diff --git a/.sops.yaml b/.sops.yaml index b75d5df97..d6a71cf75 100644 --- a/.sops.yaml +++ b/.sops.yaml @@ -1,4 +1,6 @@ creation_rules: + - path_regex: secrets/pangeo-hubs.json$ + gcp_kms: projects/pangeo-integration-te-3eea/locations/us-central1/keyRings/sops-keys/cryptoKeys/pangeo-hubs - path_regex: .*/secrets/.* gcp_kms: projects/two-eye-two-see/locations/global/keyRings/sops-keys/cryptoKeys/similar-hubs - path_regex: .*/kops/ssh-keys/.* @@ -8,4 +10,4 @@ creation_rules: - path_regex: config/secrets.yaml$ gcp_kms: projects/two-eye-two-see/locations/global/keyRings/sops-keys/cryptoKeys/similar-hubs - path_regex: support/secrets.yaml$ - gcp_kms: projects/two-eye-two-see/locations/global/keyRings/sops-keys/cryptoKeys/similar-hubs \ No newline at end of file + gcp_kms: projects/two-eye-two-see/locations/global/keyRings/sops-keys/cryptoKeys/similar-hubs diff --git a/secrets/pangeo-hubs.json b/secrets/pangeo-hubs.json new file mode 100644 index 000000000..ef7c88041 --- /dev/null +++ b/secrets/pangeo-hubs.json @@ -0,0 +1,30 @@ +{ + "type": "ENC[AES256_GCM,data:3cwow0yQUvcc0ndw7sts,iv:wqcH2619ju8qHNvha7bJt4v/FeqFqgpBEAiVHB8McEw=,tag:/as+HFPhatDbw32FygoKlA==,type:str]", + "project_id": "ENC[AES256_GCM,data:Czvvx1CCfQuttbKTSD7O5RfXXxSpYjXC+fU=,iv:Iz4DxSlumvmujiDs/7GwhlSr3FbTxD13RbXizvj3+Ws=,tag:L7lATb+fM02vkKYw1b+aZg==,type:str]", + "private_key_id": "ENC[AES256_GCM,data:dOA/DDkboDuS/laTIbgV3z0rH4oMKwolCdCiXTACuOBBXV98oQATjg==,iv:SC6ojLmLk9Cuc4SPLO5jUbt9aVuu3BZ27bVFT17yQng=,tag:J1c6Pe8SFT3hwfIZPSwamw==,type:str]", + "private_key": "ENC[AES256_GCM,data:CL7Uqm8m8EZiqPFzD7vovW7w8JyCiXilWJQ4og42b3bZV842WPibAZE91ijJQjnAzwqehNAfQgY78DkZYG0eU3HloR8dlGm7hGN7UAJChWKwcKJpkxtu6SOheLL+9rkUl3OtnUSeLRawR71o4PisHaLxKwYVvIyxc7hBtnDnmI5/YS4bpiPG8ePodS7cLW5i/AjMZ9g6jRhSoZaDATb4xS8cjUehMq6ZIZ9FAHRQZuuI1XuEvu6m9hi6U/FunVgHUmGCxV3nimM9woLxV1YheApciy/kwpSnA+gMywu4ABuSkQFCTKg7kn2bccyNE6MIQosFUjvX4RuCIP7tSsh27fZU8bjQMNeC7xFiN5lXBTtPJ1IvyWwk4p9oD+qQS566CmVKTji/mAg66mmtyD5jwFMjXxoAcG7vHJ/OKhgRldTi8voeMx0Y+zVN8Lv/7RNoflSRh2kIjA5On8fNfmqcdhEsMZMcQunrN0Q2MrB4zX2HtMP2bN3XIwsBMqTuqgHDNAtofuz9YFbAOtgTlBcXAvfhf4Z/hj0OHNqd11yCUEvl+o9jPxr3r+Ha+9fLL5Np6jWR6yumqGxtqolI/BNGURDqgXLzOlZRVqa1plUHOLltj1hoWKyFj26MGE0o2+4XYqULFIo2X8MkmmZGtyt0ZAIVMJr4XrUx3z0HQjlgY28aV4XLaG2ACldfowwh2xjTn/EWNtmuvYakhEw2bi9Sn/Wjvv/mqgTrIsT/5n+rKtPZntrYa5I4BmxFFtavg6ScGzXJ2DbpgV7d5Se0sGrI6zZVvmlae5n6T1qXV5YfefypC+rusmGSsWygAV7mNFOPwYAovfKYPOa+boD3iWL85e5pZ++4izM+itOmfq5PxAIKx1oNSFK8O3cKyM7QfpbgDgRZ7dqG30WoethszldHXTMsnZ8SaTytxDyP6+7rDWjB7sj7M3GqEFQBKvn3dcnR1vLwur8cYgZm60jOHB4efpIlQ2JSh9fRJDCLINf9zTZX3YaRFxTCTqZlxsdTISCuwm6UGERdqrgrlwsfbWceKZK2/JCHdALpHsxM+GsWmRBgF4fKkaKYHyJ+Z2eqZQ78nJBxFr/A0jJUYgKbXMlb9jCgXCSEVSLkR7gMoBLZjnajucS1gXeyA/HMnjrBtPArpS0AmF8M4ZnnAraRv11yNbRcsU8NavTXSDBpYHXbviFZRYxOjqWIscW1BaGOUb2NDdddziznLzQFM1gqmVRpR69duNLN5vyO/CIfhgDB6vZbUE2s42Obo5d+63CE06zQi7wgmXGm5stnsWG0b67+RoMVKQIhq1H2Sq/G4zlJkv6tC7xnWyBD1qRh4SQPTc6yie6P3Ggyia7cn+0Hs2VcgN2HaHJ52RV3rsnihQHoFT871VezIfP7ymhNEY4MUIzp4ZUlUBTytZG8pdixzHdoHg+1caijOTdw7g92MdDYvvpx9rXgfPBVdEygcwxIBU9Vd6fcWTJmbHjafDpJs2V3nfJB4mTdymJfxB4rd664H9UKdMWrz6VRjEQVApyJT0q1CMz4Ljohh6NrqHUHcFwM0Pm2JtzrxRECMe9sJnOKQbnyrWK1aIrDUBjM5gNG+KeXgZYHQEnEqvxouD0L5pt5PRCxHpW2Hr5Mbj2qXyjLmsMEzNhPqzQywuyjpM51FcgUKXThivSUq+pVVk/9GjxcpegR8Ebg0qscqL/uyP8Ud5z35yVHSnyIuKBgXo7wsXuJ8cEngwUC05mtpSEBroOWFU49FZpu3gBYZTfjfczHLyuyv0iE9bHazKCMwXJtJyQOE2jamY9jYxgWlW14xPbVh1DhSUBfY0UQ68tFzrU5DWi/rVyVumogGMwuFVsszvlgWWW/00DWzo0RYKKI/iIpan6d+sIhouSTkr2fOuyJw8p0dN9SXeFrkb+VYuIUV/codkxL5Uptq9STigswgEvGdq2YRI7TVCS69S5jAQLt5TEgzSpXtxAoIjpA9jknCVezMMHebyK8c2hf20HOVS4Mn18IwNzbHR9kf/l8TUMhA7xueGG2b77bdRm5gFSxG1xxy/nm1N4I990t4/E+ylREpcPcpUY7u6P+dUWAKjb6rjx7A4QhaiAjE9R8lYfa65KH47kgGFgvRScUTeAXSXR4fP8wwZ+M4NsZt6g6h9BOFzs3nb7jE45w8EjzQV0mRjDOzW0KzYISn8PtWrr726YKZrJoFsLD3yfYwY3+qbnmXUXXfvLmdLJiTZN1sCoJavCeVLC1kuHDlay2cvbvZImepH7HQg5YHNE8,iv:RzZiOaqbUEZGh2bQWeGrdSGNa24wUyH9nS+0Vuj5C+w=,tag:zKdnlSy8ZymcJikBTSXvHA==,type:str]", + "client_email": "ENC[AES256_GCM,data:nzrMlFRMsH7gzTFAa0G+7GNixxZYADH8ZmD6w22GweSOik1HZA/sO3K0cAY5Vk1H/tphPvLcVsURrgMQHdI4gBMbDgs=,iv:4KxxHJlxeO1+2vLDRm25w5RT73VUoHpxm/PmL3kUHfk=,tag:pVNo3jQ1Tk88qKq4swStuA==,type:str]", + "client_id": "ENC[AES256_GCM,data:S1rjphwzf2xrdFp3p0oVZ8cc+DlJ,iv:xO1YY0w4ZoXbGnt1YdWuoVt7WNQoOCN2S38Jf7G+6Gg=,tag:4/6mmjdWvKAYro3FRB4Omw==,type:str]", + "auth_uri": "ENC[AES256_GCM,data:vE+tFDd8Ldqk8cp3vCKDpWSnzjJYMpiHG7ZdX0feoMlDEF7MXNJeaw0=,iv:dKEi6dE063zfKo1vE/InwHkRdhIAERPAYByAqm9WCnE=,tag:se9nT1Bxo2Xtq4+cQtBAZg==,type:str]", + "token_uri": "ENC[AES256_GCM,data:liEvOHZRqZfoPABKtLtnYez0fTyDFJ5V9QMtWbpFhNa4IP8=,iv:Bh1z6+Y7X5f57x9Ui3Jb4s1hFpyz3Vuu3ZUsNgQ/Sa4=,tag:ozcLsRoRfDporRAGL4hR2Q==,type:str]", + "auth_provider_x509_cert_url": "ENC[AES256_GCM,data:4goxM0z8lnGuq9LzXv+p2AG21STZo3g8DoS7ANgq9H6rMlsJYBjb3QrE,iv:xFBrMDgeiI5kUcRnjN2p+s3JN27+41kYqPUWk0i7bs0=,tag:OYaMb/RxMW+fuy8AGgSBTw==,type:str]", + "client_x509_cert_url": "ENC[AES256_GCM,data:eHGHdkUBYXFjT+azLKEJdSsxFjjTkV7alI5Ytv2k/SwEGHHfuHf//zBlZL2pslGmMdMBmy2cDC8SQ53HgjDceC5B+mU4jYCW/1aVMjp8hzaLz201EGonLPOd9ThHakZw6oTEc/UcIyt6O8Q5MkZ61D0xcR69vIbo,iv:4inIgMApgnrYHuZy2fiQoVbXaUCSuIW62arqlIqD/pA=,tag:Bsv2V2wPEgWjcKctMFOdvw==,type:str]", + "sops": { + "kms": null, + "gcp_kms": [ + { + "resource_id": "projects/pangeo-integration-te-3eea/locations/us-central1/keyRings/sops-keys/cryptoKeys/pangeo-hubs", + "created_at": "2021-08-04T09:35:30Z", + "enc": "CiQAkd3zmveIG99/kFCxZnCuf6nL0coG+2yhU/EJ5C/dFNYi7I8SSQBMmK7+qXGAXmOSVnWXLLTbfQO+LTv+NeCRpIX9BACsCiWei7lXjg653R+P1EPQWI0z77GKo4LNXj+KONCnVkjnGwY+hD9Fu3U=" + } + ], + "azure_kv": null, + "hc_vault": null, + "age": null, + "lastmodified": "2021-08-04T09:35:31Z", + "mac": "ENC[AES256_GCM,data:MEXSPmX8bXihwKsy81qe+6o62BiiC/a0GXcIEKfPntP2LdISKP2m4m52qgeglu93481J1LBqPS2vYZfRlrbsEqzq2EyreVD6PbjLQ9GhBL3A/HrjsCW2NrysUNbpHCev66WV6gd27UQeGR5lgbqJm0zqcC8wiEW4evZ3zuKw0t4=,iv:ZUvYryN8pUtPIS6fEdbD5rhE7wgj0aaN65Ek15Z7Ez8=,tag:egb9/1oB9Up1VjbenXLp6g==,type:str]", + "pgp": null, + "unencrypted_suffix": "_unencrypted", + "version": "3.7.1" + } +} \ No newline at end of file diff --git a/terraform/gcp/projects/pangeo-hubs.tfvars b/terraform/gcp/projects/pangeo-hubs.tfvars new file mode 100644 index 000000000..e3216b0f4 --- /dev/null +++ b/terraform/gcp/projects/pangeo-hubs.tfvars @@ -0,0 +1,33 @@ +prefix = "pangeo-hubs" +project_id = "pangeo-integration-te-3eea" +enable_private_cluster = true + +core_node_machine_type = "n1-highmem-4" + +# Multi-tenant cluster, network policy is required to enforce separation between hubs +enable_network_policy = true + +# Some hubs want a storage bucket, so we need to have config connector enabled +config_connector_enabled = true + +notebook_nodes = { + "user" : { + min : 0, + max : 20, + machine_type : "n1-highmem-4" + labels : {} + }, +} + +dask_nodes = { + "worker" : { + min : 0, + max : 100, + machine_type : "n1-highmem-4" + labels : {} + }, +} + +user_buckets = [ + "pangeo-scratch" +]