diff --git a/.github/workflows/deploy-hubs.yaml b/.github/workflows/deploy-hubs.yaml index fb70d1c146..6a2cbdb1f0 100644 --- a/.github/workflows/deploy-hubs.yaml +++ b/.github/workflows/deploy-hubs.yaml @@ -215,10 +215,10 @@ jobs: run: | deployer deploy ${{ matrix.jobs.cluster_name }} dask-staging - # - name: Upgrade binder-staging hub on cluster ${{ matrix.jobs.cluster_name }} if it exists - # if: matrix.jobs.upgrade_staging && matrix.jobs.cluster_name == '2i2c' - # run: | - # deployer deploy ${{ matrix.jobs.cluster_name }} binder-staging + - name: Upgrade binder-staging hub on cluster ${{ matrix.jobs.cluster_name }} if it exists + if: matrix.jobs.upgrade_staging && matrix.jobs.cluster_name == '2i2c' + run: | + deployer deploy ${{ matrix.jobs.cluster_name }} binder-staging # Retry action: https://github.com/marketplace/actions/retry-step - name: Run health check for dask-staging hub on cluster ${{ matrix.jobs.cluster_name }} if it exists diff --git a/config/clusters/2i2c/binder-staging.values.yaml b/config/clusters/2i2c/binder-staging.values.yaml index 46632d1e31..dcfb9de3d4 100644 --- a/config/clusters/2i2c/binder-staging.values.yaml +++ b/config/clusters/2i2c/binder-staging.values.yaml @@ -13,7 +13,8 @@ binderhub: token_url: https://us-central1-docker.pkg.dev/v2/token?service= BinderHub: # The URL set as jupyterhub.ingress.hosts[0] in this config - hub_url: https://hub.binder-staging.2i2c.cloud + auth_enabled: True + hub_url: https://binder-staging.hub.2i2c.cloud image_prefix: us-central1-docker.pkg.dev/two-eye-two-see/binder-staging-registry/binder-staging- auth_enabled: true template_path: /etc/binderhub/custom/templates @@ -69,9 +70,33 @@ binderhub: jupyterhub: ingress: + enabled: true hosts: - - hub.binder-staging.2i2c.cloud + - binder-staging.hub.2i2c.cloud tls: - - secretName: https-auto-tls-binder + - secretName: https-auto-tls-hub-binder hosts: - - hub.binder-staging.2i2c.cloud + - binder-staging.hub.2i2c.cloud + hub: + redirectToServer: false + services: + binder: + oauth_client_id: service-binderhub + oauth_no_confirm: true + oauth_redirect_uri: "https://binder-staging.2i2c.cloud/oauth_callback" + config: + BinderSpawner: + auth_enabled: true + JupyterHub: + authenticator_class: cilogon + CILogonOAuthenticator: + oauth_callback_url: "https://binder-staging.hub.2i2c.cloud/hub/oauth_callback" + # Only show the option to login with Google + shown_idps: + - http://google.com/accounts/o8/id + allowed_idps: + http://google.com/accounts/o8/id: + username_derivation: + username_claim: "email" + allowed_domains: + - "2i2c.org" diff --git a/config/clusters/2i2c/enc-binder-staging.secret.values.yaml b/config/clusters/2i2c/enc-binder-staging.secret.values.yaml index 6cc152ce09..75f0912059 100644 --- a/config/clusters/2i2c/enc-binder-staging.secret.values.yaml +++ b/config/clusters/2i2c/enc-binder-staging.secret.values.yaml @@ -3,25 +3,22 @@ binderhub: hub: config: CILogonOAuthenticator: - client_id: ENC[AES256_GCM,data:0geI4CrkoLofGQiINJdHaf/t5h6CLh+vBX319Oq7g1s/KWUW/1EsXx/VKNx1U3tt/F4=,iv:m07AeKeBbhrnc8G+xQZ1Y3g75kAzdIfGZg7iBfv9UCI=,tag:orVcBLft0DkuZOy/H8jsAg==,type:str] - client_secret: ENC[AES256_GCM,data:Yh6xjgQ9SqeEGeGz9gmEl29a93/XvvbQNoSVyHvZIgXB5QOXUTuwdPWXQCkBO9rt5UD0TjWad+PYRtB3ek2vyzr5sgoBIA6934P2quCvpJxya7MpsLk=,iv:ppL9hmPba7TjXTt0ND0J44oVFkz89Nl1jhCWbvECz0w=,tag:kBtB5nOzw4gMFSeoqWEuDg==,type:str] - services: - binder: - oauth_client_id: ENC[AES256_GCM,data:Tdc9bQmU0F/0jMf/S14XqXJqeybBqtycc0cbhdUYpTpaWaOJM6x8SOfOw7B8HWE3rDM=,iv:b/lA734rHp6n56bTRrqs6CPzYtyqTesDnH+juCSRlx0=,tag:1WGNxA4/ZdDZdoIQ3wlOHA==,type:str] + client_id: ENC[AES256_GCM,data:lmo+SPm5Fg5EeGdcYRzSJWOUC/OQgRkjfxIgCGKoTnDVb9BW0ur20eYSf/n2MRYc4E5S,iv:WJNvfVSiPESgtRcNGFMCvfdgnDkgsUaK1DfWgWWYzNw=,tag:8uu6rctiLC/G8wPh6S6erQ==,type:str] + client_secret: ENC[AES256_GCM,data:Zjp3ZWB2lhQ2a7Dk6b3NpFSesIh4MSXyL07QuVr97yDDQ4zyTrPYFAtoUEPoic9BPjhlFoDTmAFwgnhl5XfEf4EXmwSXf8AywQmtG+nVyaniEvERWgc=,iv:n3yln+IOt9GDg4ZjpapC00X9nf0ZhmIyYEFQQ/0JyRU=,tag:kZGN/hzcqtbu0+bcYgpf9A==,type:str] registry: - username: ENC[AES256_GCM,data:9LeQi3hx9Dkd,iv:A6BPZhzafi9ae2eCMAz22CIspdTiQ1YgPVJ21dK/20s=,tag:w0wnwXKca54wJFT2KObwdA==,type:str] - password: ENC[AES256_GCM,data:OE4Ju2EBsTNvVYZBvlOQjEe6kanRcEUO/kWf2RTe2Ph/Ju7/weHok4HN7OwVF53AURm1yasvpJXQyAaZY2BuGj/wb/4zVuwpWrlS0OnUnU6m2z/aIDcbx4Dg+g3bucjTQXGNqXwZFsBFCNrmAHyFQnTBJfuzKI9ryVBrVxrqNcd1CstZ/HBKJ0BHd3IcavLS1Aw3fXAgOg+XsHJ3afR27TqhTyu/rKKh5X6k1Gy7KsLT5XCqNz3RR04SEx3wR16LAp0NfIkThxNXdtGJeJ7mVYAYZbi9k5/PJNJPFNtruApAGl30wwXqUmYzk8PzOMY+guc/RCjdRueDwZ964Rj8E/yp+YqeWHlDrsefF30amQYjDQpuNx74XvNSA0CNhCOLZInsm2aTGR60F8NbEpffx3XKFp+gCYZfkVKo2h8JtmzUCqHHXS6ixUWEizJsH1fybtocD9CsO/XM/oHdCc+xZXQ/7OPA9dc+rieZS2ot+doIHgWt9dwOXOl/hVooX3VBDD4UY9LF2y+5VV1GO+VaDS9M1p1Ke1YSRIC/kiB+H86wkgyujdcjZ726vIV4C0poSR7dDSz7CZ0NdC6Yr6zLQK3/24pQ9TM5xnW6Q/b/UUcffdtDgwpOvPSkJFF+9kuzhl8Tr3A/TB1Z02a1LFgy2oWzFBpcCZL7gLiBgu4ocVm+IzyGG+HPCnmZL5ywruF+q8SE+zNzXNFtZpUGnqs9simNWp2Cg0kaZOExXrbQrh/OX8rMqkemU/Vr1APe/zqUN8L3U79aJOoFPZzv1xVy02xryBx5kZ13WfT23dbhZaPxdzbuRBBcU67Z7EQIN53JjQ5HcrP0tCs21KOp0tkBQP+x1OJO6F4OA/nEImMOLmfggvvY9yRDnG6re6YoyT6sMEToxxyOdRs7sAfdEIviig70n+7e9UUBdOcxk4wad+86jNa9sBR2fLZXY+XX8Gk5c95hkohaPwZ+u1k7C5wHS0nHxm9tKNkHFCKOqAOMkIP2/+OxEy8+M5fWUP8H4dic1sZQYyTR8mfGIqXwuAAGXLNjKOFbC4kzU4IFFr2qfH23wB/5BkuTz/3y1QWBJEB2fPaPEsNZMdxDumWRIsGXiBPeEb9QYMRgKHm2yS2AfXDh4kWBZ1Fzud6yw8EibQNSLzAYm5dvv8l4WVD+VFrO24MPQG8WCIjNJvJsdOayH4wE1YEeDeFr9JXk7pEbtfMrUFUxsAZoEC2/kFD4KN4424GXF9PO+nYrtu0u2G3XhkFR4MWbCVDAEdpXe08GBvkbuzxayMd/kU107AXT+qXSHOGIlDg4+9NjJSf7ikIaiwFPQDbs+jI3kNjk1SBcp3Th8Pxiq+Fynj2czrNtJbuioicft7JVm+1lTkkfcnv9CmjbSrZHJMmm6gWEQTJoO/h6VgW05jwuEsw4ZsW5GGJ6esYHLjLCEKk6jhyUHJDHyz3ANxKijyMd0kDbAW4BxujvHAw0XvpsX4joLk1dayDfoKJUGaZVwmEAbY8EAVGMmPgEGUHlc+KTaeSfrC11DTDUfG/DAOMWMdCLilYvDHikPrEkRtDddAMEDo4zERa6V8iOjHhfo/FV7mfF/Kf/ryZBkT2GBa81Afd5W/hvjiVtqwnsStHOiHcGg6pL8zTA4J3wNpySKyG8ISm/H6rCV/sN9g0ZGpY98BMhVUbhRK93bi+PAvhTkcbhIKiCfr9XIR5+3GtvkIJklGeQRofo0HROTeReUOf9PoudlTVV1cm1XV1zxf/rOg0DLquXYas5sraPWPmb7GVME+qhXOU68MEk9CUQJaAtPFW7p6UyJkw8rSn2ZhvDi1Qp4ahYdKZErIj+R8pYAXG/IuAHf0YvA5uGV1qnijwv8CJwqk11VMl9nQI0y2b5zZ2JV7gfnmRfzHbfCF35hqaGa4lqNkXLhQguoRIFfzlh5lGvTy+Qr8V58UUfacKh9OPqXAzXqpJ0FOy/PiNONS2LCdDWevB0rYHdcIqNbTK90J9rxw0DnpEMeM6MVrnapWTW2Kp3zqxS4opUBBF10Bb36W++G6/uTzTUzcZ4TMAfLIeX/sQ7aYEKy4Jk2Ui+6tH7CTUxePUIopKzCv0AT0DyiUdbsvAEGTlxdAvtAKLRUdOTxNyL3DErjcEBs02BQh1ua0ub/Qh8GapZVKOt4ZGcvFgbxYnb72wZffkKZEQW36Lod1NycdxYVWHR0zu6veDXAWsbLbIN79vdyOnRuddpRbhFkSHUbSoxNVGUnUKQ3e9MI/8j85Xrn4EDE6H8twK/PmJ17IQ9KYDLG0uYHOP6kLAQuKSvszuooEvwYNSvh04ySASdOYHOCDbFSUkZGaS9PLFt8hRyqdRnfhA+PThQfoyedCOhS3DxvBbEa9Y5rur1njvza+6G/E5LKP0o6Zr68YWrJaU2a4nzIgJc0vDgqA89zySYmsoydIunoehx9F5JptjOFNyJdY0qD/iP3NxPvvMoGcDv4av0WC33Ku/wKuEH1Zcpq+LevDYy89ldeSWHJBZkSAxoynCVJzmPTSYiypAT4Wzr+yOLL0fcoPaH/b95acIIO7QZYOJ9AjLTuWOOo6OCRQumxDYt5ffratK3k3rQJp/pzI5sYBvDdRrD9N10ZKl5F2i2qUqaVHqM9CV1gTpCKGcOpwIS832CpbSd5VsjbIi97HuQym1ZFMEL4i1XEF4wfWUUqupAaVoMZYTspiJ4zqc2KBlFSftdSz6yUFa7HDEKJflZ1tonF3AGubRGuy1oQfLkWoK8LZlbQBL2HdI/U32PydYcD2aDijRiKVVs9M+CZ5qYn1nnkuBtLtK2mJV3qUSK3VuclztoWscOthk1kkkufxk1TdmrFuYIjXck7tt5sXc5AQIqRN6Wm3ZiuBZoV5TLT/joz/UmzPkZ6bFSfK3iBxVyAy1mMvYpENjsaaq+J07NoIwJpUFciEosYJUGysJ3ITGvVVuBKc/O0P+Ibi98GsLCdrvr2NbYpUSgewfWqKar+MY2pol0bo/wItJvLYQyi7gECU8T5CUOGxDimGwYv0a62ZNY+p5xDy6p7UiHOh6KI8bIapvF7SQLg5oIE+NTSrID3zGoZWrDxQQqVk6XeCm4t0WPv1gKyCcutZcjDLkC0lhaLKXqnJFalreAtsICK+QTyW5PWRkorrvIJrJ4PA==,iv:4C0Qrd30FUuEiGuJzkr62KE6ZnF75Dfcp44jGaCYvAU=,tag:8efkAp6LbHqDavzGbQh3NQ==,type:str] + password: ENC[AES256_GCM,data:4NDH2rvYvN8jXrMEQtlVgS+2PM/KZhCaTLqe9O8QtdD/zqHKoAZGQMtfDYytuj7QRqQQ4CT/06xrxLCSQmoYBYrLtn81MkUoUqNXdCPYcWmlQB5vnNwP5+mgUDiPgK/EJaIZEfBdzJr4RRJ1F9sQO642WsQo7h399VjjP8LUC31r1GE6+pLXQqhKMrQEp6fSxOptivvyEomAHR2et98LM+rkW6XgIdY9Skkz50tEiq53x0QbaQrKUvOHTSSPtmRjTWDmghlJ0TKQb4HVZsZAWLtNuQV1O3/HwRM4oKBb0Cm8Zkz1/b/Knsdbo9vLcyfr0UQoKnntkliknfhTBss/cm1327kIzcWpQOatUBWsuPLOUM2ttoAq6VBUzsst1vig5J5DDQ/PmV63gv2O2iPzpQLFhQVM1lin/XwOIDq0L761kmw+8NtrdaDKPYE+XAa+06FwLj60F/cN/fvSMfoajklagOXvrIRVqTLGm2L1pshU/Ik9IaJomKSkTaC8KdqvuJy7bDGtqpQR5aNXzGONzo9+hJ0jMHeNnY2HJikIcHfwhKeRW/Ilb+6vWjiWvmeH9vPD7AsPMym7lfC2Tbo3eOhQ0DZ7Dh7/o2zv0bL7lC3QwiIS7OCCbH7BGBhsYWKtSs6WRIMwsvAYhH5pK0R9QChOWliRNUHQA8ZT4jPyRaf6VI+V6/it5brzcvQy6+xm+UBff6NL5svIyPngO89PDljEHFEnfL6xV0M2QaPoqjDAOEeFyL7F0AHLleaa0NHwIyUTM/CPvwadFxD/o2dqFIvckfGYi1Y45Yc8tia2U3Pm0TZfLVc4i3CaRy21daI7zolf69dCePhDF7XXCO1ljT9BOXVKNRdcWIA0V5byjba3cbQ3vMEI2VXJL/gWF1Phpi45pvQdO/5tVbx6R1Ai0awxm6RbRU7cXF7qRb3hIlQQ4weu24uncbySSE3oH3PmJBiwtRvin5c3znoLPnqltqfftybHTbikaYVrAt80dZgw3W8UOsEex67igESpGTXBECxLC0i+3rwo7xiNxrJ+/SCf/CIc+bOi4sBImZz1i9LUdLx12hza7K5qDUM92cIMKg4dEGcGDef0UpDKvMNA0POweq3nV5XOqc7+/55XRjiWNZeZ6eAeOTr8NPOlNBcLNZYtOJkGR7wGzYzP9To0AHeXJkbISpdGHan7xED87FGOrBAstfPUVG2ZXYkuGyGY/JfuIoWjXXvExOtSkMTkXYZPWM5vIWOILJM5/tkRXBRC2y2Lb+qugaldhudLneyhC90SbMplEanBhfa+kDjQVGlWFxkp4navazcMYDvDTydAGlsfi4GYC3BZGx5Z/8hByZiGeoeuy1yRhATEDeJUOAxTvKR+TtgUp7Pt4nAeOCRcFwYuxSf8EGKt1+XXgjZFSZnjAPe66A+HN/bOIwXuM0fXB58Tc58aMY8x/wMSdPXH9b/wM48YQ6xP/4VysEBW5Dg2P5CXhqIp4YTdJvNo/JRykADv5wc5NQ95w5z/6xB2fczYbdXEhKXiowACMoXON1F/sL8HzA4JzTxpYaVkzKMR1T7OYXyMs4ZJx+sViUVyx/2dMdXRBivXKZznPFbGx6n6rApPTGmxEVe5cYc6eDNFxFj2nt/fhEYFiMkYcRjpnXf0KtjtXnkKhVDYSn5rKrDjagsY78atJ7CSCy0EAY14k+DhHmr3gNGyHIZ1+R07jl5kM8g0iLS/I5HUjays01vQvP0tHP39u25hOh8AphWtSQJwQOCEXR8A22DsT9dxoWtzidxPRwje9BMTpAGue+IaGip9fdQ3tN23YprYwrkjMRH+y4nATEYztzLOZ3ointQ3nVHw6mdvbqUczreMR3s4ahTkMviJapxjltSE98+kJEc/sGfTnUNpiYqMAQCSAJZhirvnxWLc7p0BtevwB5XqsEQupqUXT1fC1ZUK5G9YPHR45YQcRAoCQB9L8VUulo7lYdjRMqWH8JCPoh83jqVX9XxynaWNotrzjiKPpUP4tSjufL/5cMyXxVvlzxEAUMcIaOwXpXezIlRUxvNXP/oC50YSQpSJEtgC4hbZM3ZbbxDwbEckI1cueiGwMUElN1TuIjMEyz6dGdQPmEA+FBVeGIs/x5LZhghD6/66LeCNB6Tv3m9YCv+Zj+yL4Zkiw9gpT7IT+wbQznuV+/h0FuEg+aLJD9RDZIPAxShr7sJiAWmGEFvkbL/A0FRzia2QYFhe95RMh+qvV0MuPvtaHc77ke9QFihWLaQYKgOAOqDJN9pIa5Il5Un6tOTBuLmSB7cdgeG47tdm0rCvr/B8N4WkuOX7aKNcrGXSpr2q3mZ4J0iOni3k6Wmz5R59r5/mXwz/oEPOzqgiNg48GT5LHjRaZayT0ePt57PJf4I4VsRBbgy/Cw11iXR5rr1IV36cOrO0lIMgJ8BGBrDkLtwD+noGWWPp2ONZFatEgSCmiSyIbpF8pLLIXowYcyFzws0g8suf7xSjjgbvmhxzomQ4VvuODFBj2zy/G+IfzWTsvXLAmgi/uZOd4H9waX1Wzrgz8mbt5l9LdQFBrVHKSJKmaMEq9U3Kaj2S//wIuGCahA2CQ/AVbtM6x6GDCIvac5joMJ7nIzG95GDSJVE8A97McQVlA5DdN2VLEb/zEnCjcnmFfSaJXaZM/gw7LNJi7bGBKnIDzKtuzO54ki66/YZT4iYbJBDI3jTfzgYsprm+f6Dc9uXnZWE2ublS3CEerl40IyPapkL4kleUe5Wx6ZEloU3bzjsGbx7xUpK+xj6oirUhZlrJvlkwaqhJYa9yQaqd9dkQxJpOnvMfgtRne5bSGRw7qXi36qzmLg32ctRwqf+PIcGLZV4POiIM2SeDaCNqrr+rkUftRaD5OfG464Sx56Y8QA+5yq8r9o6oO603bfxYVPn9KGV4ltmOVIbkKqk/b6ianaNAIdsJA9WOfDFynxZ8N0Rpfgl0/auUcDeJRnKESJTXE3uextZ7pHMNirWcSE7IfqflSCuXq8uRgFliKONFJ7EKsx5CdplQRFUrMRXuKwoDOplHFlGuR5qa/8yDmh3C+IdYKBkOnE5jnxLK1KOV3CWKfLD9EMV5j+pI89A07WoC5/W/PAAwR3rn6YYwqLm+wehtNngrVYKT4xKYVUNOpTKpUSrM7Ok3EtTEiw==,iv:1q+DrCDVZVS5sjOXLSxDaqTNP63hV/gX6vEA0DLdWEQ=,tag:skYSdgTtLKi7nB5oKFHYHA==,type:str] + username: ENC[AES256_GCM,data:RcTIaMP0pi98,iv:nszUBWnX0RFxIyZtXabdcsKhfab6gq0FWS0bQchPRsM=,tag:ns2cbMp38GTRNrbg7yso3g==,type:str] sops: kms: [] gcp_kms: - resource_id: projects/two-eye-two-see/locations/global/keyRings/sops-keys/cryptoKeys/similar-hubs - created_at: "2022-08-01T14:05:40Z" - enc: CiQA4OM7eBvlCz4HJOd6KfhEFgdrF/ttkqfBrPr+vllYTmeA/BYSSQBq6cPrnSK06vOUOKi/N/LsHQFknwhQiP4cH3LVJDy0p2GWL1z2/XtnIVljuyZCkSUomhKzNIp+ClTzsQ9EZ1+5nNslH4+yFN8= + created_at: "2023-03-21T09:32:00Z" + enc: CiUA4OM7eGUo1x5cSQOKMOCKM2F+7MT5wWEd8zMnGxCRerQdCibVEkkALQgViN+uU1JfIwyrS5/ZeCobvHyAoR8rrG4RKwG9RBwlJnNL81MKzw7jDcvKJoxW+dgbGoDtJ4Sy/UZAZqD9ozTAlAeCPsXC azure_kv: [] hc_vault: [] age: [] - lastmodified: "2022-08-01T14:05:40Z" - mac: ENC[AES256_GCM,data:I1y4m6A09pKG5d2evlf2iTJ16ZkoKqWdjN9pVq2x3YscZ0V/bglf+qFEjtYxDYOvDcuJOMZ7PxydqbiHi2rwCSixvvZScUhsuPO6C4fbeS0LqIhbV07NAgSvTPPkNYrjYaRLtscrwGVoDPGcFdenfYKzJeVraaRxUudXAtwY1tY=,iv:IX+Qklvc7q/UkAVBRIqR4U3HaK9ry+DLd2B+yNPQ9uk=,tag:Iwy1HYw2s1Xtu9o1+WXQug==,type:str] + lastmodified: "2023-03-21T09:32:40Z" + mac: ENC[AES256_GCM,data:eeZncNjDsKB7XVNx4dO7DFUx4Mvi5pooDuM3Sh0ulpdDhaJFNDiTDDPjWwSdujyIHU7D+WduyQXqpinyM8UzHdUW2P6Xmbrctvf5/bvsRwBOrFkEBY8ab9BDCz3lZJmzEW62fnqYJOvXJS0L2GdXGqNsP8bw0PAR0FZFBSNwT5s=,iv:OH74i3b67NXozQ5zD9/62SHTioIloaMvjH6XAYvPz8A=,tag:wWce+Pzyr//R69blNrSRSQ==,type:str] pgp: [] unencrypted_suffix: _unencrypted version: 3.7.3 diff --git a/helm-charts/binderhub/values.schema.yaml b/helm-charts/binderhub/values.schema.yaml index 0bce03c743..648496f346 100644 --- a/helm-charts/binderhub/values.schema.yaml +++ b/helm-charts/binderhub/values.schema.yaml @@ -54,3 +54,6 @@ properties: global: type: object additionalProperties: true + jupyterhub: + type: object + additionalProperties: true