diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index d531604742d4b5d6422c0fbe41b17e3a1e80c7de..62ccdd7b133c7f07722ce95ef85b6c9fca407227 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -102,23 +102,6 @@ build helm chart: - when: manual allow_failure: true -check helm chart: - stage: test - image: ${CI_REGISTRY_IMAGE}/dev_python:${DOCKER_TAG} - script: - - uv pip install -e "." - - scripts/check_helm_chart.sh - after_script: - - > - if [ $CI_JOB_STATUS == 'failed' ]; then - echo 'Make sure that the helm chart values.yaml has been updated and committed by running' - echo './scripts/update_hem_chart.sh' - fi - rules: - - if: $CI_COMMIT_TAG - when: never - - when: on_success - python linting: stage: test image: ${CI_REGISTRY_IMAGE}/dev_python:${DOCKER_TAG} @@ -331,15 +314,6 @@ build python package: - dist/ - archive.json -build final image: - stage: test - needs: ["build python package", "update_scm_pretend_version"] - variables: - SETUPTOOLS_SCM_PRETEND_VERSION: "${SETUPTOOLS_SCM_PRETEND_VERSION}" - TARGET: final - DESTINATION: "${CI_REGISTRY_IMAGE}:${DOCKER_TAG}" - extends: .build_image - install tests: stage: test parallel: @@ -360,148 +334,6 @@ install tests: - uv pip install git+https://github.com/nomad-coe/nomad-parser-example.git@0b0035d - python -m exampleparser tests/data/examples/example.out -.tag image: - image: - name: gcr.io/go-containerregistry/crane:debug - entrypoint: [""] - variables: - GIT_STRATEGY: none - script: - - crane auth login -u $CI_REGISTRY_USER -p $CI_REGISTRY_PASSWORD $CI_REGISTRY - - echo ${TARGET_ENV} - - crane cp ${CI_REGISTRY_IMAGE}:${DOCKER_TAG} ${CI_REGISTRY_IMAGE}:${TARGET_ENV} - -.deploy image: &deploy_image - stage: deploy - image: gitlab-registry.mpcdf.mpg.de/nomad-lab/nomad-fair/ci-runner:latest - before_script: - - mkdir ~/.kube/ - - echo ${CI_K8S_CLOUD_CONFIG} | base64 -d > ~/.kube/config - script: - - echo ${TARGET_ENV} - - helm dependency update ops/kubernetes/nomad - - helm upgrade nomad-prod-${TARGET_ENV} ops/kubernetes/nomad - --install - --namespace nomad-prod-${TARGET_ENV} - --values ops/kubernetes/values.yaml - --values ops/kubernetes/nomad-prod-${TARGET_ENV}.yaml - --set nomad.image.tag=${TARGET_ENV} - --set roll=true - --timeout=15m - --wait - -.test_deployment: &test_deployment - stage: deploy - image: - name: ${CI_REGISTRY_IMAGE}:${DOCKER_TAG} - entrypoint: [""] - script: - - CLIENT_URL="https://nomad-lab.eu/prod/v1/${TARGET_ENV}/api" - - echo ${CLIENT_URL} - - nomad client -n $CLIENT_URL -u test -w $CI_NOMAD_TEST_PASSWORD integrationtests --skip-publish --skip-doi - -deploy test: - stage: deploy - extends: - - .tag image - variables: - TARGET_ENV: test - before_script: - - echo "TARGET_ENV=test" >> build.env - - echo "name=test" >> build.env - - echo "deployment_tier=production" >> build.env - - echo "url=https://nomad-lab.eu/prod/v1/test" >> build.env - artifacts: - reports: - dotenv: build.env - rules: - - when: manual - allow_failure: true - -deploy test image: - stage: deploy - needs: ["deploy test"] - <<: *deploy_image - -test test deployment: - stage: deploy - needs: ["deploy test", "deploy test image"] - <<: *test_deployment - -deploy staging: - stage: deploy - extends: - - .tag image - variables: - TARGET_ENV: staging - before_script: - - echo "TARGET_ENV=staging" >> build.env - - echo "name=staging" >> build.env - - echo "deployment_tier=production" >> build.env - - echo "url=https://nomad-lab.eu/prod/v1/staging" >> build.env - artifacts: - reports: - dotenv: build.env - rules: - - when: manual - allow_failure: true - -deploy staging image: - stage: deploy - needs: ["deploy staging"] - <<: *deploy_image - -test staging deployment: - stage: deploy - needs: ["deploy staging", "deploy staging image"] - <<: *test_deployment - -deploy develop: - stage: deploy - extends: - - .tag image - variables: - TARGET_ENV: develop - before_script: - - echo "TARGET_ENV=develop" >> build.env - - echo "name=develop" >> build.env - - echo "deployment_tier=production" >> build.env - - echo "url=https://nomad-lab.eu/prod/v1/develop" >> build.env - artifacts: - reports: - dotenv: build.env - rules: - - when: manual - allow_failure: true - -deploy develop image: - stage: deploy - needs: ["deploy develop"] - <<: *deploy_image - -test develop deployment: - stage: deploy - needs: ["deploy develop", "deploy develop image"] - <<: *test_deployment - -release latest image: - stage: release - extends: .tag image - variables: - TARGET_ENV: latest - rules: - - when: manual - allow_failure: true - -release stable image: - stage: release - extends: .tag image - variables: - TARGET_ENV: stable - rules: - - when: manual - allow_failure: true - python package: stage: release variables: diff --git a/ops/kubernetes/README.md b/ops/kubernetes/README.md deleted file mode 100644 index 4177bb8bd2c785d19cb180c847985e810b03ecb3..0000000000000000000000000000000000000000 --- a/ops/kubernetes/README.md +++ /dev/null @@ -1,6 +0,0 @@ -## The different deployments used for the central nomad-lab.eu NOMAD installations. - -Those files are used by the `.gitlab-ci.yml` to deploy to the respective -installations. - -The `example-values.yaml` are only used in the k8s install documentation. \ No newline at end of file diff --git a/ops/kubernetes/example-values.yaml b/ops/kubernetes/example-values.yaml deleted file mode 100644 index 09aed276b17517a044c228f057922947216b4e4c..0000000000000000000000000000000000000000 --- a/ops/kubernetes/example-values.yaml +++ /dev/null @@ -1,19 +0,0 @@ -nomad: - config: - uploadurl: "https://mydomain.org/nomad-oasis/api/uploads" - - north: - enabled: true - - image: - tag: "latest" - - proxy: - path: "/nomad-oasis" - -jupyterhub: - hub: - baseUrl: "/nomad-oasis/north" - config: - GenericOAuthenticator: - oauth_callback_url: https://mydomain.org/nomad-oasis/north/hub/oauth_callback diff --git a/ops/kubernetes/inspect.yaml b/ops/kubernetes/inspect.yaml deleted file mode 100644 index f50ddd156c2dd75b1a1f305c4310ace71fed5e77..0000000000000000000000000000000000000000 --- a/ops/kubernetes/inspect.yaml +++ /dev/null @@ -1,17 +0,0 @@ -apiVersion: v1 -kind: Pod -metadata: - name: pvc-inspector - namespace: nomad-prod-develop -spec: - containers: - - name: pvc-inspector - image: busybox - command: ["sh", "-c", "sleep infinity"] - volumeMounts: - - mountPath: /pvc - name: pvc-volume - volumes: - - name: pvc-volume - persistentVolumeClaim: - claimName: nomad-prod-develop-north-hub-db-dir diff --git a/ops/kubernetes/nomad-prod-develop.yaml b/ops/kubernetes/nomad-prod-develop.yaml deleted file mode 100644 index 0733fd6f51f53b0eb1b9eec4b50f0520dc7ed152..0000000000000000000000000000000000000000 --- a/ops/kubernetes/nomad-prod-develop.yaml +++ /dev/null @@ -1,58 +0,0 @@ -nomad: - config: - version: - label: beta/staging - isBeta: true - usesBetaData: false - officialUrl: "https://nomad-lab.eu/prod/v1/gui" - - gui: - debug: true - - dbname: nomad_prod_v1 - - uploadurl: "https://nomad-lab.eu/prod/v1/develop/api/uploads" - - mail: - enabled: false - - datacite: - enabled: false - - north: - enabled: true - - plugins: - entry_points: - options: - 'nomad_aitoolkit.apps:aitoolkit': - upload_ids: - - hHA2lM5HRy2ZN_La6TPGjg - - image: - tag: "prod" - - proxy: - path: "/prod/v1/develop" - - app: - replicaCount: 4 - - worker: - replicaCount: 1 - processes: 4 - resources: - limits: - memory: "32Gi" - requests: - memory: "8Gi" - -jupyterhub: - fullnameOverride: "nomad-prod-develop-north" - hub: - baseUrl: "/prod/v1/develop/north" - config: - GenericOAuthenticator: - oauth_callback_url: https://nomad-lab.eu/prod/v1/develop/north/hub/oauth_callback - singleuser: - podNameTemplate: "nomad-prod-develop-north-{username}--{servername}" diff --git a/ops/kubernetes/nomad-prod-staging.yaml b/ops/kubernetes/nomad-prod-staging.yaml deleted file mode 100644 index 6b738bafdaf3e67bbc6732114aaa8708edef64b1..0000000000000000000000000000000000000000 --- a/ops/kubernetes/nomad-prod-staging.yaml +++ /dev/null @@ -1,58 +0,0 @@ -nomad: - config: - version: - label: beta/staging - isBeta: true - usesBetaData: false - officialUrl: "https://nomad-lab.eu/prod/v1/gui" - - gui: - debug: true - - dbname: nomad_prod_v1 - - uploadurl: "https://cloud.nomad-lab.eu/prod/v1/staging/api/uploads" - - mail: - enabled: false - - datacite: - enabled: false - - north: - enabled: true - - plugins: - entry_points: - options: - 'nomad_aitoolkit.apps:aitoolkit': - upload_ids: - - hHA2lM5HRy2ZN_La6TPGjg - - image: - tag: "prod" - - proxy: - path: "/prod/v1/staging" - - app: - replicaCount: 8 - - worker: - replicaCount: 2 - processes: 12 - resources: - limits: - memory: "32Gi" - requests: - memory: "8Gi" - -jupyterhub: - fullnameOverride: "nomad-prod-staging-north" - hub: - baseUrl: "/prod/v1/staging/north" - config: - GenericOAuthenticator: - oauth_callback_url: https://nomad-lab.eu/prod/v1/staging/north/hub/oauth_callback - singleuser: - podNameTemplate: "nomad-prod-staging-north-{username}--{servername}" diff --git a/ops/kubernetes/nomad-prod-test.yaml b/ops/kubernetes/nomad-prod-test.yaml deleted file mode 100644 index 4e27996d901d92831672381ccee1f93747ba84ff..0000000000000000000000000000000000000000 --- a/ops/kubernetes/nomad-prod-test.yaml +++ /dev/null @@ -1,49 +0,0 @@ -nomad: - config: - version: - label: beta/test - isBeta: true - usesBetaData: true - officialUrl: "https://nomad-lab.eu/prod/v1/gui" - - gui: - debug: true - - dbname: nomad_test_v1 - - uploadurl: "https://nomad-lab.eu/prod/v1/test/api/uploads" - - volumes: - prefixSize: 1 - public: /nomad/test/fs/public - staging: /nomad/test/fs/staging - north_home: /nomad/test/fs/north/users - tmp: /nomad/test/fs/tmp - nomad: /nomad - - mail: - enabled: false - - datacite: - enabled: false - - north: - enabled: false - - image: - tag: "prod" - - proxy: - path: "/prod/v1/test" - - app: - replicaCount: 4 - - worker: - replicaCount: 1 - processes: 4 - resources: - limits: - memory: "32Gi" - requests: - memory: "8Gi" diff --git a/ops/kubernetes/nomad-prod-util.yaml b/ops/kubernetes/nomad-prod-util.yaml deleted file mode 100644 index 70dc3937a7592328dc366188829bc824e4b56784..0000000000000000000000000000000000000000 --- a/ops/kubernetes/nomad-prod-util.yaml +++ /dev/null @@ -1,47 +0,0 @@ -nomad: - config: - version: - label: beta/staging - isBeta: true - usesBetaData: false - officialUrl: "https://nomad-lab.eu/prod/v1/gui" - - gui: - debug: true - - dbname: nomad_prod_v1 - - uploadurl: "https://cloud.nomad-lab.eu/prod/v1/util/api/uploads" - - mail: - enabled: false - - datacite: - enabled: false - - north: - enabled: false - - image: - tag: "prod" - - proxy: - path: "/prod/v1/util" - - app: - replicaCount: 1 - resources: - limits: - memory: "8Gi" - - worker: - replicaCount: 2 - processes: 8 - resources: - limits: - memory: "256Gi" - requests: - memory: "8Gi" - - adminconsole: - enabled: true diff --git a/ops/kubernetes/nomad-prod.yaml b/ops/kubernetes/nomad-prod.yaml deleted file mode 100644 index ec1606f9fe7e871a47ac3883e6df5e76f95c518e..0000000000000000000000000000000000000000 --- a/ops/kubernetes/nomad-prod.yaml +++ /dev/null @@ -1,54 +0,0 @@ -nomad: - config: - dbname: nomad_prod_v1 - - uploadurl: "https://nomad-lab.eu/prod/v1/api/uploads" - - mail: - enabled: true - - datacite: - enabled: true - - north: - enabled: true - - plugins: - entry_points: - options: - 'nomad_aitoolkit.apps:aitoolkit': - upload_ids: - - hHA2lM5HRy2ZN_La6TPGjg - - image: - tag: "prod" - - proxy: - path: "/prod/v1" - - ingress: - annotations: - nginx.ingress.kubernetes.io/limit-rps: "25" - nginx.ingress.kubernetes.io/denylist-source-range: "141.35.40.36/32, 141.35.40.52/32" - - app: - replicaCount: 18 - - worker: - replicaCount: 1 - processes: 12 - resources: - limits: - memory: "32Gi" - requests: - memory: "8Gi" - -jupyterhub: - fullnameOverride: "nomad-prod-north" - hub: - baseUrl: "/prod/v1/north" - config: - GenericOAuthenticator: - oauth_callback_url: https://nomad-lab.eu/prod/v1/north/hub/oauth_callback - singleuser: - podNameTemplate: "nomad-prod-north-{username}--{servername}" diff --git a/ops/kubernetes/nomad/.gitignore b/ops/kubernetes/nomad/.gitignore deleted file mode 100644 index a273dd7da1fc6f0b94d352837365478a257e612c..0000000000000000000000000000000000000000 --- a/ops/kubernetes/nomad/.gitignore +++ /dev/null @@ -1,2 +0,0 @@ -# Chart dependencies -**/charts/*.tgz \ No newline at end of file diff --git a/ops/kubernetes/nomad/.helmignore b/ops/kubernetes/nomad/.helmignore deleted file mode 100644 index 0e8a0eb36f4ca2c939201c0d54b5d82a1ea34778..0000000000000000000000000000000000000000 --- a/ops/kubernetes/nomad/.helmignore +++ /dev/null @@ -1,23 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*.orig -*~ -# Various IDEs -.project -.idea/ -*.tmproj -.vscode/ diff --git a/ops/kubernetes/nomad/Chart.lock b/ops/kubernetes/nomad/Chart.lock deleted file mode 100644 index ca21ee2e9c5a86a58143822d20db2476a7ba537a..0000000000000000000000000000000000000000 --- a/ops/kubernetes/nomad/Chart.lock +++ /dev/null @@ -1,15 +0,0 @@ -dependencies: -- name: rabbitmq - repository: https://charts.bitnami.com/bitnami - version: 11.2.2 -- name: elasticsearch - repository: https://helm.elastic.co - version: 7.17.3 -- name: mongodb - repository: oci://registry-1.docker.io/bitnamicharts - version: 14.0.4 -- name: jupyterhub - repository: https://jupyterhub.github.io/helm-chart/ - version: 3.2.1 -digest: sha256:f77e87c16f5417c9ba3d30143451035d6b570c5eb9d736589069e31e26ab5adf -generated: "2024-02-26T13:51:48.48639+01:00" diff --git a/ops/kubernetes/nomad/Chart.yaml b/ops/kubernetes/nomad/Chart.yaml deleted file mode 100644 index 2cfb251f1fef1c9adb270574e55265cda7051c80..0000000000000000000000000000000000000000 --- a/ops/kubernetes/nomad/Chart.yaml +++ /dev/null @@ -1,45 +0,0 @@ -apiVersion: v2 -name: nomad -description: A Helm chart for Kubernetes - -# A chart can be either an 'application' or a 'library' chart. -# -# Application charts are a collection of templates that can be packaged into versioned archives -# to be deployed. -# -# Library charts provide useful utilities or functions for the chart developer. They're included as -# a dependency of application charts to inject those utilities and functions into the rendering -# pipeline. Library charts do not define any templates and therefore cannot be deployed. -type: application - -# This is the chart version. This version number should be incremented each time you make changes -# to the chart and its templates, including the app version. -# Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 1.1.0 - -# This is the version number of the application being deployed. This version number should be -# incremented each time you make changes to the application. Versions are not expected to -# follow Semantic Versioning. They should reflect the version the application is using. -# It is recommended to use it with quotes. -appVersion: "1.2.2" - -dependencies: -- name: rabbitmq - version: "11.2.2" - repository: "https://charts.bitnami.com/bitnami" - condition: nomad.enabled -- name: elasticsearch - condition: elasticsearch.enabled - version: 7.17.3 - repository: https://helm.elastic.co -- name: mongodb - condition: mongodb.enabled - version: 14.0.4 - repository: oci://registry-1.docker.io/bitnamicharts -- name: jupyterhub - version: "3.2.1" - repository: "https://jupyterhub.github.io/helm-chart/" - condition: nomad.config.north.enabled - - - diff --git a/ops/kubernetes/nomad/README.md b/ops/kubernetes/nomad/README.md deleted file mode 100644 index 0537b76a8c85b64789a7ef2600bc46165ec170d5..0000000000000000000000000000000000000000 --- a/ops/kubernetes/nomad/README.md +++ /dev/null @@ -1,5 +0,0 @@ -A first version for a `nomad` helm chart that includes all services, -including elastic and mongo. - -At the moment, everything is just loosely stitched together. Especially, -`nomad.config.mongo.host` still does need to be configured manually. \ No newline at end of file diff --git a/ops/kubernetes/nomad/templates/NOTES.txt b/ops/kubernetes/nomad/templates/NOTES.txt deleted file mode 100644 index b53ec5b87e23b5481c81dabe86916a2adeda8ae9..0000000000000000000000000000000000000000 --- a/ops/kubernetes/nomad/templates/NOTES.txt +++ /dev/null @@ -1,21 +0,0 @@ -{{- $path := .Values.nomad.proxy.path -}} -1. Get the application URL by running these commands: -{{- if .Values.nomad.ingress.enabled }} -{{- range $host := .Values.nomad.ingress.hosts }} - http{{ if $.Values.nomad.ingress.tls }}s{{ end }}://{{ $host }}{{ $path }} -{{- end }} -{{- else if contains "NodePort" .Values.nomad.service.type }} - export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "nomad.fullname" . }}) - export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}") - echo http://$NODE_IP:$NODE_PORT -{{- else if contains "LoadBalancer" .Values.nomad.service.type }} - NOTE: It may take a few minutes for the LoadBalancer IP to be available. - You can watch the status of by running 'kubectl get --namespace {{ .Release.Namespace }} svc -w {{ include "nomad.fullname" . }}' - export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "nomad.fullname" . }} --template "{{"{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}"}}") - echo http://$SERVICE_IP:{{ .Values.nomad.service.port }} -{{- else if contains "ClusterIP" .Values.nomad.service.type }} - export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "nomad.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}") - export CONTAINER_PORT=$(kubectl get pod --namespace {{ .Release.Namespace }} $POD_NAME -o jsonpath="{.spec.containers[0].ports[0].containerPort}") - echo "Visit http://127.0.0.1:8080 to use your application" - kubectl --namespace {{ .Release.Namespace }} port-forward $POD_NAME 8080:$CONTAINER_PORT -{{- end }} diff --git a/ops/kubernetes/nomad/templates/_helpers.tpl b/ops/kubernetes/nomad/templates/_helpers.tpl deleted file mode 100644 index 563b2081218cc5d419a3a3c7bff786839debd0b0..0000000000000000000000000000000000000000 --- a/ops/kubernetes/nomad/templates/_helpers.tpl +++ /dev/null @@ -1,62 +0,0 @@ -{{/* -Expand the name of the chart. -*/}} -{{- define "nomad.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} -{{- end }} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "nomad.fullname" -}} -{{- if .Values.fullnameOverride }} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} -{{- else }} -{{- $name := default .Chart.Name .Values.nameOverride }} -{{- if contains $name .Release.Name }} -{{- .Release.Name | trunc 63 | trimSuffix "-" }} -{{- else }} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} -{{- end }} -{{- end }} -{{- end }} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "nomad.chart" -}} -{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} -{{- end }} - -{{/* -Common labels -*/}} -{{- define "nomad.labels" -}} -helm.sh/chart: {{ include "nomad.chart" . }} -{{ include "nomad.selectorLabels" . }} -{{- if .Chart.AppVersion }} -app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} -{{- end }} -app.kubernetes.io/managed-by: {{ .Release.Service }} -{{- end }} - -{{/* -Selector labels -*/}} -{{- define "nomad.selectorLabels" -}} -app.kubernetes.io/name: {{ include "nomad.name" . }} -app.kubernetes.io/instance: {{ .Release.Name }} -{{- end }} - -{{/* -Create the name of the service account to use -*/}} -{{- define "nomad.serviceAccountName" -}} -{{- if .Values.serviceAccount.create }} -{{- default (include "nomad.fullname" .) .Values.serviceAccount.name }} -{{- else }} -{{- default "default" .Values.serviceAccount.name }} -{{- end }} -{{- end }} diff --git a/ops/kubernetes/nomad/templates/adminconsole/deployment.yaml b/ops/kubernetes/nomad/templates/adminconsole/deployment.yaml deleted file mode 100644 index a8bb7dba7276ba13fbfad10e354d88d847011a18..0000000000000000000000000000000000000000 --- a/ops/kubernetes/nomad/templates/adminconsole/deployment.yaml +++ /dev/null @@ -1,164 +0,0 @@ -{{- if .Values.nomad.adminconsole.enabled -}} -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ include "nomad.fullname" . }}-adminconsole - labels: - {{- include "nomad.labels" . | nindent 4 }} - app.kubernetes.io/component: adminconsole -spec: - replicas: {{ .Values.nomad.adminconsole.replicaCount }} - selector: - matchLabels: - {{- include "nomad.selectorLabels" . | nindent 6 }} - app.kubernetes.io/component: adminconsole - template: - metadata: - {{- with .Values.nomad.adminconsole.podAnnotations }} - annotations: - {{- toYaml . | nindent 8 }} - {{- if .Values.roll }} - rollme: {{ randAlphaNum 5 | quote }} - {{- end }} - {{- else }} - {{- if .Values.roll }} - annotations: - rollme: {{ randAlphaNum 5 | quote }} - {{- end }} - {{- end }} - labels: - {{- include "nomad.labels" . | nindent 8 }} - {{- with .Values.nomad.podLabels }} - {{- toYaml . | nindent 8 }} - {{- end }} - app.kubernetes.io/component: adminconsole - spec: - {{- with .Values.nomad.imagePullSecrets }} - imagePullSecrets: - {{- toYaml . | nindent 8 }} - {{- end }} - serviceAccountName: {{ include "nomad.serviceAccountName" . }} - {{- with .Values.nomad.adminconsole.podSecurityContext }} - securityContext: - {{- toYaml . | nindent 8 }} - {{- end }} - containers: - - name: {{ .Chart.Name }}-adminconsole - {{- with .Values.nomad.adminconsole.securityContext }} - securityContext: - {{- toYaml . | nindent 12 }} - {{- end }} - image: "{{ .Values.nomad.image.repository }}:{{ .Values.nomad.image.tag | default .Chart.AppVersion }}" - imagePullPolicy: {{ .Values.nomad.image.pullPolicy }} - {{- with .Values.nomad.adminconsole.resources }} - resources: - {{- toYaml . | nindent 12 }} - {{- end }} - volumeMounts: - - mountPath: /app/nomad.yaml - name: nomad-conf - subPath: nomad.yaml - - mountPath: /app/.volumes/fs/public - name: public-volume - - mountPath: /app/.volumes/fs/staging - name: staging-volume - - mountPath: /nomad - name: nomad-volume - {{- with .Values.nomad.volumeMounts }} - {{- toYaml . | nindent 12 }} - {{- end }} - env: - - name: JUPYTER_RUNTIME_DIR - value: /tmp - - name: JUPYTER_DATA_DIR - value: /tmp - - name: CELERY_ACKS_LATE - value: "True" - - name: NOMAD_META_SERVICE - value: "adminconsole" - - name: NOMAD_CONSOLE_LOG_LEVEL - value: "{{ .Values.nomad.config.worker.console_loglevel }}" - - name: NOMAD_LOGSTASH_LEVEL - value: "{{ .Values.nomad.config.worker.logstash_loglevel }}" - - name: NOMAD_CELERY_NODE_NAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - {{- if .Values.nomad.config.api.apiSecret }} - - name: NOMAD_SERVICES_API_SECRET - valueFrom: - secretKeyRef: - name: {{ .Values.nomad.config.api.apiSecret}} - key: password - {{- end }} - {{- if .Values.nomad.config.keycloak.clientSecret }} - - name: NOMAD_KEYCLOAK_CLIENT_SECRET - valueFrom: - secretKeyRef: - name: {{ .Values.nomad.config.keycloak.clientSecret }} - key: password - {{- end }} - {{- if .Values.nomad.config.keycloak.passwordSecret }} - - name: NOMAD_KEYCLOAK_PASSWORD - valueFrom: - secretKeyRef: - name: {{ .Values.nomad.config.keycloak.passwordSecret }} - key: password - {{- end }} - command: ["jupyter", "lab", "--notebook-dir", "/nomad/adminconsole"] - livenessProbe: - exec: - command: - - bash - - -c - - NOMAD_LOGSTASH_LEVEL=WARNING python -m celery -A nomad.processing status | grep "${NOMAD_CELERY_NODE_NAME}:.*OK" - initialDelaySeconds: 30 - periodSeconds: 120 - timeoutSeconds: 60 - readinessProbe: - exec: - command: - - bash - - -c - - NOMAD_LOGSTASH_LEVEL=WARNING python -m celery -A nomad.processing status | grep "${NOMAD_CELERY_NODE_NAME}:.*OK" - initialDelaySeconds: 30 - periodSeconds: 120 - timeoutSeconds: 60 - volumes: - {{- with .Values.nomad.volumes }} - {{- toYaml . | nindent 8 }} - {{- end }} - - name: nomad-conf - configMap: - name: {{ include "nomad.fullname" . }}-configmap - - name: public-volume - hostPath: - path: {{ .Values.nomad.config.volumes.public }} - # type: Directory - - name: staging-volume - {{ if (eq .Values.nomad.config.worker.storage "memory") }} - emptyDir: - medium: 'Memory' - {{ else }} - hostPath: - path: {{ .Values.nomad.config.volumes.staging}} - # type: Directory - {{ end }} - - name: nomad-volume - hostPath: - path: {{ .Values.nomad.config.volumes.nomad }} - # type: Directory - - {{- with .Values.nomad.adminconsole.nodeSelector }} - nodeSelector: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.nomad.adminconsole.affinity }} - affinity: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.nomad.adminconsole.tolerations }} - tolerations: - {{- toYaml . | nindent 8 }} - {{- end }} -{{- end }} \ No newline at end of file diff --git a/ops/kubernetes/nomad/templates/app/configmap.yml b/ops/kubernetes/nomad/templates/app/configmap.yml deleted file mode 100644 index bc05a4cf919733a6f803f74a7f560848e97a4897..0000000000000000000000000000000000000000 --- a/ops/kubernetes/nomad/templates/app/configmap.yml +++ /dev/null @@ -1,40 +0,0 @@ -{{- if .Values.nomad.enabled -}} -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ include "nomad.fullname" . }}-configmap-app-uvicorn-log-config - labels: - {{- include "nomad.labels" . | nindent 4 }} - app.kubernetes.io/component: app -data: - uvicorn.log.conf: | - [loggers] - keys=root - - [handlers] - keys=console, logstash - - [formatters] - keys=generic, logstash - - [logger_root] - level=INFO - handlers=console, logstash - - [handler_console] - class=StreamHandler - formatter=generic - args=(sys.stdout, ) - - [handler_logstash] - class=nomad.utils.structlogging.LogstashHandler - formatter=logstash - - [formatter_generic] - format=%(asctime)s [%(process)d] [%(levelname)s] %(message)s - datefmt=%Y-%m-%d %H:%M:%S - class=logging.Formatter - - [formatter_logstash] - class=nomad.utils.structlogging.LogstashFormatter -{{- end }} \ No newline at end of file diff --git a/ops/kubernetes/nomad/templates/app/deployment.yaml b/ops/kubernetes/nomad/templates/app/deployment.yaml deleted file mode 100644 index 42c6f154c40fbd04860276db854770bc74ec34c2..0000000000000000000000000000000000000000 --- a/ops/kubernetes/nomad/templates/app/deployment.yaml +++ /dev/null @@ -1,194 +0,0 @@ -{{- if .Values.nomad.enabled -}} -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ include "nomad.fullname" . }}-app - labels: - {{- include "nomad.labels" . | nindent 4 }} - app.kubernetes.io/component: app -spec: - replicas: {{ .Values.nomad.app.replicaCount }} - selector: - matchLabels: - {{- include "nomad.selectorLabels" . | nindent 6 }} - app.kubernetes.io/component: app - template: - metadata: - {{- with .Values.nomad.worker.podAnnotations }} - annotations: - {{- toYaml . | nindent 8 }} - {{- if .Values.roll }} - rollme: {{ randAlphaNum 5 | quote }} - {{- end }} - {{- else }} - {{- if .Values.roll }} - annotations: - rollme: {{ randAlphaNum 5 | quote }} - {{- end }} - {{- end }} - labels: - {{- include "nomad.labels" . | nindent 8 }} - {{- with .Values.nomad.app.podLabels }} - {{- toYaml . | nindent 8 }} - {{- end }} - app.kubernetes.io/component: app - spec: - {{- with .Values.nomad.imagePullSecrets }} - imagePullSecrets: - {{- toYaml . | nindent 8 }} - {{- end }} - serviceAccountName: {{ include "nomad.serviceAccountName" . }} - {{- with .Values.nomad.app.podSecurityContext }} - securityContext: - {{- . | toYaml | nindent 8 }} - {{- end }} - containers: - - name: {{ .Chart.Name }}-app - {{- with .Values.nomad.app.securityContext }} - securityContext: - {{- . | toYaml | nindent 12 }} - {{- end }} - image: "{{ .Values.nomad.image.repository }}:{{ .Values.nomad.image.tag | default .Chart.AppVersion }}" - imagePullPolicy: {{ .Values.nomad.image.pullPolicy }} - ports: - - name: http - containerPort: {{ .Values.nomad.app.service.port }} - protocol: TCP - livenessProbe: - httpGet: - path: "{{ .Values.nomad.proxy.path }}/alive" - port: 8000 - initialDelaySeconds: 90 - periodSeconds: 10 - timeoutSeconds: {{ add .Values.nomad.proxy.timeout 10}} - readinessProbe: - httpGet: - path: "{{ .Values.nomad.proxy.path }}/alive" - port: 8000 - initialDelaySeconds: 90 - periodSeconds: 3 - timeoutSeconds: {{ add .Values.nomad.proxy.timeout 3 }} - {{- with .Values.nomad.app.resources }} - resources: - {{- . | toYaml | nindent 12 }} - {{- end }} - volumeMounts: - - mountPath: /app/nomad.yaml - name: nomad-conf - subPath: nomad.yaml - - mountPath: /app/uvicorn.log.conf - name: uvicorn-log-conf - subPath: uvicorn.log.conf - - mountPath: /app/.volumes/fs/public - name: public-volume - - mountPath: /app/.volumes/fs/staging - name: staging-volume - - mountPath: /app/.volumes/fs/north/users - name: north-home-volume - - mountPath: /nomad - name: nomad-volume - {{- with .Values.nomad.volumeMounts }} - {{- toYaml . | nindent 12 }} - {{- end }} - env: - - name: NOMAD_META_SERVICE - value: "app" - - name: NOMAD_CONSOLE_LOGLEVEL - value: "{{ .Values.nomad.config.app.console_loglevel }}" - - name: NOMAD_LOGSTASH_LEVEL - value: "{{ .Values.nomad.config.app.logstash_loglevel }}" - {{- if .Values.nomad.config.api.apiSecret }} - - name: NOMAD_SERVICES_API_SECRET - valueFrom: - secretKeyRef: - name: {{ .Values.nomad.config.api.apiSecret }} - key: password - {{- end }} - {{- if .Values.nomad.config.keycloak.clientSecret }} - - name: NOMAD_KEYCLOAK_CLIENT_SECRET - valueFrom: - secretKeyRef: - name: {{ .Values.nomad.config.keycloak.clientSecret }} - key: password - {{- end }} - {{- if .Values.nomad.config.client.passwordSecret }} - - name: NOMAD_CLIENT_PASSWORD - valueFrom: - secretKeyRef: - name: {{ .Values.nomad.config.client.passwordSecret }} - key: password - {{- end }} - {{- if .Values.nomad.config.keycloak.passwordSecret }} - - name: NOMAD_KEYCLOAK_PASSWORD - valueFrom: - secretKeyRef: - name: {{ .Values.nomad.config.keycloak.passwordSecret }} - key: password - {{- end }} - {{- if and .Values.nomad.config.datacite.enabled .Values.nomad.config.datacite.secret }} - - name: NOMAD_DATACITE_PASSWORD - valueFrom: - secretKeyRef: - name: {{ .Values.nomad.config.datacite.secret }} - key: password - - name: NOMAD_DATACITE_USER - valueFrom: - secretKeyRef: - name: {{ .Values.nomad.config.datacite.secret }} - key: user - {{- end }} - {{- if and .Values.nomad.config.north.enabled .Values.nomad.config.north.hubServiceApiTokenSecret }} - - name: NOMAD_NORTH_HUB_SERVICE_API_TOKEN - valueFrom: - secretKeyRef: - name: {{ .Values.nomad.config.north.hubServiceApiTokenSecret }} - key: token - {{- end }} - command: ["python", "-m", "nomad.cli", "admin", "run", "app", "--log-config", "uvicorn.log.conf", "--with-gui", "--host", "0.0.0.0"] - volumes: - {{- with .Values.nomad.volumes }} - {{- toYaml . | nindent 8 }} - {{- end }} - - name: uvicorn-log-conf - configMap: - name: {{ include "nomad.fullname" . }}-configmap-app-uvicorn-log-config - - name: app-run-script - configMap: - name: {{ include "nomad.fullname" . }}-app-run-script - - name: nomad-conf - configMap: - name: {{ include "nomad.fullname" . }}-configmap - - name: public-volume - hostPath: - path: {{ .Values.nomad.config.volumes.public }} - # type: Directory - - name: staging-volume - {{ if (eq .Values.nomad.config.worker.storage "memory") }} - emptyDir: - medium: 'Memory' - {{ else }} - hostPath: - path: {{ .Values.nomad.config.volumes.staging}} - # type: Directory - {{ end }} - - name: north-home-volume - hostPath: - path: {{ .Values.nomad.config.volumes.north_home}} - # type: Directory - - name: nomad-volume - hostPath: - path: {{ .Values.nomad.config.volumes.nomad }} - # type: Directory - {{- with .Values.nomad.app.nodeSelector }} - nodeSelector: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.nomad.app.affinity }} - affinity: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.nomad.app.tolerations }} - tolerations: - {{- toYaml . | nindent 8 }} - {{- end }} -{{- end}} \ No newline at end of file diff --git a/ops/kubernetes/nomad/templates/app/service.yaml b/ops/kubernetes/nomad/templates/app/service.yaml deleted file mode 100644 index 4f90ba6869d3a936ea60a0f707ee62fbbf6709db..0000000000000000000000000000000000000000 --- a/ops/kubernetes/nomad/templates/app/service.yaml +++ /dev/null @@ -1,20 +0,0 @@ -{{- if .Values.nomad.enabled -}} -apiVersion: v1 -kind: Service -metadata: - name: {{ include "nomad.fullname" . }}-app - labels: - {{- include "nomad.labels" . | nindent 4 }} - app.kubernetes.io/component: app -spec: - type: {{ .Values.nomad.app.service.type }} - ports: - - port: {{ .Values.nomad.app.service.port }} - # targetPort: http - targetPort: 8000 - protocol: TCP - name: http - selector: - {{- include "nomad.selectorLabels" . | nindent 4 }} - app.kubernetes.io/component: app -{{- end }} diff --git a/ops/kubernetes/nomad/templates/configmap.yml b/ops/kubernetes/nomad/templates/configmap.yml deleted file mode 100644 index 124bbe0b41bf45f66640ac95207f6644f1b0d7ba..0000000000000000000000000000000000000000 --- a/ops/kubernetes/nomad/templates/configmap.yml +++ /dev/null @@ -1,138 +0,0 @@ -{{- if .Values.nomad.enabled -}} -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ include "nomad.fullname" . }}-configmap - labels: - app.kubernetes.io/name: {{ include "nomad.name" . }}-configmap - {{- include "nomad.labels" . | nindent 4 }} -data: - nomad.yaml: | - meta: - deployment: "{{ .Release.Name }}" - service: "{{ .Values.nomad.config.meta.service }}" - homepage: "{{ .Values.nomad.config.meta.homepage }}" - source_url: "{{ .Values.nomad.config.meta.source_url }}" - maintainer_email: "{{ .Values.nomad.config.meta.maintainer_email }}" - beta: - label: "{{ .Values.nomad.config.version.label }}" - isBeta: {{ .Values.nomad.config.version.isBeta }} - isTest: {{ .Values.nomad.config.version.isTest }} - usesBetaData: {{ .Values.nomad.config.version.usesBetaData }} - officialUrl: "{{ .Values.nomad.config.version.officialUrl }}" - process: - reuse_parser: {{ .Values.nomad.config.process.reuseParser }} - index_materials: {{ .Values.nomad.config.process.indexMaterials }} - rfc3161_skip_published: {{ .Values.nomad.config.process.rfc3161_skip_published }} - reprocess: - rematch_published: {{ .Values.nomad.config.reprocess.rematchPublished }} - reprocess_existing_entries: {{ .Values.nomad.config.reprocess.reprocessExistingEntries }} - use_original_parser: {{ .Values.nomad.config.reprocess.useOriginalParser }} - add_matched_entries_to_published: {{ .Values.nomad.config.reprocess.addMatchedEntriesToPublished }} - delete_unmatched_published_entries: {{ .Values.nomad.config.reprocess.deleteUnmatchedPublishedEntries }} - index_individual_entries: {{ .Values.nomad.config.reprocess.indexIndividualEntries }} - fs: - tmp: ".volumes/fs/staging/tmp" - staging_external: {{ .Values.nomad.config.volumes.staging }} - public_external: {{ .Values.nomad.config.volumes.public }} - north_home_external: {{ .Values.nomad.config.volumes.north_home }} - prefix_size: {{ .Values.nomad.config.volumes.prefixSize }} - working_directory: /app - {{ if .Values.nomad.config.volumes.archiveVersionSuffix }} - archive_version_suffix: {{ .Values.nomad.config.volumes.archiveVersionSuffix | toYaml | nindent 6 }} - {{ end }} - logstash: - enabled: {{ .Values.nomad.config.logstash.enabled }} - host: "{{ .Values.nomad.config.logstash.host }}" - tcp_port: {{ .Values.nomad.config.logstash.port }} - services: - api_host: "{{ index .Values.nomad.ingress.hosts 0 }}" - api_port: {{ .Values.nomad.service.port }} - api_base_path: "{{ .Values.nomad.proxy.path }}" - api_secret: "{{ .Values.nomad.config.api.secret }}" - https: true - upload_limit: {{ .Values.nomad.config.api.uploadLimit }} - admin_user_id: {{ .Values.nomad.config.keycloak.admin_user_id }} - aitoolkit_enabled: {{ .Values.nomad.config.services.aitoolkit.enabled }} - rabbitmq: - host: "{{ .Release.Name }}-rabbitmq" - elastic: - {{- if .Values.nomad.config.elastic.host }} - host: "{{ .Values.nomad.config.elastic.host }}" - {{- else }} - host: "elasticsearch-master" - {{- end }} - port: {{ .Values.nomad.config.elastic.port }} - timeout: {{ .Values.nomad.config.elastic.timeout }} - bulk_timeout: {{ .Values.nomad.config.elastic.bulkTimeout }} - bulk_size: {{ .Values.nomad.config.elastic.bulkSize }} - entries_per_material_cap: {{ .Values.nomad.config.elastic.entriesPerMaterialCap }} - {{ if .Values.nomad.config.elastic.dbname }} - entries_index: "{{ .Values.nomad.config.elastic.dbname }}_entries_v1" - materials_index: "{{ .Values.nomad.config.elastic.dbname }}_materials_v1" - {{ else }} - entries_index: "{{ .Values.nomad.config.dbname }}_entries_v1" - materials_index: "{{ .Values.nomad.config.dbname }}_materials_v1" - {{ end }} - mongo: - {{ $secret := (lookup "v1" "Secret" .Release.Namespace (print .Release.Name "-mongodb")) }} - {{ if $secret }} - host: "mongodb://root:{{ index $secret.data "mongodb-root-password" | b64dec }}@{{ .Values.nomad.config.mongo.host }}" - {{ else }} - host: "mongodb://{{ .Values.nomad.config.mongo.host }}" - {{ end }} - port: {{ .Values.nomad.config.mongo.port }} - db_name: "{{ .Values.nomad.config.dbname }}" - mail: - enabled: {{ .Values.nomad.config.mail.enabled }} - host: "{{ .Values.nomad.config.mail.host }}" - {{ if .Values.nomad.config.mail.port }} - port: {{ .Values.nomad.config.mail.port }} - {{ end }} - {{ if .Values.nomad.config.mail.user }} - user: "{{ .Values.nomad.config.mail.user }}" - {{ end }} - {{ if .Values.nomad.config.mail.password }} - password: "{{ .Values.nomad.config.mail.password }}" - {{ end }} - from_address: "{{ .Values.nomad.config.mail.from }}" - {{ if .Values.nomad.config.mail.cc_adress }} - cc_address: "{{ .Values.nomad.config.mail.cc_adress }}" - {{ else }} - cc_address: null - {{ end }} - celery: - routing: "{{ .Values.nomad.config.worker.routing }}" - timeout: {{ .Values.nomad.config.worker.timeout }} - acks_late: {{ .Values.nomad.config.worker.acks_late }} - client: - user: "{{ .Values.nomad.config.client.username }}" - keycloak: - server_url: "{{ .Values.nomad.config.keycloak.serverUrl }}" - realm_name: "{{ .Values.nomad.config.keycloak.realmName }}" - username: "{{ .Values.nomad.config.keycloak.username }}" - client_id: "{{ .Values.nomad.config.keycloak.clientId }}" - datacite: - enabled: {{ .Values.nomad.config.datacite.enabled }} - prefix: "{{ .Values.nomad.config.datacite.prefix }}" - {{ if .Values.nomad.gui.config }} - ui: {{ .Values.nomad.gui.config | toYaml | nindent 6 }} - {{ end }} - north: - enabled: {{ .Values.nomad.config.north.enabled }} - hub_host: "{{ index .Values.nomad.ingress.hosts 0 }}" - hub_port: {{ .Values.nomad.service.port }} - hub_service_api_token: "{{ .Values.nomad.config.north.hubServiceApiToken }}" - {{ if .Values.nomad.config.archive }} - archive: {{ .Values.nomad.config.archive | toYaml | nindent 6 }} - {{ end }} - {{ if .Values.nomad.config.plugins }} - plugins: {{ .Values.nomad.config.plugins | toYaml | nindent 6 }} - {{ end }} - {{ if .Values.nomad.config.normalize }} - normalize: {{ .Values.nomad.config.normalize | toYaml | nindent 6 }} - {{ end }} - {{ if .Values.nomad.config.oasis }} - oasis: {{ .Values.nomad.config.oasis | toYaml | nindent 6 }} - {{ end }} -{{- end }} \ No newline at end of file diff --git a/ops/kubernetes/nomad/templates/ingress-api.yaml b/ops/kubernetes/nomad/templates/ingress-api.yaml deleted file mode 100644 index 5766492abc33a0de33ee5ee089c50393c4663d8f..0000000000000000000000000000000000000000 --- a/ops/kubernetes/nomad/templates/ingress-api.yaml +++ /dev/null @@ -1,63 +0,0 @@ -{{- if .Values.nomad.ingress.enabled -}} -{{- $fullName := include "nomad.fullname" . -}} -{{- $svcPort := .Values.nomad.service.port -}} -{{- $path := .Values.nomad.proxy.path -}} -{{- if and .Values.nomad.ingress.className (not (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion)) }} - {{- if not (hasKey .Values.nomad.ingress.annotations "kubernetes.io/ingress.class") }} - {{- $_ := set .Values.nomad.ingress.annotations "kubernetes.io/ingress.class" .Values.nomad.ingress.className}} - {{- end }} -{{- end }} -{{- if semverCompare ">=1.19-0" .Capabilities.KubeVersion.GitVersion -}} -apiVersion: networking.k8s.io/v1 -{{- else if semverCompare ">=1.14-0" .Capabilities.KubeVersion.GitVersion -}} -apiVersion: networking.k8s.io/v1beta1 -{{- else -}} -apiVersion: extensions/v1beta1 -{{- end }} -kind: Ingress -metadata: - name: {{ $fullName }}-api - labels: - {{- include "nomad.labels" . | nindent 4 }} - annotations: - nginx.ingress.kubernetes.io/proxy-request-buffering: "off" - nginx.ingress.kubernetes.io/proxy-send-timeout: "{{ .Values.nomad.proxy.timeout }}" - nginx.ingress.kubernetes.io/proxy-read-timeout: "{{ .Values.nomad.proxy.timeout }}" - nginx.ingress.kubernetes.io/proxy-connect-timeout: "{{ .Values.nomad.proxy.connectionTimeout }}" - nginx.ingress.kubernetes.io/limit-connections: "{{ .Values.nomad.ingress.limitConnectionsApi }}" - {{- with .Values.nomad.ingress.annotations }} - {{- toYaml . | nindent 4 }} - {{- end }} -spec: - {{- if and .Values.nomad.ingress.className (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion) }} - ingressClassName: {{ .Values.nomad.ingress.className }} - {{- end }} - {{- if .Values.nomad.ingress.tls }} - tls: - {{- range .Values.nomad.ingress.tls }} - - hosts: - {{- range .hosts }} - - {{ . | quote }} - {{- end }} - secretName: {{ .secretName }} - {{- end }} - {{- end }} - rules: - {{- range .Values.nomad.ingress.hosts }} - - host: {{ . | quote }} - http: - paths: - - path: {{ trimSuffix "/" $path }}/api - pathType: ImplementationSpecific - backend: - {{- if semverCompare ">=1.19-0" $.Capabilities.KubeVersion.GitVersion }} - service: - name: {{ $fullName }}-proxy - port: - number: {{ $svcPort }} - {{- else }} - serviceName: {{ $fullName }}-proxy - servicePort: {{ $svcPort }} - {{- end }} - {{- end }} -{{- end }} diff --git a/ops/kubernetes/nomad/templates/ingress.yaml b/ops/kubernetes/nomad/templates/ingress.yaml deleted file mode 100644 index bd4fa2ac99384cb3d1fc4516821d8754b56a9b97..0000000000000000000000000000000000000000 --- a/ops/kubernetes/nomad/templates/ingress.yaml +++ /dev/null @@ -1,63 +0,0 @@ -{{- if .Values.nomad.ingress.enabled -}} -{{- $fullName := include "nomad.fullname" . -}} -{{- $svcPort := .Values.nomad.service.port -}} -{{- $path := .Values.nomad.proxy.path -}} -{{- if and .Values.nomad.ingress.className (not (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion)) }} - {{- if not (hasKey .Values.nomad.ingress.annotations "kubernetes.io/ingress.class") }} - {{- $_ := set .Values.nomad.ingress.annotations "kubernetes.io/ingress.class" .Values.nomad.ingress.className}} - {{- end }} -{{- end }} -{{- if semverCompare ">=1.19-0" .Capabilities.KubeVersion.GitVersion -}} -apiVersion: networking.k8s.io/v1 -{{- else if semverCompare ">=1.14-0" .Capabilities.KubeVersion.GitVersion -}} -apiVersion: networking.k8s.io/v1beta1 -{{- else -}} -apiVersion: extensions/v1beta1 -{{- end }} -kind: Ingress -metadata: - name: {{ $fullName }} - labels: - {{- include "nomad.labels" . | nindent 4 }} - annotations: - nginx.ingress.kubernetes.io/proxy-request-buffering: "off" - nginx.ingress.kubernetes.io/proxy-send-timeout: "{{ .Values.nomad.proxy.timeout }}" - nginx.ingress.kubernetes.io/proxy-read-timeout: "{{ .Values.nomad.proxy.timeout }}" - nginx.ingress.kubernetes.io/proxy-connect-timeout: "{{ .Values.nomad.proxy.connectionTimeout }}" - nginx.ingress.kubernetes.io/limit-connections: "{{ .Values.nomad.ingress.limitConnections }}" - {{- with .Values.nomad.ingress.annotations }} - {{- toYaml . | nindent 4 }} - {{- end }} -spec: - {{- if and .Values.nomad.ingress.className (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion) }} - ingressClassName: {{ .Values.nomad.ingress.className }} - {{- end }} - {{- if .Values.nomad.ingress.tls }} - tls: - {{- range .Values.nomad.ingress.tls }} - - hosts: - {{- range .hosts }} - - {{ . | quote }} - {{- end }} - secretName: {{ .secretName }} - {{- end }} - {{- end }} - rules: - {{- range .Values.nomad.ingress.hosts }} - - host: {{ . | quote }} - http: - paths: - - path: {{ $path }} - pathType: ImplementationSpecific - backend: - {{- if semverCompare ">=1.19-0" $.Capabilities.KubeVersion.GitVersion }} - service: - name: {{ $fullName }}-proxy - port: - number: {{ $svcPort }} - {{- else }} - serviceName: {{ $fullName }}-proxy - servicePort: {{ $svcPort }} - {{- end }} - {{- end }} -{{- end }} diff --git a/ops/kubernetes/nomad/templates/proxy/configmap.yml b/ops/kubernetes/nomad/templates/proxy/configmap.yml deleted file mode 100644 index 81ce9788023eb3bbb2a3392a8159f1abaab0d674..0000000000000000000000000000000000000000 --- a/ops/kubernetes/nomad/templates/proxy/configmap.yml +++ /dev/null @@ -1,124 +0,0 @@ -{{- if .Values.nomad.enabled -}} -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ include "nomad.fullname" . }}-configmap-proxy - labels: - {{- include "nomad.labels" . | nindent 4 }} - app.kubernetes.io/component: proxy -data: - nginx.conf: | - {{- if .Values.nomad.config.north.enabled }} - # top-level http config for websocket headers - # If Upgrade is defined, Connection = upgrade - # If Upgrade is empty, Connection = close - map $http_upgrade $connection_upgrade { - default upgrade; - '' close; - } - - {{- end }} - server { - listen 80; - server_name www.example.com; - proxy_set_header Host $host; - - proxy_connect_timeout {{ .Values.nomad.proxy.connectionTimeout }}; - proxy_read_timeout {{ .Values.nomad.proxy.timeout }}; - proxy_pass_request_headers on; - underscores_in_headers on; - - {{- if .Values.nomad.config.gui.gzip }} - gzip_min_length 1000; - gzip_buffers 4 8k; - gzip_http_version 1.0; - gzip_disable "msie6"; - gzip_vary on; - gzip on; - gzip_proxied any; - gzip_types - text/css - text/javascript - text/xml - text/plain - application/javascript - application/x-javascript - application/json; - {{- end }} - - location / { - proxy_pass http://{{ include "nomad.fullname" . }}-app:8000; - } - - location ~ {{ .Values.nomad.proxy.path }}\/?(gui)?$ { - rewrite ^ {{ .Values.nomad.proxy.path }}/gui/ permanent; - } - - location {{ .Values.nomad.proxy.path }}/gui/ { - proxy_intercept_errors on; - error_page 404 = @redirect_to_index; - proxy_pass http://{{ include "nomad.fullname" . }}-app:8000; - } - - location @redirect_to_index { - rewrite ^ {{ .Values.nomad.proxy.path }}/gui/index.html break; - proxy_pass http://{{ include "nomad.fullname" . }}-app:8000; - } - - location {{ .Values.nomad.proxy.path }}/docs/ { - proxy_intercept_errors on; - error_page 404 = @redirect_to_index_docs; - proxy_pass http://{{ include "nomad.fullname" . }}-app:8000; - } - - location @redirect_to_index_docs { - rewrite ^ {{ .Values.nomad.proxy.path }}/docs/index.html break; - proxy_pass http://{{ include "nomad.fullname" . }}-app:8000; - } - - location ~ \/gui\/(service-worker\.js|meta\.json)$ { - add_header Last-Modified $date_gmt; - add_header Cache-Control 'no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0'; - if_modified_since off; - expires off; - etag off; - proxy_pass http://{{ include "nomad.fullname" . }}-app:8000; - } - - location ~ /api/v1/uploads(/?$|.*/raw|.*/bundle?$) { - client_max_body_size 35g; - proxy_request_buffering off; - proxy_pass http://{{ include "nomad.fullname" . }}-app:8000; - } - - location ~ /api/v1/.*/download { - proxy_buffering off; - proxy_pass http://{{ include "nomad.fullname" . }}-app:8000; - } - - location ~ /api/v1/entries/edit { - proxy_buffering off; - proxy_read_timeout {{ .Values.nomad.proxy.editTimeout }}; - proxy_pass http://{{ include "nomad.fullname" . }}-app:8000; - } - - {{- if .Values.nomad.config.north.enabled }} - location {{ .Values.nomad.proxy.path }}/north/ { - client_max_body_size 500m; - proxy_pass http://{{ include "jupyterhub.fullname" . }}-proxy-public; - - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header Host $host; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - - # websocket headers - proxy_http_version 1.1; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection $connection_upgrade; - proxy_set_header X-Scheme $scheme; - - proxy_buffering off; - } - {{- end }} - } -{{- end}} \ No newline at end of file diff --git a/ops/kubernetes/nomad/templates/proxy/deployment.yaml b/ops/kubernetes/nomad/templates/proxy/deployment.yaml deleted file mode 100644 index ee1f7526f061dd50e785d83e5c3989fb7c795155..0000000000000000000000000000000000000000 --- a/ops/kubernetes/nomad/templates/proxy/deployment.yaml +++ /dev/null @@ -1,112 +0,0 @@ -{{- if .Values.nomad.enabled -}} -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ include "nomad.fullname" . }}-proxy - labels: - {{- include "nomad.labels" . | nindent 4 }} - app.kubernetes.io/component: proxy -spec: - replicas: {{ .Values.nomad.proxy.replicaCount }} - selector: - matchLabels: - {{- include "nomad.selectorLabels" . | nindent 6 }} - app.kubernetes.io/component: proxy - template: - metadata: - {{- with .Values.nomad.proxy.podAnnotations }} - annotations: - {{- toYaml . | nindent 8 }} - {{- end }} - labels: - {{- include "nomad.labels" . | nindent 8 }} - {{- with .Values.nomad.podLabels }} - {{- toYaml . | nindent 8 }} - {{- end }} - app.kubernetes.io/component: proxy - spec: - {{- with .Values.nomad.proxy.imagePullSecrets }} - imagePullSecrets: - {{- toYaml . | nindent 8 }} - {{- end }} - # serviceAccountName: {{ include "nomad.serviceAccountName" . }} - {{- with .Values.nomad.proxy.podSecurityContext }} - securityContext: - {{- . | toYaml | nindent 8 }} - {{- end }} - containers: - - name: {{ .Chart.Name }}-proxy - {{- with .Values.nomad.proxy.securityContext }} - securityContext: - {{- . | toYaml | nindent 12 }} - {{- end }} - image: "{{ .Values.nomad.proxy.image.repository }}:{{ .Values.nomad.proxy.image.tag }}" - imagePullPolicy: {{ .Values.nomad.proxy.image.pullPolicy }} - {{- with .Values.nomad.proxy.command }} - command: - {{- range . }} - - {{ tpl . $ }} - {{- end }} - {{- end }} - {{- with .Values.nomad.proxy.args }} - args: - {{- range . }} - - {{ tpl . $ }} - {{- end }} - {{- end }} - ports: - - name: http - containerPort: {{ .Values.nomad.proxy.service.port }} - protocol: TCP - livenessProbe: - httpGet: - path: "{{ .Values.nomad.proxy.path }}/gui/index.html" - port: http - initialDelaySeconds: 90 - periodSeconds: 10 - timeoutSeconds: {{ add .Values.nomad.proxy.timeout 10 }} - readinessProbe: - httpGet: - path: "{{ .Values.nomad.proxy.path }}/gui/index.html" - port: http - initialDelaySeconds: 90 - periodSeconds: 3 - timeoutSeconds: {{ add .Values.nomad.proxy.timeout 3}} - {{- with .Values.nomad.proxy.resources }} - resources: - {{- . | toYaml | nindent 12 }} - {{- end }} - volumeMounts: - - mountPath: /etc/nginx/conf.d - readOnly: true - name: nginx-conf - - mountPath: /var/log/nginx - name: log - {{- with .Values.nomad.volumeMounts }} - {{- toYaml . | nindent 12 }} - {{- end }} - volumes: - - name: nginx-conf - configMap: - name: {{ include "nomad.fullname" . }}-configmap-proxy - items: - - key: nginx.conf - path: default.conf - - name: log - emptyDir: {} - {{- with .Values.nomad.volumes }} - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.nomad.proxy.nodeSelector }} - nodeSelector: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.nomad.proxy.affinity }} - affinity: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.nomad.proxy.tolerations }} - tolerations: - {{- toYaml . | nindent 8 }} - {{- end }} -{{- end}} \ No newline at end of file diff --git a/ops/kubernetes/nomad/templates/proxy/service.yaml b/ops/kubernetes/nomad/templates/proxy/service.yaml deleted file mode 100644 index 2c3205234bbebce9507528d9d7884a4c67b9dae5..0000000000000000000000000000000000000000 --- a/ops/kubernetes/nomad/templates/proxy/service.yaml +++ /dev/null @@ -1,20 +0,0 @@ -{{- if .Values.nomad.enabled -}} -apiVersion: v1 -kind: Service -metadata: - name: {{ include "nomad.fullname" . }}-proxy - labels: - {{- include "nomad.labels" . | nindent 4 }} - app.kubernetes.io/component: proxy -spec: - type: {{ .Values.nomad.proxy.service.type }} - ports: - - port: {{ .Values.nomad.proxy.service.port }} - # targetPort: http - targetPort: 80 - protocol: TCP - name: http - selector: - {{- include "nomad.selectorLabels" . | nindent 4 }} - app.kubernetes.io/component: proxy -{{- end}} \ No newline at end of file diff --git a/ops/kubernetes/nomad/templates/serviceaccount.yaml b/ops/kubernetes/nomad/templates/serviceaccount.yaml deleted file mode 100644 index 2fe49cfbeb26f4e53aa207bcb72527d8466cd086..0000000000000000000000000000000000000000 --- a/ops/kubernetes/nomad/templates/serviceaccount.yaml +++ /dev/null @@ -1,13 +0,0 @@ -{{- if .Values.serviceAccount.create -}} -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ include "nomad.serviceAccountName" . }} - labels: - {{- include "nomad.labels" . | nindent 4 }} - {{- with .Values.serviceAccount.annotations }} - annotations: - {{- toYaml . | nindent 4 }} - {{- end }} - # automountServiceAccountToken: {{ .Values.serviceAccount.automount }} -{{- end }} diff --git a/ops/kubernetes/nomad/templates/worker/deployment.yaml b/ops/kubernetes/nomad/templates/worker/deployment.yaml deleted file mode 100644 index 71e8a2c20f338ff64ba8c8ca25ea1d98d8b69258..0000000000000000000000000000000000000000 --- a/ops/kubernetes/nomad/templates/worker/deployment.yaml +++ /dev/null @@ -1,160 +0,0 @@ -{{- if .Values.nomad.enabled -}} -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ include "nomad.fullname" . }}-worker - labels: - {{- include "nomad.labels" . | nindent 4 }} - app.kubernetes.io/component: worker -spec: - replicas: {{ .Values.nomad.worker.replicaCount }} - selector: - matchLabels: - {{- include "nomad.selectorLabels" . | nindent 6 }} - app.kubernetes.io/component: worker - template: - metadata: - {{- with .Values.nomad.worker.podAnnotations }} - annotations: - {{- toYaml . | nindent 8 }} - {{- if .Values.roll }} - rollme: {{ randAlphaNum 5 | quote }} - {{- end }} - {{- else }} - {{- if .Values.roll }} - annotations: - rollme: {{ randAlphaNum 5 | quote }} - {{- end }} - {{- end }} - labels: - {{- include "nomad.labels" . | nindent 8 }} - {{- with .Values.nomad.podLabels }} - {{- toYaml . | nindent 8 }} - {{- end }} - app.kubernetes.io/component: worker - spec: - {{- with .Values.nomad.imagePullSecrets }} - imagePullSecrets: - {{- toYaml . | nindent 8 }} - {{- end }} - serviceAccountName: {{ include "nomad.serviceAccountName" . }} - {{- with .Values.nomad.worker.podSecurityContext }} - securityContext: - {{- toYaml . | nindent 8 }} - {{- end }} - containers: - - name: {{ .Chart.Name }}-worker - {{- with .Values.nomad.worker.securityContext }} - securityContext: - {{- toYaml . | nindent 12 }} - {{- end }} - image: "{{ .Values.nomad.image.repository }}:{{ .Values.nomad.image.tag | default .Chart.AppVersion }}" - imagePullPolicy: {{ .Values.nomad.image.pullPolicy }} - {{- with .Values.nomad.worker.resources }} - resources: - {{- toYaml . | nindent 12 }} - {{- end }} - volumeMounts: - - mountPath: /app/nomad.yaml - name: nomad-conf - subPath: nomad.yaml - - mountPath: /app/.volumes/fs/public - name: public-volume - - mountPath: /app/.volumes/fs/staging - name: staging-volume - - mountPath: /nomad - name: nomad-volume - {{- with .Values.nomad.volumeMounts }} - {{- toYaml . | nindent 12 }} - {{- end }} - env: - - name: CELERY_ACKS_LATE - value: "True" - - name: NOMAD_META_SERVICE - value: "worker" - - name: NOMAD_CONSOLE_LOG_LEVEL - value: "{{ .Values.nomad.config.worker.console_loglevel }}" - - name: NOMAD_LOGSTASH_LEVEL - value: "{{ .Values.nomad.config.worker.logstash_loglevel }}" - - name: NOMAD_CELERY_NODE_NAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - {{- if .Values.nomad.config.api.apiSecret }} - - name: NOMAD_SERVICES_API_SECRET - valueFrom: - secretKeyRef: - name: {{ .Values.nomad.config.api.apiSecret}} - key: password - {{- end }} - {{- if .Values.nomad.config.keycloak.clientSecret }} - - name: NOMAD_KEYCLOAK_CLIENT_SECRET - valueFrom: - secretKeyRef: - name: {{ .Values.nomad.config.keycloak.clientSecret }} - key: password - {{- end }} - {{- if .Values.nomad.config.keycloak.passwordSecret }} - - name: NOMAD_KEYCLOAK_PASSWORD - valueFrom: - secretKeyRef: - name: {{ .Values.nomad.config.keycloak.passwordSecret }} - key: password - {{- end }} - command: ["python", "-m", "celery", "-A", "nomad.processing", "worker", "-n", "$(NOMAD_CELERY_NODE_NAME)" {{ if .Values.nomad.worker.processes }}, "-c", "{{ .Values.nomad.worker.processes }}"{{ end }}{{ if .Values.nomad.worker.maxTasksPerChild }}, "--max-tasks-per-child", "{{ .Values.nomad.worker.maxTasksPerChild }}"{{ end }}] - livenessProbe: - exec: - command: - - bash - - -c - - NOMAD_LOGSTASH_LEVEL=WARNING python -m celery -A nomad.processing status | grep "${NOMAD_CELERY_NODE_NAME}:.*OK" - initialDelaySeconds: 30 - periodSeconds: 120 - timeoutSeconds: 60 - readinessProbe: - exec: - command: - - bash - - -c - - NOMAD_LOGSTASH_LEVEL=WARNING python -m celery -A nomad.processing status | grep "${NOMAD_CELERY_NODE_NAME}:.*OK" - initialDelaySeconds: 30 - periodSeconds: 120 - timeoutSeconds: 60 - volumes: - {{- with .Values.nomad.volumes }} - {{- toYaml . | nindent 8 }} - {{- end }} - - name: nomad-conf - configMap: - name: {{ include "nomad.fullname" . }}-configmap - - name: public-volume - hostPath: - path: {{ .Values.nomad.config.volumes.public }} - # type: Directory - - name: staging-volume - {{ if (eq .Values.nomad.config.worker.storage "memory") }} - emptyDir: - medium: 'Memory' - {{ else }} - hostPath: - path: {{ .Values.nomad.config.volumes.staging}} - # type: Directory - {{ end }} - - name: nomad-volume - hostPath: - path: {{ .Values.nomad.config.volumes.nomad }} - # type: Directory - - {{- with .Values.nomad.worker.nodeSelector }} - nodeSelector: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.nomad.worker.affinity }} - affinity: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.nomad.worker.tolerations }} - tolerations: - {{- toYaml . | nindent 8 }} - {{- end }} -{{- end }} \ No newline at end of file diff --git a/ops/kubernetes/nomad/updatevalues.py b/ops/kubernetes/nomad/updatevalues.py deleted file mode 100644 index a902d7fe1c975c40c5c1b1f92ac848c6282ddaaa..0000000000000000000000000000000000000000 --- a/ops/kubernetes/nomad/updatevalues.py +++ /dev/null @@ -1,76 +0,0 @@ -# Updates the values.yaml file based on the nomad configuration. Currently this -# includes the following: -# - populating jupyterhub.singleUser.profileList with NORTH tools - -from typing import Any, Dict -import os -from sys import stdout, argv -from ruamel.yaml import YAML -from nomad import config - -dir_path = os.path.dirname(os.path.realpath(__file__)) -file_path = os.path.join(dir_path, 'values.yaml') - -yaml = YAML() -yaml.allow_duplicate_keys = True -with open(file_path, 'r') as file: - data = yaml.load(file) - -# Profiles currently break how NOMAD interacts with JupyterHub, so we're only using -# the extraImages to feed the prePuller -generate_profiles = False - -if generate_profiles: - profile_list = ( - data.setdefault('jupyterhub', {}) - .setdefault('singleuser', {}) - .setdefault('profileList', []) - ) - for name, tool in config.north.tools.filtered_items(): - profile = next( - (profile for profile in profile_list if profile['display_name'] == name), - None, - ) - if profile is None: - profile = dict() - profile_list.append(profile) - - profile.update( - dict( - display_name=name, - description=tool.description, - kubespawner_override=dict( - image=tool.image, - image_pull_policy=tool.image_pull_policy, - ), - ) - ) - - if tool.default_url: - profile['kubespawner_override']['default_url'] = tool.default_url - if tool.cmd: - profile['kubespawner_override']['cmd'] = tool.cmd - if tool.privileged: - profile['kubespawner_override']['privileged'] = tool.privileged - profile['kubespawner_override']['allow_privilege_escalation'] = True - profile['kubespawner_override']['uid'] = 0 - -else: - pre_puller = data.setdefault('jupyterhub', {}).setdefault('prePuller', {}) - extra_images: Dict[str, Any] = {} - pre_puller['extraImages'] = extra_images - - for name, tool in config.north.tools.filtered_items(): - try: - image_name, image_tag = tool.image.rsplit(':', 1) - except ValueError: - image_name, image_tag = tool.image, 'latest' - - extra_images[name] = dict(name=image_name, tag=image_tag) - - -if len(argv) == 2: - with open(argv[1], 'w') as file: - yaml.dump(data, file) -else: - yaml.dump(data, stdout) diff --git a/ops/kubernetes/nomad/values.yaml b/ops/kubernetes/nomad/values.yaml deleted file mode 100644 index 98498b784cc8800e26ff77171750414c2d031c2c..0000000000000000000000000000000000000000 --- a/ops/kubernetes/nomad/values.yaml +++ /dev/null @@ -1,600 +0,0 @@ -# Default values for nomad. -# This is a YAML-formatted file. -# Declare variables to be passed into your templates. -roll: false -nameOverride: '' -fullnameOverride: '' - -serviceAccount: - # Specifies whether a service account should be created - create: true - # Automatically mount a ServiceAccount's API credentials? - automount: true - # Annotations to add to the service account - annotations: {} - # The name of the service account to use. - # If not set and create is true, a name is generated using the fullname template - name: '' - -nomad: - enabled: true - image: - repository: gitlab-registry.mpcdf.mpg.de/nomad-lab/nomad-fair - tag: latest - pullPolicy: Always - - imagePullSecrets: [] - config: - version: - label: latest - isTest: false - isBeta: false - usesBetaData: false - officialUrl: https://nomad-lab.eu/prod/v1/gui - - meta: - service: app - homepage: https://nomad-lab.eu - source_url: https://gitlab.mpcdf.mpg.de/nomad-lab/nomad-FAIR - maintainer_email: markus.scheidgen@physik.hu-berlin.de - - api: - ## Secret used as cryptographic seed - secret: defaultApiSecret - ## Limit of unpublished uploads per user, except admin user - uploadLimit: 10 - - app: - console_loglevel: INFO - logstash_loglevel: INFO - - worker: - console_loglevel: ERROR - logstash_loglevel: INFO - ## There are two routing modes "queue" and "worker". The "queue" routing will use a general - # task queue and spread calc processing task over worker instances. The "worker" routing - # will send all tasks related to an upload to the same worker - routing: queue - timeout: 7200 - acks_late: false - - mail: - enabled: false - host: localhost - port: 25 - from: support@nomad-lab.eu - - client: - username: admin - - springerDbPath: /nomad/fairdi/db/data/springer.msg - - reprocess: - rematchPublished: true - reprocessExistingEntries: true - useOriginalParser: false - addMatchedEntriesToPublished: false - deleteUnmatchedPublishedEntries: false - indexIndividualEntries: false - - process: - reuseParser: true - indexMaterials: true - rfc3161_skip_published: false - - datacite: - enabled: false - prefix: '10.17172' - - ## A common name/prefix for all dbs and indices. - dbname: fairdi_nomad_latest - - mongo: - host: '' - port: 27017 - - elastic: - host: '' - port: 9200 - timeout: 60 - bulkTimeout: 600 - bulkSize: 1000 - entriesPerMaterialCap: 1000 - - logstash: - enabled: true - port: 5000 - host: '' - - keycloak: - serverExternalUrl: https://nomad-lab.eu/fairdi/keycloak/auth/ - serverUrl: https://nomad-lab.eu/keycloak/auth/ - realmName: fairdi_nomad_test - username: admin - clientId: nomad_public - guiClientId: nomad_public - admin_user_id: 00000000-0000-0000-0000-000000000000 - - ## Everything concerning the data that is used by the service - volumes: - prefixSize: 1 - public: /nomad/fairdi/latest/fs/public - staging: /nomad/fairdi/latest/fs/staging - north_home: /nomad/fairdi/latest/fs/north/users - tmp: /nomad/fairdi/latest/fs/tmp - nomad: /nomad - - services: - aitoolkit: - ## enable aitoolkit references - enabled: false - - north: - enabled: false - hubServiceApiToken: secret-token - - gui: - ## This variable is used in the GUI to show or hide additional information - debug: false - ## automatically gz based on header - gzip: true - - proxy: - # Set a nodePort to create a NodePort service instead of ClusterIP. Also set a nodeIP for the externalIP. - timeout: 120 - editTimeout: 1800 - external: - host: nomad-lab.eu - port: 80 - path: /fairdi/nomad/latest - https: true - - - ingress: - enabled: false - limitConnections: 32 - limitConnectionsApi: 8 - hosts: - - nomad-lab.eu - className: '' - annotations: - nginx.ingress.kubernetes.io/ssl-redirect: 'false' - nginx.ingress.kubernetes.io/proxy-body-size: 32g - tls: [] - - # Additional volumes on the output Deployment definition. - volumes: [] - # - name: foo - # secret: - # secretName: mysecret - # optional: false - - # Additional volumeMounts on the output Deployment definition. - volumeMounts: [] - # - name: foo - # mountPath: "/etc/foo" - # readOnly: true - - # APPLICATION SPECIFIC parameters - service: - type: ClusterIP - port: 80 - - # TODO: Do we really need this? different app could bave their own ingress config. Eventually prozy is just another nginx ssrver - ## Everything concerning the nginx that serves the gui, proxies the api - # It is run via NodePort service - proxy: - path: /fairdi/nomad/latest - timeout: 60 - editTimeout: 60 - connectionTimeout: 10 - - replicaCount: 1 - # Set a nodePort to create a NodePort service instead of ClusterIP. Also set a nodeIP for the externalIP. - - image: - repository: nginx - # Overrides the image tag whose default is the chart appVersion. - tag: 1.13.9-alpine - pullPolicy: IfNotPresent - - command: [nginx] - args: [-g, daemon off;] - - imagePullSecrets: [] - - service: - type: ClusterIP - port: 80 - - podSecurityContext: {} - # fsGroup: 2000 - - securityContext: {} - # capabilities: - # drop: - # - ALL - # readOnlyRootFilesystem: true - # runAsNonRoot: true - # runAsUser: 1000 - - resources: {} - # We usually recommend not to specify default resources and to leave this as a conscious - # choice for the user. This also increases chances charts run on environments with little - # resources, such as Minikube. If you do want to specify resources, uncomment the following - # lines, adjust them as necessary, and remove the curly braces after 'resources:'. - # limits: - # cpu: 100m - # memory: 128Mi - # requests: - # cpu: 100m - # memory: 128Mi - - # Additional volumes on the output Deployment definition. - volumes: [] - # - name: foo - # secret: - # secretName: mysecret - # optional: false - - # Additional volumeMounts on the output Deployment definition. - volumeMounts: [] - # - name: foo - # mountPath: "/etc/foo" - # readOnly: true - - nodeSelector: {} - tolerations: [] - affinity: {} - - podAnnotations: {} - podLabels: {} - - ## Everything concerning the nomad app - app: - replicaCount: 1 - - # options: {} - service: - type: ClusterIP - port: 8000 - - podSecurityContext: {} - # fsGroup: 2000 - - securityContext: {} - # capabilities: - # drop: - # - ALL - # readOnlyRootFilesystem: true - # runAsNonRoot: true - # runAsUser: 1000 - - resources: {} - # We usually recommend not to specify default resources and to leave this as a conscious - # choice for the user. This also increases chances charts run on environments with little - # resources, such as Minikube. If you do want to specify resources, uncomment the following - # lines, adjust them as necessary, and remove the curly braces after 'resources:'. - # limits: - # cpu: 100m - # memory: 128Mi - # requests: - # cpu: 100m - # memory: 128Mi - - # Additional volumes on the output Deployment definition. - volumes: [] - # - name: foo - # secret: - # secretName: mysecret - # optional: false - - # Additional volumeMounts on the output Deployment definition. - volumeMounts: [] - # - name: foo - # mountPath: "/etc/foo" - # readOnly: true - - nodeSelector: {} - tolerations: [] - affinity: {} - - podAnnotations: {} - podLabels: {} - - ## Everything concerning the nomad worker - worker: - replicaCount: 1 - - maxTasksPerChild: 128 - # storage: "disk" - - podSecurityContext: {} - # fsGroup: 2000 - - securityContext: {} - # capabilities: - # drop: - # - ALL - # readOnlyRootFilesystem: true - # runAsNonRoot: true - # runAsUser: 1000 - - # request and limit in GB, good prod sizes are 64, 420 - resources: {} - # We usually recommend not to specify default resources and to leave this as a conscious - # choice for the user. This also increases chances charts run on environments with little - # resources, such as Minikube. If you do want to specify resources, uncomment the following - # lines, adjust them as necessary, and remove the curly braces after 'resources:'. - # limits: - # cpu: 100m - # memory: 128Mi - # requests: - # cpu: 100m - # memory: 128Mi - - # Additional volumes on the output Deployment definition. - volumes: [] - # - name: foo - # secret: - # secretName: mysecret - # optional: false - - # Additional volumeMounts on the output Deployment definition. - volumeMounts: [] - # - name: foo - # mountPath: "/etc/foo" - # readOnly: true - - nodeSelector: {} - tolerations: [] - affinity: {} - - podAnnotations: {} - podLabels: {} - - ## Everything concerning the nomad adminconsole - adminconsole: - enabled: false - - replicaCount: 1 - - podSecurityContext: {} - # fsGroup: 2000 - - securityContext: {} - # capabilities: - # drop: - # - ALL - # readOnlyRootFilesystem: true - # runAsNonRoot: true - # runAsUser: 1000 - - # request and limit in GB, good prod sizes are 64, 420 - resources: {} - # We usually recommend not to specify default resources and to leave this as a conscious - # choice for the user. This also increases chances charts run on environments with little - # resources, such as Minikube. If you do want to specify resources, uncomment the following - # lines, adjust them as necessary, and remove the curly braces after 'resources:'. - # limits: - # cpu: 100m - # memory: 128Mi - # requests: - # cpu: 100m - # memory: 128Mi - - # Additional volumes on the output Deployment definition. - volumes: [] - # - name: foo - # secret: - # secretName: mysecret - # optional: false - - # Additional volumeMounts on the output Deployment definition. - volumeMounts: [] - # - name: foo - # mountPath: "/etc/foo" - # readOnly: true - - nodeSelector: {} - tolerations: [] - affinity: {} - - podAnnotations: {} - podLabels: {} - - ## Everthing concerning the nomad gui - gui: - ## This variable is used in the GUI to show or hide additional information - debug: false - ## automatically gz based on header - gzip: true - ## configuration for the interface, menus, options, etc. - config: {} - -rabbitmq: - persistence: - enabled: false - image.pullSecrets: nil - auth: - username: rabbitmq - password: rabbitmq - erlangCookie: SWQOKODSQALRPCLNMEQG - -jupyterhub: - debug: - enabled: false - # fullnameOverride: null - # nameOverride: "north" - proxy: - service: - type: ClusterIP - singleuser: - image: - pullPolicy: Always - storage: - type: none - hub: - extraEnv: - NOMAD_NORTH_HUB_SERVICE_API_TOKEN: - valueFrom: - secretKeyRef: - name: nomad-hub-service-api-token - key: token - allowNamedServers: true - shutdownOnLogout: true - config: - JupyterHub: - authenticator_class: generic-oauth - Authenticator: - auto_login: true - enable_auth_state: true - GenericOAuthenticator: - client_id: nomad_public - oauth_callback_url: - authorize_url: - https://nomad-lab.eu/fairdi/keycloak/auth/realms/fairdi_nomad_test/protocol/openid-connect/auth - token_url: - https://nomad-lab.eu/fairdi/keycloak/auth/realms/fairdi_nomad_test/protocol/openid-connect/token - userdata_url: - https://nomad-lab.eu/fairdi/keycloak/auth/realms/fairdi_nomad_test/protocol/openid-connect/userinfo - login_service: keycloak - username_key: preferred_username - userdata_params: - state: state - extraConfig: - 01-prespawn-hook.py: | - import os - import requests - import asyncio - - hub_service_api_token = os.getenv('NOMAD_NORTH_HUB_SERVICE_API_TOKEN') - - # configure nomad service - c.JupyterHub.services.append( - { - "name": "nomad-service", - "admin": True, - "api_token": hub_service_api_token, - } - ) - - async def pre_spawn_hook(spawner): - await spawner.load_user_options() - username = spawner.user.name - - spawner.log.info(f"username: {username}") - spawner.log.debug(f'Configuring spawner for named server {spawner.name}') - - if spawner.handler.current_user.name != 'nomad-service': - # Do nothing, will only launch the default image with no volumes. - return - - user_home = spawner.user_options.get('user_home') - spawner.log.info(f"user_home: {user_home}") - if user_home: - spawner.volumes.append({ - 'name': 'user-home', - 'hostPath': {'path': user_home['host_path']} - }) - spawner.volume_mounts.append({ - 'name': 'user-home', - 'mountPath': user_home['mount_path'], - 'readOnly': False - }) - - uploads = spawner.user_options.get('uploads', []) - spawner.log.info(f"uploads: {uploads}") - for (i, upload) in enumerate(uploads): - spawner.volumes.append({ - 'name': f"uploads-{i}", - 'hostPath': {'path': upload['host_path']} - }) - spawner.volume_mounts.append({ - 'name': f"uploads-{i}", - 'mountPath': upload['mount_path'], - 'readOnly': False - }) - - environment = spawner.user_options.get('environment', {}) - spawner.environment.update(environment) - - tool = spawner.user_options.get('tool') - if tool: - spawner.image = tool.get('image') - spawner.cmd = tool.get('cmd') - - # Workaround to have specific default_url for specific containers without using profiles - if tool.get('default_url'): - spawner.default_url = tool.get('default_url') - - # Workaround for webtop based images (no connection to jupyterhub itself) - if tool.get('privileged'): - spawner.privileged = True - spawner.allow_privilege_escalation = True - spawner.uid = 0 - - c.Spawner.pre_spawn_hook = pre_spawn_hook - c.OAuthenticator.allow_all = True - - cull: - enabled: true - timeout: 86400 # 24 hours - every: 600 - removeNamedServers: true - - prePuller: - hook: - enabled: true - image: - pullPolicy: Always - continuous: - enabled: false - extraImages: - jupyter: - name: gitlab-registry.mpcdf.mpg.de/nomad-lab/north/jupyter - tag: refactor - pyiron: - name: pyiron/pyiron - tag: latest - nionswift: - name: gitlab-registry.mpcdf.mpg.de/nomad-lab/north/nionswift - tag: refactor - nexustools: - name: gitlab-registry.mpcdf.mpg.de/nomad-lab/north/nexus - tag: weptop-replacement - fiji: - name: gitlab-registry.mpcdf.mpg.de/nomad-lab/north/fiji - tag: weptop-replacement - vesta: - name: gitlab-registry.mpcdf.mpg.de/nomad-lab/north/abtem - tag: refactor - abtem: - name: gitlab-registry.mpcdf.mpg.de/nomad-lab/north/abtem - tag: refactor - ellips: - name: gitlab-registry.mpcdf.mpg.de/nomad-lab/north/ellips - tag: refactor - xps: - name: gitlab-registry.mpcdf.mpg.de/nomad-lab/north/xps - tag: refactor - sts: - name: gitlab-registry.mpcdf.mpg.de/nomad-lab/north/sts - tag: refactor - apmtools: - name: gitlab-registry.mpcdf.mpg.de/nomad-lab/north/apmtools - tag: refactor - scheduling: - userScheduler: - enabled: false - podPriority: - enabled: false - userPlaceholder: - enabled: false - replicas: 0 - -mongodb: - enabled: true - -elasticsearch: - enabled: true diff --git a/ops/kubernetes/values.yaml b/ops/kubernetes/values.yaml deleted file mode 100644 index 2fcbbcc7c36a6a17f432fcfc80ed87e7e9517dd8..0000000000000000000000000000000000000000 --- a/ops/kubernetes/values.yaml +++ /dev/null @@ -1,217 +0,0 @@ -mongodb: - enabled: false - -elasticsearch: - enabled: false - -nomad: - enabled: true - config: - version: - isBeta: false - usesBetaData: false - - gui: - debug: false - encyclopediaBase: "https://nomad-lab.eu/prod/rae/encyclopedia/#" - aitoolkitEnabled: false - - elastic: - host: elasticsearch-master.nomad-infrastructure.svc.cluster.local - port: 9200 - - mongo: - host: nomad-infrastructure-mongodb-0.nomad-infrastructure-mongodb-headless.nomad-infrastructure.svc.cluster.local,nomad-infrastructure-mongodb-1.nomad-infrastructure-mongodb-headless.nomad-infrastructure.svc.cluster.local,nomad-infrastructure-mongodb-0.nomad-infrastructure-mongodb-headless.nomad-infrastructure.svc.cluster.local/?replicaSet=rs0 - - logstash: - enabled: true - host: eck-stack-eck-logstash-ls-logs.nomad-system.svc.cluster.local - - dbname: nomad_prod_v1 - - uploadurl: "https://nomad-lab.eu/prod/v1/api/uploads" - - client: - passwordSecret: "nomad-keycloak-password" - - keycloak: - serverUrl: "https://nomad-lab.eu/fairdi/keycloak/auth/" - serverExternalUrl: "https://nomad-lab.eu/fairdi/keycloak/auth/" - passwordSecret: "nomad-keycloak-password" - realmName: "fairdi_nomad_prod" - clientId: "nomad_public" - admin_user_id: "82efac55-6187-408c-8027-b98580c0e1c5" - - volumes: - prefixSize: 1 - public: /nomad/prod/fs/public - staging: /nomad/prod/fs/staging - north_home: /nomad/prod/fs/north/users - tmp: /nomad/prod/fs/tmp - nomad: /nomad - archiveVersionSuffix: - - v1.2 - - v1 - - mail: - enabled: true - host: "mailrelay.mpcdf.mpg.de" - port: 25 - from: "support@nomad-lab.eu" - - datacite: - enabled: true - secret: "nomad-datacite" - - north: - enabled: true - hubServiceApiTokenSecret: "nomad-hub-service-api-token" - - plugins: - entry_points: - exclude: - - normalizers/simulation/soap - - nomad_porous_materials.normalizers:porositynormalizer - - image: - tag: "prod" - pullPolicy: "Always" - - volumeMounts: - - mountPath: /app/run - name: nomad-gui-configured - - volumes: - - name: nomad-gui-configured - emptyDir: {} - - ingress: - enabled: true - limitConnections: 32 - limitConnectionsApi: 16 - className: "nginx" - annotations: - cert-manager.io/cluster-issuer: "letsencrypt-production" - nginx.ingress.kubernetes.io/limit-rps: "32" - nginx.ingress.kubernetes.io/denylist-source-range: "141.35.40.36/32, 141.35.40.52/32" - hosts: - - nomad-lab.eu - tls: - - secretName: nomad-lab-eu-tls - hosts: - - nomad-lab.eu - - proxy: - timeout: 60 - editTimeout: 60 - host: "nomad-lab.eu" - path: "/prod/v1" - nodeSelector: - environment: prod - "nomad-lab.eu/app": "" - - app: - replicaCount: 4 - nodeSelector: - environment: prod - "nomad-lab.eu/app": "" - resources: - limits: - memory: "8Gi" - requests: - memory: "1Gi" - podSecurityContext: - runAsUser: 25249 - runAsGroup: 11320 - fsGroup: 11320 - - worker: - replicaCount: 1 - processes: 12 - nodeSelector: - environment: prod - "nomad-lab.eu/worker": "" - podSecurityContext: - runAsUser: 25249 - runAsGroup: 11320 - fsGroup: 11320 - # affinity: - # podAntiAffinity: - # requiredDuringSchedulingIgnoredDuringExecution: - # - topologyKey: kubernetes.io/hostname - # labelSelector: - # matchLabels: - # app.kubernetes.io/component: worker - # app.kubernetes.io/instance: nomad-staging - resources: - limits: - memory: "32Gi" - requests: - memory: "8Gi" - - adminconsole: - replicaCount: 1 - nodeSelector: - environment: prod - "nomad-lab.eu/worker": "" - podSecurityContext: - runAsUser: 25249 - runAsGroup: 11320 - fsGroup: 11320 - resources: - limits: - memory: "32Gi" - requests: - memory: "8Gi" - -rabbitmq: - nodeSelector: - environment: prod - "nomad-lab.eu/db": "" - -jupyterhub: - fullnameOverride: "nomad-prod-north" - proxy: - chp: - nodeSelector: - environment: prod - "nomad-lab.eu/app": "" - hub: - containerSecurityContext: - runAsUser: 25249 - runAsGroup: 11320 - baseUrl: "/prod/v1/north" - nodeSelector: - environment: prod - "nomad-lab.eu/app": "" - db: - type: sqlite-pvc - pvc: - storageClassName: csi-sc-cinderplugin - config: - GenericOAuthenticator: - client_id: nomad_public - oauth_callback_url: https://nomad-lab.eu/prod/v1/north/hub/oauth_callback - authorize_url: https://nomad-lab.eu/fairdi/keycloak/auth/realms/fairdi_nomad_prod/protocol/openid-connect/auth - token_url: https://nomad-lab.eu/fairdi/keycloak/auth/realms/fairdi_nomad_prod/protocol/openid-connect/token - userdata_url: https://nomad-lab.eu/fairdi/keycloak/auth/realms/fairdi_nomad_prod/protocol/openid-connect/userinfo - singleuser: - podNameTemplate: "nomad-prod-north-{username}--{servername}" - uid: 1000 - fsGid: 11320 - # gid: 11320 for some reason this is not in the chart. It exists on the KubeSpawner, - # but there is not pass though config like for uid and fsGid. Therefore, we - # need the extraPodConfig to override the securityContext created by KubeSpawner. - extraPodConfig: - securityContext: - runAsUser: 1000 - runAsGroup: 11320 - fsGroup: 11320 - nodeSelector: - environment: prod - "nomad-lab.eu/worker-north": "" - prePuller: - hook: - nodeSelector: - environment: prod - "nomad-lab.eu/worker-north": "" diff --git a/scripts/check_helm_chart.sh b/scripts/check_helm_chart.sh deleted file mode 100755 index f840fd21217b23593dbc7412fb37745a05b47557..0000000000000000000000000000000000000000 --- a/scripts/check_helm_chart.sh +++ /dev/null @@ -1,17 +0,0 @@ -#!/bin/bash - -set -e -set -x # echo on - -working_dir=$(pwd) -project_dir=$(dirname $(dirname $(realpath $0))) - -cd $project_dir - -mkdir tmp - -python ops/kubernetes/nomad/updatevalues.py > tmp/helm-values.yaml -diff ops/kubernetes/nomad/values.yaml tmp/helm-values.yaml - -# cleanup -rm -rf tmp diff --git a/scripts/update_helm_chart.sh b/scripts/update_helm_chart.sh deleted file mode 100755 index a58bff4d03443aff3f9f5d82ed26951f75b39551..0000000000000000000000000000000000000000 --- a/scripts/update_helm_chart.sh +++ /dev/null @@ -1,10 +0,0 @@ -#!/bin/sh - -set -e - -working_dir=$(pwd) -project_dir=$(dirname $(dirname $(realpath $0))) - -cd $project_dir - -python ops/kubernetes/nomad/updatevalues.py ops/kubernetes/nomad/values.yaml