Merge pull request #26 from UCL-ARC/cdkharris/fully-auto

feat: Automate jupyterhub deployment
UCL-ARC · Oct 3, 2024 · 1c8e14a · 1c8e14a
2 parents a679c23 + d5c93d0
commit 1c8e14a
Show file tree

Hide file tree

Showing 12 changed files with 106 additions and 22 deletions.
diff --git a/terraform/README.md b/terraform/README.md
@@ -23,7 +23,7 @@
 | Name | Version |
 |------|---------|
 | <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | 1.9.6 |
-| <a name="requirement_harvester"></a> [harvester](#requirement\_harvester) | 0.6.5 |
+| <a name="requirement_harvester"></a> [harvester](#requirement\_harvester) | 0.6.4 |
 
 ## Providers
 
@@ -44,6 +44,9 @@ No resources.
 
 | Name | Description | Type | Default | Required |
 |------|-------------|------|---------|:--------:|
+| <a name="input_aad_client_id"></a> [aad\_client\_id](#input\_aad\_client\_id) | n/a | `string` | n/a | yes |
+| <a name="input_aad_client_secret"></a> [aad\_client\_secret](#input\_aad\_client\_secret) | n/a | `string` | n/a | yes |
+| <a name="input_aad_tenant_id"></a> [aad\_tenant\_id](#input\_aad\_tenant\_id) | n/a | `string` | n/a | yes |
 | <a name="input_public_key_openssh"></a> [public\_key\_openssh](#input\_public\_key\_openssh) | Public SSH key installed on the VM | `list(string)` | n/a | yes |
 
 ## Outputs

diff --git a/terraform/main.tf b/terraform/main.tf
@@ -7,13 +7,19 @@ module "ssrc-jupyter-dept" {
   ram_gb     = "16Gi"
   os_disk_gb = "50Gi"
 
-  vm_prefix = "ssrc-jupyter-dept"
+  vm_prefix = "jupyter-dept"
 
   namespace    = "ssrc-ns"
   network_name = "ssrc-net-0"
 
   public_key_openssh = var.public_key_openssh
 
+  z2jupyterhub_version = "3.3.8"
+
+  aad_client_id     = var.aad_client_id
+  aad_client_secret = var.aad_client_secret
+  aad_tenant_id     = var.aad_tenant_id
+
   condenser_ingress_isEnabled     = true
   condenser_ingress_test_hostname = "jupyter-dept"
 }

diff --git a/terraform/modules/jupyter/README.md b/terraform/modules/jupyter/README.md
@@ -6,13 +6,13 @@
 | Name | Version |
 |------|---------|
 | <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | 1.9.6 |
-| <a name="requirement_harvester"></a> [harvester](#requirement\_harvester) | 0.6.5 |
+| <a name="requirement_harvester"></a> [harvester](#requirement\_harvester) | 0.6.4 |
 
 ## Providers
 
 | Name | Version |
 |------|---------|
-| <a name="provider_harvester"></a> [harvester](#provider\_harvester) | 0.6.5 |
+| <a name="provider_harvester"></a> [harvester](#provider\_harvester) | 0.6.4 |
 
 ## Modules
 
@@ -22,14 +22,17 @@ No modules.
 
 | Name | Type |
 |------|------|
-| [harvester_cloudinit_secret.cloud-config-jupyter](https://registry.terraform.io/providers/harvester/harvester/0.6.5/docs/resources/cloudinit_secret) | resource |
-| [harvester_virtualmachine.vm](https://registry.terraform.io/providers/harvester/harvester/0.6.5/docs/resources/virtualmachine) | resource |
-| [harvester_image.rhel9](https://registry.terraform.io/providers/harvester/harvester/0.6.5/docs/data-sources/image) | data source |
+| [harvester_cloudinit_secret.cloud-config-jupyter](https://registry.terraform.io/providers/harvester/harvester/0.6.4/docs/resources/cloudinit_secret) | resource |
+| [harvester_virtualmachine.vm](https://registry.terraform.io/providers/harvester/harvester/0.6.4/docs/resources/virtualmachine) | resource |
+| [harvester_image.rhel9](https://registry.terraform.io/providers/harvester/harvester/0.6.4/docs/data-sources/image) | data source |
 
 ## Inputs
 
 | Name | Description | Type | Default | Required |
 |------|-------------|------|---------|:--------:|
+| <a name="input_aad_client_id"></a> [aad\_client\_id](#input\_aad\_client\_id) | n/a | `string` | n/a | yes |
+| <a name="input_aad_client_secret"></a> [aad\_client\_secret](#input\_aad\_client\_secret) | n/a | `string` | n/a | yes |
+| <a name="input_aad_tenant_id"></a> [aad\_tenant\_id](#input\_aad\_tenant\_id) | n/a | `string` | n/a | yes |
 | <a name="input_condenser_ingress_isEnabled"></a> [condenser\_ingress\_isEnabled](#input\_condenser\_ingress\_isEnabled) | Enable web access to the server | `bool` | n/a | yes |
 | <a name="input_condenser_ingress_test_hostname"></a> [condenser\_ingress\_test\_hostname](#input\_condenser\_ingress\_test\_hostname) | Part of the URL for the web application | `string` | n/a | yes |
 | <a name="input_namespace"></a> [namespace](#input\_namespace) | Name of the SSRC namespace | `string` | n/a | yes |
@@ -40,6 +43,7 @@ No modules.
 | <a name="input_vcpu"></a> [vcpu](#input\_vcpu) | Number of CPUs for the VM | `number` | n/a | yes |
 | <a name="input_vm_count"></a> [vm\_count](#input\_vm\_count) | Number of instances of the VM | `number` | n/a | yes |
 | <a name="input_vm_prefix"></a> [vm\_prefix](#input\_vm\_prefix) | Prefix applied to the server resources | `string` | n/a | yes |
+| <a name="input_z2jupyterhub_version"></a> [z2jupyterhub\_version](#input\_z2jupyterhub\_version) | Version of the z2jupyterhub helm chart | `string` | n/a | yes |
 
 ## Outputs
 

diff --git a/terraform/modules/jupyter/install_jupyterhub.sh b/terraform/modules/jupyter/install_jupyterhub.sh
@@ -7,9 +7,9 @@ curl https://raw.githubusercontent.com/helm/helm/HEAD/scripts/get-helm-3 | bash
 helm repo add jupyterhub https://hub.jupyter.org/helm-chart/
 helm repo update
 helm upgrade --cleanup-on-fail \
-  --install demo jupyterhub/jupyterhub \
+  --install jupyterhub jupyterhub/jupyterhub \
   --namespace jupyterhub --create-namespace \
-  --version=3.3.7 \
+  --version=${z2jupyterhub_version} \
   --values jupyterhub_config.yaml
 
 kubectl config set-context $(kubectl config current-context) --namespace jupyterhub
diff --git a/terraform/modules/jupyter/jupyterhub_config.yaml b/terraform/modules/jupyter/jupyterhub_config.yaml
@@ -8,3 +8,29 @@
 # Chart default values:     https://github.com/jupyterhub/zero-to-jupyterhub-k8s/blob/HEAD/jupyterhub/values.yaml
 # Available chart versions: https://hub.jupyter.org/helm-chart/
 #
+debug:
+  enabled: true
+hub:
+  config:
+    AzureAdOAuthenticator:
+      client_id: ${aad_client_id}
+      client_secret: ${aad_client_secret}
+      oauth_callback_url: https://${hostname}.ssrc.condenser.arc.ucl.ac.uk/hub/oauth_callback
+      tenant_id: ${aad_tenant_id}
+      allow_all: true
+    JupyterHub:
+      authenticator_class: azuread
+    KubeSpawner:
+      k8s_api_request_timeout: 300
+singleuser:
+  image:
+    # Other images: https://jupyter-docker-stacks.readthedocs.io/en/latest/using/selecting.html
+    # You should replace the "latest" tag with a fixed version from:
+    # https://hub.docker.com/r/jupyter/datascience-notebook/tags/
+    # Inspect the Dockerfile at:
+    # https://github.com/jupyter/docker-stacks/tree/HEAD/datascience-notebook/Dockerfile
+    name: jupyter/datascience-notebook
+    tag: x86_64-ubuntu-22.04
+  # `cmd: null` allows the custom CMD of the Jupyter docker-stacks to be used
+  # which performs further customization on startup.
+  cmd: null
diff --git a/terraform/modules/jupyter/main.tf b/terraform/modules/jupyter/main.tf
@@ -13,10 +13,24 @@ resource "harvester_cloudinit_secret" "cloud-config-jupyter" {
   namespace = var.namespace
 
   user_data = templatefile("${path.module}/cloud-init.tmpl.yml", {
-    public_key_openssh        = var.public_key_openssh
-    install_k3s_script        = indent(6, file("${path.module}/install_k3s.sh"))
-    jupyterhub_config         = indent(6, file("${path.module}/jupyterhub_config.yaml"))
-    install_jupyterhub_script = indent(6, file("${path.module}/install_jupyterhub.sh"))
+    public_key_openssh = var.public_key_openssh
+    install_k3s_script = indent(6, file("${path.module}/install_k3s.sh"))
+    jupyterhub_config = indent(6, templatefile(
+      "${path.module}/jupyterhub_config.yaml",
+      {
+        hostname          = var.vm_prefix
+        aad_client_id     = var.aad_client_id
+        aad_client_secret = var.aad_client_secret
+        aad_tenant_id     = var.aad_tenant_id
+      }
+      )
+    )
+    install_jupyterhub_script = indent(6, templatefile(
+      "${path.module}/install_jupyterhub.sh",
+      {
+        z2jupyterhub_version = var.z2jupyterhub_version
+      }
+    ))
   })
 }
 

diff --git a/terraform/modules/jupyter/variables.tf b/terraform/modules/jupyter/variables.tf
@@ -46,4 +46,22 @@ variable "condenser_ingress_isEnabled" {
 variable "condenser_ingress_test_hostname" {
   type        = string
   description = "Part of the URL for the web application"
+}
+
+variable "aad_client_id" {
+  type = string
+}
+
+variable "aad_client_secret" {
+  type      = string
+  sensitive = true
+}
+
+variable "aad_tenant_id" {
+  type = string
+}
+
+variable "z2jupyterhub_version" {
+  type        = string
+  description = "Version of the z2jupyterhub helm chart"
 }
diff --git a/terraform/modules/jupyter/versions.tf b/terraform/modules/jupyter/versions.tf
@@ -5,7 +5,7 @@ terraform {
   required_providers {
     harvester = {
       source  = "harvester/harvester"
-      version = "0.6.5"
+      version = "0.6.4"
     }
   }
 

diff --git a/terraform/modules/online-storage/README.md b/terraform/modules/online-storage/README.md
@@ -5,13 +5,13 @@
 
 | Name | Version |
 |------|---------|
-| <a name="requirement_harvester"></a> [harvester](#requirement\_harvester) | >= 0.6.4 |
+| <a name="requirement_harvester"></a> [harvester](#requirement\_harvester) | 0.6.4 |
 
 ## Providers
 
 | Name | Version |
 |------|---------|
-| <a name="provider_harvester"></a> [harvester](#provider\_harvester) | >= 0.6.4 |
+| <a name="provider_harvester"></a> [harvester](#provider\_harvester) | 0.6.4 |
 
 ## Modules
 
@@ -21,10 +21,10 @@ No modules.
 
 | Name | Type |
 |------|------|
-| [harvester_cloudinit_secret.server](https://registry.terraform.io/providers/harvester/harvester/latest/docs/resources/cloudinit_secret) | resource |
-| [harvester_virtualmachine.server](https://registry.terraform.io/providers/harvester/harvester/latest/docs/resources/virtualmachine) | resource |
-| [harvester_volume.mount-disk](https://registry.terraform.io/providers/harvester/harvester/latest/docs/resources/volume) | resource |
-| [harvester_image.rhel9](https://registry.terraform.io/providers/harvester/harvester/latest/docs/data-sources/image) | data source |
+| [harvester_cloudinit_secret.server](https://registry.terraform.io/providers/harvester/harvester/0.6.4/docs/resources/cloudinit_secret) | resource |
+| [harvester_virtualmachine.server](https://registry.terraform.io/providers/harvester/harvester/0.6.4/docs/resources/virtualmachine) | resource |
+| [harvester_volume.mount-disk](https://registry.terraform.io/providers/harvester/harvester/0.6.4/docs/resources/volume) | resource |
+| [harvester_image.rhel9](https://registry.terraform.io/providers/harvester/harvester/0.6.4/docs/data-sources/image) | data source |
 
 ## Inputs
 

diff --git a/terraform/modules/online-storage/providers.tf b/terraform/modules/online-storage/providers.tf
@@ -4,7 +4,7 @@ terraform {
 
     harvester = {
       source  = "harvester/harvester"
-      version = ">= 0.6.4"
+      version = "0.6.4"
     }
 
   }

diff --git a/terraform/variables.tf b/terraform/variables.tf
@@ -2,3 +2,16 @@ variable "public_key_openssh" {
   type        = list(string)
   description = "Public SSH key installed on the VM"
 }
+
+variable "aad_client_id" {
+  type = string
+}
+
+variable "aad_client_secret" {
+  type      = string
+  sensitive = true
+}
+
+variable "aad_tenant_id" {
+  type = string
+}
diff --git a/terraform/versions.tf b/terraform/versions.tf
@@ -5,7 +5,7 @@ terraform {
   required_providers {
     harvester = {
       source  = "harvester/harvester"
-      version = "0.6.5"
+      version = "0.6.4"
     }
   }