From cfb07e52343b1fbdc53d37f8a6a7f3a0f516ee09 Mon Sep 17 00:00:00 2001 From: Casey Dinsmore Date: Tue, 11 Apr 2023 12:15:06 -0700 Subject: [PATCH 01/17] Added eksctl work --- caseyd/aws/eksctl/README.md | 25 ++++++++ caseyd/aws/eksctl/cluster.yaml | 113 +++++++++++++++++++++++++++++++++ 2 files changed, 138 insertions(+) create mode 100644 caseyd/aws/eksctl/README.md create mode 100644 caseyd/aws/eksctl/cluster.yaml diff --git a/caseyd/aws/eksctl/README.md b/caseyd/aws/eksctl/README.md new file mode 100644 index 0000000..317386b --- /dev/null +++ b/caseyd/aws/eksctl/README.md @@ -0,0 +1,25 @@ +# AWS EKS cluster config with eksctl + +## Resources + +https://www.arhea.net/posts/2020-06-18-jupyterhub-amazon-eks + + +## Issues + +* With 4 availability zones in us-west-2, eksctl will randomly pick three and +so sometimes the deployment will fail. + +Adding the AvailibilityZones: stanza to cluster.yaml resolves the issue as outlined here: + +https://github.com/weaveworks/eksctl/blob/main/examples/05-advanced-nodegroups.yaml + + availabilityZones: ["us-west-2a", "us-west-2b", "us-west-2d"] + +* Hubs end up stuck in the Pending state + + running PreBind plugin "VolumeBinding": binding volumes: timed out waiting for the condition + +Resolution here does not seem to work + +https://discourse.jupyter.org/t/hub-pod-stuck-on-pending-timed-out-binding-volumes/17176 diff --git a/caseyd/aws/eksctl/cluster.yaml b/caseyd/aws/eksctl/cluster.yaml new file mode 100644 index 0000000..6c99854 --- /dev/null +++ b/caseyd/aws/eksctl/cluster.yaml @@ -0,0 +1,113 @@ +# file: cluster.yml +apiVersion: eksctl.io/v1alpha5 +kind: ClusterConfig + +metadata: + name: jupyterhub + region: us-west-2 + +iam: + withOIDC: true + serviceAccounts: + - metadata: + name: cluster-autoscaler + namespace: kube-system + labels: + aws-usage: "cluster-ops" + app.kubernetes.io/name: cluster-autoscaler + attachPolicy: + Version: "2012-10-17" + Statement: + - Effect: Allow + Action: + - "autoscaling:DescribeAutoScalingGroups" + - "autoscaling:DescribeAutoScalingInstances" + - "autoscaling:DescribeLaunchConfigurations" + - "autoscaling:DescribeTags" + - "autoscaling:SetDesiredCapacity" + - "autoscaling:TerminateInstanceInAutoScalingGroup" + - "ec2:DescribeLaunchTemplateVersions" + Resource: '*' + - metadata: + name: ebs-csi-controller-sa + namespace: kube-system + labels: + aws-usage: "cluster-ops" + app.kubernetes.io/name: aws-ebs-csi-driver + attachPolicy: + Version: "2012-10-17" + Statement: + - Effect: Allow + Action: + - "ec2:AttachVolume" + - "ec2:CreateSnapshot" + - "ec2:CreateTags" + - "ec2:CreateVolume" + - "ec2:DeleteSnapshot" + - "ec2:DeleteTags" + - "ec2:DeleteVolume" + - "ec2:DescribeInstances" + - "ec2:DescribeSnapshots" + - "ec2:DescribeTags" + - "ec2:DescribeVolumes" + - "ec2:DetachVolume" + Resource: '*' + +managedNodeGroups: + - name: ng-us-west-2a + instanceType: t3.medium + volumeSize: 30 + desiredCapacity: 1 + privateNetworking: true + availabilityZones: + - us-west-2a + tags: + k8s.io/cluster-autoscaler/enabled: "true" + k8s.io/cluster-autoscaler/jupyterhub: "owned" + - name: ng-us-west-2b + instanceType: t3.medium + volumeSize: 30 + desiredCapacity: 1 + privateNetworking: true + availabilityZones: + - us-west-2b + tags: + k8s.io/cluster-autoscaler/enabled: "true" + k8s.io/cluster-autoscaler/jupyterhub: "owned" + - name: ng-us-west-2c + instanceType: t3.medium + volumeSize: 30 + desiredCapacity: 1 + privateNetworking: true + availabilityZones: + - us-west-2d + tags: + k8s.io/cluster-autoscaler/enabled: "true" + k8s.io/cluster-autoscaler/jupyterhub: "owned" + +availabilityZones: ["us-west-2a", "us-west-2b", "us-west-2d"] + +# Adding EBS CSI to try to resolve permissions +# Does not seem to work +# 2023/04/11 +# https://discourse.jupyter.org/t/hub-pod-stuck-on-pending-timed-out-binding-volumes/17176 +addons: + - name: aws-ebs-csi-driver + attachPolicy: + Version: "2012-10-17" + Statement: + - Effect: Allow + Action: + - "ec2:AttachVolume" + - "ec2:CreateSnapshot" + - "ec2:CreateTags" + - "ec2:CreateVolume" + - "ec2:DeleteSnapshot" + - "ec2:DeleteTags" + - "ec2:DeleteVolume" + - "ec2:DescribeInstances" + - "ec2:DescribeSnapshots" + - "ec2:DescribeTags" + - "ec2:DescribeVolumes" + - "ec2:DetachVolume" + Resource: '*' From d34862a27e76005e24e8c989923e1688bec0e047 Mon Sep 17 00:00:00 2001 From: Casey Dinsmore Date: Tue, 11 Apr 2023 12:21:36 -0700 Subject: [PATCH 02/17] Added terraform README --- caseyd/aws/tf/README.md | 49 +++++++++++++++++++++++++++++++++++++++++ 1 file changed, 49 insertions(+) create mode 100644 caseyd/aws/tf/README.md diff --git a/caseyd/aws/tf/README.md b/caseyd/aws/tf/README.md new file mode 100644 index 0000000..c033834 --- /dev/null +++ b/caseyd/aws/tf/README.md @@ -0,0 +1,49 @@ + +# Terraform EKS Example +https://developer.hashicorp.com/terraform/tutorials/kubernetes/eks + + +## Install TF Requirements +``` + terraform init +``` + +## Preview Changes +``` + terraform plan +``` + +## Apply Terraform and build the cluster +``` + terraform apply +``` +When the provisioning is complete, details will be provided about the cluster. +``` + cluster_endpoint = "https://E44319CC44678D8EE100B7C42A46AE5D.gr7.us-west-2.eks.amazonaws.com" + cluster_name = "education-eks-pAGhwfz9" + cluster_security_group_id = "sg-01f527e90fdbf2f6d" + region = "us-west-2" +``` + +## Configure kube for the new cluster + +``` +aws eks update-kubeconfig --name education-eks-pAGhwfz9 +``` + + +## Updating a Cluster + +Edit main.tf and replace version 1.24 with version 1.25 +``` + terraform apply +``` + +AWS will step through and upgrade the cluster to version 1.25 + + + + +## Terraform Helm Example + +https://developer.hashicorp.com/terraform/tutorials/kubernetes/helm-provider From 456e64e5d8c537e461be1cefae37132674583e43 Mon Sep 17 00:00:00 2001 From: Casey Dinsmore Date: Tue, 11 Apr 2023 12:21:57 -0700 Subject: [PATCH 03/17] Default JupyterHub helm chart --- caseyd/aws/jup-default.yaml | 12 ++++++++++++ 1 file changed, 12 insertions(+) create mode 100644 caseyd/aws/jup-default.yaml diff --git a/caseyd/aws/jup-default.yaml b/caseyd/aws/jup-default.yaml new file mode 100644 index 0000000..b3e6874 --- /dev/null +++ b/caseyd/aws/jup-default.yaml @@ -0,0 +1,12 @@ +# This file can update the JupyterHub Helm chart's default configuration values. +# +# For reference see the configuration reference and default values, but make +# sure to refer to the Helm chart version of interest to you! +# +# Introduction to YAML: https://www.youtube.com/watch?v=cdLNKUoMc6c +# Chart config reference: https://zero-to-jupyterhub.readthedocs.io/en/stable/resources/reference.html +# Chart default values: https://github.com/jupyterhub/zero-to-jupyterhub-k8s/blob/HEAD/jupyterhub/values.yaml +# Available chart versions: https://jupyterhub.github.io/helm-chart/ +# + + From d4d8565bcc0b99d6fb36e296c513d8e4de2db4d7 Mon Sep 17 00:00:00 2001 From: FOSSO <7119916+jtande@users.noreply.github.com> Date: Tue, 11 Apr 2023 16:03:37 -0400 Subject: [PATCH 04/17] script to bind FQDN (available) to the jupyterhub IP address This is valid for Azure Example: jhub-mat454-654.eastus.cloudapp.azure.com --- bind-jhub-fqdn2IP.sh | 39 +++++++++++++++++++++++++++++++++++++++ 1 file changed, 39 insertions(+) create mode 100644 bind-jhub-fqdn2IP.sh diff --git a/bind-jhub-fqdn2IP.sh b/bind-jhub-fqdn2IP.sh new file mode 100644 index 0000000..c6e5f61 --- /dev/null +++ b/bind-jhub-fqdn2IP.sh @@ -0,0 +1,39 @@ +#! /bin/bash +############################################ +# This script will help bind the fqdn +# to the Jupyterhub static IP address. +# This usefull on Azure. You probably have +# similar process on other cloud provide +# +# Original script from here +# https://docs.microsoft.com/en-us/azure/aks/ingress-tls +# Synopsis: +# ./bind-jhub-fqdn2IP.sh +# CC 2023-04-11 Jacob Fosso Tande +######################################### +# configure an FQDN for the ingress controller IP address +# Public IP address of your ingress controller +IPADDRESS=$1 +NAME=$2 +IP="$IPADDRESS" + +# Name to associate with public IP address +DNSNAME="$NAME" + +# Get the resource-id of the public ip +PUBLICIPID=$(az network public-ip list --query "[?ipAddress!=null]|[?contains(ipAddress, '$IP')].[id]" --output tsv) + +# Update public ip address with DNS name +az network public-ip update --ids $PUBLICIPID --dns-name $DNSNAME + +# Display the FQDN +FQDN=$(az network public-ip show --ids $PUBLICIPID --query "[dnsSettings.fqdn]" --output tsv) + +echo " " +echo " " +echo " Got FQDN " +echo " " +echo " " +echo $FQDN +echo " " +echo " " From 38d7233b4200cf88b512c6b029ba4b721d73b40d Mon Sep 17 00:00:00 2001 From: Casey Dinsmore Date: Tue, 11 Apr 2023 16:20:19 -0700 Subject: [PATCH 05/17] Initial working AWS EKS terraform deployment --- caseyd/aws/tf/README.md | 34 +- .../aws/tf/provision-eks-cluster/.gitignore | 27 ++ .../provision-eks-cluster/.terraform.lock.hcl | 107 +++++ caseyd/aws/tf/provision-eks-cluster/LICENSE | 375 ++++++++++++++++++ caseyd/aws/tf/provision-eks-cluster/README.md | 19 + caseyd/aws/tf/provision-eks-cluster/main.tf | 111 ++++++ .../aws/tf/provision-eks-cluster/outputs.tf | 22 + .../aws/tf/provision-eks-cluster/terraform.tf | 39 ++ .../aws/tf/provision-eks-cluster/variables.tf | 20 + 9 files changed, 749 insertions(+), 5 deletions(-) create mode 100644 caseyd/aws/tf/provision-eks-cluster/.gitignore create mode 100644 caseyd/aws/tf/provision-eks-cluster/.terraform.lock.hcl create mode 100644 caseyd/aws/tf/provision-eks-cluster/LICENSE create mode 100644 caseyd/aws/tf/provision-eks-cluster/README.md create mode 100644 caseyd/aws/tf/provision-eks-cluster/main.tf create mode 100644 caseyd/aws/tf/provision-eks-cluster/outputs.tf create mode 100644 caseyd/aws/tf/provision-eks-cluster/terraform.tf create mode 100644 caseyd/aws/tf/provision-eks-cluster/variables.tf diff --git a/caseyd/aws/tf/README.md b/caseyd/aws/tf/README.md index c033834..b903171 100644 --- a/caseyd/aws/tf/README.md +++ b/caseyd/aws/tf/README.md @@ -3,21 +3,30 @@ https://developer.hashicorp.com/terraform/tutorials/kubernetes/eks -## Install TF Requirements +## Terraform Commands + +### Install TF Requirements ``` terraform init ``` -## Preview Changes +### Validate Terraform file syntax +``` +terraform validate +``` + +### Preview Changes ``` terraform plan ``` -## Apply Terraform and build the cluster +### Apply Terraform files ``` terraform apply ``` + When the provisioning is complete, details will be provided about the cluster. + ``` cluster_endpoint = "https://E44319CC44678D8EE100B7C42A46AE5D.gr7.us-west-2.eks.amazonaws.com" cluster_name = "education-eks-pAGhwfz9" @@ -25,23 +34,38 @@ When the provisioning is complete, details will be provided about the cluster. region = "us-west-2" ``` +### Show the current terraform state +``` + terraform show +``` + +This will also show the cluster output information + + ## Configure kube for the new cluster ``` aws eks update-kubeconfig --name education-eks-pAGhwfz9 ``` +Update kubectl from Terraform output (from the EKS terraform directory) +``` +aws eks update-kubeconfig --name $(terraform output -raw cluster_name) +``` ## Updating a Cluster -Edit main.tf and replace version 1.24 with version 1.25 +Edit variables.tf and replace cluster_version 1.24 with version 1.25 ``` terraform apply ``` AWS will step through and upgrade the cluster to version 1.25 - +## Deleting a cluster +``` + terraform destroy +``` ## Terraform Helm Example diff --git a/caseyd/aws/tf/provision-eks-cluster/.gitignore b/caseyd/aws/tf/provision-eks-cluster/.gitignore new file mode 100644 index 0000000..6665869 --- /dev/null +++ b/caseyd/aws/tf/provision-eks-cluster/.gitignore @@ -0,0 +1,27 @@ +# Local .terraform directories +**/.terraform/* + +# .tfstate files +*.tfstate +*.tfstate.* +*.tfplan + +# Crash log files +crash.log + +# Exclude all .tfvars files, which are likely to contain sentitive data, such as +# password, private keys, and other secrets. These should not be part of version +# control as they are data points which are potentially sensitive and subject +# to change depending on the environment. +*.tfvars + +# Ignore override files as they are usually used to override resources locally and so +# are not checked in +override.tf +override.tf.json +*_override.tf +*_override.tf.json + +# Ignore CLI configuration files +.terraformrc +terraform.rc diff --git a/caseyd/aws/tf/provision-eks-cluster/.terraform.lock.hcl b/caseyd/aws/tf/provision-eks-cluster/.terraform.lock.hcl new file mode 100644 index 0000000..444a06a --- /dev/null +++ b/caseyd/aws/tf/provision-eks-cluster/.terraform.lock.hcl @@ -0,0 +1,107 @@ +# This file is maintained automatically by "terraform init". +# Manual edits may be lost in future updates. + +provider "registry.terraform.io/hashicorp/aws" { + version = "4.47.0" + constraints = ">= 3.72.0, >= 3.73.0, >= 4.47.0, ~> 4.47.0" + hashes = [ + "h1:5fBXO6E4TcmbZZLVB7pHvofZiJ++aGplZVbFD1dSVa8=", + "zh:01afccb7e358ccff4ad800bcdea785198669f23070fba4561c65eb05f4364fc4", + "zh:0c45f46461d666c6e084ed742dbf01c9d9dc749e691771717c5ac1f82f4f6e74", + "zh:291ddb5a4c0da5fdd2f247ee37089a0f5e48e8446bdad2ed0f9b39cb71a11a9d", + "zh:338a888c04ff0da3642b64dbc29f45e5d734dd88d7c4c101c2d9a0bde726d40b", + "zh:35cd3c76f485f4486f187032807ef4aad99fac51e32b0ac341ab4e6fe30f2bf1", + "zh:39296c9baf7863fdd64194d932ec81886a4d207c05d34474be43abfeeb0f13e2", + "zh:6dc77793b52f127f2f48a5353865d8879eab44e5db4b837625eaa35fc842114c", + "zh:8bb8c7488e69a65f08bfadbf0b0801bafa28bde9ae908d12dc7490a81b88d368", + "zh:8fcfb26008559f514f80a8ab6d380211dfaaa902cb9e9ff2af3203bbe4c9f506", + "zh:95a69ccc0fdd5756d3c7311788908ab5fd1392e271b8478f3ee11238c3cbcc57", + "zh:9b12af85486a96aedd8d7984b0ff811a4b42e3d88dad1a3fb4c0b580d04fa425", + "zh:a93a1320344d9e8f10a8e6b81b9fabfa36fb824a9b7bcb252fa060523dd0da62", + "zh:c4902c4aebb4174442fef42ea4a093c5881973a27a5d2c171d7d18a6e092f756", + "zh:c70a757e63ffc62d74003ab7719443012c57a2bbb0ae275c5c25a30aaa21dbf2", + "zh:de0ef6684a81f74766629bfdc3206cde58a2e1619c9d1b65d199148da3b2f50e", + ] +} + +provider "registry.terraform.io/hashicorp/cloudinit" { + version = "2.2.0" + constraints = ">= 2.0.0, ~> 2.2.0" + hashes = [ + "h1:Id6dDkpuSSLbGPTdbw49bVS/7XXHu/+d7CJoGDqtk5g=", + "h1:siiI0wK6/jUDdA5P8ifTO0yc9YmXHml4hz5K9I9N+MA=", + "zh:76825122171f9ea2287fd27e23e80a7eb482f6491a4f41a096d77b666896ee96", + "zh:795a36dee548e30ca9c9d474af9ad6d29290e0a9816154ad38d55381cd0ab12d", + "zh:9200f02cb917fb99e44b40a68936fd60d338e4d30a718b7e2e48024a795a61b9", + "zh:a33cf255dc670c20678063aa84218e2c1b7a67d557f480d8ec0f68bc428ed472", + "zh:ba3c1b2cd0879286c1f531862c027ec04783ece81de67c9a3b97076f1ce7f58f", + "zh:bd575456394428a1a02191d2e46af0c00e41fd4f28cfe117d57b6aeb5154a0fb", + "zh:c68dd1db83d8437c36c92dc3fc11d71ced9def3483dd28c45f8640cfcd59de9a", + "zh:cbfe34a90852ed03cc074601527bb580a648127255c08589bc3ef4bf4f2e7e0c", + "zh:d6ffd7398c6d1f359b96f5b757e77b99b339fbb91df1b96ac974fe71bc87695c", + "zh:d9c15285f847d7a52df59e044184fb3ba1b7679fd0386291ed183782683d9517", + "zh:f7dd02f6d36844da23c9a27bb084503812c29c1aec4aba97237fec16860fdc8c", + ] +} + +provider "registry.terraform.io/hashicorp/kubernetes" { + version = "2.17.0" + constraints = ">= 2.10.0" + hashes = [ + "h1:p2sgF62c2svJSKuImL3/zq/SSPOZFyd4Vj7K0UF2VrQ=", + "zh:1cbafea8c404195d8ad2490d75dbeebef131563d3e38dec87231ceb3923a3012", + "zh:26d9584423ee77e607999b082de7d9dc3e937934aa83341e0832e7253caf4f51", + "zh:333527fc15fb43bbf1898a2f058598c596468a01d88c415627bb617878dc4d4d", + "zh:391b8c80e3115af485977d6e949d7260b7fc0b641089b884256bfd36a7077db2", + "zh:4d18ba55247486181759d60195777945bcd68e17ccd980820ca18e8a8b94aeb5", + "zh:607ae94d85d1c1ed3845bd71095daadea4b2468e16f57fa05c98eab0de6b14ae", + "zh:95c6cf22f8ef14e7a4f85e33cff5d6f11056c7880041b71d425d1b5ebbe246e7", + "zh:b077edcedb46a313b461ac1e49317872063b3871f2acbe1a50498612cefff387", + "zh:c6a7891683e44148b0c928fd4748b7abac727266ab551d679015f5fe8b72d1e6", + "zh:e5cebfdf873770c37a4304362003d3fea8d6c2fd819663ad121bc65bb81e4738", + "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c", + "zh:feb19269e7c0de473ad412b37818b48da0cc91e5c93dd4c77a72676ca97a16b1", + ] +} + +provider "registry.terraform.io/hashicorp/random" { + version = "3.4.3" + constraints = "~> 3.4.3" + hashes = [ + "h1:saZR+mhthL0OZl4SyHXZraxyaBNVMxiZzks78nWcZ2o=", + "h1:tL3katm68lX+4lAncjQA9AXL4GR/VM+RPwqYf4D2X8Q=", + "zh:41c53ba47085d8261590990f8633c8906696fa0a3c4b384ff6a7ecbf84339752", + "zh:59d98081c4475f2ad77d881c4412c5129c56214892f490adf11c7e7a5a47de9b", + "zh:686ad1ee40b812b9e016317e7f34c0d63ef837e084dea4a1f578f64a6314ad53", + "zh:78d5eefdd9e494defcb3c68d282b8f96630502cac21d1ea161f53cfe9bb483b3", + "zh:84103eae7251384c0d995f5a257c72b0096605048f757b749b7b62107a5dccb3", + "zh:8ee974b110adb78c7cd18aae82b2729e5124d8f115d484215fd5199451053de5", + "zh:9dd4561e3c847e45de603f17fa0c01ae14cae8c4b7b4e6423c9ef3904b308dda", + "zh:bb07bb3c2c0296beba0beec629ebc6474c70732387477a65966483b5efabdbc6", + "zh:e891339e96c9e5a888727b45b2e1bb3fcbdfe0fd7c5b4396e4695459b38c8cb1", + "zh:ea4739860c24dfeaac6c100b2a2e357106a89d18751f7693f3c31ecf6a996f8d", + "zh:f0c76ac303fd0ab59146c39bc121c5d7d86f878e9a69294e29444d4c653786f8", + "zh:f143a9a5af42b38fed328a161279906759ff39ac428ebcfe55606e05e1518b93", + ] +} + +provider "registry.terraform.io/hashicorp/tls" { + version = "4.0.4" + constraints = ">= 3.0.0, ~> 4.0.4" + hashes = [ + "h1:GZcFizg5ZT2VrpwvxGBHQ/hO9r6g0vYdQqx3bFD3anY=", + "h1:Wd3RqmQW60k2QWPN4sK5CtjGuO1d+CRNXgC+D4rKtXc=", + "zh:23671ed83e1fcf79745534841e10291bbf34046b27d6e68a5d0aab77206f4a55", + "zh:45292421211ffd9e8e3eb3655677700e3c5047f71d8f7650d2ce30242335f848", + "zh:59fedb519f4433c0fdb1d58b27c210b27415fddd0cd73c5312530b4309c088be", + "zh:5a8eec2409a9ff7cd0758a9d818c74bcba92a240e6c5e54b99df68fff312bbd5", + "zh:5e6a4b39f3171f53292ab88058a59e64825f2b842760a4869e64dc1dc093d1fe", + "zh:810547d0bf9311d21c81cc306126d3547e7bd3f194fc295836acf164b9f8424e", + "zh:824a5f3617624243bed0259d7dd37d76017097dc3193dac669be342b90b2ab48", + "zh:9361ccc7048be5dcbc2fafe2d8216939765b3160bd52734f7a9fd917a39ecbd8", + "zh:aa02ea625aaf672e649296bce7580f62d724268189fe9ad7c1b36bb0fa12fa60", + "zh:c71b4cd40d6ec7815dfeefd57d88bc592c0c42f5e5858dcc88245d371b4b8b1e", + "zh:dabcd52f36b43d250a3d71ad7abfa07b5622c69068d989e60b79b2bb4f220316", + "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c", + ] +} diff --git a/caseyd/aws/tf/provision-eks-cluster/LICENSE b/caseyd/aws/tf/provision-eks-cluster/LICENSE new file mode 100644 index 0000000..c121cee --- /dev/null +++ b/caseyd/aws/tf/provision-eks-cluster/LICENSE @@ -0,0 +1,375 @@ +Copyright (c) 2020 HashiCorp, Inc. + +Mozilla Public License Version 2.0 +================================== + +1. Definitions +-------------- + +1.1. "Contributor" + means each individual or legal entity that creates, contributes to + the creation of, or owns Covered Software. + +1.2. "Contributor Version" + means the combination of the Contributions of others (if any) used + by a Contributor and that particular Contributor's Contribution. + +1.3. "Contribution" + means Covered Software of a particular Contributor. + +1.4. "Covered Software" + means Source Code Form to which the initial Contributor has attached + the notice in Exhibit A, the Executable Form of such Source Code + Form, and Modifications of such Source Code Form, in each case + including portions thereof. + +1.5. "Incompatible With Secondary Licenses" + means + + (a) that the initial Contributor has attached the notice described + in Exhibit B to the Covered Software; or + + (b) that the Covered Software was made available under the terms of + version 1.1 or earlier of the License, but not also under the + terms of a Secondary License. + +1.6. "Executable Form" + means any form of the work other than Source Code Form. + +1.7. "Larger Work" + means a work that combines Covered Software with other material, in + a separate file or files, that is not Covered Software. + +1.8. "License" + means this document. + +1.9. "Licensable" + means having the right to grant, to the maximum extent possible, + whether at the time of the initial grant or subsequently, any and + all of the rights conveyed by this License. + +1.10. "Modifications" + means any of the following: + + (a) any file in Source Code Form that results from an addition to, + deletion from, or modification of the contents of Covered + Software; or + + (b) any new file in Source Code Form that contains any Covered + Software. + +1.11. "Patent Claims" of a Contributor + means any patent claim(s), including without limitation, method, + process, and apparatus claims, in any patent Licensable by such + Contributor that would be infringed, but for the grant of the + License, by the making, using, selling, offering for sale, having + made, import, or transfer of either its Contributions or its + Contributor Version. + +1.12. "Secondary License" + means either the GNU General Public License, Version 2.0, the GNU + Lesser General Public License, Version 2.1, the GNU Affero General + Public License, Version 3.0, or any later versions of those + licenses. + +1.13. "Source Code Form" + means the form of the work preferred for making modifications. + +1.14. "You" (or "Your") + means an individual or a legal entity exercising rights under this + License. For legal entities, "You" includes any entity that + controls, is controlled by, or is under common control with You. For + purposes of this definition, "control" means (a) the power, direct + or indirect, to cause the direction or management of such entity, + whether by contract or otherwise, or (b) ownership of more than + fifty percent (50%) of the outstanding shares or beneficial + ownership of such entity. + +2. License Grants and Conditions +-------------------------------- + +2.1. Grants + +Each Contributor hereby grants You a world-wide, royalty-free, +non-exclusive license: + +(a) under intellectual property rights (other than patent or trademark) + Licensable by such Contributor to use, reproduce, make available, + modify, display, perform, distribute, and otherwise exploit its + Contributions, either on an unmodified basis, with Modifications, or + as part of a Larger Work; and + +(b) under Patent Claims of such Contributor to make, use, sell, offer + for sale, have made, import, and otherwise transfer either its + Contributions or its Contributor Version. + +2.2. Effective Date + +The licenses granted in Section 2.1 with respect to any Contribution +become effective for each Contribution on the date the Contributor first +distributes such Contribution. + +2.3. Limitations on Grant Scope + +The licenses granted in this Section 2 are the only rights granted under +this License. No additional rights or licenses will be implied from the +distribution or licensing of Covered Software under this License. +Notwithstanding Section 2.1(b) above, no patent license is granted by a +Contributor: + +(a) for any code that a Contributor has removed from Covered Software; + or + +(b) for infringements caused by: (i) Your and any other third party's + modifications of Covered Software, or (ii) the combination of its + Contributions with other software (except as part of its Contributor + Version); or + +(c) under Patent Claims infringed by Covered Software in the absence of + its Contributions. + +This License does not grant any rights in the trademarks, service marks, +or logos of any Contributor (except as may be necessary to comply with +the notice requirements in Section 3.4). + +2.4. Subsequent Licenses + +No Contributor makes additional grants as a result of Your choice to +distribute the Covered Software under a subsequent version of this +License (see Section 10.2) or under the terms of a Secondary License (if +permitted under the terms of Section 3.3). + +2.5. Representation + +Each Contributor represents that the Contributor believes its +Contributions are its original creation(s) or it has sufficient rights +to grant the rights to its Contributions conveyed by this License. + +2.6. Fair Use + +This License is not intended to limit any rights You have under +applicable copyright doctrines of fair use, fair dealing, or other +equivalents. + +2.7. Conditions + +Sections 3.1, 3.2, 3.3, and 3.4 are conditions of the licenses granted +in Section 2.1. + +3. Responsibilities +------------------- + +3.1. Distribution of Source Form + +All distribution of Covered Software in Source Code Form, including any +Modifications that You create or to which You contribute, must be under +the terms of this License. You must inform recipients that the Source +Code Form of the Covered Software is governed by the terms of this +License, and how they can obtain a copy of this License. You may not +attempt to alter or restrict the recipients' rights in the Source Code +Form. + +3.2. Distribution of Executable Form + +If You distribute Covered Software in Executable Form then: + +(a) such Covered Software must also be made available in Source Code + Form, as described in Section 3.1, and You must inform recipients of + the Executable Form how they can obtain a copy of such Source Code + Form by reasonable means in a timely manner, at a charge no more + than the cost of distribution to the recipient; and + +(b) You may distribute such Executable Form under the terms of this + License, or sublicense it under different terms, provided that the + license for the Executable Form does not attempt to limit or alter + the recipients' rights in the Source Code Form under this License. + +3.3. Distribution of a Larger Work + +You may create and distribute a Larger Work under terms of Your choice, +provided that You also comply with the requirements of this License for +the Covered Software. If the Larger Work is a combination of Covered +Software with a work governed by one or more Secondary Licenses, and the +Covered Software is not Incompatible With Secondary Licenses, this +License permits You to additionally distribute such Covered Software +under the terms of such Secondary License(s), so that the recipient of +the Larger Work may, at their option, further distribute the Covered +Software under the terms of either this License or such Secondary +License(s). + +3.4. Notices + +You may not remove or alter the substance of any license notices +(including copyright notices, patent notices, disclaimers of warranty, +or limitations of liability) contained within the Source Code Form of +the Covered Software, except that You may alter any license notices to +the extent required to remedy known factual inaccuracies. + +3.5. Application of Additional Terms + +You may choose to offer, and to charge a fee for, warranty, support, +indemnity or liability obligations to one or more recipients of Covered +Software. However, You may do so only on Your own behalf, and not on +behalf of any Contributor. You must make it absolutely clear that any +such warranty, support, indemnity, or liability obligation is offered by +You alone, and You hereby agree to indemnify every Contributor for any +liability incurred by such Contributor as a result of warranty, support, +indemnity or liability terms You offer. You may include additional +disclaimers of warranty and limitations of liability specific to any +jurisdiction. + +4. Inability to Comply Due to Statute or Regulation +--------------------------------------------------- + +If it is impossible for You to comply with any of the terms of this +License with respect to some or all of the Covered Software due to +statute, judicial order, or regulation then You must: (a) comply with +the terms of this License to the maximum extent possible; and (b) +describe the limitations and the code they affect. Such description must +be placed in a text file included with all distributions of the Covered +Software under this License. Except to the extent prohibited by statute +or regulation, such description must be sufficiently detailed for a +recipient of ordinary skill to be able to understand it. + +5. Termination +-------------- + +5.1. The rights granted under this License will terminate automatically +if You fail to comply with any of its terms. However, if You become +compliant, then the rights granted under this License from a particular +Contributor are reinstated (a) provisionally, unless and until such +Contributor explicitly and finally terminates Your grants, and (b) on an +ongoing basis, if such Contributor fails to notify You of the +non-compliance by some reasonable means prior to 60 days after You have +come back into compliance. Moreover, Your grants from a particular +Contributor are reinstated on an ongoing basis if such Contributor +notifies You of the non-compliance by some reasonable means, this is the +first time You have received notice of non-compliance with this License +from such Contributor, and You become compliant prior to 30 days after +Your receipt of the notice. + +5.2. If You initiate litigation against any entity by asserting a patent +infringement claim (excluding declaratory judgment actions, +counter-claims, and cross-claims) alleging that a Contributor Version +directly or indirectly infringes any patent, then the rights granted to +You by any and all Contributors for the Covered Software under Section +2.1 of this License shall terminate. + +5.3. In the event of termination under Sections 5.1 or 5.2 above, all +end user license agreements (excluding distributors and resellers) which +have been validly granted by You or Your distributors under this License +prior to termination shall survive termination. + +************************************************************************ +* * +* 6. Disclaimer of Warranty * +* ------------------------- * +* * +* Covered Software is provided under this License on an "as is" * +* basis, without warranty of any kind, either expressed, implied, or * +* statutory, including, without limitation, warranties that the * +* Covered Software is free of defects, merchantable, fit for a * +* particular purpose or non-infringing. The entire risk as to the * +* quality and performance of the Covered Software is with You. * +* Should any Covered Software prove defective in any respect, You * +* (not any Contributor) assume the cost of any necessary servicing, * +* repair, or correction. This disclaimer of warranty constitutes an * +* essential part of this License. No use of any Covered Software is * +* authorized under this License except under this disclaimer. * +* * +************************************************************************ + +************************************************************************ +* * +* 7. Limitation of Liability * +* -------------------------- * +* * +* Under no circumstances and under no legal theory, whether tort * +* (including negligence), contract, or otherwise, shall any * +* Contributor, or anyone who distributes Covered Software as * +* permitted above, be liable to You for any direct, indirect, * +* special, incidental, or consequential damages of any character * +* including, without limitation, damages for lost profits, loss of * +* goodwill, work stoppage, computer failure or malfunction, or any * +* and all other commercial damages or losses, even if such party * +* shall have been informed of the possibility of such damages. This * +* limitation of liability shall not apply to liability for death or * +* personal injury resulting from such party's negligence to the * +* extent applicable law prohibits such limitation. Some * +* jurisdictions do not allow the exclusion or limitation of * +* incidental or consequential damages, so this exclusion and * +* limitation may not apply to You. * +* * +************************************************************************ + +8. Litigation +------------- + +Any litigation relating to this License may be brought only in the +courts of a jurisdiction where the defendant maintains its principal +place of business and such litigation shall be governed by laws of that +jurisdiction, without reference to its conflict-of-law provisions. +Nothing in this Section shall prevent a party's ability to bring +cross-claims or counter-claims. + +9. Miscellaneous +---------------- + +This License represents the complete agreement concerning the subject +matter hereof. If any provision of this License is held to be +unenforceable, such provision shall be reformed only to the extent +necessary to make it enforceable. Any law or regulation which provides +that the language of a contract shall be construed against the drafter +shall not be used to construe this License against a Contributor. + +10. Versions of the License +--------------------------- + +10.1. New Versions + +Mozilla Foundation is the license steward. Except as provided in Section +10.3, no one other than the license steward has the right to modify or +publish new versions of this License. Each version will be given a +distinguishing version number. + +10.2. Effect of New Versions + +You may distribute the Covered Software under the terms of the version +of the License under which You originally received the Covered Software, +or under the terms of any subsequent version published by the license +steward. + +10.3. Modified Versions + +If you create software not governed by this License, and you want to +create a new license for such software, you may create and use a +modified version of this License if you rename the license and remove +any references to the name of the license steward (except to note that +such modified license differs from this License). + +10.4. Distributing Source Code Form that is Incompatible With Secondary +Licenses + +If You choose to distribute Source Code Form that is Incompatible With +Secondary Licenses under the terms of this version of the License, the +notice described in Exhibit B of this License must be attached. + +Exhibit A - Source Code Form License Notice +------------------------------------------- + + This Source Code Form is subject to the terms of the Mozilla Public + License, v. 2.0. If a copy of the MPL was not distributed with this + file, You can obtain one at http://mozilla.org/MPL/2.0/. + +If it is not possible or desirable to put the notice in a particular +file, then You may include the notice in a location (such as a LICENSE +file in a relevant directory) where a recipient would be likely to look +for such a notice. + +You may add additional accurate notices of copyright ownership. + +Exhibit B - "Incompatible With Secondary Licenses" Notice +--------------------------------------------------------- + + This Source Code Form is "Incompatible With Secondary Licenses", as + defined by the Mozilla Public License, v. 2.0. diff --git a/caseyd/aws/tf/provision-eks-cluster/README.md b/caseyd/aws/tf/provision-eks-cluster/README.md new file mode 100644 index 0000000..51d3816 --- /dev/null +++ b/caseyd/aws/tf/provision-eks-cluster/README.md @@ -0,0 +1,19 @@ +# Custom - Provision an AWS EKS Cluster + + +## Customize the deployment + +Update `variables.tf` with the cluster prefix, region, and k8s version. + +## Deploy with Terraform + +Refer to [Terraform Readme](../README.md) for other Terraform commands +``` +terraform init +terraform apply +``` + +# References + +This is a fork of the [Provision an EKS Cluster tutorial](https://developer.hashicorp.com/terraform/tutorials/kubernetes/eks) containing +Terraform configuration files to provision an EKS cluster on AWS. diff --git a/caseyd/aws/tf/provision-eks-cluster/main.tf b/caseyd/aws/tf/provision-eks-cluster/main.tf new file mode 100644 index 0000000..11aa47a --- /dev/null +++ b/caseyd/aws/tf/provision-eks-cluster/main.tf @@ -0,0 +1,111 @@ +# Copyright (c) HashiCorp, Inc. +# SPDX-License-Identifier: MPL-2.0 + +provider "aws" { + region = var.region +} + +data "aws_availability_zones" "available" {} + +locals { + cluster_name = "${var.cluster_prefix}-eks-${random_string.suffix.result}" +} + +resource "random_string" "suffix" { + length = 8 + special = false +} + +module "vpc" { + source = "terraform-aws-modules/vpc/aws" + version = "3.19.0" + + name = "${var.cluster_prefix}-vpc" + + cidr = "10.0.0.0/16" + azs = slice(data.aws_availability_zones.available.names, 0, 3) + + private_subnets = ["10.0.1.0/24", "10.0.2.0/24", "10.0.3.0/24"] + public_subnets = ["10.0.4.0/24", "10.0.5.0/24", "10.0.6.0/24"] + + enable_nat_gateway = true + single_nat_gateway = true + enable_dns_hostnames = true + + public_subnet_tags = { + "kubernetes.io/cluster/${local.cluster_name}" = "shared" + "kubernetes.io/role/elb" = 1 + } + + private_subnet_tags = { + "kubernetes.io/cluster/${local.cluster_name}" = "shared" + "kubernetes.io/role/internal-elb" = 1 + } +} + +module "eks" { + source = "terraform-aws-modules/eks/aws" + version = "19.5.1" + + cluster_name = local.cluster_name + cluster_version = "${var.cluster_version}" + + vpc_id = module.vpc.vpc_id + subnet_ids = module.vpc.private_subnets + cluster_endpoint_public_access = true + + eks_managed_node_group_defaults = { + ami_type = "AL2_x86_64" + + } + + eks_managed_node_groups = { + one = { + name = "node-group-1" + + instance_types = ["t3.small"] + + min_size = 1 + max_size = 3 + desired_size = 2 + } + + two = { + name = "node-group-2" + + instance_types = ["t3.medium"] + + min_size = 1 + max_size = 2 + desired_size = 1 + } + } +} + + +# https://aws.amazon.com/blogs/containers/amazon-ebs-csi-driver-is-now-generally-available-in-amazon-eks-add-ons/ +data "aws_iam_policy" "ebs_csi_policy" { + arn = "arn:aws:iam::aws:policy/service-role/AmazonEBSCSIDriverPolicy" +} + +module "irsa-ebs-csi" { + source = "terraform-aws-modules/iam/aws//modules/iam-assumable-role-with-oidc" + version = "4.7.0" + + create_role = true + role_name = "AmazonEKSTFEBSCSIRole-${module.eks.cluster_name}" + provider_url = module.eks.oidc_provider + role_policy_arns = [data.aws_iam_policy.ebs_csi_policy.arn] + oidc_fully_qualified_subjects = ["system:serviceaccount:kube-system:ebs-csi-controller-sa"] +} + +resource "aws_eks_addon" "ebs-csi" { + cluster_name = module.eks.cluster_name + addon_name = "aws-ebs-csi-driver" + addon_version = "v1.5.2-eksbuild.1" + service_account_role_arn = module.irsa-ebs-csi.iam_role_arn + tags = { + "eks_addon" = "ebs-csi" + "terraform" = "true" + } +} diff --git a/caseyd/aws/tf/provision-eks-cluster/outputs.tf b/caseyd/aws/tf/provision-eks-cluster/outputs.tf new file mode 100644 index 0000000..3610001 --- /dev/null +++ b/caseyd/aws/tf/provision-eks-cluster/outputs.tf @@ -0,0 +1,22 @@ +# Copyright (c) HashiCorp, Inc. +# SPDX-License-Identifier: MPL-2.0 + +output "cluster_endpoint" { + description = "Endpoint for EKS control plane" + value = module.eks.cluster_endpoint +} + +output "cluster_security_group_id" { + description = "Security group ids attached to the cluster control plane" + value = module.eks.cluster_security_group_id +} + +output "region" { + description = "AWS region" + value = var.region +} + +output "cluster_name" { + description = "Kubernetes Cluster Name" + value = module.eks.cluster_name +} diff --git a/caseyd/aws/tf/provision-eks-cluster/terraform.tf b/caseyd/aws/tf/provision-eks-cluster/terraform.tf new file mode 100644 index 0000000..a690005 --- /dev/null +++ b/caseyd/aws/tf/provision-eks-cluster/terraform.tf @@ -0,0 +1,39 @@ +# Copyright (c) HashiCorp, Inc. +# SPDX-License-Identifier: MPL-2.0 + +terraform { +/* + * Specific to Terraform Cloud not needed for workstation + * + cloud { + workspaces { + name = "learn-terraform-eks" + } + } +*/ + + required_providers { + aws = { + source = "hashicorp/aws" + version = "~> 4.47.0" + } + + random = { + source = "hashicorp/random" + version = "~> 3.4.3" + } + + tls = { + source = "hashicorp/tls" + version = "~> 4.0.4" + } + + cloudinit = { + source = "hashicorp/cloudinit" + version = "~> 2.2.0" + } + } + + required_version = "~> 1.3" +} + diff --git a/caseyd/aws/tf/provision-eks-cluster/variables.tf b/caseyd/aws/tf/provision-eks-cluster/variables.tf new file mode 100644 index 0000000..7ec2041 --- /dev/null +++ b/caseyd/aws/tf/provision-eks-cluster/variables.tf @@ -0,0 +1,20 @@ +# Copyright (c) HashiCorp, Inc. +# SPDX-License-Identifier: MPL-2.0 + +variable "region" { + description = "AWS region" + type = string + default = "us-west-2" +} + +variable "cluster_prefix" { + description = "Name Prefix of the AWS EKS Cluster" + type = string + default = "tftest1" +} + +variable "cluster_version" { + description = "EKS Cluster Version" + type = string + default = "1.24" +} From bd1fbef67f44d13e75a3349457d583b54cc4ea8c Mon Sep 17 00:00:00 2001 From: Casey Dinsmore Date: Tue, 11 Apr 2023 17:45:55 -0700 Subject: [PATCH 06/17] Initial Jupyterhub Helm terraform deployment --- caseyd/aws/tf/provision-jupyterhub/.gitignore | 29 ++ .../provision-jupyterhub/.terraform.lock.hcl | 68 ++++ caseyd/aws/tf/provision-jupyterhub/LICENSE | 375 ++++++++++++++++++ caseyd/aws/tf/provision-jupyterhub/README.md | 21 + .../tf/provision-jupyterhub/helm_release.tf | 14 + .../jupyterhub-values.yaml | 10 + .../aws/tf/provision-jupyterhub/jupyterhub.tf | 27 ++ .../aws/tf/provision-jupyterhub/kubernetes.tf | 34 ++ .../aws/tf/provision-jupyterhub/variables.tf | 14 + .../aws/tf/provision-jupyterhub/versions.tf | 20 + 10 files changed, 612 insertions(+) create mode 100644 caseyd/aws/tf/provision-jupyterhub/.gitignore create mode 100644 caseyd/aws/tf/provision-jupyterhub/.terraform.lock.hcl create mode 100644 caseyd/aws/tf/provision-jupyterhub/LICENSE create mode 100644 caseyd/aws/tf/provision-jupyterhub/README.md create mode 100644 caseyd/aws/tf/provision-jupyterhub/helm_release.tf create mode 100644 caseyd/aws/tf/provision-jupyterhub/jupyterhub-values.yaml create mode 100644 caseyd/aws/tf/provision-jupyterhub/jupyterhub.tf create mode 100644 caseyd/aws/tf/provision-jupyterhub/kubernetes.tf create mode 100644 caseyd/aws/tf/provision-jupyterhub/variables.tf create mode 100644 caseyd/aws/tf/provision-jupyterhub/versions.tf diff --git a/caseyd/aws/tf/provision-jupyterhub/.gitignore b/caseyd/aws/tf/provision-jupyterhub/.gitignore new file mode 100644 index 0000000..7a3e2fd --- /dev/null +++ b/caseyd/aws/tf/provision-jupyterhub/.gitignore @@ -0,0 +1,29 @@ +# Local .terraform directories +**/.terraform/* + +# .tfstate files +*.tfstate +*.tfstate.* + +# Crash log files +crash.log + +# Ignore any .tfvars files that are generated automatically for each Terraform run. Most +# .tfvars files are managed as part of configuration and so should be included in +# version control. +# +# example.tfvars + +# Ignore override files as they are usually used to override resources locally and so +# are not checked in +override.tf +override.tf.json +*_override.tf +*_override.tf.json + +# Include override files you do wish to add to version control using negated pattern +# +# !example_override.tf + +# Include tfplan files to ignore the plan output of command: terraform plan -out=tfplan +# example: *tfplan* diff --git a/caseyd/aws/tf/provision-jupyterhub/.terraform.lock.hcl b/caseyd/aws/tf/provision-jupyterhub/.terraform.lock.hcl new file mode 100644 index 0000000..4c45ed5 --- /dev/null +++ b/caseyd/aws/tf/provision-jupyterhub/.terraform.lock.hcl @@ -0,0 +1,68 @@ +# This file is maintained automatically by "terraform init". +# Manual edits may be lost in future updates. + +provider "registry.terraform.io/hashicorp/aws" { + version = "4.52.0" + constraints = "~> 4.52.0" + hashes = [ + "h1:XVFYieTSH9PCpOiFWnNzjNYXTrgSb2ZpLh49/jMe9Jk=", + "h1:pTH20eNlkwO3vxYb3f/Dm9QXjhVeidpvrn5YcvydM7Y=", + "zh:00c865de3a0e7643f4e2e5c8d4ba91eee94a46d41090eb134baca6b58c107172", + "zh:1430682e26eba25d8ace19fa780361187f474153e455545235b4fe30637fdcc2", + "zh:1b9a4e5c889bd2022bd59fb924dc78e189f1b7a4fd718fcacda0f0a4cb74d6eb", + "zh:2485260141608f1d386d0f68934092bbf68a27d96f0d83c73222d0382aee02f5", + "zh:2fe67ee94e2df7dabee7e474356f8e907e7c8011533f9d71df8702d59f9060b2", + "zh:37babd1b7ff96ff1f42aa56d7575cacabda6f9f460ff651d70662bfd90076341", + "zh:54aa8d39f22ecab6613169f49d37d2ccfaf417e59dd7a8c8fc6bf92600c3384f", + "zh:5bf4a84b962a8d2da8f4ccf2a7de56fb6c7a1f566e8393b563977fc7872a8740", + "zh:8cb4a51f209a3cc497e53f09188c15c6675697587fe2ea14a6c7fff10c8c8476", + "zh:91f6bdcbb1e36471140982e9048b7ced437d3290b2cc21079e5429cc84fed2fd", + "zh:9b12af85486a96aedd8d7984b0ff811a4b42e3d88dad1a3fb4c0b580d04fa425", + "zh:9f8c01c3f677bc64ddefa41e59c6fc98860c11875d7f148af55969d3e3847f77", + "zh:b6b4fc0bd6f3c0adcd9531da3ccf8c25787ccd6ccc568f13ebbff1336d71a9e1", + "zh:d52a428bd92cc319088685ecac63b9f7d12d4cd6725604edb20d0c4f37a9936e", + "zh:e20252a851a0d38548a3c01a006bfc59ee1fc84217bf9eb95b22724769601b2b", + ] +} + +provider "registry.terraform.io/hashicorp/helm" { + version = "2.8.0" + constraints = "~> 2.8.0" + hashes = [ + "h1:U0w0mUT0SwZCR0poGNSxGaZJKWcOiu4GerpGztYBiMM=", + "h1:a98mBNghv9odh5PVmgdXapgyYJmO/ncAWkwLWdXLuY4=", + "zh:1e42d1a04c07d4006844e477ca32b5f45b04f6525dbbbe00b6be6e6ec5a11c54", + "zh:2f87187cb48ccfb18d12e2c4332e7e822923b659e7339b954b7db78aff91529f", + "zh:391fe49b4d2dc07bc717248a3fc6952189cfc49c596c514ad72a29c9a9f9d575", + "zh:89272048e1e63f3edc3e83dfddd5a9fd4bd2a4ead104e67de1e14319294dedf1", + "zh:a5a057c3435a854389ce8a1d98a54aaa7cbab68aca7baa436a605897aa70ff7e", + "zh:b1098e53e1a8a3afcd325ecd0328662156b3d9c3d80948f19ba3a4eb870cee2b", + "zh:b676f949e8274a2b6c3fa41f5428ea597125579c7b93bb50bb73a5e295a7a447", + "zh:cdf7e9460f28c2dbfe49a79a5022bd0d474ff18120d340738aa35456ba77ebca", + "zh:e24b59b4ed1c593facbf8051ec58550917991e2e017f3085dac5fb902d9908cb", + "zh:e3b5e1f5543cac9d9031a028f1c1be4858fb80fae69f181f21e9465e366ebfa2", + "zh:e9fddc0bcdb28503078456f0088851d45451600d229975fd9990ee92c7489a10", + "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c", + ] +} + +provider "registry.terraform.io/hashicorp/kubernetes" { + version = "2.17.0" + constraints = "~> 2.17.0" + hashes = [ + "h1:Dq/EHg8mKP9wDDTJx5CzZ+w44wutIZJGfQLrAIznAqY=", + "h1:p2sgF62c2svJSKuImL3/zq/SSPOZFyd4Vj7K0UF2VrQ=", + "zh:1cbafea8c404195d8ad2490d75dbeebef131563d3e38dec87231ceb3923a3012", + "zh:26d9584423ee77e607999b082de7d9dc3e937934aa83341e0832e7253caf4f51", + "zh:333527fc15fb43bbf1898a2f058598c596468a01d88c415627bb617878dc4d4d", + "zh:391b8c80e3115af485977d6e949d7260b7fc0b641089b884256bfd36a7077db2", + "zh:4d18ba55247486181759d60195777945bcd68e17ccd980820ca18e8a8b94aeb5", + "zh:607ae94d85d1c1ed3845bd71095daadea4b2468e16f57fa05c98eab0de6b14ae", + "zh:95c6cf22f8ef14e7a4f85e33cff5d6f11056c7880041b71d425d1b5ebbe246e7", + "zh:b077edcedb46a313b461ac1e49317872063b3871f2acbe1a50498612cefff387", + "zh:c6a7891683e44148b0c928fd4748b7abac727266ab551d679015f5fe8b72d1e6", + "zh:e5cebfdf873770c37a4304362003d3fea8d6c2fd819663ad121bc65bb81e4738", + "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c", + "zh:feb19269e7c0de473ad412b37818b48da0cc91e5c93dd4c77a72676ca97a16b1", + ] +} diff --git a/caseyd/aws/tf/provision-jupyterhub/LICENSE b/caseyd/aws/tf/provision-jupyterhub/LICENSE new file mode 100644 index 0000000..15eba9d --- /dev/null +++ b/caseyd/aws/tf/provision-jupyterhub/LICENSE @@ -0,0 +1,375 @@ +Copyright (c) 2021 HashiCorp, Inc. + +Mozilla Public License Version 2.0 +================================== + +1. Definitions +-------------- + +1.1. "Contributor" + means each individual or legal entity that creates, contributes to + the creation of, or owns Covered Software. + +1.2. "Contributor Version" + means the combination of the Contributions of others (if any) used + by a Contributor and that particular Contributor's Contribution. + +1.3. "Contribution" + means Covered Software of a particular Contributor. + +1.4. "Covered Software" + means Source Code Form to which the initial Contributor has attached + the notice in Exhibit A, the Executable Form of such Source Code + Form, and Modifications of such Source Code Form, in each case + including portions thereof. + +1.5. "Incompatible With Secondary Licenses" + means + + (a) that the initial Contributor has attached the notice described + in Exhibit B to the Covered Software; or + + (b) that the Covered Software was made available under the terms of + version 1.1 or earlier of the License, but not also under the + terms of a Secondary License. + +1.6. "Executable Form" + means any form of the work other than Source Code Form. + +1.7. "Larger Work" + means a work that combines Covered Software with other material, in + a separate file or files, that is not Covered Software. + +1.8. "License" + means this document. + +1.9. "Licensable" + means having the right to grant, to the maximum extent possible, + whether at the time of the initial grant or subsequently, any and + all of the rights conveyed by this License. + +1.10. "Modifications" + means any of the following: + + (a) any file in Source Code Form that results from an addition to, + deletion from, or modification of the contents of Covered + Software; or + + (b) any new file in Source Code Form that contains any Covered + Software. + +1.11. "Patent Claims" of a Contributor + means any patent claim(s), including without limitation, method, + process, and apparatus claims, in any patent Licensable by such + Contributor that would be infringed, but for the grant of the + License, by the making, using, selling, offering for sale, having + made, import, or transfer of either its Contributions or its + Contributor Version. + +1.12. "Secondary License" + means either the GNU General Public License, Version 2.0, the GNU + Lesser General Public License, Version 2.1, the GNU Affero General + Public License, Version 3.0, or any later versions of those + licenses. + +1.13. "Source Code Form" + means the form of the work preferred for making modifications. + +1.14. "You" (or "Your") + means an individual or a legal entity exercising rights under this + License. For legal entities, "You" includes any entity that + controls, is controlled by, or is under common control with You. For + purposes of this definition, "control" means (a) the power, direct + or indirect, to cause the direction or management of such entity, + whether by contract or otherwise, or (b) ownership of more than + fifty percent (50%) of the outstanding shares or beneficial + ownership of such entity. + +2. License Grants and Conditions +-------------------------------- + +2.1. Grants + +Each Contributor hereby grants You a world-wide, royalty-free, +non-exclusive license: + +(a) under intellectual property rights (other than patent or trademark) + Licensable by such Contributor to use, reproduce, make available, + modify, display, perform, distribute, and otherwise exploit its + Contributions, either on an unmodified basis, with Modifications, or + as part of a Larger Work; and + +(b) under Patent Claims of such Contributor to make, use, sell, offer + for sale, have made, import, and otherwise transfer either its + Contributions or its Contributor Version. + +2.2. Effective Date + +The licenses granted in Section 2.1 with respect to any Contribution +become effective for each Contribution on the date the Contributor first +distributes such Contribution. + +2.3. Limitations on Grant Scope + +The licenses granted in this Section 2 are the only rights granted under +this License. No additional rights or licenses will be implied from the +distribution or licensing of Covered Software under this License. +Notwithstanding Section 2.1(b) above, no patent license is granted by a +Contributor: + +(a) for any code that a Contributor has removed from Covered Software; + or + +(b) for infringements caused by: (i) Your and any other third party's + modifications of Covered Software, or (ii) the combination of its + Contributions with other software (except as part of its Contributor + Version); or + +(c) under Patent Claims infringed by Covered Software in the absence of + its Contributions. + +This License does not grant any rights in the trademarks, service marks, +or logos of any Contributor (except as may be necessary to comply with +the notice requirements in Section 3.4). + +2.4. Subsequent Licenses + +No Contributor makes additional grants as a result of Your choice to +distribute the Covered Software under a subsequent version of this +License (see Section 10.2) or under the terms of a Secondary License (if +permitted under the terms of Section 3.3). + +2.5. Representation + +Each Contributor represents that the Contributor believes its +Contributions are its original creation(s) or it has sufficient rights +to grant the rights to its Contributions conveyed by this License. + +2.6. Fair Use + +This License is not intended to limit any rights You have under +applicable copyright doctrines of fair use, fair dealing, or other +equivalents. + +2.7. Conditions + +Sections 3.1, 3.2, 3.3, and 3.4 are conditions of the licenses granted +in Section 2.1. + +3. Responsibilities +------------------- + +3.1. Distribution of Source Form + +All distribution of Covered Software in Source Code Form, including any +Modifications that You create or to which You contribute, must be under +the terms of this License. You must inform recipients that the Source +Code Form of the Covered Software is governed by the terms of this +License, and how they can obtain a copy of this License. You may not +attempt to alter or restrict the recipients' rights in the Source Code +Form. + +3.2. Distribution of Executable Form + +If You distribute Covered Software in Executable Form then: + +(a) such Covered Software must also be made available in Source Code + Form, as described in Section 3.1, and You must inform recipients of + the Executable Form how they can obtain a copy of such Source Code + Form by reasonable means in a timely manner, at a charge no more + than the cost of distribution to the recipient; and + +(b) You may distribute such Executable Form under the terms of this + License, or sublicense it under different terms, provided that the + license for the Executable Form does not attempt to limit or alter + the recipients' rights in the Source Code Form under this License. + +3.3. Distribution of a Larger Work + +You may create and distribute a Larger Work under terms of Your choice, +provided that You also comply with the requirements of this License for +the Covered Software. If the Larger Work is a combination of Covered +Software with a work governed by one or more Secondary Licenses, and the +Covered Software is not Incompatible With Secondary Licenses, this +License permits You to additionally distribute such Covered Software +under the terms of such Secondary License(s), so that the recipient of +the Larger Work may, at their option, further distribute the Covered +Software under the terms of either this License or such Secondary +License(s). + +3.4. Notices + +You may not remove or alter the substance of any license notices +(including copyright notices, patent notices, disclaimers of warranty, +or limitations of liability) contained within the Source Code Form of +the Covered Software, except that You may alter any license notices to +the extent required to remedy known factual inaccuracies. + +3.5. Application of Additional Terms + +You may choose to offer, and to charge a fee for, warranty, support, +indemnity or liability obligations to one or more recipients of Covered +Software. However, You may do so only on Your own behalf, and not on +behalf of any Contributor. You must make it absolutely clear that any +such warranty, support, indemnity, or liability obligation is offered by +You alone, and You hereby agree to indemnify every Contributor for any +liability incurred by such Contributor as a result of warranty, support, +indemnity or liability terms You offer. You may include additional +disclaimers of warranty and limitations of liability specific to any +jurisdiction. + +4. Inability to Comply Due to Statute or Regulation +--------------------------------------------------- + +If it is impossible for You to comply with any of the terms of this +License with respect to some or all of the Covered Software due to +statute, judicial order, or regulation then You must: (a) comply with +the terms of this License to the maximum extent possible; and (b) +describe the limitations and the code they affect. Such description must +be placed in a text file included with all distributions of the Covered +Software under this License. Except to the extent prohibited by statute +or regulation, such description must be sufficiently detailed for a +recipient of ordinary skill to be able to understand it. + +5. Termination +-------------- + +5.1. The rights granted under this License will terminate automatically +if You fail to comply with any of its terms. However, if You become +compliant, then the rights granted under this License from a particular +Contributor are reinstated (a) provisionally, unless and until such +Contributor explicitly and finally terminates Your grants, and (b) on an +ongoing basis, if such Contributor fails to notify You of the +non-compliance by some reasonable means prior to 60 days after You have +come back into compliance. Moreover, Your grants from a particular +Contributor are reinstated on an ongoing basis if such Contributor +notifies You of the non-compliance by some reasonable means, this is the +first time You have received notice of non-compliance with this License +from such Contributor, and You become compliant prior to 30 days after +Your receipt of the notice. + +5.2. If You initiate litigation against any entity by asserting a patent +infringement claim (excluding declaratory judgment actions, +counter-claims, and cross-claims) alleging that a Contributor Version +directly or indirectly infringes any patent, then the rights granted to +You by any and all Contributors for the Covered Software under Section +2.1 of this License shall terminate. + +5.3. In the event of termination under Sections 5.1 or 5.2 above, all +end user license agreements (excluding distributors and resellers) which +have been validly granted by You or Your distributors under this License +prior to termination shall survive termination. + +************************************************************************ +* * +* 6. Disclaimer of Warranty * +* ------------------------- * +* * +* Covered Software is provided under this License on an "as is" * +* basis, without warranty of any kind, either expressed, implied, or * +* statutory, including, without limitation, warranties that the * +* Covered Software is free of defects, merchantable, fit for a * +* particular purpose or non-infringing. The entire risk as to the * +* quality and performance of the Covered Software is with You. * +* Should any Covered Software prove defective in any respect, You * +* (not any Contributor) assume the cost of any necessary servicing, * +* repair, or correction. This disclaimer of warranty constitutes an * +* essential part of this License. No use of any Covered Software is * +* authorized under this License except under this disclaimer. * +* * +************************************************************************ + +************************************************************************ +* * +* 7. Limitation of Liability * +* -------------------------- * +* * +* Under no circumstances and under no legal theory, whether tort * +* (including negligence), contract, or otherwise, shall any * +* Contributor, or anyone who distributes Covered Software as * +* permitted above, be liable to You for any direct, indirect, * +* special, incidental, or consequential damages of any character * +* including, without limitation, damages for lost profits, loss of * +* goodwill, work stoppage, computer failure or malfunction, or any * +* and all other commercial damages or losses, even if such party * +* shall have been informed of the possibility of such damages. This * +* limitation of liability shall not apply to liability for death or * +* personal injury resulting from such party's negligence to the * +* extent applicable law prohibits such limitation. Some * +* jurisdictions do not allow the exclusion or limitation of * +* incidental or consequential damages, so this exclusion and * +* limitation may not apply to You. * +* * +************************************************************************ + +8. Litigation +------------- + +Any litigation relating to this License may be brought only in the +courts of a jurisdiction where the defendant maintains its principal +place of business and such litigation shall be governed by laws of that +jurisdiction, without reference to its conflict-of-law provisions. +Nothing in this Section shall prevent a party's ability to bring +cross-claims or counter-claims. + +9. Miscellaneous +---------------- + +This License represents the complete agreement concerning the subject +matter hereof. If any provision of this License is held to be +unenforceable, such provision shall be reformed only to the extent +necessary to make it enforceable. Any law or regulation which provides +that the language of a contract shall be construed against the drafter +shall not be used to construe this License against a Contributor. + +10. Versions of the License +--------------------------- + +10.1. New Versions + +Mozilla Foundation is the license steward. Except as provided in Section +10.3, no one other than the license steward has the right to modify or +publish new versions of this License. Each version will be given a +distinguishing version number. + +10.2. Effect of New Versions + +You may distribute the Covered Software under the terms of the version +of the License under which You originally received the Covered Software, +or under the terms of any subsequent version published by the license +steward. + +10.3. Modified Versions + +If you create software not governed by this License, and you want to +create a new license for such software, you may create and use a +modified version of this License if you rename the license and remove +any references to the name of the license steward (except to note that +such modified license differs from this License). + +10.4. Distributing Source Code Form that is Incompatible With Secondary +Licenses + +If You choose to distribute Source Code Form that is Incompatible With +Secondary Licenses under the terms of this version of the License, the +notice described in Exhibit B of this License must be attached. + +Exhibit A - Source Code Form License Notice +------------------------------------------- + + This Source Code Form is subject to the terms of the Mozilla Public + License, v. 2.0. If a copy of the MPL was not distributed with this + file, You can obtain one at http://mozilla.org/MPL/2.0/. + +If it is not possible or desirable to put the notice in a particular +file, then You may include the notice in a location (such as a LICENSE +file in a relevant directory) where a recipient would be likely to look +for such a notice. + +You may add additional accurate notices of copyright ownership. + +Exhibit B - "Incompatible With Secondary Licenses" Notice +--------------------------------------------------------- + + This Source Code Form is "Incompatible With Secondary Licenses", as + defined by the Mozilla Public License, v. 2.0. diff --git a/caseyd/aws/tf/provision-jupyterhub/README.md b/caseyd/aws/tf/provision-jupyterhub/README.md new file mode 100644 index 0000000..022f041 --- /dev/null +++ b/caseyd/aws/tf/provision-jupyterhub/README.md @@ -0,0 +1,21 @@ +# Provision your Kubernetes clusters with the Terraform Helm provider + + + +## Customize the deployment + +Update `variables.tf` with the k8s namespace, and JupyterHelm chart version. + +Add custom configuration values to `jupyterhub-values.yaml` + +## Deploy with Terraform + +Refer to [Terraform Readme](../README.md) for other Terraform commands +``` +terraform init +terraform apply +``` + + +# References +This is a supplemental repository for the Hashicorp [Helm provider tutorial](https://developer.hashicorp.com/terraform/tutorials/kubernetes/helm-provider). diff --git a/caseyd/aws/tf/provision-jupyterhub/helm_release.tf b/caseyd/aws/tf/provision-jupyterhub/helm_release.tf new file mode 100644 index 0000000..d1cd354 --- /dev/null +++ b/caseyd/aws/tf/provision-jupyterhub/helm_release.tf @@ -0,0 +1,14 @@ +# Copyright (c) HashiCorp, Inc. +# SPDX-License-Identifier: MPL-2.0 + +provider "helm" { + kubernetes { + host = data.aws_eks_cluster.cluster.endpoint + cluster_ca_certificate = base64decode(data.aws_eks_cluster.cluster.certificate_authority.0.data) + exec { + api_version = "client.authentication.k8s.io/v1beta1" + args = ["eks", "get-token", "--cluster-name", data.aws_eks_cluster.cluster.name] + command = "aws" + } + } +} diff --git a/caseyd/aws/tf/provision-jupyterhub/jupyterhub-values.yaml b/caseyd/aws/tf/provision-jupyterhub/jupyterhub-values.yaml new file mode 100644 index 0000000..fa72f7b --- /dev/null +++ b/caseyd/aws/tf/provision-jupyterhub/jupyterhub-values.yaml @@ -0,0 +1,10 @@ +# This file can update the JupyterHub Helm chart's default configuration values. +# +# For reference see the configuration reference and default values, but make +# sure to refer to the Helm chart version of interest to you! +# +# Introduction to YAML: https://www.youtube.com/watch?v=cdLNKUoMc6c +# Chart config reference: https://zero-to-jupyterhub.readthedocs.io/en/stable/resources/reference.html +# Chart default values: https://github.com/jupyterhub/zero-to-jupyterhub-k8s/blob/HEAD/jupyterhub/values.yaml +# Available chart versions: https://jupyterhub.github.io/helm-chart/ +# diff --git a/caseyd/aws/tf/provision-jupyterhub/jupyterhub.tf b/caseyd/aws/tf/provision-jupyterhub/jupyterhub.tf new file mode 100644 index 0000000..0cabc6b --- /dev/null +++ b/caseyd/aws/tf/provision-jupyterhub/jupyterhub.tf @@ -0,0 +1,27 @@ +# Copyright (c) HashiCorp, Inc. +# SPDX-License-Identifier: MPL-2.0 + + + +resource "helm_release" "jupyterhub" { + name = "jupyterhub" + repository = "https://jupyterhub.github.io/helm-chart/" + chart = "jupyterhub" + version = var.jupyterhub_helm_version + cleanup_on_fail = true + create_namespace = true + namespace = var.jupyterhub_namespace + + values = [ + file("${path.module}/jupyterhub-values.yaml") + ] + +} + +# Not sure this is needed for a JupyterHub chart? +#data "kubernetes_service" "jupyterhub" { +# depends_on = [helm_release.jupyterhub] +# metadata { +# name = "jupyterhub" +# } +#} diff --git a/caseyd/aws/tf/provision-jupyterhub/kubernetes.tf b/caseyd/aws/tf/provision-jupyterhub/kubernetes.tf new file mode 100644 index 0000000..67caa72 --- /dev/null +++ b/caseyd/aws/tf/provision-jupyterhub/kubernetes.tf @@ -0,0 +1,34 @@ +# Copyright (c) HashiCorp, Inc. +# SPDX-License-Identifier: MPL-2.0 + + +data "terraform_remote_state" "eks" { + backend = "local" + config = { + path = "../provision-eks-cluster/terraform.tfstate" + } +} + +# Retrieve EKS cluster configuration +provider "aws" { + region = data.terraform_remote_state.eks.outputs.region +} + +data "aws_eks_cluster" "cluster" { + name = data.terraform_remote_state.eks.outputs.cluster_name +} + +data "aws_eks_cluster_auth" "cluster" { + name = data.terraform_remote_state.eks.outputs.cluster_name +} + + +provider "kubernetes" { + host = data.aws_eks_cluster.cluster.endpoint + cluster_ca_certificate = base64decode(data.aws_eks_cluster.cluster.certificate_authority.0.data) + exec { + api_version = "client.authentication.k8s.io/v1beta1" + args = ["eks", "get-token", "--cluster-name", data.aws_eks_cluster.cluster.name] + command = "aws" + } +} diff --git a/caseyd/aws/tf/provision-jupyterhub/variables.tf b/caseyd/aws/tf/provision-jupyterhub/variables.tf new file mode 100644 index 0000000..25d4edd --- /dev/null +++ b/caseyd/aws/tf/provision-jupyterhub/variables.tf @@ -0,0 +1,14 @@ +# Copyright (c) HashiCorp, Inc. +# SPDX-License-Identifier: MPL-2.0 + +variable "jupyterhub_namespace" { + description = "JupyterHub Namespace" + type = string + default = "jhub" +} + +variable "jupyterhub_helm_version" { + description = "JupyterHub Helm Version" + type = string + default = "2.0.0" +} diff --git a/caseyd/aws/tf/provision-jupyterhub/versions.tf b/caseyd/aws/tf/provision-jupyterhub/versions.tf new file mode 100644 index 0000000..e669076 --- /dev/null +++ b/caseyd/aws/tf/provision-jupyterhub/versions.tf @@ -0,0 +1,20 @@ +# Copyright (c) HashiCorp, Inc. +# SPDX-License-Identifier: MPL-2.0 + +terraform { + required_providers { + helm = { + source = "hashicorp/helm" + version = "~> 2.8.0" + } + kubernetes = { + source = "hashicorp/kubernetes" + version = "~> 2.17.0" + } + aws = { + source = "hashicorp/aws" + version = "~> 4.52.0" + } + } + required_version = "~> 1.3" +} From b451cee8ad038c830d69d05d5e4f0f5f81af3af3 Mon Sep 17 00:00:00 2001 From: Casey Dinsmore Date: Tue, 11 Apr 2023 17:51:19 -0700 Subject: [PATCH 07/17] README Updates --- caseyd/README.md | 9 +++++---- caseyd/aws/tf/README.md | 11 ++--------- caseyd/aws/tf/provision-eks-cluster/README.md | 9 +++++++++ caseyd/aws/tf/provision-jupyterhub/README.md | 2 +- 4 files changed, 17 insertions(+), 14 deletions(-) diff --git a/caseyd/README.md b/caseyd/README.md index 29e0959..cba1558 100644 --- a/caseyd/README.md +++ b/caseyd/README.md @@ -19,16 +19,17 @@ Working directory for Casey Dinsmore ## Kubectl ### Get Proxy Address - -kubectl -n jhub get service proxy-public + kubectl -n jhub get service proxy-public ### Show all pod states kubectl get pods -A ### View details about a pod including deployment errors - kubectl -n jhub describe pod ### Get the logs for a pod - kubectl -n jhub get logs + +### Examine Persistent Volumes/claims + kubectl -n jhub get pv + kubectl -n jhub get pvc diff --git a/caseyd/aws/tf/README.md b/caseyd/aws/tf/README.md index b903171..7a1453c 100644 --- a/caseyd/aws/tf/README.md +++ b/caseyd/aws/tf/README.md @@ -45,7 +45,7 @@ This will also show the cluster output information ## Configure kube for the new cluster ``` -aws eks update-kubeconfig --name education-eks-pAGhwfz9 +aws eks update-kubeconfig --name ``` Update kubectl from Terraform output (from the EKS terraform directory) @@ -53,16 +53,9 @@ Update kubectl from Terraform output (from the EKS terraform directory) aws eks update-kubeconfig --name $(terraform output -raw cluster_name) ``` -## Updating a Cluster -Edit variables.tf and replace cluster_version 1.24 with version 1.25 -``` - terraform apply -``` - -AWS will step through and upgrade the cluster to version 1.25 -## Deleting a cluster +## Deleting a terraform deployment ``` terraform destroy ``` diff --git a/caseyd/aws/tf/provision-eks-cluster/README.md b/caseyd/aws/tf/provision-eks-cluster/README.md index 51d3816..4a74bcc 100644 --- a/caseyd/aws/tf/provision-eks-cluster/README.md +++ b/caseyd/aws/tf/provision-eks-cluster/README.md @@ -13,6 +13,15 @@ terraform init terraform apply ``` +## Updating a Cluster + +Edit `variables.tf` and replace cluster_version 1.24 with version 1.25 +``` + terraform apply +``` + +AWS will step through and upgrade the cluster to version 1.25 + # References This is a fork of the [Provision an EKS Cluster tutorial](https://developer.hashicorp.com/terraform/tutorials/kubernetes/eks) containing diff --git a/caseyd/aws/tf/provision-jupyterhub/README.md b/caseyd/aws/tf/provision-jupyterhub/README.md index 022f041..ff5f940 100644 --- a/caseyd/aws/tf/provision-jupyterhub/README.md +++ b/caseyd/aws/tf/provision-jupyterhub/README.md @@ -1,4 +1,4 @@ -# Provision your Kubernetes clusters with the Terraform Helm provider +# Provision JupyterHub in a Kubernetes cluster with the Terraform Helm provider From 9fc1875aef4f251accbaa8c8edc5b7ae8a0d9a01 Mon Sep 17 00:00:00 2001 From: Casey Dinsmore Date: Tue, 11 Apr 2023 17:58:11 -0700 Subject: [PATCH 08/17] More README Updates --- caseyd/README.md | 4 ++-- caseyd/aws/tf/README.md | 10 +++------- 2 files changed, 5 insertions(+), 9 deletions(-) diff --git a/caseyd/README.md b/caseyd/README.md index cba1558..02fb9e0 100644 --- a/caseyd/README.md +++ b/caseyd/README.md @@ -3,7 +3,7 @@ Working directory for Casey Dinsmore -# Jupyterhub Common Commands +# Common Commands ## Helm @@ -30,6 +30,6 @@ Working directory for Casey Dinsmore ### Get the logs for a pod kubectl -n jhub get logs -### Examine Persistent Volumes/claims +### Get Persistent Volumes/Claims kubectl -n jhub get pv kubectl -n jhub get pvc diff --git a/caseyd/aws/tf/README.md b/caseyd/aws/tf/README.md index 7a1453c..50a8a2f 100644 --- a/caseyd/aws/tf/README.md +++ b/caseyd/aws/tf/README.md @@ -1,8 +1,4 @@ -# Terraform EKS Example -https://developer.hashicorp.com/terraform/tutorials/kubernetes/eks - - ## Terraform Commands ### Install TF Requirements @@ -61,6 +57,6 @@ aws eks update-kubeconfig --name $(terraform output -raw cluster_name) ``` -## Terraform Helm Example - -https://developer.hashicorp.com/terraform/tutorials/kubernetes/helm-provider +# References +* [Terraform EKS Example](https://developer.hashicorp.com/terraform/tutorials/kubernetes/eks) +* [Terraform Helm Example](https://developer.hashicorp.com/terraform/tutorials/kubernetes/helm-provider) From 5bae48ecd267da572ff0aca15e8deefe59141fc3 Mon Sep 17 00:00:00 2001 From: Casey Dinsmore Date: Tue, 11 Apr 2023 18:04:48 -0700 Subject: [PATCH 09/17] Added command markdown --- caseyd/README.md | 17 ++++++++++++++--- 1 file changed, 14 insertions(+), 3 deletions(-) diff --git a/caseyd/README.md b/caseyd/README.md index 02fb9e0..b94db4d 100644 --- a/caseyd/README.md +++ b/caseyd/README.md @@ -8,28 +8,39 @@ Working directory for Casey Dinsmore ## Helm ### Install / Reconfigure - +``` helm upgrade --cleanup-on-fail \ --install jhub jupyterhub/jupyterhub \ --namespace jhub \ --create-namespace \ --version=2.0.0 \ --values config.yaml - +``` ## Kubectl ### Get Proxy Address +``` kubectl -n jhub get service proxy-public +``` ### Show all pod states +``` kubectl get pods -A +``` ### View details about a pod including deployment errors +``` kubectl -n jhub describe pod - +``` ### Get the logs for a pod +``` kubectl -n jhub get logs + ``` ### Get Persistent Volumes/Claims +``` kubectl -n jhub get pv + ``` + ``` kubectl -n jhub get pvc + ``` From a671392dcb80d2d2fe9119cd3ab5c17eb5599d13 Mon Sep 17 00:00:00 2001 From: Kraig Eisenman <68161631+kraigeisenman@users.noreply.github.com> Date: Wed, 12 Apr 2023 11:00:54 -0400 Subject: [PATCH 10/17] Update kraig.me Cleaned up readme to clarify my goals. --- kraig.md | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/kraig.md b/kraig.md index a8e112a..c9195fc 100644 --- a/kraig.md +++ b/kraig.md @@ -10,16 +10,15 @@ This project was created as part of the Internet2 CLASS Advanced program and sup ### Personal Goals: -My personal goal is to write my own terraform script to be able to deploy the resources necessary to complete this project. +My personal goal is to deploy an environment for a scalable jupyterhub using Terraform and AWS. To Do: -- [x] Deploy a Kubernetes cluster on GCP +- [x] Deploy a Kubernetes cluster on AWS - [x] Create a [README.md](http://README.md) for team github - [ ] Install Jupyter notebook to AWS cluster -- [ ] Register domain with GCP cloud domains +- [ ] Register domain with Route53 - [ ] Point Jupyterhub instance to new domain -- [ ] Setup SSL Certificate - [ ] Setup OAuth - [ ] Create a Terraform deployment - [ ] Upload to GitHub From 081f365d62c88ac04f8fac701636bf0a403e354a Mon Sep 17 00:00:00 2001 From: "A. Tan" Date: Thu, 13 Apr 2023 12:16:23 -0700 Subject: [PATCH 11/17] Update README.md --- README.md | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index ae1c9d8..90137a4 100644 --- a/README.md +++ b/README.md @@ -2,7 +2,13 @@

Overview

-This project will deploy a Jupyterhub with scalable compute nodes (for distributed computing) on 3 cloud platforms using AWS EKS, Azure Kubernetes Service (AKS) and Google Kubernetes Engine (GKE). The goals are to (1) Create a replicable, reusable template for deployment of Jupyterhubs on campuses using Terraform and/or other automation scripts (2) Create documentation around best practices for deploying Jupyterhubs including steps on SSO/OAuth, cost optimization, and other node scaling mechanisms. +This project will deploy a Jupyterhub with scalable compute nodes (for distributed computing) on 3 cloud platforms using AWS EKS, Azure Kubernetes Service (AKS) and Google Kubernetes Engine (GKE). There are several learning objectives for this project: + +1. Learn how create replicable and reusable templates for deployment of cloud services using Infrastructure-as-Code (IaC), namely Terraform +2. Understand how to use Kubernetes for container orchestration and scaling of microservices +3. Understand how to deploy scalable Jupyterhubs (i.e. Jupyterhubs as a service, Jupyterhub for Classroom) +4. Understand best practices on Jupyterhub deployments including steps on SSO/OAuth, cost optimization, security, networking, and other node scaling mechanisms +

Contents

From 176914837924195cfb5d64e8a8cf1f4357b9ab52 Mon Sep 17 00:00:00 2001 From: "A. Tan" Date: Thu, 13 Apr 2023 12:21:33 -0700 Subject: [PATCH 12/17] Create final_presentation.md --- final_presentation.md | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) create mode 100644 final_presentation.md diff --git a/final_presentation.md b/final_presentation.md new file mode 100644 index 0000000..cffef90 --- /dev/null +++ b/final_presentation.md @@ -0,0 +1,17 @@ +

Group project goals

+ +1. Learn how create replicable and reusable templates for deployment of cloud services using Infrastructure-as-Code (IaC), namely Terraform +2. Understand how to use Kubernetes for container orchestration and scaling of microservices +3. Understand how to deploy scalable Jupyterhubs (i.e. Jupyterhubs as a service, Jupyterhub for Classroom) +4. Understand best practices on Jupyterhub deployments including steps on SSO/OAuth, cost optimization, security, networking, and other node scaling mechanisms +5. Learn Github as a collaborative tool! + +Presentation sequence: +1. Overview of project goals +2. Demo of AWS deployment using Terraform +3. Demo of Azure deployment using Terraform +4. Demo of GCP deployment using Terraform (maybe unnecessary) +5. Brief overview of lessons learned re: Security +6. Brief overview of lessons learned re: Networking +7. Jupyterhub + NFS (why, how) +8. Demo of functional Jupyterhub - let's crash the thing and watch it autoscale From 3b1ed85833ffbbd36d7ba67854afb00a79dd630b Mon Sep 17 00:00:00 2001 From: "A. Tan" Date: Thu, 13 Apr 2023 12:22:04 -0700 Subject: [PATCH 13/17] Update final_presentation.md --- final_presentation.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/final_presentation.md b/final_presentation.md index cffef90..0a8dc18 100644 --- a/final_presentation.md +++ b/final_presentation.md @@ -6,7 +6,7 @@ 4. Understand best practices on Jupyterhub deployments including steps on SSO/OAuth, cost optimization, security, networking, and other node scaling mechanisms 5. Learn Github as a collaborative tool! -Presentation sequence: +

Presentation sequence:

1. Overview of project goals 2. Demo of AWS deployment using Terraform 3. Demo of Azure deployment using Terraform @@ -14,4 +14,4 @@ Presentation sequence: 5. Brief overview of lessons learned re: Security 6. Brief overview of lessons learned re: Networking 7. Jupyterhub + NFS (why, how) -8. Demo of functional Jupyterhub - let's crash the thing and watch it autoscale +8. Demo of functional Jupyterhub - let's crash the thing and watch it autoscale. From b3e81a5f5e1a19f57399eb430a99cad02e1c0603 Mon Sep 17 00:00:00 2001 From: "A. Tan" Date: Thu, 13 Apr 2023 12:38:46 -0700 Subject: [PATCH 14/17] Update final_presentation.md --- final_presentation.md | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/final_presentation.md b/final_presentation.md index 0a8dc18..73d2bd3 100644 --- a/final_presentation.md +++ b/final_presentation.md @@ -7,11 +7,13 @@ 5. Learn Github as a collaborative tool!

Presentation sequence:

+ 1. Overview of project goals 2. Demo of AWS deployment using Terraform 3. Demo of Azure deployment using Terraform 4. Demo of GCP deployment using Terraform (maybe unnecessary) 5. Brief overview of lessons learned re: Security 6. Brief overview of lessons learned re: Networking -7. Jupyterhub + NFS (why, how) -8. Demo of functional Jupyterhub - let's crash the thing and watch it autoscale. +7. Brief overview of Institutional needs +8. Jupyterhub + NFS (why, how) +9. Demo of functional Jupyterhub - let's crash the thing and watch it autoscale. From b597822a0dab8a19b1ef844e130d9b76509a9224 Mon Sep 17 00:00:00 2001 From: "A. Tan" Date: Thu, 13 Apr 2023 12:39:32 -0700 Subject: [PATCH 15/17] Update final_presentation.md --- final_presentation.md | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/final_presentation.md b/final_presentation.md index 73d2bd3..2c05a4f 100644 --- a/final_presentation.md +++ b/final_presentation.md @@ -15,5 +15,6 @@ 5. Brief overview of lessons learned re: Security 6. Brief overview of lessons learned re: Networking 7. Brief overview of Institutional needs -8. Jupyterhub + NFS (why, how) -9. Demo of functional Jupyterhub - let's crash the thing and watch it autoscale. +8. Cost discussion +9. Jupyterhub + NFS (why, how) +10. Demo of functional Jupyterhub - let's crash the thing and watch it autoscale. From 1b35af7a94574b89877b69970d848c8ff8d2fe11 Mon Sep 17 00:00:00 2001 From: "A. Tan" Date: Thu, 13 Apr 2023 13:13:50 -0700 Subject: [PATCH 16/17] Update final_presentation.md --- final_presentation.md | 28 ++++++++++++++++++---------- 1 file changed, 18 insertions(+), 10 deletions(-) diff --git a/final_presentation.md b/final_presentation.md index 2c05a4f..6cec8c3 100644 --- a/final_presentation.md +++ b/final_presentation.md @@ -6,15 +6,23 @@ 4. Understand best practices on Jupyterhub deployments including steps on SSO/OAuth, cost optimization, security, networking, and other node scaling mechanisms 5. Learn Github as a collaborative tool! +

Target Audience

+Research faciliation peers + +

Key takeaways from the presentation

+1. Terraform is a simple way to deploy cloud services +2. Lessons learned/considerations when deploying cloud services +3. Deep dive into Jupyterhub technology for use across multiple use cases +

Presentation sequence:

-1. Overview of project goals -2. Demo of AWS deployment using Terraform -3. Demo of Azure deployment using Terraform -4. Demo of GCP deployment using Terraform (maybe unnecessary) -5. Brief overview of lessons learned re: Security -6. Brief overview of lessons learned re: Networking -7. Brief overview of Institutional needs -8. Cost discussion -9. Jupyterhub + NFS (why, how) -10. Demo of functional Jupyterhub - let's crash the thing and watch it autoscale. +1. Overview of project goals - Kate +2. Demo of AWS deployment using Terraform - Kraig +3. Differences between AWS and Azure Terraform setups/config - Casey +4. Brief overview of lessons learned re: Security and Networking - John +5. Brief overview of lessons learning re: Institutional needs/Cloud adoption limits- Matt +6. Cost discussion + - David +7. Jupyterhub + NFS (why, how) - Sarah +8. Demo of functional Jupyterhub - let's crash the thing and watch it autoscale - David + + From b5f2617bc8819d14608b2def783d603dba930048 Mon Sep 17 00:00:00 2001 From: "A. Tan" Date: Thu, 13 Apr 2023 15:19:19 -0700 Subject: [PATCH 17/17] Update final_presentation.md --- final_presentation.md | 1 + 1 file changed, 1 insertion(+) diff --git a/final_presentation.md b/final_presentation.md index 6cec8c3..43d2f4c 100644 --- a/final_presentation.md +++ b/final_presentation.md @@ -10,6 +10,7 @@ Research faciliation peers

Key takeaways from the presentation

+ 1. Terraform is a simple way to deploy cloud services 2. Lessons learned/considerations when deploying cloud services 3. Deep dive into Jupyterhub technology for use across multiple use cases