Merge pull request #4936 from sgibson91/new-cluster/dubois

Deploy dubois cluster and install support chart

.github/workflows/deploy-grafana-dashboards.yaml

@@ -26,6 +26,7 @@ jobs:
           - cluster_name: catalystproject-africa
           - cluster_name: catalystproject-latam
           - cluster_name: cloudbank
+          - cluster_name: dubois
           - cluster_name: gridsst
           - cluster_name: hhmi
           - cluster_name: jupyter-health

config/clusters/dubois/cluster.yaml

@@ -0,0 +1,39 @@
+name: dubois
+provider: gcp # https://console.cloud.google.com/kubernetes/clusters/details/us-central1/dubois-cluster/observability?project=dubois-436615
+gcp:
+  key: enc-deployer-credentials.secret.json
+  project: dubois-436615
+  cluster: dubois-cluster
+  # We default to a regional cluster
+  zone: us-central1
+  billing:
+    # Set to true if billing for this cluster is paid for by the 2i2c card
+    paid_by_us: true
+    bigquery:
+      # contains information about bigquery billing export (https://cloud.google.com/billing/docs/how-to/export-data-bigquery)
+      # for calculating how much this cluster costs us. Required if `paid_by_us` is
+      # set to true.
+      # the id of gcp project where bigquery dataset lives, which is usually the cluster's name
+      project: dubois
+      # the default name of the dataset from the docs
+      dataset: cloud_costs
+      # the 2i2c billing account id
+      billing_id: 0157F7-E3EA8C-25AC3C
+support:
+  helm_chart_values_files:
+    - support.values.yaml
+    - enc-support.secret.values.yaml
+hubs:
+  []
+  # Uncomment the lines below once the support infrastructure was deployed and
+  # you are ready to add the first cluster
+
+  # - name: <hub_name>
+  #   # Tip: consider changing this to something more human friendly
+  #   display_name: "dubois - <hub_name>"
+  #   domain: <hub_name>.dubois.2i2c.cloud
+  #   helm_chart: basehub
+  #   helm_chart_values_files:
+  #     - common.values.yaml
+  #     - <hub_name>.values.yaml
+  #     - enc-<hub_name>.secret.values.yaml

config/clusters/dubois/enc-deployer-credentials.secret.json

@@ -0,0 +1,31 @@
+{
+    "type": "ENC[AES256_GCM,data:MaBVoDKNTC7TsI5pH7PR,iv:eWLTzphANAEvka2F3XOS8UF0x41/67amhg8PreCiNII=,tag:P9aR7L6l/j2F3CiZBb8W5A==,type:str]",
+    "project_id": "ENC[AES256_GCM,data:udmNjA2K2Jo569O3VQ==,iv:demaK+7xkLizyFkmvCPs/gZgYgZBiselle6poSFyBlM=,tag:5565nuURhAE+rVjg21na0w==,type:str]",
+    "private_key_id": "ENC[AES256_GCM,data:NZlRmkfghC1iQfLPUVlRK0NKvav+E7vEvkxwF2qFEBXflKLuS+wCZA==,iv:7HZ2tVJWL6Uuw3BQ8/DvMPoyl+GBfP8nVZMptGewii8=,tag:0odrxAWdEce4FFh2ZJWxnw==,type:str]",
+    "private_key": "ENC[AES256_GCM,data:ur7K9T08ul3twpFUytoPzgsi9M92oA/m/NYpeyYacLL/Xy+YDWv6EyTP3q/xdZqp8M+c+FAiz9MBKfdt+WRuyBOul1lFkg1Ev24P8IZrdLpdDkjQ0ygER6/pJuC3sBrbuanGYXEfQeSHPQt5dYIxoe98jXmizIw+xbnhcxybe4e3ETlvnjaHW9STST+IcTz+6WbvHYC4qKXLfc+1yvlGzcdGFnO+1fTSmatMdwymIJHQKdC3EuQfyLiYztVjwuhb+g3YX/KWcFQhLGwotTDS+4u0a20jv/VaXBnGOSf3e5K7lXD05QwkrUyZGQTYAZWzIaHMx589XXmxfnvsPOK+KADhEBKf6BDX2E6ITCu5BeHMV7eKqyaC85I8jahVoQaEfUIDIDPKRVBpCRZQK5WSEMeqPYA/2ideML0T/4vadkXd9mgbAM+1f5aqdqvoQE2TDh0UaBeiq9BqEf57f056pkHx1Y7Utf0lDmZDDSk1XZF2lvHF1B9K5l8sLGxI5JPhb6hbjmwA2+xceiTnEPZ4nsBhOS0ettmLPIYv5jdiCY61zCzxfl87Ar6JCg8wyKFGwNSMaPWvlWeaRrENDRHmrOeiRyF9JNYCqvrVPGDyTHk6iZIwAIqX7GQWIM6kSr9SQCOLF6sSOyLSSdWoXBin5mwtEcO7swkO/RLblIILiywxhdXcy6NBoT0evC4gBHwzlipJUrpXxzshkukPTD17KpfYDGV3wcGR7AYSZnyIVMIJjBrNTNwC5uTVtTQSF0Q3/Q9b1z07iIpj8creSsPFp0hfbwo5lAn6QFhnI/ilmwIYE3zdGD1ssrNxBUpp81+ewuTOKz1yvExjMpM9S0ZNJZElAtsv5s4mX4RzPg2h5BuohQBZQ0KoC2ldmrpyCRkmmPngcfwE02/77WPzRF9BdHpCg52ENsokI1AXs9PREbWaluPyqfEC4KtvdDgKL0X2iIXE4zpob+0HtaCSM6Eo0CT4BfHMT34oQWY+fK9pybK8h5Aq143W8qp4vcSdUCKnO8sDfFgB/9bDzslc/Pe/ZT6HM5PEknCrDA788PXRceL8nw5V3SuuluX88rIUN+NGvyFz4wuDDsmD9w67tK/q3XI04hnQYLbh0U/5q0euz989gtR3KW25gxoczoiBvQIgajN36tQVLe4T2mjy0mP2+BpyV4y8c3kn1Sifh1upwC7MswNgPqxOrjXSCkOQkYiVVVAh0yeW/6C/XgFWPwJ6B5hWBYmcx57Q4xLVQAaMdRpdDBEGWPIXmW7O7kkzUjUSoLa72JAWnpaXg6UKB+zDCQA1qmvyceTV/HGHxt5pad8y3AspDVSZfBZg/ov5dcPyO2V6YVG3Udt8HHl/erSa49AXbYNKyj01NXew60QiLdGuVXExXFOTHQAbC4kRaWu7NDm1ObJue3pGC+Q/s00vzMwGmQ2LrmkPMqKHl5N6C7AbBEhcJe3Wb+cUc/DWmANGFX0vYMD2N5LZOEUwzW8bLkXBzMWxs9BVBLAKolsMPeOwPg6Z7/lrj9v8tqnpY//E10301X37RbUSBZtkCAYR8/Vzue0yOHx+0woIiYPbG3rqYNbIR8tB6W6KqkOpiZSnFodUN2JUZPMLfn3A3VgTy3Je+15h0ok82i/TQOXjYmpSSxlIb9t64+nSMFVCGtIol72Vaj0twGGukD6l8k7pP5dRtdNkOCwEr1KTPw5Ni65Yo93IMODvnXCgpjdoX+D1ZAYdH5RVh4v1K2tRHnW5VIIKjVeXRm8M3DqTyyN72Y1h27ilZvnEMpkIMPwxlsl4Qu118eUEORwfhHECVKV0ziknnnzfjf0fNYebc45DQ0YvQm8u3ZYrGWIyHnusHBWGkvVLoPuCVCpYQ/BzrwdjJzVTsI04y76IPSGNmqnfb/tzZJx+C/zIJGwMtK19viWsvG0XrNvwOhDVreb1tMhi1ctfkUzZVRfkw3aWwiomaZC6GCBKZHB3o9MiRkpAzViE4SQ/s7DutzWAoafsSCHPzOEJqgZb+JPN5bSbBIXH9iChZJKJVTodobYiQsWghZ2f7Ajsx039ekoUz9H1Qy8AKBLuaEJdQoNidCM8fGLPuQ41YBRJR1nTB9gjDwKDO5UfvOpYqY9oTrboTOmNwYyWqpk9peGhZ/H+1pQ51fWGbY+y9gPLp9/KkcyVEkWyVeu381tuDRPkpHsw11UiFCaZSKOL1gGz8KTn3zjan2D7yBDtmeSMaf6MIbiCDaexIm+htt95TbeMfNRVzd09IDi+jFk0Fc3B7lbm,iv:SLo2Wgxu+9XBkbq5Q9USPsPI4IsMPjHorRA4ER059ic=,tag:lMF/VBmzQcmL7EI09NymXQ==,type:str]",
+    "client_email": "ENC[AES256_GCM,data:lqr5smXyERu582Ya1MxuaMudYxlJDyWlWwD65X7hnjqRKADOUqtLnjVpvbwTlrkA8pg=,iv:62mzI9vd8IQwXvpw2qNIVaiV48rOM5iiiZDtDlAzkY0=,tag:ezk1q/aIvB9mEtAzTfUdNw==,type:str]",
+    "client_id": "ENC[AES256_GCM,data:TKRPdGrAFCbHHqz2Im5TjYD2vrG3,iv:R2SLNKQekSdnovKClXxXFQNGtmYajHnuaEr/eqQy+4M=,tag:+6o6iCs4iVKhlTl7OTRXTA==,type:str]",
+    "auth_uri": "ENC[AES256_GCM,data:bQn7xE1zwsTjzfa+K1wvRsXVviACUmjMS8h1XHVvpg3ogrEJnlcKW1M=,iv:AVAnBA3WIBXL4Hw1SwN7/YVQKCSZxNEk1DRcijQbNSs=,tag:8416E035c+tHYr2DzN4ubQ==,type:str]",
+    "token_uri": "ENC[AES256_GCM,data:BjHNNZVLhxslMPTL7j6f2jvcip/4k5oe/OGH7a9gyTewkYw=,iv:Wn+Wb2ZwwagE26aBdbpnMhd8XDkw698Y7cMSM4x98gE=,tag:qRo0gk4nx2mvCuTUSI33hw==,type:str]",
+    "auth_provider_x509_cert_url": "ENC[AES256_GCM,data:EOAmIwPOnAN9G0gwfaFwKKaDFpRatrBigg+QNZFFsvhEvP+mZdK5KDGL,iv:itWzEsm0AiCjvWMLzlbPhrt2MF4JWWSVZDgzsuJDbjA=,tag:oEpyt6cJi4PqbmPLjIXLdg==,type:str]",
+    "client_x509_cert_url": "ENC[AES256_GCM,data:cpj110e8GjnOxUNkMBV+DM2U6MuVyDt3y9us4EUQspcQyhljHuD61oKNACDPlwYHA8BxopeROVIdHGKHTW1ZHg7ce+7uopAgB7c0n2lL3jmd7KX640NMQOup317ybXFcD3kqoTvP,iv:yWY37uGGD2xBjGYCQm2vlMYdYqhljPxBnNyjvnbcQW8=,tag:RbeL7xDBl7mGqzdwitB/8Q==,type:str]",
+    "universe_domain": "ENC[AES256_GCM,data:Yp/+zBitiRAuP3ylWEM=,iv:FjV/MUkwaCN8TXozkB+R0xJ4O6mkO0znpriILhrM+qs=,tag:qKy3rm3abJExFfZG9HIyPg==,type:str]",
+    "sops": {
+        "kms": null,
+        "gcp_kms": [
+            {
+                "resource_id": "projects/two-eye-two-see/locations/global/keyRings/sops-keys/cryptoKeys/similar-hubs",
+                "created_at": "2024-10-03T16:17:07Z",
+                "enc": "CiUA4OM7eClN8Gvc3R4aTps5hNXAwGMZwFfWuwYbm1zfHaNoN0AsEkkA5dG1Q0APT74a1/XBoEGchov4TSAfTdD1tvmLb+6TTJlSGM74GhMUgXlhN9oapmtpUscv2mNqseYy5bwokAPgwywKnmoOPrDA"
+            }
+        ],
+        "azure_kv": null,
+        "hc_vault": null,
+        "age": null,
+        "lastmodified": "2024-10-03T16:17:07Z",
+        "mac": "ENC[AES256_GCM,data:cieLp84dCJZbiIzoKjHB4Zlb2edcimvLAAOmd8dMqZ/8QCQiGmswJQc02hJ5dElFAEUn2qKpX04oOUu4/Yqc1k/vFHzGVje+5EaW2rPZA7OuOMQxTak+Dste6sojZCCQM8qnt0RUHdbXY61seWI8fE3tb9zej2PnZMDE64OREiE=,iv:6i3KyXBTN2OAjAyVj69szz8JgcEUvwReUOoe7kQDPxQ=,tag:eQmbvn+5FDERR0h10VaobA==,type:str]",
+        "pgp": null,
+        "unencrypted_suffix": "_unencrypted",
+        "version": "3.9.0"
+    }
+}

config/clusters/dubois/enc-grafana-token.secret.yaml

@@ -0,0 +1,15 @@
+grafana_token: ENC[AES256_GCM,data:0uqxsWcRDOl3OomMDVTHNdbSIs1L+jygqny4QM6fqP0IA3zqZu58vBbZNcjpQg==,iv:I5WnTdphpgYNPsQvn0GdSSNYWS0kHwEkmYYTpcevcTw=,tag:k84weMOdjbhLDB855Y5eIA==,type:str]
+sops:
+  kms: []
+  gcp_kms:
+    - resource_id: projects/two-eye-two-see/locations/global/keyRings/sops-keys/cryptoKeys/similar-hubs
+      created_at: "2024-10-03T16:28:51Z"
+      enc: CiUA4OM7eLpznvClzv6bk6n8MpAmvCvUEW9tQvoL5gcjdakBOdrREkkA5dG1Q0RHL3oiarOHnTDJCxadiZj0UHIMTe2zTjx57RR3ggvkLAiTS3Xz6xqhydNIDLtmyhEyRJJA+T3OBpnCN4Dvn+rYEoHT
+  azure_kv: []
+  hc_vault: []
+  age: []
+  lastmodified: "2024-10-03T16:28:51Z"
+  mac: ENC[AES256_GCM,data:3/kY8oB32I+Yvo+i653H6OLui1E0f01bEtuzPdOQwnnV21u/CjX45w3rETlv7/srEOTABZxs+KAeGFyOSbptdfoSKA+TsHaA+4eQaShlqxlGenm75iTfNjVfTUTD7FjmaKow29H4gXBXFuH6tstYqc9s3Klj0v3/RiiZyueDihI=,iv:/fNSJSaRoGuZbuA4PKHC9NJVc7tVVtyYPCnESkIkkW4=,tag:qUIJNI/Eq4atu+y19kZI2g==,type:str]
+  pgp: []
+  unencrypted_suffix: _unencrypted
+  version: 3.9.0

config/clusters/dubois/enc-support.secret.values.yaml

@@ -0,0 +1,17 @@
+prometheusIngressAuthSecret:
+  username: ENC[AES256_GCM,data:6DiLTK34w5UhO4VG/DFffnOvkyLRHnDznMSdBavTzcVuXxjWSvbjoYbsYo4shr1I0UK1tF+hc1lT8RE6xnuJhw==,iv:qOd1VaeUZE6QbBVUDqDuyGBJgrf3S9dMSJk+6LLxy6s=,tag:4MhiCxR+lTW9PwHDLDcYBw==,type:str]
+  password: ENC[AES256_GCM,data:JCm7dtvgd1yNeXYbdMC8oh+fv/mZSxDdE50IAW4HtunCOBeWW+FEsqQLVWhV3r+de6wcbGSunQWjZhvDYiddfA==,iv:BVjTABY1OJznf6GuK8kUnM5R+e4DRudnO2U5N88ByEY=,tag:qzmmdRug2N9MP04i63GJRA==,type:str]
+sops:
+  kms: []
+  gcp_kms:
+    - resource_id: projects/two-eye-two-see/locations/global/keyRings/sops-keys/cryptoKeys/similar-hubs
+      created_at: "2024-10-03T15:50:11Z"
+      enc: CiUA4OM7eDkYSufKKvrPrGkKVmB7PiMq17mIU3w2OJjUm4jKKl8hEkkA5dG1Q0Oap/6D0xcnAKNrRwuYFF/DnaShkUmy9LEYXWSdsBrRA5G0UuW34Edth+FJ85FZR+dayVLzWavLVZbcPld6r+JqDKEx
+  azure_kv: []
+  hc_vault: []
+  age: []
+  lastmodified: "2024-10-03T15:50:11Z"
+  mac: ENC[AES256_GCM,data:yv0l2zmuokpoMVvQFDoE7tnokCz6oojGRAG6sKmbxreJNLUjHGChWcISWjb3x8h0FIDO7eR+KvC2Mj+E9P8/YwWLu7jmtFyVXAO4aQOU/yPqZKZApdUAWSS4HHaUB96eoBRAH9PWZ9Is+CBcv3UQSbCRY4bvCPAd0wJghmR/zfM=,iv:wujDZiSA/Y1y1pW1sR6rU34BTCy9QyfvZUoHVNgN7BA=,tag:bhSFxZxm3WjMXFFMWQCqug==,type:str]
+  pgp: []
+  unencrypted_suffix: _unencrypted
+  version: 3.9.0

config/clusters/dubois/support.values.yaml

@@ -0,0 +1,28 @@
+prometheusIngressAuthSecret:
+  enabled: true
+
+prometheus:
+  server:
+    ingress:
+      enabled: true
+      hosts:
+        - prometheus.dubois.2i2c.cloud
+      tls:
+        - secretName: prometheus-tls
+          hosts:
+            - prometheus.dubois.2i2c.cloud
+
+grafana:
+  grafana.ini:
+    server:
+      root_url: https://grafana.dubois.2i2c.cloud/
+  auth.github:
+    enabled: true
+    allowed_organizations: 2i2c-org
+  ingress:
+    hosts:
+      - grafana.dubois.2i2c.cloud
+    tls:
+      - secretName: grafana-tls
+        hosts:
+          - grafana.dubois.2i2c.cloud

terraform/gcp/projects/dubois.tfvars

@@ -0,0 +1,65 @@
+/*
+ Some of the assumptions this template makes about the cluster:
+   - multi-tenant with staging & prod hubs
+   - regional
+   - no scratch buckets support
+*/
+
+prefix     = "dubois"
+project_id = "dubois-436615"
+
+zone   = "us-central1-b"
+region = "us-central1"
+
+# Config required to enable automatic budget alerts to be sent to [email protected]
+billing_account_id = "0157F7-E3EA8C-25AC3C"
+
+enable_network_policy = true
+
+k8s_versions = {
+  min_master_version : "1.30.4-gke.1348000",
+  core_nodes_version : "1.30.4-gke.1348000",
+  notebook_nodes_version : "1.30.4-gke.1348000",
+}
+
+core_node_machine_type = "n2-highmem-2"
+
+# Tip: uncomment and fill the missing info in the lines below if you want
+#       to setup scratch buckets for the hubs on this cluster.
+#
+#user_buckets = {
+#  "scratch-staging" : {
+#    "delete_after" : 7,
+#  },
+#  # Tip: add more scratch buckets below, if this cluster will be multi-tenant
+#}
+
+# Tip: uncomment and fill the missing info in the lines below if you want
+#       to setup specific cloud permissions for the buckets in this cluster.
+#
+#hub_cloud_permissions = {
+#  "staging" : {
+#    allow_access_to_external_requester_pays_buckets : false,
+#    bucket_admin_access : ["scratch-staging"],
+#    hub_namespace : "staging",
+#  },
+#  # Tip: add more namespaces below, if this cluster will be multi-tenant
+#}
+
+notebook_nodes = {
+  "n2-highmem-4" : {
+    min : 0,
+    max : 100,
+    machine_type : "n2-highmem-4",
+  },
+  "n2-highmem-16" : {
+    min : 0,
+    max : 100,
+    machine_type : "n2-highmem-16",
+  },
+  "n2-highmem-64" : {
+    min : 0,
+    max : 100,
+    machine_type : "n2-highmem-64",
+  }
+}