QCL add cluster yaml, config, staging hub

[pnasrat]

• Add cluster file for QCL hub
• Generate QCL cluster config and support secrets
• See [QCL] Tracking: New Hub Deployment  #2287

[consideRatio]

Some notes about domain names

[pnasrat]

Getting API rate limited but local validate fails. Will fix up after lunch

deployer validate qcl
Getting updates for unmanaged Helm repositories...
...Successfully got an update from the "https://jupyterhub.github.io/helm-chart/" chart repository
Saving 1 charts
Downloading jupyterhub from repo https://jupyterhub.github.io/helm-chart/
Deleting outdated charts
Getting updates for unmanaged Helm repositories...
...Successfully got an update from the "https://helm.dask.org/" chart repository
Saving 2 charts
Downloading dask-gateway from repo https://helm.dask.org/
Deleting outdated charts
Getting updates for unmanaged Helm repositories...
...Successfully got an update from the "https://helm.dask.org/" chart repository
...Successfully got an update from the "https://jupyterhub.github.io/helm-chart/" chart repository
Saving 2 charts
Downloading binderhub from repo https://jupyterhub.github.io/helm-chart/
Downloading dask-gateway from repo https://helm.dask.org/
Deleting outdated charts
Getting updates for unmanaged Helm repositories...
...Successfully got an update from the "https://yuvipanda.github.io/cryptnono/" chart repository
...Successfully got an update from the "https://kubernetes.github.io/autoscaler" chart repository
...Successfully got an update from the "https://kubernetes.github.io/ingress-nginx" chart repository
...Successfully got an update from the "https://grafana.github.io/helm-charts" chart repository
...Successfully got an update from the "https://prometheus-community.github.io/helm-charts" chart repository
Saving 5 charts
Downloading prometheus from repo https://prometheus-community.github.io/helm-charts
Downloading grafana from repo https://grafana.github.io/helm-charts
Downloading ingress-nginx from repo https://kubernetes.github.io/ingress-nginx
Downloading cluster-autoscaler from repo https://kubernetes.github.io/autoscaler
Downloading cryptnono from repo https://yuvipanda.github.io/cryptnono/
Deleting outdated charts
Validating non-encrypted support values files for qcl...
1 / 1: Validating non-encrypted hub values files for staging...
Error: failed to parse /home/pnasrat/workspace/src/github.com/2i2c-org/infrastructure/config/clusters/qcl/staging.values.yaml: error converting YAML to JSON: yaml: line 4: mapping values are not allowed in this context

[pnasrat]

Note to self validate runs

helm template /home/pnasrat/workspace/src/github.com/2i2c-org/infrastructure/helm-charts/basehub --values=/home/pnasrat/workspace/src/github.com/2i2c-org/infrastructure/config/clusters/qcl/common.values.yaml --values=/home/pnasrat/workspace/src/github.com/2i2c-org/infrastructure/config/clusters/qcl/staging.values.yaml

[pnasrat]

Sigh obvious typo now validate fails with

Error: values don't meet the specifications of the schema(s) in the following chart(s):
basehub:
- (root): Additional property basehub is not allowed

[consideRatio]

When using basehub, your values should not be indented under basehub.

The daskhub chart dependa on basehub, so basehub chart config is nested under such key for a daskhub chart

[pnasrat]

Tested TLS working correctly via

curl -I https://grafana.qcl.2i2c.cloud
HTTP/2 302 
date: Fri, 03 Mar 2023 14:35:30 GMT
content-type: text/html; charset=utf-8
cache-control: no-cache
expires: -1
location: /login
pragma: no-cache
x-content-type-options: nosniff
x-frame-options: deny
x-xss-protection: 1; mode=block
strict-transport-security: max-age=15724800; includeSubDomains

curl -I https://grafana.quantifiedcarbon.com
HTTP/2 302 
date: Fri, 03 Mar 2023 14:35:45 GMT
content-type: text/html; charset=utf-8
cache-control: no-cache
expires: -1
location: /login
pragma: no-cache
x-content-type-options: nosniff
x-frame-options: deny
x-xss-protection: 1; mode=block
strict-transport-security: max-age=15724800; includeSubDomains

[pnasrat]

Actually need to add enc-staging values file before review

[pnasrat]

Deployed staging hub here https://staging.quantifiedcarbon.com/hub/login?next=%2Fhub%2F I may need to get the auth wired in

[pnasrat]

Ready for review PTAL. Staging hub is up from a manual deploy. Then will do further configuration under main tracking issue.

[consideRatio]

Nice work this looks great!!

Things I figure remains in our out of this PR are:

• Redirects for prod / grafana
• Prod hub
• admin_users to include listed accounts from QCL
• singleuser.profileList configuration

[consideRatio]

I considered this config quite a bit, thinking that perhaps it was important to list grafana.quantifiedcarbon.com as the topmost host. I think it may not be important based on investigation in #2304 though.

What do you think about going for grafana.quantifiedcarbon.com as the first entry systematically in lists to reduce a risk of issues for now?

[pnasrat]

I'll read through your investigation on #2304 and this can be updated if need be before we enable the prod hub and handover to the community

[consideRatio]

Nice work figuring this out! I wasn't aware of this system to create Ingress resources was available in the basehub helm chart, and suspect it may not have been documented either yet.

We should have redirect rules for grafana and the production hub here as well. Maybe the production hub is out of scope for this PR and thats fine.

[pnasrat]

There is some documentation here https://infrastructure.2i2c.org/en/latest/howto/manage-domains/index.html

I think when we start work on the deployer improvments making the generator take optional args for custom domains might help

Yes I think this is good to go and I'll split out the prod hub.

[github-actions]

🎉🎉🎉🎉

Monitor the deployment of the hubs here 👉 https://github.com/2i2c-org/infrastructure/actions/runs/4343972840