Skip to content

Commit

Permalink
nmfs-openscapes: add generated files
Browse files Browse the repository at this point in the history
  • Loading branch information
@consideRatio
consideRatio committed Sep 9, 2024
1 parent aedbb51 commit 9df84c8
Show file tree
Hide file tree
Showing 7 changed files with 269 additions and 0 deletions.
27 changes: 27 additions & 0 deletions config/clusters/nmfs-openscapes/cluster.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,27 @@
name: nmfs-openscapes
provider: aws # https://891612562472.signin.aws.amazon.com/console
aws:
key: enc-deployer-credentials.secret.json
clusterType: eks
clusterName: nmfs-openscapes
region: us-west-2
billing:
paid_by_us: false
support:
helm_chart_values_files:
- support.values.yaml
- enc-support.secret.values.yaml
hubs:
[]
# Uncomment the lines below once the support infrastructure was deployed and
# you are ready to add the first cluster

# - name: <hub_name>
# # Tip: consider changing this to something more human friendly
# display_name: "nmfs-openscapes - <hub_name>"
# domain: <hub_name>.nmfs-openscapes.2i2c.cloud
# helm_chart: basehub
# helm_chart_values_files:
# - common.values.yaml
# - <hub_name>.values.yaml
# - enc-<hub_name>.secret.values.yaml
17 changes: 17 additions & 0 deletions config/clusters/nmfs-openscapes/enc-support.secret.values.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,17 @@
prometheusIngressAuthSecret:
username: ENC[AES256_GCM,data:F3KK/u3+bOB/OAFOPYroZmHVc0qGlibCCe1noQGl80Lkx6QniYKUmb1/+qC4bwss9XCcUN4svg17r1Lhwk+JaA==,iv:8ZVb7VLPbPd01gqtbNJisuuKHCN1NwaDHAuou0hQViw=,tag:QHlDvrqJrYO/MGKEvBFHmw==,type:str]
password: ENC[AES256_GCM,data:Y+piow5Z5Q+H0xKlxuAGPY/+FnBObKEhp+OSEtZzsT0sxIm6G85N5xMCzNfJPxCV6PN1zqBlOCG1j7BCC0sgxA==,iv:AIu8gJnuDEDJ9AGn94BpTmVEkTC2gHWB1J2hPO8JVe0=,tag:lOubehYppiU1GvRI4NgR/g==,type:str]
sops:
kms: []
gcp_kms:
- resource_id: projects/two-eye-two-see/locations/global/keyRings/sops-keys/cryptoKeys/similar-hubs
created_at: "2024-09-09T10:19:58Z"
enc: CiUA4OM7eCz+iFQj+uFqEm/mDksULTmCzUeclG0q1ROLfaU+6xNQEkkA5dG1Q4kplLxCZ8sX6NcGOLqceM4cobPg0RCXK9SL6nvzvRNigf79dIeRZMnRa92K5k5d5CPW6BgheMHqx1LEd7PuvS3mOy3G
azure_kv: []
hc_vault: []
age: []
lastmodified: "2024-09-09T10:19:59Z"
mac: ENC[AES256_GCM,data:mUVz6ovN3cmMdD44Q/gq4osuNFA3IVx3M3euLJV2CFuJ2gSGpU9NOnXwYRtOWQtTZWr3F1/pxRkFuEzvAjJxo3JAth5+4dd9R1Yq2m1la6HgsgmNzsA53xeY5nmyEJVfcbDprJ0o4lItWr7TlhO1PGOMZZ2dac+0bZm6pmUxxpU=,iv:N5doV+FuveFBzGg47OmKzRg9hpWf/2EfJ/FSuzVGezM=,tag:eYpFpn41718Sm20b82iVlQ==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.9.0
34 changes: 34 additions & 0 deletions config/clusters/nmfs-openscapes/support.values.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,34 @@
prometheusIngressAuthSecret:
enabled: true

prometheus:
server:
ingress:
enabled: true
hosts:
- prometheus.nmfs-openscapes.2i2c.cloud
tls:
- secretName: prometheus-tls
hosts:
- prometheus.nmfs-openscapes.2i2c.cloud

grafana:
grafana.ini:
server:
root_url: https://grafana.nmfs-openscapes.2i2c.cloud/
auth.github:
enabled: true
allowed_organizations: 2i2c-org
ingress:
hosts:
- grafana.nmfs-openscapes.2i2c.cloud
tls:
- secretName: grafana-tls
hosts:
- grafana.nmfs-openscapes.2i2c.cloud

cluster-autoscaler:
enabled: true
autoDiscovery:
clusterName: nmfs-openscapes
awsRegion: us-west-2
139 changes: 139 additions & 0 deletions eksctl/nmfs-openscapes.jsonnet
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,139 @@
/*
This file is a jsonnet template of a eksctl's cluster configuration file,
that is used with the eksctl CLI to both update and initialize an AWS EKS
based cluster.
This file has in turn been generated from eksctl/template.jsonnet which is
relevant to compare with for changes over time.
To use jsonnet to generate an eksctl configuration file from this, do:
jsonnet nmfs-openscapes.jsonnet > nmfs-openscapes.eksctl.yaml
References:
- https://eksctl.io/usage/schema/
*/
local ng = import "./libsonnet/nodegroup.jsonnet";

// place all cluster nodes here
local clusterRegion = "us-west-2";
local masterAzs = ["us-west-2a", "us-west-2b", "us-west-2c"];
local nodeAz = "us-west-2b";

// Node definitions for notebook nodes. Config here is merged
// with our notebook node definition.
// A `node.kubernetes.io/instance-type label is added, so pods
// can request a particular kind of node with a nodeSelector
local notebookNodes = [
{ instanceType: "r7i.xlarge" },
{ instanceType: "r7i.4xlarge" },
{ instanceType: "r7i.16xlarge" },
];
local daskNodes = [];


{
apiVersion: 'eksctl.io/v1alpha5',
kind: 'ClusterConfig',
metadata+: {
name: "nmfs-openscapes",
region: clusterRegion,
version: "1.30",
tags+: {
"ManagedBy": "2i2c",
"2i2c.org/cluster-name": $.metadata.name,
},
},
availabilityZones: masterAzs,
iam: {
withOIDC: true,
},
// If you add an addon to this config, run the create addon command.
//
// eksctl create addon --config-file=nmfs-openscapes.eksctl.yaml
//
addons: [
{
// aws-ebs-csi-driver ensures that our PVCs are bound to PVs that
// couple to AWS EBS based storage, without it expect to see pods
// mounting a PVC failing to schedule and PVC resources that are
// unbound.
//
// Related docs: https://docs.aws.amazon.com/eks/latest/userguide/managing-ebs-csi.html
//
name: 'aws-ebs-csi-driver',
version: "latest",
wellKnownPolicies: {
ebsCSIController: true,
},
tags: {
"ManagedBy": "2i2c",
"2i2c.org/cluster-name": $.metadata.name,
},
},
],
nodeGroups: [
n + {clusterName: $.metadata.name} for n in
[
ng + {
namePrefix: 'core',
nameSuffix: 'a',
nameIncludeInstanceType: false,
availabilityZones: [nodeAz],
ssh: {
publicKeyPath: 'ssh-keys/nmfs-openscapes.key.pub'
},
instanceType: "r5.xlarge",
minSize: 1,
maxSize: 6,
labels+: {
"hub.jupyter.org/node-purpose": "core",
"k8s.dask.org/node-purpose": "core",
},
},
] + [
ng + {
namePrefix: 'nb',
availabilityZones: [nodeAz],
minSize: 0,
maxSize: 500,
instanceType: n.instanceType,
ssh: {
publicKeyPath: 'ssh-keys/nmfs-openscapes.key.pub'
},
labels+: {
"hub.jupyter.org/node-purpose": "user",
"k8s.dask.org/node-purpose": "scheduler"
},
taints+: {
"hub.jupyter.org_dedicated": "user:NoSchedule",
"hub.jupyter.org/dedicated": "user:NoSchedule",
},
} + n for n in notebookNodes
] + ( if daskNodes != null then
[
ng + {
namePrefix: 'dask',
availabilityZones: [nodeAz],
minSize: 0,
maxSize: 500,
ssh: {
publicKeyPath: 'ssh-keys/nmfs-openscapes.key.pub'
},
labels+: {
"k8s.dask.org/node-purpose": "worker"
},
taints+: {
"k8s.dask.org_dedicated" : "worker:NoSchedule",
"k8s.dask.org/dedicated" : "worker:NoSchedule",
},
instancesDistribution+: {
onDemandBaseCapacity: 0,
onDemandPercentageAboveBaseCapacity: 0,
spotAllocationStrategy: "capacity-optimized",
},
} + n for n in daskNodes
] else []
)
]
}
1 change: 1 addition & 0 deletions eksctl/ssh-keys/nmfs-openscapes.key.pub
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIB3Jjg/Gf5OZeErLJc5pFuBra3OS7Rkevux8AsdtxpnP erik@dl
21 changes: 21 additions & 0 deletions eksctl/ssh-keys/secret/nmfs-openscapes.key
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,21 @@
{
"data": "ENC[AES256_GCM,data:m4Polf8TlCmwJGlI8wwqx66tgTI35ZN0YZ7gT1syYFC7MlUyqoUi8yBdRBLFGGHa6sYdmUqhosHzOe9lxvugvASO51mPB4OhKOSQm+sTGtTPXjcB0G9CkF5N7pBwtZjaQrF6ZK2ybg6BpRSxpy14Q/HZF7hHeMEhXe9rU2PBQl3t9FOl+2T8jEYddk7f+jkFPPxaPKsDSq2q59Uh6zmV+UhzJb60gaD10hhdotyRT6GkENHv2kLGv/Ok+DzV6FkWIpA3BkdkqeqTtulziNvqKsg0bpbfctW2hyE0Sz109P0mKHrDTR293v23RoOt5LL1myxdkjfzyPZlmFG/9OAO1H7OFI9xCgBAAwcq4D51+H9m5GpfAOgQVSVEC7N0+QKQ5AUBH6lSiJRazB7Z7lgcjidNriYQ2bkEo7L9iNi4+X1oxX0F3HyZS+QKdwowWd4y7iet3i9TQcxImEn5oKLQ2zXzWDJMUuUTF+Snz0EcSzXXWv/gaJUkMnMP+7VPMnu72riMyDjjbL2VgQohfhMV,iv:20EEI2rVg7Ai7tKrYfJBoUcAbtPSDFXeCbKL+TLaVIQ=,tag:Bo5kMjbQztL/C7x0hcYqQg==,type:str]",
"sops": {
"kms": null,
"gcp_kms": [
{
"resource_id": "projects/two-eye-two-see/locations/global/keyRings/sops-keys/cryptoKeys/similar-hubs",
"created_at": "2024-09-09T10:19:58Z",
"enc": "CiUA4OM7eJrRZedVQv3ik1WgL5K3J/UJ4LVFD0JoNSz6t6QMUQUVEkkA5dG1Q0KPwwWtI8m+vuDMM6QliIJis11EgP97jWQHYGf0Xj8Hbd17jf8WdZBurBxg+hJI1hOTuGU56xXKSb3AzIzPXRVZ3AZR"
}
],
"azure_kv": null,
"hc_vault": null,
"age": null,
"lastmodified": "2024-09-09T10:19:58Z",
"mac": "ENC[AES256_GCM,data:RFSHuuHsDSdWOPWc41dWAVs7rmti32qsCgK+nCMRQBm8DWsPVhRUmxmY16tnzLIqufF9HnyixaaPRTXUB9npywsMqrvkHjVfHamsoodTKTyqor21YyUWj6opbZfolDxoqZfCX1RG/+DUMaizKx9bDOolfSX5ARSlgN6F9LqmcE8=,iv:34gkfjyTzNZ+/QZ5LtsnQosqBYH4ZTYJFCexeG3+Teg=,tag:6QgLxIrZiG5XcOLT3ZE5xA==,type:str]",
"pgp": null,
"unencrypted_suffix": "_unencrypted",
"version": "3.9.0"
}
}
30 changes: 30 additions & 0 deletions terraform/aws/projects/nmfs-openscapes.tfvars
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,30 @@
/*
Some of the assumptions this jinja2 template makes about the cluster:
- location of the nodes of the kubernetes cluster will be <region>a
- no default scratch buckets support
*/
region = "us-west-2"
cluster_name = "nmfs-openscapes"
cluster_nodes_location = "us-west-2b"

# Tip: uncomment and fill the missing info in the lines below if you want
# to setup scratch buckets for the hubs on this cluster.
#
#user_buckets = {
# "scratch-staging" : {
# "delete_after" : 7,
# },
# # Tip: add more scratch buckets below, if this cluster will be multi-tenant
#}

# Tip: uncomment and fill the missing info in the lines below if you want
# to setup specific cloud permissions for the buckets in this cluster.
#
#hub_cloud_permissions = {
# "staging" : {
# "user-sa" : {
# bucket_admin_access : ["scratch-staging"],
# },
# },
# # Tip: add more namespaces below, if this cluster will be multi-tenant
#}

0 comments on commit 9df84c8

Please sign in to comment.