Merge pull request #7 from ScilifelabDataCentre/develop

Bump the version of staging

scaleout/stackn/templates/network-policies.yaml

@@ -48,10 +48,7 @@ spec:
   policyTypes:
   - Egress
   egress:
-  - to:
-    - ipBlock:
-        cidr: {{ .Values.networkPolicy.kubernetes.cidr }}
-    ports:
+  - ports:
     - protocol: TCP
       port: {{ .Values.networkPolicy.kubernetes.port }}
 ---
@@ -285,4 +282,53 @@ spec:
       - namespaceSelector:
           matchLabels:
             kubernetes.io/metadata.name: {{ .Values.networkPolicy.ingress_controller_namespace }} # <- This should allow traffic from ingress namespace
-{{- end }}
+---
+kind: NetworkPolicy
+apiVersion: networking.k8s.io/v1
+metadata:
+  namespace: {{ .Values.namespace | default "default" }}
+  name: allow-pod-to-shinyproxy
+spec:
+  podSelector:
+    matchLabels:
+      app: shinyproxy-deployment
+  policyTypes:
+    - Egress
+    - Ingress
+  egress:
+  - to:
+    - podSelector:
+        matchExpressions:
+        - key: sp.instance
+          operator: Exists
+  ingress:
+  - from:
+    - podSelector:
+        matchExpressions:
+        - key: sp.instance
+          operator: Exists
+---
+kind: NetworkPolicy
+apiVersion: networking.k8s.io/v1
+metadata:
+  namespace: {{ .Values.namespace | default "default" }}
+  name: allow-shinyproxy-to-pod
+spec:
+  podSelector:
+    matchExpressions:
+    - key: sp.instance
+      operator: Exists
+  policyTypes:
+    - Egress
+    - Ingress
+  egress:
+  - to:
+    - podSelector:
+        matchLabels:
+          app: shinyproxy-deployment
+  ingress:
+  - from:
+    - podSelector:
+        matchLabels:
+          app: shinyproxy-deployment
+{{- end }}

scaleout/stackn/templates/role.yaml

@@ -12,7 +12,7 @@ metadata:
   annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
   {{- end }}
 rules:
-  - apiGroups: ["", "apps", "networking.k8s.io", "autoscaling"]
+  - apiGroups: ["", "apps", "networking.k8s.io", "autoscaling","batch"]
     resources: ["*"]
     verbs: ["*"]
-{{- end }}
+{{- end }}

scaleout/stackn/templates/studio-deployment.yaml

@@ -24,7 +24,8 @@ spec:
         allow-api-access: "true"
         networking/allow-internet-egress: "true"
     spec:
-      automountServiceAccountToken: false
+      automountServiceAccountToken: true
+      serviceAccountName: {{ include "common.names.fullname" .}}
       securityContext:
         fsGroup: {{ .Values.studio.securityContext.fsGroup }}
       initContainers:

scaleout/stackn/templates/studio-settings-configmap.yaml

@@ -101,6 +101,7 @@ data:
         "apps",
         "api",
         "customtags",
+        "news"
     ] + DJANGO_WIKI_APPS
 
     {{ if .Values.studio.custom_apps.enabled }}
@@ -126,9 +127,12 @@ data:
 
     
     REST_FRAMEWORK = {
-        'DEFAULT_AUTHENTICATION_CLASSES': [
-            'rest_framework.authentication.TokenAuthentication'
-        ],
+        "DEFAULT_AUTHENTICATION_CLASSES": ["rest_framework.authentication.TokenAuthentication"],
+        "DEFAULT_VERSIONING_CLASS": "rest_framework.versioning.NamespaceVersioning",
+        "ALLOWED_VERSIONS": [None, "beta", "v1"],
+        "DEFAULT_VERSION": "v1",
+        "DEFAULT_RENDERER_CLASSES": ("rest_framework.renderers.JSONRenderer",),
+        "DEFAULT_PARSER_CLASSES": ("rest_framework.parsers.JSONParser",),
     }
 
     # Default primary key field type
@@ -166,9 +170,11 @@ data:
 
     STATIC_URL = '/static/'
     #Use in production and together with Nginx 
-    STATIC_ROOT = os.path.join(BASE_DIR, 'static/')
-    #STATICFILES_DIRS = ( os.path.join('static'), )
-
+    #STATIC_ROOT = os.path.join(BASE_DIR, 'static/')
+    STATIC_ROOT = ""
+    # SS-507
+    # Please keep "static" files first, because common/forms.py expects it
+    STATICFILES_DIRS = (os.path.join(BASE_DIR, "static"),)
 
     TEMPLATE_LOADERS = (
         'django.template.loaders.filesystem.Loader',
@@ -336,7 +342,9 @@ data:
         'models': 'studio.migrations.models',
         'monitor': 'studio.migrations.monitor',
         'portal': 'studio.migrations.portal',
-        'projects': 'studio.migrations.projects'
+        'projects': 'studio.migrations.projects',
+        "common": "common.migrations",
+        "news": "news.migrations",
     }
 
     {{ if .Values.studio.custom_migrations.enabled }}
@@ -347,22 +355,27 @@ data:
 
     # Defines how many apps a user is allowed to create within one project
     APPS_PER_PROJECT_LIMIT = {
-        "vscode": 1,
-        "volumeK8s": 5,
-        "pytorch-serve": 1,
-        "tensorflow-serve": 1,
-        "mlflow-serve": 1,
-        "mlflow": 1,
-        "minio": 1,
-        "jupyter-lab": 1,
-        "mongo-express": 1,
-        "reducer": 2,
-        "docker-registry": 1,
-        "combiner": 2,
-        "mongodb": 1,
+    "dashapp": 10,
+    "shinyapp": 10,
+    "shinyproxyapp": 10,
+    "customapp": 10,
+    "pytorch-serve": 10,
+    "tensorflow-serve": 10,
+    "mlflow-serve": 10,
+    "rstudio": 3,
+    "vscode": 3,
+    "jupyter-lab": 3,
+    "mlflow": 1,
+    "volumeK8s": 0,
+    "minio": 0,
+    "mongo-express": 0,
+    "reducer": 0,
+    "combiner": 0,
+    "mongodb": 0,
+    "netpolicy": 0,
     }
 
-    PROJECTS_PER_USER_LIMIT = 3
+    PROJECTS_PER_USER_LIMIT = 5
 
     STUDIO_ACCESSMODE = os.environ.get("STUDIO_ACCESSMODE", "")
     {{ if .Values.studio.enable_project_extra_settings }}
@@ -372,4 +385,10 @@ data:
     {{ end }}
     {{ if .Values.studio.disabledAppInstanceFields.enabled }}
     DISABLED_APP_INSTANCE_FIELDS = [{{- range .Values.studio.disabledAppInstanceFields.fields }}{{. | quote }},{{- end }}]
-    {{- end }}
+    {{- end }}
+    # This was added in SS-507.
+    # This setting is for django-guardian.
+    # We had to set it because AnonymousUser was not working properly.
+    # Specifically, apps.tests.test_user_has_no_access was failing.
+    # Also anonymous access to pages was not working.
+    ANONYMOUS_USER_NAME = None