[MRG] Adding Turing cluster to the Federation

.gitignore

@@ -13,3 +13,5 @@ mybinder/requirements.lock
 docs/_build
 travis/crypt-key
 env
+
+.vscode

.travis.yml

@@ -32,6 +32,9 @@ before_deploy:
 - |
   # Stage 1: Install gcloud SDK
   curl -L https://dl.google.com/dl/cloudsdk/channels/rapid/downloads/google-cloud-sdk-173.0.0-linux-x86_64.tar.gz | tar --directory ${HOME} --extract --gzip --file -
+- |
+  # Stage 1: Install Azure CLI
+  curl -L https://aka.ms/InstallAzureCli | bash
 - |
   # Stage 1: Install Kubectl
   mkdir -p ${HOME}/bin
@@ -90,12 +93,17 @@ before_deploy:
 - |
   # Stage 5, Step 3: Deploy to production on ovh k8s
   python ./deploy.py ovh binder-ovh
+- |
+  # Stage 5, Step 4: Deploy to production on Turing k8s
+  python ./deploy.py prod turing
 - |
   # Stage 5, Step 4: Verify production works
   travis_retry py.test -vx -n 2 --binder-url=https://gke.mybinder.org --hub-url=https://hub.gke.mybinder.org
 - |
   # Stage 5, Step 5: Verify production on ovh k8s works
   travis_retry py.test -vx -n 2 --binder-url=https://ovh.mybinder.org --hub-url=https://hub-binder.mybinder.ovh
+- # Stage 5, Step 6: Verify production on Turing k8s works
+  travis_retry py.test -vx -n 2 --binder-url=https://turing.mybinder.org --hub-url=https://hub.turing.mybinder.org
 
 
 env:

config/turing.yaml

@@ -0,0 +1,190 @@
+projectName: turing
+
+binderhub:
+  config:
+    BinderHub:
+      pod_quota: 120
+      hub_url: https://hub.turing.mybinder.org
+      badge_base_url: https://mybinder.org
+      image_prefix: turingmybinderregistry.azurecr.io/binder-prod/binder-prod-
+      sticky_builds: true
+    DockerRegistry:
+      token_url: https://turingmybinderregistry.azurecr.io/oauth2/token?service=turingmybinderregistry.azurecr.io
+  registry:
+    url: https://turingmybinderregistry.azurecr.io
+
+  replicas: 1
+
+  resources:
+    requests:
+      cpu: "0.25"
+      memory: 1Gi
+    limits:
+      cpu: "2"
+      memory: 1Gi
+
+  extraVolumes:
+    - name: secrets
+      secret:
+        secretName: events-archiver-secrets
+  extraVolumeMounts:
+    - name: secrets
+      mountPath: /secrets
+      readOnly: true
+  extraEnv:
+    - name: GOOGLE_APPLICATION_CREDENTIALS
+      value: /secrets/service-account.json
+
+  ingress:
+    hosts:
+      - turing.mybinder.org
+
+  jupyterhub:
+    hub:
+      resources:
+        requests:
+          cpu: "0.25"
+          memory: 1Gi
+        limits:
+          cpu: "2"
+          memory: 1Gi
+    singleuser:
+      memory:
+        guarantee: 550M
+        limit: 2G
+      cpu:
+        guarantee: 0.01
+        limit: 1
+    proxy:
+      https:
+        type: offload
+      chp:
+        resources:
+          requests:
+            memory: 320Mi
+            cpu: "0.1"
+          limits:
+            memory: 320Mi
+            cpu: "0.5"
+      nginx:
+        resources:
+          requests:
+            memory: 512Mi
+            cpu: "0.25"
+          limits:
+            memory: 512Mi
+            cpu: 1
+
+    ingress:
+      annotations:
+        kubernetes.io/ingress.class: nginx
+        kubernetes.io/tls-acme: 'false'
+      hosts:
+        - hub.turing.mybinder.org
+      tls:
+        - secretName: tls-crt
+          hosts:
+            - hub.turing.mybinder.org
+
+    scheduling:
+      userScheduler:
+        enabled: false
+      podPriority:
+        enabled: true
+      userPlaceholder:
+        enabled: true
+        replicas: 5
+
+grafana:
+  ingress:
+    annotations:
+      kubernetes.io/ingress.class: nginx
+      kubernetes.io/tls-acme: 'false'
+    hosts:
+      - grafana-turing.mybinder.org
+    tls:
+      - hosts:
+          - grafana-turing.mybinder.org
+        secretName: tls-crt-turing
+  datasources:
+    datasources.yaml:
+      apiVersion: 1
+      datasources:
+        - name: prometheus
+          orgId: 1
+          type: prometheus
+          url: https://prometheus-turing.mybinder.org
+          access: direct
+          isDefault: true
+          editable: false
+
+prometheus:
+  server:
+    ingress:
+      annotations:
+        kubernetes.io/ingress.class: nginx
+        kubernetes.io/tls-acme: 'false'
+      hosts:
+        - prometheus-turing.mybinder.org
+      tls:
+        - hosts:
+            - prometheus-turing.mybinder.org
+          secretName: tls-crt-turing
+
+nginx-ingress:
+  controller:
+    hostNetwork: true
+    replicaCount: 1
+  scope:
+    enabled: false
+
+
+static:
+  ingress:
+    annotations:
+      kubernetes.io/ingress.class: nginx
+      kubernetes.io/tls-acme: 'false'
+    hosts:
+      - static-turing.mybinder.org
+    tls:
+      - hosts:
+          - static-turing.mybinder.org
+        secretName: tls-crt-turing
+
+redirector:
+  redirects:
+    - type: host
+      # host:
+      #   from: beta-binder.mybinder.ovh
+      #   to: binder.mybinder.ovh
+    - type: host
+      host:
+        from: docs-turing.mybinder.org
+        to: mybinder.readthedocs.io
+    - type: host
+      host:
+        from: playground-turing.mybinder.org
+        to: play.nteract.io
+
+matomo:
+  enabled: false
+  db:
+    instanceName: binder-staging:us-central1:matomo
+  trustedHosts:
+    - staging-turing.mybinder.org
+  ingress:
+    hosts:
+      - staging-turing.mybinder.org
+
+analyticsPublisher:
+  enabled: false
+  project: binder-turing
+  events:
+    sourceBucket: mybinder-staging-events-raw-export
+    destinationBucket: mybinder-staging-events-archive
+
+gcsProxy:
+  enabled: false
+  buckets:
+    - name: mybinder-staging-events-archive
+      host: archive-analytics-staging-turing.mybinder.org

config/turing/turing_mybinder_org_ingress.yaml

@@ -0,0 +1,22 @@
+apiVersion: extensions/v1beta1
+kind: Ingress
+metadata:
+  name: turing-mybinder-org
+  annotations:
+    kubernetes.io/tls-acme: "true"
+    kubernetes.io/ingress.class: "nginx"
+spec:
+  rules:
+    # May need to be replaced with a dummy for testing
+    - host: turing.mybinder.org
+      http:
+        paths:
+          - path: /
+            backend:
+              serviceName: binder
+              servicePort: 8585
+  tls:
+    - secretName: kubelego-tls-binder-turing
+      hosts:
+        # May need to be replaced with a dummy for testing
+        - "turing.mybinder.org"

deploy.py

@@ -13,6 +13,34 @@
 HERE = os.path.dirname(__file__)
 ABSOLUTE_HERE = os.path.dirname(os.path.realpath(__file__))
 
+def setup_auth_turing():
+    """
+    Set up athentication with Turing k8s cluster on Azure.
+    """
+    # Read in auth info
+    azure_file = os.path.join(ABSOLUTE_HERE, "secrets", "turing-auth-key-prod.json")
+    with open(azure_file, "r") as stream:
+        azure = json.load(stream)
+
+    # Login in to Azure
+    login_cmd = [
+        "az", "login", "--service-principal",
+        "--username", azure["sp-app-id"],
+        "--password", azure["sp-app-key"],
+        "--tenant", azure["tenant"]
+    ]
+    subprocess.check_output(login_cmd)
+
+    # Set kubeconfig
+    creds_cmd = [
+        "az", "aks", "get-credentials",
+        "--name", "prod",
+        "--resource-group", "binder-prod"
+
+    ]
+    stdout = subprocess.check_output(creds_cmd)
+    print(stdout.decode('utf-8'))
+
 
 def setup_auth_ovh(release, cluster):
     """
@@ -181,6 +209,8 @@ def main():
 
     if args.cluster == 'binder-ovh':
         setup_auth_ovh(args.release, args.cluster)
+    elif args.cluster == 'turing':
+        setup_auth_turing()
     else:
         setup_auth_gcloud(args.release, args.cluster)