Merge pull request #3809 from freitagb/patch-10

Rebrand ESDIS hub for IEEE-GRSS webinar

config/clusters/nasa-esdis/common.values.yaml

@@ -20,9 +20,9 @@ jupyterhub:
     homepage:
       templateVars:
         org:
-          name: ESDIS
-          logo_url: "https://github.com/2i2c-org/infrastructure/assets/61120/3380676a-1f2e-400d-8471-79496510c1e7"
-          url: https://www.earthdata.nasa.gov/esdis
+          name: IEEE-GRSS
+          logo_url: "https://www.grss-ieee.org/wp-content/uploads/2020/12/grss.png"
+          url: https://www.grss-ieee.org/
         designed_by:
           name: 2i2c
           url: https://2i2c.org
@@ -38,20 +38,58 @@ jupyterhub:
         authenticator_class: github
       GitHubOAuthenticator:
         allowed_organizations:
-          - nasa-esdis:cloud-users
+          - nasa-veda-workshops:ieee-grss-webinar-mar-2024
         scope:
           - read:org
       Authenticator:
         admin_users:
           - bilts # Patrick Quinn
           - freitagb # Brian Freitag
+          - slesaad # Slesa Adhikari
   singleuser:
+    defaultUrl: /lab
     profileList:
-      - display_name: Python
-        description: Python datascience environment
+      - display_name: "Modified Pangeo Notebook"
+        slug: modified-pangeo
+        description: Pangeo based notebook with a Python environment
         default: true
         kubespawner_override:
-          image: openscapes/python:6ee57a9
+          image: public.ecr.aws/nasa-veda/nasa-veda-singleuser:2024-03-07
+          init_containers:
+            # Need to explicitly fix ownership here, as otherwise these directories will be owned
+            # by root on most NFS filesystems - neither EFS nor Google Filestore support anonuid
+            - name: volume-mount-ownership-fix
+              image: busybox:1.36.1
+              command:
+                - sh
+                - -c
+                - id && chown 1000:1000 /home/jovyan /home/jovyan/shared && ls -lhd /home/jovyan
+              securityContext:
+                runAsUser: 0
+              volumeMounts:
+                - name: home
+                  mountPath: /home/jovyan
+                  subPath: "{username}"
+                # mounted without readonly attribute here,
+                # so we can chown it appropriately
+                - name: home
+                  mountPath: /home/jovyan/shared
+                  subPath: _shared
+            # this container uses nbgitpuller to mount https://github.com/NASA-IMPACT/veda-docs/ for user pods
+            # image source: https://github.com/NASA-IMPACT/veda-jh-environments/tree/main/docker-images/base/nasa-veda-singleuser-init
+            - name: nasa-veda-singleuser-init
+              image: public.ecr.aws/nasa-veda/nasa-veda-singleuser-init:38e8998f9be64b0a59ac6c4d6d152d3403121dfc4be6d49bdf52ddc92827af8a
+              command:
+                - "python3"
+                - "/opt/k8s-init-container-nb-docs.py"
+                - "/home/jovyan"
+              volumeMounts:
+                - name: home
+                  mountPath: /home/jovyan
+                  subPath: "{username}"
+              securityContext:
+                runAsUser: 1000
+                runAsGroup: 1000
         profile_options: &profile_options
           requests:
             display_name: Resource Allocation
@@ -84,42 +122,6 @@ jupyterhub:
                   cpu_limit: 3.75
                   node_selector:
                     node.kubernetes.io/instance-type: r5.xlarge
-              mem_14_8:
-                display_name: 14.8 GB RAM, upto 3.7 CPUs
-                kubespawner_override:
-                  mem_guarantee: 15941615616
-                  mem_limit: 15941615616
-                  cpu_guarantee: 1.875
-                  cpu_limit: 3.75
-                  node_selector:
-                    node.kubernetes.io/instance-type: r5.xlarge
-              mem_29_7:
-                display_name: 29.7 GB RAM, upto 3.7 CPUs
-                kubespawner_override:
-                  mem_guarantee: 31883231232
-                  mem_limit: 31883231232
-                  cpu_guarantee: 3.75
-                  cpu_limit: 3.75
-                  node_selector:
-                    node.kubernetes.io/instance-type: r5.xlarge
-              mem_60_6:
-                display_name: 60.6 GB RAM, upto 15.7 CPUs
-                kubespawner_override:
-                  mem_guarantee: 65094813696
-                  mem_limit: 65094813696
-                  cpu_guarantee: 7.86
-                  cpu_limit: 15.72
-                  node_selector:
-                    node.kubernetes.io/instance-type: r5.4xlarge
-              mem_121_2:
-                display_name: 121.2 GB RAM, upto 15.7 CPUs
-                kubespawner_override:
-                  mem_guarantee: 130189627392
-                  mem_limit: 130189627392
-                  cpu_guarantee: 15.72
-                  cpu_limit: 15.72
-                  node_selector:
-                    node.kubernetes.io/instance-type: r5.4xlarge
       - display_name: R
         description: R (with RStudio) + Python environment
         kubespawner_override:

terraform/aws/projects/nasa-esdis.tfvars

@@ -21,6 +21,62 @@ hub_cloud_permissions = {
   },
   "prod" : {
     bucket_admin_access : ["scratch"],
-    extra_iam_policy : ""
+    extra_iam_policy : <<-EOT
+    {
+        "Version": "2012-10-17",
+        "Statement": [
+            {
+                "Effect": "Allow",
+                "Action": [
+                    "s3:PutObject",
+                    "s3:GetObject",
+                    "s3:ListBucketMultipartUploads",
+                    "s3:AbortMultipartUpload",
+                    "s3:ListBucketVersions",
+                    "s3:CreateBucket",
+                    "s3:ListBucket",
+                    "s3:DeleteObject",
+                    "s3:GetBucketLocation",
+                    "s3:ListMultipartUploadParts"
+                ],
+                "Resource": [
+                    "arn:aws:s3:::veda-data-store-staging",
+                    "arn:aws:s3:::veda-data-store-staging/*",
+                    "arn:aws:s3:::veda-nex-gddp-cmip6-public",
+                    "arn:aws:s3:::veda-nex-gddp-cmip6-public/*",
+                    "arn:aws:s3:::cmip6-staging",
+                    "arn:aws:s3:::cmip6-staging/*",
+                    "arn:aws:s3:::lp-prod-protected",
+                    "arn:aws:s3:::lp-prod-protected/*",
+                    "arn:aws:s3:::gesdisc-cumulus-prod-protected",
+                    "arn:aws:s3:::gesdisc-cumulus-prod-protected/*",
+                    "arn:aws:s3:::nsidc-cumulus-prod-protected",
+                    "arn:aws:s3:::nsidc-cumulus-prod-protected/*",
+                    "arn:aws:s3:::ornl-cumulus-prod-protected",
+                    "arn:aws:s3:::ornl-cumulus-prod-protected/*",
+                    "arn:aws:s3:::pangeo-forge-veda-output",
+                    "arn:aws:s3:::pangeo-forge-veda-output/*",
+                    "arn:aws:s3:::podaac-ops-cumulus-public",
+                    "arn:aws:s3:::podaac-ops-cumulus-public/*",
+                    "arn:aws:s3:::podaac-ops-cumulus-protected",
+                    "arn:aws:s3:::podaac-ops-cumulus-protected/*",
+                    "arn:aws:s3:::maap-ops-workspace",
+                    "arn:aws:s3:::maap-ops-workspace/*",
+                    "arn:aws:s3:::nasa-maap-data-store",
+                    "arn:aws:s3:::nasa-maap-data-store/*",
+                    "arn:aws:s3:::grss-veda-data-store",
+                    "arn:aws:s3:::grss-veda-data-store/*",
+                    "arn:aws:s3:::sentinel-cogs",
+                    "arn:aws:s3:::sentinel-cogs/*"
+                ]
+            },
+            {
+                "Effect": "Allow",
+                "Action": "s3:ListAllMyBuckets",
+                "Resource": "*"
+            }
+        ]
+    }
+  EOT
   },
-}
+}