2i2c-org / infrastructure

Infrastructure for configuring and deploying our community JupyterHubs.
https://infrastructure.2i2c.org
BSD 3-Clause "New" or "Revised" License
105 stars 64 forks source link

[Hub] - Jupyter Meets the Earth #433

Closed consideRatio closed 3 years ago

consideRatio commented 3 years ago

Background

A collaboration space created for Jupyter Meets the Earth.

Setup Information

Important Information

Deploy To Do

yuvipanda commented 3 years ago

@consideRatio \o/. https://github.com/2i2c-org/pilot-hubs/pull/391#issuecomment-838747867 is our draft docs for setting up a hub on AWS in this repo. I'd love for you try them out and we can see how it goes?

consideRatio commented 3 years ago

@yuvipanda thanks for that pointer, it is very relevant for me to have right now so I better align with various infrastructure choices. I figure its better for me to go for kops even though my experience is with eksctl at this point to not setup something different than other clusters.

At the same time, is the main reason for abandoning eks the inability to scale a managed node to zero? I ended up opting for non-managed node and everything has been fine doing that. Wait! This belongs in https://github.com/2i2c-org/pilot-hubs/issues/431, I'll ask it there.

yuvipanda commented 3 years ago

I opened https://github.com/2i2c-org/pilot-hubs/issues/431 to discuss EKS vs kops - I think your experience there will be invaluble. https://github.com/2i2c-org/pangeo-hubs/issues/28 has current information on the switch - it eventually came down to costs, but I've found EKS somewhat clunky to use.

consideRatio commented 3 years ago

@yuvipanda I've now read through all documentation at:

Questions raised and answered

Reading through that with the perspective that I'll create the cloud infrastructure myself, I was uncertain what would be created by myself and what would be done by 2i2c's various scripts and such.

Will a NFS server be deployed within the k8s cluster?

Does the hubs in pilot-hubs assume they run in the 2i2c managed cloud projects?

Does the hubs in pilot-hubs configure something besides the things within the k8s cluster?

Does the hubs in pilot-hubs assume i setup some keychain or similar in some KMS service?

Does the hub allow for managing custom images?

List of misc questions:

How does the configurator influence the user image chosen, and how does the various settings override the helm charts passed configuration?

consideRatio commented 3 years ago

For transparency and to help me think clearly, I'm making this write up thoughts regarding using 2i2c-org/pilot-hubs as a base of configuration for the JMTE deployment.

yuvipanda commented 3 years ago

This is all beautiful, thank you for writing this up, @consideRatio!

The configurator is not required - in fact in most cases I just set the image tag in the config right now - like in https://github.com/2i2c-org/pilot-hubs/blob/fef7da6a93284d006a8536b144f3fd0a0be5a936/config/hubs/carbonplan.cluster.yaml#L59. So you can basically ignore the configurator now.

I actually think it'll be great for you to use eksctl in this case. I think we should pick and choose which one we want to use based on the circumstances - I think the ideal outcome of #431 is to determine when to use kops vs EKS. I suspect we'll end up using both for a while.

hubploy is in an interesting space. I think the current setup of 1 directory per deployment hasn't scaled well in repos with a lot of deployments IME. Too much duplication. I also think that possibly introducing jsonnet will have a longer term reduction in complexity. This is a radical change to hubploy since the set structure is one of the core parts of it. Many parts of the current scripts are cannibalized from it (particularly around sops - but perhaps that should be its own small library). hubploy grew out of the deploy scripts I had for https://github.com/berkeley-dsep-infra/datahub, and perhaps something can grow out of what we have here? I personally don't plan on doing any more work on hubploy...

But, it's extremely important to have an off-ramp from this repo - that's an essential part of right-to-replicate. My earlier thinking was to make sure we have a way to just extract out a values.yaml + base-chart config from this repo so people can continue using the same deployment without any changes. But perhaps a better way is to use this opportunity to think of a way to decouple the deployment script from this repo?

auth0 is primarily used for automating the creation of credentials, you don't have to use it! However, currently we don't have a way to store secret values to be merged in in the repo (something that hubploy has), so we'll have to build that in.

Can you give me an example of a super-custom thing you might want to deploy? My intuition would be that anything useful for JMTE will also be useful for others, so we could just incorporate that into one of the charts we have. Alternatively we can create a new meta chart.

I hope this is all helpful. Everything is nascent and malleable in this repo - I look forward to your experience and contributions shaping how things happen in this repo :)

consideRatio commented 3 years ago

@yuvipanda :heart: thanks for your quick and thorough response!

An example of a super custom thing could be a conda-store server, but that is of course quite standalone and could run in a separate namespace and such. But, if we want to maintain that we would want to setup some automation in a separate repo, setup sops, setup a KMS location, etc also for that repo.

I'd like to get some sleep now, but I'd love to speak with you 1on1 and brainstorm a bit and then try go at full speed with practical steps towards having a functional hub for JMTE.

Would you have time to chat with me sometime during 14.00-18 in your timezone today? I assume your clock is now 06.40 btw and I'll sleep ~7 hours. I'll be available on slack at your convenience if you do, and you could if you want also schedule a time slot here.

yuvipanda commented 3 years ago

An example of a super custom thing could be a conda-store server, but that is of course quite standalone and could run in a separate namespace and such. But, if we want to maintain that we would want to setup some automation in a separate repo, setup sops, setup a KMS location, etc also for that repo.

I think of conda-store as something that would indeed be broadly useful! It could live in basehub, in fact.

I'll try book a slot now - I see it's almost 4AM for you?!

consideRatio commented 3 years ago

@yuvipanda thank you so much for your care and effort to help me learn a lot about the 2i2c setup!

Here are some notes i scribbled down while speaking with you for future reference:

consideRatio commented 3 years ago

PRs representing current progress

Status summary

@2i2c-org/tech-team anyone with a guess on what to do about the first to situations I'm in above? Note for the first issue, I've provided quite an exhaustive report in the linked issue.

yuvipanda commented 3 years ago

Yay!

For EFS, you need one mount target per subnet your EKS cluster is in, added to all the security groups in that subnet. Access points aren't used yet.

yuvipanda commented 3 years ago

What kinda functionality do you want for storage buckets? A PANGEO_SCRATCH and SCRATCH_BUCKET setup per hub?

consideRatio commented 3 years ago

Yay!

For EFS, you need one mount target per subnet your EKS cluster is in, added to all the security groups in that subnet. Access points aren't used yet.

Noooooo! Yuck, ALL security groups? Not just one or few? It turns out you can max have five per mounttarget and i have more multiple worker nodegroups...

consideRatio commented 3 years ago

A PANGEO_SCRATCH and SCRATCH_BUCKET setup per hub?

Is this documented somewhere what it means? It is not clearly defined in my mind yet even though i saw a reference about an environment variable in a startup script for pangeo-notebooks image.

yuvipanda commented 3 years ago

Is this documented somewhere what it means?

https://github.com/pangeo-data/pangeo-cloud-federation/issues/610 is the upstream discussion. With https://github.com/2i2c-org/pilot-hubs/blob/fef7da6a93284d006a8536b144f3fd0a0be5a936/hub-templates/basehub/values.yaml#L322 the customization in the image is not necessary.

consideRatio commented 3 years ago

We have a JMTE deployment active and functional, I think this can be closed now!