diff --git a/.github/workflows/deploy-grafana-dashboards.yaml b/.github/workflows/deploy-grafana-dashboards.yaml index 57a5e38503..23e292702f 100644 --- a/.github/workflows/deploy-grafana-dashboards.yaml +++ b/.github/workflows/deploy-grafana-dashboards.yaml @@ -35,7 +35,6 @@ jobs: - cluster_name: kitware - cluster_name: leap - cluster_name: nasa-cryo - - cluster_name: nasa-esdis - cluster_name: nasa-ghg - cluster_name: nasa-veda - cluster_name: nmfs-openscapes diff --git a/.github/workflows/deploy-hubs.yaml b/.github/workflows/deploy-hubs.yaml index f5c6ddff19..2f00785064 100644 --- a/.github/workflows/deploy-hubs.yaml +++ b/.github/workflows/deploy-hubs.yaml @@ -243,7 +243,6 @@ jobs: failure_kitware: "${{ env.failure_kitware }}" failure_leap: "${{ env.failure_leap }}" failure_nasa-cryo: "${{ env.failure_nasa-cryo }}" - failure_nasa-esdis: "${{ env.failure_nasa-esdis }}" failure_nasa-ghg: "${{ env.failure_nasa-ghg }}" failure_nasa-veda: "${{ env.failure_nasa-veda }}" failure_nmfs-openscapes: "${{ env.failure_nmfs-openscapes }}" diff --git a/config/clusters/nasa-esdis/cluster.yaml b/config/clusters/nasa-esdis/cluster.yaml deleted file mode 100644 index 6cdfc4df29..0000000000 --- a/config/clusters/nasa-esdis/cluster.yaml +++ /dev/null @@ -1,31 +0,0 @@ -name: nasa-esdis -provider: aws # https://smce-esdis-hub.signin.aws.amazon.com/console -account: smce-esdis-hub -aws: - key: enc-deployer-credentials.secret.json - clusterType: eks - clusterName: nasa-esdis - region: us-west-2 - billing: - paid_by_us: false -support: - helm_chart_values_files: - - support.values.yaml - - enc-support.secret.values.yaml -hubs: - - name: staging - display_name: "ESDIS (staging)" - domain: staging.esdis.2i2c.cloud - helm_chart: basehub - helm_chart_values_files: - - common.values.yaml - - staging.values.yaml - - enc-staging.secret.values.yaml - - name: prod - display_name: "ESDIS" - domain: esdis.2i2c.cloud - helm_chart: basehub - helm_chart_values_files: - - common.values.yaml - - prod.values.yaml - - enc-prod.secret.values.yaml diff --git a/config/clusters/nasa-esdis/common.values.yaml b/config/clusters/nasa-esdis/common.values.yaml deleted file mode 100644 index 31befefbc2..0000000000 --- a/config/clusters/nasa-esdis/common.values.yaml +++ /dev/null @@ -1,152 +0,0 @@ -nfs: - enabled: true - volumeReporter: - enabled: false - pv: - enabled: true - # from https://docs.aws.amazon.com/efs/latest/ug/mounting-fs-nfs-mount-settings.html - mountOptions: - - rsize=1048576 - - wsize=1048576 - - timeo=600 - - soft # We pick soft over hard, so NFS lockups don't lead to hung processes - - retrans=2 - - noresvport - serverIP: fs-0013506a2d5ee70fc.efs.us-west-2.amazonaws.com - baseShareName: / -jupyterhub: - custom: - 2i2c: - add_staff_user_ids_to_admin_users: true - add_staff_user_ids_of_type: "github" - jupyterhubConfigurator: - enabled: false - homepage: - templateVars: - org: - name: IEEE-GRSS - logo_url: "https://www.grss-ieee.org/wp-content/uploads/2020/12/grss.png" - url: https://www.grss-ieee.org/ - designed_by: - name: 2i2c - url: https://2i2c.org - operated_by: - name: 2i2c - url: https://2i2c.org - funded_by: - name: NASA - url: "https://www.earthdata.nasa.gov/esds" - hub: - config: - JupyterHub: - authenticator_class: github - GitHubOAuthenticator: - allowed_organizations: - - nasa-veda-workshops:grss-workshop-india-apr-2024 - scope: - - read:org - Authenticator: - admin_users: - - bilts # Patrick Quinn - - freitagb # Brian Freitag - - slesaad # Slesa Adhikari - singleuser: - # We want to access IAM roles here, even though this is not set up to use dask - cloudMetadata: - blockWithIptables: false - defaultUrl: /lab - profileList: - - display_name: "Modified Pangeo Notebook" - slug: modified-pangeo - description: Pangeo based notebook with a Python environment - default: true - kubespawner_override: - image: public.ecr.aws/nasa-veda/pangeo-notebook-veda-image:2024.08.18-v1 - init_containers: - # Need to explicitly fix ownership here, as otherwise these directories will be owned - # by root on most NFS filesystems - neither EFS nor Google Filestore support anonuid - - name: volume-mount-ownership-fix - image: busybox:1.36.1 - command: - - sh - - -c - - id && chown 1000:1000 /home/jovyan /home/jovyan/shared && ls -lhd /home/jovyan - securityContext: - runAsUser: 0 - volumeMounts: - - name: home - mountPath: /home/jovyan - subPath: "{username}" - # mounted without readonly attribute here, - # so we can chown it appropriately - - name: home - mountPath: /home/jovyan/shared - subPath: _shared - # this container uses nbgitpuller to mount https://github.com/NASA-IMPACT/veda-docs/ for user pods - # image source: https://github.com/NASA-IMPACT/veda-jh-environments/tree/main/docker-images/base/nasa-veda-singleuser-init - - name: nasa-veda-singleuser-init - image: public.ecr.aws/nasa-veda/nasa-veda-singleuser-init:38e8998f9be64b0a59ac6c4d6d152d3403121dfc4be6d49bdf52ddc92827af8a - command: - - "python3" - - "/opt/k8s-init-container-nb-docs.py" - - "/home/jovyan" - volumeMounts: - - name: home - mountPath: /home/jovyan - subPath: "{username}" - securityContext: - runAsUser: 1000 - runAsGroup: 1000 - profile_options: &profile_options - requests: - display_name: Resource Allocation - choices: - mem_1_9: - display_name: 1.9 GB RAM, upto 3.7 CPUs - kubespawner_override: - mem_guarantee: 1991244775 - mem_limit: 1991244775 - cpu_guarantee: 0.2328125 - cpu_limit: 3.725 - node_selector: - node.kubernetes.io/instance-type: r5.xlarge - default: true - mem_3_7: - display_name: 3.7 GB RAM, upto 3.7 CPUs - kubespawner_override: - mem_guarantee: 3982489550 - mem_limit: 3982489550 - cpu_guarantee: 0.465625 - cpu_limit: 3.725 - node_selector: - node.kubernetes.io/instance-type: r5.xlarge - mem_7_4: - display_name: 7.4 GB RAM, upto 3.7 CPUs - kubespawner_override: - mem_guarantee: 7964979101 - mem_limit: 7964979101 - cpu_guarantee: 0.93125 - cpu_limit: 3.725 - node_selector: - node.kubernetes.io/instance-type: r5.xlarge - - display_name: R - description: R (with RStudio) + Python environment - kubespawner_override: - image: openscapes/rocker:a7596b5 - profile_options: *profile_options - - display_name: Matlab - description: Matlab environment - kubespawner_override: - image: openscapes/matlab:2023-06-29 - profile_options: *profile_options - - display_name: QGIS - description: QGIS environment - kubespawner_override: - # Launch people directly into the Linux desktop when they start - default_url: /desktop - # Built from https://github.com/jupyterhub/jupyter-remote-desktop-proxy/pull/51 - image: quay.io/2i2c/nasa-qgis-image:d76118ea0c15 - profile_options: *profile_options - scheduling: - userScheduler: - enabled: true diff --git a/config/clusters/nasa-esdis/enc-deployer-credentials.secret.json b/config/clusters/nasa-esdis/enc-deployer-credentials.secret.json deleted file mode 100644 index 8886dac148..0000000000 --- a/config/clusters/nasa-esdis/enc-deployer-credentials.secret.json +++ /dev/null @@ -1,25 +0,0 @@ -{ - "AccessKey": { - "AccessKeyId": "ENC[AES256_GCM,data:6XjNZe6f76xrJHZZAX+NJirhasg=,iv:mc0rffy5RaFJ0EOx5i8vV4INGd2aq3ly2OQgoxgr0U0=,tag:dah8z+fxx+64CTfs5Dnerw==,type:str]", - "SecretAccessKey": "ENC[AES256_GCM,data:PLGcOz6zDlQD7pi7HV93HGAF3CvpKyFzDycz6yD/8EGtHT5PjtAngQ==,iv:3ZNlJNI6lMOWWTDqLzJYDmuGYYnKVI1VpQlnLa0uAlM=,tag:cCQh3gGFd2/jgRnb0XORcQ==,type:str]", - "UserName": "ENC[AES256_GCM,data:nAJ8oT+t3wLmf+ilAgdm0NbETdGw0Dw=,iv:oUNYSdSblks/qebuIEWuj2a4tgEW2YsT2dHmeKDL174=,tag:ZciDnB4GiQ9Yv29t1m3btw==,type:str]" - }, - "sops": { - "kms": null, - "gcp_kms": [ - { - "resource_id": "projects/two-eye-two-see/locations/global/keyRings/sops-keys/cryptoKeys/similar-hubs", - "created_at": "2024-10-03T07:57:19Z", - "enc": "CiUA4OM7eA5BVG9Nm0z2vzQC2xa7H5A+Gq4eQbIo/ZY4Gj+9t3xhEkkA5dG1Q/qa0nXD6VvsqTOTPbp0EOilDY9deiy1NqHxMLssa9MR5gj12OjjSss9NvP73bzfgVqzX2+w72D66uwJVvTBjWDJ1Wwa" - } - ], - "azure_kv": null, - "hc_vault": null, - "age": null, - "lastmodified": "2024-10-03T07:57:20Z", - "mac": "ENC[AES256_GCM,data:VeEJvwdF0O6sJRIshnmbqemx1LPxyy3sZseDQlyoSMZDAqDtKY4xnqwiMqR/2txNkXoKR+SUuyqtoBoegZyV9nwzB2NX1Y3NlJ+JOuWLzRiMI7On0UT8wdvPTdDOenfUiIGrr+nIN447EN2LMKAKA0w8QAquyNZUkU2qGopdZm4=,iv:aT11JlulY9WJj8kSJzB7pOoeQWAVmp8rCz66Ud4XRbc=,tag:/UBZbMW7YBUsNeoETFHXhQ==,type:str]", - "pgp": null, - "unencrypted_suffix": "_unencrypted", - "version": "3.8.1" - } -} \ No newline at end of file diff --git a/config/clusters/nasa-esdis/enc-grafana-token.secret.yaml b/config/clusters/nasa-esdis/enc-grafana-token.secret.yaml deleted file mode 100644 index e085b51241..0000000000 --- a/config/clusters/nasa-esdis/enc-grafana-token.secret.yaml +++ /dev/null @@ -1,15 +0,0 @@ -grafana_token: ENC[AES256_GCM,data:uyKUZxP+puls6Ht40AygajtccsJyZyHY74q3Nbx5FfgiH49TMm1IyYrKLeAtdQ==,iv:c7XXzezDGJ5fCkvNYNajT2cE2Fd83xNNoc46bebE37w=,tag:8X6UoyR9sEql/Ddhw7TAVA==,type:str] -sops: - kms: [] - gcp_kms: - - resource_id: projects/two-eye-two-see/locations/global/keyRings/sops-keys/cryptoKeys/similar-hubs - created_at: "2023-10-23T10:40:41Z" - enc: CiUA4OM7eMrbEisfh3RnojiraK+TDneCOOgmhpP0wZc2XpdwTpJuEkkAq2nhVZoCgFbgrh3xd8as3UWZvEGX/sg73sMNyH/4AqdRWkpclW6sWIzYIUS5DWbrbH80gJ5UL8Mo+PjRs+MfIo6+JYMkm5Kt - azure_kv: [] - hc_vault: [] - age: [] - lastmodified: "2023-10-23T10:40:42Z" - mac: ENC[AES256_GCM,data:jpkY5AbJjqCNpOHKtM5QN+7DBCzvROaaNHgowohw04MsDkXnSacDFPLWSZ7eDJq/S72bFZgE2yCVMKIgkm6vDLw/jVSwrJkRU0bB2L+FI7O0spyIFa8KdOj1eQtz5tEr2ihEXO97U0yqhypaIqEfB/ekyimrN6U8BvK2DLbSK9U=,iv:aZr4nqjXCMg1frBIdPf5R1EThnGCfqhKSvsSXwpQIPQ=,tag:oxB4MfeykVfwZSpmzVWY0g==,type:str] - pgp: [] - unencrypted_suffix: _unencrypted - version: 3.7.3 diff --git a/config/clusters/nasa-esdis/enc-prod.secret.values.yaml b/config/clusters/nasa-esdis/enc-prod.secret.values.yaml deleted file mode 100644 index 6fa6cca51c..0000000000 --- a/config/clusters/nasa-esdis/enc-prod.secret.values.yaml +++ /dev/null @@ -1,20 +0,0 @@ -jupyterhub: - hub: - config: - GitHubOAuthenticator: - client_id: ENC[AES256_GCM,data:OiqOHcO1+3DGyXRiBht2l5vHH1o=,iv:dwBeTe+8xakdrIr09rZT9b9+wWvflIE6pDm36pU9YcI=,tag:k0hpKiafQ8aqEI2HwXOzlA==,type:str] - client_secret: ENC[AES256_GCM,data:YGoTpQ3fivk0Ax9IAkjEmx63r2M4GrCbBYsAwa7wbmV8sbG6ZQrDDA==,iv:jemvx79SGsYUPch8NkRpRErsx2Ze4osLFCaJN30732Q=,tag:CA0V/T2AhjQ+bpQLO/kGDQ==,type:str] -sops: - kms: [] - gcp_kms: - - resource_id: projects/two-eye-two-see/locations/global/keyRings/sops-keys/cryptoKeys/similar-hubs - created_at: "2023-10-24T09:12:24Z" - enc: CiUA4OM7eIXRJ1ZnAaA+iseq8LageDtI0yFUj6vX51qxjMXvdCpXEkkAq2nhVeb7uSbMwycRzDo0pjN7SfYdvzXlJTnrzOa4pIgisTqBYfHDynb+BZ5BQV/AUQkrq4K5vLYJp8MKTD4MFM9ZDzqqO5zj - azure_kv: [] - hc_vault: [] - age: [] - lastmodified: "2023-10-24T09:12:24Z" - mac: ENC[AES256_GCM,data:Zwk0TsPcB/R3j1cXSlscdJ29tF2qP7MGoazhC90/nOJSYnuqCJ9eyP7hZZCk4XPro+GmPswcV9auG25r+5DZ3SoMYqi8/xsQg5dcCkG/Ljmu5aqQx7mpLbsgnfDthknEQLkOh+HBn4CUZeZNjOKR/U9FR2MHA3G7Q22dTqFwWE4=,iv:Wzx/tJybpdO+9BDLqJqN+8l9PRIrmLE8wURyHaKfqcI=,tag:BiGy+pHRQRlpbKnhVmBq+A==,type:str] - pgp: [] - unencrypted_suffix: _unencrypted - version: 3.7.3 diff --git a/config/clusters/nasa-esdis/enc-staging.secret.values.yaml b/config/clusters/nasa-esdis/enc-staging.secret.values.yaml deleted file mode 100644 index 7e797883bb..0000000000 --- a/config/clusters/nasa-esdis/enc-staging.secret.values.yaml +++ /dev/null @@ -1,20 +0,0 @@ -jupyterhub: - hub: - config: - GitHubOAuthenticator: - client_id: ENC[AES256_GCM,data:lgPuF/Ccu9ntp3XUG1lkQfHAklI=,iv:QUawJ/pnyvUiPAviG/lEsHZdq5D/1B6ctYF0VLlBA5o=,tag:eT3uAWdQ63XjdPTzEsWKug==,type:str] - client_secret: ENC[AES256_GCM,data:gEGxqh4OATMqcAYFS99ps715VhtflFeCwD1y0gvCDpmYgej0xjK4pw==,iv:Xcq1gtf9TKKM2YejIyNMZP9esdpJwIRRVy6zZekSqoA=,tag:xx1SZpzKGbh3N+DYxnEJKQ==,type:str] -sops: - kms: [] - gcp_kms: - - resource_id: projects/two-eye-two-see/locations/global/keyRings/sops-keys/cryptoKeys/similar-hubs - created_at: "2023-10-23T10:17:16Z" - enc: CiUA4OM7eD87wY66POe9D5m+Z9tdiqNzUWoaZbHqyCI7gYUiuu32EkkAq2nhVbEI/L0WVm+YW6Io8TlpkGVZECpphS8xNk9K5nWJWKJE+ehRQ2lxWjxMkNqk8WNU24zvwiCxIdtRCnYXd18Csws7vw85 - azure_kv: [] - hc_vault: [] - age: [] - lastmodified: "2023-10-23T10:17:17Z" - mac: ENC[AES256_GCM,data:J99yZKLdaWCfpcs2oKgHJCC2KvMZ4Oy9zhxS4hfNGEG72OuKTJXLWwNwcYPRdv9B39+8BoCtoMYubX4/l5DoUNc7JwgWNBIi2u0EZXaHwavaMhNaDBKWTS/Kl9wxwiqKTY6bAu5yGxxw/xRGiQwILIK4su0UXQ+DDq817Vw1PK4=,iv:sVHuo85geO5XVWJodOSU9V0r2uijxjAxDPCfoL+LbEM=,tag:41LNvuUva4JIAL7gwbyoWw==,type:str] - pgp: [] - unencrypted_suffix: _unencrypted - version: 3.7.3 diff --git a/config/clusters/nasa-esdis/enc-support.secret.values.yaml b/config/clusters/nasa-esdis/enc-support.secret.values.yaml deleted file mode 100644 index bc8b2ee6fd..0000000000 --- a/config/clusters/nasa-esdis/enc-support.secret.values.yaml +++ /dev/null @@ -1,17 +0,0 @@ -prometheusIngressAuthSecret: - username: ENC[AES256_GCM,data:Pz6bbBswj30Zt/Rv5ARw9raY5rvb8yqetIwCYCZnF7lx4gccvWldkP1m2ELShhocEDfi57g04e4voJKXv2WO7g==,iv:2SX84HKE91rAGVkf+p3OxNwB6vffWJnbba7QiUEpz5E=,tag:6aYPVmS3BYw2egPY6CdgBw==,type:str] - password: ENC[AES256_GCM,data:MLYiKI8V8YQ0NCgaDnyu2Bin2etxNe10CfuF0D8NERxD0CbNTUdG1it9uPjgThNa8q0oOX4TcKyKTkflJN0oLQ==,iv:BQ1ttOfsqy0k9J8TnRVefe37QHwIEuyU/ibMWXeY+iA=,tag:eW9vuGW9w6AR3b5u+98maw==,type:str] -sops: - kms: [] - gcp_kms: - - resource_id: projects/two-eye-two-see/locations/global/keyRings/sops-keys/cryptoKeys/similar-hubs - created_at: "2023-10-09T13:05:13Z" - enc: CiUA4OM7eIAIlHpZkcgBadhUBd8FPBL7U/SWqPvrYz3XiBc8KD7/EkkAq2nhVcEwgBvz6CpEnx44szACgO0ch0Q6J2TaR8Sv/NTSafO8lgbAKKIygR7jnlf8Kw95NAiJhwWcvElumpz3Vylet3MYHnDx - azure_kv: [] - hc_vault: [] - age: [] - lastmodified: "2023-10-09T13:05:13Z" - mac: ENC[AES256_GCM,data:e4HwG/ieB4MUlFRfv40hIT0ZyVVUsqiygn/h8lmnj+JV7aZeHc2ptFy7g/1qWTHKbo5BxY7gNv2icpeXuw6XXVu3OpjExogy6bpmA1d+j6KRP/77R78jaMnbxYJ6cOxnPVT61mG6ZgT57ugUoBNteNvXZ8ULhrwZvy3KXe87Jvo=,iv:ni55q20UJOtcPBqrLgZ7Xq32ICTIjuNeDNHm0DlC67I=,tag:kD+miYFmI1gLUyI/ynofMA==,type:str] - pgp: [] - unencrypted_suffix: _unencrypted - version: 3.7.3 diff --git a/config/clusters/nasa-esdis/prod.values.yaml b/config/clusters/nasa-esdis/prod.values.yaml deleted file mode 100644 index 2c10065f75..0000000000 --- a/config/clusters/nasa-esdis/prod.values.yaml +++ /dev/null @@ -1,16 +0,0 @@ -userServiceAccount: - annotations: - eks.amazonaws.com/role-arn: arn:aws:iam::942325726017:role/nasa-esdis-prod -jupyterhub: - ingress: - hosts: [esdis.2i2c.cloud] - tls: - - hosts: [esdis.2i2c.cloud] - secretName: https-auto-tls - singleuser: - extraEnv: - SCRATCH_BUCKET: s3://nasa-esdis-scratch/$(JUPYTERHUB_USER) - hub: - config: - GitHubOAuthenticator: - oauth_callback_url: "https://esdis.2i2c.cloud/hub/oauth_callback" diff --git a/config/clusters/nasa-esdis/staging.values.yaml b/config/clusters/nasa-esdis/staging.values.yaml deleted file mode 100644 index 254c118240..0000000000 --- a/config/clusters/nasa-esdis/staging.values.yaml +++ /dev/null @@ -1,119 +0,0 @@ -userServiceAccount: - annotations: - eks.amazonaws.com/role-arn: arn:aws:iam::942325726017:role/nasa-esdis-staging -jupyterhub: - ingress: - hosts: [staging.esdis.2i2c.cloud] - tls: - - hosts: [staging.esdis.2i2c.cloud] - secretName: https-auto-tls - singleuser: - extraEnv: - SCRATCH_BUCKET: s3://nasa-esdis-scratch-staging/$(JUPYTERHUB_USER) - profileList: - - display_name: "Only Profile Available, this info is not shown in the UI" - slug: only-choice - profile_options: - image: - display_name: Image - choices: - modified-pangeo: - display_name: Modified Pangeo Notebook - description: Pangeo based notebook with a Python environment - kubespawner_override: - image: public.ecr.aws/nasa-veda/pangeo-notebook-veda-image:53b6fd1256f5 - init_containers: - # Need to explicitly fix ownership here, as otherwise these directories will be owned - # by root on most NFS filesystems - neither EFS nor Google Filestore support anonuid - - name: volume-mount-ownership-fix - image: busybox:1.36.1 - command: - - sh - - -c - - id && chown 1000:1000 /home/jovyan /home/jovyan/shared && ls -lhd /home/jovyan - securityContext: - runAsUser: 0 - volumeMounts: - - name: home - mountPath: /home/jovyan - subPath: "{username}" - # mounted without readonly attribute here, - # so we can chown it appropriately - - name: home - mountPath: /home/jovyan/shared - subPath: _shared - # this container uses nbgitpuller to mount https://github.com/NASA-IMPACT/veda-docs/ for user pods - # image source: https://github.com/NASA-IMPACT/veda-jh-environments/tree/main/docker-images/base/nasa-veda-singleuser-init - - name: nasa-veda-singleuser-init - image: public.ecr.aws/nasa-veda/nasa-veda-singleuser-init:38e8998f9be64b0a59ac6c4d6d152d3403121dfc4be6d49bdf52ddc92827af8a - command: - - "python3" - - "/opt/k8s-init-container-nb-docs.py" - - "/home/jovyan" - volumeMounts: - - name: home - mountPath: /home/jovyan - subPath: "{username}" - securityContext: - runAsUser: 1000 - runAsGroup: 1000 - rstudio: - display_name: R - description: R (with RStudio) + Python environment - kubespawner_override: - image: openscapes/rocker:a7596b5 - matlab: - display_name: Matlab - description: Matlab environment - kubespawner_override: - image: openscapes/matlab:2023-06-29 - qgis: - display_name: QGIS - description: QGIS environment - kubespawner_override: - # Launch people directly into the Linux desktop when they start - default_url: /desktop - # Built from https://github.com/jupyterhub/jupyter-remote-desktop-proxy/pull/51 - image: quay.io/2i2c/nasa-qgis-image:0d0765090250 - requests: - display_name: Resource Allocation - choices: - mem_1_9: - display_name: 1.9 GB RAM, upto 3.7 CPUs - kubespawner_override: - mem_guarantee: 1991244775 - mem_limit: 1991244775 - cpu_guarantee: 0.2328125 - cpu_limit: 3.725 - node_selector: - node.kubernetes.io/instance-type: r5.xlarge - default: true - mem_3_7: - display_name: 3.7 GB RAM, upto 3.7 CPUs - kubespawner_override: - mem_guarantee: 3982489550 - mem_limit: 3982489550 - cpu_guarantee: 0.465625 - cpu_limit: 3.725 - node_selector: - node.kubernetes.io/instance-type: r5.xlarge - mem_7_4: - display_name: 7.4 GB RAM, upto 3.7 CPUs - kubespawner_override: - mem_guarantee: 7964979101 - mem_limit: 7964979101 - cpu_guarantee: 0.93125 - cpu_limit: 3.725 - node_selector: - node.kubernetes.io/instance-type: r5.xlarge - hub: - image: - name: quay.io/2i2c/dynamic-image-building-experiment - tag: "0.0.1-0.dev.git.10263.hc87b65cf" - config: - GitHubOAuthenticator: - oauth_callback_url: "https://staging.esdis.2i2c.cloud/hub/oauth_callback" - extraConfig: - enable-fancy-profiles: | - from jupyterhub_fancy_profiles import setup_ui - setup_ui(c) diff --git a/config/clusters/nasa-esdis/support.values.yaml b/config/clusters/nasa-esdis/support.values.yaml deleted file mode 100644 index 7873dae2ea..0000000000 --- a/config/clusters/nasa-esdis/support.values.yaml +++ /dev/null @@ -1,34 +0,0 @@ -prometheusIngressAuthSecret: - enabled: true - -prometheus: - server: - ingress: - enabled: true - hosts: - - prometheus.esdis.2i2c.cloud - tls: - - secretName: prometheus-tls - hosts: - - prometheus.esdis.2i2c.cloud - -grafana: - grafana.ini: - server: - root_url: https://grafana.esdis.2i2c.cloud/ - auth.github: - enabled: true - allowed_organizations: 2i2c-org - ingress: - hosts: - - grafana.esdis.2i2c.cloud - tls: - - secretName: grafana-tls - hosts: - - grafana.esdis.2i2c.cloud - -cluster-autoscaler: - enabled: true - autoDiscovery: - clusterName: nasa-esdis - awsRegion: us-west-2 diff --git a/deployer/commands/generate/resource_allocation/daemonset_requests.yaml b/deployer/commands/generate/resource_allocation/daemonset_requests.yaml index 602c451e3e..3806268993 100644 --- a/deployer/commands/generate/resource_allocation/daemonset_requests.yaml +++ b/deployer/commands/generate/resource_allocation/daemonset_requests.yaml @@ -151,12 +151,6 @@ eks: cpu_requests: 170m memory_requests: 250Mi k8s_version: v1.29.7-eks-2f46c53 - nasa-esdis: - requesting_daemon_sets: aws-node,ebs-csi-node,kube-proxy,support-cryptnono,support-prometheus-node-exporter - other_daemon_sets: "" - cpu_requests: 170m - memory_requests: 250Mi - k8s_version: v1.29.7-eks-2f46c53 nasa-ghg: requesting_daemon_sets: aws-node,ebs-csi-node,kube-proxy,support-cryptnono,support-prometheus-node-exporter other_daemon_sets: "" diff --git a/eksctl/nasa-esdis.jsonnet b/eksctl/nasa-esdis.jsonnet deleted file mode 100644 index 041c38f65a..0000000000 --- a/eksctl/nasa-esdis.jsonnet +++ /dev/null @@ -1,131 +0,0 @@ -/* - This file is a jsonnet template of a eksctl's cluster configuration file, - that is used with the eksctl CLI to both update and initialize an AWS EKS - based cluster. - - This file has in turn been generated from eksctl/template.jsonnet which is - relevant to compare with for changes over time. - - To use jsonnet to generate an eksctl configuration file from this, do: - - jsonnet nasa-esdis.jsonnet > nasa-esdis.eksctl.yaml - - References: - - https://eksctl.io/usage/schema/ -*/ -local ng = import "./libsonnet/nodegroup.jsonnet"; - -// place all cluster nodes here -local clusterRegion = "us-west-2"; -local masterAzs = ["us-west-2a", "us-west-2b", "us-west-2c"]; -local nodeAz = "us-west-2a"; - -// Node definitions for notebook nodes. Config here is merged -// with our notebook node definition. -// A `node.kubernetes.io/instance-type label is added, so pods -// can request a particular kind of node with a nodeSelector -local notebookNodes = [ - { instanceType: "r5.xlarge" }, - { instanceType: "r5.4xlarge" }, - { instanceType: "r5.16xlarge" }, -]; -local daskNodes = []; - - -{ - apiVersion: 'eksctl.io/v1alpha5', - kind: 'ClusterConfig', - metadata+: { - name: "nasa-esdis", - region: clusterRegion, - version: "1.29", - }, - availabilityZones: masterAzs, - iam: { - withOIDC: true, - }, - // If you add an addon to this config, run the create addon command. - // - // eksctl create addon --config-file=nasa-esdis.eksctl.yaml - // - addons: [ - { - // aws-ebs-csi-driver ensures that our PVCs are bound to PVs that - // couple to AWS EBS based storage, without it expect to see pods - // mounting a PVC failing to schedule and PVC resources that are - // unbound. - // - // Related docs: https://docs.aws.amazon.com/eks/latest/userguide/managing-ebs-csi.html - // - name: 'aws-ebs-csi-driver', - version: "latest", - wellKnownPolicies: { - ebsCSIController: true, - }, - }, - ], - nodeGroups: [ - n + {clusterName: $.metadata.name} for n in - [ - ng + { - namePrefix: 'core', - nameSuffix: 'b', - nameIncludeInstanceType: false, - availabilityZones: [nodeAz], - ssh: { - publicKeyPath: 'ssh-keys/nasa-esdis.key.pub' - }, - instanceType: "r5.xlarge", - minSize: 1, - maxSize: 6, - labels+: { - "hub.jupyter.org/node-purpose": "core", - "k8s.dask.org/node-purpose": "core" - }, - }, - ] + [ - ng + { - namePrefix: "nb", - availabilityZones: [nodeAz], - minSize: 0, - maxSize: 500, - instanceType: n.instanceType, - ssh: { - publicKeyPath: 'ssh-keys/nasa-esdis.key.pub' - }, - labels+: { - "hub.jupyter.org/node-purpose": "user", - "k8s.dask.org/node-purpose": "scheduler" - }, - taints+: { - "hub.jupyter.org_dedicated": "user:NoSchedule", - "hub.jupyter.org/dedicated": "user:NoSchedule" - }, - } + n for n in notebookNodes - ] + ( if daskNodes != null then - [ - ng + { - namePrefix: "dask", - availabilityZones: [nodeAz], - minSize: 0, - maxSize: 500, - ssh: { - publicKeyPath: 'ssh-keys/nasa-esdis.key.pub' - }, - labels+: { - "k8s.dask.org/node-purpose": "worker" - }, - taints+: { - "k8s.dask.org_dedicated" : "worker:NoSchedule", - "k8s.dask.org/dedicated" : "worker:NoSchedule" - }, - instancesDistribution+: { - onDemandBaseCapacity: 0, - onDemandPercentageAboveBaseCapacity: 0, - spotAllocationStrategy: "capacity-optimized", - }, - } + n for n in daskNodes - ] else [] - ) - ] -} diff --git a/eksctl/ssh-keys/nasa-esdis.key.pub b/eksctl/ssh-keys/nasa-esdis.key.pub deleted file mode 100644 index 06bae6a39e..0000000000 --- a/eksctl/ssh-keys/nasa-esdis.key.pub +++ /dev/null @@ -1 +0,0 @@ -ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDYPNlvvuJDeQUU6QQOLeiW5XlwDuUhPzY+X3hebLiA3GSW6CZQXDFdGHxJD9hNVJlcAFTNGrORhQ8NyTgeWlg78jwKB5Bn5VJk29c6tj52hUU8bAwh80vUW7kQcL97NgAX2tfakJb0USZyGpCLfKMjEVKTEL5P23Ak6sxSxXZPS6cEx2Mb1Vv2ES9YlSFZkLDm0vjzUODurQ6kuJdcE2jDg6vGahSZv1Mri06tNfx/gW9ppUYdwdLfKn/crJb63cYVrOi/sffuO4GTd8xhA1DJJEUvOFWBcdYtX3k9wtNFhEj6iuqfjefhWfAnSx2HgNiQQ9zG6wn9AiuBFr59sg1/QPY4IyM/loJ8+sEe1n1E0xWnDkBvMm6FLST9Cq5Jz9vMbPHOQf5zhpl7CbD0NT03t8ckWD0ewLUfNE2eCa5pSsXLNX8SZz7yciJtgatHVLjmN2yjwvpo+bEPN3aUn3HSjX9IrOR+1lWQxNrn6ziMnB3P5mvkvAUI2D3qwV0AHJE= sgibson@Athena.local diff --git a/eksctl/ssh-keys/secret/nasa-esdis.key b/eksctl/ssh-keys/secret/nasa-esdis.key deleted file mode 100644 index a6f9af1aab..0000000000 --- a/eksctl/ssh-keys/secret/nasa-esdis.key +++ /dev/null @@ -1,21 +0,0 @@ -{ - "data": "ENC[AES256_GCM,data:hJi0PAGI+Nwb2HoA4yyxHLnqZbUCGW5SzCn44M5GR+o7tzHVh9XiKL552ZJDSm84wwFrJvwSioz7rG2iwZTZMZN8dxB9udd55OFn/e0tvilU9xPUwiwadrGT5mpVVJfwew3rdW5FLlGDRjCM/BCah9q/gaScK4QMuv4mhYp/qN2TZ8E+nzyMf08BTzKAq6H4yTO0LTZ3rxploeFPsI7DwJcLHAnuKtCrwEU7rEumg8bbH5qvBeLUX1FhUvjEmP+A7VD1MShL4nieS/pLtdFlWoUtuTDRMuMSG4tF3QninVo7KfdxNHE3pURfZfMe8RZ6mTfqN66x8Q9cnERPYWPJot4s3E26ngrOF5JLuQyCbXszxbK4CdIOlv7ZGMpYOL5QE6sN3uvDyKBMQ5yiv57Tn/ivVqPKJNxAwg8JrS8JyVvJTi7IeRnQJHLQmnB6hLGvnJha82SisODC9dNSyLvueJN8ZjDzL6mxNtoUrzr08p6u/LjkXM4WuuzK4BkooKD9RbJP5gRcNE2pvrhGJ/wzVDSGoSo9Dwk40WxblqUWixbI/GlCp2O4xnBDO5/LcXouz6xoeB9OPcvAwlj759+ZehaRctqXHpI4/JtKyDABAHlToii79K40pRyzaS03seI0R3C9BM0HTc8smIthtNw+7oXstoe3+z5/03TiDaNqTUJw79R8QgJP0BeD0Ee/l59dKEMlt9DJPC/2/5ohtcFCvpG94CF6Ts/+efNHcKt6+ZvIlrVk8x7qYl0LMdHZpqz9sF89iKIy20+32kIjjf/CwQrQsMJwcpfZbPD1Uz+DXjT8rgPjpyBhLopkim4Gt2NrWjOH2bAjzvFyK3EWSUQJxyZ+o8TBL6BPHzYJQsDtsAashJcBsDIkrXN7r2SeqA6XwrmP+/qw/ddoix/AxTiY8qICQ5KD544L8eL20VYoqRnY201rYS5KixvjIvI0oQ9W9Yjno8QaJJ4nz1gJhLse4UoLUouaujyzQUymCm2AnQCAswow2QEQkCQDiaWi4qNmpCnxbDitw6zp0Yx2x36VdFiQjogSt3XJlWRZKRUs8cvYtUwu+DdteOb/dxXD9hA1l9LXU46NT0YoII7k/6szivQB7y9mSC4wmmM88W611BztaoHgddXD9TlHZUaVFGk+/NicV6EBq9NKfA6D/UyNpRBJo2uOzvxwlgoNmmlL9A7YsBXGbMf5Az/dCzxkb1EE20rsw5BeQtpbXl/Kkh3fZMxiOlY7eZ+v+IlUgM0bcqRnJnx0YFPkSjG3iUy80VN0wDx7WWtmbHClfqsF5ZUl7a9FjnTwWYg4Y8tfOuZmUyUkmKkYiYOOfLFOz3B7tCqO0S+Fp/xX35eGlWV/ZvNFs88lCi1PeNcRiE3KWXdL0VidZ4ssoFvGxw9zMFHyTSRu3aQKsqu+PBCr1UoJru53SizbH2/bFqUjSjUrTGP0dmwcvebmBNj84e7vi/IyP0l0YsoV62b6QSQvkjBPKqvnDwkh8HMMAk57rMQlSkLrpveC1WbbP29iUoKcbk/pe5pmCkgRy1+7hsEgL6huHXV1Sug+8Dz4e4iQD1qQygJO38hZS44OR+r/GufI/98AWdjv4jK3sVe/sbLu3LJXgzHzGv0krr0bQXiXOsrEbPkdkKQzfuJ/RTjlzQew9jMI1ZvWOjfyLJXkfsX1zTwNd7DBtZdvZPpLUCyzH7lC4RRQjuP2Q/UpLSwl0J0Igy71eDcdg0NqupTyAIS+LGw5YcTooeQucEkISiJXXyGj9oe2lBr2fSfVFAyPsfPsur5s2zdczl1gAr7L6VRVASnlLqmk4JQj59y7jb50OCrssVPDWxfnX4TL8iV96vJeDTe4+F81if/lZLnmYMbhRTHB745yb0EzGsll/yezB2x2q1LEENDJeVJ4Mc0TVGFbxjHNsqP33zEVgTjp/KzsvmHofbe4oTHW8nXW3TayRrlTCrfnJOUXIgqU4cNfoUdo27sGtQjNOq9nCr6pJk6bTFCQlbjEYIsu1PcCwdh9iKCKTLaz0Pd0O+Ck8IUsiNxZRIK/YsZSEWOVmWT7avixqnO+IDZFYeD2ynmWvzVbjVZ+hq7mzeBm4/luC33csV5Z2PGgt8opKujZaNPJ4JucosgNh+3EK2Hwbk4u0b50lWjBxeZ8rE+dvVgCj6jIANhgTps2Gk5LPSLdTFV2I2hUj6iIpExo42Wuq7hUEyWsrvY/FyVwR1rfnpcACvS0oSkWYI81jSSiKfNd5acObT/q3JGcIPq3XLMejG3zXSfyc4NjGfelA/PDr6/+idAgrzfHjrskMBn5gKObFc3ljw/KrbyPSWzAuF7leWvqg+dsYTj8iotdDq2r0dWhcfi2Oblo5sC1pewer/A6xDg7dKtJXia59nyzVmnbiVkxgj+hJHIa+AWaZJFkN/hB1xjnRzxVHZr297ufR6tL18NDWXrlO91/RVUz7yBCk8NMPzOrptk2bwuPFn6vePM2OcN/KqhV8RzDX3zbGzwJcwAbzVV0rkR+ELOGhEHY+xOtQ4g0Ac2IVB0ROOgSeGo8MZaa/Q0UwW+GkOIPzEBEn0qWnguQ82AqRZ6NVF6OlnmQ1I0OVPpgOQkhtzahGT2CEUF58N1VyCmag2E6rGcWDN/lwY6g89xzgSWTAxIMgSqi4fBFwlKzyXDt9S0BNWAQXvYAFdbA618UvGNg1jCRjskIyzXPusirp2t0VZew/aBCQHwFWiuqzqzc26zTdYjwsw1L3I2ihHtlTC6RK9U5J4odeAj8ipfQRXf8yK+iU3FpJ1Xaf3uQe7y+koZWNwx5UIKMcXlNydApcYgLpPBG4s0kjQn069VI3nzvCSQwgZKg2OtBB3nAhOLATWEsq8TCQpWpeOOFXIxilW9RUDQgjJ2YYnZw5HO34tV8DuTCmLJ0kWF3H6TPUgwX48HoHYTm0+PV+PrpX4CFeNoW8u5cSOOBDz2M2CsHn/LvkcMInzNC6dReQCI1IBU/5zYs/NrW8WEeMfiTdTNYKY8feTRf2cUu9GFfppXnon8U9ORCg1jLwbvmHjUo4EM1/upVupn1BTyFFk1D/RZ3Epj8uuevFTAJb4BWbIr1UEoIGPMfkPa1BEqLafJHy4XZ+VdJN5+4gQuCeSNJf8mZvAeppjQEOFO0/5kt1qtOISUMCWLMM+tmpYsY4vUUd/rtOsp1Db0EUZZ9C95+KJGQovBWA4OoJpVjMt5JSocMFFEsaPuaavHKOFjG7IIL10b3isEMrU3zPPUnC/kjT3SmQdbsthfAtCC3Vk145rJGh/RLPH74BO6Tiszzpd8HMe7RAafq8O46Snx94XgGI/+krUJWYKM5qEUfSTs8NPX1N8yoWSgNz9VtNaD2GX9S7qE8U5aMsSue2A4Xnnu2OYYaAAJ8clg2JaugdIM0vr3MMFjBoiYfmu988LNkHmu7CYTpxjbCAfs1pBSp8CU4ME7xyftyKbrSFsx3df8IRB64cq9dSlNY,iv:fOWxuNdH0m1F4JS6joSaAGPAr1JxPI/dX5CHjcHSeQ4=,tag:OdUVAnrfoOGlZuGRkZ7now==,type:str]", - "sops": { - "kms": null, - "gcp_kms": [ - { - "resource_id": "projects/two-eye-two-see/locations/global/keyRings/sops-keys/cryptoKeys/similar-hubs", - "created_at": "2023-10-09T13:05:12Z", - "enc": "CiUA4OM7eCzkzcjr7SRn5pI17wc9T7/Ym+KqhJQR/Z1iG2Alk5bQEkkAq2nhVYZlhIgvOpgSz4s0TqvUhKuHgUivjeSvMG7CaHndXLBtWFiPxMob/M8kw7WyVitOUoGlf2UuBOoDFnbNoq7K1rc9cfVM" - } - ], - "azure_kv": null, - "hc_vault": null, - "age": null, - "lastmodified": "2023-10-09T13:05:13Z", - "mac": "ENC[AES256_GCM,data:mfE23cGyI5tcq2xVZECumnK3+cZLaAtkaY1oVlcA0qOzWm8pW7rL0uWIwXf2dcQ3XHDRCLGEkdtuH0UAnq4Y0IJrWCuLFxciwi+6aiAJityYNsSwQAcJmiqqvKxHrryo+leFA9ynZJlE6VStdBIHMC+AmMgfES3fZBUzcEom9O4=,iv:LekB9vi9XFRMGAl5ue6Q5za+f3wcyKhC+zoU/gVuKu8=,tag:rWNWePdo6pS88C4kDg1kFQ==,type:str]", - "pgp": null, - "unencrypted_suffix": "_unencrypted", - "version": "3.7.3" - } -} \ No newline at end of file diff --git a/terraform/aws/projects/nasa-esdis.tfvars b/terraform/aws/projects/nasa-esdis.tfvars deleted file mode 100644 index 23b3508568..0000000000 --- a/terraform/aws/projects/nasa-esdis.tfvars +++ /dev/null @@ -1,89 +0,0 @@ -region = "us-west-2" -cluster_name = "nasa-esdis" -cluster_nodes_location = "us-west-2a" - -default_budget_alert = { - "enabled" : false, -} - -user_buckets = { - "scratch-staging" : { - "delete_after" : 7 - }, - "scratch" : { - "delete_after" : 7 - }, -} - - -hub_cloud_permissions = { - "staging" : { - "user-sa" : { - bucket_admin_access : ["scratch-staging"], - }, - }, - "prod" : { - "user-sa" : { - bucket_admin_access : ["scratch"], - extra_iam_policy : <<-EOT - { - "Version": "2012-10-17", - "Statement": [ - { - "Effect": "Allow", - "Action": [ - "s3:PutObject", - "s3:GetObject", - "s3:ListBucketMultipartUploads", - "s3:AbortMultipartUpload", - "s3:ListBucketVersions", - "s3:CreateBucket", - "s3:ListBucket", - "s3:DeleteObject", - "s3:GetBucketLocation", - "s3:ListMultipartUploadParts" - ], - "Resource": [ - "arn:aws:s3:::veda-data-store", - "arn:aws:s3:::veda-data-store/*", - "arn:aws:s3:::veda-data-store-staging", - "arn:aws:s3:::veda-data-store-staging/*", - "arn:aws:s3:::veda-nex-gddp-cmip6-public", - "arn:aws:s3:::veda-nex-gddp-cmip6-public/*", - "arn:aws:s3:::cmip6-staging", - "arn:aws:s3:::cmip6-staging/*", - "arn:aws:s3:::lp-prod-protected", - "arn:aws:s3:::lp-prod-protected/*", - "arn:aws:s3:::gesdisc-cumulus-prod-protected", - "arn:aws:s3:::gesdisc-cumulus-prod-protected/*", - "arn:aws:s3:::nsidc-cumulus-prod-protected", - "arn:aws:s3:::nsidc-cumulus-prod-protected/*", - "arn:aws:s3:::ornl-cumulus-prod-protected", - "arn:aws:s3:::ornl-cumulus-prod-protected/*", - "arn:aws:s3:::pangeo-forge-veda-output", - "arn:aws:s3:::pangeo-forge-veda-output/*", - "arn:aws:s3:::podaac-ops-cumulus-public", - "arn:aws:s3:::podaac-ops-cumulus-public/*", - "arn:aws:s3:::podaac-ops-cumulus-protected", - "arn:aws:s3:::podaac-ops-cumulus-protected/*", - "arn:aws:s3:::maap-ops-workspace", - "arn:aws:s3:::maap-ops-workspace/*", - "arn:aws:s3:::nasa-maap-data-store", - "arn:aws:s3:::nasa-maap-data-store/*", - "arn:aws:s3:::grss-veda-data-store", - "arn:aws:s3:::grss-veda-data-store/*", - "arn:aws:s3:::sentinel-cogs", - "arn:aws:s3:::sentinel-cogs/*" - ] - }, - { - "Effect": "Allow", - "Action": "s3:ListAllMyBuckets", - "Resource": "*" - } - ] - } - EOT - }, - }, -}