Merge pull request #3190 from yuvipanda/osscratch

Setup scratch bucket for openscapes
2i2c-org · Oct 2, 2023 · 2a4539b · 2a4539b
2 parents a4c1da7 + a5b03b7
commit 2a4539b
Show file tree

Hide file tree

Showing 4 changed files with 45 additions and 1 deletion.
diff --git a/config/clusters/openscapes/prod.values.yaml b/config/clusters/openscapes/prod.values.yaml
@@ -1,11 +1,16 @@
 basehub:
+  userServiceAccount:
+    annotations:
+      eks.amazonaws.com/role-arn: arn:aws:iam::783616723547:role/openscapeshub-prod
   jupyterhub:
     ingress:
       hosts: [openscapes.2i2c.cloud]
       tls:
         - hosts: [openscapes.2i2c.cloud]
           secretName: https-auto-tls
     singleuser:
+      extraEnv:
+        SCRATCH_BUCKET: s3://openscapeshub-scratch/$(JUPYTERHUB_USER)
       profileList:
         - display_name: Python
           description: Python datascience environment

diff --git a/config/clusters/openscapes/staging.values.yaml b/config/clusters/openscapes/staging.values.yaml
@@ -1,11 +1,16 @@
 basehub:
+  userServiceAccount:
+    annotations:
+      eks.amazonaws.com/role-arn: arn:aws:iam::783616723547:role/openscapeshub-staging
   jupyterhub:
     ingress:
       hosts: [staging.openscapes.2i2c.cloud]
       tls:
         - hosts: [staging.openscapes.2i2c.cloud]
           secretName: https-auto-tls
     singleuser:
+      extraEnv:
+        SCRATCH_BUCKET: s3://openscapeshub-scratch-staging/$(JUPYTERHUB_USER)
       profileList:
         - display_name: Python
           description: Python datascience environment

diff --git a/terraform/aws/buckets.tf b/terraform/aws/buckets.tf
@@ -55,3 +55,14 @@ resource "aws_s3_bucket_policy" "user_bucket_access" {
   bucket   = aws_s3_bucket.user_buckets[each.value.bucket_name].id
   policy   = data.aws_iam_policy_document.bucket_access[each.key].json
 }
+
+output "buckets" {
+  value       = { for b, _ in var.user_buckets : b => aws_s3_bucket.user_buckets[b].id }
+  description = <<-EOT
+  List of S3 buckets created for this cluster
+
+  Since S3 bucket names need to be globally unique, we prefix each item in
+  the user_buckets variable with the prefix variable. This output displays
+  the full name of all S3 buckets created conveniently.
+  EOT
+}
diff --git a/terraform/aws/projects/openscapes.tfvars b/terraform/aws/projects/openscapes.tfvars
@@ -2,4 +2,27 @@ region = "us-west-2"
 
 cluster_name = "openscapeshub"
 
-cluster_nodes_location = "us-west-2b"
+cluster_nodes_location = "us-west-2b"
+
+user_buckets = {
+  "scratch-staging" : {
+    "delete_after" : 7
+  },
+  "scratch" : {
+    "delete_after" : 7
+  },
+}
+
+
+hub_cloud_permissions = {
+  "staging" : {
+    requestor_pays : true,
+    bucket_admin_access : ["scratch-staging"],
+    extra_iam_policy : ""
+  },
+  "prod" : {
+    requestor_pays : true,
+    bucket_admin_access : ["scratch"],
+    extra_iam_policy : ""
+  },
+}