diff --git a/.github/workflows/deploy-hubs.yaml b/.github/workflows/deploy-hubs.yaml index 0ce29f4d4e..84ec4f4698 100644 --- a/.github/workflows/deploy-hubs.yaml +++ b/.github/workflows/deploy-hubs.yaml @@ -251,7 +251,7 @@ jobs: failure_pangeo-hubs: "${{ env.failure_pangeo-hubs }}" failure_pchub: "${{ env.failure_pchub }}" failure_projectpythia: "${{ env.failure_projectpythia }}" - failure_qcl: "${{ env.failure_qcl }}" + failure_queensu: "${{ env.failure_queensu }}" failure_smithsonian: "${{ env.failure_smithsonian }}" failure_strudel: "${{ env.failure_strudel }}" failure_ubc-eoas: "${{ env.failure_ubc-eoas }}" diff --git a/config/clusters/queensu/cluster.yaml b/config/clusters/queensu/cluster.yaml index 96221edd5b..cfa71ef999 100644 --- a/config/clusters/queensu/cluster.yaml +++ b/config/clusters/queensu/cluster.yaml @@ -6,3 +6,20 @@ support: helm_chart_values_files: - support.values.yaml - enc-support.secret.values.yaml +hubs: + - name: staging + display_name: "Queen's University (staging)" + domain: staging.queensu.2i2c.cloud + helm_chart: basehub + helm_chart_values_files: + - common.values.yaml + - staging.values.yaml + - enc-staging.secret.values.yaml + - name: prod + display_name: "Queen's University" + domain: prod.queensu.2i2c.cloud + helm_chart: basehub + helm_chart_values_files: + - common.values.yaml + - prod.values.yaml + - enc-prod.secret.values.yaml diff --git a/config/clusters/queensu/common.values.yaml b/config/clusters/queensu/common.values.yaml new file mode 100644 index 0000000000..d8d4150a79 --- /dev/null +++ b/config/clusters/queensu/common.values.yaml @@ -0,0 +1,79 @@ +nfs: + enabled: true + pv: + enabled: true + # Recommended options from the Azure Portal UI for mounting the share + mountOptions: + - vers=4 + - minorversion=1 + - sec=sys + serverIP: 2i2cjupyterhubstorage.file.core.windows.net + # Trailing slash is important! + baseShareName: /2i2cjupyterhubstorage/homes/ +jupyterhub: + custom: + 2i2c: + add_staff_user_ids_to_admin_users: true + add_staff_user_ids_of_type: google + homepage: + templateVars: + org: + name: "Queen's University" + logo_url: https://www.queensu.ca/resources/assets/logos/Queens-logo-reversed.svg + url: https://www.queensu.ca/ + designed_by: + name: 2i2c + url: https://2i2c.org + operated_by: + name: 2i2c + url: https://2i2c.org + funded_by: + name: "Queen's University" + url: https://www.queensu.ca/ + hub: + config: + JupyterHub: + authenticator_class: cilogon + CILogonOAuthenticator: + allowed_idps: + # Community specific idp - enables community members to authenticate. + # In this example, all authenticated users are authorized via the idp + # specific allow_all config. + https://login.queensu.ca/idp/shibboleth: + default: true + username_derivation: + username_claim: email + allow_all: true # authorize all users authenticated by the idp + # Google idp - enables 2i2c admin users to authenticate. + # The basehub chart config "custom.2i2c.add_staff_user_ids..." expands + # admin_users to authorize specific 2i2c staff members. + http://google.com/accounts/o8/id: + username_derivation: + username_claim: email + Authenticator: + admin_users: [] + scheduling: + userScheduler: + enabled: true + singleuser: + profileList: + - display_name: "Choose an image to launch" + description: "Launch either the Jupyter SciPy image, or a pre-existing docker image from a public docker registry (dockerhub, quay, etc)" + slug: only-choice + profile_options: + image: + display_name: Image + unlisted_choice: + enabled: True + display_name: "Custom image" + validation_regex: "^.+:.+$" + validation_message: "Must be a publicly available docker image, of form :" + display_name_in_choices: "Specify an existing docker image" + kubespawner_override: + image: "{value}" + choices: + scipy: + display_name: Jupyter SciPy Notebook + slug: scipy + kubespawner_override: + image: quay.io/jupyter/scipy-notebook:2024-09-23 diff --git a/config/clusters/queensu/enc-prod.secret.values.yaml b/config/clusters/queensu/enc-prod.secret.values.yaml new file mode 100644 index 0000000000..4f24096734 --- /dev/null +++ b/config/clusters/queensu/enc-prod.secret.values.yaml @@ -0,0 +1,20 @@ +jupyterhub: + hub: + config: + CILogonOAuthenticator: + client_id: ENC[AES256_GCM,data:Hku7Soa4sT+7T+gH434Ag0Bml1Vuxtyt6fexY8tNJUqLi7qyanw3yeGIaUezPpPzRYUb,iv:di4/qQnyO79QOpFPbrnnI+xIc2tpFlgB7QTatS81B4g=,tag:DkB9cPV8M9EiTDIZLuczfQ==,type:str] + client_secret: ENC[AES256_GCM,data:vpCvEI8GTrZuvLDw/alNRYwu496B2IF40zWIQ4o4yquoVH8l6yug2X7iDuDmutbcZy+HM1CFZvnYdqtdffYkAHZGXxJEFEHZTAezliLy6BtW5UOQN5g=,iv:Qk+ItRsSazf5XBzmJIEaMx5a9FnYI7sJhHjaGxbbjUI=,tag:14mSTnHNuAcsfR19n92bVA==,type:str] +sops: + kms: [] + gcp_kms: + - resource_id: projects/two-eye-two-see/locations/global/keyRings/sops-keys/cryptoKeys/similar-hubs + created_at: "2024-10-01T16:55:17Z" + enc: CiUA4OM7ePP/mmjPdkmmgf1xcYQWbxw2Z9C3dhYqdcPFV232iQJ8EkkA5dG1Q5UDupPMJ8vQ8lmMwMZH5grzKyw9Y2yeH4Lc8HQA0yb2XKGDouLn+dKc80SsDGGCegYt7c9intYSpPOESJErUoVPjuxk + azure_kv: [] + hc_vault: [] + age: [] + lastmodified: "2024-10-01T16:55:17Z" + mac: ENC[AES256_GCM,data:w1nuto7gCOKFRME7MtkMEob1KrNW0mPZbEDi0isbUxtHEuwR7JUAgCn/ZTo/39mS4J8hVIuw6/X4EYwfr0TggRp6xVMx0PXaNKAazVC1Me0uBVXekL6Dtbf1GQ6/VPUbpuFPQLFbNG+xS0UYMKKy33RKwr4IcHoDP61U/giOHmU=,iv:E1WJzeIK2HyTwLyHod5tnmhBbMnuDQK1c1reooy1wnQ=,tag:Vp73o3WngViS5CsQ8MWhWA==,type:str] + pgp: [] + unencrypted_suffix: _unencrypted + version: 3.9.0 diff --git a/config/clusters/queensu/enc-staging.secret.values.yaml b/config/clusters/queensu/enc-staging.secret.values.yaml new file mode 100644 index 0000000000..51035d8be1 --- /dev/null +++ b/config/clusters/queensu/enc-staging.secret.values.yaml @@ -0,0 +1,20 @@ +jupyterhub: + hub: + config: + CILogonOAuthenticator: + client_id: ENC[AES256_GCM,data:qbyxoNZg9/wIsgSZJiZV8bymLHaIcvEsE0crvYj2sUU8JmFeESPlZWXKLshPseO64KI=,iv:kiCEn8VXyioU5RDlKJBKsZDXSMTCtkBhr0qWWWP9jb4=,tag:wyw5fpBgeIoXg3oQ5DApXA==,type:str] + client_secret: ENC[AES256_GCM,data:VXjrxehxiZDiTXHQz9zarXH1konuB/rjyCajlN9q8X2gXIlG4AyNM0tkxBA9QcuTpFua+VhTwoU3zf7mBPo1k2p2dMKKk+cgC92yfVLn6Jxs9TmXc4g=,iv:fmFb6Oylt0+naNDIys1R9k7xqeTanplNEC9S/WPTzTg=,tag:nRLK88Rt8I7Kh1kSGuGdPA==,type:str] +sops: + kms: [] + gcp_kms: + - resource_id: projects/two-eye-two-see/locations/global/keyRings/sops-keys/cryptoKeys/similar-hubs + created_at: "2024-10-01T12:55:14Z" + enc: CiUA4OM7eLY3HsxXoc1bMHk3Bwx6SOdwEP7gzvhRki+x5tY55Q3VEkkA5dG1Q5wYNwvxaWeUhAQC5goLzs0jKWZSUwV4qfxDF64Qyat4AK2ee2MCTEweGQeI1UO5l6LYNMtouSHHZUGPoDygFr2Fysyd + azure_kv: [] + hc_vault: [] + age: [] + lastmodified: "2024-10-01T12:55:14Z" + mac: ENC[AES256_GCM,data:vw3lrjNIruXvpSGY472IqmOqNBoicsZtL5AMD+PQubj5bqL2bTcedB2XJycPn4QeDqZO8rRB/yOo/feOsKDq3tNMSXiRZ7HyB1okbxUtF6qX/PrkzKTDQymyIw/M4sm+sprusGlRcleGoWzQ4Tb8W5D22NKk1zMTpU3wMr3keSg=,iv:wjd2pAb8OTppgSBbVBSE2MxQ6AKqfcahw+TnLM+/lTc=,tag:MqqcMrmD3AzyqPPpX75Kpg==,type:str] + pgp: [] + unencrypted_suffix: _unencrypted + version: 3.9.0 diff --git a/config/clusters/queensu/prod.values.yaml b/config/clusters/queensu/prod.values.yaml new file mode 100644 index 0000000000..f83aa4b8a4 --- /dev/null +++ b/config/clusters/queensu/prod.values.yaml @@ -0,0 +1,10 @@ +jupyterhub: + ingress: + hosts: [queensu.2i2c.cloud] + tls: + - hosts: [queensu.2i2c.cloud] + secretName: https-auto-tls + hub: + config: + CILogonOAuthenticator: + oauth_callback_url: https://queensu.2i2c.cloud/hub/oauth_callback diff --git a/config/clusters/queensu/staging.values.yaml b/config/clusters/queensu/staging.values.yaml new file mode 100644 index 0000000000..0bc46fb481 --- /dev/null +++ b/config/clusters/queensu/staging.values.yaml @@ -0,0 +1,10 @@ +jupyterhub: + ingress: + hosts: [staging.queensu.2i2c.cloud] + tls: + - hosts: [staging.queensu.2i2c.cloud] + secretName: https-auto-tls + hub: + config: + CILogonOAuthenticator: + oauth_callback_url: https://staging.queensu.2i2c.cloud/hub/oauth_callback diff --git a/docs/hub-deployment-guide/runbooks/phase3/initial-hub-setup.md b/docs/hub-deployment-guide/runbooks/phase3/initial-hub-setup.md index a81f289973..c1d52305e0 100644 --- a/docs/hub-deployment-guide/runbooks/phase3/initial-hub-setup.md +++ b/docs/hub-deployment-guide/runbooks/phase3/initial-hub-setup.md @@ -121,7 +121,7 @@ All of the following steps must be followed in order to consider phase 3.1 compl ````{tab-item} Azure :sync: azure-key - N/A + tf output azure_fileshare_url ```` ````` 1. **Run the deployer command below to generate config for the common hubs configuration, passing the admin users one by one:**