2i2c-org · sgibson91 · Aug 28, 2024 · Aug 28, 2024 · Aug 28, 2024
diff --git a/config/clusters/nasa-veda/enc-staging.secret.values.yaml b/config/clusters/nasa-veda/enc-staging.secret.values.yaml
@@ -1,21 +1,32 @@
 basehub:
-    jupyterhub:
-        hub:
-            config:
-                GitHubOAuthenticator:
-                    client_id: ENC[AES256_GCM,data:1nlulJ+UtAzwlcL8KNUcUVMcIeM=,iv:rf3nUgkIz8q3nAd4n7XjWmuQeRdPRmpMeYx1SMEc1ss=,tag:PMHa6aACsbY51LKVKFeHEg==,type:str]
-                    client_secret: ENC[AES256_GCM,data:z0lmTJmPoEIe1K4JrOcMYAu8GzvdT8vCxZehrQjDTispUI/lsWn5Kg==,iv:UyP1kGlc5qZaC+cxLkD8Q4g6qmNo37weh5AlxsaCZB0=,tag:i54y+7FNoFevU0Xp507ftA==,type:str]
+  jupyterhub:
+    hub:
+      config:
+        GitHubOAuthenticator:
+          client_id: ENC[AES256_GCM,data:S/8/O6R3cj5Mx8NUMZ7ZPuIRFgw=,iv:1d6eKQo92FJBXhCcbY5tZrnOqi7Y0068Zrv4Dl5dGHs=,tag:GCppQlAybfP9CITlfHfsZA==,type:str]
+          client_secret: ENC[AES256_GCM,data:l1ipRcU3hQFZe9Yp/wEgxCQX7naFbIxKNfgblDiYk9QPUchfTFfaEQ==,iv:yVXobI5q+ba01p1QNzyv4+R3RR3YaGwcoWdYFZQege0=,tag:YgSDMybLDCQpHYbaBoOg4A==,type:str]
+    imagePullSecret:
+      create: ENC[AES256_GCM,data:YgIGxw==,iv:mnZXJnlr2j6kq/dgFLheiQJ3gBYaQk3ByxLCxOJ3L/g=,tag:xxFGT6tpMSU0l6X83iYwOA==,type:bool]
+      registry: ENC[AES256_GCM,data:+SK/oiVdkQ==,iv:Q08lW4/naATRFZSUEF+sxDtqRGUonjK0E9g+6ZxfUnc=,tag:dcRo1q4MGnQpHxZAvZZYIA==,type:str]
+      username: ENC[AES256_GCM,data:EcR+ti7Fe1hlvXR2lKUczLMIxUNApT8cXQ==,iv:0JDwbTbeBDtZ87mpPlVBIAQnXpzEZ036DxIHC9YkOZA=,tag:lRbtaqT+TcJ//oOpM0uwZg==,type:str]
+      password: ENC[AES256_GCM,data:E6pjzrAiscnqfQQK0vXrNpQihKimzsVT1NCMiQxvKHVVL5g1RYPFnjHx7iWwAC70W7f0niTNAJd288gDaSOUTw==,iv:HBWsfn83K+ViVTfqGX3w1yhzh6fdi+impBnudgyUPz8=,tag:AAF42gy3I+bfeovI2Mb7Xw==,type:str]
+  binderhub-service:
+    buildPodsRegistryCredentials:
+      password: ENC[AES256_GCM,data:OE/G5Ut++b+hv49yPgICVtaQTviPp09F+03ySfnYtplH0YuutC7AyWJgAGL0AU9Dem6iZl5wou0XXxVohxmlXA==,iv:iPpz/ZxhBmWEXcBz1eXGoCX1VJlMICUI9A/cp0i5LGE=,tag:bjYO6jp+CLYNsQ4bNlRizg==,type:str]
+    config:
+      DockerRegistry:
+        password: ENC[AES256_GCM,data:KhQtxnJSpyDK5Tks9hw5zEQAhqMzdiItc0lIZzecz5EOaON8nk8F6jFv/kNHpwECfoPdvYrEroGqO7G5QY1Owg==,iv:p82H2QyQ5IxlojbB4dE+q1Dpd6YBs+iP8e5XxlQWrC4=,tag:WNUzfI/fHOtdE+5rOa+Lfw==,type:str]
 sops:
-    kms: []
-    gcp_kms:
-        - resource_id: projects/two-eye-two-see/locations/global/keyRings/sops-keys/cryptoKeys/similar-hubs
-          created_at: "2023-01-26T14:43:46Z"
-          enc: CiUA4OM7ePslGWEcv3OaYu9G873apD8kt5RYUre++rAAg9zHLbkxEkkA+0T9hVsary0kh5dFB0qxlQ94qktVHBQoePzx+0n+Y7teWci0FpelZF92wmIt8qzSDnQVNsv+6/GGhV50+aS8yjS20UF8yqpO
-    azure_kv: []
-    hc_vault: []
-    age: []
-    lastmodified: "2023-01-26T14:47:00Z"
-    mac: ENC[AES256_GCM,data:szV8nh5uNIuBllgFfeHYewVmFeE+Rm1Bs7H4t/z/t5x5CH9hV17biYguVzo2/og4owI4jY4/BuI/WEks76306pQ+0epFYwj0MdGX0k1EpCAFp9sCeMvePexHYw3wceKu660l1fdm2YOheLr1vaSGv5DBq7Ad47OoFFQ9WyuialU=,iv:sq9J70I682tGIf87OZqir60Lt8ehOwHUX5I7Bic76pQ=,tag:f2j/wVLDhvvBe3+USATzdg==,type:str]
-    pgp: []
-    unencrypted_suffix: _unencrypted
-    version: 3.7.3
+  kms: []
+  gcp_kms:
+    - resource_id: projects/two-eye-two-see/locations/global/keyRings/sops-keys/cryptoKeys/similar-hubs
+      created_at: "2024-08-28T17:11:51Z"
+      enc: CiUA4OM7eE42MAnJnSRbSgcixhYQanLcxwpkon6oodvg2vfsHlPuEkkA5dG1Q+XBCcm6hV3EDD8c3e85Wdjkcv5CgftsEAzTcvFNGuijE6dUcPxi8yRhjELV8cHYPOwXuFUkdlq3L6LekDrzZoda9fjH
+  azure_kv: []
+  hc_vault: []
+  age: []
+  lastmodified: "2024-08-28T17:11:51Z"
+  mac: ENC[AES256_GCM,data:SumOiaSFKZKA+tp/ZzdBh5iU6shMbMUSEJ+QigaMgJN0kUQsSUJxK2QtB3NzUn6jiacFFd7y5gV05Px8t4mHY8elFRkNKfnN/2Fyg7hmOv1yGGoAJU94NK3XQF62y/VnpBdZUdfJDlukf8w630TV99RHGJOW0ApPjWKzuhtVLkE=,iv:5TiR0GiaddQBTG2Ed0+BbFsSCXl40mRBRNE6vZXd2gM=,tag:XPZR7miIhe/7fWC8IkmMqw==,type:str]
+  pgp: []
+  unencrypted_suffix: _unencrypted
+  version: 3.9.0
diff --git a/config/clusters/nasa-veda/staging.values.yaml b/config/clusters/nasa-veda/staging.values.yaml
@@ -28,10 +28,141 @@ basehub:
             - name: home
               mountPath: /home/jovyan/shared-public
               subPath: _shared-public
+      profileList:
+        - display_name: Choose your environment and resources
+          default: true
+          profile_options:
+            image:
+              display_name: Environment
+              dynamic_image_building:
+                enabled: True
+              unlisted_choice:
+                enabled: True
+                display_name: "Custom image"
+                validation_regex: "^.+:.+$"
+                validation_message: "Must be a publicly available docker image, of form <image-name>:<tag>"
+                kubespawner_override:
+                  image: "{value}"
+              choices:
+                01-modify-pangeo:
+                  display_name: Modified Pangeo Notebook
+                  description: Pangeo based notebook with a Python environment
+                  kubespawner_override:
+                    image: public.ecr.aws/nasa-veda/pangeo-notebook-veda-image:6fcf6cfa3192
+                    init_containers:
+                      # Need to explicitly fix ownership here, as otherwise these directories will be owned
+                      # by root on most NFS filesystems - neither EFS nor Google Filestore support anonuid
+                      - *volume_ownership_fix_initcontainer
+                      # this container uses nbgitpuller to mount https://github.com/NASA-IMPACT/veda-docs/ for user pods
+                      # image source: https://github.com/NASA-IMPACT/jupyterhub-gitpuller-init
+                      - name: jupyterhub-gitpuller-init
+                        image: public.ecr.aws/nasa-veda/jupyterhub-gitpuller-init:97eb45f9d23b128aff810e45911857d5cffd05c2
+                        env:
+                          - name: TARGET_PATH
+                            value: veda-docs
+                          - name: SOURCE_REPO
+                            value: "https://github.com/NASA-IMPACT/veda-docs"
+                        volumeMounts:
+                          - name: home
+                            mountPath: /home/jovyan
+                            subPath: "{username}"
+                        securityContext:
+                          runAsUser: 1000
+                          runAsGroup: 1000
+                02-rocker:
+                  display_name: Rocker Geospatial with RStudio
+                  description: R environment with many geospatial libraries pre-installed
+                  kubespawner_override:
+                    image: rocker/binder:4.3
+                    image_pull_policy: Always
+                    # Launch RStudio after the user logs in
+                    default_url: /rstudio
+                    # Ensures container working dir is homedir
+                    # https://github.com/2i2c-org/infrastructure/issues/2559
+                    working_dir: /home/rstudio
+                03-qgis:
+                  display_name: QGIS on Linux Desktop
+                  description: Linux desktop in the browser, with qgis installed
+                  kubespawner_override:
+                    # Launch people directly into the Linux desktop when they start
+                    default_url: /desktop
+                    # Built from https://github.com/2i2c-org/nasa-qgis-image
+                    image: quay.io/2i2c/nasa-qgis-image:d76118ea0c15
+            resource_allocation:
+              display_name: Resource Allocation
+              choices:
+                mem_1_9:
+                  display_name: 1.9 GB RAM, upto 3.7 CPUs
+                  kubespawner_override:
+                    mem_guarantee: 1991244775
+                    mem_limit: 1991244775
+                    cpu_guarantee: 0.2328125
+                    cpu_limit: 3.725
+                    node_selector:
+                      node.kubernetes.io/instance-type: r5.xlarge
+                  default: true
+                mem_3_7:
+                  display_name: 3.7 GB RAM, upto 3.7 CPUs
+                  kubespawner_override:
+                    mem_guarantee: 3982489550
+                    mem_limit: 3982489550
+                    cpu_guarantee: 0.465625
+                    cpu_limit: 3.725
+                    node_selector:
+                      node.kubernetes.io/instance-type: r5.xlarge
+                mem_7_4:
+                  display_name: 7.4 GB RAM, upto 3.7 CPUs
+                  kubespawner_override:
+                    mem_guarantee: 7964979101
+                    mem_limit: 7964979101
+                    cpu_guarantee: 0.93125
+                    cpu_limit: 3.725
+                    node_selector:
+                      node.kubernetes.io/instance-type: r5.xlarge
+                mem_14_8:
+                  display_name: 14.8 GB RAM, upto 3.7 CPUs
+                  kubespawner_override:
+                    mem_guarantee: 15929958203
+                    mem_limit: 15929958203
+                    cpu_guarantee: 1.8625
+                    cpu_limit: 3.725
+                    node_selector:
+                      node.kubernetes.io/instance-type: r5.xlarge
+                mem_29_7:
+                  display_name: 29.7 GB RAM, upto 3.7 CPUs
+                  kubespawner_override:
+                    mem_guarantee: 31859916406
+                    mem_limit: 31859916406
+                    cpu_guarantee: 3.725
+                    cpu_limit: 3.725
+                    node_selector:
+                      node.kubernetes.io/instance-type: r5.xlarge
+                mem_60_6:
+                  display_name: 60.6 GB RAM, upto 15.6 CPUs
+                  kubespawner_override:
+                    mem_guarantee: 65094448840
+                    mem_limit: 65094448840
+                    cpu_guarantee: 7.8475
+                    cpu_limit: 15.695
+                    node_selector:
+                      node.kubernetes.io/instance-type: r5.4xlarge
+                mem_121_2:
+                  display_name: 121.2 GB RAM, upto 15.6 CPUs
+                  kubespawner_override:
+                    mem_guarantee: 130188897681
+                    mem_limit: 130188897681
+                    cpu_guarantee: 15.695
+                    cpu_limit: 15.695
+                    node_selector:
+                      node.kubernetes.io/instance-type: r5.4xlarge
+
     hub:
       config:
         GitHubOAuthenticator:
           oauth_callback_url: https://staging.hub.openveda.cloud/hub/oauth_callback
+      image:
+        name: quay.io/2i2c/dynamic-image-building-experiment
+        tag: 0.0.1-0.dev.git.10263.hc87b65cf
     ingress:
       hosts: [staging.hub.openveda.cloud]
       tls:
@@ -53,3 +184,25 @@ basehub:
           extraPodConfig:
             node_selector:
               2i2c/hub-name: staging
+        imagePullSecrets: [{ name: image-pull-secret }]
+
+  binderhub-service:
+    enabled: true
+    dockerApi:
+      nodeSelector:
+        2i2c/hub-name: staging
+    config:
+      KubernetesBuildExecutor:
+        node_selector:
+          node.kubernetes.io/instance-type: r5.xlarge
+          2i2c/hub-name: staging
+      BinderHub:
+        # something like <region>-docker.pkg.dev/<project-name>/<repository-name> for grc.io
+        # or quay.io/org/repo/cluster-hub/ for quay.io
+        image_prefix: quay.io/veda-binder/staging-
+      DockerRegistry:
+        url: &url https://quay.io
+        username: &username veda-binder+image_builder
+    buildPodsRegistryCredentials:
+      server: *url
+      username: *username