diff --git a/README.md b/README.md index f7684f85..615e2b7e 100644 --- a/README.md +++ b/README.md @@ -272,6 +272,8 @@ jobHandlers: failureThreshhold: 3 ``` +# Additional Configurations + ## Extra File Mappings The `extraFileMappings` field can be used to inject files to arbitrary paths in the `nginx` deployment, as well as any of the `job`, `web`, or `workflow` handlers, and the `init` jobs. @@ -420,21 +422,78 @@ The Galaxy application can be horizontally scaled for the web, job, or workflow by setting the desired values of the `webHandlers.replicaCount`, `jobHandlers.replicaCount`, and `workflowHandlers.replicaCount` configuration options. -## Galaxy versions +## Cron jobs + +Two Cron jobs are defined by default. One to clean up Galaxy's database and one to clean up the `tmp` directory. By default, these +jobs run at 02:05 (the database maintenance script) and 02:15 (`tmp` directyory cleanup). Users can +change the times the cron jobs are run by changing the `schedule` field in the `values.yaml` file: + +```yaml +cronJobs: + maintenance: + schedule: "30 6 * * *" # Execute the cron job at 6:30 UTC +``` +or by specifying the `schedule` on the command line when instaling Galaxy: +```bash +# Schedule the maintenance job to run at 06:30 on the first day of each month +helm install galaxy -n galaxy galaxy/galaxy --set cronJobs.maintenance.schedule="30 6 1 * *" +``` +To disable a cron job after Galaxy has been deployed simply set the schedule to a date that +can never occur such as midnight on Februrary 30th: + + +```bash +helm upgrade galaxy -n galaxy galaxy/galaxy --reuse-values --set cronJobs.maintenance.schedule="0 0 30 2 *" +``` + +### Run a CronJob manually + +Cron jobs can be invoked manually with tools such as [OpenLens](https://github.com/MuhammedKalkan/OpenLens) +or from the command line with `kubectl` +```bash +kubectl create job --namespace --from cronjob/galaxy-cron-maintenance +``` +This will run the cron job regardless of the `schedule` that has been set. + +**Note:** the name of the cron job will be `{{ .Release.Name }}-cron-` where the `` +is the name (key) used in the `values.yaml` file. + +### CronJob configuration + +The following fields can be specified when defining cron jobs. + +| Name | Definition | Required | +|---|-------------------------------------------------------------------------------------------------------------------------------------------|----------| +| schedule | When the job will be run. Use tools such as [crontab.guru](https://crontab.guru) for assistance determining the proper schedule string | **Yes** | +| defaultEnv | `true` or `false`. See the `galaxy.podEnvVars` macro in `_helpers.tpl` for the list of variables that will be defined. Default is `false` | No | +| extraEnv | Define extra environment variables that will be available to the job | No | +| securityContext | Specifies a `securityContext` for the job. Typically used to set `runAsUser` | No | +| image | Specify the Docker container used to run the job | No | +| command | The command to run | **Yes** | +| args | Any command line arguments that should be passed to the `command` | No | +| extraFileMappings | Allow arbitrary files to be mounted from config maps | No | + +### Notes + +If specifying the Docker `image` both the `resposity` and `tag` MUST be specified. +```yaml + image: + repository: quay.io/my-organization/my-image + tag: "1.0" +``` + +The `extraFileMappings` block is similar to the global `extraFileMappings` except the file will only be mounted for that cron job. +The following fields can be specified for each file. + +| Name | Definition | Required | +|---|---|----------| +| mode | The file mode (permissions) assigned to the file | No | +| tpl | If set to `true` the file contents will be run through Helm's templating engine. Defaults to `false` | No | +| content | The contents of the file | **Yes** | -Some changes introduced in the chart sometimes rely on changes in the Galaxy -container image, especially in relation to the Kubernetes runner. This table -keeps track of recommended Chart versions for particular Galaxy versions as -breaking changes are introduced. Otherwise, the Galaxy image and chart should be -independently upgrade-able. In other words, upgrading the Galaxy image from -`21.05` to `21.09` should be a matter of `helm upgrade my-galaxy cloudve/galaxy ---reuse-values --set image.tag=21.09`. +See the `example` cron job included in the `values.yaml` file for a full example. -| Chart version | Galaxy version | Description | -| :------------------ | :--------------- | :-------------- | -| `5.0` | `22.05` | Needs at least container image 22.05 as Galaxy switched from uwsgi to gunicorn | -| `4.0` | `21.05` | Needs [Galaxy PR#11899](https://github.com/galaxyproject/galaxy/pull/11899) for eliminating the CVMFS. If running chart 4.0+ with Galaxy image `21.01` or below, use the CVMFS instead with `--set setupJob.downloadToolConfs.enabled=false --set cvmfs.repositories.cvmfs-gxy-cloud=cloud.galaxyproject.org --set cvmfs.galaxyPersistentVolumeClaims.cloud.storage=1Gi --set cvmfs.galaxyPersistentVolumeClaims.cloud.storageClassName=cvmfs-gxy-cloud --set cvmfs.galaxyPersistentVolumeClaims.cloud.mountPath=/cvmfs/cloud.galaxyproject.org` | ## Funding diff --git a/galaxy/disabled/configmap-galaxy.yaml b/galaxy/disabled/configmap-galaxy.yaml new file mode 100644 index 00000000..6f49a14c --- /dev/null +++ b/galaxy/disabled/configmap-galaxy.yaml @@ -0,0 +1,9 @@ +apiVersion: v1 +metadata: + name: {{ .Release.Name }}-galaxy-config + labels: + {{- include "galaxy.labels" $ | nindent 4 }} +kind: ConfigMap +data: + galaxy.yml: | + {{- .Values.galaxy | toYaml | nindent 4 }} diff --git a/galaxy/templates/_helpers.tpl b/galaxy/templates/_helpers.tpl index 4d7bb779..2f817cae 100644 --- a/galaxy/templates/_helpers.tpl +++ b/galaxy/templates/_helpers.tpl @@ -79,6 +79,13 @@ Return the postgresql database name to use {{- end -}} {{- end -}} +{{/* +Generate the connection string needed to connect to a Postres database +*/}} +{{- define "galaxy-postgresql.connection-string" -}} +{{- printf "postgresql://%s:%s@%s/galaxy%s" .Values.postgresql.galaxyDatabaseUser (include "galaxy.galaxyDbPassword" .) (include "galaxy-postgresql.fullname" .) .Values.postgresql.galaxyConnectionParams -}} +{{- end -}} + {{/* Return the rabbitmq cluster to use */}} diff --git a/galaxy/templates/cronjob-maintenance.yaml b/galaxy/templates/cronjob-maintenance.yaml index 80deecd5..0ea57a5e 100644 --- a/galaxy/templates/cronjob-maintenance.yaml +++ b/galaxy/templates/cronjob-maintenance.yaml @@ -1,48 +1,112 @@ +{{ range $key, $cronjob := .Values.cronJobs }} --- apiVersion: batch/v1 kind: CronJob metadata: - name: {{ include "galaxy.fullname" . }}-maintenance + name: {{ include "galaxy.fullname" $ }}-cron-{{ $key }} labels: - {{- include "galaxy.labels" . | nindent 4 }} + {{- include "galaxy.labels" $ | nindent 4 }} spec: - schedule: "0 2 * * *" + schedule: {{ $cronjob.schedule | quote }} jobTemplate: spec: template: spec: + {{- if $cronjob.securityContext }} securityContext: - {{- toYaml .Values.securityContext | nindent 12 }} - {{- with .Values.nodeSelector }} + {{- toYaml $cronjob.securityContext | nindent 12 }} + {{- end}} + {{- if $cronjob.nodeSelector }} nodeSelector: - {{- toYaml . | nindent 16 }} + {{- toYaml $cronjob.nodeSelector | nindent 12 }} + {{- else if $.Values.nodeSelector }} + nodeSelector: + {{- toYaml $.Values.nodeSelector | nindent 12 }} {{- end }} containers: - - name: galaxy-maintenance - image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" - imagePullPolicy: {{ .Values.image.pullPolicy }} - # delete all tmp files older than walltime limit + - name: galaxy-cron-{{ $key }} + {{- if $cronjob.image }} + image: {{ $cronjob.image.repository }}:{{ $cronjob.image.tag }} + {{- else }} + image: "{{ $.Values.image.repository }}:{{ $.Values.image.tag }}" + {{- end }} + imagePullPolicy: {{ $.Values.image.pullPolicy }} + {{- if or $cronjob.defaultEnv $cronjob.extraEnv }} + env: + {{- if $cronjob.defaultEnv }} + {{- include "galaxy.podEnvVars" $}} + {{- end }} + {{- if $cronjob.extraEnv }} + {{- range $env := $cronjob.extraEnv }} + - name: {{ $env.name }} + value: {{ tpl $env.value $ | quote }} + {{- end }} + {{- end }} + {{- end }} command: - - find - - {{ .Values.persistence.mountPath }}/tmp - - '!' - - -newermt - - -{{ (index .Values "configs" "job_conf.yml" "runners" "k8s" "k8s_walltime_limit" | default 604800) }} seconds - - -type - - f - - -exec - - rm - - '{}' - - ; + {{- range $cmd := $cronjob.command }} + - {{ tpl $cmd $ | quote }} + {{- end}} + {{- if $cronjob.args }} + args: + {{- range $arg := $cronjob.args }} + - {{ tpl $arg $ | quote }} + {{- end }} + {{- end }} volumeMounts: - name: galaxy-data - mountPath: {{ .Values.persistence.mountPath }} + mountPath: {{ $.Values.persistence.mountPath }} + {{- range $key, $entry := $cronjob.extraFileMappings }} + - name: {{ include "galaxy.getExtraFilesUniqueName" $key }} + mountPath: {{ $key }} + subPath: {{ include "galaxy.getFilenameFromPath" $key }} + {{- end }} volumes: - name: galaxy-data - {{- if .Values.persistence.enabled }} + {{- if $.Values.persistence.enabled }} persistentVolumeClaim: - claimName: {{ template "galaxy.pvcname" . }} + claimName: {{ template "galaxy.pvcname" $ }} {{- else }} emptyDir: {} {{- end }} + {{- range $key, $entry := $cronjob.extraFileMappings }} + - name: {{ include "galaxy.getExtraFilesUniqueName" $key }} + {{- if $entry.useSecret }} + secret: + secretName: {{ printf "%s-%s" (include "galaxy.fullname" $) (include "galaxy.getExtraFilesUniqueName" $key) }} + {{- else }} + configMap: + name: {{ printf "%s-%s" (include "galaxy.fullname" $) (include "galaxy.getExtraFilesUniqueName" $key) }} + {{- end }} + {{- if $entry.mode }} + defaultMode: {{ $entry.mode }} + {{- end }} + {{- end }} restartPolicy: OnFailure +{{- if $cronjob.extraFileMappings }} +{{- range $name, $entry := $cronjob.extraFileMappings }} +--- +apiVersion: v1 +metadata: + # Extract the filename portion only + name: {{ printf "%s-%s" (include "galaxy.fullname" $) (include "galaxy.getExtraFilesUniqueName" $name) }} + labels: + {{- include "galaxy.labels" $ | nindent 4 }} +{{- if $entry.useSecret }} +kind: Secret +type: Opaque +stringData: +{{- else }} +kind: ConfigMap +data: +{{- end }} + {{- include "galaxy.getFilenameFromPath" $name | nindent 2 }}: | + {{- if $entry.tpl }} + {{- tpl (tpl $entry.content $) $ | nindent 4 }} + {{- else }} + {{- $entry.content | nindent 4 }} + {{- end }} +{{- end }} +{{- end }} + +{{- end }} diff --git a/galaxy/templates/hook-cvmfs-fix.yaml b/galaxy/templates/hook-cvmfs-fix.yaml index a954ae77..7e88b036 100644 --- a/galaxy/templates/hook-cvmfs-fix.yaml +++ b/galaxy/templates/hook-cvmfs-fix.yaml @@ -1,6 +1,6 @@ {{- if and .Values.refdata.enabled (eq .Values.refdata.type "cvmfs") }} - # Include the code you want to run when both conditions are met --- +# Include the code you want to run when both conditions are met apiVersion: batch/v1 kind: Job metadata: diff --git a/galaxy/values.yaml b/galaxy/values.yaml index b863875c..ba5e6f54 100644 --- a/galaxy/values.yaml +++ b/galaxy/values.yaml @@ -267,10 +267,91 @@ extraEnv: [] # - name: EXAMPLE_ENV # value: MY_VALUE +#- CronJobs to perform periodic maintenance tasks +cronJobs: + #- Runs the maintenance.sh script to purge items in the Galaxy database that + #- have been flagged as deleted. + maintenance: + schedule: "5 2 * * *" + extraSettings: + #- Purge items older than this. + days: '7' + securityContext: + runAsUser: 0 + defaultEnv: true + command: + - "/galaxy/server/scripts/maintenance.sh" + args: + - "--no-dry-run" + - "--days" + - "{{ tpl .Values.cronJobs.maintenance.extraSettings.days $ }}" + #- Remove files from the tmp directory that are older than the allowable wall time for a job + tmpdir: + schedule: "15 2 * * *" + extraSettings: + lastModified: '{{ index .Values "configs" "job_conf.yml" "runners" "k8s" "k8s_walltime_limit" | default 604800 }}' + securityContext: + runAsUser: 0 + command: + - /usr/bin/find + args: + - "{{ .Values.persistence.mountPath }}/tmp" + - "!" + - "-newermt" + - "{{ tpl .Values.cronJobs.tmpdir.extraSettings.lastModified $ }} seconds ago" + - "-type" + - "f" + - "-exec" + - "rm" + - "{}" + - ";" +# #- An example cron job that showcases all available features. +# example: +# #- Disable the job by scheduling it for a date that never occurs, I.E. Feb 30th +# #- The job can still be triggered manually. +# schedule: "0 0 30 2 *" +# #- Include the set of default environment variables. See galaxy.podEnvVars +# #- in the Helm chart's _helpers.tpl for the variables that will be defined. +# defaultEnv: true +# #- Define extra environment variables that will be available to the job +# extraEnv: +# - name: LOGFILE +# value: /galaxy/server/database/example.log +# #- Run the job as root (uid 0) +# securityContext: +# runAsUser: 0 +# #- Specify an alternate Docker image for the CronJob container +# image: +# repository: ksuderman/galaxy-maintenance +# tag: "0.7" +# #- The command to be run +# command: +# - /usr/local/bin/example.sh +# #- Command line arguments to be passed to the command, one per line. +# args: +# - "--option" +# - "value" +# #- Define extra files that will be mounted into the image. In this case we +# #- mount a simple Bash script that will write the current environment +# #- variables to persistent storage. +# extraFileMappings: +# #- Path were the file will be mounted +# /usr/local/bin/example.sh: +# #- Default permission on the file. In this case 'rwxr-xr-x' +# mode: "0755" +# #- Run the contents through the Helm `tpl` command +# tpl: true +# #- The contents of the file to be mounted. Can contain Helm template values +# #- if `tpl` is set to true. +# content: |- +# #!/usr/bin/bash +# echo {{ .Release.Name }} >> $LOGFILE +# echo "$@" >> $LOGFILE +# env >> $LOGFILE + ingress: #- Should ingress be enabled. Defaults to `true` enabled: true - #- ingressClassName: nginx canary: enabled: true @@ -450,7 +531,8 @@ configs: interactivetools_base_path: "{{$host := index .Values.ingress.hosts 0}}{{$path := index $host.paths 0}}{{$path.path}}" id_secret: mulled_resolution_cache_lock_dir: "/galaxy/server/local/mulled_cache_lock" - database_connection: postgresql://unused:because@overridden_by_envvar + database_connection: |- + {{ include "galaxy-postgresql.connection-string" .}} integrated_tool_panel_config: "/galaxy/server/config/mutable/integrated_tool_panel.xml" sanitize_allowlist_file: "/galaxy/server/config/mutable/sanitize_allowlist.txt" tool_config_file: "/galaxy/server/config/tool_conf.xml{{if .Values.setupJob.downloadToolConfs.enabled}},{{ .Values.setupJob.downloadToolConfs.volume.mountPath }}/config/shed_tool_conf.xml{{end}}"