From d4733cf16197a71b5fb91d2b08503eff61e72c82 Mon Sep 17 00:00:00 2001 From: PJ Linebaugh Date: Mon, 11 Sep 2023 11:59:44 -0400 Subject: [PATCH 01/13] add way to set postgresql image that is used to check for readiness of server --- Chart.yaml | 2 +- README.md | 5 ++++- templates/deployment.yaml | 3 ++- values.yaml | 8 ++++++++ 4 files changed, 15 insertions(+), 3 deletions(-) diff --git a/Chart.yaml b/Chart.yaml index 2799c95..79542af 100644 --- a/Chart.yaml +++ b/Chart.yaml @@ -12,7 +12,7 @@ description: A Helm chart for Kubernetes type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. -version: 3.2.1 +version: 3.2.2 # This is the version number of the application being deployed. This version # number should be incremented each time you make changes to the application. appVersion: 3.1.0 diff --git a/README.md b/README.md index aa122f3..458c33f 100644 --- a/README.md +++ b/README.md @@ -2,7 +2,7 @@ A Helm chart for Kubernetes -![Version: 3.2.1](https://img.shields.io/badge/Version-3.2.1-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 3.1.0](https://img.shields.io/badge/AppVersion-3.1.0-informational?style=flat-square) +![Version: 3.2.2](https://img.shields.io/badge/Version-3.2.2-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 3.1.0](https://img.shields.io/badge/AppVersion-3.1.0-informational?style=flat-square) ## CI/CD @@ -68,6 +68,9 @@ Additionally there is a workflow that allows bumping the chart version, if this | global.ambassador_id | string | `nil` | specify the id of the ambassador for Tycho-launched services. | | global.stdnfsPvc | string | `"stdnfs"` | the name of the PVC to use for user's files | | gunicorn.workers | int | `5` | Set the number of gunicorn workers. (2*CPU)+1 is recommended. | +| image-postgresql.pullPolicy | string | `"Always"` | pull policy | +| image-postgresql.repository | string | `"docker.io/bitnami/postgresql"` | repository where postgresql image is located | +| image-postgresql.tag | int | `11` | Image tag for postgresql, coordinate this with postgresql dependency. | | image.pullPolicy | string | `"IfNotPresent"` | pull policy | | image.repository | string | `"containers.renci.org/helxplatform/appstore"` | repository where image is located | | image.tag | string | `nil` | Overrides the image tag whose default is the chart appVersion. Set to "" before release! | diff --git a/templates/deployment.yaml b/templates/deployment.yaml index c74b5fd..cb7b889 100644 --- a/templates/deployment.yaml +++ b/templates/deployment.yaml @@ -36,7 +36,8 @@ spec: initContainers: {{- if .Values.postgresql.enabled }} - name: wait-for-postgresql - image: postgres:11 + image: "{{ .Values.image-postgresql.image.repository }}:{{ .Values.image-postgresql.image.tag }}" + imagePullPolicy: "{{ .Values.image-postgresql.pullPolicy }}" command: - sh - -c diff --git a/values.yaml b/values.yaml index 42cbecb..574a6dd 100644 --- a/values.yaml +++ b/values.yaml @@ -13,6 +13,14 @@ image: # Set to "" before release! tag: +image-postgresql: + # -- repository where postgresql image is located + repository: docker.io/bitnami/postgresql + # -- pull policy + pullPolicy: Always + # -- Image tag for postgresql, coordinate this with postgresql dependency. + tag: 11 + fetcherImage: # -- repository where image is located repository: helxplatform/url-fetch From 27ca48afd24c042d36589f69cb70614c6dfb1759 Mon Sep 17 00:00:00 2001 From: PJ Linebaugh Date: Mon, 11 Sep 2023 12:01:23 -0400 Subject: [PATCH 02/13] add way to set postgresql image that is used to check for readiness of server --- values.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/values.yaml b/values.yaml index 574a6dd..f858f60 100644 --- a/values.yaml +++ b/values.yaml @@ -17,7 +17,7 @@ image-postgresql: # -- repository where postgresql image is located repository: docker.io/bitnami/postgresql # -- pull policy - pullPolicy: Always + pullPolicy: IfNotPresent # -- Image tag for postgresql, coordinate this with postgresql dependency. tag: 11 From 5196438aadd0d9ba91bbe4e4e4bf404ed649c289 Mon Sep 17 00:00:00 2001 From: PJ Linebaugh Date: Mon, 11 Sep 2023 12:11:53 -0400 Subject: [PATCH 03/13] change to camelcase --- templates/deployment.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/templates/deployment.yaml b/templates/deployment.yaml index cb7b889..7c6a714 100644 --- a/templates/deployment.yaml +++ b/templates/deployment.yaml @@ -36,8 +36,8 @@ spec: initContainers: {{- if .Values.postgresql.enabled }} - name: wait-for-postgresql - image: "{{ .Values.image-postgresql.image.repository }}:{{ .Values.image-postgresql.image.tag }}" - imagePullPolicy: "{{ .Values.image-postgresql.pullPolicy }}" + image: "{{ .Values.imagePostgresql.image.repository }}:{{ .Values.imagePostgresql.image.tag }}" + imagePullPolicy: "{{ .Values.imagePostgresql.pullPolicy }}" command: - sh - -c From f309ba7e3053d02b42d8bd18bf0d71e768398133 Mon Sep 17 00:00:00 2001 From: PJ Linebaugh Date: Mon, 11 Sep 2023 12:12:32 -0400 Subject: [PATCH 04/13] change to camelcase --- README.md | 6 +++--- values.yaml | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/README.md b/README.md index 458c33f..9ccab23 100644 --- a/README.md +++ b/README.md @@ -68,12 +68,12 @@ Additionally there is a workflow that allows bumping the chart version, if this | global.ambassador_id | string | `nil` | specify the id of the ambassador for Tycho-launched services. | | global.stdnfsPvc | string | `"stdnfs"` | the name of the PVC to use for user's files | | gunicorn.workers | int | `5` | Set the number of gunicorn workers. (2*CPU)+1 is recommended. | -| image-postgresql.pullPolicy | string | `"Always"` | pull policy | -| image-postgresql.repository | string | `"docker.io/bitnami/postgresql"` | repository where postgresql image is located | -| image-postgresql.tag | int | `11` | Image tag for postgresql, coordinate this with postgresql dependency. | | image.pullPolicy | string | `"IfNotPresent"` | pull policy | | image.repository | string | `"containers.renci.org/helxplatform/appstore"` | repository where image is located | | image.tag | string | `nil` | Overrides the image tag whose default is the chart appVersion. Set to "" before release! | +| imagePostgresql.pullPolicy | string | `"IfNotPresent"` | pull policy | +| imagePostgresql.repository | string | `"docker.io/bitnami/postgresql"` | repository where postgresql image is located | +| imagePostgresql.tag | int | `11` | Image tag for postgresql, coordinate this with postgresql dependency. | | imagePullSecrets | list | `[]` | credentials for a private repo | | irods.BRAINI_RODS | string | `""` | | | irods.IROD_COLLECTIONS | string | `""` | | diff --git a/values.yaml b/values.yaml index f858f60..25f9943 100644 --- a/values.yaml +++ b/values.yaml @@ -13,7 +13,7 @@ image: # Set to "" before release! tag: -image-postgresql: +imagePostgresql: # -- repository where postgresql image is located repository: docker.io/bitnami/postgresql # -- pull policy From 5bb1587df89045bd474155ba63bb117dfb7df743 Mon Sep 17 00:00:00 2001 From: PJ Linebaugh Date: Mon, 11 Sep 2023 12:14:56 -0400 Subject: [PATCH 05/13] change to camelcase --- templates/deployment.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/templates/deployment.yaml b/templates/deployment.yaml index 7c6a714..0982b94 100644 --- a/templates/deployment.yaml +++ b/templates/deployment.yaml @@ -36,7 +36,7 @@ spec: initContainers: {{- if .Values.postgresql.enabled }} - name: wait-for-postgresql - image: "{{ .Values.imagePostgresql.image.repository }}:{{ .Values.imagePostgresql.image.tag }}" + image: "{{ .Values.imagePostgresql.repository }}:{{ .Values.imagePostgresql.tag }}" imagePullPolicy: "{{ .Values.imagePostgresql.pullPolicy }}" command: - sh From 03c7a0fc0c50b3481d87eb095afea91a6fc61460 Mon Sep 17 00:00:00 2001 From: PJ Linebaugh Date: Fri, 22 Sep 2023 21:17:26 -0400 Subject: [PATCH 06/13] add variables to set helx app's init container image source --- Chart.yaml | 2 +- README.md | 4 +++- templates/deployment.yaml | 4 ++++ values.yaml | 4 ++++ 4 files changed, 12 insertions(+), 2 deletions(-) diff --git a/Chart.yaml b/Chart.yaml index 79542af..8484edc 100644 --- a/Chart.yaml +++ b/Chart.yaml @@ -12,7 +12,7 @@ description: A Helm chart for Kubernetes type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. -version: 3.2.2 +version: 3.2.3 # This is the version number of the application being deployed. This version # number should be incremented each time you make changes to the application. appVersion: 3.1.0 diff --git a/README.md b/README.md index 9ccab23..76eb384 100644 --- a/README.md +++ b/README.md @@ -2,7 +2,7 @@ A Helm chart for Kubernetes -![Version: 3.2.2](https://img.shields.io/badge/Version-3.2.2-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 3.1.0](https://img.shields.io/badge/AppVersion-3.1.0-informational?style=flat-square) +![Version: 3.2.3](https://img.shields.io/badge/Version-3.2.3-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 3.1.0](https://img.shields.io/badge/AppVersion-3.1.0-informational?style=flat-square) ## CI/CD @@ -152,6 +152,8 @@ Additionally there is a workflow that allows bumping the chart version, if this | tycho.externalAppRegistryRepo | string | `"https://github.com/helxplatform/helx-apps/raw"` | Can be set to a git repo URL for fetching the app registry file or defaults file. Something in the form of 'https://github.com/helxplatform/helx-apps/raw'. | | tycho.fsGroup | int | `0` | Application processes launched will also be part of this supplimentary group. | | tycho.init | object | `{"resources":{"cpus":"250m","memory":"250Mi"}}` | Resource for Tycho init container. Defaults cpus|250m memory|250Mi | +| tycho.initImageRepository | string | `"busybox"` | The image repository to use for HeLx app init containers. | +| tycho.initImageTag | string | `"latest"` | The image tag to use for HeLx app init containers. | | tycho.initRunAsGroup | int | `0` | Init processes will have this group permissions. | | tycho.initRunAsUser | int | `0` | Init processes will run as this user. | | tycho.parent_dir | string | `"/home"` | directory that will be used to mount user's home directories in | diff --git a/templates/deployment.yaml b/templates/deployment.yaml index 0982b94..4305189 100644 --- a/templates/deployment.yaml +++ b/templates/deployment.yaml @@ -426,6 +426,10 @@ spec: {{- else }} value: "{{- .Values.tycho.externalAppRegistryRepo }}/{{- .Values.django.DOCKSTORE_APPS_BRANCH }}/{{- .Values.tycho.externalAppRegistryAppSpecsDir }}" {{- end }} + - name: TYCHO_APP_INIT_IMAGE_REPOSITORY + value: "{{- .Values.tycho.initImageRepository }}" + - name: TYCHO_APP_INIT_IMAGE_TAG + value: "{{- .Values.tycho.initImageTag }}" - name: INIT_SC_RUN_AS_USER value: "{{- .Values.tycho.initRunAsUser }}" - name: INIT_SC_RUN_AS_GROUP diff --git a/values.yaml b/values.yaml index 25f9943..965ffa2 100644 --- a/values.yaml +++ b/values.yaml @@ -259,6 +259,10 @@ tycho: # main container is started. This can be to create certain directories or # set file permissions. enableInitContainer: true + # -- The image repository to use for HeLx app init containers. + initImageRepository: busybox + # -- The image tag to use for HeLx app init containers. + initImageTag: latest # -- Init processes will run as this user. initRunAsUser: 0 # -- Init processes will have this group permissions. From 45b8235f95b684706f0357005fd20422f0aa00d9 Mon Sep 17 00:00:00 2001 From: PJ Linebaugh Date: Tue, 26 Sep 2023 16:09:41 -0400 Subject: [PATCH 07/13] update chart appVersion to 3.1.2 --- Chart.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Chart.yaml b/Chart.yaml index 8484edc..dcc6f21 100644 --- a/Chart.yaml +++ b/Chart.yaml @@ -15,7 +15,7 @@ type: application version: 3.2.3 # This is the version number of the application being deployed. This version # number should be incremented each time you make changes to the application. -appVersion: 3.1.0 +appVersion: 3.1.2 dependencies: - name: postgresql condition: postgresql.enabled From bdf715f6bee5a7839670e6005cb64a04fcd08e65 Mon Sep 17 00:00:00 2001 From: frostyfan109 Date: Wed, 4 Oct 2023 12:51:51 -0400 Subject: [PATCH 08/13] Add auto whitelisting values and change default session timeout --- templates/configmap.yaml | 2 ++ values.yaml | 13 ++++++++++++- 2 files changed, 14 insertions(+), 1 deletion(-) diff --git a/templates/configmap.yaml b/templates/configmap.yaml index 0fa77fa..b3d1b80 100644 --- a/templates/configmap.yaml +++ b/templates/configmap.yaml @@ -14,6 +14,8 @@ data: OAUTH_DB_DIR: /var/lib/sqlite3 OAUTH_DB_FILE: DATABASE.sqlite3 ACCOUNT_DEFAULT_HTTP_PROTOCOL: "{{ .Values.ACCOUNT_DEFAULT_HTTP_PROTOCOL }}" + AUTO_WHITELIST_PATTERNS: | + {{ toJson .Values.django.AUTO_WHITELIST_PATTERNS | nindent 4 }} DEV_PHASE: "{{ .Values.django.DEV_PHASE }}" # Just adding these ports temporarily until they have a default value in the code. BRAINI_PORT: "1247" diff --git a/values.yaml b/values.yaml index 965ffa2..93ea8dd 100644 --- a/values.yaml +++ b/values.yaml @@ -109,6 +109,17 @@ gunicorn: workers: 5 django: + # Note that these only run on a user's primary alias. + # If a user has primary@cs.unc.edu as their primary alias, + # and secondary@renci.org as a secondary alias, they will only + # be whitelisted automatically if cs.unc.edu emails are allowed. + AUTO_WHITELIST_PATTERNS: + ### Whitelist all RENCI emails ### + - "^[A-Za-z0-9._%+-]+@renci\\.org$" + ### Whitelist all UNC emails ### + # - "^[A-Za-z0-9._%+-]+@([A-Za-z0-9.-]+\.)?unc\.edu$" + ### Whitelist CS dept. (grad./prof.) UNC emails ### + # - "^[A-Za-z0-9._%+-]+@cs\.unc\.edu$" # -- create test users for load testing CREATE_TEST_USERS: "false" # -- parent directory where the users.txt would be mounted @@ -136,7 +147,7 @@ django: # -- Specify URL to use for the "Image Download" link on the top part of website. IMAGE_DOWNLOAD_URL: "" # -- idle timeout for user web session - SESSION_IDLE_TIMEOUT: 3600 + SESSION_IDLE_TIMEOUT: 2592000 # 30 days # -- list of appstore registration emails RECIPIENT_EMAILS: "" # -- should be 'live' unless you are doing some kind of development From 2f159d6cf2d3f1907a4390fad91d3854acbd044a Mon Sep 17 00:00:00 2001 From: frostyfan109 Date: Wed, 4 Oct 2023 13:28:06 -0400 Subject: [PATCH 09/13] Add auto_whitelist_patterns to deployment env, fix bug where session_idle_timeout was being encoded as scientific notation string instead of a number --- templates/deployment.yaml | 5 +++++ values.yaml | 2 +- 2 files changed, 6 insertions(+), 1 deletion(-) diff --git a/templates/deployment.yaml b/templates/deployment.yaml index 4305189..79015d3 100644 --- a/templates/deployment.yaml +++ b/templates/deployment.yaml @@ -137,6 +137,11 @@ spec: configMapKeyRef: key: ACCOUNT_DEFAULT_HTTP_PROTOCOL name: {{ include "appstore.fullname" . }}-env + - name: AUTO_WHITELIST_PATTERNS + valueFrom: + configMapKeyRef: + key: AUTO_WHITELIST_PATTERNS + name: {{ include "appstore.fullname" . }}-env - name: DEV_PHASE valueFrom: configMapKeyRef: diff --git a/values.yaml b/values.yaml index 93ea8dd..d9baaa9 100644 --- a/values.yaml +++ b/values.yaml @@ -147,7 +147,7 @@ django: # -- Specify URL to use for the "Image Download" link on the top part of website. IMAGE_DOWNLOAD_URL: "" # -- idle timeout for user web session - SESSION_IDLE_TIMEOUT: 2592000 # 30 days + SESSION_IDLE_TIMEOUT: "2592000" # 30 days # -- list of appstore registration emails RECIPIENT_EMAILS: "" # -- should be 'live' unless you are doing some kind of development From 143cb1655f4a79ec59a7a3634666f635fc8935ec Mon Sep 17 00:00:00 2001 From: PJ Linebaugh Date: Thu, 26 Oct 2023 15:11:11 -0400 Subject: [PATCH 10/13] update appVersion for appstore to v3.2.0 --- Chart.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Chart.yaml b/Chart.yaml index dcc6f21..272ce64 100644 --- a/Chart.yaml +++ b/Chart.yaml @@ -12,10 +12,10 @@ description: A Helm chart for Kubernetes type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. -version: 3.2.3 +version: 3.3.0 # This is the version number of the application being deployed. This version # number should be incremented each time you make changes to the application. -appVersion: 3.1.2 +appVersion: 3.3.0 dependencies: - name: postgresql condition: postgresql.enabled From 0cd8848d56b95691ffabea29f6ad85ed1e2ccde3 Mon Sep 17 00:00:00 2001 From: frostyfan109 Date: Fri, 27 Oct 2023 12:10:31 -0400 Subject: [PATCH 11/13] Remove default whitelist of all renci emails --- values.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/values.yaml b/values.yaml index d9baaa9..8747c61 100644 --- a/values.yaml +++ b/values.yaml @@ -115,7 +115,7 @@ django: # be whitelisted automatically if cs.unc.edu emails are allowed. AUTO_WHITELIST_PATTERNS: ### Whitelist all RENCI emails ### - - "^[A-Za-z0-9._%+-]+@renci\\.org$" + # - "^[A-Za-z0-9._%+-]+@renci\\.org$" ### Whitelist all UNC emails ### # - "^[A-Za-z0-9._%+-]+@([A-Za-z0-9.-]+\.)?unc\.edu$" ### Whitelist CS dept. (grad./prof.) UNC emails ### From bc35bcd92af24c4a5500012c707d3e4473b02149 Mon Sep 17 00:00:00 2001 From: frostyfan109 Date: Fri, 27 Oct 2023 12:13:51 -0400 Subject: [PATCH 12/13] Increment chart version --- Chart.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Chart.yaml b/Chart.yaml index dcc6f21..167ac5e 100644 --- a/Chart.yaml +++ b/Chart.yaml @@ -12,7 +12,7 @@ description: A Helm chart for Kubernetes type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. -version: 3.2.3 +version: 3.2.4 # This is the version number of the application being deployed. This version # number should be incremented each time you make changes to the application. appVersion: 3.1.2 From d236550febb4ea2a952324a47b1b73c9f3e0741e Mon Sep 17 00:00:00 2001 From: PJ Linebaugh Date: Fri, 27 Oct 2023 16:10:19 -0400 Subject: [PATCH 13/13] update to use appstore image v3.3.0 --- Chart.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Chart.yaml b/Chart.yaml index ea78be7..272ce64 100644 --- a/Chart.yaml +++ b/Chart.yaml @@ -12,10 +12,10 @@ description: A Helm chart for Kubernetes type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. -version: 3.2.5 +version: 3.3.0 # This is the version number of the application being deployed. This version # number should be incremented each time you make changes to the application. -appVersion: 3.2.0 +appVersion: 3.3.0 dependencies: - name: postgresql condition: postgresql.enabled