From faa7d8529a9a12c09a1211b43d20724e479c0327 Mon Sep 17 00:00:00 2001
From: YuviPanda <yuvipanda@gmail.com>
Date: Fri, 24 Jan 2025 19:05:48 -0800
Subject: [PATCH 1/3] Actually add hetzner-2i2c-bare files

Forgot to include these in https://github.com/jupyterhub/mybinder.org-deploy/pull/3197
---
 config/hetzner-2i2c-bare.yaml            | 165 +++++++++++++++++++++++
 secrets/hetzner-2i2c-bare-kubeconfig.yml | Bin 0 -> 2982 bytes
 secrets/hetzner-2i2c-bare.key            | Bin 0 -> 466 bytes
 secrets/hetzner-2i2c-bare.key.pub        | Bin 0 -> 146 bytes
 4 files changed, 165 insertions(+)
 create mode 100644 config/hetzner-2i2c-bare.yaml
 create mode 100644 secrets/hetzner-2i2c-bare-kubeconfig.yml
 create mode 100644 secrets/hetzner-2i2c-bare.key
 create mode 100644 secrets/hetzner-2i2c-bare.key.pub

diff --git a/config/hetzner-2i2c-bare.yaml b/config/hetzner-2i2c-bare.yaml
new file mode 100644
index 000000000..57b992f4e
--- /dev/null
+++ b/config/hetzner-2i2c-bare.yaml
@@ -0,0 +1,165 @@
+projectName: hetzner-2i2c-bare
+
+registry:
+  enabled: true
+  replicas: 1
+  config:
+    storage:
+      # Uncomment this and comment out the s3 config to use filesystem
+      # filesystem:
+      #   rootdirectory: /var/lib/registry
+      s3:
+        regionendpoint: https://nbg1.your-objectstorage.com
+        bucket: mybinder-2i2c-registry
+        region: does-not-matter
+  storage:
+    filesystem:
+      storageClassName: "local-path"
+  ingress:
+    hosts:
+      - registry.2i2c-bare.mybinder.org
+
+cryptnono:
+  detectors:
+    monero:
+      enabled: false
+    execwhacker:
+      containerdHostPath: /run/k3s/containerd/containerd.sock
+
+binderhub:
+  config:
+    BinderHub:
+      hub_url: https://hub.2i2c-bare.mybinder.org
+      badge_base_url: https://mybinder.org
+      sticky_builds: true
+      image_prefix: registry.2i2c-bare.mybinder.org/i-
+      # image_prefix: quay.io/mybinder-hetzner-2i2c/image-
+      # build_docker_host: /var/run/dind/docker.sock
+    # TODO: we should have CPU requests, too
+    # use this to limit the number of builds per node
+    # complicated: dind memory request + KubernetesBuildExecutor.memory_request * builds_per_node ~= node memory
+    KubernetesBuildExecutor:
+      memory_request: "2G"
+      memory_limit: "4G"
+      docker_host: /var/run/dind/docker.sock
+      repo2docker_extra_args:
+        # try to avoid timeout pushing to local registry
+        # default is 60
+        # this must have no spaces to be processed by repo2docker correctly
+        - '--DockerEngine.extra_init_args={"timeout":1200}'
+
+    LaunchQuota:
+      total_quota: 64
+
+    # DockerRegistry:
+    # token_url: "https://2lmrrh8f.gra7.container-registry.ovh.net/service/token?service=harbor-registry"
+
+  replicas: 2
+
+  extraVolumes:
+    - name: secrets
+      secret:
+        secretName: events-archiver-secrets
+  extraVolumeMounts:
+    - name: secrets
+      mountPath: /secrets
+      readOnly: true
+  extraEnv:
+    GOOGLE_APPLICATION_CREDENTIALS: /secrets/service-account.json
+
+  dind:
+    daemonset:
+      extraArgs:
+        # Increase limit from default of 5, as we have only one builder node
+        # But there are enough resources on the node to handle it
+        - --max-concurrent-uploads=32
+    resources:
+      requests:
+        cpu: "4"
+        memory: 12Gi
+      limits:
+        cpu: "8"
+        memory: 16Gi
+
+  ingress:
+    hosts:
+      - 2i2c-bare.mybinder.org
+
+  jupyterhub:
+    # proxy:
+    #   chp:
+    #     resources:
+    #       requests:
+    #         cpu: "1"
+    #       limits:
+    #         cpu: "1"
+    ingress:
+      hosts:
+        - hub.2i2c-bare.mybinder.org
+      tls:
+        - secretName: kubelego-tls-hub
+          hosts:
+            - hub.2i2c-bare.mybinder.org
+
+  imageCleaner:
+    # Use 300GB as upper limit, size is given in bytes
+    imageGCThresholdHigh: 300e9
+    imageGCThresholdLow: 100e9
+    imageGCThresholdType: "absolute"
+    # don't cordon single-node cluster while cleaning
+    cordon: false
+
+grafana:
+  ingress:
+    hosts:
+      - grafana.2i2c-bare.mybinder.org
+    tls:
+      - hosts:
+          - grafana.2i2c-bare.mybinder.org
+        secretName: kubelego-tls-grafana
+  datasources:
+    datasources.yaml:
+      apiVersion: 1
+      datasources:
+        - name: prometheus
+          orgId: 1
+          type: prometheus
+          url: https://prometheus.2i2c-bare.mybinder.org
+          access: direct
+          isDefault: true
+          editable: false
+  # persistence:
+  # storageClassName: csi-cinder-high-speed
+
+prometheus:
+  server:
+    persistentVolume:
+      size: 50Gi
+    retention: 30d
+    ingress:
+      hosts:
+        - prometheus.2i2c-bare.mybinder.org
+      tls:
+        - hosts:
+            - prometheus.2i2c-bare.mybinder.org
+          secretName: kubelego-tls-prometheus
+
+ingress-nginx:
+  controller:
+    replicas: 1
+    scope:
+      enabled: true
+    service:
+      loadBalancerIP:
+
+static:
+  ingress:
+    hosts:
+      - static.2i2c-bare.mybinder.org
+    tls:
+      secretName: kubelego-tls-static
+
+
+
+
+
diff --git a/secrets/hetzner-2i2c-bare-kubeconfig.yml b/secrets/hetzner-2i2c-bare-kubeconfig.yml
new file mode 100644
index 0000000000000000000000000000000000000000..ca1030aafb0db9bfd7c3e8e744bb7b595646aaed
GIT binary patch
literal 2982
zcmV;X3t994M@dveQdv+`05#goxf;(ao;%}OS6F>Z4U?ZCy0xid37{eUF^L2a7HMjX
zv+W0Z)1D<)rdKGt^}!5W2-{fc%7TwNQEfEAHQ<BCpb|$3XYGzvp%?T{gtyo0=Zb@9
zqyL+Ws4=JGg!mUv-$|1tNa)3jT75A4tYcdIxePHoD&I&gVt3aa-hFGv{ywVZG=8j+
znLimQxn!QiJG*a9wg)StPs(YX9dCW0#MA6%bduZP6S~io2*J?lN2Q}x5nH+Sx%@ff
zhf-U<ACg2Vjb5*3ZJ~w;G2-0XVz}!5tf}1m+DJAmFWk%bLc8&d67;>tTs(^GbeDum
zAnWT|0O~55Y|`>3<dSv>Mhz8G7dZtQ&ZL{;vWb^aZ4rI9*f++ySs=1qJG{_`d6qwc
z*T_YlG%(`x#BvfZoIJdt-Q}1NF1`ZB%{lHnsp@Q)izk~p=Z4_};kT}9n9iDH|2ZjU
zv`>gJL9|X@wnNO2JcELJ%2=)>`g>z4|E50LmU^<rJywGJGphmCw`2LPv+$~#oeQqH
z!-pm{$3%UH>w@IWkVOpKZ3ZQhhf<k|wzr7x>bUK-7qPCUvGXxZhb$2l8Wg$_tl~XR
zUD@u%a152s!E~wY2n|WBG}rR}6$0WsTr~0-NfF}fgEX6VfvpsCh;BIO>KC;*G`CC^
z*ua&u0=b#MRxSd5FplYflMrlCba^8wsT-v5+cyd;+ja^L9lPEKsq#P9xGdl`5$^77
z15@%%mvov@e219C`qU0ELxpTZQoiGWU9!9Rcleep)L?!7bL*jN`UE_H^!6{9k-ij$
z{;jay{2gf+$6C6WOS8uW<+z6!d>64GkuO9X_e0DTpbXUDL3i2BUs)^W3VzbL(2nIi
zxQUHp^NIu!eVCX%MlF(@1=kS{?-ZWd`P(wxQx{XF0})P8EOZU?anA&b{)roCnGmpD
zPbLGOm#5>melkB`bZhrj6uSeeu{MZH7SDqed^9mFmX7tz#4Gshjd<t0sy!T!4Qy?^
zi15P@xYCDLO^<K+@-8gcF79|5+krjTk_Z8r@1z#SV=m|X+Yr<}fHojVFfa`ZQK@ya
zcv{&BrTs9{skH=QbazMMK&-(DtBd6Zfxk};t5a%XL=x&;OiW?N;Rg^kOqnD#%!zTH
zoORZdBPZvUU>1@3b{&+QK8u}?z;8(UYe9Gqim$@D3)|ZI!f`6n|MUsm`VIeR2zopB
z1UEXg{>%tCI;_ZRGD`|!^p~Mo-BB(8QCsv?)&pm%TibqRBr?xZeoHFi-;*#Z3s^T8
z8SEQ3p{#A8@lXpx(^E1kUNJw|U>T_h=e|~Xe3W~nP9AV2O~CAQ({$#2t*mO}iYZbs
zkj}jL+C%23aZTM;R%&Hg^h7l3T%_-*(yrtCyuNH%d(uuA<ffZfHB4tIR{59PBoJu^
z(tZ=Wz0<3yk_wJCJqe;#dFk}enO?>QpvIFJSjDR5OMMwA>wMZ|;R*D_mt(-ar&F#c
zBkFY}ybp;E3)j?JMKbr3xxc{O)ZPs!h#vFg{^Ok4#@bD0K?#=VZ`NmPE`G}^lb@j*
zsvy~3xcBVZZORX4;J0~jt2_{ISZZhmAuj3rcM7mDR_y?w6mMZUHxjZ_eJ_UGfzW-G
z-0}Q{@+NqFK`dh)hJdT4=zvDmMu*ze+jiqhIQT15HE+;vi}2CBM1%J+Qs3e2WX&65
zm+s2SWzU`pDmr>}&4J>AYo4Tr#1nzkYG1;t{m2UZ17Loux5CY(y!sy+r&zBH$($^7
zGbPGy)&Hz**1VX}D(m-_ttQCVKnSmon^?71<AtFw+Zi=OzgfQp60LW^JgBmVhi>(1
zmi#zP$*ec&f<j>sT9p!N-TyZSFAZt3?g}W9$K&&Jljtt~CjhPIn^TFYDZD*qZdRL*
zr#?A`-5b`*v%&N+i5LwsmS_M|3>hqcohk;;N;S5VUe0wzhhca$H$|^2WK{H<#z5!O
zejY?!?LcxeKzD0&c;a>)ywlxJrU+zM6xZwgEY`@78s61c&VsZ5h~W46-46ssbaL<r
zGGP$FuhqkX(o-k{_srKBrV&~tizy3%=!5$RLzo?V{(3%o&?NVu43v(ud6!<*uoECG
zDqIV^XBGcvwy4|1hHzdkIy`r+Iajw6{wB|y2W6P~>Hg!4#Zc6qk381dO3`K<WMx@v
zMR_#sO8Ru7&W9Vt=928mgKX39e!9AfdOeA!rBJ6KIe-2(-E6T&W%Tg-g7Y>@rCyu$
z_SC=XkaSka^+(`i8pok_|CsrU6nTk(`}nnlY9#T!+e-#UKx9uGPP{Pd<~0spEG281
z@75txi(@+`{Lrx+J&x2!8|gt{*;HdHJJXVaQ$fSihHlDmXj7klY>;j-UDz?g2qRb^
zX2Xq&tCP}U1C|hO`I$sp6<#QR0XXwhRqsRjPnkOL;V!DFlX?+j*;=M(zO1RC&<H|9
zZOgqfH5g9z1N~+bfW-%g?GvgqsWmxHg&_yCMYTdR`{7OiWHqa}7z#;w%N_L9Bo_*1
z*JQ4Q+}542^_n8J8Ej+4>2qeYkkD<oTN}>@a>Wf_c&M#oJK%2Z#qJp6#pBe1!dPqE
z1y#A<59;+8AesbtuXMOd!rIc5jywBVnu8Ae1N!MljFgLZQ@G(NobtlB(gnv<A|R3M
z2!RZq6r#W6nR?2>Hi8p-70PIv?zyGVnO0c>REDPjIPj}=0l-XNYx_^8t&)m;0Q|x3
zejeYX%3R@(`>h8#9f_CZ+cnfJjgj4`tO8=df8uM6cGO;ajoV8QDhl7DJ9glJOUdmY
zwozaWcJ65~VmiuRiY2Ut;Vr^HpX>YiBd7}KQRXt<q&OogzsswI&+zE%=zK$^F%Jgc
z8df`FxZZ%;-u}LiVhY=#hB-oR^(G~rhcpRH9w@<&xV`X+F&BO_t03$_eO0oReEagv
zZr?D^cH{DDOtnzaYd&_|mKIyURpsn+(z8fpN-(X&X+JOLxUbDpC2aw)tXF;aaKoAZ
zD5^qOLOhognF`d>S8rjo^sX0vlz2z-WU7RoyAWJ#^p>T|Tz`e_X8SurRREsSES~oG
z?(_ZTmO|XgzA-3V<SU0aQ51|p8W!v2QdoYbq>!SCcJRd*w%82kzO+etXo%k)@`5&A
zUkW{XrOc{_64G;Yi7a}OD-e4x5bSlBx5ps&P?YfwdPXhwj&($_(Quy5eufnS&(Z5A
zxky$43Ih=u2^>!;ry6_eFkZ}}QQ(?~3Oa8&(%jakUkB2@)!b2>pTg90`ifM*$bZk0
z7nuc(02WR6PK7E;Ed;-)68O&a?dB7*%zn?5TBD8ug3SopbSD;|t0uVheBq-!NXq`p
zZYn=Xyw2fpXv4+czA;M#!26Eqex&~Xz6M2Xd)M|Zyn5PNP+3!fSx9=HU!hj4WU4yD
zO;>W%rO>Dg$;?*|Y+p1Brgl5mN08zv+jZNVN{^T)CBGBK9z~FD?m^W+Q0K(6*VCx(
zA@5PDXWi|~7<K*C9#RXTf3qkzWlFWov@3fx2S)&V#<O0FuX3)28q?+8-nw-sB##ry
z@xW>@OM|x{KoPO(!lm6#i`T+|f^aM8(O~x*U(c=mAoBc1DjRhl)1_&(7T4U*;+0lL
zS9mT%7AKV#CZK58Mo}Q>aQ6F0Rh-{xG*Bto4<j`OC7mk|+qL&NsM0=9l5p+=gg=#?
z>orY5i0#9c3ZOf_Ia;k_QRAG2v^eM^ICkpdD}3q@BX%6&XTJR;kS^06&K-_$7f)HA
zif+HW(qlc|hILxB=xFPr8hw?IF-9^1C^K&g96z&Z>l934{Fp4oqFn$2_b30`fyOpk
zeakY^k%8tejx}n}59}<s%-~`iNW?z(VSSjvNmz-S1XqOhcTU(;`y@v{ND+x`P)pKH
cF_J9dJ5`vq9>(A9NI<Hl4E!xA;$Y37EZ)Q5K>z>%

literal 0
HcmV?d00001

diff --git a/secrets/hetzner-2i2c-bare.key b/secrets/hetzner-2i2c-bare.key
new file mode 100644
index 0000000000000000000000000000000000000000..9a6f1f2c85a8755494f43cb952c7fe4435fc9251
GIT binary patch
literal 466
zcmV;@0WJOjM@dveQdv+`00vcj6tyJ{LlQz-hgGYkQR^4XGj?)-&$0<Pl1hUEjEnSb
z0e+XE5_o|{sd(3pnv*eexprxxEwmDCUki_np6H(`6!<$*2yfS_3y+<o*_<fw(UMP(
z=boLut#Jt=qCTl<u#$W18xk;W4SHC~=gkmI#}Z3C#fH%cvQDTwd${lr@xOq%@ULZS
zB1oU}0$#hDngX_&FIe0T?QoOoo9{|i&K$>MF*_3h=afDq6s}qRf6;_DEfyShl|y-I
zyviQA%w9l@jwjS&dk2D+2qG1Y@^u!lj~O1|2K5`5dMqN;?vpN!A^EfJR*Q=bvXoiB
zL;7y~%6ITdrKDLI8nwl6=oS%qIa}pgTzoB_^Z)L`*(7a4l{JtPX&rZ(+4rQq?b7E*
z6C8Zo6rj<(KTzABIi7`Iv70>4o<_^K`5u~xGY8i#A~{|8sMquu6WnwSp@Oa06~*af
zNj}FPCx9t~h4_sLyC!`ZyuI0W>Su4Y4wHY+&Tp_7?(m0pMC?G7+Vh&KUD=aXR}yXl
zyvKE-j5orW-(Ui-FNo{+bOcT^X->&kvAVHPZSOH&JH<nTox9*{i$9sM8$@aFM0-9D
IA=g4^<v{4*+yDRo

literal 0
HcmV?d00001

diff --git a/secrets/hetzner-2i2c-bare.key.pub b/secrets/hetzner-2i2c-bare.key.pub
new file mode 100644
index 0000000000000000000000000000000000000000..e39eb0145463cb036e3b17235d03b34055d82053
GIT binary patch
literal 146
zcmV;D0B!#OM@dveQdv+`0C9AB16Vmw&O4!T(aM1u&gQe?64+3x*BE(}_yimOJYs-4
zMZH!;Z`$ReKD8?9R8>B~Fx8wPCa&RsqOokum5lJd5vOL3whIY(hDG#XnI^iBZTn#Z
zDD7h^C^eS(ZYdFa^rr=PI|G!Lj*a$k==b(S^#>^eW2kIp9+R~^8;=$@Rr>Zo%}hc>
Ar~m)}

literal 0
HcmV?d00001


From 47f38a8a24fafbd584c9ef38e454a36c3d7b8eb6 Mon Sep 17 00:00:00 2001
From: YuviPanda <yuvipanda@gmail.com>
Date: Fri, 24 Jan 2025 19:08:00 -0800
Subject: [PATCH 2/3] Add hetzner-2i2c-bare to CD

---
 .github/workflows/cd.yml                  | 5 +++++
 .github/workflows/test-helm-template.yaml | 2 ++
 2 files changed, 7 insertions(+)

diff --git a/.github/workflows/cd.yml b/.github/workflows/cd.yml
index 9fa3b793e..b432dbdfc 100644
--- a/.github/workflows/cd.yml
+++ b/.github/workflows/cd.yml
@@ -227,6 +227,11 @@ jobs:
             helm_version: ""
             experimental: false
 
+          - federation_member: hetzner-2i2c-bare
+            chartpress_args: ""
+            helm_version: ""
+            experimental: false
+
           # OVH deployment paused
           # - federation_member: ovh2
           #   helm_version: ""
diff --git a/.github/workflows/test-helm-template.yaml b/.github/workflows/test-helm-template.yaml
index fe7dfae56..f883cc593 100644
--- a/.github/workflows/test-helm-template.yaml
+++ b/.github/workflows/test-helm-template.yaml
@@ -43,6 +43,8 @@ jobs:
             k3s-channel: "v1.24"
           - release: hetzner-2i2c
             k3s-channel: "v1.24"
+          - release: hetzner-2i2c-bare
+            k3s-channel: "v1.24"
 
     steps:
       - uses: actions/checkout@v4

From 3f8fc1342ad3e31df35530c6bd68817c19e40a1c Mon Sep 17 00:00:00 2001
From: "pre-commit-ci[bot]"
 <66853113+pre-commit-ci[bot]@users.noreply.github.com>
Date: Sat, 25 Jan 2025 03:08:51 +0000
Subject: [PATCH 3/3] [pre-commit.ci] auto fixes from pre-commit.com hooks

for more information, see https://pre-commit.ci
---
 config/hetzner-2i2c-bare.yaml | 5 -----
 1 file changed, 5 deletions(-)

diff --git a/config/hetzner-2i2c-bare.yaml b/config/hetzner-2i2c-bare.yaml
index 57b992f4e..a65b6ad28 100644
--- a/config/hetzner-2i2c-bare.yaml
+++ b/config/hetzner-2i2c-bare.yaml
@@ -158,8 +158,3 @@ static:
       - static.2i2c-bare.mybinder.org
     tls:
       secretName: kubelego-tls-static
-
-
-
-
-