Here we describe the necessary steps for deployment.
Please pardon the state of this document as it is a living and breathing set of instructions, and this part of the project has yet to be addressed.
Kubernetes
What is it?
Why use it?
Possibilities
“Bare Metal”
What is it?
Why use it?
Perhaps you have old computers lying around (if at a university, these may be more than enough for a considerable server) and are looking to repurpose them. Alternatively, your university or company may already have available server resources that you can access for such purposes as classrooms or workshops.
Binder
What is it?
Setting up Kubernetes for Binder
Traefik is really cool and powerful.
Getting Docker, Docker-Compose, configuring basics of Nginx]nginx-install etc.
What this does is add repositories to apt-get that instruct Ubuntu on where to get the latest Docker-CE versions, then installs it (rather than from the default apt-get repositories). It then adds the current user (non-root admin).
Note: This first creates an admin user with sudo privileges, prompts you for the password (and will again a couple of times)
As root: (TODO: grab bash scripts for set up to make environment more pleasant.
Grab stuff from https://github.com/mathematicalmichael/jupyterhub-deploy-docker.git
sudo apt update -y && sudo apt upgrade -y
apt install vim htop -y
useradd mathematicalmichael -m -s /bin/bash
passwd mathematicalmichael
Make sure to change the line above to be a different password. We are assuming that you will be using this account as user mathematicalmichael.
usermod -aG sudo mathematicalmichael
This adds privileges we will need. Now we switch users.
su - mathematicalmichael
export DOCKER_COMPOSE_VERSION=1.23.2
sudo apt update
sudo apt install apt-transport-https ca-certificates curl software-properties-common
curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add -
sudo add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/ubuntu bionic stable"
sudo apt update
apt-cache policy docker-ce
sudo apt install docker-ce
docker --version
sudo usermod -aG docker root
sudo usermod -aG docker ${USER}
su - ${USER}
sudo curl -L https://github.com/docker/compose/releases/download/$DOCKER_COMPOSE_VERSION/docker-compose-`uname -s`-`uname -m` -o /usr/local/bin/docker-compose
sudo chmod +x /usr/local/bin/docker-compose
docker-compose --version
Have your public_html out in this top directory. We’ll be looking for it to serve the baseline-version of your website.
We need some environment variables based on what we’ve done above..
.env
DOMAIN_NAME=consistentbayes.com
EMAIL=consistentbayes@gmail.com
COMPOSE_PROJECT_NAME=masterhub
JUPYTER_HUB_IMAGE_NAME=jupyterhub
JUPYTER_SINGLE_NAME=jupyter-singleuser_img
vi docker-compose.yml (Note: may remove --logLevel=DEBUG later?)
version: '3'
services:
reverse-proxy:
image: traefik:latest
command: --docker --docker.domain=${DOMAIN_NAME}.local --logLevel=DEBUG
networks:
- traefik-network
ports:
- 80:80
- 443:443
- 8080:8080
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- ./traefik.toml:/traefik.toml
- ./secrets/acme.json:/acme.json
nginx:
image: nginx:latest
labels:
- "traefik.frontend.rule=Host:${DOMAIN_NAME},www.${DOMAIN_NAME}"
networks:
- traefik-network
volumes:
- public_html:/usr/share/nginx/html
networks:
traefik-network:
external: true
vi traefik.toml
logLevel = "DEBUG"
defaultEntryPoints = ["http", "https"]
[web]
address = ":8080"
[docker]
domain = "${DOMAIN_NAME}.local"
watch = true
[entryPoints]
[entryPoints.http]
address = ":80"
[entryPoints.http.redirect]
entryPoint = "https"
[entryPoints.https]
address = ":443"
[entryPoints.https.tls]
[acme]
email="${EMAIL}"
storage="acme.json"
entryPoint="https"
acmeLogging=true
onDemand=false
OnHostRule=true
[acme.httpChallenge]
entryPoint = "http"
The above Traefik configuration file sets the log level to debug and allows both HTTP and HTTPS requests to the frontend. We then force HTTP (80) traffic to redirect to HTTPS (443) in
entrypointssection. The Traefik web interface is configured on port8080, and the Docker section instructs Traefik to use Docker as a configuration source.The acme section is used by Traefik to fetch a Let’s Encrypt certificate for the domain that appears in the
docker-compose.yml. The great thing about Traefik is that these certificates are dynamic, meaning that if you add a new domain or subdomain todocker-compose.yml, Traefik will automatically fetch the key/certificate and store them inacme.json.The
onDemandoption inacmesection will let Traefik request certificates whenever a web request is received for a domain or subdomain which does not already have a certificate. TheonHostRuleonly requests new certificates for domain names that are listed in thedocker-compose.ymlfile.Create an empty JSON file to hold Let’s Encrypt data that and make this file readable/writable to only the present user.
Should just need to make my version of the jupyterhub-deploy-docker repository include labels for the jupyterhub so that traefik can forward them.
labels: # Traefik configuration.
- "traefik.enable=true"
- "traefik.frontend.rule=Host:hub.consistentbayes.com"
or "traefik.frontend.rule=Host:hub.consistentbayes.com"
Furthermore, this will let me create hubs at any website.com/hubname, etc. Traefik will handle a lot of things for me.
su admin
touch secrets/acme.json
touch secrets/postgres.env
make secrets/postgres.env
make secrets/acme.json
make build
docker-compose up -d