Merge branch 'release-0.48.x' into auto-update/renku-core-2.9.2

SwissDataScienceCenter · Feb 9, 2024 · 477be37 · 477be37
2 parents 8c2520e + a0ca853
commit 477be37
Show file tree

Hide file tree

Showing 6 changed files with 76 additions and 40 deletions.
diff --git a/docs/how-to-guides/admin/privacycookie.rst b/docs/how-to-guides/admin/privacycookie.rst
@@ -3,22 +3,24 @@
 User interface configuration options
 ------------------------------------
 
-Privacy page
-~~~~~~~~~~~~
+Privacy page and Terms of Use
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
-The UI has a privacy page with a completely configurable content, suited for showing
-any policy/terms related information, like the `Privacy Policy Statement` or the
-`Terms of Use`.
+The UI can be configured to show a `Privacy Policy` and `Terms of Use`. These are
+displayed under the `Help` section of the UI.
 
-The content is read from a ``ConfigMap``. You need to configure the values in
-``ui.privacy.page`` to enable the feature and set the reference ConfigMap name and key.
-Both ``ui.privacy.enabled`` and ``ui.privacy.page.enabled`` need to be ``true`` for
-enabling the privacy page.
+For each of these, the content is read from a ``ConfigMap``. You need to configure
+the values in ``ui.client.privacy.page`` to enable the feature and set the reference
+ConfigMap name and key. If ``ui.client.privacy.page.enabled`` is ``true``, then the privacy
+policy and terms of use will be shown in the UI, with content taken from the ConfigMap
+specified by ``ui.client.privacy.page.configMapName`` at the key
+``ui.client.privacy.page.configMapPolicyKey`` for the privacy policy and
+``ui.client.privacy.page.configMapTermsKey`` for the terms of use.
 
 .. note::
 
   If you don't set the ConfigMap name and key,
-  `a sample <https://github.com/SwissDataScienceCenter/renku-ui/blob/master/helm-chart/renku-ui/templates/configmap.yaml>`_
+  `a sample <https://github.com/SwissDataScienceCenter/renku/blob/master/helm-chart/renku/templates/ui/ui-client-configmap.yaml>`_
   will be used instead. You can start from it as a template to create your customized ConfigMap.
 
 The `Markdown syntax <https://en.wikipedia.org/wiki/Markdown>`_ is fully supported for the
@@ -33,7 +35,7 @@ for anonymous users (i.e. without an account or not currently logged in). To com
 international laws, it's strongly advised to explicitly require consent to the user for storing
 these data and using cookies.
 
-To activate this feature, please set ``ui.privacy.enabled: true``. We have already configured a
+To activate this feature, please set ``ui.privacy.banner.enabled: true``. We have already configured a
 default cookie banner to inform the users about the aforementioned requirements and points to
 point them to the privacy page for further details.
 

diff --git a/helm-chart/renku/templates/NOTES.txt b/helm-chart/renku/templates/NOTES.txt
@@ -9,7 +9,7 @@ can be accessed using the following one-liner (you need to have jq installed).
 kubectl get secrets -n {{ .Release.Namespace }} {{ template "renku.fullname" . }} -o json | jq -r .data.users | base64 --decode
 {{- end -}}
 
-{{ if .Values.ui.client.privacy.enabled -}}
+{{ if or .Values.ui.client.privacy.banner.enabled .Values.ui.client.privacy.page.enabled -}}
 You may need to customize privacy values for your RenkuLab deployment (E.G. the Privacy page).
 Please refer to the following documentation: https://renku.readthedocs.io/en/latest/admin/index.html#additional-configurations
 {{ end }}

diff --git a/helm-chart/renku/templates/ui/ui-client-configmap.yaml b/helm-chart/renku/templates/ui/ui-client-configmap.yaml
@@ -1,7 +1,7 @@
 apiVersion: v1
 kind: ConfigMap
 metadata:
-  name: {{ template "ui.fullname" . }}-privacy-sample
+  name: {{ template "renku.fullname" . }}-privacy-sample
   labels:
     app: ui
     chart: {{ template "renku.chart" . }}
@@ -17,11 +17,27 @@ data:
     ## Configure the Privacy Page
     You should customize the privacy statement by cloning the sample ConfigMap ``*-sample-privacy`` and adjust the
     content. Any markdown formatted text works. Feel free to change the ConfigMap key and to pick any name,
-    be sure to properly configure the values ``ui.privacy.page`` before upgrading your RenkuLab deployment.
+    be sure to properly configure the values ``ui.client.privacy.page`` before upgrading your RenkuLab deployment.
     If the mapping is enabled but no text is provided (empty content, wrong ``privacy.page`` values, missing
     ConfigMap, etc.), the links in the navigation bars will be hidden and users manually accessing the privacy page
     will get a warning.
     Consider changing the cookie banner content as well when the privacy page is not available.
     ## Apply the changes
     If you edit the ConfigMap content and you don't upgrade the deployment from helm, keep in mind that the
     ui pod needs to be manually re-deployed in order to apply the changes to the privacy page.
+  terms: |
+    # Terms of Use
+    The content of this page is only a template.
+    ## Information
+    If you are reading this message, the Terms of Use page content has not been updated for this RenkuLab deployment.
+    The following content is intended to be read by a RenkuLab admin.
+    ## Configure the Terms of Use
+    You should customize the terms of use by cloning the sample ConfigMap ``*-sample-privacy`` and adjust the
+    content. Any markdown formatted text works. Feel free to change the ConfigMap key and to pick any name,
+    be sure to properly configure the values ``ui.client.privacy.page`` before upgrading your RenkuLab deployment.
+    If the mapping is enabled but no text is provided (empty content, wrong ``privacy.page`` values, missing
+    ConfigMap, etc.), the links in the navigation bars will be hidden and users manually accessing the terms page
+    will get a warning.
+    ## Apply the changes
+    If you edit the ConfigMap content and you don't upgrade the deployment from helm, keep in mind that the
+    ui pod needs to be manually re-deployed in order to apply the changes to the terms page.
diff --git a/helm-chart/renku/templates/ui/ui-client-deployment-template.yaml b/helm-chart/renku/templates/ui/ui-client-deployment-template.yaml
@@ -25,14 +25,17 @@ spec:
         app: ui
         release: {{ .Release.Name }}
     spec:
-      {{- if and .Values.ui.client.privacy.enabled .Values.ui.client.privacy.page.enabled }}
+      {{- if .Values.ui.client.privacy.page.enabled }}
       volumes:
         - name: privacy
           configMap:
             name: {{ .Values.ui.client.privacy.page.configMapName | default (printf "%s-privacy-sample" (include "renku.fullname" .)) | quote }}
             items:
-            - key: {{ .Values.ui.client.privacy.page.configMapKey | default (printf "privacy_statement") | quote }}
+            - key: {{ .Values.ui.client.privacy.page.configMapPolicyKey | default (printf "privacy_statement") | quote }}
               path: statement.md
+            - key: {{ .Values.ui.client.privacy.page.configMapTermsKey | default (printf "terms") | quote }}
+              path: terms.md
+
       {{- end }}
       automountServiceAccountToken: {{ .Values.global.debug }}
       containers:
@@ -43,7 +46,7 @@ spec:
             - name: http
               containerPort: 8080
               protocol: TCP
-          {{- if and .Values.ui.client.privacy.enabled .Values.ui.client.privacy.page.enabled }}
+          {{- if .Values.ui.client.privacy.page.enabled }}
           volumeMounts:
             - mountPath: /config-privacy
               name: privacy
@@ -75,9 +78,11 @@ spec:
             {{- end }}
             - name: ANONYMOUS_SESSIONS
               value: {{ .Values.global.anonymousSessions.enabled | default (printf "false") | quote }}
-            - name: PRIVACY_ENABLED
-              value: {{ .Values.ui.client.privacy.enabled | quote }}
-            {{- if .Values.ui.client.privacy.enabled }}
+            - name: PRIVACY_BANNER_ENABLED
+              value: {{ .Values.ui.client.privacy.banner.enabled | quote }}
+            - name: TERMS_PAGES_ENABLED
+              value: {{ .Values.ui.client.privacy.page.enabled | quote }}
+            {{- if .Values.ui.client.privacy.banner.enabled }}
             - name: PRIVACY_BANNER_CONTENT
               value: {{ .Values.ui.client.privacy.banner.content | default (printf "") | b64enc | quote }}
             - name: PRIVACY_BANNER_LAYOUT

diff --git a/helm-chart/renku/values.yaml b/helm-chart/renku/values.yaml
@@ -295,7 +295,7 @@ keycloakx:
     enabled: false
   extraInitContainers: |
     - name: theme-provider
-      image: renku/keycloak-theme:4.1.3
+      image: renku/keycloak-theme:4.1.5
       imagePullPolicy: IfNotPresent
       command:
         - sh
@@ -696,12 +696,13 @@ ui:
     # privacy.page.configMapName value. As a reference, you can use the sample configMap generated when
     # enabling the feature.
     privacy:
-      enabled: false
       page:
         enabled: false
         #configMapName: privacy-page
-        #configMapKey: privacy_statement
+        #configMapPolicyKey: privacy_statement
+        #configMapTermsKey: terms
       banner:
+        enabled: false
         content: |
           This website requires cookies in order to ensure basic functionality. By clicking
           or navigating the site, you consent to the use of cookies in accordance with
@@ -857,10 +858,10 @@ dlf-chart:
 csi-rclone: {}
   # This section is only relevant if you are installing csi-rclone as part of Renku
   ## Name of the csi storage class to use for RClone/Cloudstorage. Should be unique per cluster.
-  # storageClassName: csi-rclone 
+  # storageClassName: csi-rclone
   # csiNodepluginRclone:
   #   nodeSelector: {}
-  # Set tolerations if you have taints on your user session nodes. The csi has to run on every node 
+  # Set tolerations if you have taints on your user session nodes. The csi has to run on every node
   # where it is used.
   #   tolerations: []
   #   affinity: {}

diff --git a/helm-chart/values.yaml.changelog.md b/helm-chart/values.yaml.changelog.md
@@ -5,23 +5,35 @@ For changes that require manual steps other than changing values, please check o
 Please follow this convention when adding a new row
 * `<type: NEW|EDIT|DELETE> - *<resource name>*: <details>`
 
+## Upgrading to Renku 0.48.0
+
+The handling of privacy policy and terms of service content has been slightly changed to make
+it more flexible.
+
+* DELETE `ui.privacy.enabled` has been removed to make the privacy policy and cookie banner configurable independently.
+* NEW `ui.privacy.banner.enabled` allows turning on the cookie banner (defaults to false).
+* DELETE `ui.client.privacy.page.configMapKey` which has been renamed to `ui.client.privacy.page.configMapPolicyKey`.
+* NEW `ui.client.privacy.page.configMapPolicyKey` the key in the ConfigMap where the content for the privacy policy is located.
+* NEW `ui.client.privacy.page.configMapTermsKey` the key in the ConfigMap where the content for the terms of use is located.
+
+
 ## Upgrading to Renku 0.47.0
 
-We completely overhauled how mounting cloud storage in sessions works, relying on a new CSI driver based on RClone 
-which has to be installed in the cluster for things to work. Either install it as part of Renku using the flag 
-mentioned below or install the csi-rclone chart manually and set the correct storage class in the values for the 
+We completely overhauled how mounting cloud storage in sessions works, relying on a new CSI driver based on RClone
+which has to be installed in the cluster for things to work. Either install it as part of Renku using the flag
+mentioned below or install the csi-rclone chart manually and set the correct storage class in the values for the
 notebooks service.
 
 * NEW `noteboks.cloudstorage.enabled` - set to `true` to enable mounting cloud storage in sessions.
 * DELETE `notebooks.cloudstorage.s3.enabed` - superseeded by previous property.
-* NEW `notebooks.cloudstorage.storageClass` - the storage class for the CSI Rclone chart, needed for new cloudstorage 
+* NEW `notebooks.cloudstorage.storageClass` - the storage class for the CSI Rclone chart, needed for new cloudstorage
   to work. The default `csi-rclone` should be fine unless already in use.
-* NEW `global.csi-rclone.install` - if `true` installs the csi-rclone chart alongside Renku. The chart is needed for 
+* NEW `global.csi-rclone.install` - if `true` installs the csi-rclone chart alongside Renku. The chart is needed for
   cloud storage in sessions to work.
-* NEW `csi-rclone.storageClassName` - the storage class name the CSI drivers uses, should match what is configured in 
+* NEW `csi-rclone.storageClassName` - the storage class name the CSI drivers uses, should match what is configured in
   the `storageClass` property mentioned above.
-* NEW `csi-rclone.csiNodePlugin.tolerations` - Tolerations for the node plugin part of the CSI driver. Need to be set 
-  in a way that allows it to be scheduled on user session nodes. By default this would mean `key=renku.io/dedicated`, 
+* NEW `csi-rclone.csiNodePlugin.tolerations` - Tolerations for the node plugin part of the CSI driver. Need to be set
+  in a way that allows it to be scheduled on user session nodes. By default this would mean `key=renku.io/dedicated`,
   `operator=Equal`, `value=user` and `effect=NoSchedule`
 
 
@@ -82,7 +94,7 @@ Amalthea will simply use your default Kubernetes scheduler.
 * DELETE `amalthea.scheduler.image` - deprecated will be ignored if provided
 * DELETE `amalthea.scheduler.enable` - deprecated will be ignored if provided
 * DELETE `amalthea.scheduler.priorities` - deprecated will be ignored if provided
-* NEW `amalthea.scheduler.packing` - can be used to enable a preset scheduler that will try to pack sessions on the smallest number of nodes and favor the most used nodes 
+* NEW `amalthea.scheduler.packing` - can be used to enable a preset scheduler that will try to pack sessions on the smallest number of nodes and favor the most used nodes
 * NEW `amalthea.scheduler.custom` - can be used to add any custom scheduler for Amalthea, admins just have to provide the scheduler name
 * EDIT `crc` - the field has been renamed to `dataService`, all child fields and functionality remains the same
 * NEW `global.gitlab.url` has been added and needs to be specified, this will be the single place where the Gitlab URL will be specified in future releases we will deprecated all the other Gitlab URL fields in the values file.
@@ -105,14 +117,14 @@ configuration is possible from its `values.yaml` file.
 * EDIT - `notebooks.amalthea.*` moved to `amalthea.*`
 * EDIT - `notebooks.dlf-chart.*` moved to `dlf-chart.*`
 
-In addition going forward we will follow a much stricter versioning scheme that will distinguish changes to 
+In addition going forward we will follow a much stricter versioning scheme that will distinguish changes to
 the Renku Helm chart as opposed to changes to the application. Notably:
 - Patch changes (i.e. `0.50.1` -> `0.50.2`) indicate that there are NO changes in the Helm chart and that
 only appplication level bug fixes are present in the new release.
 - Minor version changes (i.e. `0.50.2` -> `0.51.0`) indicate that there are NO changes in the Helm chart and that
 only application level new features and/or application level breaking changes are present.
-- Major version changes (i.e. `0.50.0` -> `1.0.0`) will be reserved for changes in the Helm chart, either when the 
-values file changes or when the Helm templates change. 
+- Major version changes (i.e. `0.50.0` -> `1.0.0`) will be reserved for changes in the Helm chart, either when the
+values file changes or when the Helm templates change.
 
 ## Upgrading to Renku 0.37.0
 * EDIT - `notebooks.culling.idleThresholdSeconds` in the notebooks' values file was renamed to
@@ -261,18 +273,18 @@ redis:
     sentinel: true
     existingSecret: redis-secret
     existingSecretPasswordKey: redis-password
-  
+
     commonConfiguration: |-
       appendonly no
       save ""
 
   replica:
     replicaCount: 3
     resources:
-      limits: 
+      limits:
         cpu: 250m
         memory: 256Mi
-      requests: 
+      requests:
         cpu: 250m
         memory: 256Mi
     updateStrategy: