Skip to content

Commit

Permalink
Merge pull request #34 from cern-vre/jupyterhub_dynamic
Browse files Browse the repository at this point in the history 
JupyterHub with dynamic PVCs fix #21
  • Loading branch information
@goseind
goseind authored Feb 13, 2023
2 parents 9d9318e + 6268ecd commit a976579
Show file tree
Hide file tree
Showing 25 changed files with 124 additions and 38 deletions.
1 change: 1 addition & 0 deletions iac/secrets/jhub/README.md
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
# Secrets for JupyterHub K8s
15 changes: 15 additions & 0 deletions iac/secrets/jhub/ss_jhub-cvre-dbconnectstring.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,15 @@
apiVersion: bitnami.com/v1alpha1
kind: SealedSecret
metadata:
creationTimestamp: null
name: jhub-cvre-dbconnectstring
namespace: jhub
spec:
encryptedData:
dbconnectstring: AgBbnLUYNK6O0JSTkepDwt+9stnmmW+E7LF9lLceA4ewhFRapsMLQwloZdBZjk22lRMzDsBS0Ru3UCzVBPEnGHCLTIyoT60FvZdIf+HwupEI09WcuG8Cimk7YPdWdMJsoIKCCepoQSOOdzSulxG002uQQOc3tIrd012I5PPlfudGC9dC8NWT0KQ+koF2Vzf3FpKtNZxzx54O7Se72jRfDNwCj/tbY2uG9bKJnIw+XyRjqntQhXcGb0oUJMwZ26gAwgdUf4WJvwnDVCWorEE2YD0M5lKDpfXgw39COkNw6/jPVzALjwUIw5lJ+arjPiKmmioZDE7/sud8B0lsqW13L9NGOGUPukXsVrPSjn6Oh6JwBlJK5l2iVLxsoPuhxfoooSQwOUwWXmMxcnPqAtWV4QpHkJhbxro1xHPE6P1Aqqwia4jx4pxT2paNb1Uw6E5o5HXmZI0mEkTHy266njrzbZHX90QhvwMTmIEY/XEHXsLudbbwzvPZeIkz22PJBb0VY+unpcVanJao3gAX3MMDqh+aAzV8SuKfhjY2nBRdIGBkkuWWWM5FE6XNN37a6IlKdTuqUvTMH43iHa/d9jrLYEGEzDCytcCxNe63g/8afBJAqlUXN5W7sB3702RBcfHX3O7Eqf2YXzp0vmXQ8KzgFkWxcy6UH0UFwc5KIPSN6KwQij/SmK24bnlSdK/PHJPrrsyIYBFO9S/Tngkl4pPUNgteCPGRlUsgr6A74lQEVcofpvwm0d7mgw7WEhZbJBmd2u3a4qpNYipLiTYzQJjYZLuN2I7t2nhYoLgeTfQFxxxuMw==
template:
metadata:
creationTimestamp: null
name: jhub-cvre-dbconnectstring
namespace: jhub

1 change: 1 addition & 0 deletions iac/secrets/reana/README.md
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
# Secrets for REANA K8s
15 changes: 15 additions & 0 deletions iac/secrets/reana/ss_reana-cvre-dbpassword.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,15 @@
apiVersion: bitnami.com/v1alpha1
kind: SealedSecret
metadata:
creationTimestamp: null
name: reana-cvre-dbpassword
namespace: reana
spec:
encryptedData:
dbpassword: AgB4SOzAPZxzgDG2Pm0bpMTU4I/NObTj1dZ+e41YFDBF6POtcRjCelCDcGmQoiMFTchLyoYtcyAcvbTJQ+hm15MfhTxZu5go5jjXAHnMeITaHCUbUmOLEYk3UTMGNnsunl5ebBc5H4JkjSKDmV0TtWCcZKU2Hkks9n8zNhYfgcjCsC19ZVL3kTI/rfqPCPDX4FD/f3Hr4FUqu1exw887tTxblYq1C6ypPdL27Tq6Hv2uptK22FmamZLBjUjQMXDVvfnHwol14BI6jFgQW4HSLT2j8N7gSr2fdacw+b1X2ubxUas2eRpDXgY0VSG37Zybsxps3M8J0SWUQua20g/uKBXT3BfPaMoZayeGrDhK0vMnfl6Om7Z+kGacFJ/hNuy660S1HhoLvm9yJcc47SLziIFHVHXwDiMxPpPunvCI+EUWtMoJN5QcJYmC7/KYtzm8I0pXpaNGZ/55UkSfcav6x7sE1f1RMtYxenhWV/2MDl9cAKtCtr9ZEslA+fKL/BspNlCtq04guQDp2msKOwnpP4r3wfXG4cRdCfvbUNDxU4TGq3qrW5SANcHYklbfQ0ndHpV9Z9JOmOk7qWleWMrQrNZjLa3ll/F+vI5tVci3tPdjalS9dNluinX6MGT2gPYepHVZIzfMFz+CpxkYeIPRwZitaBrp002wVn+5sMuRPplb9GJ6/GoJ8TzYplmOsSP/JnKZDHZhxEJfldJLVhNtT8zLdI2AzQWGUbG8eqkFOQ==
template:
metadata:
creationTimestamp: null
name: reana-cvre-dbpassword
namespace: reana

1 change: 1 addition & 0 deletions iac/secrets/rucio/README.md
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
# Secrets for Rucio K8s
0 ...crets/ss_rucio-daemons-cvre-fts-cert.yaml → ...rucio/ss_rucio-daemons-cvre-fts-cert.yaml
View file
File renamed without changes.
0 ...ecrets/ss_rucio-daemons-cvre-fts-key.yaml → .../rucio/ss_rucio-daemons-cvre-fts-key.yaml
View file
File renamed without changes.
0 ...ets/ss_rucio-server-cvre-auth-cafile.yaml → ...cio/ss_rucio-server-cvre-auth-cafile.yaml
View file
File renamed without changes.
0 ...s/ss_rucio-server-cvre-auth-hostcert.yaml → ...o/ss_rucio-server-cvre-auth-hostcert.yaml
View file
File renamed without changes.
0 ...ts/ss_rucio-server-cvre-auth-hostkey.yaml → ...io/ss_rucio-server-cvre-auth-hostkey.yaml
View file
File renamed without changes.
0 ...ecrets/ss_rucio-server-cvre-rucio-db.yaml → .../rucio/ss_rucio-server-cvre-rucio-db.yaml
View file
File renamed without changes.
0 ...s/ss_rucio-server-cvre-server-cafile.yaml → ...o/ss_rucio-server-cvre-server-cafile.yaml
View file
File renamed without changes.
0 ...ss_rucio-server-cvre-server-hostcert.yaml → ...ss_rucio-server-cvre-server-hostcert.yaml
View file
File renamed without changes.
0 .../ss_rucio-server-cvre-server-hostkey.yaml → .../ss_rucio-server-cvre-server-hostkey.yaml
View file
File renamed without changes.
0 iac/secrets/ss_rucio-ui-cvre-cafile.yaml → ...ecrets/rucio/ss_rucio-ui-cvre-cafile.yaml
View file
File renamed without changes.
0 iac/secrets/ss_rucio-ui-cvre-hostcert.yaml → ...rets/rucio/ss_rucio-ui-cvre-hostcert.yaml
View file
File renamed without changes.
0 iac/secrets/ss_rucio-ui-cvre-hostkey.yaml → ...crets/rucio/ss_rucio-ui-cvre-hostkey.yaml
View file
File renamed without changes.
32 changes: 32 additions & 0 deletions iac/tf/cluster/jhub/config.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,32 @@
# This file can update the JupyterHub Helm chart's default configuration values.
#
# For reference see the configuration reference and default values, but make
# sure to refer to the Helm chart version of interest to you!
#
# Introduction to YAML: https://www.youtube.com/watch?v=cdLNKUoMc6c
# Chart config reference: https://zero-to-jupyterhub.readthedocs.io/en/stable/resources/reference.html
# Chart default values: https://github.com/jupyterhub/zero-to-jupyterhub-k8s/blob/HEAD/jupyterhub/values.yaml
# Available chart versions: https://jupyterhub.github.io/helm-chart/
#

hub:
db:
type: postgres
upgrade: true

proxy:
service:
type: LoadBalancer
loadBalancerIP: 137.138.226.36 # may change if LB needs to be created manually due to bug: openstack loadbalancer create --name <lb-name> --vip-network-id <network-id>
annotations:
loadbalancer.openstack.org/network-id: "798d00f3-2af9-48a0-a7c3-a26d909a2d64"
service.beta.kubernetes.io/openstack-internal-load-balancer: "true"
loadbalancer.openstack.org/cascade-delete: "false"

singleuser:
storage:
type: none

# ingress:
# enabled: true # can be an alternative for LBaaS in combination with proxy.service.type: ClusterIP
# ingressClassName: nginx
30 changes: 20 additions & 10 deletions iac/tf/cluster/main-helm.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -14,7 +14,7 @@ resource "helm_release" "rucio-server-chart" {
]

set {
name = "config.database.default"
name = "config.database.default"
value = data.kubernetes_secret_v1.rucio_db_secret.data.dbconnectstring
}
}
Expand All @@ -25,14 +25,14 @@ resource "helm_release" "rucio-daemons-chart" {
chart = "rucio-daemons"
version = "1.30.0"
namespace = var.ns-rucio

values = [
"${file("rucio/values-daemons.yaml")}"
]

set {
name = "config.database.default"
value = data.kubernetes_secret_v1.rucio_db_secret.data.dbconnectstring
name = "config.database.default"
value = data.kubernetes_secret_v1.jhub_db_secret.data.dbconnectstring
}
}

Expand All @@ -48,7 +48,7 @@ resource "helm_release" "rucio-ui-chart" {
]

set {
name = "config.database.default"
name = "config.database.default"
value = data.kubernetes_secret_v1.rucio_db_secret.data.dbconnectstring
}
}
Expand All @@ -72,12 +72,22 @@ resource "helm_release" "sealed-secrets-chart" {

# JupyterHub

/* module "jupyterhub" {
source = "../modules/jupyterhub"
resource "helm_release" "jupyterhub-chart" {
name = "jhub-${var.resource-suffix}"
repository = "https://jupyterhub.github.io/helm-chart/"
chart = "jupyterhub"
version = "2.0.0"
namespace = var.ns-jupyterhub

ns-name = var.ns-jupyterhub
release-suffix = var.resource-suffix
} */
values = [
"${file("jhub/config.yaml")}"
]

set {
name = "hub.db.url"
value = data.kubernetes_secret_v1.jhub_db_secret.data.dbconnectstring
}
}

# Reana

Expand Down
39 changes: 35 additions & 4 deletions iac/tf/cluster/main-k8s.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,11 +2,18 @@

data "kubernetes_secret_v1" "rucio_db_secret" {
metadata {
name = "rucio-server-cvre-rucio-db"
name = "rucio-server-cvre-rucio-db"
namespace = "rucio"
}
}

data "kubernetes_secret_v1" "jhub_db_secret" {
metadata {
name = "jhub-cvre-dbconnectstring"
namespace = "jhub"
}
}

# Kubernetes Resources

# Namespaces
Expand All @@ -29,13 +36,13 @@ resource "kubernetes_namespace_v1" "ns_monitoring" {
}
}

/* resource "kubernetes_namespace_v1" "ns_jupyterhub" {
resource "kubernetes_namespace_v1" "ns_jupyterhub" {
metadata {
name = var.ns-jupyterhub
}
}

resource "kubernetes_namespace_v1" "ns_reana" {
/* resource "kubernetes_namespace_v1" "ns_reana" {
metadata {
name = var.ns-reana
}
Expand All @@ -45,4 +52,28 @@ resource "kubernetes_namespace_v1" "ns_reana" {

/* resource "kubernetes_manifest" "<tbd>" {
manifest = "${yamldecode(file("<tbd>.yaml"))}"
} */
} */

# Storage

# StorageClass

resource "kubernetes_storage_class_v1" "sc_manila-meyrin-cephfs" {
metadata {
name = "manila-meyrin-cephfs" # ref.: https://kubernetes.docs.cern.ch/docs/storage/fileshares/
}
storage_provisioner = "cephfs.manila.csi.openstack.org"
reclaim_policy = "Delete"
allow_volume_expansion = true
parameters = {
type = "Meyrin CephFS" # ref.: https://clouddocs.web.cern.ch/file_shares/share_types.html
"csi.storage.k8s.io/provisioner-secret-name" = "os-trustee"
"csi.storage.k8s.io/provisioner-secret-namespace" = "kube-system"
"csi.storage.k8s.io/controller-expand-secret-name" = "os-trustee"
"csi.storage.k8s.io/controller-expand-secret-namespace" = "kube-system"
"csi.storage.k8s.io/node-stage-secret-name" = "os-trustee"
"csi.storage.k8s.io/node-stage-secret-namespace" = "kube-system"
"csi.storage.k8s.io/node-publish-secret-name" = "os-trustee"
"csi.storage.k8s.io/node-publish-secret-namespace" = "kube-system"
}
}
4 changes: 2 additions & 2 deletions iac/tf/cluster/outputs.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@ output "cluster-api-address" {
}

output "rucio-db-secret" {
value = data.kubernetes_secret_v1.rucio_db_secret.data.dbconnectstring
sensitive = true
value = data.kubernetes_secret_v1.rucio_db_secret.data.dbconnectstring
sensitive = true
description = "The db connection string for rucio helm chart"
}
4 changes: 2 additions & 2 deletions iac/tf/cluster/variables.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -35,7 +35,7 @@ variable "logging-producer" {
variable "reana-share-name" {
description = "The reana share name"
type = string
default = "reana_sh1"
default = "cvre-reana"
}

variable "cephfs-type" {
Expand Down Expand Up @@ -73,5 +73,5 @@ variable "ns-reana" {
variable "ns-jupyterhub" {
description = "The name of the namespace for jupyterhub"
type = string
default = "jupyterhub"
default = "jhub"
}
Empty file removed iac/tf/modules/jupyterhub/config.yaml
View file
Empty file.
11 changes: 0 additions & 11 deletions iac/tf/modules/jupyterhub/main.tf
View file

This file was deleted.

9 changes: 0 additions & 9 deletions iac/tf/modules/jupyterhub/variables.tf
View file

This file was deleted.

0 comments on commit a976579

Please sign in to comment.