From 3c313fffbfa1da7171e6b976eea9f7a720a5ca00 Mon Sep 17 00:00:00 2001 From: GeorgianaElena Date: Wed, 17 Feb 2021 13:15:57 +0200 Subject: [PATCH 1/6] Bump hub version to 0.11 --- deployments/utoronto/secrets/prod.yaml | 30 +++++++------ deployments/utoronto/secrets/staging.yaml | 36 ++++++++-------- hub/requirements.yaml | 2 +- hub/values.yaml | 52 +++++++++++------------ images/hub/Dockerfile | 2 +- terraform/main.tf | 10 ++--- 6 files changed, 67 insertions(+), 65 deletions(-) diff --git a/deployments/utoronto/secrets/prod.yaml b/deployments/utoronto/secrets/prod.yaml index 156ece8..b50081e 100644 --- a/deployments/utoronto/secrets/prod.yaml +++ b/deployments/utoronto/secrets/prod.yaml @@ -8,20 +8,22 @@ jupyterhub: password: ENC[AES256_GCM,data:xYpsSNiKgALjew9vKI8WtrnEZcysDjOaNExkNXU0n8w=,iv:WKsXUAS7OkBZNcHTcumgz55gUCCiKVm+Mtg387AM3ls=,tag:oQHqCu7X/d9CuPcYP4Tq/A==,type:str] proxy: secretToken: ENC[AES256_GCM,data:zfC2tJUH75wRZBbMPrB280DkV/L82qRvWZ9ne5R0yaEaXnbwCEibUwv8/vVlgBQsgSdFDcLWO6uDtrPXYDfNmA==,iv:JfCmEhrhWQsPgA9TrvpUtdTaIjEVCdsd+G2hYfGbaGY=,tag:JqAoyuF+874sac6IjfisPQ==,type:str] - auth: - state: - cryptoKey: ENC[AES256_GCM,data:u2Hog7+i5joM+gxMxmYO7rx/P+AzC/AJR2djg/VdyvK7LL3F7rOOUR0GgrpjVSFPvQ47MyZGtJ/7kHMnCoPaYw==,iv:6F/9x9b765wSLYhxZqTMRbznNXZeKuLRDzO5n0pzQiE=,tag:8XjmIZeiv7JracpIwp3ArQ==,type:str] - cilogon: - clientId: ENC[AES256_GCM,data:6Vfm5mIAIqK0mVcuE5Tir+gLxAa7MxkrwcavtvG3trEYTm3pulWdbhHU37kU44mnE64=,iv:3wEPvSVvrbZ76vja8RqAAlzpsEHE6rHGVWd4xxOhblM=,tag:1JenMz0PZ26pEzijNpHTjg==,type:str] - clientSecret: ENC[AES256_GCM,data:KSttzLGPAssRwMS/iC+Or+42LIxaKOpWsUDPhySn3tXgZpgntOiyuivjM/cFZO3KfMjdAccBccVAeZFwNKUkymPagk4xcsN7khNw1yNSESOx7Pi08FE=,iv:Dc40viE4RnzivDe6Lz+7B42iZXWnjEKHICDVIm4eoXM=,tag:7aU461Iun8svrYpc5ZTTTQ==,type:str] - azuread: - clientId: ENC[AES256_GCM,data:OMGLIEZJVmdBsIFpgQoQejLs7jOLiFsBnxv+pR4Gn8J5XDrV,iv:Rqm4s6IA0NFriqg7wBrXw1IvpO4TUzmAoepZUXuqSXc=,tag:4AaUBhmYfurYQ556SL6Lpw==,type:str] - clientSecret: ENC[AES256_GCM,data:r5dKljKN1x8rl3rpHggq4fM3b08O56DJomJSwD/a6mX1GA==,iv:F3jIKyWhn+doJ7g5QycH7PeKBNqQKEcEWLCUrDw/MhU=,tag:/0Cd3q3/nDR070Z+Tz2Iuw==,type:str] - tenantId: ENC[AES256_GCM,data:rGKQoNUGLgjpJYxT/N3h9mV2KL8phII2V1StXiaNqloAjtl7,iv:yYNafUuyKqSAxVqA4+nFsTpzr9j1EHguwaGWU65nwOw=,tag:JsU9pu3pr/sK/5QqAzVV9g==,type:str] - callbackUrl: ENC[AES256_GCM,data:AYxBoiQw25ueW3svp5YGxVSiPBMyhK8n6W8uEFS6vW/txpyjuLXYoLHViYV6FQ==,iv:t+mnQ7Km8i3o882lrmMjofn3ha4lkUmJTmh1QKoWtzQ=,tag:cEBMFBEA/SghPgHhV8bpQA==,type:str] - google: - clientId: ENC[AES256_GCM,data:Rp5N763lfv6R7Y3tTlAHXfPLw8ZOxKSJGMEl9wu+N596d2lsP1SB4rHwE29WBSJmGODj7BVohhSeNWpTwTnJfUuwuPDvRaBj,iv:7hFSVnwf0FvoRTXABOLYXbBcKP+EYD/qwndPidCdeTI=,tag:BpEBwke7refOfqsMkucFUQ==,type:str] - clientSecret: ENC[AES256_GCM,data:4bxvtVHsVyvzRywrzjrOTCWFQLV+BInj,iv:TQBwDR3/E0vJsIustu9R3fxuBfD08GylWDRjq2OW8lg=,tag:E7fLJ8Q0forbM97KD1N5Og==,type:str] + hub: + config: + GoogleOAuthenticator: + clientId: ENC[AES256_GCM,data:Rp5N763lfv6R7Y3tTlAHXfPLw8ZOxKSJGMEl9wu+N596d2lsP1SB4rHwE29WBSJmGODj7BVohhSeNWpTwTnJfUuwuPDvRaBj,iv:7hFSVnwf0FvoRTXABOLYXbBcKP+EYD/qwndPidCdeTI=,tag:BpEBwke7refOfqsMkucFUQ==,type:str] + clientSecret: ENC[AES256_GCM,data:4bxvtVHsVyvzRywrzjrOTCWFQLV+BInj,iv:TQBwDR3/E0vJsIustu9R3fxuBfD08GylWDRjq2OW8lg=,tag:E7fLJ8Q0forbM97KD1N5Og==,type:str] + CILogonOAuthenticator: + clientId: ENC[AES256_GCM,data:6Vfm5mIAIqK0mVcuE5Tir+gLxAa7MxkrwcavtvG3trEYTm3pulWdbhHU37kU44mnE64=,iv:3wEPvSVvrbZ76vja8RqAAlzpsEHE6rHGVWd4xxOhblM=,tag:1JenMz0PZ26pEzijNpHTjg==,type:str] + clientSecret: ENC[AES256_GCM,data:KSttzLGPAssRwMS/iC+Or+42LIxaKOpWsUDPhySn3tXgZpgntOiyuivjM/cFZO3KfMjdAccBccVAeZFwNKUkymPagk4xcsN7khNw1yNSESOx7Pi08FE=,iv:Dc40viE4RnzivDe6Lz+7B42iZXWnjEKHICDVIm4eoXM=,tag:7aU461Iun8svrYpc5ZTTTQ==,type:str] + AzureAdOAuthenticator: + clientId: ENC[AES256_GCM,data:OMGLIEZJVmdBsIFpgQoQejLs7jOLiFsBnxv+pR4Gn8J5XDrV,iv:Rqm4s6IA0NFriqg7wBrXw1IvpO4TUzmAoepZUXuqSXc=,tag:4AaUBhmYfurYQ556SL6Lpw==,type:str] + clientSecret: ENC[AES256_GCM,data:r5dKljKN1x8rl3rpHggq4fM3b08O56DJomJSwD/a6mX1GA==,iv:F3jIKyWhn+doJ7g5QycH7PeKBNqQKEcEWLCUrDw/MhU=,tag:/0Cd3q3/nDR070Z+Tz2Iuw==,type:str] + tenantId: ENC[AES256_GCM,data:rGKQoNUGLgjpJYxT/N3h9mV2KL8phII2V1StXiaNqloAjtl7,iv:yYNafUuyKqSAxVqA4+nFsTpzr9j1EHguwaGWU65nwOw=,tag:JsU9pu3pr/sK/5QqAzVV9g==,type:str] + callbackUrl: ENC[AES256_GCM,data:AYxBoiQw25ueW3svp5YGxVSiPBMyhK8n6W8uEFS6vW/txpyjuLXYoLHViYV6FQ==,iv:t+mnQ7Km8i3o882lrmMjofn3ha4lkUmJTmh1QKoWtzQ=,tag:cEBMFBEA/SghPgHhV8bpQA==,type:str] + CryptKeeper: + keys: + - ENC[AES256_GCM,data:u2Hog7+i5joM+gxMxmYO7rx/P+AzC/AJR2djg/VdyvK7LL3F7rOOUR0GgrpjVSFPvQ47MyZGtJ/7kHMnCoPaYw==,iv:6F/9x9b765wSLYhxZqTMRbznNXZeKuLRDzO5n0pzQiE=,tag:8XjmIZeiv7JracpIwp3ArQ==,type:str] sops: kms: [] gcp_kms: diff --git a/deployments/utoronto/secrets/staging.yaml b/deployments/utoronto/secrets/staging.yaml index 76d6c26..535206d 100644 --- a/deployments/utoronto/secrets/staging.yaml +++ b/deployments/utoronto/secrets/staging.yaml @@ -2,26 +2,28 @@ etcSSHConfig: 01-github-ssh-deploy-key: ENC[AES256_GCM,data:yQfzNiTCDatA0P1XIjyY3PlbJjzCB0I5Q7yZJX44sV60ZgCsa8KEKJgKUggu9snl7ecqC21E7D8DAMMEzjoFrVnYzpvIY/whcO9twM6E2MiNw1nj3OtNy9SzLivKi+vIO4ucplv5qlLraTIndkGxvDqM2jC00SMT+INhdjbiUnwx1M9s0IvvouLMZAaa1s6sIgqQ2faMHGNTByGJpSEcVDUKpBvCj4ZQYuNcBv5aMeaPupNdm0w/Q4LP6uQxda77ZJ2ohcMUaqSX7DFQRoU3Dr7c0GXKWRd1p7q+EnSt4Rp5lD42cG/5uds9GlTXA97XzRoj5Nayys5ZHOP2Z6gU3K6z6AebvwWUjT/qp3HNKNqPkEjqw59O8UGxX7b8O+TM1R5Udl5MyvD7+HAm+6DqQ5M+mqwjLaBRVISqMjTV5OAFLW3mwhxUqwIyAAFZKn6NMWdlDTm05f/CJXHIIs4bgXMqijShumQvgh/f5qLcH6d+qcuUJG31ZewcxBJXtlgM9myJxivufhGWJXH1SFwlyDl5yiSFl4HpOqycqtDkdjEErjLlHUn5ngN7Aqy2FJDFlujCi8MJ+ZwFSAd9Xy2suRrDePRW1g38z6PUzUgiEGj8xzZwejigoL84rzpYSdrlePoOfESyRAJuDAsNas/sqDDDz2vTkouY4C2IY1V+d32HvGpB0zzHzDy7mRRMHEyXlMbwtZ5qv5U9rAYCa/Ezv5IlI6Vfu/Cwea3Q3cb81p509xnuVeH5YBOofMwjzW/e0IBI+rYU7HDQymv12BrHBFZWzxbd+jh755meAmmeAxY/2p4QzoPkLlgL8YHRtcaNE124JabfBaYzslWXk6Xr+qdqNJ1l/dlHb2bQHUaweTya0zGuwC3z0jbUwPfIzaa+JdFEZ+5qVfWS1R/D5ZJYxGAu9h8zIV/kjupQdlCm1NPOcYjjv0hpGc5VoXiMzsK4gzbLW8k/kfFnOlEnZjMW8s8P7fK2+wm5KF9PoZnhLIogPXkPVA3MoPZJzdl/Y84++OHyHPjIv859wvH8H6cxqYqdODYeC8dI9Lf6IVY1tOi0IaMdnd5CLMeAO6CY2h8xjsK6XOmdJO6y7NELgg3oVAnUXaAFdxoeUiMV30W4O2mg2yYsKBgKIehSp4PLjy5QlzeF9fD2t+zJUJ3Xof9kN90H8I/d9iCg2C63Dz+hGGCMTsQb7hXWwzHd78qTSIrn/Q5j5Jk+aYHPpNJvlBZxTzTHY/+rZiphh3nXZ12xyLSz7427z1ydsVrLKtABK67NlAUjHquHazPiHE64yqh99smvQzD3yktVSKG6d1TgOm8BqwffTm7f4S2ZeE3M1Be9eLHnZ9W7p5DURczrJkCnGtAJ2IH/pTQljCTrKNs4W3vINcAQWutBeMCXg0NOUrJNt+cuEwFmF6b00FnJi0tp96swroMgTzcccV9g0bwIdjdRGFaWDk3vTjjKqn88sRCDQHkDIjarMnxxMHQ324O4o368kubxOPLSCuLuD0qCuwnvO/0X3fDIMB49yjgo/JT+EqwlEgTBxX1QBxPRTA72iTgaRiOd3IjgEFH8e+FpmVWzFs9sCrp8sRFMgRQGWY5TigjxfuEwYaK3gXtWs56aEXvOTysnWXJn1JdPiY8ZhIG+ChO8Agm+vLb5oKtsigwavZwDUA5fBflKgb/dA26igtgWk2bk/ClCGJj7XvIGt+AVNImhnWtVUysUPku2AY9GUrD4I7oX7GlxjFtc3ebVLYDDGjPcWT18UWhUMIsuYlGQW7tepXm50N3C7PJnx9UvCxnT+wE+ygPjIWvWWj6Z8S+7C+rZGc4xyWevr4Pf4nr7KyqwzEQSRyoELUb2uY8YDcASrJ/nVWUvy0h6OAoqY0WTJAOxXpH/OAssjKD1O3lIGXju2tbX6B3k+93uBe7FeIAGhvtWzUw5AIK8I77dh0unN+lzzB20qNjNbHTjhbaBADZctgbbs2q+MuNsNgyJySzn5I0TTwlcHgU5VdS2S1hssk6Fjl4+1IoF1nYLgWj0T4iwDIOrzrR3AeKO/sf54TVj6UTSAdWbIhQDZwwhmonpthbUDmotwKv0pCXZKccWk+iIE6cADYSMQaaWXL1a5O+GCwhSt3OxWK/0Zf2DDbmBVW+B5DwAxvhvtzvT9GMHEgd9VHFY66I9UDqVOrlmTl7UYQqFfMB/kGEn5q6IjvVlYyGq2tm6X3BEgHSGsJQNxylM/qZVaYaTgko4/Yf09FaffUiqDEsCLsRMq3vzXIfksdCdlpN4zqpAfxXXTHkJLG/B/NIFSx7TCLwqciVN5NM1vm1Ggqfl0GzSp/ixs/y4wW34To3/moGtEMtrlY5JNDCVeVBshFTd4cXLFAqjv9jgKYCWi2JwhO83QAlWwJIEdnHqwQQPfvVMAeByRyBJhOYO7+bv6m7FF7HZPhlnkckrqg/og+Cmv7ZlUXGuWXqpKdPmaYzxd0clQ/6iIr2gLjhdYdpLpczBMSI/x96fLT83qo5vshyu+NLUGkf16xvobMkQ3GWAwjsR6aa0NjXBq9xS5FCZc885tp2ib9Upq26fC4jg/+6wtS20raIKBSjsqj8FQBSStZ65pjCRud26Y4tSlgKZHT+AppGf/GEUJBvZKZiIfJMrKNpqFZx4+u2hSP1TXt1kMdvAj9Qhb1UoBwE/e7se/cxxuULONb3t9npVBazAd+Ukapylxc9t68SuW48ccgD/Ypmvq5rFwstLj1g0zrkMOwTnXgvq/k/18HigZuF33NxChrMI5xEEXEhqAXpLb5U7uA4yD8zdEtUzRbeISwiVGGR1x4idjSgvdu1CAu2DWsuH8XHCpH3DVkVfKU4zL7fPZmH7bui249xBM2phJHD+vgviEymv5B2U1OoNs2XEHP94FuoJ4rfFsDEAB05VIr9SbrHyj60POyIphES9vOrJiWq5dI//7eqB0CEZX+LldasvpGQLnELEhGv/tJ6CyB9wjdB+lqKn+MQmMzEUGngVQJrcjgzFBYuwMw7wIP2GVae10n213JNHugmFHfbGzX1qQk5hXPYiVWP4aOZorgrhcxHXaAoORrrH5Ee5gnE6z/0l+IbsLbAsokyTC6pGgwMKC/Buv3ClyKJ5sCr2tIQJCwOrgcuPmPbJqsYN7YKP8Zest00zt6OJQF4NdFEZAOYyPTZtFHH3bY7+zBRjOrX9Tu8/KmcOVFUSt0y2JE1KMYmFNKsQZuSySDCy7dxgJWNGSaMB9aFPtGX6/aoFhgO7yJ18pwsoBwYA5BAavzhyvBoxgjMB2Gr/rRbT20BBqUu1Ww3fWZvhzIVzoj2lV0xKukXIUY52gOVSPXzoW79r4Y5ntt9aTkBGafxzHHdpUs6g9j+5Xzr+/f11K0J1P/tcITnpfblwvJgxaZUgJxsgbfSKpIASurhKQA463HHzVZl53uLG22ECyH8cmuBI6cqELCn9lialg3p/TbFkN+qhsYaGLE90M3REoyvq,iv:YwySVJcyeHlASde+Nzer+dI2VT9rLtE9KEzJiItF5cU=,tag:mNZ0WzRciYs3uxm12A0IfQ==,type:str] etcGitConfig: githubAppPrivateKey: ENC[AES256_GCM,data:VGCBUrBe9WUE45JSw1+IlV3JciwSa5kmU+bax5OksMnSsMLYKED1roa0VvJdapguHaesdJjt1LcV8PTSMF7bRB8UasIlEl0Ew8TDSb0ZrMwt4cNg3+cojJzOtnJbQZBAX8nk88ZYRBRYhOvdRxoSEDKLq1NFujN8Qoo5/1KE2dMQbf43Bx2dE73cBj48YXcvqVgltNhVrsYuWy9RhcjnB3xgSvrqrx0cSkBKcwU3iCFj6q6yoU9plC/FB9cWAtn33BiZwdfoJ85EIk4VlTWythlIheCoHlVpRMwQkl+WpLLlYejuYD/PbIUByhSg2WJWlUTNc8k7un38C4qmwhinwinvS6E8eQsJudiWZizi340ymTeRvIxDH9Z0WxZrqO3h5jb+juymGp8JJPjozntWRXEPfq/sZesmcvZtRoXkHbTde6TtUh9qaXsCnVWAgEJmUq+Y+w0pBruCsX+/5u2GaACXPkHCZhzeVDNBT0SfyAAmYKYs5OJQ/0BESPbz32yv0oXJJFzKhtAl7FrVRUG/lXnuApFPeXhd/hVAXCoW8PQIMtzKPwDe3HX5Snl2UkjIVUyU+kYZbHgJWFQjaWWPDAjI8k5u6s4JBT08gDp2QBGYdz6zfxhzlF7WX/aJGM4Y32b50+0nkLqeLJ8i2Hl1rXwtCzrj30MpR7ZC7GKwql3gjS9d8J/ZmLjAyv0p+0gwiFAs8jLmUUTV4TIT37+DtNOVzKKfRit0sJq0KOZhFoKjNuocyuWrJHvaMK3TRUSfCMIy9TNkKPNPVwdUJM2psWBmqMtDuvScyB+SnAlCRdJjtWkY8X0iQTnoxoB9TgOZSDqUaLb0E6xuI0IiPeYVgrmeIiJJhSkdW9OU2C4q60LugtRwrPKo4Dv7ZJcKAytjaYbqG+ohBb+YRpanpI9TRocxXUh7RVKkBf3hqFoHacFquYi4eHAgmgMHHvtk4fSLiuug5uU3jfiu2PqIwrx0zd9KYPcbEjk/A9KZwCcyTH1kRwWlowM+qs4iFZ20lt7JYptOr1zb3INmIGdEIFqmuPlSqckdeuvtw6G5Slzt7OLsATDHCh3FtfFR9G7peOr74/+TG5Nnigf/q/pcW4c8IxQCVuF9sYl3oTt+grKZ+/iv/tH3uh/dE2FwbY5vWIq+7hg2+HiQKx9PqsAPeR5Rp24hU9+yS3hUOEejs7ThQfe8rlyy4k5F8P+Rp1ZY7XTvyFKluv49Oo8ORyraEIZyu6sXT0bBNlVVq1PRMOqjYPanynM0Tk6FDvk/Do9z+tYD1kR6Hr2jCyk9knnUdLVDdKDG1+Sgth7TeL5OCmu/WYLdb4B0mjc4snFVUzXqpHeBY+WIcBy4a43Y3emY3+FliUy3bcR/rFnxMDLdovw68su/V7OVeGRiSTwAqz4yjIkRp2fSVn3Naqlo7A/R98KVmMheR94bYtfk4lDWEXoKYd1qMpWvZJ760UFI/Kcu9Lgix2jDQq3+UaX9O94mVOK4furl6N0TBhRufxMEIETDe3ZEeMdIxnSRm9PCDB/QsgSew9SmThdLi+yrqypczdmT7NMVwDo/kGOhcHTrPq2c7Hxmg569Tg8RacpmaEVma9m5T6N5dq4922qp/xNAy9y1rPx/LMWeK2Qpeud+Y0aXA7O9ET540gTkHPgl25+eQl2xXtNBidyDet/LbE7+o3jnpkhiX5+rLv1i45iZ3mrZ1NIsObzNe9E/MXu/w+uzNVsWSPBIWhRae3pRmXsd3mxHWp6sekLn+gggx1fkc0BCwDCczmbf3YSQJBMBJzxkEyV5gKKwqPvicC7CbnavxXrqcNZHeetRiAxOZF2HvdfabQQvfi6EdxyRv8HsXMgGB++0JyXEmaLK7IV97xgeiTOPbgW35UIpUqAd48q+0bma6gXg05qhHuIcCwRjVKqJNXecttY4toYEy9zrM16EBGh0VXsRygtbeZW2akeoN+/SuPKi4gfsHD8zGdzAadhi42nd0COmM95NkEWkqLN1IYVypzwMl5+fGgSStTLgaDVyInlCY+He3s8rzz6cpqJZ2idfKCDiklyr3SUuwYZC9d3Mmq5Kv0VZREvKMZr5oCH14I5VFgJ51zyqEEmWcQ5XhHMeK0tXUgIf9QPO0ilBbBKNzW7uND4JJsydwzxFD+D+sj2rgJUGcKUmoh7kWb9R7EBwr5lI2hfx3xn/J45IO1d6iTkXHdu1/Vnm30xNHUvKPnhCZ5pabGb5akUF7hGVbj4=,iv:vPNRS7xUMTSKhbhlikhRD74j4UqmwFp5lopfcXuDMq4=,tag:IdZXAP5F55BSg9jfLeo6sQ==,type:str] -jupyterhub: - imagePullSecret: - username: ENC[AES256_GCM,data:T1dlmhXaOY+u+QayYefZGEdwprarsuld1uhcr9M=,iv:xTN9kchNanDF8nuusGx1tXjacTNwXMJt9o8Se+Fbtg8=,tag:mUq1850k1BAh+p6L2nLtrA==,type:str] +imagePullSecret: + username: ENC[AES256_GCM,data:T1dlmhXaOY+u+QayYefZGEdwprarsuld1uhcr9M=,iv:xTN9kchNanDF8nuusGx1tXjacTNwXMJt9o8Se+Fbtg8=,tag:mUq1850k1BAh+p6L2nLtrA==,type:str] password: ENC[AES256_GCM,data:eFBMmgUPWXNJIg7B5Q5hjAVLuqJVUF+gIx83wftikM0=,iv:Sc1yVJcwH+PnaVcvOfKvsnjf5445leNYgo8wDc2uaXk=,tag:aJ7ZaLu4cc8LWd/D3UAIIg==,type:str] +jupyterhub: proxy: secretToken: ENC[AES256_GCM,data:SEdp0GP18Jf8/QNgDjaPV53qH4Jm9h8nsvNnmzXl+Qt8/tSk6eEhme11k2wNDXAD5XbisiyXjllGGXpAYNNypw==,iv:XMjirhvs3Z0JxYYxJNybDo/Gz1V855jKnHq1i+t2B8c=,tag:jOam9ZpN4+vAGxJKR3Cqeg==,type:str] - auth: - state: - cryptoKey: ENC[AES256_GCM,data:t7DhpGcxKI2J/LVdc8DavlVUNyJaWfGuGYB24wcOK8kj2jZlc3LOJ9+6cs08Fa3KsOgUtm28szBe3qhOlFLkMw==,iv:YrEdLaKDH0zgw4dQgcWke6AOadj2sqSHoE9tDLmHLMs=,tag:SZtaJYevKGHPGhn3p+KFxw==,type:str] - cilogon: - clientId: ENC[AES256_GCM,data:h57VJ6F2DI1lkXzhyqeEBLFdZ29oh9JOtcrSuz4UJOV/D5POqq9j+7Yx0Iagh8FHgE8=,iv:TS+WI2Xtu11lbV/ZB7CWMuRkadJ8s6nfcWJck+tIvEs=,tag:90YqJxCf1i++zcShiabgsQ==,type:str] - clientSecret: ENC[AES256_GCM,data:PldaZx94kWAcH1N9j6Kh0wHbQ+LGiO4QdIjGIlzkGu4+8UAPuqzo3suGToYz1hdWQsuMb6X/IkFMFbWsr4wJM/CYO62JfeYgNEKpfUAnlhgPTW9kwpE=,iv:/ZaUrNTNqFlRhZ89tbtLel09vTKAK23XQPE5rj6NtUY=,tag:izD+AE0lRmr9ThfWypYUDA==,type:str] - azuread: - clientId: ENC[AES256_GCM,data:+i3/2/+0GIYpo5g7LdGPasKVjSNbey+cSDOPAx2DZeLfk6ug,iv:IOwaxDHMLEli2I9CTH+bd3l1uLYNa4Ya008Tz+AsdeM=,tag:Nr+iTl/0jfZSSjbsFwb0Aw==,type:str] - clientSecret: ENC[AES256_GCM,data:18enNQdDMwgZ0sYmiJXVUzMEt6O3+6aZ/TiVmLdinSdeww==,iv:IAOv8td7eAO/RRxmAUGYL1xPXY88o1ll5jxzmbD32Gk=,tag:TRzVxAcyeFDEocLHkPoM0A==,type:str] - tenantId: ENC[AES256_GCM,data:0KI7RrC9BIpUe0XPlhPnW2TG6D4tVSFgnFsKtsWaLhavXhRI,iv:LpfEWEdakSrCKGs9il0DmWQK+Z9SU9cZNH1CmMLTRP0=,tag:UkU+PG8+t8rNOKSZuFutuQ==,type:str] - callbackUrl: ENC[AES256_GCM,data:HpJZxW8Os4Dt0UJflCDh37IIiAbuIewaEF5WXRPHo6Su8RQB9t2QLjNaD4w+02H9qRx+aS7N,iv:cw7IpyaGARcyFXJD/PxZdzDKEknb67RuvWsFaMQkfBo=,tag:gzespFhvUsKmgGxe7aCFUw==,type:str] - google: - clientId: ENC[AES256_GCM,data:kACIfFvO+9tXyh1qjX7YD6n5Fg7BjrDrUMJUBcrnvsr8USYrXXErgox+cE3NJIbEwGNC3derI7hit/Tkw3fyZvqOPRVbXoFF,iv:+RaMRqSmRTPqlHMmJ5VG4VhsGxyJp4qPyh5w6ObA9EU=,tag:8hRN4FG9uJC3tv9kfnS+5g==,type:str] - clientSecret: ENC[AES256_GCM,data:yPCxbWXFkmPGVRxz76vnmmLFaemS1ZJY,iv:9hYPbwu1dzfysQvs7glBInwq//JHy7UKVREYHoVUzbI=,tag:Gu0Gdqxt3A2/U8w/4XZONQ==,type:str] + hub: + config: + GoogleOAuthenticator: + clientId: ENC[AES256_GCM,data:kACIfFvO+9tXyh1qjX7YD6n5Fg7BjrDrUMJUBcrnvsr8USYrXXErgox+cE3NJIbEwGNC3derI7hit/Tkw3fyZvqOPRVbXoFF,iv:+RaMRqSmRTPqlHMmJ5VG4VhsGxyJp4qPyh5w6ObA9EU=,tag:8hRN4FG9uJC3tv9kfnS+5g==,type:str] + clientSecret: ENC[AES256_GCM,data:yPCxbWXFkmPGVRxz76vnmmLFaemS1ZJY,iv:9hYPbwu1dzfysQvs7glBInwq//JHy7UKVREYHoVUzbI=,tag:Gu0Gdqxt3A2/U8w/4XZONQ==,type:str] + CILogonOAuthenticator: + clientId: ENC[AES256_GCM,data:h57VJ6F2DI1lkXzhyqeEBLFdZ29oh9JOtcrSuz4UJOV/D5POqq9j+7Yx0Iagh8FHgE8=,iv:TS+WI2Xtu11lbV/ZB7CWMuRkadJ8s6nfcWJck+tIvEs=,tag:90YqJxCf1i++zcShiabgsQ==,type:str] + clientSecret: ENC[AES256_GCM,data:PldaZx94kWAcH1N9j6Kh0wHbQ+LGiO4QdIjGIlzkGu4+8UAPuqzo3suGToYz1hdWQsuMb6X/IkFMFbWsr4wJM/CYO62JfeYgNEKpfUAnlhgPTW9kwpE=,iv:/ZaUrNTNqFlRhZ89tbtLel09vTKAK23XQPE5rj6NtUY=,tag:izD+AE0lRmr9ThfWypYUDA==,type:str] + AzureAdOAuthenticator: + clientId: ENC[AES256_GCM,data:+i3/2/+0GIYpo5g7LdGPasKVjSNbey+cSDOPAx2DZeLfk6ug,iv:IOwaxDHMLEli2I9CTH+bd3l1uLYNa4Ya008Tz+AsdeM=,tag:Nr+iTl/0jfZSSjbsFwb0Aw==,type:str] + clientSecret: ENC[AES256_GCM,data:18enNQdDMwgZ0sYmiJXVUzMEt6O3+6aZ/TiVmLdinSdeww==,iv:IAOv8td7eAO/RRxmAUGYL1xPXY88o1ll5jxzmbD32Gk=,tag:TRzVxAcyeFDEocLHkPoM0A==,type:str] + tenantId: ENC[AES256_GCM,data:0KI7RrC9BIpUe0XPlhPnW2TG6D4tVSFgnFsKtsWaLhavXhRI,iv:LpfEWEdakSrCKGs9il0DmWQK+Z9SU9cZNH1CmMLTRP0=,tag:UkU+PG8+t8rNOKSZuFutuQ==,type:str] + callbackUrl: ENC[AES256_GCM,data:HpJZxW8Os4Dt0UJflCDh37IIiAbuIewaEF5WXRPHo6Su8RQB9t2QLjNaD4w+02H9qRx+aS7N,iv:cw7IpyaGARcyFXJD/PxZdzDKEknb67RuvWsFaMQkfBo=,tag:gzespFhvUsKmgGxe7aCFUw==,type:str] + CryptKeeper: + keys: + - ENC[AES256_GCM,data:t7DhpGcxKI2J/LVdc8DavlVUNyJaWfGuGYB24wcOK8kj2jZlc3LOJ9+6cs08Fa3KsOgUtm28szBe3qhOlFLkMw==,iv:YrEdLaKDH0zgw4dQgcWke6AOadj2sqSHoE9tDLmHLMs=,tag:SZtaJYevKGHPGhn3p+KFxw==,type:str] sops: kms: [] gcp_kms: diff --git a/hub/requirements.yaml b/hub/requirements.yaml index 877dc0d..70cc30b 100644 --- a/hub/requirements.yaml +++ b/hub/requirements.yaml @@ -1,5 +1,5 @@ dependencies: - name: jupyterhub # Let's run as close to master as possible - version: v0.10.6-n080.hf7d7357d + version: v0.11.1 repository: https://jupyterhub.github.io/helm-chart diff --git a/hub/values.yaml b/hub/values.yaml index c5fedda..2854b73 100644 --- a/hub/values.yaml +++ b/hub/values.yaml @@ -54,6 +54,11 @@ nfsPVC: serverIP: jupyterhub-2i2c-nfs-vm shareName: /export/jupyterhub-2i2c-nfs-data-disk-1 +imagePullSecret: + create: true + enabled: true + registry: https://containerregistry2i2cutoronto.azurecr.io + jupyterhub: cull: # Cull only every 30min, not 10 @@ -72,10 +77,6 @@ jupyterhub: memory: 32Mi debug: enabled: false - imagePullSecret: - create: true - enabled: true - registry: https://containerregistry2i2cutoronto.azurecr.io singleuser: nodeSelector: hub.jupyter.org/pool-name: user-alpha-pool @@ -106,18 +107,27 @@ jupyterhub: subPath: github-app-private-key.pem readOnly: true - - auth: - state: - enabled: true - admin: - users: - - yuvipanda@gmail.com - - choldgraf@gmail.com - - georgiana.dolocan@gmail.com - type: azuread - google: - loginService: "University of Toronto ID" + hub: + image: + name: containerregistry2i2cutoronto.azurecr.io/ut-hub + tag: '0.0.1-n189.h6fdf8f9' + readinessProbe: + enabled: false + concurrentSpawnLimit: 100 + consecutiveFailureLimit: 20 + nodeSelector: + hub.jupyter.org/pool-name: core-pool + config: + Authenticator: + enable_auth_state: true + admin_users: + - yuvipanda@gmail.com + - choldgraf@gmail.com + - georgiana.dolocan@gmail.com + JupyterHub: + authenticator_class: azuread + GoogleOAuthenticator: + login_service: "University of Toronto ID" proxy: nodeSelector: hub.jupyter.org/pool-name: core-pool @@ -135,16 +145,6 @@ jupyterhub: memory: 256Mi limits: memory: 512Mi - hub: - image: - name: containerregistry2i2cutoronto.azurecr.io/ut-hub - tag: '0.0.1-n189.h6fdf8f9' - readinessProbe: - enabled: false - concurrentSpawnLimit: 100 - consecutiveFailureLimit: 20 - nodeSelector: - hub.jupyter.org/pool-name: core-pool db: pvc: # Default seems too slow for our database, causes very bad response times diff --git a/images/hub/Dockerfile b/images/hub/Dockerfile index 13d3048..e8b6ef0 100644 --- a/images/hub/Dockerfile +++ b/images/hub/Dockerfile @@ -1,3 +1,3 @@ -FROM jupyterhub/k8s-hub:0.10.6-n079.h30efe74a +FROM jupyterhub/k8s-hub:0.11.1-n146.hce40d36d # No changes needed now, but might be in the future. diff --git a/terraform/main.tf b/terraform/main.tf index c01e91b..9a82a8c 100644 --- a/terraform/main.tf +++ b/terraform/main.tf @@ -240,12 +240,10 @@ resource "azurerm_virtual_machine_data_disk_attachment" "nfs_data_disk_1" { locals { registry_creds = { - "singleuser" = { - "imagePullSecret" = { - "username": azurerm_container_registry.container_registry.admin_username, - "password": azurerm_container_registry.container_registry.admin_password, - "registry": "https://${azurerm_container_registry.container_registry.login_server}" - } + "imagePullSecret" = { + "username": azurerm_container_registry.container_registry.admin_username, + "password": azurerm_container_registry.container_registry.admin_password, + "registry": "https://${azurerm_container_registry.container_registry.login_server}" } } ansible_hosts = { From 30a78bd5d78eb38f3f7074742c82b0adb570fdde Mon Sep 17 00:00:00 2001 From: GeorgianaElena Date: Wed, 17 Feb 2021 13:59:52 +0200 Subject: [PATCH 2/6] Edit the staging secrets using sops --- deployments/utoronto/secrets/staging.yaml | 26 +++++++++++------------ 1 file changed, 13 insertions(+), 13 deletions(-) diff --git a/deployments/utoronto/secrets/staging.yaml b/deployments/utoronto/secrets/staging.yaml index 535206d..335c229 100644 --- a/deployments/utoronto/secrets/staging.yaml +++ b/deployments/utoronto/secrets/staging.yaml @@ -3,27 +3,27 @@ etcSSHConfig: etcGitConfig: githubAppPrivateKey: ENC[AES256_GCM,data:VGCBUrBe9WUE45JSw1+IlV3JciwSa5kmU+bax5OksMnSsMLYKED1roa0VvJdapguHaesdJjt1LcV8PTSMF7bRB8UasIlEl0Ew8TDSb0ZrMwt4cNg3+cojJzOtnJbQZBAX8nk88ZYRBRYhOvdRxoSEDKLq1NFujN8Qoo5/1KE2dMQbf43Bx2dE73cBj48YXcvqVgltNhVrsYuWy9RhcjnB3xgSvrqrx0cSkBKcwU3iCFj6q6yoU9plC/FB9cWAtn33BiZwdfoJ85EIk4VlTWythlIheCoHlVpRMwQkl+WpLLlYejuYD/PbIUByhSg2WJWlUTNc8k7un38C4qmwhinwinvS6E8eQsJudiWZizi340ymTeRvIxDH9Z0WxZrqO3h5jb+juymGp8JJPjozntWRXEPfq/sZesmcvZtRoXkHbTde6TtUh9qaXsCnVWAgEJmUq+Y+w0pBruCsX+/5u2GaACXPkHCZhzeVDNBT0SfyAAmYKYs5OJQ/0BESPbz32yv0oXJJFzKhtAl7FrVRUG/lXnuApFPeXhd/hVAXCoW8PQIMtzKPwDe3HX5Snl2UkjIVUyU+kYZbHgJWFQjaWWPDAjI8k5u6s4JBT08gDp2QBGYdz6zfxhzlF7WX/aJGM4Y32b50+0nkLqeLJ8i2Hl1rXwtCzrj30MpR7ZC7GKwql3gjS9d8J/ZmLjAyv0p+0gwiFAs8jLmUUTV4TIT37+DtNOVzKKfRit0sJq0KOZhFoKjNuocyuWrJHvaMK3TRUSfCMIy9TNkKPNPVwdUJM2psWBmqMtDuvScyB+SnAlCRdJjtWkY8X0iQTnoxoB9TgOZSDqUaLb0E6xuI0IiPeYVgrmeIiJJhSkdW9OU2C4q60LugtRwrPKo4Dv7ZJcKAytjaYbqG+ohBb+YRpanpI9TRocxXUh7RVKkBf3hqFoHacFquYi4eHAgmgMHHvtk4fSLiuug5uU3jfiu2PqIwrx0zd9KYPcbEjk/A9KZwCcyTH1kRwWlowM+qs4iFZ20lt7JYptOr1zb3INmIGdEIFqmuPlSqckdeuvtw6G5Slzt7OLsATDHCh3FtfFR9G7peOr74/+TG5Nnigf/q/pcW4c8IxQCVuF9sYl3oTt+grKZ+/iv/tH3uh/dE2FwbY5vWIq+7hg2+HiQKx9PqsAPeR5Rp24hU9+yS3hUOEejs7ThQfe8rlyy4k5F8P+Rp1ZY7XTvyFKluv49Oo8ORyraEIZyu6sXT0bBNlVVq1PRMOqjYPanynM0Tk6FDvk/Do9z+tYD1kR6Hr2jCyk9knnUdLVDdKDG1+Sgth7TeL5OCmu/WYLdb4B0mjc4snFVUzXqpHeBY+WIcBy4a43Y3emY3+FliUy3bcR/rFnxMDLdovw68su/V7OVeGRiSTwAqz4yjIkRp2fSVn3Naqlo7A/R98KVmMheR94bYtfk4lDWEXoKYd1qMpWvZJ760UFI/Kcu9Lgix2jDQq3+UaX9O94mVOK4furl6N0TBhRufxMEIETDe3ZEeMdIxnSRm9PCDB/QsgSew9SmThdLi+yrqypczdmT7NMVwDo/kGOhcHTrPq2c7Hxmg569Tg8RacpmaEVma9m5T6N5dq4922qp/xNAy9y1rPx/LMWeK2Qpeud+Y0aXA7O9ET540gTkHPgl25+eQl2xXtNBidyDet/LbE7+o3jnpkhiX5+rLv1i45iZ3mrZ1NIsObzNe9E/MXu/w+uzNVsWSPBIWhRae3pRmXsd3mxHWp6sekLn+gggx1fkc0BCwDCczmbf3YSQJBMBJzxkEyV5gKKwqPvicC7CbnavxXrqcNZHeetRiAxOZF2HvdfabQQvfi6EdxyRv8HsXMgGB++0JyXEmaLK7IV97xgeiTOPbgW35UIpUqAd48q+0bma6gXg05qhHuIcCwRjVKqJNXecttY4toYEy9zrM16EBGh0VXsRygtbeZW2akeoN+/SuPKi4gfsHD8zGdzAadhi42nd0COmM95NkEWkqLN1IYVypzwMl5+fGgSStTLgaDVyInlCY+He3s8rzz6cpqJZ2idfKCDiklyr3SUuwYZC9d3Mmq5Kv0VZREvKMZr5oCH14I5VFgJ51zyqEEmWcQ5XhHMeK0tXUgIf9QPO0ilBbBKNzW7uND4JJsydwzxFD+D+sj2rgJUGcKUmoh7kWb9R7EBwr5lI2hfx3xn/J45IO1d6iTkXHdu1/Vnm30xNHUvKPnhCZ5pabGb5akUF7hGVbj4=,iv:vPNRS7xUMTSKhbhlikhRD74j4UqmwFp5lopfcXuDMq4=,tag:IdZXAP5F55BSg9jfLeo6sQ==,type:str] imagePullSecret: - username: ENC[AES256_GCM,data:T1dlmhXaOY+u+QayYefZGEdwprarsuld1uhcr9M=,iv:xTN9kchNanDF8nuusGx1tXjacTNwXMJt9o8Se+Fbtg8=,tag:mUq1850k1BAh+p6L2nLtrA==,type:str] - password: ENC[AES256_GCM,data:eFBMmgUPWXNJIg7B5Q5hjAVLuqJVUF+gIx83wftikM0=,iv:Sc1yVJcwH+PnaVcvOfKvsnjf5445leNYgo8wDc2uaXk=,tag:aJ7ZaLu4cc8LWd/D3UAIIg==,type:str] + username: ENC[AES256_GCM,data:i0k/9Bj2LKLyT3EyKbHjjm5cMVSDUaAo1guVWdY=,iv:4NiAwOIp1r+bhgcQpJnGKNBJP0Q6Szl3EKPPnkCRy7A=,tag:+oYPjWKs0OlmfyVWpggu+Q==,type:str] + password: ENC[AES256_GCM,data:5uAp/e1AAKbb7Q+ij17dpO2N+IR6XEzVV46HCEtG5WE=,iv:DY6WPsGFSeR1WfRUCHXkVceTJY70TluyNQ0cMzpXlrA=,tag:5RDQ4FlxyfcqvETrnInjNQ==,type:str] jupyterhub: proxy: secretToken: ENC[AES256_GCM,data:SEdp0GP18Jf8/QNgDjaPV53qH4Jm9h8nsvNnmzXl+Qt8/tSk6eEhme11k2wNDXAD5XbisiyXjllGGXpAYNNypw==,iv:XMjirhvs3Z0JxYYxJNybDo/Gz1V855jKnHq1i+t2B8c=,tag:jOam9ZpN4+vAGxJKR3Cqeg==,type:str] hub: config: GoogleOAuthenticator: - clientId: ENC[AES256_GCM,data:kACIfFvO+9tXyh1qjX7YD6n5Fg7BjrDrUMJUBcrnvsr8USYrXXErgox+cE3NJIbEwGNC3derI7hit/Tkw3fyZvqOPRVbXoFF,iv:+RaMRqSmRTPqlHMmJ5VG4VhsGxyJp4qPyh5w6ObA9EU=,tag:8hRN4FG9uJC3tv9kfnS+5g==,type:str] - clientSecret: ENC[AES256_GCM,data:yPCxbWXFkmPGVRxz76vnmmLFaemS1ZJY,iv:9hYPbwu1dzfysQvs7glBInwq//JHy7UKVREYHoVUzbI=,tag:Gu0Gdqxt3A2/U8w/4XZONQ==,type:str] + clientId: ENC[AES256_GCM,data:QPkK9d1amVeMGxMbTSTsOy88Rv3cPjiOWRMFervXm0MdVmDCZDoe8gXELs1KAz020dsxAa4fhP6bxMwJVKh6qP7POzChgCCj,iv:pEw1/DwqdJPngawASfe3UAgUXtGwx3ljcrikBahJLV0=,tag:y1f2ZzsKfaSF4zzM1Y0iKA==,type:str] + clientSecret: ENC[AES256_GCM,data:8VANXxVhTiao+XwG0vUsQLPP+36d0WLx,iv:nL1qa28ulR0MszFglaOe1KAJmqDFKLExIAdmGLQuhC8=,tag:SQr3heZpLmRIlMQp4Je08g==,type:str] CILogonOAuthenticator: - clientId: ENC[AES256_GCM,data:h57VJ6F2DI1lkXzhyqeEBLFdZ29oh9JOtcrSuz4UJOV/D5POqq9j+7Yx0Iagh8FHgE8=,iv:TS+WI2Xtu11lbV/ZB7CWMuRkadJ8s6nfcWJck+tIvEs=,tag:90YqJxCf1i++zcShiabgsQ==,type:str] - clientSecret: ENC[AES256_GCM,data:PldaZx94kWAcH1N9j6Kh0wHbQ+LGiO4QdIjGIlzkGu4+8UAPuqzo3suGToYz1hdWQsuMb6X/IkFMFbWsr4wJM/CYO62JfeYgNEKpfUAnlhgPTW9kwpE=,iv:/ZaUrNTNqFlRhZ89tbtLel09vTKAK23XQPE5rj6NtUY=,tag:izD+AE0lRmr9ThfWypYUDA==,type:str] + clientId: ENC[AES256_GCM,data:yr1yyZdY1L+QGCIIj4/FMvjmzdkDCjPCICKRtR05RUbLBW83sDnWKadqAsPXIAqRKzo=,iv:5OgWXPkz6JUfzy4rEV6NV63OW1pvxZKaMM7hWR86vls=,tag:rm36TCyyNl0aDPoYNFn6dw==,type:str] + clientSecret: ENC[AES256_GCM,data:+XXaslJHZITkqg96MEqhsoOPec38FuO21BEATht/zA1HVmsgWqS10RkaGgzLbKuiOCIwYl7n7EPh0EFfZ6kwsnbsrXulf3pjbAU/kF6Uf9GzIqavI1A=,iv:l/SRvvP4mOzE5Mifys5qa5R9wDDypUNSs1VF4AOYvQo=,tag:zI9SAzSSo5OAXzmGgDC3DA==,type:str] AzureAdOAuthenticator: - clientId: ENC[AES256_GCM,data:+i3/2/+0GIYpo5g7LdGPasKVjSNbey+cSDOPAx2DZeLfk6ug,iv:IOwaxDHMLEli2I9CTH+bd3l1uLYNa4Ya008Tz+AsdeM=,tag:Nr+iTl/0jfZSSjbsFwb0Aw==,type:str] - clientSecret: ENC[AES256_GCM,data:18enNQdDMwgZ0sYmiJXVUzMEt6O3+6aZ/TiVmLdinSdeww==,iv:IAOv8td7eAO/RRxmAUGYL1xPXY88o1ll5jxzmbD32Gk=,tag:TRzVxAcyeFDEocLHkPoM0A==,type:str] - tenantId: ENC[AES256_GCM,data:0KI7RrC9BIpUe0XPlhPnW2TG6D4tVSFgnFsKtsWaLhavXhRI,iv:LpfEWEdakSrCKGs9il0DmWQK+Z9SU9cZNH1CmMLTRP0=,tag:UkU+PG8+t8rNOKSZuFutuQ==,type:str] - callbackUrl: ENC[AES256_GCM,data:HpJZxW8Os4Dt0UJflCDh37IIiAbuIewaEF5WXRPHo6Su8RQB9t2QLjNaD4w+02H9qRx+aS7N,iv:cw7IpyaGARcyFXJD/PxZdzDKEknb67RuvWsFaMQkfBo=,tag:gzespFhvUsKmgGxe7aCFUw==,type:str] + clientId: ENC[AES256_GCM,data:n7J2XcCGzX8oH7ocapoTratWo13zVXlskKvIqjn4bgs6/KhW,iv:jjm0qD+5tTqT6gy5mrR++p6r2vk/apB54gwRZixQ/lc=,tag:/iwEXipIOxQl3CtozlBrUg==,type:str] + clientSecret: ENC[AES256_GCM,data:AkhOgfiFgvyDL+B2iw0J3plD30huyLS9FP8jKSX5cl5JgA==,iv:KG9S0PGUehgInrhPUNCsof8m+jXZAUakovY/1JicWNs=,tag:jIruelKOyYxgX8KXhfymMA==,type:str] + tenantId: ENC[AES256_GCM,data:ZCr7IChxKW+Q/7/4epHDg2dkAesVEQpkcP8wceE2p8xmoyq+,iv:2C085vKiPH6U0RLOuyYVos+hgSQxK9Z+HDBcRIagq8E=,tag:2R8ZsV1vug2hN1bNL8y1oQ==,type:str] + callbackUrl: ENC[AES256_GCM,data:P6hlerofceP+BbG60cGDCqMhXKkXY8vvXl0Bui1IVI5XuHkSv6BfklfR6+RmVq5BH2dcl5NF,iv:9cnD/YyEe5q4cZTO+36qS+/V0pnSzn1c2ox3AKOmYwc=,tag:KyJ5DgVaT+mvqk19bS88Zw==,type:str] CryptKeeper: keys: - - ENC[AES256_GCM,data:t7DhpGcxKI2J/LVdc8DavlVUNyJaWfGuGYB24wcOK8kj2jZlc3LOJ9+6cs08Fa3KsOgUtm28szBe3qhOlFLkMw==,iv:YrEdLaKDH0zgw4dQgcWke6AOadj2sqSHoE9tDLmHLMs=,tag:SZtaJYevKGHPGhn3p+KFxw==,type:str] + - ENC[AES256_GCM,data:a5GYchKTvVnJjes1oBgNgNLUhev4Iw0OtwkJP8zmPyjoEGC/vO/xbSgUQlHv7KGNqGIV/kvud2joMoTurvsw4g==,iv:5FBCCQN8pT0qdL9Rv70nYmekBsWTO53tpcv6WhntiAk=,tag:vWzeCzwyeMR9/3wUHKhdYg==,type:str] sops: kms: [] gcp_kms: @@ -32,8 +32,8 @@ sops: enc: CiQAFDQ5yiSdCQCjCd38Lxwuuc0iAS3qKcCZoay6G1KbOFvZmIgSSQBtF0FuuRP9WoLRcIMZ0JVUBLlBZ/6TfV7E62clUjcFJGKID9OCXt5esMp1kbzUtVaW+U9UVyp6OlBxT08lioDbsKapq8oXZhs= azure_kv: [] hc_vault: [] - lastmodified: '2021-01-05T11:55:56Z' - mac: ENC[AES256_GCM,data:Qy0nLA+LmX20p0LqyaSj0fjPgm+UlMeWXwPDluXmDBaObKlDatZ9cxFpWyhh2sN2ntf60eVVFjOrVpmFSv+VlrjpIfZ5ST1Yt7Ez+5LzkgZmmfY/LiROzYIQmktDzp/5INWctRNoG8ecHV9SiY2YbyUbxtFp56jjcIHlvCYbn6w=,iv:+ZMskBlJyvzzcOyfNYjlHZrnGyg/U2G+upiDzxYO9rQ=,tag:0ZfaYt5RHNt3GbZcg/7RsQ==,type:str] + lastmodified: '2021-02-17T11:59:04Z' + mac: ENC[AES256_GCM,data:Mo50tV/+NBtHnErM75fVb0w1EBIbbvhHVsG4Ubl0YeK05n58DNNWfaKHkAcu9MELOh0W6Arjvs8JqaZW6s8V5Oo9uakB8ld6xKYebP783VPJTWTFYOKyQ6cttai5jIny8mOxYTTpLIDSkyEGwF3Bi15A8b493w+FByK54wbY+HY=,iv:WuBnqUC/3dDQIoHSbs44eph+dn1ht0Fee7yo2mMDUAY=,tag:7T+DnoMAUBE5wTcdEC5IgA==,type:str] pgp: [] unencrypted_suffix: _unencrypted version: 3.6.1 From fe3609c04ee8b25342f1f44dc530106a85c7f9ec Mon Sep 17 00:00:00 2001 From: GeorgianaElena Date: Wed, 17 Feb 2021 14:19:32 +0200 Subject: [PATCH 3/6] Use the z2jh 0.11 auth config options --- deployments/utoronto/secrets/prod.yaml | 28 +++++++++++------------ deployments/utoronto/secrets/staging.yaml | 20 ++++++++-------- 2 files changed, 24 insertions(+), 24 deletions(-) diff --git a/deployments/utoronto/secrets/prod.yaml b/deployments/utoronto/secrets/prod.yaml index b50081e..95d2c2d 100644 --- a/deployments/utoronto/secrets/prod.yaml +++ b/deployments/utoronto/secrets/prod.yaml @@ -2,28 +2,28 @@ etcSSHConfig: 01-github-ssh-deploy-key: ENC[AES256_GCM,data:pvha4e3hYLPG5vbUXMJecmPm+VGJG6O/GkhucriOHQWrImEoLMOfFuhTuDVy/aFBfPZejxD1lXLQ5IaVQoIoukemHmvRPTdXsUuuaos2QeujUAjUnhE6GrYueedFO1wMabqqZ2q7Ilmcy+uDC/Rs8Uc/LwWo4AHyxy4OZb5EftlK3oTpCIMxGvFEBraGgbNzJW7CZ6+c/dN5BoEBNMov0132Reeln92B1++aGz/5ax/hWDXmr0D7ye4nGWxicT07uwp8g7i08ZOZwp4X4UWARfLTVRIBezCAO/Hlidd4Gy9BagbNoAiG++qZGFtGqSU07vA8aEx6FESiIEORsYqIn2P7RDHWELFDlk23iq3rsGSyjc0Aser++RFZl5GZ0vqYs6i8AaWXKUXSpgVm95iUq+gTBlLMYHhNpb5aozKS2Cr0L1QVDTbVeo7x0N17MYvAJfZmyQ+kOLvCXHFngbUztv09x/xwOErV8o6EZKb0/f/ycl2NbXNKL9OKXd2R3a6K45diHKEtGWB283QgbLpBrHOBOYz//WJ1mGo9ATtgaKUoQPq2/+T3zneWR5Ruwizolk1HEqxJO8MUk/szQxgJ7vsDbs9T9XsmeU1vmIyvPDIjib96qgpea84+pU+ccyDkcuEZ0N/HC1IFzjwjNV3GIbW3U09z19t4uJsY7H4ZSmplHk0YC13kAWRVpKsBqoJrDVQ2BMCoP04TIuf3PP/L+UuCaIO7pcODRqBuWnhnNQTyNJOZo/2EUZ+qLZVRmoAP6kHG4UwJNR8kFAz5JLwGpuiX7CUTTRCNAfpBC2cnTK8kVd04oTpT9C6XEEo9fzWKoPFwhtpYfiF0By0gYbIUQ/DO7qWevBxUobcxuH5xcJd0+0KMetR86Th7XE33WJ3PVPqnXdW9ZpHBa5ibsPFReMxxZ2iezPPbatkOfIPsCWUpU2z6K+h/vG97MNRBOGiUcEJrtD4McI/cPpjo+4+6M7z21en0xtqjK6PLxP3zPvJpZogyvomaJvT9BsuFciwJpaJGkFbhAIimDhzNb7MRyuZgVf5N/5QLNHca9MMDuZ7zURONMAvUElkzl2SXGVuqlWKKB+pwn6PISUzAm8tD77Z3oGV5bTvffwcm82yVY+EOmyzPEWKJanaD8uewsijfhklMQUywo5zXDIM6xxjnzhjO6pjqEjHtZ2VBhf81e1NdnbQr49XZElpKNecMdTaGtK83fQHM4tWQYUxT+GA0qxY506glPIrAyruB1T+eTId/JiXMiWVNVOVEX4gBJ5wwljG3UOGwZeb5XL795VvqTqw3G1b/nOSWN3C+7KZr6uvP807BlC8MbmpBmc+DXp+xAuETzXa5Q94k75d7S3sU7/cc4dR6GXLeTBSj2ziDyR5y3mNucsztBxIK//SYIeDid48X4aF9z81wkKPvidREVoqUla2XEnyIRy1oMwO8TUSvFWrEVZ8YXd4QShAoWeLE4kEjKrqxCJ3NkEO8MX6MVRwv92FsvSSq9169pTyEDw4i+KxwFl+gJ6iqUl+I8oBufOqDEYCgJTSePZmg44lbkFHzDUQfh8B+gcnqP/edPQPdVj3jnnoLi6b8uwnH28Rm72wAM+L0cWwZu9ApIw6zXXlMS9V+oxcHEPW+OHyKfgee9gpVE+c5bC1W+vCgSnBhjNzoQ3oy5OBgcvOxhpZwM3t8TbPCE2eceeiI7DV0kTgzvRZ/5uOrfjc0nRfvXpL1xCaRQOpmqYSS5w+HnGROGNRtPeuP1uvNkNHB6A3mglXaOFd59B1emvwUQbG7Gs+zIKoYu6VPt/N8Cw8gsCjhDZpJXTJrXmwhnjIBlr36UwT8DNhWUZzbzuzL+lpKkZAD7kOvIbT84i+ZsV/bz9XJQlBBZeJhOcDuUwmlAR6ydhFdvJGCMUHaqHP7LBFlulQKR6G77NMaLrycqDAiSo72mXgsRxYV/UrC2idNvAVOu0DxnUOnrL3qzno1Lg3xjMbDSAuLBr1FCwIzd1GNeDDkmCqMJPlnlpN8aWdyKqUC+B5fyh3URIEicXO/T7lPbNlZ5NrSiK6I9n3wFuwnjAapndphO7hDrZf6xHAXpR5ai9conzhiuDa2UIwuh4djCkd0nb6QXM1CV8xA/wjgDtNfQm7R1nzoYKPvs0ms2FTpahXGtfxCdD1ztMSPHmuEuF/mi6Y1tR692rxdWGDPnOh/dkp+136mzufdRvtnq7WCt+1yKGbOTREiAT6l2Vz0M/5c/hEmyjKJj56PabdgBo1rtX8NSYcLxL90c5C+e/LceSiIhyHoh9q+lP/pUmE3oAPApnpmdqvJmvfF4GpqU8lF+Y4fuRmDAQO8rXdTTyH9USVBjGoxxcduweiR2RER/1TDfX3FeWSDayAqfRlrTkFnDNE8frhCUiTMqUDTvBAV2OjqHnBxgIJFp65tGdaXUo8TCdLuo7JSZGR/ikEXG58jTRubWNLhbEOZi/Cl9H6CdcVIjD1DMExrOA44rDTsTv5qVk2RtD3M1pA4q8nbi3L+ar4zaHDdz9wTauV4t9XxvXuEAz0hzZGj8j3EHr7mThWA4TflSrEQlyMYHJtb1pYy2Kv79+iNBYHrZEH/CSl+/uKWP1lTgaxrAFAD5nD84q5nS7TIjkNz0vKMdZQlEfHqla5+6Pm7lpMgQrwm7DQzccLZDgJo5JYelcjgYuwjxx2NUabEBAPvHbREudiN5+J4dXMw0Ijgsc+Fp7Eb6qC70k2fBY35L1dvN+I1hT4eSBxf8SCbwp/w4hiu1w5QLdOYlXqEA6uwpLoO7JLitzayLJdHaJOrXFNnE5oWjcsNJD7lXO9+YXwiNfZnl0YO1NAEDs9lHeixReVdal8poswmcz3tm/hcxjUfyOh/s9PHc+kVZYnshTBzySHhewAZSuirLYZI2jBQ61GlU/iCR0hKYamRJ4ESkOOmcldBbyDHImL/uoI08vOOAD3zYQfZFuH77GmBcX8XOmfcDS6jblr9WoZ3LeDMcx2XMeYtVx2n88bFyKMO2DH5V62FiE0qDUyzGsox42tJByCH+nWjlz37pvXdWdomLXx7jHMgO/2gDLRfQvX3FocBkJlerQAhwAnNCTXaWKkfsa+k/xU1sOdPjyyTvLn+MaQTW+XiFSlmvVa1QGLi6K8IosnD3ZfNRR0UuSJWapXFsDxYC0wBPrGcdVIXm9pUESXhA8FehgMT/NWyzA3nTJ8syc7G6X1YGVhlDDtNXntWY0QIxVqQguK2Lu+9YWspsKdGza4iiFRs5sLLggjLA7vufYaIgS2RWrVuncHe10cfhjUL5yv0DZjegl+rvthqQLvwK+r7BAe6XdbfMu2hQdFB5qsFxGWoIzfZ3EC0oafg7YJYsnyUNLhqIfNyjFS96zpl6Iy4C1A/8+JDbgTzRDqW+wEAxfB8LCU4eMGT8Iluy2FIo7vVVdKP1GnyVqV1Oz/DlVh5j5bY0y/Bk+fLVVAcv1BHMO5GWJfcXd8H,iv:vmexrl1vePl49qwSlhRyNVAe87c87laicBfcXmTqnEs=,tag:uok9anNzjjYmDM+VFTDjeQ==,type:str] etcGitConfig: githubAppPrivateKey: ENC[AES256_GCM,data:cKCG7G7ju7C2P6jdYrfAHMMl59XywPDOgFNRdRopKkG+coLCTOA2ZPoD+07Y0mXHRCNzH6jg6NXZRfR9WVmNh1unGMgpM9i6xPy19cLmHjJFqNfVOAg7DpQv4+YgJKhJQP7z4qQcHFzF38YrHXxrQP4S/iR/OKPNVciLamwEWFl5036q2ZoK8aC8IpQvN/Z/yliE7f40u86/YeVdNANPy7+le0uh3b8C3KThE5Szwi1mwduenVtZJQy1kb5NuqK+ypwYjaSTfhTPItfpUGUObxn/E38jzmNKNxYjzXJRFwBCPQ4EtTwDzlimWU5aK84Fi7+nYB3VetFOqiIUo4EUmeWLv9z+zLj1wUmwbEFR+er55B4+UJDQcoZh6eEvfqNrzWZz7HOJBZ8o4jiPjLMUf59+AiIsSrhYaOZ2iUToZP9zx2F6GaNnhyccTiGJXQJyGLRgXYg+612kkEJLkGMPrE6Akf2HyQubzOxr1FgXTYT92Xne3EO6oeKour3PNZznLdc0ohxUB1+Saq3fp/Xci3gOw0rfTgXNxti5tejMSHSYr+U6gJhE9sO9HGyhoVprzVqWMdhJbfoMwWcdnmUFiaHb7UsogSUTlgQGFOJrQ3uICoaIpuhsUPIUYjtoYnTnFDW/R7IdcBuhfTJUuTIjtagX9zlcmqVxOK71v3c+ZXEUgzE4wuQkcnRWw4bh8Z8+adPhd7K5/Hzhdl9muN7zD1B+wDmigKl8ia9aLQXsm9WlU3nK2Dq6eoaVxlADVu1UOEHPU4dOZ1+oEdPrF8x32w8vlkEKOUJPG2vDtseN9JlHcQuxThAkjlo+cQB1tiQUHjCoK0mzMcByR33pSeAjG3BnED4oyEng4P98jqnxIj/heIA7u/DwltV7wUIStFSc38uf2vyGVBbye6IqLDp4sUD655IUqCAls8UkFdJHJtjG5DA0ExYsQB1MigwZBy21wazStycbDO9zAjdc/M2Cl8Vih6dmfSSpPi97jONuupAZrowY4anf24A+0tcuHUNQYND+L/X/sKPNGSE1Tuuo7egn7GRtQ8CumboNwQZLnY/hmEpjsBAYduZChdP3gkaLk/M7WWXbTmwjPGKvrzsu3sbUY4e/2z7LsTZH5keqV7Yn0VDk2thYk5KMwhCJgMUR4zQnhxq006973g2JKI1LnSTFfOekhRm/HqBXbszf6APVbhSanIoNM1PacA44/Z4Yy9y92Y8w+Yn/Ch/Y8xginkqlR8jUtX19Mc/Nm4Dq7NSLvd+N9ehpZpKFosQogg5hJrYyDzhTvXFbsRHv2khsJs38XpR30uW2Q2bvbxs3ZVU7/x3IAijLEsH0agWw+Ua73yo+OM9Fcy3sICS4Rm7jhe+jek7ASoiJLA9ANZS3M/WZ834Uqtv+85shkmOnzXN+RU1n2L8h12+yNuJtj8o+bj92eYoGXnNecKrQlIA903iz3tvZdvAmCexd7xoi+KnGcjQ9DZYHH2Wn5FWdvNREDovjgpkOsf3ohi0heXImqng5QUbteW8+Y+i/25EBwFzZhMUhr7w8VkmEfZ3r5AGiT0ZrLunK8cBBCyefm+ZFZA5pOWeUCSf7qk9G/h0BVw47zbtZyIdg5wWyr5eXimQucB+rNrtXjaoIX084b0UL/XdGuFqFP+vNRhYQMah6bSOhq0U8UIsCJ4CEcLzqOQ9S9bi/9tEx1KLmx5Kb7uVY7+DZwboSaH83UVGswxSQFjAnnbmU/c032+fTmOAdBzMIlKJHC/llhnZaSSATyyaHDlc0l5Ll2VKlEzhnUFN1v05gZoBY60kC0KjkrwVl1LqMjtHA4vxzE9xS/xYBiM7E7PfSOwa4dEiyn2YjmAYKdkN7ajLrSZ9FsxF3LpYTdwlHxOixl+kHfWhWSPeQ/v9gnN8vLGE8hvZbCFxg+oug1PkVZZEqx1hCYu6oUNgYXyUyoC472kK9/3+k3eWNauId0XRlU5lxuayGgS2A+LgD0wOapnbpzog30heL3FEu6Mx4Kmtswa+/l8lStkArQqSjlKGOhgqEIA3dItbQBFh5RI6/m3R/pluc7OAZVfU9R385ne+HigtfpvQ5ieRI+Znh11YZsEIzXWtVSVVhIUh+dDXwWbbNAnjXqk7j7xBXbR2rNdmhQTU6ZzKK98MLd1L5gSh/yrOyRAakMTjEfm67WKmtAUzYCwjfwXtCA6HzfZyjFk85nfvFcUOAbE1ks1QAWn1/90sEYSsk6uoqjRiZQ2w=,iv:v573nFuZ6fIG02jQ0gFokqVzhPN9xdJp1D50/haeYPk=,tag:gGE1lIJtJCoiiyE7f/l8gQ==,type:str] +imagePullSecret: + username: ENC[AES256_GCM,data:/LNldKc+Ow0pcQif5YgHVyU/Jhu38VopqR2smaQ=,iv:QBeo0WNBVEHRHEe4l+wmKAWyUFd1s2gBdk1+ihZLDgM=,tag:oRmwrlhptvEwB1siHnWh7w==,type:str] + password: ENC[AES256_GCM,data:Ly3Ngv1nwkZsm+/1kiVulvuLOx8k9nchWXY6LVYLYGc=,iv:y27CQUGyQgSpIVyeyhKwgJNJLI8wXq3wAzBi8S9zILc=,tag:i3cURLLO0Qu2be5qHywQqA==,type:str] jupyterhub: - imagePullSecret: - username: ENC[AES256_GCM,data:1vMAQtf01LrwxP0EStXgUnwPG6R63z8gst295Jk=,iv:enQZowvHjZOK8L3Zbd117fWAYttmWZ9nTQ7YNMOO7O0=,tag:0KCQ2jvV9egLq19kDGn/2g==,type:str] - password: ENC[AES256_GCM,data:xYpsSNiKgALjew9vKI8WtrnEZcysDjOaNExkNXU0n8w=,iv:WKsXUAS7OkBZNcHTcumgz55gUCCiKVm+Mtg387AM3ls=,tag:oQHqCu7X/d9CuPcYP4Tq/A==,type:str] proxy: secretToken: ENC[AES256_GCM,data:zfC2tJUH75wRZBbMPrB280DkV/L82qRvWZ9ne5R0yaEaXnbwCEibUwv8/vVlgBQsgSdFDcLWO6uDtrPXYDfNmA==,iv:JfCmEhrhWQsPgA9TrvpUtdTaIjEVCdsd+G2hYfGbaGY=,tag:JqAoyuF+874sac6IjfisPQ==,type:str] hub: config: GoogleOAuthenticator: - clientId: ENC[AES256_GCM,data:Rp5N763lfv6R7Y3tTlAHXfPLw8ZOxKSJGMEl9wu+N596d2lsP1SB4rHwE29WBSJmGODj7BVohhSeNWpTwTnJfUuwuPDvRaBj,iv:7hFSVnwf0FvoRTXABOLYXbBcKP+EYD/qwndPidCdeTI=,tag:BpEBwke7refOfqsMkucFUQ==,type:str] - clientSecret: ENC[AES256_GCM,data:4bxvtVHsVyvzRywrzjrOTCWFQLV+BInj,iv:TQBwDR3/E0vJsIustu9R3fxuBfD08GylWDRjq2OW8lg=,tag:E7fLJ8Q0forbM97KD1N5Og==,type:str] + client_id: ENC[AES256_GCM,data:2KyYkqZmhKHH4yyLuHt7KrPAKIqDiPQeFWCR499+wpJIE5nSdiqgVCufKXtKAgOkhurzxr2b/ML9+tcnGohjAUeTXZsrz0YB,iv:boVSTFtQxo/pSEKE1bW+j+B2MRTDfNYU9RzIoZrdb38=,tag:hMqeuASqgLWtRTBGI0hwVQ==,type:str] + client_secret: ENC[AES256_GCM,data:KG+0/DX4KVaAzjkTMV9L04UAUtgd2D2o,iv:r3gBM9+Y13EFFNecki6CAlR34stI1jwP5WP11mU5Bl8=,tag:3DKtoMvePXxxg7p/FqsnTw==,type:str] CILogonOAuthenticator: - clientId: ENC[AES256_GCM,data:6Vfm5mIAIqK0mVcuE5Tir+gLxAa7MxkrwcavtvG3trEYTm3pulWdbhHU37kU44mnE64=,iv:3wEPvSVvrbZ76vja8RqAAlzpsEHE6rHGVWd4xxOhblM=,tag:1JenMz0PZ26pEzijNpHTjg==,type:str] - clientSecret: ENC[AES256_GCM,data:KSttzLGPAssRwMS/iC+Or+42LIxaKOpWsUDPhySn3tXgZpgntOiyuivjM/cFZO3KfMjdAccBccVAeZFwNKUkymPagk4xcsN7khNw1yNSESOx7Pi08FE=,iv:Dc40viE4RnzivDe6Lz+7B42iZXWnjEKHICDVIm4eoXM=,tag:7aU461Iun8svrYpc5ZTTTQ==,type:str] + client_id: ENC[AES256_GCM,data:jT8KdAv7KkWK0jJspx3sHDS8DzS9hXthtlivIKyMHhqA++93KC+yZ1pKtxejtvJiGUw=,iv:ptH5FfhF4xBaV1mYyX3uwSWX+bM2I/NiYT3528BJd3I=,tag:Su5byogqcc35zmvLG5WRng==,type:str] + client_secret: ENC[AES256_GCM,data:yz3iTH+xH2j5nMRc30ddXPTEvfB4dGUfYDVoHyQ+1g7Oe6GRXEWR/m0kRCTJQ98z/uo4W3dlFaTPTC22RNYiFa/T7PmZFYwCXIsnKqD3+pxxsrvzGGI=,iv:I1DyGUi68U7V8Zod+/9enDwtFTWFDHq+LuKXVZSC2iQ=,tag:Zb8+WfwD7ICITI6XJVocJQ==,type:str] AzureAdOAuthenticator: - clientId: ENC[AES256_GCM,data:OMGLIEZJVmdBsIFpgQoQejLs7jOLiFsBnxv+pR4Gn8J5XDrV,iv:Rqm4s6IA0NFriqg7wBrXw1IvpO4TUzmAoepZUXuqSXc=,tag:4AaUBhmYfurYQ556SL6Lpw==,type:str] - clientSecret: ENC[AES256_GCM,data:r5dKljKN1x8rl3rpHggq4fM3b08O56DJomJSwD/a6mX1GA==,iv:F3jIKyWhn+doJ7g5QycH7PeKBNqQKEcEWLCUrDw/MhU=,tag:/0Cd3q3/nDR070Z+Tz2Iuw==,type:str] - tenantId: ENC[AES256_GCM,data:rGKQoNUGLgjpJYxT/N3h9mV2KL8phII2V1StXiaNqloAjtl7,iv:yYNafUuyKqSAxVqA4+nFsTpzr9j1EHguwaGWU65nwOw=,tag:JsU9pu3pr/sK/5QqAzVV9g==,type:str] - callbackUrl: ENC[AES256_GCM,data:AYxBoiQw25ueW3svp5YGxVSiPBMyhK8n6W8uEFS6vW/txpyjuLXYoLHViYV6FQ==,iv:t+mnQ7Km8i3o882lrmMjofn3ha4lkUmJTmh1QKoWtzQ=,tag:cEBMFBEA/SghPgHhV8bpQA==,type:str] + client_id: ENC[AES256_GCM,data:+EdYMI9rvqJhZv9Xbyh7qMx9sfnYBOkLAVK4ucwiyvCGhhHy,iv:bwZsBuIvSscsso2P91EW6uiEi3GOHMbRoUiCx3r3fAU=,tag:XCuKVFtejr9GBfrHlALeDA==,type:str] + client_secret: ENC[AES256_GCM,data:yK0kw1dN2pZfOAHUFLNnbTygsIkNgZ4D+g1tqzNu5PxcMg==,iv:URcHNvHgmHnYLhYogkR6xYMwjjcQYnfB1gV0Ns0sPqM=,tag:f20BlSbrwT/LLr+53KUk2g==,type:str] + tenant_id: ENC[AES256_GCM,data:BYhwlY4mxVgvUzZ+MqW+9OjaBL3oyQo8NQTLCBuy/OfWgxSI,iv:9XscEbtamBFhsA65ulte1bC2JXkO98wmhcCEJ0VZkvc=,tag:LTyT3SIrGFpq1XEAWUGSWQ==,type:str] + oauth_callback_url: ENC[AES256_GCM,data:xl9XKumukxWKJjZG1laZHvasuQ+Am4dhNnqrL1VmQ/XmTzLC3gBESQhGEclrDA==,iv:kJcleI9MIxqhbPkpOmUjZlOXhMYl4z7u8BkiEwuO3YY=,tag:TgPv/jTA3UsIzrZV5V9Daw==,type:str] CryptKeeper: keys: - - ENC[AES256_GCM,data:u2Hog7+i5joM+gxMxmYO7rx/P+AzC/AJR2djg/VdyvK7LL3F7rOOUR0GgrpjVSFPvQ47MyZGtJ/7kHMnCoPaYw==,iv:6F/9x9b765wSLYhxZqTMRbznNXZeKuLRDzO5n0pzQiE=,tag:8XjmIZeiv7JracpIwp3ArQ==,type:str] + - ENC[AES256_GCM,data:Uh/jj+m31FRKeo2jgroSg0fIgdMEaEhujiMJFdI69XfbDeT2J7sBX5Lz3LWapJBlonEXojiUSJH4SGfBft2Wkw==,iv:RrlpznzuFqqNYB9vqJbqs5W0pNiIv+ukdW9Zb75i5Wo=,tag:YxaJuKQlPFN23dA1j/1UJw==,type:str] sops: kms: [] gcp_kms: @@ -32,8 +32,8 @@ sops: enc: CiQAFDQ5ytipTU+81DbslBEtqcsIp3o2cCnkMiIaspkoc7WblykSSQBtF0FugrhokuuFAUCLEsyfdsEwLiOriocMhBUsEbPFqTTApZwA/deiO0PRifmxDNLmeCjs42nHenhHzAa/+1QXKmzQCAcUfmI= azure_kv: [] hc_vault: [] - lastmodified: '2021-01-05T11:56:16Z' - mac: ENC[AES256_GCM,data:qy4u+umMlZdqj0FL308HNkowEBEiSmsfdeX6yo6oFeiYKBON12xbJf/lKoLtNh0Hsc6hDPgNVgHmbTMpbVqQi/LIjzKPG2eLU6zrylX7zzW+wIH4zEkB4oAnN9vknb2CxUsFr3VfwLfnG5cC7gK7o0zsihk+dXM65gFDKDrHCGs=,iv:b0iBIcnkFUcpet0klob99zXToDEN79CHqxTzV0LwxPY=,tag:ejcLIYIqAymcDNslXk6lIQ==,type:str] + lastmodified: '2021-02-17T12:15:27Z' + mac: ENC[AES256_GCM,data:CA6Mue5CmmbJzvmBVlNxX4hBHF60P8e358ogFbdtACspbHkBShMQEJWm6gMz9VStZWbdVP3cJgkmPGjVkv1uQATDGBREbIo+QwsQIAhiXzK/UbdTbS28WYrDRkjHQIxvi6g1bi7jraOhJv89BwpagH1qG0LiCj6ELLPEgasHm1g=,iv:feTuTCyjBYNXhTCohY1xSXgVk4Q6LOpYF5wY9FMOy60=,tag:G30HGqniYJ4msfE4zDBzfQ==,type:str] pgp: [] unencrypted_suffix: _unencrypted version: 3.6.1 diff --git a/deployments/utoronto/secrets/staging.yaml b/deployments/utoronto/secrets/staging.yaml index 335c229..f317526 100644 --- a/deployments/utoronto/secrets/staging.yaml +++ b/deployments/utoronto/secrets/staging.yaml @@ -11,16 +11,16 @@ jupyterhub: hub: config: GoogleOAuthenticator: - clientId: ENC[AES256_GCM,data:QPkK9d1amVeMGxMbTSTsOy88Rv3cPjiOWRMFervXm0MdVmDCZDoe8gXELs1KAz020dsxAa4fhP6bxMwJVKh6qP7POzChgCCj,iv:pEw1/DwqdJPngawASfe3UAgUXtGwx3ljcrikBahJLV0=,tag:y1f2ZzsKfaSF4zzM1Y0iKA==,type:str] - clientSecret: ENC[AES256_GCM,data:8VANXxVhTiao+XwG0vUsQLPP+36d0WLx,iv:nL1qa28ulR0MszFglaOe1KAJmqDFKLExIAdmGLQuhC8=,tag:SQr3heZpLmRIlMQp4Je08g==,type:str] + client_id: ENC[AES256_GCM,data:b4AYi4bYO8Lj9fiElc5jTNbGqJOliVbX6AbzQj8VrukXO86csPgy6LfxxIPw6Xh85rI/4AKsaVMp1dMql/eLkpdTqVBVQAh4,iv:avc4kACfVv79qjul92UmkF0xDBKeosaDrevif4GrCMg=,tag:w8dFI8InyEYN4rdWBFiikg==,type:str] + client_secret: ENC[AES256_GCM,data:PIS61unubNvqNABRKFyDe25tbjg775Ng,iv:TcqTaSzs/Kg1gKWn8jHoK45c7ef9L7dkKXO/m0HbyzU=,tag:JM1PlE0bgm+7XGfRr0E1CQ==,type:str] CILogonOAuthenticator: - clientId: ENC[AES256_GCM,data:yr1yyZdY1L+QGCIIj4/FMvjmzdkDCjPCICKRtR05RUbLBW83sDnWKadqAsPXIAqRKzo=,iv:5OgWXPkz6JUfzy4rEV6NV63OW1pvxZKaMM7hWR86vls=,tag:rm36TCyyNl0aDPoYNFn6dw==,type:str] - clientSecret: ENC[AES256_GCM,data:+XXaslJHZITkqg96MEqhsoOPec38FuO21BEATht/zA1HVmsgWqS10RkaGgzLbKuiOCIwYl7n7EPh0EFfZ6kwsnbsrXulf3pjbAU/kF6Uf9GzIqavI1A=,iv:l/SRvvP4mOzE5Mifys5qa5R9wDDypUNSs1VF4AOYvQo=,tag:zI9SAzSSo5OAXzmGgDC3DA==,type:str] + client_id: ENC[AES256_GCM,data:zkAv21d7RHlExRHhzFxbJxmYT0C1hfwm0rXCKRCJ4Esh6Ws4aiDFdOU2Z7PJT5cfq50=,iv:GRRzgEL4TebHg4mN6v8jPZE4ixbDsjwW5X7fz/jVCU4=,tag:sKbVWy4fPqkCPeY4AU8D+A==,type:str] + client_secret: ENC[AES256_GCM,data:oTGSbQ7D0yMjQdqRcnq8YBtsDoBmxqkVM8PNqUKg3faDGCtI+wnPZO4XoVzYNA6PFvd9Xbu6jBSlL5LeeJd+XsoVhSlP2GoS/G13wF8JNSdtGnV+Gto=,iv:LnL7jgajxJMn5Kr9g8hhKQDJBS4n9Ku3APv/AOl1j24=,tag:Zct9YpdaemM8OuHErPn1YA==,type:str] AzureAdOAuthenticator: - clientId: ENC[AES256_GCM,data:n7J2XcCGzX8oH7ocapoTratWo13zVXlskKvIqjn4bgs6/KhW,iv:jjm0qD+5tTqT6gy5mrR++p6r2vk/apB54gwRZixQ/lc=,tag:/iwEXipIOxQl3CtozlBrUg==,type:str] - clientSecret: ENC[AES256_GCM,data:AkhOgfiFgvyDL+B2iw0J3plD30huyLS9FP8jKSX5cl5JgA==,iv:KG9S0PGUehgInrhPUNCsof8m+jXZAUakovY/1JicWNs=,tag:jIruelKOyYxgX8KXhfymMA==,type:str] - tenantId: ENC[AES256_GCM,data:ZCr7IChxKW+Q/7/4epHDg2dkAesVEQpkcP8wceE2p8xmoyq+,iv:2C085vKiPH6U0RLOuyYVos+hgSQxK9Z+HDBcRIagq8E=,tag:2R8ZsV1vug2hN1bNL8y1oQ==,type:str] - callbackUrl: ENC[AES256_GCM,data:P6hlerofceP+BbG60cGDCqMhXKkXY8vvXl0Bui1IVI5XuHkSv6BfklfR6+RmVq5BH2dcl5NF,iv:9cnD/YyEe5q4cZTO+36qS+/V0pnSzn1c2ox3AKOmYwc=,tag:KyJ5DgVaT+mvqk19bS88Zw==,type:str] + client_id: ENC[AES256_GCM,data:McTRpTkdoSyvRR6Il4e3UfY/ByRYJvnPNrzRksEjDlBOs+HI,iv:oKzjj73NrIwu5ny9NXqXbexydhE6qEcKYy3wO5BPyuE=,tag:kHtuPUATFlGUola1dllSyg==,type:str] + client_secret: ENC[AES256_GCM,data:Z1vd3dwEdDO4/KDKABSdLrNszR6pCkDKfKbECQR6fX1Dlw==,iv:FUssO3zTiQosbQr1/cDcgbqn6C/lqZf2R+KzEuA9HD8=,tag:iTUGPumXFhu0sLQfA8VTkw==,type:str] + tenant_id: ENC[AES256_GCM,data:KqfQA7QW47ER1FDoHwYEd428JSK8xAw+rKqGGp0foHyh7EOX,iv:KOr/a/iDtROQDLHsIRvA/Ssrszh9sZEUKkoXkf3xn8M=,tag:wQxvkSQ3nQhm4EyjCm0PiA==,type:str] + oauth_callback_url: ENC[AES256_GCM,data:Mb3cICTEUVGA88M6W0ue/IScTErTLn3gY1l7WhxN+wYODumnUn8yFXPbs07B2Yj5dI/onIxW,iv:r12hbyDkLF+w4zHzVBdRcfrsWqfoaOBLj5Qrj5ArX+s=,tag:BLWEp56y795RxTLj98bzEQ==,type:str] CryptKeeper: keys: - ENC[AES256_GCM,data:a5GYchKTvVnJjes1oBgNgNLUhev4Iw0OtwkJP8zmPyjoEGC/vO/xbSgUQlHv7KGNqGIV/kvud2joMoTurvsw4g==,iv:5FBCCQN8pT0qdL9Rv70nYmekBsWTO53tpcv6WhntiAk=,tag:vWzeCzwyeMR9/3wUHKhdYg==,type:str] @@ -32,8 +32,8 @@ sops: enc: CiQAFDQ5yiSdCQCjCd38Lxwuuc0iAS3qKcCZoay6G1KbOFvZmIgSSQBtF0FuuRP9WoLRcIMZ0JVUBLlBZ/6TfV7E62clUjcFJGKID9OCXt5esMp1kbzUtVaW+U9UVyp6OlBxT08lioDbsKapq8oXZhs= azure_kv: [] hc_vault: [] - lastmodified: '2021-02-17T11:59:04Z' - mac: ENC[AES256_GCM,data:Mo50tV/+NBtHnErM75fVb0w1EBIbbvhHVsG4Ubl0YeK05n58DNNWfaKHkAcu9MELOh0W6Arjvs8JqaZW6s8V5Oo9uakB8ld6xKYebP783VPJTWTFYOKyQ6cttai5jIny8mOxYTTpLIDSkyEGwF3Bi15A8b493w+FByK54wbY+HY=,iv:WuBnqUC/3dDQIoHSbs44eph+dn1ht0Fee7yo2mMDUAY=,tag:7T+DnoMAUBE5wTcdEC5IgA==,type:str] + lastmodified: '2021-02-17T12:18:43Z' + mac: ENC[AES256_GCM,data:F5B7T5PVCeNza3ty7G7kNUh86q3Azl/B11r3+xCrlxLRcjRu/E/A87lj+z663mwxZ2aSfNOK6OgDtAXZCaETec5iaXeXBc9Iq9voqmJL89A1FpJ1GwA0lQ+p++ONIIOL8dYxjEYqYEnm6Wx2wQWxTNtvHeczXWjwaeyxeQQehic=,iv:qTD+6Khbb50axEV7AKG3+82jkyPnNsLINgHtUSr5HOc=,tag:WtyWnnGnFmGv37UBIXZCtA==,type:str] pgp: [] unencrypted_suffix: _unencrypted version: 3.6.1 From 8c75bae3ea21d27ec308f992b963f5c5ad109359 Mon Sep 17 00:00:00 2001 From: GeorgianaElena Date: Wed, 17 Feb 2021 14:21:14 +0200 Subject: [PATCH 4/6] Fix indentation and more old hub version auth config --- deployments/utoronto/config/common.yaml | 11 ++++++----- deployments/utoronto/config/prod.yaml | 6 +++--- deployments/utoronto/config/staging.yaml | 7 ++++--- hub/requirements.lock | 6 +++--- hub/values.yaml | 8 ++++---- 5 files changed, 20 insertions(+), 18 deletions(-) diff --git a/deployments/utoronto/config/common.yaml b/deployments/utoronto/config/common.yaml index 85698a0..7ef9c56 100644 --- a/deployments/utoronto/config/common.yaml +++ b/deployments/utoronto/config/common.yaml @@ -1,9 +1,10 @@ jupyterhub: - auth: - admin: - users: - - 7c76d04b-2a80-4db1-b985-a2d2fa2f708c - - 09056164-42f5-4113-9fd7-dd852e63ff1d + hub: + config: + Authenticator: + admin_users: + - 7c76d04b-2a80-4db1-b985-a2d2fa2f708c + - 09056164-42f5-4113-9fd7-dd852e63ff1d proxy: https: enabled: true diff --git a/deployments/utoronto/config/prod.yaml b/deployments/utoronto/config/prod.yaml index 3d210b9..04e88ce 100644 --- a/deployments/utoronto/config/prod.yaml +++ b/deployments/utoronto/config/prod.yaml @@ -4,9 +4,9 @@ jupyterhub: pvc: # This gonna store logs storage: 10Gi - auth: - google: - callbackUrl: "https://utoronto.2i2c.cloud/hub/oauth_callback" + config: + GoogleOAuthenticator: + oauth_callback_url: "https://utoronto.2i2c.cloud/hub/oauth_callback" scheduling: userPlaceholder: replicas: 100 diff --git a/deployments/utoronto/config/staging.yaml b/deployments/utoronto/config/staging.yaml index b2b4d0e..3b75998 100644 --- a/deployments/utoronto/config/staging.yaml +++ b/deployments/utoronto/config/staging.yaml @@ -1,7 +1,8 @@ jupyterhub: - auth: - google: - callbackUrl: "https://staging.utoronto.2i2c.cloud/hub/oauth_callback" + hub: + config: + GoogleOAuthenticator: + oauth_callback_url: "https://staging.utoronto.2i2c.cloud/hub/oauth_callback" proxy: https: hosts: diff --git a/hub/requirements.lock b/hub/requirements.lock index 8e40080..c65c813 100644 --- a/hub/requirements.lock +++ b/hub/requirements.lock @@ -1,6 +1,6 @@ dependencies: - name: jupyterhub repository: https://jupyterhub.github.io/helm-chart - version: v0.10.6-n080.hf7d7357d -digest: sha256:264288ac166d0091bb2ce45acf631fdf8f5313dd8ee6ba41ef93ffdc4fbed304 -generated: "2020-12-31T16:46:32.278218+05:30" + version: 0.11.1 +digest: sha256:e929b1d318aab69af5148684940e838651fb9cced601abf3003f2e0f5213a2e9 +generated: "2021-02-17T13:34:48.009259791+02:00" diff --git a/hub/values.yaml b/hub/values.yaml index 2854b73..497ce3e 100644 --- a/hub/values.yaml +++ b/hub/values.yaml @@ -121,13 +121,13 @@ jupyterhub: Authenticator: enable_auth_state: true admin_users: - - yuvipanda@gmail.com - - choldgraf@gmail.com - - georgiana.dolocan@gmail.com + - yuvipanda@gmail.com + - choldgraf@gmail.com + - georgiana.dolocan@gmail.com JupyterHub: authenticator_class: azuread GoogleOAuthenticator: - login_service: "University of Toronto ID" + login_service: "University of Toronto ID" proxy: nodeSelector: hub.jupyter.org/pool-name: core-pool From fbde526de1bf190c1a942184331e2659f92c0db9 Mon Sep 17 00:00:00 2001 From: GeorgianaElena Date: Wed, 17 Feb 2021 17:33:55 +0200 Subject: [PATCH 5/6] Specify storageClassName otherwise hub-db-dir immutable error --- deployments/utoronto/config/prod.yaml | 1 + deployments/utoronto/config/staging.yaml | 4 ++++ 2 files changed, 5 insertions(+) diff --git a/deployments/utoronto/config/prod.yaml b/deployments/utoronto/config/prod.yaml index 04e88ce..f4e2365 100644 --- a/deployments/utoronto/config/prod.yaml +++ b/deployments/utoronto/config/prod.yaml @@ -4,6 +4,7 @@ jupyterhub: pvc: # This gonna store logs storage: 10Gi + storageClassName: managed-premium config: GoogleOAuthenticator: oauth_callback_url: "https://utoronto.2i2c.cloud/hub/oauth_callback" diff --git a/deployments/utoronto/config/staging.yaml b/deployments/utoronto/config/staging.yaml index 3b75998..9a367c1 100644 --- a/deployments/utoronto/config/staging.yaml +++ b/deployments/utoronto/config/staging.yaml @@ -1,5 +1,9 @@ jupyterhub: hub: + db: + pvc: + storage: 1Gi + storageClassName: managed-premium config: GoogleOAuthenticator: oauth_callback_url: "https://staging.utoronto.2i2c.cloud/hub/oauth_callback" From dc2acf737f21ff4cb149b6d7d7f7ca71242f2286 Mon Sep 17 00:00:00 2001 From: GeorgianaElena Date: Wed, 17 Feb 2021 18:14:24 +0200 Subject: [PATCH 6/6] Fix previous config hierarchy error --- deployments/utoronto/config/prod.yaml | 1 - deployments/utoronto/config/staging.yaml | 4 --- hub/values.yaml | 35 ++++++++++++------------ 3 files changed, 17 insertions(+), 23 deletions(-) diff --git a/deployments/utoronto/config/prod.yaml b/deployments/utoronto/config/prod.yaml index f4e2365..04e88ce 100644 --- a/deployments/utoronto/config/prod.yaml +++ b/deployments/utoronto/config/prod.yaml @@ -4,7 +4,6 @@ jupyterhub: pvc: # This gonna store logs storage: 10Gi - storageClassName: managed-premium config: GoogleOAuthenticator: oauth_callback_url: "https://utoronto.2i2c.cloud/hub/oauth_callback" diff --git a/deployments/utoronto/config/staging.yaml b/deployments/utoronto/config/staging.yaml index 9a367c1..3b75998 100644 --- a/deployments/utoronto/config/staging.yaml +++ b/deployments/utoronto/config/staging.yaml @@ -1,9 +1,5 @@ jupyterhub: hub: - db: - pvc: - storage: 1Gi - storageClassName: managed-premium config: GoogleOAuthenticator: oauth_callback_url: "https://staging.utoronto.2i2c.cloud/hub/oauth_callback" diff --git a/hub/values.yaml b/hub/values.yaml index 497ce3e..36486ec 100644 --- a/hub/values.yaml +++ b/hub/values.yaml @@ -106,7 +106,23 @@ jupyterhub: mountPath: /etc/github/github-app-private-key.pem subPath: github-app-private-key.pem readOnly: true - + proxy: + nodeSelector: + hub.jupyter.org/pool-name: core-pool + chp: + resources: + requests: + cpu: 0.1 + memory: 128Mi + limits: + memory: 512Mi + traefik: + resources: + requests: + cpu: 0.1 + memory: 256Mi + limits: + memory: 512Mi hub: image: name: containerregistry2i2cutoronto.azurecr.io/ut-hub @@ -128,23 +144,6 @@ jupyterhub: authenticator_class: azuread GoogleOAuthenticator: login_service: "University of Toronto ID" - proxy: - nodeSelector: - hub.jupyter.org/pool-name: core-pool - chp: - resources: - requests: - cpu: 0.1 - memory: 128Mi - limits: - memory: 512Mi - traefik: - resources: - requests: - cpu: 0.1 - memory: 256Mi - limits: - memory: 512Mi db: pvc: # Default seems too slow for our database, causes very bad response times