Merge pull request 2i2c-org#4911 from sgibson91/queensu-hubs

Add hubs to to queensu cluster

.github/workflows/deploy-hubs.yaml

@@ -251,7 +251,7 @@ jobs:
       failure_pangeo-hubs: "${{ env.failure_pangeo-hubs }}"
       failure_pchub: "${{ env.failure_pchub }}"
       failure_projectpythia: "${{ env.failure_projectpythia }}"
-      failure_qcl: "${{ env.failure_qcl }}"
+      failure_queensu: "${{ env.failure_queensu }}"
       failure_smithsonian: "${{ env.failure_smithsonian }}"
       failure_strudel: "${{ env.failure_strudel }}"
       failure_ubc-eoas: "${{ env.failure_ubc-eoas }}"

config/clusters/queensu/cluster.yaml

@@ -6,3 +6,20 @@ support:
   helm_chart_values_files:
     - support.values.yaml
     - enc-support.secret.values.yaml
+hubs:
+  - name: staging
+    display_name: "Queen's University (staging)"
+    domain: staging.queensu.2i2c.cloud
+    helm_chart: basehub
+    helm_chart_values_files:
+      - common.values.yaml
+      - staging.values.yaml
+      - enc-staging.secret.values.yaml
+  - name: prod
+    display_name: "Queen's University"
+    domain: prod.queensu.2i2c.cloud
+    helm_chart: basehub
+    helm_chart_values_files:
+      - common.values.yaml
+      - prod.values.yaml
+      - enc-prod.secret.values.yaml

config/clusters/queensu/common.values.yaml

@@ -0,0 +1,79 @@
+nfs:
+  enabled: true
+  pv:
+    enabled: true
+    # Recommended options from the Azure Portal UI for mounting the share
+    mountOptions:
+      - vers=4
+      - minorversion=1
+      - sec=sys
+    serverIP: 2i2cjupyterhubstorage.file.core.windows.net
+    # Trailing slash is important!
+    baseShareName: /2i2cjupyterhubstorage/homes/
+jupyterhub:
+  custom:
+    2i2c:
+      add_staff_user_ids_to_admin_users: true
+      add_staff_user_ids_of_type: google
+    homepage:
+      templateVars:
+        org:
+          name: "Queen's University"
+          logo_url: https://www.queensu.ca/resources/assets/logos/Queens-logo-reversed.svg
+          url: https://www.queensu.ca/
+        designed_by:
+          name: 2i2c
+          url: https://2i2c.org
+        operated_by:
+          name: 2i2c
+          url: https://2i2c.org
+        funded_by:
+          name: "Queen's University"
+          url: https://www.queensu.ca/
+  hub:
+    config:
+      JupyterHub:
+        authenticator_class: cilogon
+      CILogonOAuthenticator:
+        allowed_idps:
+          # Community specific idp - enables community members to authenticate.
+          # In this example, all authenticated users are authorized via the idp
+          # specific allow_all config.
+          https://login.queensu.ca/idp/shibboleth:
+            default: true
+            username_derivation:
+              username_claim: email
+            allow_all: true # authorize all users authenticated by the idp
+          # Google idp - enables 2i2c admin users to authenticate.
+          # The basehub chart config "custom.2i2c.add_staff_user_ids..." expands
+          # admin_users to authorize specific 2i2c staff members.
+          http://google.com/accounts/o8/id:
+            username_derivation:
+              username_claim: email
+      Authenticator:
+        admin_users: []
+  scheduling:
+    userScheduler:
+      enabled: true
+  singleuser:
+    profileList:
+      - display_name: "Choose an image to launch"
+        description: "Launch either the Jupyter SciPy image, or a pre-existing docker image from a public docker registry (dockerhub, quay, etc)"
+        slug: only-choice
+        profile_options:
+          image:
+            display_name: Image
+            unlisted_choice:
+              enabled: True
+              display_name: "Custom image"
+              validation_regex: "^.+:.+$"
+              validation_message: "Must be a publicly available docker image, of form <image-name>:<tag>"
+              display_name_in_choices: "Specify an existing docker image"
+              kubespawner_override:
+                image: "{value}"
+            choices:
+              scipy:
+                display_name: Jupyter SciPy Notebook
+                slug: scipy
+                kubespawner_override:
+                  image: quay.io/jupyter/scipy-notebook:2024-09-23

config/clusters/queensu/enc-prod.secret.values.yaml

@@ -0,0 +1,20 @@
+jupyterhub:
+  hub:
+    config:
+      CILogonOAuthenticator:
+        client_id: ENC[AES256_GCM,data:Hku7Soa4sT+7T+gH434Ag0Bml1Vuxtyt6fexY8tNJUqLi7qyanw3yeGIaUezPpPzRYUb,iv:di4/qQnyO79QOpFPbrnnI+xIc2tpFlgB7QTatS81B4g=,tag:DkB9cPV8M9EiTDIZLuczfQ==,type:str]
+        client_secret: ENC[AES256_GCM,data:vpCvEI8GTrZuvLDw/alNRYwu496B2IF40zWIQ4o4yquoVH8l6yug2X7iDuDmutbcZy+HM1CFZvnYdqtdffYkAHZGXxJEFEHZTAezliLy6BtW5UOQN5g=,iv:Qk+ItRsSazf5XBzmJIEaMx5a9FnYI7sJhHjaGxbbjUI=,tag:14mSTnHNuAcsfR19n92bVA==,type:str]
+sops:
+  kms: []
+  gcp_kms:
+    - resource_id: projects/two-eye-two-see/locations/global/keyRings/sops-keys/cryptoKeys/similar-hubs
+      created_at: "2024-10-01T16:55:17Z"
+      enc: CiUA4OM7ePP/mmjPdkmmgf1xcYQWbxw2Z9C3dhYqdcPFV232iQJ8EkkA5dG1Q5UDupPMJ8vQ8lmMwMZH5grzKyw9Y2yeH4Lc8HQA0yb2XKGDouLn+dKc80SsDGGCegYt7c9intYSpPOESJErUoVPjuxk
+  azure_kv: []
+  hc_vault: []
+  age: []
+  lastmodified: "2024-10-01T16:55:17Z"
+  mac: ENC[AES256_GCM,data:w1nuto7gCOKFRME7MtkMEob1KrNW0mPZbEDi0isbUxtHEuwR7JUAgCn/ZTo/39mS4J8hVIuw6/X4EYwfr0TggRp6xVMx0PXaNKAazVC1Me0uBVXekL6Dtbf1GQ6/VPUbpuFPQLFbNG+xS0UYMKKy33RKwr4IcHoDP61U/giOHmU=,iv:E1WJzeIK2HyTwLyHod5tnmhBbMnuDQK1c1reooy1wnQ=,tag:Vp73o3WngViS5CsQ8MWhWA==,type:str]
+  pgp: []
+  unencrypted_suffix: _unencrypted
+  version: 3.9.0

config/clusters/queensu/enc-staging.secret.values.yaml

@@ -0,0 +1,20 @@
+jupyterhub:
+  hub:
+    config:
+      CILogonOAuthenticator:
+        client_id: ENC[AES256_GCM,data:qbyxoNZg9/wIsgSZJiZV8bymLHaIcvEsE0crvYj2sUU8JmFeESPlZWXKLshPseO64KI=,iv:kiCEn8VXyioU5RDlKJBKsZDXSMTCtkBhr0qWWWP9jb4=,tag:wyw5fpBgeIoXg3oQ5DApXA==,type:str]
+        client_secret: ENC[AES256_GCM,data:VXjrxehxiZDiTXHQz9zarXH1konuB/rjyCajlN9q8X2gXIlG4AyNM0tkxBA9QcuTpFua+VhTwoU3zf7mBPo1k2p2dMKKk+cgC92yfVLn6Jxs9TmXc4g=,iv:fmFb6Oylt0+naNDIys1R9k7xqeTanplNEC9S/WPTzTg=,tag:nRLK88Rt8I7Kh1kSGuGdPA==,type:str]
+sops:
+  kms: []
+  gcp_kms:
+    - resource_id: projects/two-eye-two-see/locations/global/keyRings/sops-keys/cryptoKeys/similar-hubs
+      created_at: "2024-10-01T12:55:14Z"
+      enc: CiUA4OM7eLY3HsxXoc1bMHk3Bwx6SOdwEP7gzvhRki+x5tY55Q3VEkkA5dG1Q5wYNwvxaWeUhAQC5goLzs0jKWZSUwV4qfxDF64Qyat4AK2ee2MCTEweGQeI1UO5l6LYNMtouSHHZUGPoDygFr2Fysyd
+  azure_kv: []
+  hc_vault: []
+  age: []
+  lastmodified: "2024-10-01T12:55:14Z"
+  mac: ENC[AES256_GCM,data:vw3lrjNIruXvpSGY472IqmOqNBoicsZtL5AMD+PQubj5bqL2bTcedB2XJycPn4QeDqZO8rRB/yOo/feOsKDq3tNMSXiRZ7HyB1okbxUtF6qX/PrkzKTDQymyIw/M4sm+sprusGlRcleGoWzQ4Tb8W5D22NKk1zMTpU3wMr3keSg=,iv:wjd2pAb8OTppgSBbVBSE2MxQ6AKqfcahw+TnLM+/lTc=,tag:MqqcMrmD3AzyqPPpX75Kpg==,type:str]
+  pgp: []
+  unencrypted_suffix: _unencrypted
+  version: 3.9.0

config/clusters/queensu/prod.values.yaml

@@ -0,0 +1,10 @@
+jupyterhub:
+  ingress:
+    hosts: [queensu.2i2c.cloud]
+    tls:
+      - hosts: [queensu.2i2c.cloud]
+        secretName: https-auto-tls
+  hub:
+    config:
+      CILogonOAuthenticator:
+        oauth_callback_url: https://queensu.2i2c.cloud/hub/oauth_callback

config/clusters/queensu/staging.values.yaml

@@ -0,0 +1,10 @@
+jupyterhub:
+  ingress:
+    hosts: [staging.queensu.2i2c.cloud]
+    tls:
+      - hosts: [staging.queensu.2i2c.cloud]
+        secretName: https-auto-tls
+  hub:
+    config:
+      CILogonOAuthenticator:
+        oauth_callback_url: https://staging.queensu.2i2c.cloud/hub/oauth_callback

docs/hub-deployment-guide/runbooks/phase3/initial-hub-setup.md

@@ -121,7 +121,7 @@ All of the following steps must be followed in order to consider phase 3.1 compl
 
       ````{tab-item} Azure
       :sync: azure-key
-      N/A
+      tf output azure_fileshare_url
       ````
       `````
       1. **Run the deployer command below to generate config for the common hubs configuration, passing the admin users one by one:**