From 2444f2c628d86da73b72c8d1e80ec180e16d6e42 Mon Sep 17 00:00:00 2001 From: Sarah Gibson Date: Wed, 28 Aug 2024 18:15:38 +0100 Subject: [PATCH 1/2] Enable dynamic image building on VEDA staging hub - fixes #4691 --- .../nasa-veda/enc-staging.secret.values.yaml | 49 +++--- config/clusters/nasa-veda/staging.values.yaml | 153 ++++++++++++++++++ 2 files changed, 183 insertions(+), 19 deletions(-) diff --git a/config/clusters/nasa-veda/enc-staging.secret.values.yaml b/config/clusters/nasa-veda/enc-staging.secret.values.yaml index 78628e69a..88d58a80c 100644 --- a/config/clusters/nasa-veda/enc-staging.secret.values.yaml +++ b/config/clusters/nasa-veda/enc-staging.secret.values.yaml @@ -1,21 +1,32 @@ basehub: - jupyterhub: - hub: - config: - GitHubOAuthenticator: - client_id: ENC[AES256_GCM,data:1nlulJ+UtAzwlcL8KNUcUVMcIeM=,iv:rf3nUgkIz8q3nAd4n7XjWmuQeRdPRmpMeYx1SMEc1ss=,tag:PMHa6aACsbY51LKVKFeHEg==,type:str] - client_secret: ENC[AES256_GCM,data:z0lmTJmPoEIe1K4JrOcMYAu8GzvdT8vCxZehrQjDTispUI/lsWn5Kg==,iv:UyP1kGlc5qZaC+cxLkD8Q4g6qmNo37weh5AlxsaCZB0=,tag:i54y+7FNoFevU0Xp507ftA==,type:str] + jupyterhub: + hub: + config: + GitHubOAuthenticator: + client_id: ENC[AES256_GCM,data:S/8/O6R3cj5Mx8NUMZ7ZPuIRFgw=,iv:1d6eKQo92FJBXhCcbY5tZrnOqi7Y0068Zrv4Dl5dGHs=,tag:GCppQlAybfP9CITlfHfsZA==,type:str] + client_secret: ENC[AES256_GCM,data:l1ipRcU3hQFZe9Yp/wEgxCQX7naFbIxKNfgblDiYk9QPUchfTFfaEQ==,iv:yVXobI5q+ba01p1QNzyv4+R3RR3YaGwcoWdYFZQege0=,tag:YgSDMybLDCQpHYbaBoOg4A==,type:str] + imagePullSecret: + create: ENC[AES256_GCM,data:YgIGxw==,iv:mnZXJnlr2j6kq/dgFLheiQJ3gBYaQk3ByxLCxOJ3L/g=,tag:xxFGT6tpMSU0l6X83iYwOA==,type:bool] + registry: ENC[AES256_GCM,data:+SK/oiVdkQ==,iv:Q08lW4/naATRFZSUEF+sxDtqRGUonjK0E9g+6ZxfUnc=,tag:dcRo1q4MGnQpHxZAvZZYIA==,type:str] + username: ENC[AES256_GCM,data:EcR+ti7Fe1hlvXR2lKUczLMIxUNApT8cXQ==,iv:0JDwbTbeBDtZ87mpPlVBIAQnXpzEZ036DxIHC9YkOZA=,tag:lRbtaqT+TcJ//oOpM0uwZg==,type:str] + password: ENC[AES256_GCM,data:E6pjzrAiscnqfQQK0vXrNpQihKimzsVT1NCMiQxvKHVVL5g1RYPFnjHx7iWwAC70W7f0niTNAJd288gDaSOUTw==,iv:HBWsfn83K+ViVTfqGX3w1yhzh6fdi+impBnudgyUPz8=,tag:AAF42gy3I+bfeovI2Mb7Xw==,type:str] + binderhub-service: + buildPodsRegistryCredentials: + password: ENC[AES256_GCM,data:OE/G5Ut++b+hv49yPgICVtaQTviPp09F+03ySfnYtplH0YuutC7AyWJgAGL0AU9Dem6iZl5wou0XXxVohxmlXA==,iv:iPpz/ZxhBmWEXcBz1eXGoCX1VJlMICUI9A/cp0i5LGE=,tag:bjYO6jp+CLYNsQ4bNlRizg==,type:str] + config: + DockerRegistry: + password: ENC[AES256_GCM,data:KhQtxnJSpyDK5Tks9hw5zEQAhqMzdiItc0lIZzecz5EOaON8nk8F6jFv/kNHpwECfoPdvYrEroGqO7G5QY1Owg==,iv:p82H2QyQ5IxlojbB4dE+q1Dpd6YBs+iP8e5XxlQWrC4=,tag:WNUzfI/fHOtdE+5rOa+Lfw==,type:str] sops: - kms: [] - gcp_kms: - - resource_id: projects/two-eye-two-see/locations/global/keyRings/sops-keys/cryptoKeys/similar-hubs - created_at: "2023-01-26T14:43:46Z" - enc: CiUA4OM7ePslGWEcv3OaYu9G873apD8kt5RYUre++rAAg9zHLbkxEkkA+0T9hVsary0kh5dFB0qxlQ94qktVHBQoePzx+0n+Y7teWci0FpelZF92wmIt8qzSDnQVNsv+6/GGhV50+aS8yjS20UF8yqpO - azure_kv: [] - hc_vault: [] - age: [] - lastmodified: "2023-01-26T14:47:00Z" - mac: ENC[AES256_GCM,data:szV8nh5uNIuBllgFfeHYewVmFeE+Rm1Bs7H4t/z/t5x5CH9hV17biYguVzo2/og4owI4jY4/BuI/WEks76306pQ+0epFYwj0MdGX0k1EpCAFp9sCeMvePexHYw3wceKu660l1fdm2YOheLr1vaSGv5DBq7Ad47OoFFQ9WyuialU=,iv:sq9J70I682tGIf87OZqir60Lt8ehOwHUX5I7Bic76pQ=,tag:f2j/wVLDhvvBe3+USATzdg==,type:str] - pgp: [] - unencrypted_suffix: _unencrypted - version: 3.7.3 + kms: [] + gcp_kms: + - resource_id: projects/two-eye-two-see/locations/global/keyRings/sops-keys/cryptoKeys/similar-hubs + created_at: "2024-08-28T17:11:51Z" + enc: CiUA4OM7eE42MAnJnSRbSgcixhYQanLcxwpkon6oodvg2vfsHlPuEkkA5dG1Q+XBCcm6hV3EDD8c3e85Wdjkcv5CgftsEAzTcvFNGuijE6dUcPxi8yRhjELV8cHYPOwXuFUkdlq3L6LekDrzZoda9fjH + azure_kv: [] + hc_vault: [] + age: [] + lastmodified: "2024-08-28T17:11:51Z" + mac: ENC[AES256_GCM,data:SumOiaSFKZKA+tp/ZzdBh5iU6shMbMUSEJ+QigaMgJN0kUQsSUJxK2QtB3NzUn6jiacFFd7y5gV05Px8t4mHY8elFRkNKfnN/2Fyg7hmOv1yGGoAJU94NK3XQF62y/VnpBdZUdfJDlukf8w630TV99RHGJOW0ApPjWKzuhtVLkE=,iv:5TiR0GiaddQBTG2Ed0+BbFsSCXl40mRBRNE6vZXd2gM=,tag:XPZR7miIhe/7fWC8IkmMqw==,type:str] + pgp: [] + unencrypted_suffix: _unencrypted + version: 3.9.0 diff --git a/config/clusters/nasa-veda/staging.values.yaml b/config/clusters/nasa-veda/staging.values.yaml index 2fbf38a50..6958f78c2 100644 --- a/config/clusters/nasa-veda/staging.values.yaml +++ b/config/clusters/nasa-veda/staging.values.yaml @@ -28,10 +28,141 @@ basehub: - name: home mountPath: /home/jovyan/shared-public subPath: _shared-public + profileList: + - display_name: Choose your environment and resources + default: true + profile_options: + image: + display_name: Environment + dynamic_image_building: + enabled: True + unlisted_choice: + enabled: True + display_name: "Custom image" + validation_regex: "^.+:.+$" + validation_message: "Must be a publicly available docker image, of form :" + kubespawner_override: + image: "{value}" + choices: + 01-modify-pangeo: + display_name: Modified Pangeo Notebook + description: Pangeo based notebook with a Python environment + kubespawner_override: + image: public.ecr.aws/nasa-veda/pangeo-notebook-veda-image:6fcf6cfa3192 + init_containers: + # Need to explicitly fix ownership here, as otherwise these directories will be owned + # by root on most NFS filesystems - neither EFS nor Google Filestore support anonuid + - *volume_ownership_fix_initcontainer + # this container uses nbgitpuller to mount https://github.com/NASA-IMPACT/veda-docs/ for user pods + # image source: https://github.com/NASA-IMPACT/jupyterhub-gitpuller-init + - name: jupyterhub-gitpuller-init + image: public.ecr.aws/nasa-veda/jupyterhub-gitpuller-init:97eb45f9d23b128aff810e45911857d5cffd05c2 + env: + - name: TARGET_PATH + value: veda-docs + - name: SOURCE_REPO + value: "https://github.com/NASA-IMPACT/veda-docs" + volumeMounts: + - name: home + mountPath: /home/jovyan + subPath: "{username}" + securityContext: + runAsUser: 1000 + runAsGroup: 1000 + 02-rocker: + display_name: Rocker Geospatial with RStudio + description: R environment with many geospatial libraries pre-installed + kubespawner_override: + image: rocker/binder:4.3 + image_pull_policy: Always + # Launch RStudio after the user logs in + default_url: /rstudio + # Ensures container working dir is homedir + # https://github.com/2i2c-org/infrastructure/issues/2559 + working_dir: /home/rstudio + 03-qgis: + display_name: QGIS on Linux Desktop + description: Linux desktop in the browser, with qgis installed + kubespawner_override: + # Launch people directly into the Linux desktop when they start + default_url: /desktop + # Built from https://github.com/2i2c-org/nasa-qgis-image + image: quay.io/2i2c/nasa-qgis-image:d76118ea0c15 + resource_allocation: + display_name: Resource Allocation + choices: + mem_1_9: + display_name: 1.9 GB RAM, upto 3.7 CPUs + kubespawner_override: + mem_guarantee: 1991244775 + mem_limit: 1991244775 + cpu_guarantee: 0.2328125 + cpu_limit: 3.725 + node_selector: + node.kubernetes.io/instance-type: r5.xlarge + default: true + mem_3_7: + display_name: 3.7 GB RAM, upto 3.7 CPUs + kubespawner_override: + mem_guarantee: 3982489550 + mem_limit: 3982489550 + cpu_guarantee: 0.465625 + cpu_limit: 3.725 + node_selector: + node.kubernetes.io/instance-type: r5.xlarge + mem_7_4: + display_name: 7.4 GB RAM, upto 3.7 CPUs + kubespawner_override: + mem_guarantee: 7964979101 + mem_limit: 7964979101 + cpu_guarantee: 0.93125 + cpu_limit: 3.725 + node_selector: + node.kubernetes.io/instance-type: r5.xlarge + mem_14_8: + display_name: 14.8 GB RAM, upto 3.7 CPUs + kubespawner_override: + mem_guarantee: 15929958203 + mem_limit: 15929958203 + cpu_guarantee: 1.8625 + cpu_limit: 3.725 + node_selector: + node.kubernetes.io/instance-type: r5.xlarge + mem_29_7: + display_name: 29.7 GB RAM, upto 3.7 CPUs + kubespawner_override: + mem_guarantee: 31859916406 + mem_limit: 31859916406 + cpu_guarantee: 3.725 + cpu_limit: 3.725 + node_selector: + node.kubernetes.io/instance-type: r5.xlarge + mem_60_6: + display_name: 60.6 GB RAM, upto 15.6 CPUs + kubespawner_override: + mem_guarantee: 65094448840 + mem_limit: 65094448840 + cpu_guarantee: 7.8475 + cpu_limit: 15.695 + node_selector: + node.kubernetes.io/instance-type: r5.4xlarge + mem_121_2: + display_name: 121.2 GB RAM, upto 15.6 CPUs + kubespawner_override: + mem_guarantee: 130188897681 + mem_limit: 130188897681 + cpu_guarantee: 15.695 + cpu_limit: 15.695 + node_selector: + node.kubernetes.io/instance-type: r5.4xlarge + hub: config: GitHubOAuthenticator: oauth_callback_url: https://staging.hub.openveda.cloud/hub/oauth_callback + image: + name: quay.io/2i2c/dynamic-image-building-experiment + tag: 0.0.1-0.dev.git.10263.hc87b65cf ingress: hosts: [staging.hub.openveda.cloud] tls: @@ -53,3 +184,25 @@ basehub: extraPodConfig: node_selector: 2i2c/hub-name: staging + imagePullSecrets: [{name: image-pull-secret}] + + binderhub-service: + enabled: true + dockerApi: + nodeSelector: + 2i2c/hub-name: staging + config: + KubernetesBuildExecutor: + node_selector: + node.kubernetes.io/instance-type: r5.xlarge + 2i2c/hub-name: staging + BinderHub: + # something like -docker.pkg.dev// for grc.io + # or quay.io/org/repo/cluster-hub/ for quay.io + image_prefix: quay.io/veda-binder/staging- + DockerRegistry: + url: &url https://quay.io + username: &username veda-binder+image_builder + buildPodsRegistryCredentials: + server: *url + username: *username From 41b5bc6d9ad479b3cf7f7b023b385e15be67ef3b Mon Sep 17 00:00:00 2001 From: "pre-commit-ci[bot]" <66853113+pre-commit-ci[bot]@users.noreply.github.com> Date: Wed, 28 Aug 2024 17:16:52 +0000 Subject: [PATCH 2/2] [pre-commit.ci] auto fixes from pre-commit.com hooks for more information, see https://pre-commit.ci --- config/clusters/nasa-veda/staging.values.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/config/clusters/nasa-veda/staging.values.yaml b/config/clusters/nasa-veda/staging.values.yaml index 6958f78c2..4ae00b504 100644 --- a/config/clusters/nasa-veda/staging.values.yaml +++ b/config/clusters/nasa-veda/staging.values.yaml @@ -184,7 +184,7 @@ basehub: extraPodConfig: node_selector: 2i2c/hub-name: staging - imagePullSecrets: [{name: image-pull-secret}] + imagePullSecrets: [{ name: image-pull-secret }] binderhub-service: enabled: true