Feature/minio file upload

Dockerfile

@@ -27,7 +27,7 @@ RUN apk add --update --no-cache \
 # Installing Pillow separate from the packages in requirements
 # greatly speeds up the docker build.
 RUN python3 -m pip install --upgrade pip \
-    && python3 -m pip install Pillow==10.1.0 --global-option="build_ext" --global-option="--disable-tiff" --global-option="--disable-freetype" --global-option="--disable-lcms" --global-option="--disable-webp" --global-option="--disable-webpmux" --global-option="--disable-imagequant" --global-option="--disable-xcb"
+    && python3 -m pip install Pillow==10.2.0 --global-option="build_ext" --global-option="--disable-tiff" --global-option="--disable-freetype" --global-option="--disable-lcms" --global-option="--disable-webp" --global-option="--disable-webpmux" --global-option="--disable-imagequant" --global-option="--disable-xcb"
 
 FROM bitnami/kubectl:1.28.2 as kubectl
 FROM alpine/helm:3.12.3 as helm

apps/tasks.py

@@ -47,7 +47,7 @@ def post_create_hooks(instance):
     print("TASK - POST CREATE HOOK...")
     # hard coded hooks for now, we can make this dynamic
     # and loaded from the app specs
-    if instance.app.slug == "minio":
+    if instance.app.slug == "minio-admin":
         # Create project S3 object
         # TODO: If the instance is being updated,
         # update the existing S3 object.
@@ -491,11 +491,17 @@ def delete_old_objects():
 
     TODO: Make this a variable in settings.py and use the same number in templates
     """
-    threshold = 7
-    threshold_time = timezone.now() - timezone.timedelta(days=threshold)
 
-    old_apps = AppInstance.objects.filter(created_on__lt=threshold_time, app__category__name="Develop")
-    for app_ in old_apps:
+    def get_old_apps(threshold, category):
+        threshold_time = timezone.now() - timezone.timedelta(days=threshold)
+        return AppInstance.objects.filter(created_on__lt=threshold_time, app__category__name=category)
+
+    old_develop_apps = get_old_apps(threshold=7, category="Develop")
+    old_minio_apps = get_old_apps(threshold=1, category="Manage Files")
+    for app_ in old_develop_apps:
+        delete_resource.delay(app_.pk)
+
+    for app_ in old_minio_apps:
         delete_resource.delay(app_.pk)
 
 

apps/views.py

@@ -1,4 +1,6 @@
 import re
+import secrets
+import string
 
 import requests
 from django.apps import apps
@@ -421,6 +423,17 @@ def get(self, request, user, project, app_slug, data=[], wait=False, call=False)
         if not user_can_create:
             return HttpResponseForbidden()
 
+        if app.slug == "minio":
+
+            def generate_password(len: int) -> str:
+                return "".join(
+                    secrets.choice(string.octdigits + string.ascii_uppercase + string.ascii_lowercase + string.digits)
+                    for i in range(len)
+                )
+
+            MINIO_USERNAME = generate_password(8)
+            MINIO_PASSWORD = generate_password(8)
+
         do_display_description_field = app.category is not None and app.category.name.lower() == "serve"
 
         form = generate_form(app_settings, project, app, user, [])

charts/apps/minio/chart/templates/project-s3-deployment.yaml → charts/apps/minio/chart/templates/deployment.yaml

@@ -27,24 +27,21 @@ spec:
         pod: minio
     spec:
       automountServiceAccountToken: false
-      {{- if .Values.securityContext.enabled }}
       securityContext:
-        seccompProfile:
-          type: RuntimeDefault
-        fsGroup: {{ .Values.securityContext.fsGroup }}
-      {{- end }}
+        {{- toYaml .Values.podSecurityContext | nindent 8 }}
       containers:
       - name: {{ .Release.Name }}-minio
-        image: minio/minio:14128-5ee91dc
+        image: {{ .Values.appconfig.image }}
         imagePullPolicy: IfNotPresent
         command:
-          - "/bin/sh"
-          - "-ce"
-          - "/usr/bin/docker-entrypoint.sh minio server {{ .Values.bucketRoot }} --console-address :{{ .Values.minioConsolePort }}"
+          - /bin/sh
+          - -ce
+          - |
+            /usr/bin/docker-entrypoint.sh minio server {{ .Values.bucketRoot }} --console-address :{{ .Values.appconfig.uiConsolePort }}
         args:
         {{- range $key, $value := .Values.apps.volumeK8s }}
         - server
-        - /home/stackn/{{ $key }}
+        - /home/{{ $key }}
         {{- end }}
         env:
         - name: MINIO_ROOT_USER
@@ -57,49 +54,36 @@ spec:
             secretKeyRef:
               name: {{ .Release.Name }}-minio
               key: secretkey
-        {{- if .Values.securityContext.enabled }}
         securityContext:
-          runAsUser: {{ .Values.securityContext.runAsUser }}
-          runAsGroup: {{ .Values.securityContext.runAsGroup }}
-          allowPrivilegeEscalation: {{ .Values.securityContext.allowPrivilegeEscalation }}
-          privileged: {{ .Values.securityContext.privileged }}
-          capabilities:
-            drop:
-              - all
-        {{- end }}
+        {{- toYaml .Values.securityContext | nindent 10 }}
         ports:
-          - containerPort: 9000
+          - containerPort: {{ .Values.appconfig.apiServerPort }}
             name: api-server
-          - containerPort: 9001
+          - containerPort: {{ .Values.appconfig.uiConsolePort }}
             name: ui-console
+          - containerPort: {{ .Values.appconfig.ftpPort }}
+            name: ftp
         resources: {}
         volumeMounts:
         {{- range $key, $value := .Values.apps.volumeK8s }}
         - name: {{ $key }}
           mountPath: /data
         {{- end }}
-
-      - name: {{ .Release.Name }}-minio-sidecar
-        image: alpine:3.18.3
-        imagePullPolicy: IfNotPresent
-        command: ["sh", "-c", "while true; do sleep 3600; done;"]
-        {{- if .Values.securityContext.enabled }}
-        securityContext:
-          runAsUser: {{ .Values.securityContext.runAsUser }}
-          runAsGroup: {{ .Values.securityContext.runAsGroup }}
-          allowPrivilegeEscalation: {{ .Values.securityContext.allowPrivilegeEscalation }}
-          privileged: {{ .Values.securityContext.privileged }}
-          capabilities:
-            drop:
-              - all
-        {{- end }}
-        resources: {}
-        volumeMounts:
-        {{- range $key, $value := .Values.apps.volumeK8s }}
-        - name: {{ $key }}
-          mountPath: /data
-        {{- end }}
-
+        - name: tls-secret
+          mountPath: /home
+          readOnly: true
+        lifecycle:
+          postStart:
+            exec:
+              command:
+              - /bin/sh
+              - -ce
+              - |
+                sleep 5
+                mc alias set local http://127.0.0.1:9000 ${MINIO_ROOT_USER} ${MINIO_ROOT_PASSWORD}
+                mc admin user add local {{ .Values.credentials.access_key }} {{ .Values.credentials.secret_key }}
+                mc mb /data/data-bucket
+                mc admin policy attach local readwrite --user {{ .Values.credentials.access_key }} || true
       hostname: {{ .Release.Name }}-minio
       restartPolicy: Always
       volumes:
@@ -108,4 +92,7 @@ spec:
         persistentVolumeClaim:
           claimName: {{ $value.release }}
       {{- end }}
+      - name: tls-secret
+        secret:
+          secretName: prod-ingress
 status: {}

charts/apps/minio/chart/templates/ingress.yaml

@@ -0,0 +1,34 @@
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  annotations:
+    nginx.ingress.kubernetes.io/proxy-body-size: "10000M"
+  name: {{ .Release.Name }}-minio
+  namespace: {{ .Values.namespace }}
+spec:
+  rules:
+    - host: {{ .Release.Name }}.{{ .Values.global.domain }}
+      http:
+        paths:
+        - path: /
+          backend:
+            service:
+              name: {{ .Values.service.name }}
+              port:
+                name: console
+          pathType: ImplementationSpecific
+    - host: api-{{ .Release.Name }}.{{ .Values.global.domain }}
+      http:
+        paths:
+        - path: /
+          backend:
+            service:
+              name: {{ .Values.service.name }}
+              port:
+                name: api
+          pathType: ImplementationSpecific
+
+  tls:
+    - secretName: {{ .Values.ingress.secretName }}
+      hosts:
+        - {{ .Values.global.domain }}

charts/apps/minio/chart/templates/secret.yaml

@@ -10,5 +10,5 @@ metadata:
     type: secret
 type: Opaque
 data:
-  accesskey: {{ if .Values.credentials.access_key }}{{ .Values.credentials.access_key | b64enc | quote }}{{ else }}{{ randAlphaNum 20 | b64enc | quote }}{{ end }}
-  secretkey: {{ if .Values.credentials.secret_key }}{{ .Values.credentials.secret_key | b64enc | quote }}{{ else }}{{ randAlphaNum 40 | b64enc | quote }}{{ end }}
+  accesskey: {{ randAlphaNum 20 | b64enc | quote }}
+  secretkey: {{ randAlphaNum 40 | b64enc | quote }}

charts/apps/minio/chart/templates/project-s3-service.yaml → charts/apps/minio/chart/templates/service.yaml

@@ -7,11 +7,12 @@ spec:
   ports:
   - name: api
     protocol: TCP
-    port: 9000
-    targetPort: 9000
+    port: {{ .Values.appconfig.apiServerPort }}
+    targetPort: {{ .Values.appconfig.apiServerPort }}
   - name: console
     protocol: TCP
-    port: 9001
-    targetPort: 9001
+    port: {{ .Values.appconfig.uiConsolePort }}
+    targetPort: {{ .Values.appconfig.uiConsolePort }}
+
   selector:
     release: {{ .Release.Name }}

charts/apps/minio/chart/values.yaml

@@ -1,12 +1,6 @@
 namespace: default
 volumes: {}
 
-## Port number for MinIO S3 API Access
-minioAPIPort: "9000"
-
-## Port number for MinIO Browser COnsole Access
-minioConsolePort: "9001"
-
 
 ## Path where PV would be mounted on the MinIO Pod
 mountPath: ""
@@ -20,14 +14,28 @@ credentials:
   access_key: minio-access-key
   secret_key: minio-secret-key
 
+
 ingress:
   v1beta1: false
   secretName: prod-ingress
 
+appconfig:
+  apiServerPort: 9000
+  uiConsolePort: 9001
+  ftpPort: 8022
+  image: minio/minio:latest
+
+podSecurityContext:
+  seccompProfile:
+      type: RuntimeDefault
+  fsGroup: 1000
+
 securityContext:
-  enabled: true
+  runAsNonRoot: true
   runAsUser: 1000
   runAsGroup: 1000
-  fsGroup: 1000
   allowPrivilegeEscalation: false
   privileged: false
+  capabilities:
+    drop:
+      - all

charts/apps/rstudio/chart/values.yaml

@@ -43,34 +43,3 @@ securityContext:
   capabilities:
     drop:
       - all
-
-
-
-
-
-
-
-service:
-  name: customapp-svc
-
-imagePullSecrets:
-  - name: regcred
-
-ingress:
-  v1beta1: false
-  secretName: prod-ingress
-
-podSecurityContext:
-  seccompProfile:
-      type: RuntimeDefault
-  fsGroup: 1000
-
-securityContext:
-  runAsNonRoot: true
-  runAsUser: 1000
-  runAsGroup: 1000
-  allowPrivilegeEscalation: false
-  privileged: false
-  capabilities:
-    drop:
-      - all

common/management/commands/add_locust_users.py

@@ -0,0 +1,26 @@
+from django.contrib.auth import get_user_model
+from django.core.management.base import BaseCommand, CommandError
+from django.db.utils import IntegrityError
+
+User = get_user_model()
+
+
+class Command(BaseCommand):
+    help = "Adds user to database"
+
+    def add_arguments(self, parser):
+        parser.add_argument("num_users", type=int)
+
+    def handle(self, *args, **options):
+        for i in range(1, options["num_users"] + 1):
+            username = f"locust_test_user_{i}"
+            email = f"locust_test_user_{i}@test.uu.net"
+            password = "password123"
+            try:
+                user = User.objects.create_user(username, email, password)
+                user.is_active = True
+                user.save()
+            except IntegrityError:
+                self.stdout.write(self.style.WARNING("User with the given username or email already exists."))
+
+        self.stdout.write(self.style.SUCCESS(f"Successfully created {i} users"))