<div align="center">,
    <img src = "./assets/Nebari-Logo-Horizontal-Lockup.svg" alt="Dask logo" width="25%">
</div>

---

# Setup and deploy your own Nebari cluster

## Key takeaways

By the end of this notebook, you will:
- **Know how to use the `nebari` CLI to initialize and deploy a Nebari cluster of your own,**
- **Get an introduction to managing your Nebari cluster via GitOps and**
- **Get an introduction to Keycloak for managing users and groups on your Nebari cluster.**

It's worth pausing briefly to highlight that all of the features and integrations demoed here today come pre-installed and pre-configured for you. 

There is nothing to stopping you from deploying your own Zero-to-JupyterHub and integrating these features and services yourself. That said, the Nebari development team has spent hundreds of hours making all of these particulars changes while also making the deployment and management process as simple and as straight-forward as possible. 

Nebari, as a data-science platform, is being used in production and at-scale by organizations across multiple domains including finance, geospatial and advertising. 

If you choose to use Nebari, you're in good hands 😊

Up until now, the focus of this tutorial has been from the perspective of a user, such as a data scientist or machine learning engineer. Features a like conda-store and Dask Gateway make it easy for them to quickly jump into their work without having to concern themselves with cluster management and administration.

But how do we deploy a Nebari cluster?

One of the major benefits of using Nebari is the relative ease with which it can be deployed. 

> Nebari has a DevOps for non-DevOps people approach 🥳

Nebari comes with a command-line interface (CLI) - `nebari` - that is used to: 
1. initialize your `nebari-config.yaml`
2. deploy Nebari on the cloud of your choose

If you can generate a handful of cloud secrets and API keys, you can deploy Nebari!

Below we have embedded the [Nebari Quickstart](https://www.nebari.dev/docs/get-started/quickstart) guide.

In [None]:
%%html
<iframe src="https://www.nebari.dev/docs/get-started/quickstart" width="100%" height="950"></iframe>

## Generate and initialize your `nebari-config.yaml`

The `nebari init` command is used once, during your initial setup, to generate and initialize your `nebari-config.yaml`. This configuration file is used to define specifics your particular Nebari cluster, this includes items such:
- cloud provider that you wish to deploy to
    - [GCP](https://www.nebari.dev/docs/how-tos/nebari-gcp), [AWS](https://www.nebari.dev/docs/how-tos/nebari-aws/), [Digital Ocean](https://www.nebari.dev/docs/how-tos/nebari-do/), and [Azure](https://www.nebari.dev/docs/how-tos/nebari-azure) or on any existing Kubernetes cluster on other major cloud providers.
- domain name you wish to access your cluster from
- identity provider you wish to integrate with (GitHub, Auth0, etc.)
- and much more.

You can also integrate other Helm-based apps not included in Nebari by adding them to the `helm_extension` section of the `nebari-config.yaml`.

Once generated, this `nebari-config.yaml` you can be manually edit it to make updates to the cluster.

### `nebari init --guided-init`

The `nebari init` command has many available options and can be a little intimidating to use at first. To make it easier on folks who are coming to the project, we added a `nebari init --guided-init` command which walks users through a set of questions to generate the `nebari-config.yaml`.

## 👀 Watch thi:.

*Show Nebari CLI (guided-init, render, validate, deploy) and basic deployment from the terminal.*

## Managing your Nebari cluster via GitOps

For those unfamiliar, GitOps "is a way of implementing Continuous Deployment for cloud native applications" (source: [gitops.tech](https://www.gitops.tech/)). This means your deployment is handled by a CI/CD platform such as GitHub-Actions or GitLab CI and that your infrastructure code (i.e. `nebari-config.yaml`, and the Terraform scripts) live in a shared repository that you can share with your team.

Without using a GitOps approach, you make the appropriate change to the `nebari-config.yaml` and then redeploy from your local machine. For this to work, you will need to ensure you have `nebari` installed, your cloud credentials set and that you have a stable internet connetion. This puts responsibility of the deployment in the hands of one person.

With a GitOps approach, you make the same change to the `nebari-config.yaml` but now, you open a pull-request against the repo hosting this infrastructure code. From here, team members can chime in and approve the change. Once everyone is happy, you merge your changes which then triggers a redeployment of your Nebari cluster using GitHub-Actions (or GitLab CI).

> Your cloud credentials need to be added as repository secrets.

## Identity and access management (IAM) with [Keycloak](https://www.keycloak.org/)

Throughout the tutorial, we have made passing references to Keycloak and the ability to grant or restrict access to particular resources and platform features. With Keycloak, administrators can ensure each user has the appropriate access to the resources they need to perform their job duties. This is the idea by the concept of ["least privilege access"](https://en.wikipedia.org/wiki/Principle_of_least_privilege).

For example, not all users need the ability to launch Dask Gateway clusters. With Keycloak, you can restrict access to Dask Gateway to only those users who need this feature to perform their job.

For more information on how to configure Keycloak on your Nebari cluster, visit our [Configure Keycloak](https://nebari-docs.netlify.app/docs/how-tos/configuring-keycloak) docs.

## 👀 Watch thi:.

*Show Keycloak admin console.*

---
## 👏 Next:
* [06_conclusion](./06_conclusion.ipynb)
---