ingress fixes, rstudio

- Upgraded ingress routes to networking.k8s.io/v1
- Set hostnames using ingress.hosts, instead of using clusterfqdn
- Use ncsa/checks for init containers
- Fixed web pages

Chart.yaml

@@ -14,7 +14,7 @@ description: >
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 0.5.2
+version: 0.6.0
 
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to
@@ -48,4 +48,7 @@ annotations:
       url: https://github.com/pecanproject/pecan-helm
   artifacthub.io/license: BSD-3-Clause
   artifacthub.io/changes: |
-    - Removed ED git, image does not exist anymore
+    - Upgraded ingress routes to networking.k8s.io/v1
+    - Set hostnames using ingress.hosts, instead of using clusterfqdn
+    - Use ncsa/checks for init containers
+    - Fixed web pages

README.md

@@ -53,8 +53,11 @@ The following table lists the configurable parameters of the PEcAn chart and the
 | ------------------------------------ | ------------------------------------------------ | -------------------------------------------------------|
 | clustername | clustername is set to the short name that is shown in the pull down menu | demo |
 | clusterfqdn | clusterfqdn is set to the name that is stored in the machines table. This should be a Fully Qualified Domain Name. Probably want to set: betydb.ingress.hostName to the same value. | pecan.localhost |
-| enableIngress | if this is set to true all pieces of pecan will be visible on clusterfqdn. Probably want to set: betydb.ingress.enabled to the same value. | false |
 | initializeData | should be set to true to load demo data.                     | true |
+| rstudioUsers | List of accounts for rstudio users, this is a list of usernames, passwords. | [ ] |
+| ingress.enabled | Add ingress routes for all the components, you probably want to set `bety.ingress.enabled` to be same value. | false |
+| ingress.hosts | List of host names used as part of ingress, you probably want to set clusterfqdn as one of the host names. Any Rstudio instances will use the hosts specified here, and will prefix them with the username, for example user carya, will have hsotname carya.pecan.localhost. | [ "pecan.localhost" ] |
+| ingress.path | prefix added to all of the pods. |  |
 
 Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example,
 
@@ -72,6 +75,19 @@ $ helm install my-release ncsa/pecan --values values.yaml
 
 > **Tip**: You can use the default [values.yaml](values.yaml)
 
+## Rstudio
+
+To enable Rstudio you will need to add users to the rstudioUsers, this is a list with usernames and passwords, for example:
+
+```yaml
+rstudioUsers:
+	- username: carya
+	  password: illinois
+	  size: 1Gi
+```
+
+This will add a Rstudio container with a dedicated 1GB of storage. This container is reachable at http://carya.pecan.localhost/
+
 ## Persistence
 
 PEcAn uses disk storage to store the results of the workflow execution as well as any data downloads as part of the executions.
@@ -86,9 +102,84 @@ PEcAn uses disk storage to store the results of the workflow execution as well a
 $ helm install my-release ncsa/pecan --set persistence.existingClaim=PVC_NAME
 ```
 
+## Testing Locally
+
+If you want to test this helm chart on your local machine, you can either leverage of [docker](https://www.docker.com/) kubernetes, or [rancher desktop](https://rancherdesktop.io/). When using rancher desktop you will need to first setup the shared storage, using `kubectl apply -f`:
+
+```yaml
+apiVersion: v1
+kind: PersistentVolume
+metadata:
+  name: pecan-data
+spec:
+  storageClassName: manual
+  capacity:
+    storage: 50Gi
+  accessModes:
+    - ReadWriteMany
+  hostPath:
+    path: "/tmp/data"
+---
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: pecan-data
+spec:
+  storageClassName: manual
+  accessModes:
+    - ReadWriteMany
+  resources:
+    requests:
+      storage: 50Gi
+```
+
+Next you will install the helm chart with the following local values: `helm upgrade --install --namespace default pecan . --values values-local.yaml`
+
+```yaml
+clusterfqdn: pecan.localhost
+
+rstudioUsers:
+  - username: carya
+    password: illinois
+
+persistence:
+  existingClaim: pecan-data
+
+ingress:
+  enabled: true
+  hosts:
+      - pecan.localhost
+
+betydb:
+  ingress:
+    enabled: true
+    hosts:
+      - pecan.localhost
+  postgresql:
+    persistence:
+      storageClass: local-path
+
+rabbitmq:
+  rabbitmq:
+    username: guest
+    password: guest
+    setUlimitNofiles: false
+    ulimitNofiles: "1024"
+```
+
+
+
 ## ChangeLog
 
+### 0.6.0
+
+- Upgraded ingress routes to networking.k8s.io/v1
+- Set hostnames using ingress.hosts, instead of using clusterfqdn
+- Use ncsa/checks for init containers
+- Fixed web pages
+
 ### 0.5.2
+
 - Removed ED git, image does not exist anymore
 
 ### 0.5.1

templates/NOTES.txt

@@ -1,9 +1,7 @@
-1. Get the application URL by running these commands:
+Get the application URL by running these commands:
 {{- if .Values.ingress.enabled }}
-{{- range $host := .Values.ingress.hosts }}
-  {{- range .paths }}
-  http{{ if $.Values.ingress.tls }}s{{ end }}://{{ $host.host }}{{ . }}
-  {{- end }}
+{{- range .Values.ingress.hosts }}
+  http{{ if $.Values.ingress.tls }}s{{ end }}://{{ . }}{{ $.Values.ingress.path }}
 {{- end }}
 {{- else if contains "NodePort" .Values.service.type }}
   export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "bety.fullname" . }})
@@ -20,25 +18,6 @@
   kubectl port-forward $POD_NAME 8080:80
 {{- end }}
 
-2. Login with the following credentials
-
-  echo Username: {{ .Values.betydb.username }}
-  echo Password: $(kubectl get secret --namespace {{ .Release.Namespace }} {{ include "betydb.fullname" . }} -o jsonpath="{.data.betydb-password}" | base64 --decode)
-
-    rm secrets-pecan.yaml
-    echo "betydb:" >> secrets-pecan.yaml
-    echo "  betyPassword: $(kubectl get secret --namespace {{ .Release.Namespace }} {{ .Release.Name }}-betydb -o jsonpath="{.data.bety-password}" | base64 --decode)" >> secrets-pecan.yaml
-    echo "  postgis:" >> secrets-pecan.yaml
-    echo "    postgresPassword: $(kubectl get secret --namespace {{ .Release.Namespace }} {{ .Release.Name }}-postgis -o jsonpath="{.data.postgres-password}" | base64 --decode)" >> secrets-pecan.yaml
-    echo "rabbitmq:" >> secrets-pecan.yaml
-    echo "  rabbitmq:" >> secrets-pecan.yaml
-    echo "    erlangCookie: $(kubectl get secret --namespace {{ .Release.Namespace }} {{ .Release.Name }}-rabbitmq -o jsonpath="{.data.rabbitmq-erlang-cookie}" | base64 --decode)" >> secrets-pecan.yaml
-    echo "    password: $(kubectl get secret --namespace {{ .Release.Namespace }} {{ .Release.Name }}-rabbitmq -o jsonpath="{.data.rabbitmq-password}" | base64 --decode)" >> secrets-pecan.yaml
-
-  Followed by the actual upgrade
-
-    helm upgrade {{ .Release.Name }}  ncsa/{{ .Chart.Name }} -f secrets-pecan.yaml
-
 {{- if .Values.initializeData }}
 A job is added that will load some example data. Once this job is finished you can safely remove it using:
    kubectl delete job/{{ include "pecan.fullname" . }}-load-data

templates/docs/ingress.yaml

@@ -1,8 +1,9 @@
-{{- if .Values.enableIngress -}}
-apiVersion: extensions/v1beta1
+{{- if .Values.ingress.enabled -}}
+{{- $fullName := include "betydb.fullname" . -}}
+apiVersion: networking.k8s.io/v1
 kind: Ingress
 metadata:
-  name: {{ include "pecan.fullname" . }}-docs
+  name: {{ $fullName }}-docs
   labels:
     {{- include "pecan.labels" . | nindent 4 }}
   {{- with .Values.ingress.annotations }}
@@ -19,15 +20,28 @@ spec:
       secretName: {{  .Values.ingress.tlsSecret }}
 {{- end }}
   rules:
-  {{- if .Values.clusterfqdn }}
-    - host: {{ .Values.clusterfqdn }}
+{{- if .Values.ingress.hosts }}
+  {{- range .Values.ingress.hosts }}
+    - host: {{ . }}
       http:
-  {{- else }}
-    - http:
+        paths:
+          - path: {{ $.Values.ingress.path }}
+            pathType: ImplementationSpecific
+            backend:
+              service:
+                name: {{ $fullName }}-docs
+                port:
+                  name: pecan-docs
   {{- end }}
+{{- else }}
+    - http:
         paths:
-          - path: {{ .Values.ingress.path }}
+          - path: {{ $.Values.ingress.path }}
+            pathType: ImplementationSpecific
             backend:
-              serviceName: {{ include "pecan.fullname" . }}-docs
-              servicePort: pecan-docs
+              service:
+                name: {{ $fullName }}-docs
+                port:
+                  name: pecan-docs
+{{- end }}
 {{- end }}

templates/hooks/add-data.yaml

@@ -30,7 +30,6 @@ spec:
         - name: check-postgresql
           image: "{{ $.Values.image.checks }}"
           imagePullPolicy: {{ .Values.image.pullPolicy }}
-          command: ['./check_postgresql']
           env:
             {{- include "pecan.env.postgresql" . | nindent 12 }}
       containers:

templates/models/deployment.yaml

@@ -29,7 +29,7 @@ spec:
     {{- end }}
       initContainers:
         - name: check-rabbitmq
-          image: "{{ $.Values.image.project }}/check:{{ $.Values.image.tag }}"
+          image: "{{ $.Values.image.checks }}"
           imagePullPolicy: {{ $.Values.image.pullPolicy }}
           env:
             {{ $rabbitmqEnv | nindent 12 }}

templates/monitor/ingress.yaml

@@ -1,33 +1,51 @@
-{{- if .Values.enableIngress -}}
-apiVersion: extensions/v1beta1
+{{- if .Values.ingress.enabled -}}
+{{- $fullName := include "pecan.fullname" . -}}
+apiVersion: networking.k8s.io/v1
 kind: Ingress
 metadata:
-  name: {{ include "pecan.fullname" . }}-monitor
+  name: {{ $fullName }}-monitor
   labels:
     {{- include "pecan.labels" . | nindent 4 }}
-  {{- with .Values.ingress.annotations }}
   annotations:
+  {{- if .Values.ingress.tls }}
+    kubernetes.io/tls-acme: "true"
+    traefik.ingress.kubernetes.io/router.tls: "true"
+  {{- end }}
+  {{- with .Values.ingress.annotations }}
     {{- toYaml . | nindent 4 }}
   {{- end }}
 spec:
-{{- if .Values.ingress.tls }}
+{{- if and .Values.ingress.tls .Values.ingress.tlsSecret .Values.ingress.hosts }}
   tls:
     - hosts:
-      {{- if  .Values.ingress.hostName }}
-        - {{ .Values.ingress.hostName }}
+      {{- with .Values.ingress.hosts }}
+        - {{ . }}
       {{- end }}
       secretName: {{  .Values.ingress.tlsSecret }}
 {{- end }}
   rules:
-  {{- if .Values.clusterfqdn }}
-    - host: {{ .Values.clusterfqdn}}
+{{- if .Values.ingress.hosts }}
+  {{- range .Values.ingress.hosts }}
+    - host: {{ . }}
       http:
-  {{- else }}
-    - http:
+        paths:
+          - path: {{ $.Values.ingress.path }}monitor/
+            pathType: ImplementationSpecific
+            backend:
+              service:
+                name: {{ $fullName }}-monitor
+                port:
+                  name: pecan-monitor
   {{- end }}
+{{- else }}
+    - http:
         paths:
-          - path: {{ .Values.ingress.path }}monitor/
+          - path: {{ $.Values.ingress.path }}monitor/
+            pathType: ImplementationSpecific
             backend:
-              serviceName: {{ include "pecan.fullname" . }}-monitor
-              servicePort: pecan-monitor
+              service:
+                name: {{ $fullName }}-monitor
+                port:
+                  name: pecan-monitor
+{{- end }}
 {{- end }}

templates/persistence.yaml

@@ -11,7 +11,7 @@ spec:
   resources:
     requests:
       storage: {{ .Values.persistence.size | quote }}
-  {{- if .Values.persistence.storageClass -}}
+  {{- if .Values.persistence.storageClass }}
   storageClassName: {{ .Values.persistence.storageClass }}
-  {{- end -}}
+  {{- end }}
 {{- end }}