From 5e4c85ee19796bf859ad00f67876d50498bd8682 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Johan=20Alfred=C3=A9en?= Date: Tue, 6 Feb 2024 11:42:14 +0100 Subject: [PATCH 1/8] Merge develop to staging (#20) * User can create 1 minio * added loki service host * First draft of event listener deployment * working helm chart for event-listener * Working chart with new user * up event listener version * update namespace argument * move loki to separate key * add network policy to allow communication with loki --------- Co-authored-by: sandstromviktor Co-authored-by: Hamza Imran Saeed --- scaleout/stackn/templates/_helper.tpl | 25 ++++++ scaleout/stackn/templates/basic-secrets.yaml | 1 + .../templates/event-listener-deployment.yaml | 78 +++++++++++++++++++ .../stackn/templates/network-policies.yaml | 27 ++++++- .../stackn/templates/studio-deployment.yaml | 11 ++- .../templates/studio-settings-configmap.yaml | 9 ++- scaleout/stackn/values.yaml | 28 +++++-- 7 files changed, 165 insertions(+), 14 deletions(-) create mode 100644 scaleout/stackn/templates/event-listener-deployment.yaml diff --git a/scaleout/stackn/templates/_helper.tpl b/scaleout/stackn/templates/_helper.tpl index c96319b..a262242 100644 --- a/scaleout/stackn/templates/_helper.tpl +++ b/scaleout/stackn/templates/_helper.tpl @@ -170,3 +170,28 @@ Return STACKn rabbit secret {{- end -}} +{{/* + Return eventuser password + */}} + {{- define "stackn.studio.eventuser.password" -}} + {{- if .Values.global.studio.eventuserPassword }} + {{- .Values.global.studio.eventuserPassword -}} + {{- else if .Values.studio.eventuserPassword -}} + {{- .Values.studio.eventuserPassword -}} + {{- else -}} + {{- randAlphaNum 10 -}} + {{- end -}} + {{- end -}} + + {{/* + Return eventuser email + */}} + {{- define "stackn.studio.eventuser.email" -}} + {{- if .Values.global.studio.eventuserEmail }} + {{- .Values.global.studio.eventuserEmail -}} + {{- else if .Values.studio.eventuserEmail -}} + {{- .Values.studio.eventuserEmail -}} + {{- else -}} + event_user@test.com + {{- end -}} + {{- end -}} \ No newline at end of file diff --git a/scaleout/stackn/templates/basic-secrets.yaml b/scaleout/stackn/templates/basic-secrets.yaml index 5b94914..dfa18b3 100644 --- a/scaleout/stackn/templates/basic-secrets.yaml +++ b/scaleout/stackn/templates/basic-secrets.yaml @@ -9,6 +9,7 @@ metadata: type: Opaque data: studio-superuser-password: {{ include "common.secrets.passwords.manage" (dict "secret" (include "common.names.fullname" .) "key" "studio-superuser-password" "providedValues" (list "global.studio.superuserPassword" "studio.superuserPassword") "context" $) }} + event-user-password: {{ include "common.secrets.passwords.manage" (dict "secret" (include "common.names.fullname" .) "key" "event-user-password" "providedValues" (list "global.studio.eventuserPassword" "studio.eventuserPassword") "context" $) }} rabbit-password: {{ include "common.secrets.passwords.manage" (dict "secret" (include "common.names.fullname" .) "key" "rabbit-password" "providedValues" (list "rabbit.password") "context" $) }} django-secret-key: {{ include "common.secrets.passwords.manage" (dict "secret" (include "common.names.fullname" .) "key" "django-secret-key" "providedValues" (list "studio.djangoSecret") "length" 50 "strong" true "context" $) }} {{ if .Values.studio.emailService.enabled }} diff --git a/scaleout/stackn/templates/event-listener-deployment.yaml b/scaleout/stackn/templates/event-listener-deployment.yaml new file mode 100644 index 0000000..62fc082 --- /dev/null +++ b/scaleout/stackn/templates/event-listener-deployment.yaml @@ -0,0 +1,78 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + annotations: + reloader.stakater.com/auto: "true" + labels: + name: {{ .Release.Name }}-event-listener + name: {{ .Release.Name }}-event-listener +spec: + replicas: 1 + strategy: + type: Recreate + selector: + matchLabels: + name: {{ .Release.Name }}-event-listener + template: + metadata: + labels: + name: {{ .Release.Name }}-event-listener + app: stackn-studio + allow-api-access: "true" + spec: + serviceAccountName: {{ include "common.names.fullname" .}} + initContainers: + - name: wait-for-studio + image: busybox:1.28.4 + command: ['sh', '-c', "until wget --tries=1 --spider {{ .Release.Name }}-{{ .Values.studio.servicename }}:8080/openapi/v1/are-you-there; do echo waiting for {{ .Release.Name }}-{{ .Values.studio.servicename }} service; sleep 5; done"] + resources: + limits: + cpu: "100m" + memory: "512Mi" + requests: + cpu: "100m" + memory: "512Mi" + containers: + - name: {{ .Release.Name }}-event-listener + args: ["--namespace", {{ .Values.namespace | quote }}] + image: {{ .Values.eventListener.image }} + imagePullPolicy: Always + name: {{ .Release.Name }}-event-listener + {{- if .Values.studio.securityContext.enabled }} + securityContext: + runAsUser: {{ .Values.studio.securityContext.runAsUser }} + runAsGroup: {{ .Values.studio.securityContext.runAsGroup }} + allowPrivilegeEscalation: {{ .Values.studio.securityContext.allowPrivilegeEscalation }} + privileged: {{ .Values.studio.securityContext.privileged }} + capabilities: + drop: + - all + {{- end }} + env: + - name: BASE_URL + value: http://{{ .Release.Name }}-{{ .Values.studio.servicename }}:8080 + - name: DEBUG + {{- if .Values.studio.debug }} + value: "true" + {{- else }} + value: "false" + {{- end }} + - name: USERNAME + value: {{ include "stackn.studio.eventuser.email" . }} + - name: PASSWORD + valueFrom: + secretKeyRef: + name: {{ include "stackn.secretName" . }} + key: event-user-password + resources: + limits: + cpu: {{ .Values.eventListener.resources.limits.cpu }} + memory: {{ .Values.eventListener.resources.limits.memory }} + requests: + cpu: {{ .Values.eventListener.resources.requests.cpu }} + memory: {{ .Values.eventListener.resources.requests.memory }} + imagePullSecrets: + - name: ghcrsecret + restartPolicy: Always + volumes: +status: {} diff --git a/scaleout/stackn/templates/network-policies.yaml b/scaleout/stackn/templates/network-policies.yaml index 44b9ac8..da4a2e7 100644 --- a/scaleout/stackn/templates/network-policies.yaml +++ b/scaleout/stackn/templates/network-policies.yaml @@ -328,7 +328,6 @@ spec: - podSelector: matchLabels: app: shinyproxy-deployment -{{- end }} --- # allow internet policy for shinyproxy apiVersion: networking.k8s.io/v1 @@ -350,3 +349,29 @@ spec: {{- range $cidr := .Values.networkPolicy.internal_cidr }} - {{ $cidr }} {{- end }} +--- +# policy to allow communication with loki +{{- if .Values.loki.enabled }} +apiVersion: networking.k8s.io/v1 +kind: NetworkPolicy +metadata: + name: allow-egress-from-studio-to-loki + namespace: {{ .Values.namespace | default "default" }} +spec: + egress: + - to: + - namespaceSelector: + matchExpressions: + - key: name + operator: In + values: + - loki-stack + matchLabels: + name: loki-stack + podSelector: + matchLabels: + web: studio-web + policyTypes: + - Egress +{{- end }} +{{- end }} diff --git a/scaleout/stackn/templates/studio-deployment.yaml b/scaleout/stackn/templates/studio-deployment.yaml index 1bd91a6..75c2cb5 100644 --- a/scaleout/stackn/templates/studio-deployment.yaml +++ b/scaleout/stackn/templates/studio-deployment.yaml @@ -59,11 +59,11 @@ spec: - containerPort: 8080 env: - name: DEBUG - {{ if .Values.studio.debug }} + {{- if .Values.studio.debug }} value: "true" - {{ else }} + {{- else }} value: "false" - {{ end }} + {{- end }} - name: INIT value: {{ .Values.studio.init | quote }} - name: RESET_DB @@ -81,6 +81,11 @@ spec: secretKeyRef: name: {{ include "stackn.secretName" . }} key: studio-superuser-password + - name: EVENT_USER_PASSWORD + valueFrom: + secretKeyRef: + name: {{ include "stackn.secretName" . }} + key: event-user-password - name: GET_HOSTS_FROM value: dns - name: POSTGRES_PASSWORD diff --git a/scaleout/stackn/templates/studio-settings-configmap.yaml b/scaleout/stackn/templates/studio-settings-configmap.yaml index a483627..48a2226 100644 --- a/scaleout/stackn/templates/studio-settings-configmap.yaml +++ b/scaleout/stackn/templates/studio-settings-configmap.yaml @@ -129,7 +129,7 @@ data: REST_FRAMEWORK = { "DEFAULT_AUTHENTICATION_CLASSES": ["rest_framework.authentication.TokenAuthentication"], "DEFAULT_VERSIONING_CLASS": "rest_framework.versioning.NamespaceVersioning", - "ALLOWED_VERSIONS": [None, "beta", "v1"], + "ALLOWED_VERSIONS": [None, "beta", "v1", "api", "api-v1"], "DEFAULT_VERSION": "v1", "DEFAULT_RENDERER_CLASSES": ("rest_framework.renderers.JSONRenderer",), "DEFAULT_PARSER_CLASSES": ("rest_framework.parsers.JSONParser",), @@ -381,16 +381,17 @@ data: "jupyter-lab": 3, "mlflow": 1, "volumeK8s": 0, - "minio": 0, + "minio": 1, "mongo-express": 0, "reducer": 0, "combiner": 0, "mongodb": 0, "netpolicy": 0, } - + {{ if .Values.loki.enabled }} + LOKI_SVC = {{ .Values.loki.host | quote}} + {{ end }} PROJECTS_PER_USER_LIMIT = 5 - STUDIO_ACCESSMODE = os.environ.get("STUDIO_ACCESSMODE", "") {{ if .Values.studio.enable_project_extra_settings }} ENABLE_PROJECT_EXTRA_SETTINGS = True diff --git a/scaleout/stackn/values.yaml b/scaleout/stackn/values.yaml index 01fd72b..e40baf8 100644 --- a/scaleout/stackn/values.yaml +++ b/scaleout/stackn/values.yaml @@ -78,7 +78,7 @@ studio: replicas: 1 strategy: type: Recreate - image: ghcr.io/scilifelabdatacentre/stackn/serve-ingress:develop-20230823 + image: ghcr.io/scilifelabdatacentre/stackn/serve-ingress:develop-20240130 pullPolicy: IfNotPresent resources: limits: @@ -87,9 +87,9 @@ studio: requests: cpu: "100m" memory: "256Mi" - image: #tell which image to deploy for studio - repository: ghcr.io/scilifelabdatacentre/stackn/serve-studio:develop-20230823 #This image can be built from Dockerfile inside stackn/components/studio (https://github.com/scaleoutsystems/stackn) - pullPolicy: IfNotPresent # used to ensure that each time we redeploy always pull the latest image + image: + repository: ghcr.io/scilifelabdatacentre/stackn/serve-studio:develop-20240130 + pullPolicy: IfNotPresent resources: limits: cpu: "1000m" @@ -110,6 +110,9 @@ studio: superUser: admin superuserPassword: "" superuserEmail: admin@test.com + eventUser: "" + eventuserPassword: "" + eventuserEmail: "" version: studio securityContext: enabled: true @@ -148,8 +151,6 @@ studio: fields: - '' - - #kubernetes config kubeconfig: "" @@ -267,3 +268,18 @@ reloader: namespace: default reloader: watchGlobally: false + +eventListener: + image: ghcr.io/scilifelabdatacentre/serve-event-listener/event-listener:v0.1.3 + resources: + requests: + cpu: "100m" + memory: "1Gi" + limits: + cpu: "500m" + memory: "2Gi" + +loki: + enabled: true + namespace: loki-stack + host: http://loki-gateway.loki-stack.svc.cluster.local # assumes loki deployed separately in loki-stack namespace with loki helm chart From d06fd202ced348d769777f8632eef2ac68bc128a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Johan=20Alfred=C3=A9en?= Date: Fri, 16 Feb 2024 16:00:57 +0100 Subject: [PATCH 2/8] Merge develop to staging (#23) Co-authored-by: sandstromviktor Co-authored-by: Hamza Imran Saeed --- scaleout/stackn/templates/studio-settings-configmap.yaml | 1 + scaleout/stackn/values.yaml | 6 +++--- 2 files changed, 4 insertions(+), 3 deletions(-) diff --git a/scaleout/stackn/templates/studio-settings-configmap.yaml b/scaleout/stackn/templates/studio-settings-configmap.yaml index 48a2226..03b1197 100644 --- a/scaleout/stackn/templates/studio-settings-configmap.yaml +++ b/scaleout/stackn/templates/studio-settings-configmap.yaml @@ -380,6 +380,7 @@ data: "vscode": 3, "jupyter-lab": 3, "mlflow": 1, + "tissuumaps": 1, "volumeK8s": 0, "minio": 1, "mongo-express": 0, diff --git a/scaleout/stackn/values.yaml b/scaleout/stackn/values.yaml index e40baf8..7a46776 100644 --- a/scaleout/stackn/values.yaml +++ b/scaleout/stackn/values.yaml @@ -78,7 +78,7 @@ studio: replicas: 1 strategy: type: Recreate - image: ghcr.io/scilifelabdatacentre/stackn/serve-ingress:develop-20240130 + image: ghcr.io/scilifelabdatacentre/stackn/serve-ingress:develop-20240215 pullPolicy: IfNotPresent resources: limits: @@ -88,7 +88,7 @@ studio: cpu: "100m" memory: "256Mi" image: - repository: ghcr.io/scilifelabdatacentre/stackn/serve-studio:develop-20240130 + repository: ghcr.io/scilifelabdatacentre/stackn/serve-studio:develop-20240215 pullPolicy: IfNotPresent resources: limits: @@ -270,7 +270,7 @@ reloader: watchGlobally: false eventListener: - image: ghcr.io/scilifelabdatacentre/serve-event-listener/event-listener:v0.1.3 + image: ghcr.io/scilifelabdatacentre/serve-event-listener/event-listener:v0.1.5 resources: requests: cpu: "100m" From 55cfccdd2b046e0f59deebee29e4d8565a12fa9a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Viktor=20Sandstr=C3=B6m?= Date: Wed, 6 Mar 2024 14:41:02 +0100 Subject: [PATCH 3/8] Merge Staging into Main (#29) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * SS-841 TissUUmaps apps limit (#22) * Set the max app limit to 1 TissUUmaps app per project. * SS-880 Brute force protection and logout inactive users (#24) * Updated django settings with django axes for brute force protection and session cookie expiration for auto logout of inactive users. * Converted 3 django settings into variable values with default values. --------- Co-authored-by: Johan Alfredéen --- .../templates/studio-settings-configmap.yaml | 32 +++++++++++++++++-- scaleout/stackn/values.yaml | 6 ++-- 2 files changed, 33 insertions(+), 5 deletions(-) diff --git a/scaleout/stackn/templates/studio-settings-configmap.yaml b/scaleout/stackn/templates/studio-settings-configmap.yaml index 48a2226..f4a0f00 100644 --- a/scaleout/stackn/templates/studio-settings-configmap.yaml +++ b/scaleout/stackn/templates/studio-settings-configmap.yaml @@ -22,6 +22,7 @@ data: AUTHENTICATION_BACKENDS = [ + "axes.backends.AxesStandaloneBackend", 'django.contrib.auth.backends.ModelBackend', 'guardian.backends.ObjectPermissionBackend', ] @@ -101,7 +102,8 @@ data: "apps", "api", "customtags", - "news" + "news", + "axes", # django-axes for brute force login protection ] + DJANGO_WIKI_APPS {{ if .Values.studio.custom_apps.enabled }} @@ -122,7 +124,8 @@ data: 'django.contrib.auth.middleware.AuthenticationMiddleware', 'django.contrib.messages.middleware.MessageMiddleware', 'django.middleware.clickjacking.XFrameOptionsMiddleware', - 'corsheaders.middleware.CorsMiddleware' + 'corsheaders.middleware.CorsMiddleware', + "axes.middleware.AxesMiddleware", ] + DJANGO_WIKI_MIDDLEWARE @@ -223,6 +226,30 @@ data: } } + # Session settings for managing automatic login expiration. + # The age of session cookies, in seconds. Set to 1 day = 86400 seconds: + SESSION_COOKIE_AGE = {{ .Values.studio.session_cookie_age | default 86400 }} + # Whether to save the session data on every request. For sliding expiration: + SESSION_SAVE_EVERY_REQUEST = True + # Whether to expire the session when the user closes their browser: + SESSION_EXPIRE_AT_BROWSER_CLOSE = False + + # Settings for the Django Axes brute force login protection + # Number of allowed login failures before action is taken + AXES_FAILURE_LIMIT = {{ .Values.studio.axes_failure_limit | default 10 }} + # Duration in hours after which old failed login attempts will be cleared + AXES_COOLOFF_TIME = {{ .Values.studio.axes_cooloff_time | default 1 }} + # Reset the number of failed attempts to 0 after a successful login + AXES_RESET_ON_SUCCESS = True + # Block failed attempts based on IP and username combination + AXES_LOCKOUT_PARAMETERS = [["ip_address", "username"]] + # Do not prolong the lock duration upon correct credentials entered during a lock period + AXES_RESET_COOL_OFF_ON_FAILURE_DURING_LOCKOUT = False + # Do not save all login and logout attempts to the database + AXES_DISABLE_ACCESS_LOG = True + # The custom view template to display on locked out event + AXES_LOCKOUT_TEMPLATE = "registration/locked_out.html" + # Password validation # https://docs.djangoproject.com/en/2.2/ref/settings/#auth-password-validators @@ -380,6 +407,7 @@ data: "vscode": 3, "jupyter-lab": 3, "mlflow": 1, + "tissuumaps": 1, "volumeK8s": 0, "minio": 1, "mongo-express": 0, diff --git a/scaleout/stackn/values.yaml b/scaleout/stackn/values.yaml index e40baf8..7a46776 100644 --- a/scaleout/stackn/values.yaml +++ b/scaleout/stackn/values.yaml @@ -78,7 +78,7 @@ studio: replicas: 1 strategy: type: Recreate - image: ghcr.io/scilifelabdatacentre/stackn/serve-ingress:develop-20240130 + image: ghcr.io/scilifelabdatacentre/stackn/serve-ingress:develop-20240215 pullPolicy: IfNotPresent resources: limits: @@ -88,7 +88,7 @@ studio: cpu: "100m" memory: "256Mi" image: - repository: ghcr.io/scilifelabdatacentre/stackn/serve-studio:develop-20240130 + repository: ghcr.io/scilifelabdatacentre/stackn/serve-studio:develop-20240215 pullPolicy: IfNotPresent resources: limits: @@ -270,7 +270,7 @@ reloader: watchGlobally: false eventListener: - image: ghcr.io/scilifelabdatacentre/serve-event-listener/event-listener:v0.1.3 + image: ghcr.io/scilifelabdatacentre/serve-event-listener/event-listener:v0.1.5 resources: requests: cpu: "100m" From 8b0a98807963b1b6561ecf71ca81fb3ae7c2b8c3 Mon Sep 17 00:00:00 2001 From: Arnold Kochari Date: Thu, 2 May 2024 08:44:59 +0200 Subject: [PATCH 4/8] Add new fields for additional shinyproxy settings (#40) --- apps/shinyproxy/Chart.yaml | 2 +- apps/shinyproxy/templates/configmap.yaml | 9 +++++---- 2 files changed, 6 insertions(+), 5 deletions(-) diff --git a/apps/shinyproxy/Chart.yaml b/apps/shinyproxy/Chart.yaml index 884b1fb..81e63d7 100644 --- a/apps/shinyproxy/Chart.yaml +++ b/apps/shinyproxy/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 name: shinyproxy description: A Helm chart to install Shinyproxy type: application -version: 1.0.0 +version: 1.1.0 appVersion: "0.1" maintainers: - name: Team Whale diff --git a/apps/shinyproxy/templates/configmap.yaml b/apps/shinyproxy/templates/configmap.yaml index e1c2842..d450a2a 100644 --- a/apps/shinyproxy/templates/configmap.yaml +++ b/apps/shinyproxy/templates/configmap.yaml @@ -14,8 +14,9 @@ data: proxy: authentication: none container-backend: kubernetes - heartbeat-rate: 10000 - heartbeat-timeout: 60000 + heartbeat-rate: {{ .Values.appconfig.proxyheartbeatrate | default 10000 }} + heartbeat-timeout: {{ .Values.appconfig.proxyheartbeattimeout | default 60000 }} + container-wait-time: {{ .Values.appconfig.proxycontainerwaittime | default 30000 }} kubernetes: internal-networking: true namespace: {{ .Release.Namespace }} @@ -37,8 +38,8 @@ data: container-memory-request: {{ .Values.flavor.requests.memory }} port: {{ .Values.appconfig.port }} id: {{ .Release.Name }} - display-name: {{ .Values.app_name }} - description: {{ .Values.app_description }} + display-name: {{ .Values.app_name | quote }} + description: {{ .Values.app_description | quote }} labels: sp.instance: {{ .Release.Name }} allow-internet-egress: "true" From eee816f8cac46be71c575381f0b7089235f3d5b1 Mon Sep 17 00:00:00 2001 From: Arnold Kochari Date: Tue, 21 May 2024 08:59:57 +0200 Subject: [PATCH 5/8] Clarification about contributors. (#39) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Co-authored-by: Viktor Sandström --- LICENSE | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) diff --git a/LICENSE b/LICENSE index cd482d8..db85496 100644 --- a/LICENSE +++ b/LICENSE @@ -1,3 +1,20 @@ +Copyright 2023-present SciLifeLab Data Centre (https://scilifelab.se/data) +Copyright 2020-2023 Scaleout Systems AB + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + +http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. + +==================== + Apache License Version 2.0, January 2004 http://www.apache.org/licenses/ From 25517d7549204f44745ffff89ec96b5bdc96639b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Viktor=20Sandstr=C3=B6m?= Date: Tue, 21 May 2024 09:12:23 +0200 Subject: [PATCH 6/8] Ss 922 fix bitnami charts security vulns (#42) --- serve/Chart.yaml | 9 +++++---- serve/templates/_helper.tpl | 2 +- 2 files changed, 6 insertions(+), 5 deletions(-) diff --git a/serve/Chart.yaml b/serve/Chart.yaml index 77ac066..4a3d552 100644 --- a/serve/Chart.yaml +++ b/serve/Chart.yaml @@ -9,7 +9,7 @@ maintainers: dependencies: - name: reloader - version: v1.0.15 + version: v1.0.79 repository: https://stakater.github.io/stakater-charts condition: reloader.enabled @@ -19,12 +19,12 @@ dependencies: condition: postgresql.enabled - name: redis - version: 17.7.4 + version: 19.1.0 repository: https://charts.bitnami.com/bitnami condition: redis.enabled - name: rabbitmq - version: 11.9.1 + version: 14.0.0 repository: https://charts.bitnami.com/bitnami condition: rabbitmq.enabled @@ -32,4 +32,5 @@ dependencies: repository: https://charts.bitnami.com/bitnami tags: - bitnami-common - version: 2.0.4 + version: 2.19.1 + diff --git a/serve/templates/_helper.tpl b/serve/templates/_helper.tpl index a262242..9904f41 100644 --- a/serve/templates/_helper.tpl +++ b/serve/templates/_helper.tpl @@ -194,4 +194,4 @@ Return STACKn rabbit secret {{- else -}} event_user@test.com {{- end -}} - {{- end -}} \ No newline at end of file + {{- end -}} From 68348ba5716e5029f00f41452157185d860d7469 Mon Sep 17 00:00:00 2001 From: sandstromviktor Date: Tue, 21 May 2024 09:50:02 +0200 Subject: [PATCH 7/8] Removed GPU flavor from Jupyter lab --- apps/jupyter-lab/Chart.yaml | 2 +- apps/jupyter-lab/values.yaml | 2 -- 2 files changed, 1 insertion(+), 3 deletions(-) diff --git a/apps/jupyter-lab/Chart.yaml b/apps/jupyter-lab/Chart.yaml index afb1ad8..accbd5b 100644 --- a/apps/jupyter-lab/Chart.yaml +++ b/apps/jupyter-lab/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v1 appVersion: "0.1" description: A Helm chart for Jupyter Lab name: lab -version: 1.0.0 +version: 1.0.1 maintainers: - name: Team Whale email: serve@scilifelab.se diff --git a/apps/jupyter-lab/values.yaml b/apps/jupyter-lab/values.yaml index 28f1ce5..33a3527 100644 --- a/apps/jupyter-lab/values.yaml +++ b/apps/jupyter-lab/values.yaml @@ -68,9 +68,7 @@ flavor: cpu: 1 ephemeral-storage: 800Mi memory: 1Gi - nvidia.com/gpu: requests: cpu: 500m ephemeral-storage: 500Mi memory: 500Mi - nvidia.com/gpu: From 4ccd61d98611a62369db8dd876c8f094731d2e2f Mon Sep 17 00:00:00 2001 From: sandstromviktor Date: Fri, 24 May 2024 08:48:29 +0200 Subject: [PATCH 8/8] merge shinyproxy-update to develop --- apps/shiny/Chart.yaml | 2 +- apps/shiny/templates/deployment.yaml | 11 ++++++++ apps/shiny/templates/shiny-configmap.yaml | 31 +++++++++++++++++++++++ 3 files changed, 43 insertions(+), 1 deletion(-) create mode 100644 apps/shiny/templates/shiny-configmap.yaml diff --git a/apps/shiny/Chart.yaml b/apps/shiny/Chart.yaml index 0f0ec5d..cbfb3dc 100644 --- a/apps/shiny/Chart.yaml +++ b/apps/shiny/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v1 appVersion: "0.1" description: A Helm chart Shiny apps name: shinyapp -version: 1.0.1 +version: 1.0.2 maintainers: - name: Team Whale email: serve@scilifelab.se diff --git a/apps/shiny/templates/deployment.yaml b/apps/shiny/templates/deployment.yaml index 95737f0..9634070 100644 --- a/apps/shiny/templates/deployment.yaml +++ b/apps/shiny/templates/deployment.yaml @@ -44,5 +44,16 @@ spec: {{- toYaml .Values.flavor | nindent 10 }} ports: - containerPort: {{ .Values.appconfig.port }} + volumeMounts: + - name: {{ .Release.Name }}-shiny-configmap + mountPath: /etc/shiny-server/shiny-server.conf + subPath: shiny-server.conf terminationGracePeriodSeconds: 30 dnsPolicy: ClusterFirst + volumes: + - name: {{ .Release.Name }}-shiny-configmap + configMap: + name: {{ .Release.Name }}-shiny-configmap + items: + - key: shiny-server.conf + path: shiny-server.conf diff --git a/apps/shiny/templates/shiny-configmap.yaml b/apps/shiny/templates/shiny-configmap.yaml new file mode 100644 index 0000000..d16fa39 --- /dev/null +++ b/apps/shiny/templates/shiny-configmap.yaml @@ -0,0 +1,31 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ .Release.Name }}-shiny-configmap + namespace: {{ .Release.Namespace }} +data: + shiny-server.conf: |- + # Instruct Shiny Server to run applications as the user "shiny" + run_as shiny; + http_keepalive_timeout 600; + # Define a server that listens on user defined port + server { + listen {{ .Values.appconfig.port }} 0.0.0.0; + # Define a location at the base URL + location / { + + # Host the directory of Shiny Apps stored in this directory + site_dir /srv/shiny-server; + + # Log all Shiny output to files in this directory + log_dir /var/log/shiny-server; + + # When a user visits the base URL rather than a particular application, + # an index of the applications available in this directory will be shown. + directory_index on; + app_init_timeout 600; + app_idle_timeout 600; + } + app_init_timeout 600; + app_idle_timeout 600; + }