From e9d5ceef3389ad66ca1dd22718c093f32681272f Mon Sep 17 00:00:00 2001 From: Erik Sundell Date: Wed, 28 Feb 2024 21:46:23 +0100 Subject: [PATCH 1/9] nasa smce clusters: re-generate deployer credentials --- .../enc-deployer-credentials.secret.json | 14 +++++++------- .../nasa-ghg/enc-deployer-credentials.secret.json | 14 +++++++------- .../nasa-veda/enc-deployer-credentials.secret.json | 14 +++++++------- 3 files changed, 21 insertions(+), 21 deletions(-) diff --git a/config/clusters/nasa-esdis/enc-deployer-credentials.secret.json b/config/clusters/nasa-esdis/enc-deployer-credentials.secret.json index 5368a3d083..9fbd8a5794 100644 --- a/config/clusters/nasa-esdis/enc-deployer-credentials.secret.json +++ b/config/clusters/nasa-esdis/enc-deployer-credentials.secret.json @@ -1,23 +1,23 @@ { "AccessKey": { - "AccessKeyId": "ENC[AES256_GCM,data:qFl+zOe2m7SnHq0c9nSOap+942U=,iv:m19mljbHzK5JgN7dzTgv6HZ+ughWP1NgJixRJx87hXw=,tag:UqZcqL2l8qpn6cMkadIf9Q==,type:str]", - "SecretAccessKey": "ENC[AES256_GCM,data:dYcC/STqxXdamGsD2EXA0av1JhQawniFMxpwTrppUanrVxm6UEQsyQ==,iv:xmgUAqlHfgIiDK9GKV2ehGz+9eomwz76Ac+XAzghKos=,tag:O0f7rym0GLJYOWCXCAU7hA==,type:str]", - "UserName": "ENC[AES256_GCM,data:ckDpLNhDShNT10PvQAm9v+9AVx9ZSWk=,iv:PHNDSUAeoBeecRgEWLOrUjnNTd1pyyw6CzLWb/62DmU=,tag:yrl+cpujI9y0S4AQq8XkjA==,type:str]" + "AccessKeyId": "ENC[AES256_GCM,data:psP/bPSRvG5KFa0IEtMRvDe1mGc=,iv:iDs1UK8XSYk0dhj61zQpOjRBKb3bu4iBJzyMOfdq1Mg=,tag:Rx1KttU/8zH5/KAnFcCTLQ==,type:str]", + "SecretAccessKey": "ENC[AES256_GCM,data:Re+uECrn6j2ekDmyIxL+3nrN0MqBxDgu6G0WTLFBWQKPCLpyG6VxFA==,iv:LZJl6TNA9m3brUOcqyM5ERIHAlrhuuH5kjklcpYf+5Y=,tag:xWdVeIbqJ4QyaHKJYYYIfw==,type:str]", + "UserName": "ENC[AES256_GCM,data:jhym6NDkEHaajZSuUUfiAL9yL4L6W/4=,iv:BOaMYnMv4SsEiPfFhSBsVpzNbW17b8Yo2/Iie3CHceE=,tag:uDsXiAVDeEe2KPg5cJUM6g==,type:str]" }, "sops": { "kms": null, "gcp_kms": [ { "resource_id": "projects/two-eye-two-see/locations/global/keyRings/sops-keys/cryptoKeys/similar-hubs", - "created_at": "2024-02-14T08:37:56Z", - "enc": "CiUA4OM7eI6f19C8pTp8BaZcdj00p3jDgRvefeB5v5VdgMIrmHAlEkkAXoW3JvAcx7P2IF4JUPEsq3itBPUjfKqOluTg+069G2tDwBdRUv+0lBYjv7EuSyRIbPNoLkMZHxfXCE7amiptD4jouY7UejUD" + "created_at": "2024-02-28T20:39:12Z", + "enc": "CiUA4OM7eAhtQrxUtxwRPUfj4q9kuqwS6sx7Oq2VgeruQJlzB6+qEkkAXoW3JjfBbEdZgUuuQzuS7JqLzD15Q612clR10c05wB3bTy03tOKKuStcFSo00Dlm3Z2HmZ5yvv2+rXkgt+e+viRf+DsPTEPh" } ], "azure_kv": null, "hc_vault": null, "age": null, - "lastmodified": "2024-02-14T08:37:56Z", - "mac": "ENC[AES256_GCM,data:ZcqsPCdH+dqcoEIl1PG/7t9ZWLEWdO5Ql4Li0UuffmEQ/5uDjsoemcS91z88M8WC33xm22BN3FbXzl7FlKroCg/rVbK81HS11Dnv2zuvs510rgcNXdQh8pEhXaesUQ208WTU1j0Yn614QrIs9fd+VOgqwkkUx7Hj4Fmq3x5Wz+Q=,iv:cIa4Dj5dyCAQ9ixCFn4fJo5fOrUYZY/eXUICh81a0sI=,tag:Gb4+ZGrPchM0xyRBaHUNIQ==,type:str]", + "lastmodified": "2024-02-28T20:39:13Z", + "mac": "ENC[AES256_GCM,data:rTYO5MHI5ZS9w0MelEu8OKsGtlzRvTuxQswDHHPOiz9HDlLeY2Gdrl6j20Ak7wPNfsQ7e0ThdU0tOZOb8zZ3T0bKQxJL8UwMT40zRQRu2FK2sBHm/ZOyRtsSGNXfoN/JTjzpAeHZBZ4BHh1G0MBBBQ5RkfttnCoQp8vYq//CVv0=,iv:CTMEgJi0FK4DJ2qbIpjYbBLCoq5IZEYc6GeUDm2Bs+M=,tag:Xk+Z3j1RLv4eahGLxRwnyA==,type:str]", "pgp": null, "unencrypted_suffix": "_unencrypted", "version": "3.8.1" diff --git a/config/clusters/nasa-ghg/enc-deployer-credentials.secret.json b/config/clusters/nasa-ghg/enc-deployer-credentials.secret.json index b08974a6da..1d69d3b139 100644 --- a/config/clusters/nasa-ghg/enc-deployer-credentials.secret.json +++ b/config/clusters/nasa-ghg/enc-deployer-credentials.secret.json @@ -1,23 +1,23 @@ { "AccessKey": { - "AccessKeyId": "ENC[AES256_GCM,data:Gt1qbIr5LxRbyiXAsatdrnoXKE0=,iv:anT4NC8bEs2MSCOkb3PL+j0EWteLGJz2dfSl5b30js4=,tag:0TJ8Uz29W+mrTgu8toFeDw==,type:str]", - "SecretAccessKey": "ENC[AES256_GCM,data:J9JP9vHVPA6FO9gpORDDdttpLmIEPO33p3YghRs7RYRuzx3jO7hghA==,iv:wdG0no8rWt2lhN+I1Sw/bJr1Fm7JLIJ/AttFhBCTy1E=,tag:mtdhCuQDDz5Dt5GscBKVaw==,type:str]", - "UserName": "ENC[AES256_GCM,data:3qXSpMQIG+hxZfTmEP18b8MbKIq9Qa8=,iv:Du4iyzxGWc92f2JIWZ2rnBxvquve28KYiKxSa3G3Nz0=,tag:U4pECdtiK5G8XMm5OzKbJQ==,type:str]" + "AccessKeyId": "ENC[AES256_GCM,data:JkX9tVCub2vX0VinLhkjl2c6KeA=,iv:WFhy2SSx42q3pwZPiNeNmkF6k465lvylRB77ymi6dTE=,tag:RfZ2WXIpks6juotbdcIqcg==,type:str]", + "SecretAccessKey": "ENC[AES256_GCM,data:91eD31K/GzC/8BapUHdAgMZeAGPxlBbNYu99bCo0gKacL/mO17RcBQ==,iv:k6NN56F7KJ8aIel7vmV+3/RwDnJmEbNtP1laTFSWeCc=,tag:9MJpxCt/JbXlsX5dPjum9A==,type:str]", + "UserName": "ENC[AES256_GCM,data:G/+S+CnSM1+ZtM8ZFgieKnnJZ5HUAls=,iv:tYDBWoMu9Bl2H1q0+UchJq+JjCxyniAlAtb7FEEBjmI=,tag:jWVGh/6/tLu4CHzu3LoE0Q==,type:str]" }, "sops": { "kms": null, "gcp_kms": [ { "resource_id": "projects/two-eye-two-see/locations/global/keyRings/sops-keys/cryptoKeys/similar-hubs", - "created_at": "2024-02-14T08:37:35Z", - "enc": "CiUA4OM7eM5ZIXKj0JAXCpV7NLjQfnnLeUsxAoE5iX4w1HeQuaK2EkkAXoW3JuZcKpWFddOTHzGdV5hiwLyUqpsNzko+L7ydRFPPjmmc0SetkuqkeGG/chEsn7IbkDHUyUS4UAZ7qYNloZM2EA3leNG9" + "created_at": "2024-02-28T20:39:15Z", + "enc": "CiUA4OM7eDDxm3/aBXHrTXBCTmn7vg8Ps0d16T0COVBBjSAtCmn7EkkAXoW3JrXFkPG4Mo+P+hCaieWE1oDr7g72VsluhTxlJssLB8pGLhA662ugdXrOz3ai+GIGNf5MsE4EJ5pL8sdaZOjAORGp6wce" } ], "azure_kv": null, "hc_vault": null, "age": null, - "lastmodified": "2024-02-14T08:37:36Z", - "mac": "ENC[AES256_GCM,data:fBdPDUC9r04k/P1iPu36sTn6jtzaC1dRWDtxt/i9ry2Uimyt9dX7zK+hNUkgQsixrwKF2SDcw1+G7q3CYmjgt/sw/1uLoJBdkxU1teE/dommdj6hw63ZfSycDFoO4EG6SM2iieiNxl3ivN1/Kyg8lO9EAO//5uRu9hZANHtrKGw=,iv:JV+G/2NAiCd8zdM5pm9XgrOaeMk/AyVrB3ncqUAJPOw=,tag:CmWySDChnR+w5ZLU66XHJQ==,type:str]", + "lastmodified": "2024-02-28T20:39:15Z", + "mac": "ENC[AES256_GCM,data:f808UBO6BFjpVJZaqBN31bIV7Y5UkNsUyT+rLPY6vlz0kxtvU/7cWCs+zHeZIJ6S30A/3hBBB5d9n4tOAzl5WHfP+mKjuWP3m7y49+4PSwv2CHaYu7j7WydXYX3RW+oBA0nn7QILboAH0fiNeFK2R8cNX1xmaZvyTGNONpjUFCg=,iv:fvFiEWTZ0ts96yN2lj8Pwj3OJu5/ZYZaFpeIoxDhjsU=,tag:ZZT9za0Er5oIzwW/RyG1Mw==,type:str]", "pgp": null, "unencrypted_suffix": "_unencrypted", "version": "3.8.1" diff --git a/config/clusters/nasa-veda/enc-deployer-credentials.secret.json b/config/clusters/nasa-veda/enc-deployer-credentials.secret.json index e50731607a..4beb65bf23 100644 --- a/config/clusters/nasa-veda/enc-deployer-credentials.secret.json +++ b/config/clusters/nasa-veda/enc-deployer-credentials.secret.json @@ -1,23 +1,23 @@ { "AccessKey": { - "AccessKeyId": "ENC[AES256_GCM,data:B//0d0fUA5I29nngWNCXIahCA0o=,iv:1FLf+0o43t45GXWx8hkpHSnHXymuSp2J4xnUepSzsWk=,tag:vFe7Y2Ox+kNgfCpaQ5l/Iw==,type:str]", - "SecretAccessKey": "ENC[AES256_GCM,data:zB5rgp05IVWbzd/ZF8zYc0PCy3hPeJO7DTtp5QzkeB9Up/zIbN6XrQ==,iv:usRkrMXk7ZuD52E6jaZJnqK9fejKFJhI7QOTAHmd1Hs=,tag:IgRRfLc2HhPCXbWpvMrVQA==,type:str]", - "UserName": "ENC[AES256_GCM,data:0ztpROiUhXLYefsxji94vPDsXU6J/M4=,iv:RHqWoHdWQdvdYzadQgbYHmkYbxPGAWPZrb7+i332jQA=,tag:k/ajOUWbKd/PZFdm13ZvXA==,type:str]" + "AccessKeyId": "ENC[AES256_GCM,data:5yk5O+FY3YJNJljPOPyZh294Hco=,iv:XetK6Ntaj94k00obidcNvOKCSs5OrJIttiwI/Tv6TNc=,tag:mNz2/fWhPOSlSJ0ZrPjS0A==,type:str]", + "SecretAccessKey": "ENC[AES256_GCM,data:/vumRn493v9jwHVOlFswSkOpOYjiqj+FLwoJpl2fP7sYE9YPASw2Jw==,iv:OOP1U8ICup/8pkqcnpk+17r+ZyFIZlyrJ6DO51+i9dg=,tag:V4zitB5sPN5FrrP4HcMk5A==,type:str]", + "UserName": "ENC[AES256_GCM,data:Dy0bxjbTQJcuui7QStEMNI/1kSUQ7YI=,iv:qLeUzBfOAYP230R+k59MEWo3rak+jngJwHjnWfZz9nI=,tag:2cpWcsUVDtuWpIPQksq8uA==,type:str]" }, "sops": { "kms": null, "gcp_kms": [ { "resource_id": "projects/two-eye-two-see/locations/global/keyRings/sops-keys/cryptoKeys/similar-hubs", - "created_at": "2024-02-14T08:36:56Z", - "enc": "CiUA4OM7eDh9sk57G2y6Mib1AIKRFjkjL6sX9ZqzhXI504Uzhya6EkkAXoW3JlP/CCOgdK7FC9JBC6KXZsH9sgca8WG+T9tpjrS9CL/uROoHn9LiQNM0R/72LyDil99hbEdwWwLcLt0zf4bKk7k3QLQ7" + "created_at": "2024-02-28T20:39:18Z", + "enc": "CiUA4OM7eKgrM9YWf0ijMlp4MqI++ADksTeHayNa48wBiTCjqdmPEkkAXoW3Jocmt7VRlzbfpKVKuCP6T+NP1MPYAUCLIDq4dntM3vr07RSPx856FpVqcVv+LxL7hWlSw2jl8AIJxUyQqXO2CXCin5n4" } ], "azure_kv": null, "hc_vault": null, "age": null, - "lastmodified": "2024-02-14T08:36:57Z", - "mac": "ENC[AES256_GCM,data:UXLBG1lKAQl2UNb5QtBhHXZttfXpIyilC6XCVOQSN7zfO3dqPkRtZ8OKC54jp0Zs4+Fq5nGOPWhQhptCWFGDMKthFJ6uL4juVYuNOXbe6ouvSSCLKzdZKMXssgtp2GomU9MVR5SixEGXH3wrgQQvE7WCOUzDYGTdSYJkxJh9yRo=,iv:IlVFKWD4cC7nT5VGxnDbnBNctDtP1FgHKGG9sxNX/0I=,tag:0DhbeKEi84/Y1vRw5JVBWA==,type:str]", + "lastmodified": "2024-02-28T20:39:19Z", + "mac": "ENC[AES256_GCM,data:sX66V+TN1gtw2nDFxTeehhfHQpUEzK7t2923qiM4iTOQ71YmTriLfwTqIRE+FF6TvWJVxtJZOmr+R3RK9HJEhbeUfHt52g7yvYE5FXNWXsmI+95qTWARrysBm7N03pmuw29ByZdhSFNbSSAMcJkxxW3UXb4miapny6Lplk2SUFA=,iv:SDgh19N8y5P5gO9ebNCGZqXQ1Kvw0Xp1fc2+wp6wTSk=,tag:P69Yrjsq03hckp5dDTDP/g==,type:str]", "pgp": null, "unencrypted_suffix": "_unencrypted", "version": "3.8.1" From a710312bc9ae3743be664362b2080bd5e894327a Mon Sep 17 00:00:00 2001 From: Erik Sundell Date: Wed, 28 Feb 2024 22:10:53 +0100 Subject: [PATCH 2/9] nasa-esdis: add details to cluster.yaml --- config/clusters/nasa-esdis/cluster.yaml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/config/clusters/nasa-esdis/cluster.yaml b/config/clusters/nasa-esdis/cluster.yaml index 6dd2d8407e..98d9b3ea09 100644 --- a/config/clusters/nasa-esdis/cluster.yaml +++ b/config/clusters/nasa-esdis/cluster.yaml @@ -1,5 +1,6 @@ name: nasa-esdis -provider: aws +provider: aws # https://smce-esdis-hub.signin.aws.amazon.com/console +account: smce-esdis-hub aws: key: enc-deployer-credentials.secret.json clusterType: eks From 429f9902cc973811f2009bd3a6196000d9e70820 Mon Sep 17 00:00:00 2001 From: Erik Sundell Date: Wed, 28 Feb 2024 22:38:09 +0100 Subject: [PATCH 3/9] basehub: add comment to prevent an issue from arising --- helm-charts/basehub/values.yaml | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/helm-charts/basehub/values.yaml b/helm-charts/basehub/values.yaml index dde5aa20ba..888f1e2fd8 100644 --- a/helm-charts/basehub/values.yaml +++ b/helm-charts/basehub/values.yaml @@ -69,6 +69,14 @@ jupyterhub: singleuserAdmin: extraEnv: {} extraVolumeMounts: + # IMPORTANT: What is added to this list is copied to other locations + # that wants to add an element to this list. This is done + # because when Helm config files are merged, lists get + # replaced rather than appended. So, if this is to be + # updated, we should update all those copies as well. An easy + # to way find such copies is to search for "singleuserAdmin:" + # in this repo. + # - name: home mountPath: /home/jovyan/shared-readwrite subPath: _shared From e960441a65405406db7d9339ed0fdec8df975610 Mon Sep 17 00:00:00 2001 From: Erik Sundell Date: Wed, 28 Feb 2024 22:52:24 +0100 Subject: [PATCH 4/9] basehub: clarify why we don't need to chown shared-readwrite --- helm-charts/basehub/values.yaml | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/helm-charts/basehub/values.yaml b/helm-charts/basehub/values.yaml index 888f1e2fd8..0a0679d1b6 100644 --- a/helm-charts/basehub/values.yaml +++ b/helm-charts/basehub/values.yaml @@ -222,6 +222,18 @@ jupyterhub: singleuser: # Need to explicitly fix ownership here, as otherwise these directories will be owned # by root on most NFS filesystems - neither EFS nor Google Filestore support anonuid + # + # This has to be done _once_ for each directory we mount _from_ the NFS + # server. We do it all the time since we don't know for sure it has been done once + # already. + # + # Note that we don't have to chown both the shared and shared-readwrite + # folder since they are both mounting the same folder on the NFS server. + # + # For details about this, see notes at: + # - https://github.com/2i2c-org/infrastructure/issues/2953#issuecomment-1672025545 + # - https://github.com/2i2c-org/infrastructure/issues/2946#issuecomment-1671691248 + # initContainers: - name: volume-mount-ownership-fix image: busybox:1.36.1 From 52a47313ff147263fb698731c55a67283ac8bf82 Mon Sep 17 00:00:00 2001 From: Erik Sundell Date: Thu, 29 Feb 2024 22:54:15 +0100 Subject: [PATCH 5/9] victor: fix deployer's grafana service account credentials --- config/clusters/victor/enc-grafana-token.secret.yaml | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/config/clusters/victor/enc-grafana-token.secret.yaml b/config/clusters/victor/enc-grafana-token.secret.yaml index 3feb7b36cb..e449050bcd 100644 --- a/config/clusters/victor/enc-grafana-token.secret.yaml +++ b/config/clusters/victor/enc-grafana-token.secret.yaml @@ -1,15 +1,15 @@ -grafana_token: ENC[AES256_GCM,data:Yu7cScQuAbZs4oKvaImqG1ESHKk7P6wWQn2EoN5A5LYOUK9VBCgApvHxk2NQl5W0LgNzWPhdOBef0BK2LmF7RwSV+1XVeIq3YTyjy4id+ukqn15CeFnu3Gq2qQM=,iv:RFAJsZqu5G4V1Cp9IrOS2f8ASJQMgHiZNRLqOadWTs4=,tag:uUpShf5F+ftdQqfhcoi5+Q==,type:str] +grafana_token: ENC[AES256_GCM,data:OTBQAgpyShzEm+eHfQJVtEr83tJf8psaFPkjqTPozEaRpMqCGG7a3hE4+h79/g==,iv:hN3AirWeW8IdHG76reiCyUl/91PgQyBWpCU8qZGiuMQ=,tag:e+QQnBwSz4sAO4bXSjJ8Wg==,type:str] sops: kms: [] gcp_kms: - resource_id: projects/two-eye-two-see/locations/global/keyRings/sops-keys/cryptoKeys/similar-hubs - created_at: "2022-11-07T15:23:55Z" - enc: CiQA4OM7eCbs52mBqdLkb3wr7m5ZiLV9dgZkhwwNNSBEizf4I/ASSQDuy/p8w13ge4Uz3wqQ0O7bqevUT5U0wZseugHVGpSfOT1kCuPHcvMY+Z4rsM7zEvCQSIx6E5Mynj10u4Qfn3DhiQ3DgOwbzg0= + created_at: "2024-02-29T21:51:08Z" + enc: CiUA4OM7eNjdvopHWnFtTnpID9wlVgIAwCva6LeATWpgvbD6J7VREkkAXoW3JpUHvVrB4am3g31cx/R/jYY/fzECxMnu2Q74CsSj6ZBQnogOpebaoFniyFkxFOTkoJKjC7FggJEufVHYcVOtpEwZjE3P azure_kv: [] hc_vault: [] age: [] - lastmodified: "2022-11-07T15:34:41Z" - mac: ENC[AES256_GCM,data:IjlnKN7F6A7yMFhLXEhePMhaWV9ObtWtiy2tyyHlCZWL/6SpKXmJ2pKyZgjgdvsQaOP204IpWdGnO83fQjEVybI1VpEWClah9kuCkNm4Roycr7YQo9vg6vTNXalBcVx9MszcACHo0cGf/QtSK4bd3puBkp59pC5/jIaJ+XGvx7w=,iv:TczwA2PGl/KR90BQ/pqKGCosPAbxEmYtGNl8LIHwRC0=,tag:s5Da4zddFgCjsRGEXkWsFw==,type:str] + lastmodified: "2024-02-29T21:51:08Z" + mac: ENC[AES256_GCM,data:h1MwQnXBeF6ge1BUhSfFLpicY3YLg2WK1wAVztEv6yfXf8kAVboPOFy0TBzToUXRmMqgSjcjXLOBoEIuuTjUNkseZjaZ1dRC3/z7XF8n2OzvaCaW6vR19LoKA4IrmWh4Agh8ImQ7ISFabN3MDpeJVOjx1xW83/pC4b1qYG+l88I=,iv:jqQ4U+ZZ22We+kbUFP/ZkOWEviybAZXDvou7pjEiPv0=,tag:0RK4MbWsJtUIHpxBw5BLJQ==,type:str] pgp: [] unencrypted_suffix: _unencrypted - version: 3.7.3 + version: 3.8.1 From 660c1d0f443c28b38e64f1ed3b19ad288f861131 Mon Sep 17 00:00:00 2001 From: YuviPanda Date: Thu, 29 Feb 2024 15:52:25 -0800 Subject: [PATCH 6/9] Cleanup unused bits in the 2i2c shared cluster - Jackeddy has been decomissioned for a while - The agu binder was decomissioned but the associated GAR was not - The pilot hubs artifact registry has never been used --- .../2i2c/enc-jackeddy.secret.values.yaml | 21 ------------------- terraform/gcp/projects/pilot-hubs.tfvars | 19 +---------------- 2 files changed, 1 insertion(+), 39 deletions(-) delete mode 100644 config/clusters/2i2c/enc-jackeddy.secret.values.yaml diff --git a/config/clusters/2i2c/enc-jackeddy.secret.values.yaml b/config/clusters/2i2c/enc-jackeddy.secret.values.yaml deleted file mode 100644 index 1c4abeea5d..0000000000 --- a/config/clusters/2i2c/enc-jackeddy.secret.values.yaml +++ /dev/null @@ -1,21 +0,0 @@ -basehub: - jupyterhub: - hub: - config: - GitHubOAuthenticator: - client_id: ENC[AES256_GCM,data:pKbFnP/2j9bmxIWDbD4XMNN1Cpo=,iv:P4YgHP1WS0a+XW7WFbHQyTYSVGPKDaPaYHwKRmID2cc=,tag:chrE50gZEijmqEeuLajU0g==,type:str] - client_secret: ENC[AES256_GCM,data:GAd2q3+beAdijK8i46h71G+ZpIxxJuSZ/NlRKi6hqgwBWwwbb6MNJg==,iv:XeMzu/XES1dxZ9BI3dPAk5nSL+JlBAhTzN/2OrVfMh4=,tag:AhQRDCZzkKmYiUTsOU4mVA==,type:str] -sops: - kms: [] - gcp_kms: - - resource_id: projects/two-eye-two-see/locations/global/keyRings/sops-keys/cryptoKeys/similar-hubs - created_at: "2022-03-15T18:22:39Z" - enc: CiQA4OM7eDjl5gKH7+wzLKDVoI5KcuJ7gVfLlnQ05U9ztKRtBXISSQDm5XgWoRzJjQSuC+PEMk6t4P2YMxDK6dvnpVlojQkI4X3tlQcSPvq1m0JRKXOhcCT3EjvQiM2ZiU2hRB0u2ZbK8nRfw9cW4l8= - azure_kv: [] - hc_vault: [] - age: [] - lastmodified: "2022-05-26T16:36:36Z" - mac: ENC[AES256_GCM,data:+cnN/SCe71LXhFQWMZrNLFRrRik0fgKkhy6iH3fe9CZTPioChPuyalx/l1WElMFx3ni9xEBul+eR6zsH2l+GKFForkAQZ85gUUl7FDZITwbtIqSFXM5idrhYKkN+yB/ky0WxflKO+6mhNRnuu9nTJ7F4/fPsniyJK/6MWO9sODs=,iv:1ACC55neHqNuhjENiNIZGnjFTSppMxYF+aE8uKZWGRY=,tag:sDUiw4Svh9B1R2z6AJKTzw==,type:str] - pgp: [] - unencrypted_suffix: _unencrypted - version: 3.7.1 diff --git a/terraform/gcp/projects/pilot-hubs.tfvars b/terraform/gcp/projects/pilot-hubs.tfvars index 02d3769aac..7473e425eb 100644 --- a/terraform/gcp/projects/pilot-hubs.tfvars +++ b/terraform/gcp/projects/pilot-hubs.tfvars @@ -49,11 +49,7 @@ dask_nodes = { }, } -user_buckets = { - "jackeddy-scratch" : { - "delete_after" : 7 - } -} +user_buckets = {} hub_cloud_permissions = { @@ -67,21 +63,8 @@ hub_cloud_permissions = { bucket_admin_access : [], hub_namespace : "ohw" }, - # Can't use full name here as it violates line length restriction of service account id - "catalyst-coop" : { - allow_access_to_external_requester_pays_buckets : true, - bucket_admin_access : [], - hub_namespace : "catalyst-cooperative" - }, - "jackeddy" : { - allow_access_to_external_requester_pays_buckets : true, - bucket_admin_access : ["jackeddy-scratch"], - hub_namespace : "jackeddy" - }, } container_repos = [ - "pilot-hubs", "binder-staging", - "agu-binder" ] From 723ca02629b06726088d3269e4d3e2034ea72739 Mon Sep 17 00:00:00 2001 From: "2i2c-token-generator-bot[bot]" <106546794+2i2c-token-generator-bot[bot]@users.noreply.github.com> Date: Fri, 1 Mar 2024 00:09:55 +0000 Subject: [PATCH 7/9] Bump charts ['prometheus', 'grafana', 'ingress-nginx', 'cluster-autoscaler'] to versions ['25.15.0', '7.3.3', '4.10.0', '9.35.0'], respectively --- helm-charts/support/Chart.yaml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/helm-charts/support/Chart.yaml b/helm-charts/support/Chart.yaml index 5a1891562c..e32d789408 100644 --- a/helm-charts/support/Chart.yaml +++ b/helm-charts/support/Chart.yaml @@ -15,13 +15,13 @@ dependencies: - name: prometheus # NOTE: CHECK INSTRUCTIONS UNDER prometheus.server.command IN support/values.yaml # EACH TIME THIS VERSION IS BUMPED! - version: 25.11.0 + version: 25.15.0 repository: https://prometheus-community.github.io/helm-charts # Grafana for dashboarding of metrics. # https://github.com/grafana/helm-charts/tree/main/charts/grafana - name: grafana - version: 6.61.2 + version: 7.3.3 repository: https://grafana.github.io/helm-charts # ingress-nginx for a k8s Ingress resource controller that routes traffic from @@ -29,13 +29,13 @@ dependencies: # that references this controller. # https://github.com/kubernetes/ingress-nginx/tree/main/charts/ingress-nginx - name: ingress-nginx - version: 4.9.1 + version: 4.10.0 repository: https://kubernetes.github.io/ingress-nginx # cluster-autoscaler for k8s clusters where it doesn't come out of the box (EKS) # https://github.com/kubernetes/autoscaler/tree/master/charts/cluster-autoscaler - name: cluster-autoscaler - version: 9.34.1 + version: 9.35.0 repository: https://kubernetes.github.io/autoscaler condition: cluster-autoscaler.enabled From a34ba60780263782182b957e3ccceb0b35cf1403 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 1 Mar 2024 01:37:12 +0000 Subject: [PATCH 8/9] Bump azure/setup-helm from 3 to 4 in /.github/actions/setup-deploy Bumps [azure/setup-helm](https://github.com/azure/setup-helm) from 3 to 4. - [Release notes](https://github.com/azure/setup-helm/releases) - [Commits](https://github.com/azure/setup-helm/compare/v3...v4) --- updated-dependencies: - dependency-name: azure/setup-helm dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --- .github/actions/setup-deploy/action.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/actions/setup-deploy/action.yaml b/.github/actions/setup-deploy/action.yaml index e77402d8bb..96eddf9dc5 100644 --- a/.github/actions/setup-deploy/action.yaml +++ b/.github/actions/setup-deploy/action.yaml @@ -69,7 +69,7 @@ runs: shell: bash # This action use the github official cache mechanism internally - - uses: azure/setup-helm@v3 + - uses: azure/setup-helm@v4 with: # Manually update a pinning of helm to a minor version based on: # From 4d3c05b7a5345212f8c12986846546077998dfda Mon Sep 17 00:00:00 2001 From: Erik Sundell Date: Fri, 1 Mar 2024 07:06:40 +0100 Subject: [PATCH 9/9] Hold back grafana's major version bump --- helm-charts/support/Chart.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/helm-charts/support/Chart.yaml b/helm-charts/support/Chart.yaml index e32d789408..020d01ffff 100644 --- a/helm-charts/support/Chart.yaml +++ b/helm-charts/support/Chart.yaml @@ -21,7 +21,7 @@ dependencies: # Grafana for dashboarding of metrics. # https://github.com/grafana/helm-charts/tree/main/charts/grafana - name: grafana - version: 7.3.3 + version: 6.61.2 repository: https://grafana.github.io/helm-charts # ingress-nginx for a k8s Ingress resource controller that routes traffic from