diff --git a/.github/workflows/cd.yml b/.github/workflows/cd.yml index d5ac0d5d6..8120f6ce4 100644 --- a/.github/workflows/cd.yml +++ b/.github/workflows/cd.yml @@ -232,6 +232,11 @@ jobs: helm_version: "" experimental: false + - federation_member: hetzner-gesis + chartpress_args: "" + helm_version: "" + experimental: false + # OVH deployment paused # - federation_member: ovh2 # helm_version: "" diff --git a/config/hetzner-gesis.yaml b/config/hetzner-gesis.yaml new file mode 100644 index 000000000..1f9cdb012 --- /dev/null +++ b/config/hetzner-gesis.yaml @@ -0,0 +1,139 @@ +projectName: hetzner-gesis + +registry: + enabled: true + replicas: 1 + config: + storage: + # We share the same S3 storage with 2i2c + s3: + regionendpoint: https://nbg1.your-objectstorage.com + bucket: mybinder-2i2c-registry + region: does-not-matter + storage: + filesystem: + storageClassName: "local-path" + ingress: + hosts: + - registry.gesis.mybinder.org + +cryptnono: + detectors: + monero: + enabled: false + execwhacker: + containerdHostPath: /run/k3s/containerd/containerd.sock + +binderhub: + config: + BinderHub: + hub_url: https://hub.gesis.mybinder.org + badge_base_url: https://mybinder.org + sticky_builds: true + # We share the registry with 2i2c + image_prefix: registry.2i2c.mybinder.org/i- + KubernetesBuildExecutor: + docker_host: /var/run/dind/docker.sock + repo2docker_extra_args: + # try to avoid timeout pushing to local registry + # default is 60 + # this must have no spaces to be processed by repo2docker correctly + - '--DockerEngine.extra_init_args={"timeout":1200}' + + LaunchQuota: + total_quota: 300 + + replicas: 2 + + extraVolumes: + - name: secrets + secret: + secretName: events-archiver-secrets + extraVolumeMounts: + - name: secrets + mountPath: /secrets + readOnly: true + extraEnv: + GOOGLE_APPLICATION_CREDENTIALS: /secrets/service-account.json + + dind: + resources: + requests: + cpu: "4" + memory: 12Gi + limits: + cpu: "8" + memory: 16Gi + + ingress: + hosts: + - gesis.mybinder.org + + jupyterhub: + # proxy: + # chp: + # resources: + # requests: + # cpu: "1" + # limits: + # cpu: "1" + ingress: + hosts: + - hub.gesis.mybinder.org + tls: + - secretName: kubelego-tls-hub + hosts: + - hub.gesis.mybinder.org + + imageCleaner: + # handled by buildkit pruner + enabled: false + +grafana: + ingress: + hosts: + - grafana.gesis.mybinder.org + tls: + - hosts: + - grafana.gesis.mybinder.org + secretName: kubelego-tls-grafana + datasources: + datasources.yaml: + apiVersion: 1 + datasources: + - name: prometheus + orgId: 1 + type: prometheus + url: https://prometheus.gesis.mybinder.org + access: direct + isDefault: true + editable: false + # persistence: + # storageClassName: csi-cinder-high-speed + +prometheus: + server: + persistentVolume: + size: 50Gi + ingress: + hosts: + - prometheus.gesis.mybinder.org + tls: + - hosts: + - prometheus.gesis.mybinder.org + secretName: kubelego-tls-prometheus + +ingress-nginx: + controller: + replicas: 1 + scope: + enabled: true + service: + loadBalancerIP: 116.203.245.43 + +static: + ingress: + hosts: + - static.gesis.mybinder.org + tls: + secretName: kubelego-tls-static diff --git a/deploy.py b/deploy.py index 51c10a6ca..efd447641 100755 --- a/deploy.py +++ b/deploy.py @@ -31,7 +31,13 @@ } # Projects using raw KUBECONFIG files -KUBECONFIG_CLUSTERS = {"localhost", "ovh2", "hetzner-2i2c", "hetzner-2i2c-bare"} +KUBECONFIG_CLUSTERS = { + "localhost", + "ovh2", + "hetzner-2i2c", + "hetzner-2i2c-bare", + "hetzner-gesis", +} # Mapping of config name to cluster name for AWS EKS deployments AWS_DEPLOYMENTS = {"curvenote": "binderhub"} diff --git a/secrets/hetzner-gesis-kubeconfig.yml b/secrets/hetzner-gesis-kubeconfig.yml new file mode 100644 index 000000000..f3fd70498 Binary files /dev/null and b/secrets/hetzner-gesis-kubeconfig.yml differ diff --git a/secrets/hetzner-gesis.key b/secrets/hetzner-gesis.key new file mode 100644 index 000000000..8b9a08a54 Binary files /dev/null and b/secrets/hetzner-gesis.key differ diff --git a/secrets/hetzner-gesis.key.pub b/secrets/hetzner-gesis.key.pub new file mode 100644 index 000000000..4c2f89709 Binary files /dev/null and b/secrets/hetzner-gesis.key.pub differ