Deployment

Here we describe the necessary steps for deployment.

Please pardon the state of this document as it is a living and breathing set of instructions, and this part of the project has yet to be addressed.


Kubernetes

What is it?

Why use it?

Possibilities


“Bare Metal”

What is it?

Why use it?

Perhaps you have old computers lying around (if at a university, these may be more than enough for a considerable server) and are looking to repurpose them. Alternatively, your university or company may already have available server resources that you can access for such purposes as classrooms or workshops.


Binder

What is it?

Setting up Kubernetes for Binder




Traefik is really cool and powerful.

Getting Docker, Docker-Compose, configuring basics of Nginx]nginx-install etc.

What this does is add repositories to apt-get that instruct Ubuntu on where to get the latest Docker-CE versions, then installs it (rather than from the default apt-get repositories). It then adds the current user (non-root admin).

Note: This first creates an admin user with sudo privileges, prompts you for the password (and will again a couple of times)

As root: (TODO: grab bash scripts for set up to make environment more pleasant.

Grab stuff from https://github.com/mathematicalmichael/jupyterhub-deploy-docker.git

sudo apt update -y && sudo apt upgrade -y
apt install vim htop -y
useradd mathematicalmichael -m -s /bin/bash
passwd mathematicalmichael

Make sure to change the line above to be a different password. We are assuming that you will be using this account as user mathematicalmichael.

usermod -aG sudo mathematicalmichael

This adds privileges we will need. Now we switch users.

su - mathematicalmichael
export DOCKER_COMPOSE_VERSION=1.23.2

sudo apt update
sudo apt install apt-transport-https ca-certificates curl software-properties-common
curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add -
sudo add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/ubuntu bionic stable"
sudo apt update
apt-cache policy docker-ce
sudo apt install docker-ce

docker --version 
sudo usermod -aG docker root
sudo usermod -aG docker ${USER}
su - ${USER}

sudo curl -L https://github.com/docker/compose/releases/download/$DOCKER_COMPOSE_VERSION/docker-compose-`uname -s`-`uname -m` -o /usr/local/bin/docker-compose
sudo chmod +x /usr/local/bin/docker-compose

docker-compose --version

Have your public_html out in this top directory. We’ll be looking for it to serve the baseline-version of your website.

We need some environment variables based on what we’ve done above..

.env

DOMAIN_NAME=consistentbayes.com
EMAIL=consistentbayes@gmail.com
COMPOSE_PROJECT_NAME=masterhub
JUPYTER_HUB_IMAGE_NAME=jupyterhub
JUPYTER_SINGLE_NAME=jupyter-singleuser_img

vi docker-compose.yml (Note: may remove --logLevel=DEBUG later?)

version: '3'

services:
  reverse-proxy:
    image: traefik:latest
    command: --docker --docker.domain=${DOMAIN_NAME}.local --logLevel=DEBUG
    networks:
      - traefik-network
    ports:
      - 80:80
      - 443:443
      - 8080:8080
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
      - ./traefik.toml:/traefik.toml
      - ./secrets/acme.json:/acme.json
          

  nginx:
    image: nginx:latest
    labels:
      - "traefik.frontend.rule=Host:${DOMAIN_NAME},www.${DOMAIN_NAME}"
    networks:
      - traefik-network
    volumes:
      - public_html:/usr/share/nginx/html


networks:
  traefik-network:
    external: true

vi traefik.toml

logLevel = "DEBUG"
defaultEntryPoints = ["http", "https"]

[web]
address = ":8080"

[docker]
domain = "${DOMAIN_NAME}.local"
watch = true

[entryPoints]
  [entryPoints.http]
  address = ":80"
    [entryPoints.http.redirect]
    entryPoint = "https"
  [entryPoints.https]
  address = ":443"
    [entryPoints.https.tls]
 
[acme]
  email="${EMAIL}"
  storage="acme.json"
  entryPoint="https"
  acmeLogging=true
  onDemand=false
  OnHostRule=true

[acme.httpChallenge]
  entryPoint = "http"

The above Traefik configuration file sets the log level to debug and allows both HTTP and HTTPS requests to the frontend. We then force HTTP (80) traffic to redirect to HTTPS (443) in entrypoints section. The Traefik web interface is configured on port 8080, and the Docker section instructs Traefik to use Docker as a configuration source.

The acme section is used by Traefik to fetch a Let’s Encrypt certificate for the domain that appears in the docker-compose.yml. The great thing about Traefik is that these certificates are dynamic, meaning that if you add a new domain or subdomain to docker-compose.yml, Traefik will automatically fetch the key/certificate and store them in acme.json.

The onDemandoption in acme section will let Traefik request certificates whenever a web request is received for a domain or subdomain which does not already have a certificate. The onHostRule only requests new certificates for domain names that are listed in the docker-compose.yml file.

Create an empty JSON file to hold Let’s Encrypt data that and make this file readable/writable to only the present user.

Should just need to make my version of the jupyterhub-deploy-docker repository include labels for the jupyterhub so that traefik can forward them.

labels:                          # Traefik configuration.
  - "traefik.enable=true"
  - "traefik.frontend.rule=Host:hub.consistentbayes.com"

or "traefik.frontend.rule=Host:hub.consistentbayes.com" Furthermore, this will let me create hubs at any website.com/hubname, etc. Traefik will handle a lot of things for me.

su admin
touch secrets/acme.json
touch secrets/postgres.env
make secrets/postgres.env
make secrets/acme.json
make build

docker-compose up -d