From 406c29c5062f7ff157f7fb71ba5d0a0ebe024820 Mon Sep 17 00:00:00 2001 From: Rob Kooper Date: Sun, 28 Nov 2021 09:45:47 -0600 Subject: [PATCH] ingress fixes, rstudio - Upgraded ingress routes to networking.k8s.io/v1 - Set hostnames using ingress.hosts, instead of using clusterfqdn - Use ncsa/checks for init containers - Fixed web pages --- Chart.yaml | 7 +- README.md | 93 +++++++++++++++++++++++++- templates/NOTES.txt | 27 +------- templates/docs/ingress.yaml | 34 +++++++--- templates/hooks/add-data.yaml | 1 - templates/models/deployment.yaml | 2 +- templates/monitor/ingress.yaml | 46 +++++++++---- templates/persistence.yaml | 4 +- templates/rstudio/deployment.yaml | 101 ----------------------------- templates/rstudio/ingress.yaml | 58 ++++++++++++----- templates/rstudio/service.yaml | 42 +++++++++--- templates/rstudio/statefulset.yaml | 99 ++++++++++++++++++++++++++++ templates/web/deployment.yaml | 2 +- templates/web/ingress.yaml | 46 +++++++++---- values.yaml | 26 ++++---- 15 files changed, 380 insertions(+), 208 deletions(-) delete mode 100644 templates/rstudio/deployment.yaml create mode 100644 templates/rstudio/statefulset.yaml diff --git a/Chart.yaml b/Chart.yaml index 1d0cdc7..939f1e6 100644 --- a/Chart.yaml +++ b/Chart.yaml @@ -14,7 +14,7 @@ description: > # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.5.2 +version: 0.6.0 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to @@ -48,4 +48,7 @@ annotations: url: https://github.com/pecanproject/pecan-helm artifacthub.io/license: BSD-3-Clause artifacthub.io/changes: | - - Removed ED git, image does not exist anymore + - Upgraded ingress routes to networking.k8s.io/v1 + - Set hostnames using ingress.hosts, instead of using clusterfqdn + - Use ncsa/checks for init containers + - Fixed web pages diff --git a/README.md b/README.md index 96569b3..9efc955 100644 --- a/README.md +++ b/README.md @@ -53,8 +53,11 @@ The following table lists the configurable parameters of the PEcAn chart and the | ------------------------------------ | ------------------------------------------------ | -------------------------------------------------------| | clustername | clustername is set to the short name that is shown in the pull down menu | demo | | clusterfqdn | clusterfqdn is set to the name that is stored in the machines table. This should be a Fully Qualified Domain Name. Probably want to set: betydb.ingress.hostName to the same value. | pecan.localhost | -| enableIngress | if this is set to true all pieces of pecan will be visible on clusterfqdn. Probably want to set: betydb.ingress.enabled to the same value. | false | | initializeData | should be set to true to load demo data. | true | +| rstudioUsers | List of accounts for rstudio users, this is a list of usernames, passwords. | [ ] | +| ingress.enabled | Add ingress routes for all the components, you probably want to set `bety.ingress.enabled` to be same value. | false | +| ingress.hosts | List of host names used as part of ingress, you probably want to set clusterfqdn as one of the host names. Any Rstudio instances will use the hosts specified here, and will prefix them with the username, for example user carya, will have hsotname carya.pecan.localhost. | [ "pecan.localhost" ] | +| ingress.path | prefix added to all of the pods. | | Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example, @@ -72,6 +75,19 @@ $ helm install my-release ncsa/pecan --values values.yaml > **Tip**: You can use the default [values.yaml](values.yaml) +## Rstudio + +To enable Rstudio you will need to add users to the rstudioUsers, this is a list with usernames and passwords, for example: + +```yaml +rstudioUsers: + - username: carya + password: illinois + size: 1Gi +``` + +This will add a Rstudio container with a dedicated 1GB of storage. This container is reachable at http://carya.pecan.localhost/ + ## Persistence PEcAn uses disk storage to store the results of the workflow execution as well as any data downloads as part of the executions. @@ -86,9 +102,84 @@ PEcAn uses disk storage to store the results of the workflow execution as well a $ helm install my-release ncsa/pecan --set persistence.existingClaim=PVC_NAME ``` +## Testing Locally + +If you want to test this helm chart on your local machine, you can either leverage of [docker](https://www.docker.com/) kubernetes, or [rancher desktop](https://rancherdesktop.io/). When using rancher desktop you will need to first setup the shared storage, using `kubectl apply -f`: + +```yaml +apiVersion: v1 +kind: PersistentVolume +metadata: + name: pecan-data +spec: + storageClassName: manual + capacity: + storage: 50Gi + accessModes: + - ReadWriteMany + hostPath: + path: "/tmp/data" +--- +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: pecan-data +spec: + storageClassName: manual + accessModes: + - ReadWriteMany + resources: + requests: + storage: 50Gi +``` + +Next you will install the helm chart with the following local values: `helm upgrade --install --namespace default pecan . --values values-local.yaml` + +```yaml +clusterfqdn: pecan.localhost + +rstudioUsers: + - username: carya + password: illinois + +persistence: + existingClaim: pecan-data + +ingress: + enabled: true + hosts: + - pecan.localhost + +betydb: + ingress: + enabled: true + hosts: + - pecan.localhost + postgresql: + persistence: + storageClass: local-path + +rabbitmq: + rabbitmq: + username: guest + password: guest + setUlimitNofiles: false + ulimitNofiles: "1024" +``` + + + ## ChangeLog +### 0.6.0 + +- Upgraded ingress routes to networking.k8s.io/v1 +- Set hostnames using ingress.hosts, instead of using clusterfqdn +- Use ncsa/checks for init containers +- Fixed web pages + ### 0.5.2 + - Removed ED git, image does not exist anymore ### 0.5.1 diff --git a/templates/NOTES.txt b/templates/NOTES.txt index 131694a..e00b849 100644 --- a/templates/NOTES.txt +++ b/templates/NOTES.txt @@ -1,9 +1,7 @@ -1. Get the application URL by running these commands: +Get the application URL by running these commands: {{- if .Values.ingress.enabled }} -{{- range $host := .Values.ingress.hosts }} - {{- range .paths }} - http{{ if $.Values.ingress.tls }}s{{ end }}://{{ $host.host }}{{ . }} - {{- end }} +{{- range .Values.ingress.hosts }} + http{{ if $.Values.ingress.tls }}s{{ end }}://{{ . }}{{ $.Values.ingress.path }} {{- end }} {{- else if contains "NodePort" .Values.service.type }} export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "bety.fullname" . }}) @@ -20,25 +18,6 @@ kubectl port-forward $POD_NAME 8080:80 {{- end }} -2. Login with the following credentials - - echo Username: {{ .Values.betydb.username }} - echo Password: $(kubectl get secret --namespace {{ .Release.Namespace }} {{ include "betydb.fullname" . }} -o jsonpath="{.data.betydb-password}" | base64 --decode) - - rm secrets-pecan.yaml - echo "betydb:" >> secrets-pecan.yaml - echo " betyPassword: $(kubectl get secret --namespace {{ .Release.Namespace }} {{ .Release.Name }}-betydb -o jsonpath="{.data.bety-password}" | base64 --decode)" >> secrets-pecan.yaml - echo " postgis:" >> secrets-pecan.yaml - echo " postgresPassword: $(kubectl get secret --namespace {{ .Release.Namespace }} {{ .Release.Name }}-postgis -o jsonpath="{.data.postgres-password}" | base64 --decode)" >> secrets-pecan.yaml - echo "rabbitmq:" >> secrets-pecan.yaml - echo " rabbitmq:" >> secrets-pecan.yaml - echo " erlangCookie: $(kubectl get secret --namespace {{ .Release.Namespace }} {{ .Release.Name }}-rabbitmq -o jsonpath="{.data.rabbitmq-erlang-cookie}" | base64 --decode)" >> secrets-pecan.yaml - echo " password: $(kubectl get secret --namespace {{ .Release.Namespace }} {{ .Release.Name }}-rabbitmq -o jsonpath="{.data.rabbitmq-password}" | base64 --decode)" >> secrets-pecan.yaml - - Followed by the actual upgrade - - helm upgrade {{ .Release.Name }} ncsa/{{ .Chart.Name }} -f secrets-pecan.yaml - {{- if .Values.initializeData }} A job is added that will load some example data. Once this job is finished you can safely remove it using: kubectl delete job/{{ include "pecan.fullname" . }}-load-data diff --git a/templates/docs/ingress.yaml b/templates/docs/ingress.yaml index e57f406..baec8e1 100644 --- a/templates/docs/ingress.yaml +++ b/templates/docs/ingress.yaml @@ -1,8 +1,9 @@ -{{- if .Values.enableIngress -}} -apiVersion: extensions/v1beta1 +{{- if .Values.ingress.enabled -}} +{{- $fullName := include "betydb.fullname" . -}} +apiVersion: networking.k8s.io/v1 kind: Ingress metadata: - name: {{ include "pecan.fullname" . }}-docs + name: {{ $fullName }}-docs labels: {{- include "pecan.labels" . | nindent 4 }} {{- with .Values.ingress.annotations }} @@ -19,15 +20,28 @@ spec: secretName: {{ .Values.ingress.tlsSecret }} {{- end }} rules: - {{- if .Values.clusterfqdn }} - - host: {{ .Values.clusterfqdn }} +{{- if .Values.ingress.hosts }} + {{- range .Values.ingress.hosts }} + - host: {{ . }} http: - {{- else }} - - http: + paths: + - path: {{ $.Values.ingress.path }} + pathType: ImplementationSpecific + backend: + service: + name: {{ $fullName }}-docs + port: + name: pecan-docs {{- end }} +{{- else }} + - http: paths: - - path: {{ .Values.ingress.path }} + - path: {{ $.Values.ingress.path }} + pathType: ImplementationSpecific backend: - serviceName: {{ include "pecan.fullname" . }}-docs - servicePort: pecan-docs + service: + name: {{ $fullName }}-docs + port: + name: pecan-docs +{{- end }} {{- end }} diff --git a/templates/hooks/add-data.yaml b/templates/hooks/add-data.yaml index f5d08fa..3d05f3f 100644 --- a/templates/hooks/add-data.yaml +++ b/templates/hooks/add-data.yaml @@ -30,7 +30,6 @@ spec: - name: check-postgresql image: "{{ $.Values.image.checks }}" imagePullPolicy: {{ .Values.image.pullPolicy }} - command: ['./check_postgresql'] env: {{- include "pecan.env.postgresql" . | nindent 12 }} containers: diff --git a/templates/models/deployment.yaml b/templates/models/deployment.yaml index 46d6e08..6243445 100644 --- a/templates/models/deployment.yaml +++ b/templates/models/deployment.yaml @@ -29,7 +29,7 @@ spec: {{- end }} initContainers: - name: check-rabbitmq - image: "{{ $.Values.image.project }}/check:{{ $.Values.image.tag }}" + image: "{{ $.Values.image.checks }}" imagePullPolicy: {{ $.Values.image.pullPolicy }} env: {{ $rabbitmqEnv | nindent 12 }} diff --git a/templates/monitor/ingress.yaml b/templates/monitor/ingress.yaml index a33d458..4b140ec 100644 --- a/templates/monitor/ingress.yaml +++ b/templates/monitor/ingress.yaml @@ -1,33 +1,51 @@ -{{- if .Values.enableIngress -}} -apiVersion: extensions/v1beta1 +{{- if .Values.ingress.enabled -}} +{{- $fullName := include "pecan.fullname" . -}} +apiVersion: networking.k8s.io/v1 kind: Ingress metadata: - name: {{ include "pecan.fullname" . }}-monitor + name: {{ $fullName }}-monitor labels: {{- include "pecan.labels" . | nindent 4 }} - {{- with .Values.ingress.annotations }} annotations: + {{- if .Values.ingress.tls }} + kubernetes.io/tls-acme: "true" + traefik.ingress.kubernetes.io/router.tls: "true" + {{- end }} + {{- with .Values.ingress.annotations }} {{- toYaml . | nindent 4 }} {{- end }} spec: -{{- if .Values.ingress.tls }} +{{- if and .Values.ingress.tls .Values.ingress.tlsSecret .Values.ingress.hosts }} tls: - hosts: - {{- if .Values.ingress.hostName }} - - {{ .Values.ingress.hostName }} + {{- with .Values.ingress.hosts }} + - {{ . }} {{- end }} secretName: {{ .Values.ingress.tlsSecret }} {{- end }} rules: - {{- if .Values.clusterfqdn }} - - host: {{ .Values.clusterfqdn}} +{{- if .Values.ingress.hosts }} + {{- range .Values.ingress.hosts }} + - host: {{ . }} http: - {{- else }} - - http: + paths: + - path: {{ $.Values.ingress.path }}monitor/ + pathType: ImplementationSpecific + backend: + service: + name: {{ $fullName }}-monitor + port: + name: pecan-monitor {{- end }} +{{- else }} + - http: paths: - - path: {{ .Values.ingress.path }}monitor/ + - path: {{ $.Values.ingress.path }}monitor/ + pathType: ImplementationSpecific backend: - serviceName: {{ include "pecan.fullname" . }}-monitor - servicePort: pecan-monitor + service: + name: {{ $fullName }}-monitor + port: + name: pecan-monitor +{{- end }} {{- end }} diff --git a/templates/persistence.yaml b/templates/persistence.yaml index ff76b23..3012800 100644 --- a/templates/persistence.yaml +++ b/templates/persistence.yaml @@ -11,7 +11,7 @@ spec: resources: requests: storage: {{ .Values.persistence.size | quote }} - {{- if .Values.persistence.storageClass -}} + {{- if .Values.persistence.storageClass }} storageClassName: {{ .Values.persistence.storageClass }} - {{- end -}} + {{- end }} {{- end }} diff --git a/templates/rstudio/deployment.yaml b/templates/rstudio/deployment.yaml deleted file mode 100644 index de0d0a6..0000000 --- a/templates/rstudio/deployment.yaml +++ /dev/null @@ -1,101 +0,0 @@ -{{- if .Values.rstudioUsers }} -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ include "pecan.fullname" . }}-rstudio - labels: - {{- include "pecan.labels" . | nindent 4 }} -spec: - replicas: 1 - selector: - matchLabels: - app.kubernetes.io/name: {{ include "pecan.name" . }}-rstudio - app.kubernetes.io/instance: {{ .Release.Name }} - template: - metadata: - labels: - app.kubernetes.io/name: {{ include "pecan.name" . }}-rstudio - app.kubernetes.io/instance: {{ .Release.Name }} - spec: - {{- with .Values.imagePullSecrets }} - imagePullSecrets: - {{- toYaml . | nindent 8 }} - {{- end }} - initContainers: - - name: check-rabbitmq - image: "{{ $.Values.image.checks }}" - imagePullPolicy: {{ .Values.image.pullPolicy }} - command: ['./check_rabbitmq'] - env: - {{- include "pecan.env.rabbitmq" . | nindent 12 }} - - name: check-postgresql - image: "{{ $.Values.image.checks }}" - imagePullPolicy: {{ .Values.image.pullPolicy }} - command: ['./check_postgresql'] - env: - {{- include "pecan.env.postgresql" . | nindent 12 }} - containers: - - name: {{ .Chart.Name }}-rstudio-nginx - image: "nginx:alpine" - imagePullPolicy: {{ .Values.image.pullPolicy }} - ports: - - name: http - containerPort: 80 - protocol: TCP - livenessProbe: - tcpSocket: - port: http - readinessProbe: - httpGet: - path: {{ .Values.rstudio.path }} - port: http - volumeMounts: - - name: nginx-conf - mountPath: /etc/nginx/conf.d/default.conf - subPath: nginx.conf - resources: - {{- toYaml .Values.rstudio.resources | nindent 12 }} - - name: {{ .Chart.Name }}-rstudio - image: "{{ .Values.image.project }}/base:{{ .Values.image.tag | default .Chart.AppVersion }}" - imagePullPolicy: {{ .Values.image.pullPolicy }} - command: ["/init"] - env: - {{- include "pecan.env.rabbitmq" . | nindent 12 }} - {{- include "pecan.env.postgresql" . | nindent 12 }} - {{- include "pecan.env.cluster" . | nindent 12 }} - - name: RABBITMQ_MGMT_PATH - value: {{ .Values.rabbitmq.ingress.path | default "/" | quote }} - - name: USER - value: "carya" - - name: PASSWORD - value: "illinois" - ports: - - name: rstudio - containerPort: 8787 - protocol: TCP - livenessProbe: - tcpSocket: - port: rstudio - readinessProbe: - httpGet: - path: / - port: rstudio - resources: - {{- toYaml .Values.rstudio.resources | nindent 12 }} - volumes: - - name: nginx-conf - configMap: - name: {{ include "pecan.fullname" . }}-config - {{- with .Values.rstudio.nodeSelector }} - nodeSelector: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.rstudio.affinity }} - affinity: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.rstudio.tolerations }} - tolerations: - {{- toYaml . | nindent 8 }} - {{- end }} -{{- end }} diff --git a/templates/rstudio/ingress.yaml b/templates/rstudio/ingress.yaml index 104417d..97ac103 100644 --- a/templates/rstudio/ingress.yaml +++ b/templates/rstudio/ingress.yaml @@ -1,35 +1,59 @@ -{{- if .Values.rstudioUsers }} -{{- if .Values.enableIngress -}} -apiVersion: extensions/v1beta1 +{{- if .Values.ingress.enabled -}} +{{- if .Values.rstudioUsers -}} +{{- $fullName := include "pecan.fullname" . -}} +{{- $name := include "pecan.name" . -}} +{{- $labels := include "pecan.labels" . -}} +{{- range .Values.rstudioUsers -}} +apiVersion: networking.k8s.io/v1 kind: Ingress metadata: - name: {{ include "pecan.fullname" . }}-rstudio + name: {{ $fullName }}-{{ .username }} labels: - {{- include "pecan.labels" . | nindent 4 }} - {{- with .Values.ingress.annotations }} + {{- $labels | nindent 4 }} annotations: + {{- if $.Values.ingress.tls }} + kubernetes.io/tls-acme: "true" + traefik.ingress.kubernetes.io/router.tls: "true" + {{- end }} + {{- with $.Values.ingress.annotations }} {{- toYaml . | nindent 4 }} {{- end }} spec: -{{- if .Values.ingress.tls }} +{{- if and $.Values.ingress.tls $.Values.ingress.tlsSecret $.Values.ingress.hosts }} tls: - hosts: - {{- if .Values.ingress.hostName }} - - {{ .Values.ingress.hostName }} + {{- with $.Values.ingress.hosts }} + - {{ . }} {{- end }} - secretName: {{ .Values.ingress.tlsSecret }} + secretName: {{ $.Values.ingress.tlsSecret }} {{- end }} rules: - {{- if .Values.clusterfqdn }} - - host: {{ .Values.clusterfqdn }} +{{- if $.Values.ingress.hosts }} + {{- $username := .username }} + {{- range $.Values.ingress.hosts }} + - host: "{{ $username}}.{{ . }}" http: - {{- else }} - - http: + paths: + - path: {{ $.Values.ingress.path }} + pathType: ImplementationSpecific + backend: + service: + name: {{ $fullName }}-{{ $username }}-headless + port: + name: rstudio {{- end }} +{{- else }} + - host: "{{ .username}}.localhost" + http: paths: - - path: {{ .Values.rstudio.path }} + - path: {{ $.Values.ingress.path }} + pathType: ImplementationSpecific backend: - serviceName: {{ include "pecan.fullname" . }}-rstudio - servicePort: {{ include "pecan.name" . }}-rstudio + service: + name: {{ $fullName }}-{{ .username }}-headless + port: + name: rstudio +{{- end }} +{{- end }} {{- end }} {{- end }} diff --git a/templates/rstudio/service.yaml b/templates/rstudio/service.yaml index e9b3f43..69faea3 100644 --- a/templates/rstudio/service.yaml +++ b/templates/rstudio/service.yaml @@ -1,18 +1,42 @@ -{{- if .Values.rstudioUsers }} +{{- if .Values.rstudioUsers -}} +{{- $fullName := include "pecan.fullname" . -}} +{{- $name := include "pecan.name" . -}} +{{- $labels := include "pecan.labels" . -}} +{{- range .Values.rstudioUsers -}} apiVersion: v1 kind: Service metadata: - name: {{ include "pecan.fullname" . }}-rstudio + name: {{ $fullName }}-{{ .username }} labels: - {{- include "pecan.labels" . | nindent 4 }} + {{- $labels | nindent 4 }} spec: - type: {{ .Values.rstudio.service.type }} + type: ClusterIP + type: {{ $.Values.rstudio.service.type }} ports: - - name: {{ include "pecan.name" . }}-rstudio - port: 80 - targetPort: 80 + - name: rstudio + port: {{ $.Values.rstudio.service.port }} + targetPort: rstudio protocol: TCP selector: - app.kubernetes.io/name: {{ include "pecan.name" . }}-rstudio - app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/name: {{ $name }}-{{ .username }} + app.kubernetes.io/instance: {{ $.Release.Name }} +--- +apiVersion: v1 +kind: Service +metadata: + name: {{ $fullName }}-{{ .username }}-headless + labels: + {{- $labels | nindent 4 }} +spec: + type: ClusterIP + clusterIP: None + ports: + - name: rstudio + port: {{ $.Values.rstudio.service.port }} + targetPort: rstudio + protocol: TCP + selector: + app.kubernetes.io/name: {{ $name }}-{{ .username }} + app.kubernetes.io/instance: {{ $.Release.Name }} +{{- end }} {{- end }} diff --git a/templates/rstudio/statefulset.yaml b/templates/rstudio/statefulset.yaml new file mode 100644 index 0000000..0834b7e --- /dev/null +++ b/templates/rstudio/statefulset.yaml @@ -0,0 +1,99 @@ +{{- if .Values.rstudioUsers -}} +{{- $fullName := include "pecan.fullname" . -}} +{{- $name := include "pecan.name" . -}} +{{- $labels := include "pecan.labels" . -}} +{{- $rabbitmq := include "pecan.env.rabbitmq" . -}} +{{- $postgresql := include "pecan.env.postgresql" . -}} +{{- $env := include "pecan.env.cluster" . -}} +{{- range .Values.rstudioUsers -}} +apiVersion: apps/v1 +kind: StatefulSet +metadata: + name: {{ $fullName }}-{{ .username }} + labels: + {{- $labels | nindent 4 }} +spec: + serviceName: {{ $name }}-{{ .username }} + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/name: {{ $name }}-{{ .username }} + app.kubernetes.io/instance: {{ $.Release.Name }} + template: + metadata: + labels: + app.kubernetes.io/name: {{ $name }}-{{ .username }} + app.kubernetes.io/instance: {{ $.Release.Name }} + spec: + {{- with $.Values.imagePullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 8 }} + {{- end }} + initContainers: + - name: check-rabbitmq + image: "{{ $.Values.image.checks }}" + imagePullPolicy: {{ $.Values.image.pullPolicy }} + env: + {{- $rabbitmq | nindent 12 }} + - name: check-postgresql + image: "{{ $.Values.image.checks }}" + imagePullPolicy: {{ $.Values.image.pullPolicy }} + env: + {{- $postgresql | nindent 12 }} + containers: + - name: rstudio + image: "{{ $.Values.image.project }}/base:{{ $.Values.image.tag | default $.Chart.AppVersion }}" + imagePullPolicy: {{ $.Values.image.pullPolicy }} + command: + - /work/rstudio.sh + env: + {{- $rabbitmq | nindent 12 }} + {{- $postgresql | nindent 12 }} + {{- $env | nindent 12 }} + - name: RABBITMQ_MGMT_PATH + value: {{ $.Values.rabbitmq.ingress.path | default "/" | quote }} + - name: USER + value: {{ .username }} + - name: PASSWORD + value: {{ .password | quote }} + - name: KEEP_ENV + value: "RABBITMQ_URI RABBITMQ_PREFIX RABBITMQ_PORT FQDN NAME" + ports: + - name: rstudio + containerPort: 8787 + protocol: TCP + volumeMounts: + - name: home + mountPath: /home/{{ .username }} + livenessProbe: + tcpSocket: + port: rstudio + readinessProbe: + httpGet: + path: / + port: rstudio + resources: + {{- toYaml $.Values.rstudio.resources | nindent 12 }} + {{- with $.Values.rstudio.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with $.Values.rstudio.affinity }} + affinity: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with $.Values.rstudio.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} + volumeClaimTemplates: + - metadata: + name: home + spec: + accessModes: [ "ReadWriteOnce" ] + storageClassName: {{ $.Values.persistence.storageClass }} + resources: + requests: + storage: {{ .size | default "1Gi" }} +{{- end }} +{{- end }} diff --git a/templates/web/deployment.yaml b/templates/web/deployment.yaml index db7d89a..5493081 100644 --- a/templates/web/deployment.yaml +++ b/templates/web/deployment.yaml @@ -42,7 +42,7 @@ spec: imagePullPolicy: {{ .Values.image.pullPolicy }} ports: - name: pecan-web - containerPort: 80 + containerPort: 8080 protocol: TCP volumeMounts: - name: data diff --git a/templates/web/ingress.yaml b/templates/web/ingress.yaml index 03636c7..dd05c45 100644 --- a/templates/web/ingress.yaml +++ b/templates/web/ingress.yaml @@ -1,33 +1,51 @@ -{{- if .Values.enableIngress -}} -apiVersion: extensions/v1beta1 +{{- if .Values.ingress.enabled -}} +{{- $fullName := include "pecan.fullname" . -}} +apiVersion: networking.k8s.io/v1 kind: Ingress metadata: - name: {{ include "pecan.fullname" . }}-web + name: {{ $fullName }}-web labels: {{- include "pecan.labels" . | nindent 4 }} - {{- with .Values.ingress.annotations }} annotations: + {{- if .Values.ingress.tls }} + kubernetes.io/tls-acme: "true" + traefik.ingress.kubernetes.io/router.tls: "true" + {{- end }} + {{- with .Values.ingress.annotations }} {{- toYaml . | nindent 4 }} {{- end }} spec: -{{- if .Values.ingress.tls }} +{{- if and .Values.ingress.tls .Values.ingress.tlsSecret .Values.ingress.hosts }} tls: - hosts: - {{- if .Values.ingress.hostName }} - - {{ .Values.ingress.hostName }} + {{- with .Values.ingress.hosts }} + - {{ . }} {{- end }} secretName: {{ .Values.ingress.tlsSecret }} {{- end }} rules: - {{- if .Values.clusterfqdn }} - - host: {{ .Values.clusterfqdn }} +{{- if .Values.ingress.hosts }} + {{- range .Values.ingress.hosts }} + - host: {{ . }} http: - {{- else }} - - http: + paths: + - path: {{ $.Values.ingress.path }}pecan/ + pathType: ImplementationSpecific + backend: + service: + name: {{ $fullName }}-web + port: + name: pecan-web {{- end }} +{{- else }} + - http: paths: - - path: {{ .Values.ingress.path }}pecan/ + - path: {{ $.Values.ingress.path }}pecan/ + pathType: ImplementationSpecific backend: - serviceName: {{ include "pecan.fullname" . }}-web - servicePort: pecan-web + service: + name: {{ $fullName }}-web + port: + name: pecan-web +{{- end }} {{- end }} diff --git a/values.yaml b/values.yaml index 078a430..560e5ea 100644 --- a/values.yaml +++ b/values.yaml @@ -21,23 +21,19 @@ fullnameOverride: "" clustername: demo ## clusterfqdn is set to the name that is stored in the machines table. This -## should be a Fully Qualified Domain Name. Probably want to set: -## betydb.ingress.hostName to the same value. +## should be a Fully Qualified Domain Name. Probably want to add this to: +## betydb.ingress.hosts and ingress.hosts. clusterfqdn: pecan.localhost -## enableIngress if this is set to true all pieces of pecan will be visible on -## clusterfqdn. Probably want to set: betydb.ingress.enabled to the same value. -enableIngress: false - ## initializeData should be set to true to load demo data. initializeData: true ## rstudioUsers is set to a list of rstudio users, each with their own instance ## of rstudio. If not set no instance of rstudio is created. The list will need ## 2 parameters, username and password. -rstudioUsers: - - username: carya - password: illinois +rstudioUsers: [] + # - username: carya + # password: illinois ## ------------------------------------------------------------------------------- ## PECAN MODELS @@ -89,7 +85,8 @@ betydb: ## hostName used for the ingress rules (betydb is set below), best set to the ## same value as PEcAn. - hostName: pecan.example.com + hosts: + - pecan.localhost ## path prefix for all applications (betydb is set below) path: /bety/ @@ -106,7 +103,7 @@ rabbitmq: ingress: enabled: false - hostName: rabbitmq.example.com + hostName: rabbitmq.localhost path: / ## ------------------------------------------------------------------------------- @@ -117,6 +114,13 @@ rabbitmq: ## PECAN installation. ## ref: http://kubernetes.io/docs/user-guide/ingress/ ingress: + # add ingress routes + enabled: false + + # this should probably also contain clusterfqdn + hosts: + - pecan.localhost + ## path prefix for all applications (betydb is set below) path: /