3. Install BinderHub#

Hint

The images built by the Binder service are pushed to a private Harbor registry. The repository for configuration files: depositar/binder.depositar.io-deploy already includes the credentials for the registry.

Note

The tasks below should be finished in the Control Plane (the production machine iis-binderhub-1).

3.1. Install the helm chart#

git clone https://github.com/depositar/binder.depositar.io-deploy.git

cd binder.depositar.io-deploy

Install git-crypt and decrypt the secrets:

git-crypt unlock git_crypt_secret_key

Tip

The git-crypt symmetric key git_crypt_secret_key is required to decrypt the secrets. Contact a system administrator if you need access to the git-crypt key.

Update the on-disk dependencies:

helm dependency update ./helm

Install BinderHub:

helm upgrade --cleanup-on-fail \
    --install binderhub ./helm \
    --namespace=binderhub \
    --create-namespace \
    -f ./helm/prod.yaml \
    -f ./helm/secrets/secret.yaml

Check pod status:

kubectl get pods -n binderhub
Console output#
NAME                                                  READY   STATUS    RESTARTS   AGE
binder-5449d5ff5b-2w9x9                               1/1     Running   0          56s
binderhub-dind-9bfmv                                  1/1     Running   0          56s
binderhub-image-cleaner-kj26v                         1/1     Running   0          56s
binderhub-ingress-nginx-controller-5bd9459f5b-ckx7b   1/1     Running   0          56s
hub-6b9d7f7f8-wm6vp                                   1/1     Running   0          56s
proxy-6b9bd4c4c5-pbk96                                1/1     Running   0          56s
user-scheduler-6b9d666f8f-b82dt                       1/1     Running   0          56s
user-scheduler-6b9d666f8f-nvpn6                       1/1     Running   0          56s

Then visit http://binder.depositar.io.

3.2. Secure with HTTPS#

First, create a Gandi Personal Access Token (PAT) with access to the domains.

Install cert-manager:

kubectl apply -f https://github.com/cert-manager/cert-manager/releases/download/v1.14.5/cert-manager.yaml

Check pod status:

kubectl get pods -n cert-manager
Console output#
NAME                                       READY   STATUS    RESTARTS      AGE
cert-manager-cainjector-65c7bff89d-hh57j   1/1     Running   0             10s
cert-manager-cbcf9668d-sf55h               1/1     Running   0             10s
cert-manager-webhook-594cb9799b-vmlf2      1/1     Running   0             10s

Install cert-manager-webhook-gandi:

helm repo add cert-manager-webhook-gandi https://sintef.github.io/cert-manager-webhook-gandi
helm install cert-manager-webhook-gandi cert-manager-webhook-gandi/cert-manager-webhook-gandi --namespace cert-manager --set gandiPat=<PAT>

Update BinderHub with HTTPS:

helm upgrade --cleanup-on-fail \
    --install binderhub ./helm \
    --namespace=binderhub \
    --create-namespace \
    -f ./helm/prod.yaml \
    -f ./helm/secure.yaml \
    -f ./helm/secrets/secret.yaml

Then visit https://binder.depositar.io.

On this page
Show Source