Configure and deploy the support chart#
The support chart is a helm chart maintained by the 2i2c Engineers that consists of common tools used to support JupyterHub deployments in the cloud.
These tools are ingress-nginx, for controlling ingresses and load balancing; cert-manager, for automatically provisioning TLS certificates from Let’s Encrypt; Prometheus, for scraping and storing metrics from the cluster and hub; and Grafana, for visualising the metrics retrieved by Prometheus.
This section will walk you through how to deploy the support chart on a cluster.
Attention
If you ran deployer generate dedicated-cluster ... during the new cluster setup,
then a lot of these files will have already been created for you and you do not
need to recreate them, only update them if required.
Make sure support.values.yaml is correctly configured#
In the infrastructure repo, the full filepath should be: config/clusters/<cluster_name>/support.values.yaml.
If the cluster is running on GCP or AWS, the deployer should have been generated this file already.
If you are deploying the support chart on an AWS cluster, you must also manually update the
aws-ce-grafana-backendservice account annotation in thesupport.values.yamlwith the output of thew following command:
terraform output -raw aws_ce_grafana_backend_k8s_sa_annotation
If you are deploying the support chart on an Azure cluster, you must manually create such a file using the template at
config/clusters/templates/common/support.values.yaml. Also, you must set an annotation foringress-nginx’s k8s Service resource by including the following in yoursupport.values.yamlfile:
ingress-nginx:
controller:
service:
annotations:
# This annotation is a requirement for use in Azure provided
# LoadBalancer.
#
# ref: https://learn.microsoft.com/en-us/azure/aks/ingress-basic?tabs=azure-cli#basic-configuration
# ref: https://github.com/Azure/AKS/blob/master/CHANGELOG.md#release-2022-09-11
# ref: https://github.com/Azure/AKS/issues/2907#issuecomment-1109759262
# ref: https://github.com/kubernetes/ingress-nginx/issues/8501#issuecomment-1108428615
#
service.beta.kubernetes.io/azure-load-balancer-health-probe-request-path: /healthz
Edit your cluster.yaml file#
Add the following config as a top-level key to your cluster.yaml file.
Note this filepath is relative to the location of your cluster.yaml file.
support:
helm_chart_values_files:
- support.values.yaml
Deploy the support chart via the deployer#
Use the deployer tool to deploy the support chart to the cluster.
See Manually deploy a config change for details on how to setup the tool locally.
deployer deploy-support $CLUSTER_NAME
Setting DNS records#
Once the support chart has been successfully deployed, retrieve the external IP address for the ingress-nginx load balancer.
deployer use-cluster-credentials $CLUSTER_NAME
kubectl --namespace=support get service support-ingress-nginx-controller
Add DNS records for the 2i2c.cloud domain under “Advanced DNS” in
Namecheap.com:
<cluster-name>, used for the primary hub (if it exists).*.<cluster-name>, for all other hubs, grafana and prometheus instances.
Use an A record when we point to an external IP address (GCP, Azure), and a
CNAME record when we point to another domain (AWS).
Note
It may take a while for this configuration to propagate to all devices making DNS lookups. After that, cert-manager needs to do its job to acquire HTTPS certificates. And finally, the ingress-nginx server that makes use of the HTTPS certificates needs to reload to use the acquired certificates.