Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
1 parent
18c43da
commit c8e957c
Showing
11 changed files
with
310 additions
and
20 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,7 @@ | ||
# TODO: Write notes | ||
# gcloud auth login | ||
# gcloud auth application-default login | ||
# sops | ||
creation_rules: | ||
- path_regex: .*/secrets/.* | ||
gcp_kms: projects/neurohackademy/locations/global/keyRings/nh-2020/cryptoKeys/main |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,16 @@ | ||
apiVersion: v1 | ||
kind: ConfigMap | ||
metadata: | ||
name: hub-files-etc-jupyterhub-templates | ||
data: | ||
{{- (.Files.Glob "files/etc/jupyterhub/templates/*").AsConfig | nindent 2 }} | ||
--- | ||
apiVersion: v1 | ||
kind: ConfigMap | ||
metadata: | ||
name: hub-usr-local-share-jupyterhub-static-external | ||
binaryData: | ||
{{- $root := . }} | ||
{{- range $path, $bytes := .Files.Glob "files/static/external/*" }} | ||
{{ base $path }}: '{{ $root.Files.Get $path | b64enc }}' | ||
{{- end }} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,12 @@ | ||
apiVersion: v1 | ||
kind: PersistentVolume | ||
metadata: | ||
name: nfs-pv | ||
spec: | ||
capacity: | ||
storage: 1Mi | ||
accessModes: | ||
- ReadWriteMany | ||
nfs: | ||
server: {{ .Values.nfs.serverIP | quote }} | ||
path: "/{{ .Values.nfs.serverName }}" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,13 @@ | ||
apiVersion: v1 | ||
kind: PersistentVolumeClaim | ||
metadata: | ||
name: nfs-pvc | ||
spec: | ||
accessModes: | ||
- ReadWriteMany | ||
# Match name of PV | ||
volumeName: nfs-pv | ||
storageClassName: "" | ||
resources: | ||
requests: | ||
storage: 1Mi |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,14 @@ | ||
jupyterhub: | ||
hub: | ||
extraVolumes: | ||
- name: hub-etc-jupyterhub-templates | ||
configMap: | ||
name: hub-etc-jupyterhub-templates | ||
- name: hub-usr-local-share-jupyterhub-static-external | ||
configMap: | ||
name: hub-usr-local-share-jupyterhub-static-external | ||
extraVolumeMounts: | ||
- mountPath: /etc/jupyterhub/templates | ||
name: hub-etc-jupyterhub-templates | ||
- mountPath: /usr/local/share/jupyterhub/static/external | ||
name: hub-usr-local-share-jupyterhub-static-external |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,106 @@ | ||
nfs: | ||
# Output from: | ||
# gcloud beta filestore instances describe nh-2020 --location=us-east1-b | ||
serverIP: <todo> | ||
serverName: nh | ||
|
||
jupyterhub: | ||
## ingress: should be enabled if we transition to use nginx-ingress + | ||
## cert-manager. | ||
## | ||
# ingress: | ||
# enabled: true | ||
# annotations: | ||
# kubernetes.io/tls-acme: "true" | ||
# kubernetes.io/ingress.class: nginx | ||
# hosts: | ||
# - hub.neurohackademy.org | ||
# tls: | ||
# - secretName: jupyterhub-tls | ||
# hosts: | ||
# - hub.neurohackademy.org | ||
|
||
prePuller: | ||
hook: | ||
enabled: true | ||
continuous: | ||
enabled: true | ||
|
||
scheduling: | ||
userScheduler: | ||
enabled: true | ||
replicas: 2 | ||
podPriority: | ||
enabled: true | ||
userPlaceholder: | ||
enabled: true | ||
replicas: 0 | ||
corePods: | ||
nodeAffinity: | ||
matchNodePurpose: require | ||
userPods: | ||
nodeAffinity: | ||
matchNodePurpose: require | ||
|
||
singleuser: | ||
## initContainers: | ||
## We may want this to ensure whatever dataset is mounted through NFS is | ||
## readable for jovyan. | ||
## | ||
# initContainers: | ||
# - name: volume-mount-hack | ||
# image: busybox | ||
# command: | ||
# - "sh" | ||
# - "-c" | ||
# - "id && chown 1000:1000 /home/jovyan && ls -lhd /home/jovyan" | ||
# securityContext: | ||
# runAsUser: 0 | ||
# volumeMounts: | ||
# - name: home | ||
# mountPath: /home/jovyan | ||
# subPath: "home/{username}" | ||
## image: | ||
## hubploy is supposed to override this! | ||
image: | ||
name: gcr.io/neurohackademy/nh-2020-env | ||
tag: latest | ||
## cpu/memory requests: | ||
## We want to fit as many users on a m1-ultramem-40 node but still ensure | ||
## they get up to 24 GB of ram. At this point during setup, we want to also | ||
## allow a user to start on the n1-standard-4 node to save money. | ||
cpu: | ||
guarantee: 0.975 | ||
limit: 40 | ||
memory: | ||
guarantee: 0.5G | ||
limit: 24G | ||
defaultUrl: /lab | ||
startTimeout: 900 | ||
|
||
hub: | ||
extraConfig: | ||
# announcements: | | ||
# c.JupyterHub.template_vars.update({ | ||
# 'announcement': 'Any message we want to pass to instructors?', | ||
# }) | ||
templates: | | ||
c.JupyterHub.template_paths.insert(0, "/etc/jupyterhub/templates") | ||
metrics: | | ||
# With this setting set to False, the /hub/metrics endpoint will be | ||
# publically accessible just like at hub.mybinder.org/hub/metrics is. | ||
c.JupyterHub.authenticate_prometheus = False | ||
proxy: | ||
https: | ||
enabled: true | ||
hosts: [hub.neurohackademy.org] | ||
service: | ||
type: LoadBalancer | ||
loadBalancerIP: 34.75.11.207 | ||
|
||
cull: | ||
enabled: true | ||
timeout: 7200 # 2 hours in seconds | ||
maxAge: 0 # Allow pods to run forever | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,15 @@ | ||
images: | ||
image_name: gcr.io/neurohackademy/nh-2020-env | ||
registry: | ||
provider: gcloud | ||
gcloud: | ||
project: neurohackademy | ||
service_key: gcr-key.json | ||
|
||
cluster: | ||
provider: gcloud | ||
gcloud: | ||
project: neurohackademy | ||
service_key: gke-key.json | ||
cluster: nh-2020 | ||
zone: us-east1-b |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1 @@ | ||
pandas |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,31 @@ | ||
jupyterhub: | ||
hub: | ||
cookieSecret: ENC[AES256_GCM,data:lABDE8UGK886aMd1tg3n94tAdu8ggttVLA9Bedq47NziKZsVJLJbHcWWSHuCyG3jZDK8O5BWKDvJ5b9Q/tuMaQ==,iv:+KLoMbXqs7E+Jq4T0wqp4yRtru6cAM8rgs+yzvieXzY=,tag:+/tYisKSHmJLABhXNiaFwg==,type:str] | ||
proxy: | ||
secretToken: ENC[AES256_GCM,data:rshEx6b2qQfQYxZDnmFSVqE35ZcpFrZoCyIKBeI+e0sApresGev3XxzFdVCSmt2LpAf82eZGTnw6vxfExXOWMg==,iv:Nbl5SszrCm72x9momvGsPsrNGpUjn7pKB1gwzm4dXsM=,tag:tcHm4JoFmyeQjPogqfAxGA==,type:str] | ||
auth: | ||
type: ENC[AES256_GCM,data:J8fMY/vG,iv:6bmTJ82ZhbJj9391tx9QLr4n/Li/sLHhYdYrQnHznRs=,tag:zHS8V7G6nE1+W4TR4oNdNg==,type:str] | ||
github: | ||
clientId: ENC[AES256_GCM,data:jccwgxIXluR+rFHzwxHje3vARdQ=,iv:4ZW4KKDIVqltzuVoaDbncI31MzNBttoj2GpEWuyFvBo=,tag:TFrbtQbtPrs6sntOEhefsA==,type:str] | ||
clientSecret: ENC[AES256_GCM,data:F++GRNfMdKM8wMBn85arzxal5Eb6n+eETNvFHnB8pSotEdSb3kgZyQ==,iv:ApSvnNBby4pJvFrpin9jU5IhwS98IUrfmFeJaDDcrrM=,tag:jl+CjDTYHwlgcJYYsoHfpQ==,type:str] | ||
callbackUrl: ENC[AES256_GCM,data:L4pE1qscmn7IMpC5J5fxUHxGqNhmaThQYlP23hx218KX6XgbgntPPPotS52AkYWIPA==,iv:k+uFgfiyEAJ8SFUS+9OzLH8QI8CZbLbgC1Xk8mxi5yc=,tag:ry+NhBXuQyLrlzHq8Spnjw==,type:str] | ||
admin: | ||
access: ENC[AES256_GCM,data:o6LtOjU=,iv:UPYdEK61S67NUWzwAdok1nduf3nvNHGZ1mTdNKq5uJ8=,tag:ANxZ036bPwVcTaUUvVzFdA==,type:bool] | ||
users: | ||
- ENC[AES256_GCM,data:472dZxlb,iv:FWVDAfD5fzHZqI4uuQxJWvxL9nu9HFqjUIWjVSPab+Y=,tag:HS6uOR3RHv/1rL2ndhASiA==,type:str] | ||
- ENC[AES256_GCM,data:QLPS7gnPSZx1HS6R,iv:nFWne/f0EQA8aDznsJ1sLj1AqC2RnMS17XMZTi+sb7k=,tag:oDQCdiUbbGBdyosB9Rgpkg==,type:str] | ||
whitelist: | ||
users: | ||
- ENC[AES256_GCM,data:Wy0TQz3ZyXqmJc+Q,iv:U4UgN+oe38Ww2Tp0tmMq5tCcWGGbgvTrkm0D/ORm5xE=,tag:s+siGVLHFii6jPN4JdIlKw==,type:str] | ||
sops: | ||
kms: [] | ||
gcp_kms: | ||
- resource_id: projects/neurohackademy/locations/global/keyRings/nh-2020/cryptoKeys/main | ||
created_at: '2020-06-27T10:26:01Z' | ||
enc: CiQAPiFjYZSksYpBVrkC/69hHvVRPCp53JrETZ/Gh7jmlcwuTxMSSQBLOy9h6SbGThVLMaXfKm26EPKVFXbB8Mrsdhw8nk/W6m17FQE2FL/1DrQKsLbJkcpIken3pDtUMvdsMhnXJWsem4KTZLDQvvw= | ||
azure_kv: [] | ||
lastmodified: '2020-06-27T10:30:18Z' | ||
mac: ENC[AES256_GCM,data:zDf9e6OcUAjZ0W9ehvgr82rEeGVgftlClkjWxedMRjzt3UhkYNocqLT0S4ABooxJI2zEpcJsPLqHPZgg9JHWKIUf+ncj99CfDiTjjs/+iEIDh37oUg59wyfdkhsevUU9U+Pige5JAE2E6lP8/UphySp2CRX441tbjUcEULGnO30=,iv:25TCxURoMNGukMWuKAYnug4IMSb4ee8XjIUIHDZZclI=,tag:ngH+mMaFD/dl1kU8qy0I1A==,type:str] | ||
pgp: [] | ||
unencrypted_suffix: _unencrypted | ||
version: 3.5.0 |