From 4da6e50ffab92c2857070e83666b8660b5c0d4c9 Mon Sep 17 00:00:00 2001 From: Donatien Eneman <45652587+Donatien26@users.noreply.github.com> Date: Tue, 12 May 2020 10:51:30 +0200 Subject: [PATCH] Add onyxia (#2) --- .gitignore | 3 +- charts/onyxia/.helmignore | 23 ++++ charts/onyxia/Chart.yaml | 21 +++ charts/onyxia/templates/NOTES.txt | 7 + charts/onyxia/templates/_helpers.tpl | 124 ++++++++++++++++++ .../templates/cluster-role-binding.yaml | 16 +++ .../templates/deployment-onyxia-api.yaml | 64 +++++++++ .../templates/deployment-onyxia-ui.yaml | 69 ++++++++++ charts/onyxia/templates/ingress-onyxia.yaml | 41 ++++++ .../onyxia/templates/service-onyxia-api.yaml | 15 +++ .../onyxia/templates/service-onyxia-ui.yaml | 15 +++ .../templates/serviceaccount-onyxia-api.yaml | 12 ++ .../templates/serviceaccount-onyxia-ui.yaml | 12 ++ .../templates/tests/test-connection-api.yaml | 15 +++ .../templates/tests/test-connection-ihm.yaml | 15 +++ charts/onyxia/values.yaml | 119 +++++++++++++++++ 16 files changed, 570 insertions(+), 1 deletion(-) create mode 100644 charts/onyxia/.helmignore create mode 100644 charts/onyxia/Chart.yaml create mode 100644 charts/onyxia/templates/NOTES.txt create mode 100644 charts/onyxia/templates/_helpers.tpl create mode 100644 charts/onyxia/templates/cluster-role-binding.yaml create mode 100644 charts/onyxia/templates/deployment-onyxia-api.yaml create mode 100644 charts/onyxia/templates/deployment-onyxia-ui.yaml create mode 100644 charts/onyxia/templates/ingress-onyxia.yaml create mode 100644 charts/onyxia/templates/service-onyxia-api.yaml create mode 100644 charts/onyxia/templates/service-onyxia-ui.yaml create mode 100644 charts/onyxia/templates/serviceaccount-onyxia-api.yaml create mode 100644 charts/onyxia/templates/serviceaccount-onyxia-ui.yaml create mode 100644 charts/onyxia/templates/tests/test-connection-api.yaml create mode 100644 charts/onyxia/templates/tests/test-connection-ihm.yaml create mode 100644 charts/onyxia/values.yaml diff --git a/.gitignore b/.gitignore index 75840e8..9bbfd5f 100644 --- a/.gitignore +++ b/.gitignore @@ -1,2 +1,3 @@ *.tgz -index.yaml \ No newline at end of file +index.yaml +*/my-values.yml \ No newline at end of file diff --git a/charts/onyxia/.helmignore b/charts/onyxia/.helmignore new file mode 100644 index 0000000..0e8a0eb --- /dev/null +++ b/charts/onyxia/.helmignore @@ -0,0 +1,23 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*.orig +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/charts/onyxia/Chart.yaml b/charts/onyxia/Chart.yaml new file mode 100644 index 0000000..1dca3f1 --- /dev/null +++ b/charts/onyxia/Chart.yaml @@ -0,0 +1,21 @@ +apiVersion: v2 +name: onyxia +description: Onyxia is your datalab's hub. +icon: https://onyxia.lab.sspcloud.fr/onyxia.svg +# A chart can be either an 'application' or a 'library' chart. +# +# Application charts are a collection of templates that can be packaged into versioned archives +# to be deployed. +# +# Library charts provide useful utilities or functions for the chart developer. They're included as +# a dependency of application charts to inject those utilities and functions into the rendering +# pipeline. Library charts do not define any templates and therefore cannot be deployed. +type: application + +# This is the chart version. This version number should be incremented each time you make changes +# to the chart and its templates, including the app version. +version: 1.0.0 + +# This is the version number of the application being deployed. This version number should be +# incremented each time you make changes to the application. +appVersion: 1.0.0 \ No newline at end of file diff --git a/charts/onyxia/templates/NOTES.txt b/charts/onyxia/templates/NOTES.txt new file mode 100644 index 0000000..8b20ced --- /dev/null +++ b/charts/onyxia/templates/NOTES.txt @@ -0,0 +1,7 @@ + +1. Enjoy Onyxia :) +{{- if .Values.ingress.enabled }} + http{{ if $.Values.ingress.tls }}s{{ end }}://{{ .Values.ingress.hostname }} +{{ else }} + The application is running but not exposed by ingress +{{ end }} diff --git a/charts/onyxia/templates/_helpers.tpl b/charts/onyxia/templates/_helpers.tpl new file mode 100644 index 0000000..75f0f98 --- /dev/null +++ b/charts/onyxia/templates/_helpers.tpl @@ -0,0 +1,124 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Expand the name of the chart. +*/}} +{{- define "onyxia.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{- define "onyxia.ui.name" -}} +{{- printf "%s-%s" (include "onyxia.name" .) .Values.ui.name | trunc 63 | trimSuffix "-" -}} +{{- end -}} + + +{{- define "onyxia.api.name" -}} +{{- printf "%s-%s" (include "onyxia.name" .) .Values.api.name | trunc 63 | trimSuffix "-" -}} +{{- end -}} + + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "onyxia.fullname" -}} +{{- if .Values.fullnameOverride -}} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- $name := default .Chart.Name .Values.nameOverride -}} +{{- if contains $name .Release.Name -}} +{{- .Release.Name | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} +{{- end -}} + +{{- define "onyxia.ui.fullname" -}} +{{- printf "%s-%s" (include "onyxia.fullname" .) .Values.ui.name | trunc 63 | trimSuffix "-" -}} +{{- end -}} + + +{{- define "onyxia.api.fullname" -}} +{{- printf "%s-%s" (include "onyxia.fullname" .) .Values.api.name | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "onyxia.chart" -}} +{{- printf "onyxia" -}} +{{- end -}} + +{{- define "onyxia.api.chart" -}} +{{- printf "onyxia-api" -}} +{{- end -}} + +{{- define "onyxia.ui.chart" -}} +{{- printf "onyxia-ui" -}} +{{- end -}} + + +{{/*Common labels*/}} + +{{- define "onyxia.labels" -}} +helm.sh/chart: {{ include "onyxia.chart" . }} +{{ include "onyxia.selectorLabels" . }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end -}} + +{{- define "onyxia.api.labels" -}} +helm.sh/chart: {{ include "onyxia.api.chart" . }} +{{ include "onyxia.api.selectorLabels" . }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end -}} + +{{- define "onyxia.ui.labels" -}} +helm.sh/chart: {{ include "onyxia.ui.chart" . }} +{{ include "onyxia.ui.selectorLabels" . }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end -}} + +{{/*Selector labels*/}} +{{- define "onyxia.selectorLabels" -}} +app.kubernetes.io/name: {{ include "onyxia.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end -}} + + +{{- define "onyxia.api.selectorLabels" -}} +app.kubernetes.io/name: {{ include "onyxia.api.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end -}} + +{{- define "onyxia.ui.selectorLabels" -}} +app.kubernetes.io/name: {{ include "onyxia.ui.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end -}} + +{{/*Create the name of the service account to use*/}} + +{{- define "onyxia.api.serviceAccountName" -}} +{{- if .Values.serviceAccount.create -}} + {{ default (include "onyxia.api.fullname" .) .Values.serviceAccount.name }} +{{- else -}} + {{ default "default" .Values.serviceAccount.name }} +{{- end -}} +{{- end -}} + +{{- define "onyxia.ui.serviceAccountName" -}} +{{- if .Values.serviceAccount.create -}} + {{ default (include "onyxia.ui.fullname" .) .Values.serviceAccount.name }} +{{- else -}} + {{ default "default" .Values.serviceAccount.name }} +{{- end -}} +{{- end -}} diff --git a/charts/onyxia/templates/cluster-role-binding.yaml b/charts/onyxia/templates/cluster-role-binding.yaml new file mode 100644 index 0000000..fe4e81d --- /dev/null +++ b/charts/onyxia/templates/cluster-role-binding.yaml @@ -0,0 +1,16 @@ +{{- if .Values.serviceAccount.create -}} +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: ClusterRoleBinding +metadata: + name: {{ include "onyxia.fullname" . }} + labels: + {{- include "onyxia.api.labels" . | nindent 4 }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: cluster-admin +subjects: +- kind: ServiceAccount + name: {{ include "onyxia.api.serviceAccountName" . }} + namespace: {{ .Release.Namespace }} +{{- end -}} \ No newline at end of file diff --git a/charts/onyxia/templates/deployment-onyxia-api.yaml b/charts/onyxia/templates/deployment-onyxia-api.yaml new file mode 100644 index 0000000..e1617d4 --- /dev/null +++ b/charts/onyxia/templates/deployment-onyxia-api.yaml @@ -0,0 +1,64 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "onyxia.api.fullname" . }} + labels: + {{- include "onyxia.api.labels" . | nindent 4 }} +spec: + replicas: {{ .Values.api.replicaCount }} + selector: + matchLabels: + {{- include "onyxia.api.selectorLabels" . | nindent 6 }} + template: + metadata: + labels: + {{- include "onyxia.api.selectorLabels" . | nindent 8 }} + spec: + {{- with .Values.api.imagePullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 8 }} + {{- end }} + serviceAccountName: {{ include "onyxia.api.serviceAccountName" . }} + securityContext: + {{- toYaml .Values.api.podSecurityContext | nindent 8 }} + containers: + - name: {{ .Chart.Name }} + securityContext: + {{- toYaml .Values.api.securityContext | nindent 12 }} + image: "{{ .Values.api.image.name }}:{{ .Values.api.image.version }}" + env: + {{- range $key, $val := .Values.api.env }} + - name: {{ $key }} + value: {{ $val | quote }} + {{- end}} + {{- if .Values.api.regions }} + - name: regions + value: {{ .Values.api.regions | toJson | quote }} + {{- end}} + imagePullPolicy: {{ .Values.api.image.pullPolicy }} + ports: + - name: http + containerPort: 8080 + protocol: TCP + livenessProbe: + httpGet: + path: /public/healthcheck + port: http + readinessProbe: + httpGet: + path: /public/healthcheck + port: http + resources: + {{- toYaml .Values.api.resources | nindent 12 }} + {{- with .Values.api.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.api.affinity }} + affinity: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.api.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} diff --git a/charts/onyxia/templates/deployment-onyxia-ui.yaml b/charts/onyxia/templates/deployment-onyxia-ui.yaml new file mode 100644 index 0000000..9940904 --- /dev/null +++ b/charts/onyxia/templates/deployment-onyxia-ui.yaml @@ -0,0 +1,69 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "onyxia.ui.fullname" . }} + labels: + {{- include "onyxia.ui.labels" . | nindent 4 }} +spec: + replicas: {{ .Values.ui.replicaCount }} + selector: + matchLabels: + {{- include "onyxia.ui.selectorLabels" . | nindent 6 }} + template: + metadata: + labels: + {{- include "onyxia.ui.selectorLabels" . | nindent 8 }} + spec: + {{- with .Values.imagePullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 8 }} + {{- end }} + serviceAccountName: {{ include "onyxia.ui.serviceAccountName" . }} + securityContext: + {{- toYaml .Values.ui.podSecurityContext | nindent 8 }} + containers: + - name: {{ .Chart.Name }} + securityContext: + {{- toYaml .Values.ui.securityContext | nindent 12 }} + image: "{{ .Values.ui.image.name }}:{{ .Values.ui.image.version }}" + imagePullPolicy: {{ .Values.ui.image.pullPolicy }} + env: + {{- if .Values.ingress.enabled }} + {{- if .Values.ingress.tls }} + - name: BASE_API_URL + value: {{ printf "https://%s/%s" .Values.ingress.hostname "api" | quote }} + {{- else }} + - name: BASE_API_URL + value: {{ printf "http://%s/%s" .Values.ingress.hostname "api" | quote }} + {{- end}} + {{- end}} + {{- range $key, $val := .Values.ui.env }} + - name: {{ $key }} + value: {{ $val | quote }} + {{- end}} + ports: + - name: http + containerPort: 80 + protocol: TCP + livenessProbe: + httpGet: + path: / + port: http + readinessProbe: + httpGet: + path: / + port: http + resources: + {{- toYaml .Values.ui.resources | nindent 12 }} + {{- with .Values.ui.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.ui.affinity }} + affinity: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.ui.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} diff --git a/charts/onyxia/templates/ingress-onyxia.yaml b/charts/onyxia/templates/ingress-onyxia.yaml new file mode 100644 index 0000000..b0d6748 --- /dev/null +++ b/charts/onyxia/templates/ingress-onyxia.yaml @@ -0,0 +1,41 @@ +{{- if .Values.ingress.enabled -}} +{{- $fullNameApi := include "onyxia.api.fullname" . -}} +{{- $fullNameUi := include "onyxia.ui.fullname" . -}} +{{- $fullName := include "onyxia.fullname" . -}} +{{- $svcPortApi := .Values.api.service.port -}} +{{- $svcPortUi := .Values.api.service.port -}} +{{- if semverCompare ">=1.14-0" .Capabilities.KubeVersion.GitVersion -}} +apiVersion: networking.k8s.io/v1beta1 +{{- else -}} +apiVersion: extensions/v1beta1 +{{- end }} +kind: Ingress +metadata: + name: {{ $fullName }} + labels: + {{- include "onyxia.labels" . | nindent 4 }} + annotations: + {{- with .Values.ingress.annotations }} + {{- toYaml . | nindent 4 }} + {{- end }} + nginx.ingress.kubernetes.io/rewrite-target: /$1 + +spec: +{{- if .Values.ingress.tls }} + tls: + - hosts: + - {{ .Values.ingress.hostname | quote }} +{{- end }} + rules: + - host: {{ .Values.ingress.hostname | quote }} + http: + paths: + - path: /api/(.*) + backend: + serviceName: {{ $fullNameApi }} + servicePort: {{ $svcPortApi }} + - path: /(.*) + backend: + serviceName: {{$fullNameUi}} + servicePort: {{$svcPortUi}} +{{- end }} diff --git a/charts/onyxia/templates/service-onyxia-api.yaml b/charts/onyxia/templates/service-onyxia-api.yaml new file mode 100644 index 0000000..15a586a --- /dev/null +++ b/charts/onyxia/templates/service-onyxia-api.yaml @@ -0,0 +1,15 @@ +apiVersion: v1 +kind: Service +metadata: + name: {{ include "onyxia.api.fullname" . }} + labels: + {{- include "onyxia.api.labels" . | nindent 4 }} +spec: + type: {{ .Values.api.service.type }} + ports: + - port: {{ .Values.api.service.port }} + targetPort: http + protocol: TCP + name: http + selector: + {{- include "onyxia.api.selectorLabels" . | nindent 4 }} diff --git a/charts/onyxia/templates/service-onyxia-ui.yaml b/charts/onyxia/templates/service-onyxia-ui.yaml new file mode 100644 index 0000000..a493268 --- /dev/null +++ b/charts/onyxia/templates/service-onyxia-ui.yaml @@ -0,0 +1,15 @@ +apiVersion: v1 +kind: Service +metadata: + name: {{ include "onyxia.ui.fullname" . }} + labels: + {{- include "onyxia.ui.labels" . | nindent 4 }} +spec: + type: {{ .Values.ui.service.type }} + ports: + - port: {{ .Values.ui.service.port }} + targetPort: http + protocol: TCP + name: http + selector: + {{- include "onyxia.ui.selectorLabels" . | nindent 4 }} diff --git a/charts/onyxia/templates/serviceaccount-onyxia-api.yaml b/charts/onyxia/templates/serviceaccount-onyxia-api.yaml new file mode 100644 index 0000000..5f0d567 --- /dev/null +++ b/charts/onyxia/templates/serviceaccount-onyxia-api.yaml @@ -0,0 +1,12 @@ +{{- if .Values.serviceAccount.create -}} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "onyxia.api.serviceAccountName" . }} + labels: + {{- include "onyxia.api.labels" . | nindent 4 }} + {{- with .Values.serviceAccount.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +{{- end -}} diff --git a/charts/onyxia/templates/serviceaccount-onyxia-ui.yaml b/charts/onyxia/templates/serviceaccount-onyxia-ui.yaml new file mode 100644 index 0000000..674a997 --- /dev/null +++ b/charts/onyxia/templates/serviceaccount-onyxia-ui.yaml @@ -0,0 +1,12 @@ +{{- if .Values.serviceAccount.create -}} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "onyxia.ui.serviceAccountName" . }} + labels: + {{- include "onyxia.ui.labels" . | nindent 4 }} + {{- with .Values.serviceAccount.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +{{- end -}} diff --git a/charts/onyxia/templates/tests/test-connection-api.yaml b/charts/onyxia/templates/tests/test-connection-api.yaml new file mode 100644 index 0000000..8ddecaf --- /dev/null +++ b/charts/onyxia/templates/tests/test-connection-api.yaml @@ -0,0 +1,15 @@ +apiVersion: v1 +kind: Pod +metadata: + name: "{{ include "onyxia.api.fullname" . }}-test-connection" + labels: + {{- include "onyxia.api.labels" . | nindent 4 }} + annotations: + "helm.sh/hook": test-success +spec: + containers: + - name: wget + image: busybox + command: ['wget'] + args: ['{{ include "onyxia.api.fullname" . }}:{{ .Values.api.service.port }}'] + restartPolicy: Never diff --git a/charts/onyxia/templates/tests/test-connection-ihm.yaml b/charts/onyxia/templates/tests/test-connection-ihm.yaml new file mode 100644 index 0000000..e0eef47 --- /dev/null +++ b/charts/onyxia/templates/tests/test-connection-ihm.yaml @@ -0,0 +1,15 @@ +apiVersion: v1 +kind: Pod +metadata: + name: "{{ include "onyxia.ui.fullname" . }}-test-connection" + labels: + {{- include "onyxia.ui.labels" . | nindent 4 }} + annotations: + "helm.sh/hook": test-success +spec: + containers: + - name: wget + image: busybox + command: ['wget'] + args: ['{{ include "onyxia.ui.fullname" . }}:{{ .Values.ui.service.port }}'] + restartPolicy: Never diff --git a/charts/onyxia/values.yaml b/charts/onyxia/values.yaml new file mode 100644 index 0000000..277324c --- /dev/null +++ b/charts/onyxia/values.yaml @@ -0,0 +1,119 @@ +# Default values for onyxia-bis. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. + +imagePullSecrets: [] + +serviceAccount: + # Specifies whether a service account should be created + create: true + # Annotations to add to the service account + annotations: {} + # The name of the service account to use. + # If not set and create is true, a name is generated using the fullname template + name: + +ui: + name: ui + replicaCount: 1 + image: + name: inseefrlab/onyxia-ui + version: latest + pullPolicy: Always + podSecurityContext: + {} + # fsGroup: 2000 + securityContext: + {} + # capabilities: + # drop: + # - ALL + # readOnlyRootFilesystem: true + # runAsNonRoot: true + # runAsUser: 1000 + service: + type: ClusterIP + port: 80 + resources: + {} + # We usually recommend not to specify default resources and to leave this as a conscious + # choice for the user. This also increases chances charts run on environments with little + # resources, such as Minikube. If you do want to specify resources, uncomment the following + # lines, adjust them as necessary, and remove the curly braces after 'resources:'. + # limits: + # cpu: 100m + # memory: 128Mi + # requests: + # cpu: 100m + # memory: 128Mi + + nodeSelector: {} + + tolerations: [] + + affinity: {} + + env: + # - name: AUTH_TYPE + # value: "none" + +api: + name: api + replicaCount: 1 + image: + name: inseefrlab/onyxia-api + version: latest + pullPolicy: Always + podSecurityContext: + {} + # fsGroup: 2000 + securityContext: + {} + # capabilities: + # drop: + # - ALL + # readOnlyRootFilesystem: true + # runAsNonRoot: true + # runAsUser: 1000 + service: + type: ClusterIP + port: 80 + resources: + {} + # We usually recommend not to specify default resources and to leave this as a conscious + # choice for the user. This also increases chances charts run on environments with little + # resources, such as Minikube. If you do want to specify resources, uncomment the following + # lines, adjust them as necessary, and remove the curly braces after 'resources:'. + # limits: + # cpu: 100m + # memory: 128Mi + # requests: + # cpu: 100m + # memory: 128Mi + nodeSelector: {} + tolerations: [] + affinity: {} + env: + # - name: authentication.mode + # value: "none" + regions: #[ +# { +# "regionId": "kub", +# "type": "KUBERNETES", +# "namespace-prefix": "user-", +# "publish-domain": "fakedomain.kub.example.com", +# "cloudshell": { +# "catalogId": "inseefrlab-helm-charts-datascience", +# "packageName": "cloudshell" +# } +# } +# ] + + +ingress: + enabled: true + tls: true + hostname: example.com + annotations: + kubernetes.io/ingress.class: nginx + # nginx.ingress.kubernetes.io/use-regex: "true" \ No newline at end of file