Configure new GESIS Server at Hetzner Online GmbH

.github/workflows/cd.yml

@@ -232,6 +232,11 @@ jobs:
             helm_version: ""
             experimental: false
 
+          - federation_member: hetzner-gesis
+            chartpress_args: ""
+            helm_version: ""
+            experimental: false
+
           # OVH deployment paused
           # - federation_member: ovh2
           #   helm_version: ""

config/hetzner-gesis.yaml

@@ -0,0 +1,139 @@
+projectName: hetzner-gesis
+
+registry:
+  enabled: true
+  replicas: 1
+  config:
+    storage:
+      # We share the same S3 storage with 2i2c
+      s3:
+        regionendpoint: https://nbg1.your-objectstorage.com
+        bucket: mybinder-2i2c-registry
+        region: does-not-matter
+  storage:
+    filesystem:
+      storageClassName: "local-path"
+  ingress:
+    hosts:
+      - registry.gesis.mybinder.org
+
+cryptnono:
+  detectors:
+    monero:
+      enabled: false
+    execwhacker:
+      containerdHostPath: /run/k3s/containerd/containerd.sock
+
+binderhub:
+  config:
+    BinderHub:
+      hub_url: https://hub.gesis.mybinder.org
+      badge_base_url: https://mybinder.org
+      sticky_builds: true
+      # We share the registry with 2i2c
+      image_prefix: registry.2i2c.mybinder.org/i-
+    KubernetesBuildExecutor:
+      docker_host: /var/run/dind/docker.sock
+      repo2docker_extra_args:
+        # try to avoid timeout pushing to local registry
+        # default is 60
+        # this must have no spaces to be processed by repo2docker correctly
+        - '--DockerEngine.extra_init_args={"timeout":1200}'
+
+    LaunchQuota:
+      total_quota: 300
+
+  replicas: 2
+
+  extraVolumes:
+    - name: secrets
+      secret:
+        secretName: events-archiver-secrets
+  extraVolumeMounts:
+    - name: secrets
+      mountPath: /secrets
+      readOnly: true
+  extraEnv:
+    GOOGLE_APPLICATION_CREDENTIALS: /secrets/service-account.json
+
+  dind:
+    resources:
+      requests:
+        cpu: "4"
+        memory: 12Gi
+      limits:
+        cpu: "8"
+        memory: 16Gi
+
+  ingress:
+    hosts:
+      - gesis.mybinder.org
+
+  jupyterhub:
+    # proxy:
+    #   chp:
+    #     resources:
+    #       requests:
+    #         cpu: "1"
+    #       limits:
+    #         cpu: "1"
+    ingress:
+      hosts:
+        - hub.gesis.mybinder.org
+      tls:
+        - secretName: kubelego-tls-hub
+          hosts:
+            - hub.gesis.mybinder.org
+
+  imageCleaner:
+    # handled by buildkit pruner
+    enabled: false
+
+grafana:
+  ingress:
+    hosts:
+      - grafana.gesis.mybinder.org
+    tls:
+      - hosts:
+          - grafana.gesis.mybinder.org
+        secretName: kubelego-tls-grafana
+  datasources:
+    datasources.yaml:
+      apiVersion: 1
+      datasources:
+        - name: prometheus
+          orgId: 1
+          type: prometheus
+          url: https://prometheus.gesis.mybinder.org
+          access: direct
+          isDefault: true
+          editable: false
+  # persistence:
+  # storageClassName: csi-cinder-high-speed
+
+prometheus:
+  server:
+    persistentVolume:
+      size: 50Gi
+    ingress:
+      hosts:
+        - prometheus.gesis.mybinder.org
+      tls:
+        - hosts:
+            - prometheus.gesis.mybinder.org
+          secretName: kubelego-tls-prometheus
+
+ingress-nginx:
+  controller:
+    replicas: 1
+    scope:
+      enabled: true
+    service:
+      loadBalancerIP: 116.203.245.43
+
+static:
+  ingress:
+    hosts:
+      - static.gesis.mybinder.org
+    tls:
+      secretName: kubelego-tls-static

deploy.py

@@ -31,7 +31,13 @@
 }
 
 # Projects using raw KUBECONFIG files
-KUBECONFIG_CLUSTERS = {"localhost", "ovh2", "hetzner-2i2c", "hetzner-2i2c-bare"}
+KUBECONFIG_CLUSTERS = {
+    "localhost",
+    "ovh2",
+    "hetzner-2i2c",
+    "hetzner-2i2c-bare",
+    "hetzner-gesis",
+}
 
 # Mapping of config name to cluster name for AWS EKS deployments
 AWS_DEPLOYMENTS = {"curvenote": "binderhub"}