galaxyproject · nuwang · Apr 18, 2024 · Feb 9, 2024 · Feb 9, 2024 · Feb 13, 2024
diff --git a/README.md b/README.md
@@ -272,6 +272,8 @@ jobHandlers:
     failureThreshhold: 3
 ```
 
+# Additional Configurations
+
 ## Extra File Mappings
 
 The `extraFileMappings` field can be used to inject files to arbitrary paths in the `nginx` deployment, as well as any of the `job`, `web`, or `workflow` handlers, and the `init` jobs.
@@ -420,21 +422,78 @@ The Galaxy application can be horizontally scaled for the web, job, or workflow
 by setting the desired values of the `webHandlers.replicaCount`,
 `jobHandlers.replicaCount`, and `workflowHandlers.replicaCount` configuration options.
 
-## Galaxy versions
+## Cron jobs
+
+Two Cron jobs are defined by default.  One to clean up Galaxy's database and one to clean up the `tmp` directory.  By default, these
+jobs run at 02:05 (the database maintenance script) and 02:15 (`tmp` directyory cleanup). Users can 
+change the times the cron jobs are run by changing the `schedule` field in the `values.yaml` file:
+
+```yaml
+cronJobs:
+  maintenance:
+    schedule: "30 6 * * *" # Execute the cron job at 6:30 UTC
+```
+or by specifying the `schedule` on the command line when instaling Galaxy:
+```bash
+# Schedule the maintenance job to run at 06:30 on the first day of each month
+helm install galaxy -n galaxy galaxy/galaxy --set cronJobs.maintenance.schedule="30 6 1 * *"
+```
+To disable a cron job after Galaxy has been deployed simply set the schedule to a date that
+can never occur such as midnight on Februrary 30th:
+
+
+```bash
+helm upgrade galaxy -n galaxy galaxy/galaxy --reuse-values --set cronJobs.maintenance.schedule="0 0 30 2 *"
+```
+
+### Run a CronJob manually
+
+Cron jobs can be invoked manually with tools such as [OpenLens](https://github.com/MuhammedKalkan/OpenLens)
+or from the command line with `kubectl`
+```bash
+kubectl create job --namespace <namespace> <job name> --from cronjob/galaxy-cron-maintenance 
+```
+This will run the cron job regardless of the `schedule` that has been set.
+
+**Note:** the name of the cron job will be `{{ .Release.Name }}-cron-<job name>` where the `<job name>`
+is the name (key) used in the `values.yaml` file.
+
+### CronJob configuration
+
+The following fields can be specified when defining cron jobs.
+
+| Name | Definition                                                                                                                                | Required |
+|---|-------------------------------------------------------------------------------------------------------------------------------------------|----------|
+| schedule | When the job will be run.  Use tools such as [crontab.guru](https://crontab.guru) for assistance determining the proper schedule string   | **Yes**  |
+| defaultEnv | `true` or `false`. See the `galaxy.podEnvVars` macro in `_helpers.tpl` for the list of variables that will be defined. Default is `false` | No       |
+| extraEnv | Define extra environment variables that will be available to the job | No       |
+| securityContext | Specifies a `securityContext` for the job. Typically used to set `runAsUser` | No       |
+| image | Specify the Docker container used to run the job | No       |
+| command | The command to run | **Yes**  |
+| args | Any command line arguments that should be passed to the `command` | No       |
+| extraFileMappings | Allow arbitrary files to be mounted from config maps | No |
+
+### Notes
+
+If specifying the Docker `image` both the `resposity` and `tag` MUST be specified.
+```yaml
+  image:
+    repository: quay.io/my-organization/my-image
+    tag: "1.0"  
+```
+
+The `extraFileMappings` block is similar to the global `extraFileMappings` except the file will only be mounted for that cron job.
+The following fields can be specified for each file.
+
+| Name | Definition | Required |
+|---|---|----------|
+| mode | The file mode (permissions) assigned to the file | No       |
+| tpl | If set to `true` the file contents will be run through Helm's templating engine. Defaults to `false` | No       |
+| content | The contents of the file | **Yes**  | 
 
-Some changes introduced in the chart sometimes rely on changes in the Galaxy
-container image, especially in relation to the Kubernetes runner. This table
-keeps track of recommended Chart versions for particular Galaxy versions as
-breaking changes are introduced. Otherwise, the Galaxy image and chart should be
-independently upgrade-able. In other words, upgrading the Galaxy image from
-`21.05` to `21.09` should be a matter of `helm upgrade my-galaxy cloudve/galaxy
---reuse-values --set image.tag=21.09`.
 
+See the `example` cron job included in the `values.yaml` file for a full example.
 
-| Chart version        | Galaxy version   | Description     |
-| :------------------ | :--------------- | :-------------- |
-| `5.0`               | `22.05`          | Needs at least container image 22.05 as Galaxy switched from uwsgi to gunicorn  |
-| `4.0`               | `21.05`          | Needs [Galaxy PR#11899](https://github.com/galaxyproject/galaxy/pull/11899) for eliminating the CVMFS. If running chart 4.0+ with Galaxy image `21.01` or below, use the CVMFS instead with `--set setupJob.downloadToolConfs.enabled=false --set cvmfs.repositories.cvmfs-gxy-cloud=cloud.galaxyproject.org --set cvmfs.galaxyPersistentVolumeClaims.cloud.storage=1Gi --set cvmfs.galaxyPersistentVolumeClaims.cloud.storageClassName=cvmfs-gxy-cloud --set cvmfs.galaxyPersistentVolumeClaims.cloud.mountPath=/cvmfs/cloud.galaxyproject.org` |
 
 ## Funding
 

diff --git a/galaxy/disabled/configmap-galaxy.yaml b/galaxy/disabled/configmap-galaxy.yaml
@@ -0,0 +1,9 @@
+apiVersion: v1
+metadata:
+  name: {{ .Release.Name }}-galaxy-config
+  labels:
+    {{- include "galaxy.labels" $ | nindent 4 }}
+kind: ConfigMap
+data:
+  galaxy.yml: |
+    {{- .Values.galaxy | toYaml | nindent 4 }}
diff --git a/galaxy/templates/_helpers.tpl b/galaxy/templates/_helpers.tpl
@@ -79,6 +79,13 @@ Return the postgresql database name to use
 {{- end -}}
 {{- end -}}
 
+{{/*
+Generate the connection string needed to connect to a Postres database
+*/}}
+{{- define "galaxy-postgresql.connection-string" -}}
+{{- printf "postgresql://%s:%s@%s/galaxy%s" .Values.postgresql.galaxyDatabaseUser (include "galaxy.galaxyDbPassword" .) (include "galaxy-postgresql.fullname" .) .Values.postgresql.galaxyConnectionParams -}}
+{{- end -}}
+
 {{/*
 Return the rabbitmq cluster to use
 */}}

diff --git a/galaxy/templates/cronjob-maintenance.yaml b/galaxy/templates/cronjob-maintenance.yaml
@@ -1,48 +1,112 @@
+{{ range $key, $cronjob := .Values.cronJobs }}
 ---
 apiVersion: batch/v1
 kind: CronJob
 metadata:
-  name: {{ include "galaxy.fullname" . }}-maintenance
+  name: {{ include "galaxy.fullname" $ }}-cron-{{ $key }}
   labels:
-    {{- include "galaxy.labels" . | nindent 4 }}
+    {{- include "galaxy.labels" $ | nindent 4 }}
 spec:
-  schedule: "0 2 * * *"
+  schedule: {{ $cronjob.schedule | quote }}
   jobTemplate:
     spec:
       template:
         spec:
+          {{- if $cronjob.securityContext }}
           securityContext:
-            {{- toYaml .Values.securityContext | nindent 12 }}
-          {{- with .Values.nodeSelector }}
+            {{- toYaml $cronjob.securityContext | nindent 12 }}
+          {{- end}}
+          {{- if $cronjob.nodeSelector }}
           nodeSelector:
-            {{- toYaml . | nindent 16 }}
+            {{- toYaml $cronjob.nodeSelector | nindent 12 }}
+          {{- else if $.Values.nodeSelector }}
+          nodeSelector:
+            {{- toYaml $.Values.nodeSelector | nindent 12 }}
           {{- end }}
           containers:
-          - name: galaxy-maintenance
-            image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
-            imagePullPolicy: {{ .Values.image.pullPolicy }}
-            # delete all tmp files older than walltime limit
+          - name: galaxy-cron-{{ $key }}
+            {{- if $cronjob.image }}
+            image: {{ $cronjob.image.repository }}:{{ $cronjob.image.tag }}
+            {{- else }}
+            image: "{{ $.Values.image.repository }}:{{ $.Values.image.tag }}"
+            {{- end }}
+            imagePullPolicy: {{ $.Values.image.pullPolicy }}
+            {{- if or $cronjob.defaultEnv $cronjob.extraEnv }}
+            env:
+            {{- if $cronjob.defaultEnv }}
+            {{- include "galaxy.podEnvVars" $}}
+            {{- end }}
+            {{- if $cronjob.extraEnv }}
+            {{- range $env := $cronjob.extraEnv }}
+            - name: {{ $env.name }}
+              value: {{ tpl $env.value $ | quote }}
+            {{- end }}
+            {{- end }}
+            {{- end }}
             command:
-              - find
-              - {{ .Values.persistence.mountPath }}/tmp
-              - '!'
-              - -newermt
-              - -{{ (index .Values "configs" "job_conf.yml" "runners" "k8s" "k8s_walltime_limit" | default 604800) }} seconds
-              - -type
-              - f
-              - -exec
-              - rm
-              - '{}'
-              - ;
+            {{- range $cmd := $cronjob.command }}
+              - {{ tpl $cmd $ | quote }}
+            {{- end}}
+            {{- if $cronjob.args }}
+            args:
+              {{- range $arg := $cronjob.args }}
+              - {{ tpl $arg $ | quote }}
+              {{- end }}
+            {{- end }}
             volumeMounts:
             - name: galaxy-data
-              mountPath: {{ .Values.persistence.mountPath }}
+              mountPath: {{ $.Values.persistence.mountPath }}
+            {{- range $key, $entry := $cronjob.extraFileMappings }}
+            - name: {{ include "galaxy.getExtraFilesUniqueName" $key }}
+              mountPath: {{ $key }}
+              subPath: {{ include "galaxy.getFilenameFromPath" $key }}
+            {{- end }}
           volumes:
           - name: galaxy-data
-            {{- if .Values.persistence.enabled }}
+            {{- if $.Values.persistence.enabled }}
             persistentVolumeClaim:
-              claimName: {{ template "galaxy.pvcname" . }}
+              claimName: {{ template "galaxy.pvcname" $ }}
             {{- else }}
             emptyDir: {}
             {{- end }}
+          {{- range $key, $entry := $cronjob.extraFileMappings }}
+          - name: {{ include "galaxy.getExtraFilesUniqueName" $key }}
+            {{- if $entry.useSecret }}
+            secret:
+              secretName: {{ printf "%s-%s" (include "galaxy.fullname" $) (include "galaxy.getExtraFilesUniqueName" $key) }}
+            {{- else }}
+            configMap:
+              name: {{ printf "%s-%s" (include "galaxy.fullname" $) (include "galaxy.getExtraFilesUniqueName" $key) }}
+            {{- end }}
+            {{- if $entry.mode }}
+              defaultMode: {{ $entry.mode }}
+            {{- end }}
+          {{- end }}
           restartPolicy: OnFailure
+{{- if $cronjob.extraFileMappings }}
+{{- range $name, $entry := $cronjob.extraFileMappings }}
+---
+apiVersion: v1
+metadata:
+  # Extract the filename portion only
+  name: {{ printf "%s-%s" (include "galaxy.fullname" $) (include "galaxy.getExtraFilesUniqueName" $name) }}
+  labels:
+    {{- include "galaxy.labels" $ | nindent 4 }}
+{{- if $entry.useSecret }}
+kind: Secret
+type: Opaque
+stringData:
+{{- else }}
+kind: ConfigMap
+data:
+{{- end }}
+  {{- include "galaxy.getFilenameFromPath" $name | nindent 2 }}: |
+  {{- if $entry.tpl }}
+    {{- tpl (tpl $entry.content $) $ | nindent 4 }}
+  {{- else }}
+    {{- $entry.content | nindent 4 }}
+  {{- end }}
+{{- end }}
+{{- end }}
+
+{{- end }}
diff --git a/galaxy/templates/hook-cvmfs-fix.yaml b/galaxy/templates/hook-cvmfs-fix.yaml
@@ -1,6 +1,6 @@
 {{- if and .Values.refdata.enabled (eq .Values.refdata.type "cvmfs") }}
-  # Include the code you want to run when both conditions are met
 ---
+# Include the code you want to run when both conditions are met
 apiVersion: batch/v1
 kind: Job
 metadata:

diff --git a/galaxy/values.yaml b/galaxy/values.yaml
@@ -267,10 +267,91 @@ extraEnv: []
   # - name: EXAMPLE_ENV
   #   value: MY_VALUE
 
+#- CronJobs to perform periodic maintenance tasks
+cronJobs:
+  #- Runs the maintenance.sh script to purge items in the Galaxy database that
+  #- have been flagged as deleted.
+  maintenance:
+    schedule: "5 2 * * *"
+    extraSettings:
+      #- Purge items older than this.
+      days: '7'
+    securityContext:
+      runAsUser: 0
+    defaultEnv: true
+    command:
+      - "/galaxy/server/scripts/maintenance.sh"
+    args:
+      - "--no-dry-run"
+      - "--days"
+      - "{{ tpl .Values.cronJobs.maintenance.extraSettings.days $ }}"
+  #- Remove files from the tmp directory that are older than the allowable wall time for a job
+  tmpdir:
+    schedule: "15 2 * * *"
+    extraSettings:
+      lastModified: '{{ index .Values "configs" "job_conf.yml" "runners" "k8s" "k8s_walltime_limit" | default 604800 }}'
+    securityContext:
+      runAsUser: 0
+    command:
+      - /usr/bin/find
+    args:
+      - "{{ .Values.persistence.mountPath }}/tmp"
+      - "!"
+      - "-newermt"
+      - "{{ tpl .Values.cronJobs.tmpdir.extraSettings.lastModified $ }} seconds ago"
+      - "-type"
+      - "f"
+      - "-exec"
+      - "rm"
+      - "{}"
+      - ";"
+#  #- An example cron job that showcases all available features.
+#  example:
+#    #- Disable the job by scheduling it for a date that never occurs, I.E. Feb 30th
+#    #- The job can still be triggered manually.
+#    schedule: "0 0 30 2 *"
+#    #- Include the set of default environment variables. See galaxy.podEnvVars
+#    #- in the Helm chart's _helpers.tpl for the variables that will be defined.
+#    defaultEnv: true
+#    #- Define extra environment variables that will be available to the job
+#    extraEnv:
+#      - name: LOGFILE
+#        value: /galaxy/server/database/example.log
+#    #- Run the job as root (uid 0)
+#    securityContext:
+#      runAsUser: 0
+#    #- Specify an alternate Docker image for the CronJob container
+#    image:
+#      repository: ksuderman/galaxy-maintenance
+#      tag: "0.7"
+#    #- The command to be run
+#    command:
+#      - /usr/local/bin/example.sh
+#    #- Command line arguments to be passed to the command, one per line.
+#    args:
+#      - "--option"
+#      - "value"
+#    #- Define extra files that will be mounted into the image. In this case we
+#    #- mount a simple Bash script that will write the current environment
+#    #- variables to persistent storage.
+#    extraFileMappings:
+#      #- Path were the file will be mounted
+#      /usr/local/bin/example.sh:
+#        #- Default permission on the file.  In this case 'rwxr-xr-x'
+#        mode: "0755"
+#        #- Run the contents through the Helm `tpl` command
+#        tpl: true
+#        #- The contents of the file to be mounted.  Can contain Helm template values
+#        #- if `tpl` is set to true.
+#        content: |-
+#          #!/usr/bin/bash
+#          echo {{ .Release.Name }} >> $LOGFILE
+#          echo "$@" >> $LOGFILE
+#          env >> $LOGFILE
+
 ingress:
   #- Should ingress be enabled. Defaults to `true`
   enabled: true
-  #-
   ingressClassName: nginx
   canary:
     enabled: true
@@ -450,7 +531,8 @@ configs:
       interactivetools_base_path: "{{$host := index .Values.ingress.hosts 0}}{{$path := index $host.paths 0}}{{$path.path}}"
       id_secret:
       mulled_resolution_cache_lock_dir: "/galaxy/server/local/mulled_cache_lock"
-      database_connection: postgresql://unused:because@overridden_by_envvar
+      database_connection: |-
+        {{ include "galaxy-postgresql.connection-string" .}}
       integrated_tool_panel_config: "/galaxy/server/config/mutable/integrated_tool_panel.xml"
       sanitize_allowlist_file: "/galaxy/server/config/mutable/sanitize_allowlist.txt"
       tool_config_file: "/galaxy/server/config/tool_conf.xml{{if .Values.setupJob.downloadToolConfs.enabled}},{{ .Values.setupJob.downloadToolConfs.volume.mountPath }}/config/shed_tool_conf.xml{{end}}"