, 10 Dec 2019 10:13:14 +0000 Subject: [PATCH 44/66] Rename turing secrets --- config/turing.yaml | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/config/turing.yaml b/config/turing.yaml index 1101f9a45..7e2db9f24 100644 --- a/config/turing.yaml +++ b/config/turing.yaml @@ -40,7 +40,7 @@ binderhub: cert-manager.io/cluster-issuer: letsencrypt-prod kubernetes.io/tls-acme: "true" tls: - - secretName: tls-crt + - secretName: turing-binder-tls-crt hosts: - testbinder.hub23.turing.ac.uk @@ -86,7 +86,7 @@ binderhub: hosts: - testhub.hub23.turing.ac.uk tls: - - secretName: tls-crt + - secretName: turing-hub-tls-crt hosts: - testhub.hub23.turing.ac.uk @@ -107,7 +107,7 @@ grafana: hosts: - grafana.hub23.turing.ac.uk tls: - - secretName: tls-crt + - secretName: turing-grafana-tls-crt hosts: - grafana.hub23.turing.ac.uk @@ -134,7 +134,7 @@ prometheus: tls: - hosts: - prometheus.hub23.turing.ac.uk - secretName: tls-crt + secretName: turing-prometheus-tls-crt nginx-ingress: @@ -151,11 +151,11 @@ static: kubernetes.io/ingress.class: nginx kubernetes.io/tls-acme: 'false' hosts: - - static-turing.10.0.0.1.xip.io + - static.hub23.turing.ac.uk tls: - hosts: - - static-turing.10.0.0.1.xip.io - secretName: tls-crt + - static.hub23.turing.ac.uk + secretName: turing-static-tls-crt redirector: redirects: From 660a71dfb31e1fec4ebfdbc9890e2a14054f0239 Mon Sep 17 00:00:00 2001 From: Sarah Gibson Date: Tue, 10 Dec 2019 10:22:41 +0000 Subject: [PATCH 45/66] Update turing hostname in values --- mybinder/values.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/mybinder/values.yaml b/mybinder/values.yaml index bd074261e..c248dee66 100644 --- a/mybinder/values.yaml +++ b/mybinder/values.yaml @@ -434,7 +434,7 @@ federationRedirect: health: https://gesis.mybinder.org/health versions: https://gesis.mybinder.org/versions turing: - url: https://testbinder.hub23.turing.ac.uk + url: https://turing.mybinder.org weight: 1 - health: https://testbinder.hub23.turing.ac.uk/health - versions: https://testbinder.hub23.turing.ac.uk/versions + health: https://turing.mybinder.org/health + versions: https://turing.mybinder.org/versions From c87ee4e88492e8e30d87780612ed7aefef043a11 Mon Sep 17 00:00:00 2001 From: Sarah Gibson Date: Tue, 10 Dec 2019 10:54:43 +0000 Subject: [PATCH 46/66] Add turing.mybinder.org host --- config/turing.yaml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/config/turing.yaml b/config/turing.yaml index 7e2db9f24..5849b3fdc 100644 --- a/config/turing.yaml +++ b/config/turing.yaml @@ -35,6 +35,7 @@ binderhub: ingress: hosts: - testbinder.hub23.turing.ac.uk + - turing.mybinder.org annotations: kubernetes.io/ingress.class: nginx cert-manager.io/cluster-issuer: letsencrypt-prod @@ -43,6 +44,7 @@ binderhub: - secretName: turing-binder-tls-crt hosts: - testbinder.hub23.turing.ac.uk + - turing.mybinder.org jupyterhub: hub: From 56d2c80e70f2f544b4e1980549f9d4b096ba9a06 Mon Sep 17 00:00:00 2001 From: Sarah Gibson Date: Wed, 11 Dec 2019 10:54:00 +0000 Subject: [PATCH 47/66] Remove if statement in deploy.py --- deploy.py | 16 +++++----------- 1 file changed, 5 insertions(+), 11 deletions(-) diff --git a/deploy.py b/deploy.py index 865a0ba05..2ee7e2feb 100755 --- a/deploy.py +++ b/deploy.py @@ -148,17 +148,11 @@ def setup_helm(release): def deploy(release): """Deploy jupyterhub""" print(BOLD + GREEN + f"Updating network-bans for {release}" + NC, flush=True) - if release == "turing": - subprocess.check_call([ - "python3", - "secrets/ban.py", - release, - ]) - else: - subprocess.check_call([ - "python3", - "secrets/ban.py", - ]) + subprocess.check_call([ + "python3", + "secrets/ban.py", + release, + ]) print(BOLD + GREEN + f"Starting helm upgrade for {release}" + NC, flush=True) helm = [ From 2026451ddf7b6081e507a84e6960760d883544e8 Mon Sep 17 00:00:00 2001 From: Sarah Gibson Date: Wed, 11 Dec 2019 10:57:25 +0000 Subject: [PATCH 48/66] Temporarily change letsencrypt issuer to staging --- config/turing.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/config/turing.yaml b/config/turing.yaml index 5849b3fdc..50a5b766d 100644 --- a/config/turing.yaml +++ b/config/turing.yaml @@ -38,7 +38,7 @@ binderhub: - turing.mybinder.org annotations: kubernetes.io/ingress.class: nginx - cert-manager.io/cluster-issuer: letsencrypt-prod + cert-manager.io/cluster-issuer: letsencrypt-staging kubernetes.io/tls-acme: "true" tls: - secretName: turing-binder-tls-crt @@ -200,6 +200,6 @@ gcsProxy: certmanager: ingressShim: - defaultIssuerName: "prod" + defaultIssuerName: "letsencrypt-staging" defaultIssuerKind: "ClusterIssuer" defaultACMEChallengeType: "http01" From 922164b5f9440ec64b3fe9a5e60983106b95723c Mon Sep 17 00:00:00 2001 From: Sarah Gibson Date: Wed, 11 Dec 2019 10:58:05 +0000 Subject: [PATCH 49/66] Remove playground and beta hosts --- config/turing.yaml | 8 -------- 1 file changed, 8 deletions(-) diff --git a/config/turing.yaml b/config/turing.yaml index 50a5b766d..ed568a334 100644 --- a/config/turing.yaml +++ b/config/turing.yaml @@ -161,18 +161,10 @@ static: redirector: redirects: - - type: host - host: - from: beta-binder.turing.10.0.0.1.xip.io - to: turing.10.0.0.1.xip.io - type: host host: from: docs-mybinder.turing.10.0.0.1.xip.io to: mybinder.readthedocs.io - - type: host - host: - from: playground-turing.10.0.0.1.xip.io - to: play.nteract.io matomo: enabled: false From 4785290674e1b53a2469eb12fb37611e8605ff29 Mon Sep 17 00:00:00 2001 From: Sarah Gibson Date: Wed, 11 Dec 2019 11:00:21 +0000 Subject: [PATCH 50/66] Remove ingress shim for certmanager --- config/turing.yaml | 6 ------ 1 file changed, 6 deletions(-) diff --git a/config/turing.yaml b/config/turing.yaml index ed568a334..b87742d25 100644 --- a/config/turing.yaml +++ b/config/turing.yaml @@ -189,9 +189,3 @@ gcsProxy: buckets: - name: mybinder-staging-events-archive host: archive-analytics-staging-mybinder.turing.10.0.0.1.xip.io - -certmanager: - ingressShim: - defaultIssuerName: "letsencrypt-staging" - defaultIssuerKind: "ClusterIssuer" - defaultACMEChallengeType: "http01" From 5ac8f08d4068f4c235d6a6fb2c7b86ea8bb607ba Mon Sep 17 00:00:00 2001 From: Sarah Gibson Date: Wed, 11 Dec 2019 11:13:19 +0000 Subject: [PATCH 51/66] Move cluster issuer into templates folder --- mybinder/{ => templates}/cluster-issuer.yaml | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename mybinder/{ => templates}/cluster-issuer.yaml (100%) diff --git a/mybinder/cluster-issuer.yaml b/mybinder/templates/cluster-issuer.yaml similarity index 100% rename from mybinder/cluster-issuer.yaml rename to mybinder/templates/cluster-issuer.yaml From 6c3c3ff02defe174ca4391a53cb9e21659a4521d Mon Sep 17 00:00:00 2001 From: Sarah Gibson Date: Wed, 11 Dec 2019 11:17:24 +0000 Subject: [PATCH 52/66] Remove ingress config --- .../turing/turing_mybinder_org_ingress.yaml | 20 ------------------- 1 file changed, 20 deletions(-) delete mode 100644 config/turing/turing_mybinder_org_ingress.yaml diff --git a/config/turing/turing_mybinder_org_ingress.yaml b/config/turing/turing_mybinder_org_ingress.yaml deleted file mode 100644 index 2ad505cc3..000000000 --- a/config/turing/turing_mybinder_org_ingress.yaml +++ /dev/null @@ -1,20 +0,0 @@ -apiVersion: extensions/v1beta1 -kind: Ingress -metadata: - name: turing-mybinder-org - annotations: - kubernetes.io/tls-acme: "true" - kubernetes.io/ingress.class: "nginx" -spec: - rules: - - host: turing.mybinder.org - http: - paths: - - path: / - backend: - serviceName: binder - servicePort: 8585 - tls: - - secretName: tls-binder-turing - hosts: - - "turing.mybinder.org" From 48101275251a186d99708a1daeb7111ea575ebe7 Mon Sep 17 00:00:00 2001 From: Sarah Gibson Date: Wed, 11 Dec 2019 11:58:04 +0000 Subject: [PATCH 53/66] Add if statements to cluster issuer file --- mybinder/templates/cluster-issuer.yaml | 65 ++++++++++++++------------ 1 file changed, 35 insertions(+), 30 deletions(-) diff --git a/mybinder/templates/cluster-issuer.yaml b/mybinder/templates/cluster-issuer.yaml index b9b0466ed..507a8939b 100644 --- a/mybinder/templates/cluster-issuer.yaml +++ b/mybinder/templates/cluster-issuer.yaml @@ -1,32 +1,37 @@ ---- -apiVersion: cert-manager.io/v1alpha2 -kind: ClusterIssuer -metadata: - name: letsencrypt-staging - namespace: turing -spec: - acme: - server: https://acme-staging-v02.api.letsencrypt.org/directory - email: drsarahlgibson@gmail.com - privateKeySecretRef: +{{- range $certmanager := .Values.binderhub.ingress.annotations }} +{{- if (eq $certmanager.cert-manager.io/clusterissuer "letsencrypt-staging") }} + --- + apiVersion: cert-manager.io/v1alpha2 + kind: ClusterIssuer + metadata: name: letsencrypt-staging - solvers: - - http01: - ingress: - class: nginx ---- -apiVersion: cert-manager.io/v1alpha2 -kind: ClusterIssuer -metadata: - name: letsencrypt-prod - namespace: turing -spec: - acme: - server: https://acme-v02.api.letsencrypt.org/directory - email: drsarahlgibson@gmail.com - privateKeySecretRef: + namespace: turing + spec: + acme: + server: https://acme-staging-v02.api.letsencrypt.org/directory + email: drsarahlgibson@gmail.com + privateKeySecretRef: + name: letsencrypt-staging + solvers: + - http01: + ingress: + class: nginx +{{ end }} +{{- if (eq $certmanager.cert-manager.io/clusterissuer "letsencrypt-prod") }} + --- + apiVersion: cert-manager.io/v1alpha2 + kind: ClusterIssuer + metadata: name: letsencrypt-prod - solvers: - - http01: - ingress: - class: nginx + namespace: turing + spec: + acme: + server: https://acme-v02.api.letsencrypt.org/directory + email: drsarahlgibson@gmail.com + privateKeySecretRef: + name: letsencrypt-prod + solvers: + - http01: + ingress: + class: nginx +{{ end }} From d3f63933f68acd1e44a7d34123937d7457cacef0 Mon Sep 17 00:00:00 2001 From: Sarah Gibson Date: Wed, 11 Dec 2019 12:00:57 +0000 Subject: [PATCH 54/66] Correct cluster issuer syntax --- mybinder/templates/cluster-issuer.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/mybinder/templates/cluster-issuer.yaml b/mybinder/templates/cluster-issuer.yaml index 507a8939b..460113c48 100644 --- a/mybinder/templates/cluster-issuer.yaml +++ b/mybinder/templates/cluster-issuer.yaml @@ -1,6 +1,6 @@ +--- {{- range $certmanager := .Values.binderhub.ingress.annotations }} {{- if (eq $certmanager.cert-manager.io/clusterissuer "letsencrypt-staging") }} - --- apiVersion: cert-manager.io/v1alpha2 kind: ClusterIssuer metadata: @@ -17,8 +17,8 @@ ingress: class: nginx {{ end }} +--- {{- if (eq $certmanager.cert-manager.io/clusterissuer "letsencrypt-prod") }} - --- apiVersion: cert-manager.io/v1alpha2 kind: ClusterIssuer metadata: From c0710f8018813bd2f424ebe5b5bb40cb5dd66649 Mon Sep 17 00:00:00 2001 From: Sarah Gibson Date: Wed, 11 Dec 2019 13:06:47 +0000 Subject: [PATCH 55/66] Undo if statements in cluster issuer --- mybinder/templates/cluster-issuer.yaml | 61 ++++++++++++-------------- 1 file changed, 28 insertions(+), 33 deletions(-) diff --git a/mybinder/templates/cluster-issuer.yaml b/mybinder/templates/cluster-issuer.yaml index 460113c48..b9b0466ed 100644 --- a/mybinder/templates/cluster-issuer.yaml +++ b/mybinder/templates/cluster-issuer.yaml @@ -1,37 +1,32 @@ --- -{{- range $certmanager := .Values.binderhub.ingress.annotations }} -{{- if (eq $certmanager.cert-manager.io/clusterissuer "letsencrypt-staging") }} - apiVersion: cert-manager.io/v1alpha2 - kind: ClusterIssuer - metadata: +apiVersion: cert-manager.io/v1alpha2 +kind: ClusterIssuer +metadata: + name: letsencrypt-staging + namespace: turing +spec: + acme: + server: https://acme-staging-v02.api.letsencrypt.org/directory + email: drsarahlgibson@gmail.com + privateKeySecretRef: name: letsencrypt-staging - namespace: turing - spec: - acme: - server: https://acme-staging-v02.api.letsencrypt.org/directory - email: drsarahlgibson@gmail.com - privateKeySecretRef: - name: letsencrypt-staging - solvers: - - http01: - ingress: - class: nginx -{{ end }} + solvers: + - http01: + ingress: + class: nginx --- -{{- if (eq $certmanager.cert-manager.io/clusterissuer "letsencrypt-prod") }} - apiVersion: cert-manager.io/v1alpha2 - kind: ClusterIssuer - metadata: +apiVersion: cert-manager.io/v1alpha2 +kind: ClusterIssuer +metadata: + name: letsencrypt-prod + namespace: turing +spec: + acme: + server: https://acme-v02.api.letsencrypt.org/directory + email: drsarahlgibson@gmail.com + privateKeySecretRef: name: letsencrypt-prod - namespace: turing - spec: - acme: - server: https://acme-v02.api.letsencrypt.org/directory - email: drsarahlgibson@gmail.com - privateKeySecretRef: - name: letsencrypt-prod - solvers: - - http01: - ingress: - class: nginx -{{ end }} + solvers: + - http01: + ingress: + class: nginx From d1d1b647c92d2421daafe70b3476272ede2f3717 Mon Sep 17 00:00:00 2001 From: Sarah Gibson Date: Wed, 11 Dec 2019 13:29:26 +0000 Subject: [PATCH 56/66] Re-add if statements to cluster issuer file --- mybinder/templates/cluster-issuer.yaml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/mybinder/templates/cluster-issuer.yaml b/mybinder/templates/cluster-issuer.yaml index b9b0466ed..db42f23d2 100644 --- a/mybinder/templates/cluster-issuer.yaml +++ b/mybinder/templates/cluster-issuer.yaml @@ -1,4 +1,5 @@ --- +{{- if .Values.tags.certmanager }} apiVersion: cert-manager.io/v1alpha2 kind: ClusterIssuer metadata: @@ -14,7 +15,9 @@ spec: - http01: ingress: class: nginx +{{- end }} --- +{{- if .Values.tags.certmanager }} apiVersion: cert-manager.io/v1alpha2 kind: ClusterIssuer metadata: @@ -30,3 +33,4 @@ spec: - http01: ingress: class: nginx +{{- end }} From 912b6ca0dd14477a2efaa58d6635d30df02b56be Mon Sep 17 00:00:00 2001 From: Sarah Gibson Date: Wed, 11 Dec 2019 14:24:53 +0000 Subject: [PATCH 57/66] Change certificates back to prod --- config/turing.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/config/turing.yaml b/config/turing.yaml index b87742d25..d23d914c3 100644 --- a/config/turing.yaml +++ b/config/turing.yaml @@ -38,7 +38,7 @@ binderhub: - turing.mybinder.org annotations: kubernetes.io/ingress.class: nginx - cert-manager.io/cluster-issuer: letsencrypt-staging + cert-manager.io/cluster-issuer: letsencrypt-prod kubernetes.io/tls-acme: "true" tls: - secretName: turing-binder-tls-crt From 2c4c10d961c843f31a0f8e15a29cd2dd6f6a04d0 Mon Sep 17 00:00:00 2001 From: Sarah Gibson Date: Wed, 11 Dec 2019 15:28:04 +0000 Subject: [PATCH 58/66] Rearrange annotations --- config/turing.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/config/turing.yaml b/config/turing.yaml index d23d914c3..901e5208c 100644 --- a/config/turing.yaml +++ b/config/turing.yaml @@ -37,8 +37,8 @@ binderhub: - testbinder.hub23.turing.ac.uk - turing.mybinder.org annotations: - kubernetes.io/ingress.class: nginx cert-manager.io/cluster-issuer: letsencrypt-prod + kubernetes.io/ingress.class: nginx kubernetes.io/tls-acme: "true" tls: - secretName: turing-binder-tls-crt @@ -82,8 +82,8 @@ binderhub: ingress: annotations: - kubernetes.io/ingress.class: nginx cert-manager.io/cluster-issuer: letsencrypt-prod + kubernetes.io/ingress.class: nginx kubernetes.io/tls-acme: "true" hosts: - testhub.hub23.turing.ac.uk From 9be810ffa583c4a4cf22cd5b8d28142feddfcdac Mon Sep 17 00:00:00 2001 From: Sarah Gibson Date: Wed, 11 Dec 2019 15:35:03 +0000 Subject: [PATCH 59/66] Rearrange if statement in cluster issuer --- mybinder/templates/cluster-issuer.yaml | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/mybinder/templates/cluster-issuer.yaml b/mybinder/templates/cluster-issuer.yaml index db42f23d2..3466980a4 100644 --- a/mybinder/templates/cluster-issuer.yaml +++ b/mybinder/templates/cluster-issuer.yaml @@ -1,5 +1,5 @@ ---- {{- if .Values.tags.certmanager }} +--- apiVersion: cert-manager.io/v1alpha2 kind: ClusterIssuer metadata: @@ -15,9 +15,7 @@ spec: - http01: ingress: class: nginx -{{- end }} --- -{{- if .Values.tags.certmanager }} apiVersion: cert-manager.io/v1alpha2 kind: ClusterIssuer metadata: From 8a843ac40e72da0e32bf7f9d5fa2ed5751f04117 Mon Sep 17 00:00:00 2001 From: Sarah Gibson Date: Thu, 12 Dec 2019 16:20:05 +0000 Subject: [PATCH 60/66] Change turing A records --- config/turing.yaml | 34 +++++++++++++++++----------------- 1 file changed, 17 insertions(+), 17 deletions(-) diff --git a/config/turing.yaml b/config/turing.yaml index 901e5208c..8975bab32 100644 --- a/config/turing.yaml +++ b/config/turing.yaml @@ -13,7 +13,7 @@ binderhub: config: BinderHub: pod_quota: 20 - hub_url: http://testhub.hub23.turing.ac.uk + hub_url: http://newhub.hub23.turing.ac.uk badge_base_url: https://mybinder.org image_prefix: turingmybinderregistry.azurecr.io/binder-prod/binder-prod- sticky_builds: true @@ -34,16 +34,16 @@ binderhub: ingress: hosts: - - testbinder.hub23.turing.ac.uk + - newbinder.hub23.turing.ac.uk - turing.mybinder.org annotations: cert-manager.io/cluster-issuer: letsencrypt-prod kubernetes.io/ingress.class: nginx kubernetes.io/tls-acme: "true" tls: - - secretName: turing-binder-tls-crt + - secretName: turing-newbinder-tls-crt hosts: - - testbinder.hub23.turing.ac.uk + - newbinder.hub23.turing.ac.uk - turing.mybinder.org jupyterhub: @@ -86,11 +86,11 @@ binderhub: kubernetes.io/ingress.class: nginx kubernetes.io/tls-acme: "true" hosts: - - testhub.hub23.turing.ac.uk + - newhub.hub23.turing.ac.uk tls: - - secretName: turing-hub-tls-crt + - secretName: turing-newhub-tls-crt hosts: - - testhub.hub23.turing.ac.uk + - newhub.hub23.turing.ac.uk scheduling: userScheduler: @@ -107,11 +107,11 @@ grafana: kubernetes.io/ingress.class: nginx kubernetes.io/tls-acme: 'true' hosts: - - grafana.hub23.turing.ac.uk + - newgraf.hub23.turing.ac.uk tls: - - secretName: turing-grafana-tls-crt + - secretName: turing-newgraf-tls-crt hosts: - - grafana.hub23.turing.ac.uk + - newgraf.hub23.turing.ac.uk datasources: datasources.yaml: @@ -120,7 +120,7 @@ grafana: - name: prometheus orgId: 1 type: prometheus - url: https://prometheus.hub23.turing.ac.uk + url: https://newprom.hub23.turing.ac.uk access: direct isDefault: true editable: false @@ -132,11 +132,11 @@ prometheus: kubernetes.io/ingress.class: nginx kubernetes.io/tls-acme: 'false' hosts: - - prometheus.hub23.turing.ac.uk + - newprom.hub23.turing.ac.uk tls: - hosts: - - prometheus.hub23.turing.ac.uk - secretName: turing-prometheus-tls-crt + - newprom.hub23.turing.ac.uk + secretName: turing-newprom-tls-crt nginx-ingress: @@ -153,11 +153,11 @@ static: kubernetes.io/ingress.class: nginx kubernetes.io/tls-acme: 'false' hosts: - - static.hub23.turing.ac.uk + - newstat.hub23.turing.ac.uk tls: - hosts: - - static.hub23.turing.ac.uk - secretName: turing-static-tls-crt + - newstat.hub23.turing.ac.uk + secretName: turing-newstat-tls-crt redirector: redirects: From 8485ee5d610db1664705784b000ed4fd9e85e173 Mon Sep 17 00:00:00 2001 From: Sarah Gibson Date: Mon, 6 Jan 2020 15:48:26 +0000 Subject: [PATCH 61/66] Correct hub url for turing cluster in travis config --- .travis.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.travis.yml b/.travis.yml index 219983bbf..dc9634c1c 100644 --- a/.travis.yml +++ b/.travis.yml @@ -105,7 +105,7 @@ before_deploy: travis_retry py.test -vx -n 2 --binder-url=https://ovh.mybinder.org --hub-url=https://hub-binder.mybinder.ovh - | # Stage 5, Step 6: Verify production on Turing k8s works - travis_retry py.test -vx -n 2 --binder-url=https://turing.mybinder.org --hub-url=https://hub.turing.mybinder.org + travis_retry py.test -vx -n 2 --binder-url=https://turing.mybinder.org --hub-url=https://hub.mybinder.turing.ac.uk env: From 20bf03eece5434234b5a3de3d2ce3ed8f3d11bcf Mon Sep 17 00:00:00 2001 From: Sarah Gibson Date: Mon, 6 Jan 2020 16:28:45 +0000 Subject: [PATCH 62/66] Update host and secret names --- config/turing.yaml | 36 ++++++++++++++++++------------------ 1 file changed, 18 insertions(+), 18 deletions(-) diff --git a/config/turing.yaml b/config/turing.yaml index 8975bab32..57be062f9 100644 --- a/config/turing.yaml +++ b/config/turing.yaml @@ -13,7 +13,7 @@ binderhub: config: BinderHub: pod_quota: 20 - hub_url: http://newhub.hub23.turing.ac.uk + hub_url: https://hub.mybinder.turing.ac.uk badge_base_url: https://mybinder.org image_prefix: turingmybinderregistry.azurecr.io/binder-prod/binder-prod- sticky_builds: true @@ -34,16 +34,16 @@ binderhub: ingress: hosts: - - newbinder.hub23.turing.ac.uk + - binder.mybinder.turing.ac.uk - turing.mybinder.org annotations: cert-manager.io/cluster-issuer: letsencrypt-prod kubernetes.io/ingress.class: nginx kubernetes.io/tls-acme: "true" tls: - - secretName: turing-newbinder-tls-crt + - secretName: turing-binder-tls-crt hosts: - - newbinder.hub23.turing.ac.uk + - binder.mybinder.turing.ac.uk - turing.mybinder.org jupyterhub: @@ -86,11 +86,11 @@ binderhub: kubernetes.io/ingress.class: nginx kubernetes.io/tls-acme: "true" hosts: - - newhub.hub23.turing.ac.uk + - hub.mybinder.turing.ac.uk tls: - - secretName: turing-newhub-tls-crt + - secretName: turing-hub-tls-crt hosts: - - newhub.hub23.turing.ac.uk + - hub.mybinder.turing.ac.uk scheduling: userScheduler: @@ -107,11 +107,11 @@ grafana: kubernetes.io/ingress.class: nginx kubernetes.io/tls-acme: 'true' hosts: - - newgraf.hub23.turing.ac.uk + - grafana.mybinder.turing.ac.uk tls: - - secretName: turing-newgraf-tls-crt + - secretName: turing-grafana-tls-crt hosts: - - newgraf.hub23.turing.ac.uk + - grafana.mybinder.turing.ac.uk datasources: datasources.yaml: @@ -120,7 +120,7 @@ grafana: - name: prometheus orgId: 1 type: prometheus - url: https://newprom.hub23.turing.ac.uk + url: https://prometheus.mybinder.turing.ac.uk access: direct isDefault: true editable: false @@ -132,17 +132,17 @@ prometheus: kubernetes.io/ingress.class: nginx kubernetes.io/tls-acme: 'false' hosts: - - newprom.hub23.turing.ac.uk + - prometheus.mybinder.turing.ac.uk tls: - hosts: - - newprom.hub23.turing.ac.uk - secretName: turing-newprom-tls-crt + - prometheus.mybinder.turing.ac.uk + secretName: turing-prometheus-tls-crt nginx-ingress: controller: service: - loadBalancerIP: 51.105.186.97 + loadBalancerIP: 51.105.153.145 config: proxy-body-size: 64m @@ -153,11 +153,11 @@ static: kubernetes.io/ingress.class: nginx kubernetes.io/tls-acme: 'false' hosts: - - newstat.hub23.turing.ac.uk + - static.mybinder.turing.ac.uk tls: - hosts: - - newstat.hub23.turing.ac.uk - secretName: turing-newstat-tls-crt + - static.mybinder.turing.ac.uk + secretName: turing-static-tls-crt redirector: redirects: From 812e82c6cbf91ee30f03cf2b26b483018360f738 Mon Sep 17 00:00:00 2001 From: Sarah Gibson Date: Tue, 7 Jan 2020 10:58:49 +0000 Subject: [PATCH 63/66] Update step numbers in travis config --- .travis.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.travis.yml b/.travis.yml index dc9634c1c..1c93e8fa5 100644 --- a/.travis.yml +++ b/.travis.yml @@ -98,13 +98,13 @@ before_deploy: # Stage 5, Step 4: Deploy to production on Turing k8s python ./deploy.py turing turing - | - # Stage 5, Step 4: Verify production works + # Stage 5, Step 5: Verify production works travis_retry py.test -vx -n 2 --binder-url=https://gke.mybinder.org --hub-url=https://hub.gke.mybinder.org - | - # Stage 5, Step 5: Verify production on ovh k8s works + # Stage 5, Step 6: Verify production on ovh k8s works travis_retry py.test -vx -n 2 --binder-url=https://ovh.mybinder.org --hub-url=https://hub-binder.mybinder.ovh - | - # Stage 5, Step 6: Verify production on Turing k8s works + # Stage 5, Step 7: Verify production on Turing k8s works travis_retry py.test -vx -n 2 --binder-url=https://turing.mybinder.org --hub-url=https://hub.mybinder.turing.ac.uk From 0cb52cfeffd9e0e7d5cdc00993b646bb3b32575e Mon Sep 17 00:00:00 2001 From: Sarah Gibson Date: Tue, 7 Jan 2020 18:58:19 +0000 Subject: [PATCH 64/66] Enable https to fix lets encrypt --- config/turing.yaml | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) diff --git a/config/turing.yaml b/config/turing.yaml index 57be062f9..c8dc8f348 100644 --- a/config/turing.yaml +++ b/config/turing.yaml @@ -33,6 +33,7 @@ binderhub: memory: 1Gi ingress: + enabled: true hosts: - binder.mybinder.turing.ac.uk - turing.mybinder.org @@ -40,6 +41,9 @@ binderhub: cert-manager.io/cluster-issuer: letsencrypt-prod kubernetes.io/ingress.class: nginx kubernetes.io/tls-acme: "true" + https: + enabled: true + type: nginx tls: - secretName: turing-binder-tls-crt hosts: @@ -81,10 +85,14 @@ binderhub: cpu: 1 ingress: + enabled: true annotations: cert-manager.io/cluster-issuer: letsencrypt-prod kubernetes.io/ingress.class: nginx kubernetes.io/tls-acme: "true" + https: + enabled: true + type: nginx hosts: - hub.mybinder.turing.ac.uk tls: @@ -105,7 +113,7 @@ grafana: ingress: annotations: kubernetes.io/ingress.class: nginx - kubernetes.io/tls-acme: 'true' + kubernetes.io/tls-acme: 'false' hosts: - grafana.mybinder.turing.ac.uk tls: @@ -142,7 +150,7 @@ prometheus: nginx-ingress: controller: service: - loadBalancerIP: 51.105.153.145 + loadBalancerIP: 51.105.120.231 config: proxy-body-size: 64m From 3a7c99965b42a3b06330299131fa0ce26922e0a8 Mon Sep 17 00:00:00 2001 From: Sarah Gibson Date: Tue, 7 Jan 2020 19:06:53 +0000 Subject: [PATCH 65/66] Issue certificates for grafana --- config/turing.yaml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/config/turing.yaml b/config/turing.yaml index c8dc8f348..6f5c1eb4b 100644 --- a/config/turing.yaml +++ b/config/turing.yaml @@ -112,8 +112,9 @@ binderhub: grafana: ingress: annotations: + cert-manager.io/cluster-issuer: letsencrypt-prod kubernetes.io/ingress.class: nginx - kubernetes.io/tls-acme: 'false' + kubernetes.io/tls-acme: 'true' hosts: - grafana.mybinder.turing.ac.uk tls: From 08959f775c6af5d094783b6077644e057d005813 Mon Sep 17 00:00:00 2001 From: Sarah Gibson Date: Fri, 10 Jan 2020 14:18:46 +0000 Subject: [PATCH 66/66] Add grafana admin password to turing secrets config --- secrets/config/turing.yaml | Bin 386 -> 424 bytes 1 file changed, 0 insertions(+), 0 deletions(-) diff --git a/secrets/config/turing.yaml b/secrets/config/turing.yaml index eec4ca6fece585e448d3786501167e49a2911acb..a938404ae047dd5efcb604b76fd854a368aeefa4 100644 GIT binary patch literal 424 zcmV;Z0ayM2M@dveQdv+`0CFl(#+yyrHp)pjfL59dj0~N_jX2!{MjM3rR};+8u%dks z&;Ip>dS}x>Bc(W#IE2DjzwM<`LhB%Ns(+9J1YFQjWNg7XV5YIIv=_dTe{>(F%Fiq9 zu>u`XP^2?am4tGTrS%^HJBG|cv%R|1(iAC>zN@F=9m3i6Q({?ViDzDs^iV~iE3~}? zYoW;BSFg_)3?RG$aYwt}7$vPC&z{pZF%AO7)l$rV{JIcQ#a|-;n6jEUg+DWm!+E;b zO19?4oLKo1>WyG4ZjlhvxY+LT-ZH7+3*X3c?XD{{pqR-a+&Gj9SEJ;EKC|zRjQ2sT zM7JdfYMLpj9VfK^`@g12-cuP^gnpe^Gie+~XyB23w?kgx7e z*F5&9++p`AFB(VwK`4GVsFU5x;}U{qdP1Wbdy=;2;b}AsXVt3b{XxHGNZ6X;$shc~ S(EL6sp)-Fkt>v!nR*he79@WDD literal 386 zcmV-|0e$`eM@dveQdv+`0Jn5E4$@kTvHPYcZ*+n{t*Z~~dEByEBO+iri0&OGwBOkK zQZy}BKg01Jod)Pr!|NgU^Xg+yf6Oc&r9`qHD~E2hY9|h4%8GeG6df6LWYfFQXEAmW zXEY}VVko{HLHuhvo1zf$_|w4uW%wzCDNwM_Dp~J`Q+HdFETc*ezC9UJR)fPO+$mCA zU?|4S&w?m~WT4U*&-E`0w~;Agg9#Q50Bp>Zcz|f96a|zfAfFv3Xw&B+#}4RW)d@Q9 zJoD9Wrm(PJuAtIQTFLS0-opH47_!m0nD&mw&Q(8$Ru3V^ebleuO!_?=5Y$k;t_ zee49i$x#%>dlVphvZmUH+t1c{J`@D7&J(k8Vl-f>mGdNQ=eR{sbw}tN5@13iNYe^# gtu=!Cf