Deploy binderHub and other K8s apps on AWS curvenote #2698
Conversation
manics
force-pushed
the
aws-curvenote-binder
branch
from
7eb89ad
to
97f5400
Compare
manics
force-pushed
the
aws-curvenote-binder
branch
2 times, most recently
from
eb7c9b0
to
b84322c
Compare
Use manual build of jupyterhub/binderhub#1724
manics
force-pushed
the
aws-curvenote-binder
branch
from
b84322c
to
d00589d
Compare
…gistry-helper secret
manics
force-pushed
the
aws-curvenote-binder
branch
from
d00589d
to
309d537
Compare
There was a problem hiding this comment.
I think this is ready for review!
The main missing things are:
- Adding this to the redirector: I'd like to leave this for a later PR, and focus on getting the continuous deployment running first .
GOOGLE_APPLICATION_CREDENTIALS: Could be done now, or in a follow-up
| # mountPath: /secrets | ||
| # readOnly: true | ||
| # extraEnv: | ||
| # GOOGLE_APPLICATION_CREDENTIALS: /secrets/service-account.json |
There was a problem hiding this comment.
This is the main thing missing- how do I create the credentials?
| @@ -342,6 +398,13 @@ def main(): | |||
| action="store_true", | |||
| help="Print commands, but don't run them", | |||
| ) | |||
| stages = ["all", "auth", "networkbans", "kubesystem", "certmanager", "mybinder"] | |||
There was a problem hiding this comment.
I've added an optional --stage argument to make it easier to run deploy.py locally. There should be no change to the default behaviour.
| @@ -0,0 +1,12 @@ | |||
| {{- range $name, $priority := .Values.priorityClasses }} | |||
There was a problem hiding this comment.
This is an alternative to using separate node pools.
| @@ -0,0 +1,20 @@ | |||
| # Enable NetworkPolicies on EKS | |||
There was a problem hiding this comment.
I've added this directory as a record of what I did to enable network policies in EKS (which was painful......). Not sure if we need terraform/aws/curvenote/cni/aws-k8s-cni-us-east-2.yaml for completeness, or if it's enough just to have the readme?
| from binderhub.registry import DockerRegistry | ||
|
|
||
|
|
||
| class ExternalRegistryHelper(DockerRegistry): |
There was a problem hiding this comment.
I'm guessing this will eventually go upstream into binderhub
There was a problem hiding this comment.
Hopefully! I think we should try it in production for a bit, and if there are no unforeseen issues add it upstream.
| AWS_DEPLOYMENTS[cluster], | ||
| ] | ||
| stdout = check_output(eks_kubeconfig, dry_run) | ||
| print(stdout) |
There was a problem hiding this comment.
check_output will hide stdout, so I think it's useful to print it out as it provides confirmation that auth worked, and it also mirrors the effect of running the command manually.
There was a problem hiding this comment.
Given the lack of review time, @manics at this point I think you should self merge and iterate so we can add more capactiy. I think overall this looks good to me and we can obviously change after.
THANK YOU FOR WORKING ON THIS!
|
@yuvipanda Thanks! I'll merge when I have a decent block of time to deal with any problems. |
|
@yuvipanda I'm hoping to spend some time on this later today, but let me know if you'd rather I wait until the cryptnono work is finished. |
|
@manics nah you can go ahead! |
Follow-on from #2652 for AWS Curvenote. Deploys
This has been manually deployed (
./deploy.py ....)