Add shinyproxy serviceaccount and email settings

scaleout/stackn/templates/basic-secrets.yaml

@@ -16,4 +16,4 @@ data:
   email-host-password: {{ .Values.studio.emailService.hostPassword | b64enc }}
   email-api-key: {{ .Values.studio.emailService.apiKey | b64enc }}
   {{ end }}
-{{- end -}}
+{{- end -}}

scaleout/stackn/templates/network-policies.yaml

@@ -65,10 +65,7 @@ spec:
   policyTypes:
   - Egress
   egress:
-  - to:
-    - ipBlock:
-        cidr: {{ .Values.networkPolicy.kubernetes.cidr }}
-    ports:
+  - ports:
     - protocol: TCP
       port: {{ .Values.networkPolicy.kubernetes.port }}
 ---
@@ -332,3 +329,24 @@ spec:
         matchLabels:
           app: shinyproxy-deployment
 {{- end }}
+---
+# allow internet policy for shinyproxy
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: shinyproxy-allow-internet-egress
+  namespace: {{ .Values.namespace | default "default" }}
+spec:
+  podSelector:
+    matchLabels:
+      allow-internet-egress: "true"
+  policyTypes:
+    - Egress
+  egress: 
+  - to:
+    - ipBlock:
+        cidr: 0.0.0.0/0
+        except:
+        {{- range $cidr := .Values.networkPolicy.internal_cidr }}
+        - {{ $cidr }}
+        {{- end }}

scaleout/stackn/templates/role.yaml

@@ -16,3 +16,22 @@ rules:
     resources: ["*"]
     verbs: ["*"]
 {{- end }}
+---
+kind: Role
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: {{ .Values.namespace }}-shinyproxy-role
+  namespace: {{ .Values.namespace }}
+rules:
+  - apiGroups: [""]       # "" indicates the core API group
+    resources: ["pods","persistentvolumeclaims"]
+    verbs: ["get", "watch", "list", "create", "delete"]
+  - apiGroups: [""]       # "" indicates the core API group
+    resources: ["pods/log"]
+    verbs: ["get"]
+  - apiGroups: ["batch"]
+    resources: ["jobs"]
+    verbs: ["get", "watch", "list", "create", "delete"]
+  - apiGroups: ["autoscaling"]
+    resources: ["horizontalpodautoscalers"]
+    verbs: ["get", "watch", "list", "create", "delete"]

scaleout/stackn/templates/rolebinding.yaml

@@ -17,4 +17,18 @@ roleRef:
 subjects:
 - kind: ServiceAccount
   name: {{ include "common.names.fullname" .}}
-  namespace: {{ .Values.namespace }}
+  namespace: {{ .Values.namespace }}
+---
+kind: RoleBinding
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: {{ .Values.namespace }}-shinyproxy-role-binding
+  namespace: {{ .Values.namespace }}
+subjects:
+  - kind: ServiceAccount
+    name: {{ .Values.namespace }}-shinyproxy
+    namespace: {{ .Values.namespace }}
+roleRef:
+  kind: Role
+  apiGroup: rbac.authorization.k8s.io
+  name: {{ .Values.namespace }}-shinyproxy-role

scaleout/stackn/templates/service-account.yaml

@@ -7,4 +7,10 @@ automountServiceAccountToken: {{ .Values.serviceAccount.automountServiceAccountT
 metadata:
   name: {{ include "common.names.fullname" .}}
   namespace: {{ .Values.namespace | default .Release.Namespace }}
-{{- end }}
+{{- end }}
+---
+apiVersion: v1
+kind: ServiceAccount
+automountServiceAccountToken: true
+metadata:
+  name: {{ .Values.namespace }}-shinyproxy

scaleout/stackn/templates/studio-deployment.yaml

@@ -115,7 +115,7 @@ spec:
             secretKeyRef:
               name: {{ include "stackn.secretName" . }}
               key: email-host-user
-        - name: EMAIL_HOST_PASSWORD
+        - name: EMAIL_PASSWORD
           valueFrom:
             secretKeyRef:
               name: {{ include "stackn.secretName" . }}

scaleout/stackn/templates/studio-settings-configmap.yaml

@@ -321,18 +321,25 @@ data:
     CSRF_TRUSTED_ORIGINS = ['https://*{{ .Values.session_cookie_domain }}','https://*.127.0.0.1'] + [{{ .Values.studio.csrf_trusted_origins | quote}}]
 
     # Email
+    EMAIL_BACKEND = (
+        "django.core.mail.backends.smtp.EmailBackend" if not DEBUG else "django.core.mail.backends.console.EmailBackend"
+    )
     {{ if .Values.studio.emailService.enabled }}
     EMAIL_HOST = {{ .Values.studio.emailService.host | quote}}
     EMAIL_PORT = {{ .Values.studio.emailService.port }}
     EMAIL_HOST_USER = os.environ["EMAIL_HOST_USER"]
     EMAIL_HOST_PASSWORD = os.environ["EMAIL_HOST_PASSWORD"]
+    {{ if .Values.studio.emailService.ssl }}
+    EMAIL_USE_TLS = False
+    EMAIL_USE_SSL = True
+    {{ else }}
     EMAIL_USE_TLS = True
-
-    EMAIL_DOMAIN_NAME = {{ .Values.studio.emailService.domainName | quote}}
-    EMAIL_API_KEY = os.environ["EMAIL_API_KEY"]
-    EMAIL_MAILGUN_API = {{ .Values.studio.emailService.apiEndpoint | quote}}
-    EMAIL_NOTIFY_ON_ACCOUNT_REGISTER_LIST = [{{- range .Values.studio.emailService.notifyOnAccountRegisterList }}{{. | quote }},{{- end }}]
-    DEFAULT_FROM_EMAIL = {{ .Values.studio.emailService.smtpEmailFrom | quote}}
+    {{ end }}
+    # EMAIL_DOMAIN_NAME = {{ .Values.studio.emailService.domainName | quote}}
+    # EMAIL_API_KEY = os.environ["EMAIL_API_KEY"]
+    # EMAIL_MAILGUN_API = {{ .Values.studio.emailService.apiEndpoint | quote}}
+    # EMAIL_NOTIFY_ON_ACCOUNT_REGISTER_LIST = [{{- range .Values.studio.emailService.notifyOnAccountRegisterList }}{{. | quote }},{{- end }}]
+    # DEFAULT_FROM_EMAIL = {{ .Values.studio.emailService.smtpEmailFrom | quote}}
     {{ else }}
     EMAIL_BACKEND = "django.core.mail.backends.filebased.EmailBackend"
     EMAIL_FILE_PATH =  os.path.join(BASE_DIR, 'sent_emails')
@@ -366,6 +373,7 @@ data:
     "pytorch-serve": 10,
     "tensorflow-serve": 10,
     "mlflow-serve": 10,
+    "python-serve": 10,
     "rstudio": 3,
     "vscode": 3,
     "jupyter-lab": 3,