From dea865cbccbd6b6d53a32e18bd6c99114f098710 Mon Sep 17 00:00:00 2001
From: Tarashish Mishra <sunu@sunu.in>
Date: Wed, 22 Nov 2023 16:15:46 +0530
Subject: [PATCH 1/3] Install eoAPI and JupyterHub on the labs cluster

---
 .github/workflows/helm.yaml        | 56 +++++++++++++++++++++++
 deploy/helm/eoapi/values.yaml      | 38 ++++++++++++++++
 deploy/helm/jupyterhub/values.yaml | 73 ++++++++++++++++++++++++++++++
 deploy/k8s/project-contact.yaml    | 14 ++++++
 4 files changed, 181 insertions(+)
 create mode 100644 .github/workflows/helm.yaml
 create mode 100644 deploy/helm/eoapi/values.yaml
 create mode 100644 deploy/helm/jupyterhub/values.yaml
 create mode 100644 deploy/k8s/project-contact.yaml

diff --git a/.github/workflows/helm.yaml b/.github/workflows/helm.yaml
new file mode 100644
index 0000000..d34d57c
--- /dev/null
+++ b/.github/workflows/helm.yaml
@@ -0,0 +1,56 @@
+name: Deploy with Helm
+
+on:
+  push:
+    branches:
+    - main
+  workflow_dispatch:
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+
+    steps:
+    - name: Checkout code
+      uses: actions/checkout@v2
+
+    - id: 'auth'
+      uses: 'google-github-actions/auth@v1'
+      with:
+        credentials_json: '${{ secrets.GOOGLE_CREDENTIALS }}'
+
+    - name: 'Set up Cloud SDK'
+      uses: 'google-github-actions/setup-gcloud@v1'
+    - name: Configure kubectl
+      run: |
+        gcloud components install gke-gcloud-auth-plugin
+        gcloud config set project ${{ secrets.PROJECT_ID }}
+        gcloud config set compute/zone ${{ secrets.COMPUTE_ZONE }}
+        gcloud container clusters get-credentials ${{ secrets.CLUSTER_NAME }}
+
+    - name: 'Set up Helm'
+      uses: 'Azure/setup-helm@v1'
+      with:
+        version: 'v3.12.0'
+
+    # - name: "Deploy eoAPI Helm Chart"
+    #   run: |
+    #     helm upgrade --install --namespace ifrc-eoapi-risk --create-namespace \
+    #     --repo https://devseed.com/eoapi-k8s/ \
+    #     -f deploy/helm/eoapi/values.yaml ifrc-eoapi-risk eoapi \
+    #     --version 0.1.2 \
+    #     --set db.settings.secrets.PGPASSWORD="${{ secrets.PGPASSWORD }}" \
+    #     --set db.settings.secrets.POSTGRES_PASSWORD="${{ secrets.PGPASSWORD }}"
+
+    - name: "Deploy JupyterHub"
+      run: |
+        helm upgrade --cleanup-on-fail \
+        --repo https://hub.jupyter.org/helm-chart/ \
+        --install ifrc-eoapi-risk-jupyterhub jupyterhub \
+        --namespace ifrc-eoapi-risk \
+        --create-namespace \
+        --version=3.1.0 \
+        --values deploy/helm/jupyterhub/values.yaml
+
+    - name: Create contacts configmap
+      run: kubectl apply -f deploy/k8s/project-contact.yaml --namespace ifrc-eoapi-risk
diff --git a/deploy/helm/eoapi/values.yaml b/deploy/helm/eoapi/values.yaml
new file mode 100644
index 0000000..3a8dfc2
--- /dev/null
+++ b/deploy/helm/eoapi/values.yaml
@@ -0,0 +1,38 @@
+db:
+  settings:
+    secrets:
+      PGUSER: "dbuser"
+      POSTGRES_USER: "dbuser"
+      PGPASSWORD: ""
+      POSTGRES_PASSWORD: ""
+    resources:
+      requests:
+        storage: "100Mi"
+        cpu: "212m"
+        memory: "512Mi"
+      limits:
+        cpu: "212m"
+        memory: "512Mi"
+
+raster:
+  enabled: true
+  image:
+    name: ghcr.io/stac-utils/titiler-pgstac
+    tag: uvicorn-0.6.0
+  settings:
+    resources:
+      limits:
+        cpu: "500m"
+        memory: "512Mi"
+      requests:
+        cpu: "256m"
+        memory: "512Mi"
+
+ingress:
+  host: eoapi.ifrc-risk.k8s.labs.ds.io
+  tls:
+    enabled: true
+    secretName: eoapi-tls
+    certManager: true
+    certManagerIssuer: letsencrypt-prod
+    cerrtManagerEmail: tarashish@developmentseed.org
diff --git a/deploy/helm/jupyterhub/values.yaml b/deploy/helm/jupyterhub/values.yaml
new file mode 100644
index 0000000..14a23c0
--- /dev/null
+++ b/deploy/helm/jupyterhub/values.yaml
@@ -0,0 +1,73 @@
+singleuser:
+  # Base image used for spawning user's notebook servers
+  image:
+    name: jupyter/minimal-notebook
+    tag: latest
+  cmd: null
+
+  # Resource allocation per user
+  memory:
+    limit: 1G
+    guarantee: 1G
+  cpu:
+    limit: 0.5
+    guarantee: 0.5
+  storage:
+    extraVolumes:
+      - name: shm-volume
+        emptyDir:
+          medium: Memory
+    extraVolumeMounts:
+      - name: shm-volume
+        mountPath: /dev/shm
+    capacity: 50Gi
+  
+  # Culling idle servers
+  extraFiles:
+    # jupyter_notebook_config reference: https://jupyter-notebook.readthedocs.io/en/stable/config.html
+    jupyter_notebook_config.json:
+      mountPath: /etc/jupyter/jupyter_notebook_config.json
+      # data is a YAML structure here but will be rendered to JSON file as our
+      # file extension is ".json".
+      data:
+        MappingKernelManager:
+          # cull_idle_timeout: timeout (in seconds) after which an idle kernel is
+          # considered ready to be culled
+          cull_idle_timeout: 1200 # default: 0
+
+          # cull_interval: the interval (in seconds) on which to check for idle
+          # kernels exceeding the cull timeout value
+          cull_interval: 120 # default: 300
+
+          # cull_connected: whether to consider culling kernels which have one
+          # or more connections
+          cull_connected: true # default: false
+
+          # cull_busy: whether to consider culling kernels which are currently
+          # busy running some code
+          cull_busy: false # default: false
+
+hub:
+  config:
+    GitHubOAuthenticator:
+      client_id: ""
+      client_secret: ""
+      oauth_callback_url: https://jupyter.ifrc-risk.k8s.labs.ds.io/hub/oauth_callback
+      allowed_organizations:
+        - developmentseed
+      scope:
+        - read:org
+    JupyterHub:
+      authenticator_class: github
+
+ingress:
+  enabled: true
+  hosts:
+    - jupyter.ifrc-risk.k8s.labs.ds.io
+  annotations:
+    kubernetes.io/ingress.class: nginx
+    cert-manager.io/issuer: letsencrypt-prod
+  tls:
+    - hosts:
+        - jupyter.ifrc-risk.k8s.labs.ds.io
+      secretName: jupyterhub-tls
diff --git a/deploy/k8s/project-contact.yaml b/deploy/k8s/project-contact.yaml
new file mode 100644
index 0000000..89b4809
--- /dev/null
+++ b/deploy/k8s/project-contact.yaml
@@ -0,0 +1,14 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: ifrc-eoapi-risk-contacts
+data:
+  project: ifrc-eoapi-risk
+  repo: "github.com/developmentseed/eoapi-risk"
+  contacts: |
+    - name: Sanjay Bhangar
+      email: sanjay@developmentseed.org
+      slack: batpad
+    - name: Tarashish Mishra
+      email: tarashish@developmentseed.org
+      slack: tarashish
\ No newline at end of file

From 39e08f6aaf0e5a6033ee66b61ab6a26d0a59d024 Mon Sep 17 00:00:00 2001
From: Tarashish Mishra <sunu@sunu.in>
Date: Wed, 22 Nov 2023 16:40:38 +0530
Subject: [PATCH 2/3] cycled client secret. storing it as a gh actions secret

client id can be public
---
 .github/workflows/helm.yaml        | 1 +
 deploy/helm/jupyterhub/values.yaml | 2 +-
 2 files changed, 2 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/helm.yaml b/.github/workflows/helm.yaml
index d34d57c..acf62d0 100644
--- a/.github/workflows/helm.yaml
+++ b/.github/workflows/helm.yaml
@@ -51,6 +51,7 @@ jobs:
         --create-namespace \
         --version=3.1.0 \
         --values deploy/helm/jupyterhub/values.yaml
+        --set hub.config.GitHubOAuthenticator.client_secret="${{ secrets.GH_CLIENT_SECRET }}"
 
     - name: Create contacts configmap
       run: kubectl apply -f deploy/k8s/project-contact.yaml --namespace ifrc-eoapi-risk
diff --git a/deploy/helm/jupyterhub/values.yaml b/deploy/helm/jupyterhub/values.yaml
index 14a23c0..c6bed02 100644
--- a/deploy/helm/jupyterhub/values.yaml
+++ b/deploy/helm/jupyterhub/values.yaml
@@ -50,7 +50,7 @@ singleuser:
 hub:
   config:
     GitHubOAuthenticator:
-      client_id: ""
+      client_id: 80a37fd680d7d7095d58
       client_secret: ""
       oauth_callback_url: https://jupyter.ifrc-risk.k8s.labs.ds.io/hub/oauth_callback
       allowed_organizations:

From dd580530d1794ad594b7bafa380adb9d1fcf0eee Mon Sep 17 00:00:00 2001
From: Tarashish Mishra <sunu@sunu.in>
Date: Wed, 29 Nov 2023 10:03:48 +0530
Subject: [PATCH 3/3] install latest eoapi

---
 .github/workflows/helm.yaml | 16 ++++++++--------
 1 file changed, 8 insertions(+), 8 deletions(-)

diff --git a/.github/workflows/helm.yaml b/.github/workflows/helm.yaml
index acf62d0..94a5795 100644
--- a/.github/workflows/helm.yaml
+++ b/.github/workflows/helm.yaml
@@ -33,14 +33,14 @@ jobs:
       with:
         version: 'v3.12.0'
 
-    # - name: "Deploy eoAPI Helm Chart"
-    #   run: |
-    #     helm upgrade --install --namespace ifrc-eoapi-risk --create-namespace \
-    #     --repo https://devseed.com/eoapi-k8s/ \
-    #     -f deploy/helm/eoapi/values.yaml ifrc-eoapi-risk eoapi \
-    #     --version 0.1.2 \
-    #     --set db.settings.secrets.PGPASSWORD="${{ secrets.PGPASSWORD }}" \
-    #     --set db.settings.secrets.POSTGRES_PASSWORD="${{ secrets.PGPASSWORD }}"
+    - name: "Deploy eoAPI Helm Chart"
+      run: |
+        helm upgrade --install --namespace ifrc-eoapi-risk --create-namespace \
+        --repo https://devseed.com/eoapi-k8s/ \
+        -f deploy/helm/eoapi/values.yaml ifrc-eoapi-risk eoapi \
+        --version 0.1.12 \
+        --set db.settings.secrets.PGPASSWORD="${{ secrets.PGPASSWORD }}" \
+        --set db.settings.secrets.POSTGRES_PASSWORD="${{ secrets.PGPASSWORD }}"
 
     - name: "Deploy JupyterHub"
       run: |