Configure new GESIS Server at Hetzner Online GmbH

[rgaiacs]

Closes #3264

• Get credentials from GESIS IT
• Add new credentials to this repository
• Clone https://github.com/jupyterhub/mybinder.org-deploy/blob/b0d4d8ef56c99d887d74b900527e6c0de68da17f/config/hetzner-2i2c.yaml to GESIS f566bd8
• Merge Add template_file config and document page customization binderhub#1923
• Merge Bundle CSS and SASS together binderhub#1953
• Merge Add id to buttons in launch form binderhub#1954
• Bring the GESIS Corporate Design to gesis.mybinder.org dec96ac
• new domains to be created
  • gesis.mybinder.org
  • hub.gesis.mybinder.org
  • grafana.gesis.mybinder.org
  • prometheus.gesis.mybinder.org
  • static.gesis.mybinder.org
  • binder.gesis.org or similar
• Install K3s on the new server
• Do the deployment

[yuvipanda]

This still needs to be enabled. What we'll share is the backing object store that the registry talks to, so the storage that the registry uses will be the same. But we still need a registry to serve them from here. So this config should match exactly what's in the hetzner-2i2c one (including secrets) so it can use the same storage backend but run its own server.

[rgaiacs]

@rgaiacs and @arnim have access to the new GESIS Server at Hetzner Online GmbH. K3s is configured in the new GESIS Server at Hetzner Online GmbH.

[yuvipanda]

Can you invite me to the project as well?

[rgaiacs]

@yuvipanda I want to invite you to the project but GESIS IT did not even added me or @arnim to the project. The IP of the server is 78.46.233.119.

[yuvipanda]

Ah! Is that something they'd be willing to do? I think it's important for us to have access there, for two reasons:

1. Hetzner sends out network abuse reports for us to deal with, and we must deal with them. I'm guessing GESIS IT doesn't wanna do that, nor can they realistically
2. Need access to the console for setting up additional disks (For DIND) as well as firewall rules

[rgaiacs]

I think it's important for us to have access there, for two reasons

I agree with you. @arnim and I explained the reasons. But the person that assisted us today to get the server running could not make the decision regarding giving us access to the dashboard.

[rgaiacs]

Need access to the console for setting up additional disks (For DIND) as well as firewall rules

We mirror the configuration of the server provided by 2i2c that you configured.

[yuvipanda]

I've added DNS records for gesis.mybinder.org and *.gesis.mybinder.org to 78.46.233.119. Hopefully that unblocks you, @rgaiacs.

Hetzner's network abuse policy is that we must respond and take action often within 48 or 72h, or they will simply stop all network traffic to the server. So, I think we must have project access before we can take this into rotation.

[rgaiacs]

This PR will only configure the server. In another PR we will add the server to the federation. I'm merging this as it only changes the files in the GESIS namespace.