Merge pull request #33 from FNNDSC/dev

chris version 1.0.0-alpha.1

Author: jennydaman

.gitignore

@@ -0,0 +1,2 @@
+# ignore subchart tarballs
+/charts/*/charts

charts/chris/.gitignore

@@ -1,15 +1,21 @@
 dependencies:
 - name: postgresql
   repository: oci://registry-1.docker.io/bitnamicharts
-  version: 13.4.6
+  version: 15.5.38
 - name: rabbitmq
   repository: oci://registry-1.docker.io/bitnamicharts
-  version: 12.5.7
+  version: 15.0.7
+- name: nats
+  repository: oci://registry-1.docker.io/bitnamicharts
+  version: 8.4.9
 - name: pfcon
   repository: https://fnndsc.github.io/charts
-  version: 0.2.2
+  version: 1.0.0-alpha.1
 - name: orthanc
   repository: https://fnndsc.github.io/charts
   version: 1.2.1
-digest: sha256:73790836be68258a9906a59e91dc88c0cc21e457d16099326c31a7650b464a85
-generated: "2024-05-07T00:25:28.370260264-04:00"
+- name: util
+  repository: https://fnndsc.github.io/charts
+  version: 0.2.1
+digest: sha256:ddb0a0ddb7eefa4f129e92cbe4c0eafaf49213a185ce422412be49177f564a0d
+generated: "2024-11-27T01:06:55.210808071-05:00"

charts/chris/Chart.lock

@@ -17,8 +17,8 @@ keywords:
 icon: ./logo_chris.png
 
 type: application
-version: "0.14.0"
-appVersion: "5.0.0"
+version: "1.0.0-alpha.1"
+appVersion: "6.3.0-beta.6"
 
 maintainers:
 - name: The FNNDSC Dev Team
@@ -27,16 +27,23 @@ maintainers:
 
 dependencies:
 - name: postgresql
-  version: "~13.4.4"
+  version: "~15.5.36"
   repository: "oci://registry-1.docker.io/bitnamicharts"
+  condition: postgresql.enabled
 - name: rabbitmq
-  version: "~12.5.6"
+  version: "~15.0.1"
+  repository: "oci://registry-1.docker.io/bitnamicharts"
+- name: nats
+  version: "~8.4.3"
   repository: "oci://registry-1.docker.io/bitnamicharts"
 - name: pfcon
-  version: ">=0.1.2, <0.3.0"
+  version: "1.0.0-alpha.1"
   repository: "https://fnndsc.github.io/charts"
   condition: pfcon.enabled
 - name: orthanc
   version: "~1.2.1"
   repository: "https://fnndsc.github.io/charts"
   condition: orthanc.enabled
+- name: util
+  version: "0.2.1"
+  repository: "https://fnndsc.github.io/charts"

charts/chris/Chart.yaml

@@ -1,19 +1,20 @@
+{{- $kubectl := ternary "oc" "kubectl" (.Capabilities.APIVersions.Has "security.openshift.io/v1/SecurityContextConstraints") -}}
+
 The ChRIS backend is being deployed. Please wait for it to be ready.
 You can run this command to block while the server is starting up:
 
-    kubectl wait --for=condition=ready pod -n {{ .Release.Namespace }} -l app.kubernetes.io/instance={{ .Release.Name }} -l app.kubernetes.io/name={{ include "chris.name" . }}-server --timeout=300s
+    {{ $kubectl }} wait --for=condition=ready pod -n {{ .Release.Namespace }} -l app.kubernetes.io/instance={{ .Release.Name }} -l app.kubernetes.io/name={{ include "chris.name" . }}-server --timeout=300s
 
-After that, try logging in as the admin user. The username is "{{ .Values.chris_admin.username }}".
-The password can be revealed by running the command
+After that, try logging in as the admin user. The password can be revealed by running the command
 
-    kubectl get secret -n {{ .Release.Namespace }} {{ .Release.Name }}-chris-superuser -o jsonpath='{.data.password}' | base64 --decode
+    {{ $kubectl }} get secret -n {{ .Release.Namespace }} {{ .Release.Name }}-chris-backend -o jsonpath='{.data.CHRIS_SUPERUSER_PASSWORD}' | base64 --decode
 {{ if (and .Values.cube.server.service.nodePort .Values.cube.server.service.nodePortHost) }}
 Your CUBE API address is:
 
     http://{{ .Values.cube.server.service.nodePortHost }}:{{ .Values.cube.server.service.nodePort }}/api/v1/
 
 Here is a one-liner for you to check that everything is up and running:
 
-    curl -i --fail-with-body -u "{{ .Values.chris_admin.username }}:$(kubectl get secret -n {{ .Release.Namespace }} {{ .Release.Name }}-chris-superuser -o jsonpath='{.data.password}' | base64 --decode)" http://{{ .Values.cube.server.service.nodePortHost }}:{{ .Values.cube.server.service.nodePort }}/chris-admin/api/v1/
+    curl -i --fail-with-body -u "chris:$(kubectl get secret -n {{ .Release.Namespace }} {{ .Release.Name }}-chris-backend -o jsonpath='{.data.CHRIS_SUPERUSER_PASSWORD}' | base64 --decode)" http://{{ .Values.cube.server.service.nodePortHost }}:{{ .Values.cube.server.service.nodePort }}/chris-admin/api/v1/
 
 {{ end }}

charts/chris/templates/NOTES.txt

@@ -0,0 +1,58 @@
+{{- /* A template for CUBE deployments. */ -}}
+{{- define "cube.deployment" -}}
+{{- $appName := (printf "%s-%s" (include "chris.name" .) (.name | required "name is a required parameter of cube.deployment helper function.")) -}}
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ include "chris.fullname" . }}-{{ .name }}
+  namespace: {{ .Release.Namespace }}
+  labels: &LABELS_{{ .name }}
+    app.kubernetes.io/name: {{ $appName }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    {{- include "cube.labels" . | nindent 4 }}
+  {{- with .description }}
+  annotations:
+    kubernetes.io/description: {{ quote . }}
+  {{- end }}
+spec:
+  replicas: {{ .replicas | default 1 }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ $appName }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+  template:
+    metadata:
+      {{- with .podAnnotations }}
+      annotations:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      labels: *LABELS_{{ .name }}
+    spec:
+      {{- with .Values.imagePullSecrets }}
+      imagePullSecrets:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      initContainers:
+        {{- include "cube.waitServerReady" . | nindent 8 }}
+      containers:
+        - name: {{ .name }}
+          command:
+            {{- .command | required "command is a required parameter of the cube.deployment helper function." | toYaml | nindent 12 }}
+          resources:
+            {{- .resources | required "resources is a required parameter of the cube.deployment helper function." | toYaml | nindent 12 }}
+          {{- if .httpPort }}
+          ports:
+            - name: http
+              containerPort: {{ .httpPort }}
+              {{- if .hostPort }}
+              hostPort: {{ .hostPort }}
+              {{- end }}
+          {{- end }}
+          {{- with .livenessProbe }}
+          livenessProbe:
+            {{- . | toYaml | nindent 12 }}
+          {{- end }}
+          {{- include "cube.container" . | nindent 10 }}
+      {{- include "cube.pod" . | nindent 6 }}
+      {{- include "cube.podAffinityWorkaround" . | nindent 6 }}
+{{- end -}}

charts/chris/templates/_cube_deployment.tpl

@@ -0,0 +1,146 @@
+{{/*
+CUBE file storage
+--------------------------------------------------------------------------------
+In the default configuration, pfcon is configured as "innetwork" and CUBE uses
+the volume managed by the pfcon subchart for file storage.
+If pfcon is not enabled or not configured as "innetwork" then CUBE needs to create
+its own PVC.
+*/}}
+
+{{- define "cube.useOwnVolume" -}}
+{{- if (and .Values.pfcon.enabled .Values.pfcon.pfcon.config.innetwork) -}}
+{{- /* no (empty value) */ -}}
+{{- else -}}
+yes
+{{- end }}
+{{- end }}
+
+{{- define "cube.wasUsingOwnVolume" -}}
+{{- with (lookup "v1" "PersistentVolumeClaim" .Release.Namespace ( print .Release.Name "-cube-files")) -}}
+yes
+{{- end -}}
+{{- end -}}
+
+{{- define "cube.filesVolume" -}}
+{{- /*
+      Validators to check that you aren't self-destructive.
+
+      You should never:
+      - enable "innetwork pfcon" where previously it wasn't
+      - disable "innetwork pfcon" where it previously was
+*/ -}}
+{{- if      (and .Release.IsUpgrade (eq "yes" (include "cube.wasUsingOwnVolume" .)) (ne "yes" (include "cube.useOwnVolume" .)))  -}}
+{{- fail "Cannot set pfcon.enabled=true and/or pfcon.pfcon.config.innetwork=true now because CUBE is using its own PersistentVolumeClaim for storage." -}}
+{{- else if (and .Release.IsUpgrade (ne "yes" (include "cube.wasUsingOwnVolume" .)) (eq "yes" (include "cube.useOwnVolume" .)))  -}}
+{{- fail "Cannot set pfcon.enabled=false and/or pfcon.pfcon.config.innetwork=false now because CUBE currently depends on pfcon configured in \"innetwork\" mode for storage." -}}
+{{- else if (include "cube.useOwnVolume" .) -}}
+{{- /* will be created by ./storage.yml */ -}}
+{{ .Release.Name }}-cube-files
+{{- else -}}
+{{- /* defined in ../../pfcon/templates/storage.yml */ -}}
+{{ .Release.Name }}-storebase
+{{- end }}
+{{- end }}
+
+{{- define "cube.db.secret" -}}
+{{- if .Values.postgresSecret.name -}}
+{{- .Values.postgresSecret.name -}}
+{{- else if .Values.postgresql.enabled -}}
+{{ .Release.Name }}-postgresql-svcbind-custom-user
+{{- else -}}
+{{- fail "postgresSecret.name cannot be unset because postgresql.enabled=false" -}}
+{{- end -}}
+{{- end -}}
+
+{{- define "cube.image" -}}
+{{ .Values.cube.image.repository }}:{{ .Values.cube.image.tag | default .Chart.AppVersion }}
+{{- end -}}
+{{- define "cube.container" -}}
+image: {{ include "cube.image" . }}
+imagePullPolicy: {{ .Values.cube.image.pullPolicy }}
+volumeMounts:
+  - mountPath: /data
+    name: file-storage
+envFrom:
+  - configMapRef:
+      name: {{ .Release.Name }}-cube-config
+  - secretRef:
+      name: {{ .Release.Name }}-chris-backend
+env:
+  {{- $dbenvs := (dict
+    "POSTGRES_DB"       (include "chris.db.secretItemKey" (dict "Values" .Values "name" "database" "crunchyName" "dbname"))
+    "POSTGRES_USER"     (include "chris.db.secretItemKey" (dict "Values" .Values "name" "username" "crunchyName" "user"))
+    "POSTGRES_PASSWORD" (include "chris.db.secretItemKey" (dict "Values" .Values "name" "password" "crunchyName" "password"))
+    "DATABASE_HOST"     (include "chris.db.secretItemKey" (dict "Values" .Values "name" "host"     "crunchyName" "host"))
+    "DATABASE_PORT"     (include "chris.db.secretItemKey" (dict "Values" .Values "name" "port"     "crunchyName" "port"))
+  ) }}
+  {{- $secretName := include "cube.db.secret" . }}
+  {{- range $name, $key := $dbenvs }}
+  - name: {{ $name }}
+    valueFrom:
+      secretKeyRef:
+        name: {{ $secretName }}
+        key: {{ $key }}
+  {{- end }}
+  - name: CELERY_BROKER_URL
+    valueFrom:
+      secretKeyRef:
+        name: {{ .Release.Name }}-rabbitmq-svcbind
+        key: uri
+  {{- range $name, $val := .moreEnv }}
+  - name: {{ $name }}
+    valueFrom:
+      {{ get $val "valueFrom" }}:
+        name: {{ get $val "name" }}
+        key: {{ get $val "key" }}
+  {{- end }}
+{{- end }}
+
+{{- /* Helper function to get the name of an item of a key. If unspecified in Values, use a default name
+       where the default may be different for Crunchy PGO. */}}
+{{- define "chris.db.secretItemKey" }}
+{{- get .Values.postgresSecret.keys .name | default (ternary .crunchyName .name .Values.postgresSecret.isCrunchy) -}}
+{{- end }}
+
+{{- define "cube.pod" -}}
+volumes:
+  - name: file-storage
+    persistentVolumeClaim:
+      claimName: {{ include "cube.filesVolume" . }}
+{{- if .Values.global.podSecurityContext }}
+securityContext:
+  {{- toYaml .Values.global.podSecurityContext | nindent 2 }}
+{{- end }}
+{{- end }}
+
+{{- define "cube.podAffinityWorkaround" -}}
+{{ if .Values.cube.enablePodAffinityWorkaround }}
+affinity:
+  podAffinity:
+    requiredDuringSchedulingIgnoredDuringExecution:
+    - labelSelector:
+        matchExpressions:
+        - key: app.kubernetes.io/instance
+          operator: In
+          values:
+          - {{ .Release.Name }}
+        {{- /* if CUBE is using its own volume, pods should be attracted to heart. Otherwise, pods should be attracted to pfcon. */}}
+        - key: app.kubernetes.io/name
+          operator: In
+          values:
+          - {{ if (include "cube.useOwnVolume" .) }}{{ include "chris.heart.appName" . }}{{ else }}pfcon{{ end }}
+      topologyKey: kubernetes.io/hostname
+{{- end }}
+{{- end }}
+
+{{- /*
+Since the server deployment is the one which defines the database migrations, everything else
+should start after the server. It's ok for ancillary services to be started late.
+*/ -}}
+{{- define "cube.waitServerReady" -}}
+- name: wait-for-server
+  image: quay.io/prometheus/busybox:latest
+  command: ["/bin/sh", "-c"]
+  args: ["until wget --spider 'http://{{ include "chris.heart.name" . }}:{{ include "chris.heart.port" . }}/api/v1/users/'; do sleep 5; done"]
+{{- end }}
+