From 255bbd9bf5a0da953d258813985afd88b8ff48f2 Mon Sep 17 00:00:00 2001 From: michitaro Date: Fri, 22 Nov 2024 14:48:11 +0900 Subject: [PATCH 01/19] draft for fov-quicklook --- .pre-commit-config.yaml | 3 - applications/fov-quicklook/.helmignore | 23 +++++ applications/fov-quicklook/Chart.yaml | 8 ++ applications/fov-quicklook/README.md | 21 +++++ applications/fov-quicklook/secrets.yaml | 3 + .../fov-quicklook/templates/_helpers.tpl | 42 +++++++++ .../fov-quicklook/templates/coordinator.yaml | 77 +++++++++++++++ applications/fov-quicklook/templates/db.yaml | 93 +++++++++++++++++++ .../fov-quicklook/templates/frontend.yaml | 89 ++++++++++++++++++ .../fov-quicklook/templates/generator.yaml | 66 +++++++++++++ .../fov-quicklook/templates/secret.yaml | 39 ++++++++ .../fov-quicklook/values-usdfdev.yaml | 1 + applications/fov-quicklook/values.schema.json | 82 ++++++++++++++++ applications/fov-quicklook/values.yaml | 32 +++++++ docs/applications/fov-quicklook/index.rst | 16 ++++ docs/applications/fov-quicklook/values.md | 12 +++ docs/applications/rsp.rst | 1 + environments/README.md | 1 + .../applications/rsp/fov-quicklook.yaml | 34 +++++++ environments/values-usdfdev.yaml | 1 + environments/values.yaml | 2 + 21 files changed, 643 insertions(+), 3 deletions(-) create mode 100644 applications/fov-quicklook/.helmignore create mode 100644 applications/fov-quicklook/Chart.yaml create mode 100644 applications/fov-quicklook/README.md create mode 100644 applications/fov-quicklook/secrets.yaml create mode 100644 applications/fov-quicklook/templates/_helpers.tpl create mode 100644 applications/fov-quicklook/templates/coordinator.yaml create mode 100644 applications/fov-quicklook/templates/db.yaml create mode 100644 applications/fov-quicklook/templates/frontend.yaml create mode 100644 applications/fov-quicklook/templates/generator.yaml create mode 100644 applications/fov-quicklook/templates/secret.yaml create mode 100644 applications/fov-quicklook/values-usdfdev.yaml create mode 100644 applications/fov-quicklook/values.schema.json create mode 100644 applications/fov-quicklook/values.yaml create mode 100644 docs/applications/fov-quicklook/index.rst create mode 100644 docs/applications/fov-quicklook/values.md create mode 100644 environments/templates/applications/rsp/fov-quicklook.yaml diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index 817e093103..b0943a2f8d 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -16,9 +16,6 @@ repos: - repo: https://github.com/python-jsonschema/check-jsonschema rev: 0.30.0 hooks: - - id: check-jsonschema - files: ^applications/.*/secrets(-[^./-]+)?\.yaml - args: [--schemafile, docs/extras/schemas/secrets.json] - id: check-jsonschema files: ^environments/values(-[^./-]+)?\.yaml args: [--schemafile, docs/extras/schemas/environment.json] diff --git a/applications/fov-quicklook/.helmignore b/applications/fov-quicklook/.helmignore new file mode 100644 index 0000000000..0e8a0eb36f --- /dev/null +++ b/applications/fov-quicklook/.helmignore @@ -0,0 +1,23 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*.orig +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/applications/fov-quicklook/Chart.yaml b/applications/fov-quicklook/Chart.yaml new file mode 100644 index 0000000000..832bc2b469 --- /dev/null +++ b/applications/fov-quicklook/Chart.yaml @@ -0,0 +1,8 @@ +apiVersion: v2 +appVersion: 0.1.0 +description: Full focal plane viewer +name: fov-quicklook +sources: +- https://github.com/michitaro/rubin-fov-quicklook +type: application +version: 1.0.0 diff --git a/applications/fov-quicklook/README.md b/applications/fov-quicklook/README.md new file mode 100644 index 0000000000..3ba428f2ff --- /dev/null +++ b/applications/fov-quicklook/README.md @@ -0,0 +1,21 @@ +# fov-quicklook + +Full focal plane viewer + +## Source Code + +* + +## Values + +| Key | Type | Default | Description | +|-----|------|---------|-------------| +| config.pathPrefix | string | `"/fov-quicklook"` | URL path prefix | +| db_storage_class | string | `nil` | Storage class to use for the database | +| image.pullPolicy | string | `"Always"` | Pull policy for the fov-quicklook image | +| image.repository | string | `"ghcr.io/michitaro/rubin-fov-viewer"` | Image to use in the fov-quicklook deployment | +| image.tag | string | `"latest"` | Tag of image to use | +| s3_repository | object | `{"endpoint":"sdfembs3.sdf.slac.stanford.edu:443","secure":true}` | S3 configuration for the repository | +| s3_tile | object | `{"endpoint":"sdfembs3.sdf.slac.stanford.edu:443","secure":true}` | S3 configuration for the tile storage | +| use_gafaelfawr | bool | `true` | Use gafaelfawr to authenticate | +| use_vault | bool | `true` | Use vault to store secrets | diff --git a/applications/fov-quicklook/secrets.yaml b/applications/fov-quicklook/secrets.yaml new file mode 100644 index 0000000000..42c06cb6d9 --- /dev/null +++ b/applications/fov-quicklook/secrets.yaml @@ -0,0 +1,3 @@ +fov-quicklook-secret: + description: >- + Secrets for s3 access diff --git a/applications/fov-quicklook/templates/_helpers.tpl b/applications/fov-quicklook/templates/_helpers.tpl new file mode 100644 index 0000000000..2daa1ea8a1 --- /dev/null +++ b/applications/fov-quicklook/templates/_helpers.tpl @@ -0,0 +1,42 @@ +{{- define "fov-quicklook.env.s3_tile" -}} +- name: QUICKLOOK_s3_tile + value: {{ .Values.s3_tile | toJson | quote }} +- name: QUICKLOOK_s3_tile__access_key + valueFrom: + secretKeyRef: + name: fov-quicklook-secret + key: s3_tile_access_key +- name: QUICKLOOK_s3_tile__secret_key + valueFrom: + secretKeyRef: + name: fov-quicklook-secret + key: s3_tile_secret_key +{{- end }} + +{{- define "fov-quicklook.env.s3_repository" -}} +- name: QUICKLOOK_s3_repository + value: {{ .Values.s3_repository | toJson | quote }} +- name: QUICKLOOK_s3_repository__access_key + valueFrom: + secretKeyRef: + name: fov-quicklook-secret + key: s3_repository_aceess_key +- name: QUICKLOOK_s3_repository__secret_key + valueFrom: + secretKeyRef: + name: fov-quicklook-secret + key: s3_repository_secret_key +{{- end }} + +{{- define "quicklook.ingress.spec" -}} +rules: + - http: + paths: + - path: {{ .Values.config.pathPrefix }} + pathType: Prefix + backend: + service: + name: quicklook-frontend + port: + number: 9500 +{{- end -}} diff --git a/applications/fov-quicklook/templates/coordinator.yaml b/applications/fov-quicklook/templates/coordinator.yaml new file mode 100644 index 0000000000..ff2225902a --- /dev/null +++ b/applications/fov-quicklook/templates/coordinator.yaml @@ -0,0 +1,77 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: quicklook-coordinator +spec: + strategy: + type: Recreate + replicas: 1 + selector: + matchLabels: + app: quicklook-coordinator + template: + metadata: + labels: + app: quicklook-coordinator + spec: + containers: + - name: quicklook-coordinator + image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" + imagePullPolicy: {{ .Values.image.pullPolicy | quote }} + command: + - sh + - -c + - | + set -e + alembic upgrade head + exec python -m quicklook.coordinator.api + env: + - name: DB_PASSWORD + valueFrom: + secretKeyRef: + name: quicklook-db + key: password + - name: QUICKLOOK_db_url + value: postgresql://quicklook:$(DB_PASSWORD)@quicklook-db:5432/quicklook + {{- include "fov-quicklook.env.s3_tile" . | nindent 12 }} + {{- include "fov-quicklook.env.s3_repository" . | nindent 12 }} + ports: + - containerPort: 9501 + securityContext: + runAsNonRoot: true + runAsUser: 1000 + runAsGroup: 1000 +--- +apiVersion: v1 +kind: Service +metadata: + name: quicklook-coordinator +spec: + selector: + app: quicklook-coordinator + type: ClusterIP + ports: + - name: http + protocol: TCP + port: 9501 + targetPort: 9501 +--- +apiVersion: networking.k8s.io/v1 +kind: NetworkPolicy +metadata: + name: quicklook-coordinator-policy +spec: + podSelector: + matchLabels: + app: quicklook-coordinator + ingress: + - from: + - podSelector: + matchLabels: + app: quicklook-generator + - podSelector: + matchLabels: + app: quicklook-frontend + ports: + - protocol: TCP + port: 9501 diff --git a/applications/fov-quicklook/templates/db.yaml b/applications/fov-quicklook/templates/db.yaml new file mode 100644 index 0000000000..99548c7b96 --- /dev/null +++ b/applications/fov-quicklook/templates/db.yaml @@ -0,0 +1,93 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: quicklook-db +spec: + replicas: 1 + selector: + matchLabels: + app: quicklook-db + template: + metadata: + labels: + app: quicklook-db + spec: + initContainers: + - name: init-permissions + image: 'busybox' + command: ['sh', '-c', 'chown -R 999:999 /var/lib/postgresql/data'] + volumeMounts: + - name: quicklook-db + mountPath: /var/lib/postgresql/data + containers: + - name: quicklook-db + image: 'postgres:16' + env: + - name: POSTGRES_USER + value: quicklook + - name: POSTGRES_DB + value: quicklook + - name: POSTGRES_PASSWORD + valueFrom: + secretKeyRef: + name: quicklook-db + key: password + ports: + - containerPort: 5432 + volumeMounts: + - name: quicklook-db + mountPath: /var/lib/postgresql/data + securityContext: + runAsNonRoot: true + runAsUser: 999 + runAsGroup: 999 + volumes: + - name: quicklook-db + persistentVolumeClaim: + claimName: quicklook-db +--- +apiVersion: v1 +kind: Service +metadata: + name: quicklook-db +spec: + selector: + app: quicklook-db + type: ClusterIP + clusterIP: None + ports: + - name: postgres + protocol: TCP + port: 5432 + targetPort: 5432 +--- +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: quicklook-db +spec: + {{- if .Values.db_storage_class }} + storageClassName: {{ .Values.db_storage_class }} + {{- end }} + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 10Gi +--- +apiVersion: networking.k8s.io/v1 +kind: NetworkPolicy +metadata: + name: quicklook-db-policy +spec: + podSelector: + matchLabels: + app: quicklook-db + ingress: + - from: + - podSelector: + matchLabels: + app: quicklook-coordinator + ports: + - protocol: TCP + port: 5432 diff --git a/applications/fov-quicklook/templates/frontend.yaml b/applications/fov-quicklook/templates/frontend.yaml new file mode 100644 index 0000000000..a4f9f8fccb --- /dev/null +++ b/applications/fov-quicklook/templates/frontend.yaml @@ -0,0 +1,89 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: quicklook-frontend +spec: + replicas: 1 + selector: + matchLabels: + app: quicklook-frontend + template: + metadata: + labels: + app: quicklook-frontend + spec: + containers: + - name: quicklook-frontend + image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" + command: + - sh + - -c + - | + exec python -m quicklook.frontend.api + env: + - name: QUICKLOOK_coordinator_base_url + value: http://quicklook-coordinator:9501 + - name: QUICKLOOK_frontend_app_prefix + value: {{ .Values.config.pathPrefix | quote }} + {{- include "fov-quicklook.env.s3_tile" . | nindent 12 }} + {{- include "fov-quicklook.env.s3_repository" . | nindent 12 }} + ports: + - containerPort: 9500 + securityContext: + runAsNonRoot: true + runAsUser: 1000 + runAsGroup: 1000 +--- +apiVersion: v1 +kind: Service +metadata: + name: quicklook-frontend +spec: + selector: + app: quicklook-frontend + type: ClusterIP + ports: + - name: http + protocol: TCP + port: 9500 + targetPort: 9500 +--- +apiVersion: v1 +kind: Service +metadata: + name: quicklook-frontend +spec: + selector: + app: quicklook-frontend + type: ClusterIP + ports: + - name: http + protocol: TCP + port: 9500 + targetPort: 9500 +--- +{{- if .Values.use_gafaelfawr }} +apiVersion: gafaelfawr.lsst.io/v1alpha1 +kind: GafaelfawrIngress +metadata: + name: quicklook-frontend +config: + scopes: + all: + - "read:all" + service: service + loginRedirect: true +template: + metadata: + name: quicklook-frontend + spec: + {{- include "quicklook.ingress.spec" . | nindent 4 }} +{{- else }} +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: quicklook-frontend +spec: + {{- include "quicklook.ingress.spec" . | nindent 2 }} +{{- end }} + diff --git a/applications/fov-quicklook/templates/generator.yaml b/applications/fov-quicklook/templates/generator.yaml new file mode 100644 index 0000000000..cbb1782dbd --- /dev/null +++ b/applications/fov-quicklook/templates/generator.yaml @@ -0,0 +1,66 @@ +apiVersion: apps/v1 +kind: DaemonSet +metadata: + name: quicklook-generator + labels: + app: quicklook-generator +spec: + updateStrategy: + type: RollingUpdate + rollingUpdate: + maxUnavailable: 100% + selector: + matchLabels: + app: quicklook-generator + template: + metadata: + labels: + app: quicklook-generator + spec: + nodeSelector: + quicklook: "true" + containers: + - name: quicklook-generator + image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" + command: ["python", "-u", "-m", "quicklook.generator.api"] + ports: + - containerPort: 9502 + env: + - name: QUICKLOOK_coordinator_base_url + value: http://quicklook-coordinator:9501 + {{- include "fov-quicklook.env.s3_tile" . | nindent 12 }} + {{- include "fov-quicklook.env.s3_repository" . | nindent 12 }} + volumeMounts: + - mountPath: /dev/shm/quicklook + name: shm + securityContext: + runAsNonRoot: true + runAsUser: 1000 + runAsGroup: 1000 + volumes: + - name: shm + emptyDir: + medium: Memory +--- +apiVersion: networking.k8s.io/v1 +kind: NetworkPolicy +metadata: + name: quicklook-generator-policy +spec: + podSelector: + matchLabels: + app: quicklook-generator + ingress: + - from: + - podSelector: + matchLabels: + app: quicklook-coordinator + - podSelector: + matchLabels: + app: quicklook-frontend + - podSelector: + matchLabels: + app: quicklook-generator + ports: + - protocol: TCP + port: 9502 diff --git a/applications/fov-quicklook/templates/secret.yaml b/applications/fov-quicklook/templates/secret.yaml new file mode 100644 index 0000000000..26a3c38ccb --- /dev/null +++ b/applications/fov-quicklook/templates/secret.yaml @@ -0,0 +1,39 @@ +{{- if .Values.use_vault }} +apiVersion: ricoberger.de/v1alpha1 +kind: VaultSecret +metadata: + name: fov-quicklook-secret +spec: + path: "{{ .Values.global.vaultSecretsPathPrefix }}/fov-quicklook" + type: Opaque + keys: + - s3_repository_aceess_key + - s3_repository_secret_key + - s3_tile_access_key + - s3_tile_secret_key +{{- else }} +apiVersion: v1 +kind: Secret +metadata: + name: fov-quicklook-secret +type: Opaque +data: + s3_repository_aceess_key: quicklook + s3_repository_secret_key: password + s3_tile_access_key: quicklook + s3_tile_secret_key: password +{{- end }} +--- +# https://itnext.io/manage-auto-generated-secrets-in-your-helm-charts-5aee48ba6918 +{{- $secretObj := (lookup "v1" "Secret" .Release.Namespace "quicklook-db") | default dict }} +{{- $secretData := (get $secretObj "data") | default dict }} +{{- $password := (get $secretData "password") | default (randAlphaNum 48 | b64enc) }} +apiVersion: v1 +kind: Secret +metadata: + name: quicklook-db + annotations: + "helm.sh/resource-policy": "keep" +type: Opaque +data: + password: {{ $password | quote }} diff --git a/applications/fov-quicklook/values-usdfdev.yaml b/applications/fov-quicklook/values-usdfdev.yaml new file mode 100644 index 0000000000..6cf0587746 --- /dev/null +++ b/applications/fov-quicklook/values-usdfdev.yaml @@ -0,0 +1 @@ +db_storage_class: wekafs--sdf-k8s01 diff --git a/applications/fov-quicklook/values.schema.json b/applications/fov-quicklook/values.schema.json new file mode 100644 index 0000000000..1ad7be90c9 --- /dev/null +++ b/applications/fov-quicklook/values.schema.json @@ -0,0 +1,82 @@ +{ + "properties": { + "image": { + "$ref": "#/definitions/image_config" + }, + "config": { + "$ref": "#/definitions/config" + }, + "s3_repository": { + "$ref": "#/definitions/s3_config" + }, + "s3_tile": { + "$ref": "#/definitions/s3_config" + }, + "use_vault": { + "type": "boolean" + }, + "use_gafaelfawr": { + "type": "boolean" + }, + "db_storage_class": { + "type": ["string", "null"], + "default": null + }, + "global": {} + }, + "required": [ + "image", + "use_vault", + "use_gafaelfawr", + "db_storage_class" + ], + "additionalProperties": false, + "definitions": { + "image_config": { + "type": "object", + "properties": { + "repository": { + "type": "string" + }, + "tag": { + "type": "string" + }, + "pullPolicy": { + "type": "string" + } + }, + "required": [ + "repository", + "tag", + "pullPolicy" + ], + "additionalProperties": false + }, + "config": { + "properties": { + "pathPrefix": { + "type": "string" + } + }, + "required": [ + "pathPrefix" + ], + "additionalProperties": false + }, + "s3_config": { + "properties": { + "endpoint": { + "type": "string" + }, + "secure": { + "type": "boolean" + } + }, + "required": [ + "endpoint", + "secure" + ], + "additionalProperties": false + } + } +} \ No newline at end of file diff --git a/applications/fov-quicklook/values.yaml b/applications/fov-quicklook/values.yaml new file mode 100644 index 0000000000..18820a731c --- /dev/null +++ b/applications/fov-quicklook/values.yaml @@ -0,0 +1,32 @@ +# -- Use vault to store secrets +use_vault: true + +# -- Use gafaelfawr to authenticate +use_gafaelfawr: true + +image: + # -- Image to use in the fov-quicklook deployment + repository: ghcr.io/michitaro/rubin-fov-viewer + + # -- Pull policy for the fov-quicklook image + pullPolicy: Always + + # -- Tag of image to use + tag: latest + +config: + # -- URL path prefix + pathPrefix: /fov-quicklook + +# -- S3 configuration for the repository +s3_repository: + endpoint: sdfembs3.sdf.slac.stanford.edu:443 + secure: true + +# -- S3 configuration for the tile storage +s3_tile: + endpoint: sdfembs3.sdf.slac.stanford.edu:443 + secure: true + +# -- Storage class to use for the database +db_storage_class: null diff --git a/docs/applications/fov-quicklook/index.rst b/docs/applications/fov-quicklook/index.rst new file mode 100644 index 0000000000..11f547fa50 --- /dev/null +++ b/docs/applications/fov-quicklook/index.rst @@ -0,0 +1,16 @@ +.. px-app:: fov-quicklook + +####################################### +fov-quicklook — Full focal plane viewer +####################################### + +.. jinja:: fov-quicklook + :file: applications/_summary.rst.jinja + +Guides +====== + +.. toctree:: + :maxdepth: 1 + + values \ No newline at end of file diff --git a/docs/applications/fov-quicklook/values.md b/docs/applications/fov-quicklook/values.md new file mode 100644 index 0000000000..08bc8e206c --- /dev/null +++ b/docs/applications/fov-quicklook/values.md @@ -0,0 +1,12 @@ +```{px-app-values} fov-quicklook +``` + +# fov-quicklook Helm values reference + +Helm values reference table for the {px-app}`fov-quicklook` application. + +```{include} ../../../applications/fov-quicklook/README.md +--- +start-after: "## Values" +--- +``` \ No newline at end of file diff --git a/docs/applications/rsp.rst b/docs/applications/rsp.rst index e022100cbf..339ae727a5 100644 --- a/docs/applications/rsp.rst +++ b/docs/applications/rsp.rst @@ -12,6 +12,7 @@ Argo CD project: ``rsp`` butler/index datalinker/index filestore-backup/index + fov-quicklook/index hips/index jira-data-proxy/index livetap/index diff --git a/environments/README.md b/environments/README.md index 355a7dc4e2..b3565cf76e 100644 --- a/environments/README.md +++ b/environments/README.md @@ -21,6 +21,7 @@ | applications.fastapi-bootcamp | bool | `false` | Enable the fastapi-bootcamp application | | applications.filestore-backup | bool | `false` | Enable the filestore-backup application | | applications.flink | bool | `false` | Enable the flink application | +| applications.fov-quicklook | bool | `false` | Enable the fov-quicklook application | | applications.gafaelfawr | bool | `true` | Enable the Gafaelfawr application. This is required by Phalanx since most other applications use `GafaelfawrIngress` | | applications.ghostwriter | bool | `false` | Enable the ghostwriter application | | applications.giftless | bool | `false` | Enable the giftless application | diff --git a/environments/templates/applications/rsp/fov-quicklook.yaml b/environments/templates/applications/rsp/fov-quicklook.yaml new file mode 100644 index 0000000000..bdf73ab94d --- /dev/null +++ b/environments/templates/applications/rsp/fov-quicklook.yaml @@ -0,0 +1,34 @@ +{{- if (index .Values "applications" "fov-quicklook") -}} +apiVersion: v1 +kind: Namespace +metadata: + name: "fov-quicklook" +--- +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + name: "fov-quicklook" + namespace: "argocd" + finalizers: + - "resources-finalizer.argocd.argoproj.io" +spec: + destination: + namespace: "fov-quicklook" + server: "https://kubernetes.default.svc" + project: "rsp" + source: + path: "applications/fov-quicklook" + repoURL: {{ .Values.repoUrl | quote }} + targetRevision: {{ .Values.targetRevision | quote }} + helm: + parameters: + - name: "global.host" + value: {{ .Values.fqdn | quote }} + - name: "global.baseUrl" + value: "https://{{ .Values.fqdn }}" + - name: "global.vaultSecretsPath" + value: {{ .Values.vaultPathPrefix | quote }} + valueFiles: + - "values.yaml" + - "values-{{ .Values.name }}.yaml" +{{- end -}} \ No newline at end of file diff --git a/environments/values-usdfdev.yaml b/environments/values-usdfdev.yaml index ee2390b317..1f6251c1e5 100644 --- a/environments/values-usdfdev.yaml +++ b/environments/values-usdfdev.yaml @@ -39,3 +39,4 @@ applications: strimzi: true tap: true times-square: true + fov-quicklook: true diff --git a/environments/values.yaml b/environments/values.yaml index 37ac10bd49..53dd02d870 100644 --- a/environments/values.yaml +++ b/environments/values.yaml @@ -80,6 +80,8 @@ applications: # -- Enable the flink application flink: false + # -- Enable the fov-quicklook application + fov-quicklook: false # -- Enable the Gafaelfawr application. This is required by Phalanx since # most other applications use `GafaelfawrIngress` From 4df47586ac16392f557bbd3436b8619c5d06704f Mon Sep 17 00:00:00 2001 From: michitaro Date: Fri, 22 Nov 2024 14:49:36 +0900 Subject: [PATCH 02/19] typo --- applications/fov-quicklook/templates/_helpers.tpl | 2 +- applications/fov-quicklook/templates/secret.yaml | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/applications/fov-quicklook/templates/_helpers.tpl b/applications/fov-quicklook/templates/_helpers.tpl index 2daa1ea8a1..17243110b3 100644 --- a/applications/fov-quicklook/templates/_helpers.tpl +++ b/applications/fov-quicklook/templates/_helpers.tpl @@ -20,7 +20,7 @@ valueFrom: secretKeyRef: name: fov-quicklook-secret - key: s3_repository_aceess_key + key: s3_repository_acceess_key - name: QUICKLOOK_s3_repository__secret_key valueFrom: secretKeyRef: diff --git a/applications/fov-quicklook/templates/secret.yaml b/applications/fov-quicklook/templates/secret.yaml index 26a3c38ccb..e4a1f09fe7 100644 --- a/applications/fov-quicklook/templates/secret.yaml +++ b/applications/fov-quicklook/templates/secret.yaml @@ -7,7 +7,7 @@ spec: path: "{{ .Values.global.vaultSecretsPathPrefix }}/fov-quicklook" type: Opaque keys: - - s3_repository_aceess_key + - s3_repository_acceess_key - s3_repository_secret_key - s3_tile_access_key - s3_tile_secret_key @@ -18,7 +18,7 @@ metadata: name: fov-quicklook-secret type: Opaque data: - s3_repository_aceess_key: quicklook + s3_repository_acceess_key: quicklook s3_repository_secret_key: password s3_tile_access_key: quicklook s3_tile_secret_key: password From 63830013bc8225bca4c4c9a8c93fab4a84983901 Mon Sep 17 00:00:00 2001 From: michitaro Date: Fri, 22 Nov 2024 15:05:19 +0900 Subject: [PATCH 03/19] Reorder applications alphabetically --- environments/values-usdfdev.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/environments/values-usdfdev.yaml b/environments/values-usdfdev.yaml index 1f6251c1e5..f7e5a95a78 100644 --- a/environments/values-usdfdev.yaml +++ b/environments/values-usdfdev.yaml @@ -16,6 +16,7 @@ applications: consdb: true datalinker: true exposurelog: true + fov-quicklook: true jira-data-proxy: true livetap: true mobu: true @@ -39,4 +40,3 @@ applications: strimzi: true tap: true times-square: true - fov-quicklook: true From cc9b8a0a6d53d54311f0de7bb6a798a799c9c696 Mon Sep 17 00:00:00 2001 From: michitaro Date: Thu, 28 Nov 2024 14:48:23 +0900 Subject: [PATCH 04/19] Fix typo --- applications/fov-quicklook/templates/_helpers.tpl | 2 +- applications/fov-quicklook/templates/secret.yaml | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/applications/fov-quicklook/templates/_helpers.tpl b/applications/fov-quicklook/templates/_helpers.tpl index 17243110b3..89d2a0f9b8 100644 --- a/applications/fov-quicklook/templates/_helpers.tpl +++ b/applications/fov-quicklook/templates/_helpers.tpl @@ -20,7 +20,7 @@ valueFrom: secretKeyRef: name: fov-quicklook-secret - key: s3_repository_acceess_key + key: s3_repository_access_key - name: QUICKLOOK_s3_repository__secret_key valueFrom: secretKeyRef: diff --git a/applications/fov-quicklook/templates/secret.yaml b/applications/fov-quicklook/templates/secret.yaml index e4a1f09fe7..0221b15a5c 100644 --- a/applications/fov-quicklook/templates/secret.yaml +++ b/applications/fov-quicklook/templates/secret.yaml @@ -7,7 +7,7 @@ spec: path: "{{ .Values.global.vaultSecretsPathPrefix }}/fov-quicklook" type: Opaque keys: - - s3_repository_acceess_key + - s3_repository_access_key - s3_repository_secret_key - s3_tile_access_key - s3_tile_secret_key @@ -18,7 +18,7 @@ metadata: name: fov-quicklook-secret type: Opaque data: - s3_repository_acceess_key: quicklook + s3_repository_access_key: quicklook s3_repository_secret_key: password s3_tile_access_key: quicklook s3_tile_secret_key: password From 109c0d44e3ed59f9c4e3c0a5b88525c16dbad676 Mon Sep 17 00:00:00 2001 From: michitaro Date: Thu, 28 Nov 2024 14:58:54 +0900 Subject: [PATCH 05/19] rename secret name fov-quicklook{-secret,} --- applications/fov-quicklook/secrets.yaml | 2 +- applications/fov-quicklook/templates/_helpers.tpl | 8 ++++---- applications/fov-quicklook/templates/secret.yaml | 4 ++-- 3 files changed, 7 insertions(+), 7 deletions(-) diff --git a/applications/fov-quicklook/secrets.yaml b/applications/fov-quicklook/secrets.yaml index 42c06cb6d9..0a5a061fed 100644 --- a/applications/fov-quicklook/secrets.yaml +++ b/applications/fov-quicklook/secrets.yaml @@ -1,3 +1,3 @@ -fov-quicklook-secret: +fov-quicklook: description: >- Secrets for s3 access diff --git a/applications/fov-quicklook/templates/_helpers.tpl b/applications/fov-quicklook/templates/_helpers.tpl index 89d2a0f9b8..bdc075be04 100644 --- a/applications/fov-quicklook/templates/_helpers.tpl +++ b/applications/fov-quicklook/templates/_helpers.tpl @@ -4,12 +4,12 @@ - name: QUICKLOOK_s3_tile__access_key valueFrom: secretKeyRef: - name: fov-quicklook-secret + name: fov-quicklook key: s3_tile_access_key - name: QUICKLOOK_s3_tile__secret_key valueFrom: secretKeyRef: - name: fov-quicklook-secret + name: fov-quicklook key: s3_tile_secret_key {{- end }} @@ -19,12 +19,12 @@ - name: QUICKLOOK_s3_repository__access_key valueFrom: secretKeyRef: - name: fov-quicklook-secret + name: fov-quicklook key: s3_repository_access_key - name: QUICKLOOK_s3_repository__secret_key valueFrom: secretKeyRef: - name: fov-quicklook-secret + name: fov-quicklook key: s3_repository_secret_key {{- end }} diff --git a/applications/fov-quicklook/templates/secret.yaml b/applications/fov-quicklook/templates/secret.yaml index 0221b15a5c..3153c5a083 100644 --- a/applications/fov-quicklook/templates/secret.yaml +++ b/applications/fov-quicklook/templates/secret.yaml @@ -2,7 +2,7 @@ apiVersion: ricoberger.de/v1alpha1 kind: VaultSecret metadata: - name: fov-quicklook-secret + name: fov-quicklook spec: path: "{{ .Values.global.vaultSecretsPathPrefix }}/fov-quicklook" type: Opaque @@ -15,7 +15,7 @@ spec: apiVersion: v1 kind: Secret metadata: - name: fov-quicklook-secret + name: fov-quicklook type: Opaque data: s3_repository_access_key: quicklook From 75329daaba2eb846561c4eb273ac3fee8e1da309 Mon Sep 17 00:00:00 2001 From: michitaro Date: Fri, 29 Nov 2024 11:07:48 +0900 Subject: [PATCH 06/19] update secrets --- applications/fov-quicklook/secrets.yaml | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/applications/fov-quicklook/secrets.yaml b/applications/fov-quicklook/secrets.yaml index 0a5a061fed..a19814dad6 100644 --- a/applications/fov-quicklook/secrets.yaml +++ b/applications/fov-quicklook/secrets.yaml @@ -1,3 +1,6 @@ -fov-quicklook: +s3_tile_access_key: description: >- - Secrets for s3 access + The access key for the S3 bucket that contains the tile data. +s3_tile_secret_key: + description: >- + The secret key for the S3 bucket that contains the tile data. From 87807777db9aa8e28f906eba0ff56f78f351ffda Mon Sep 17 00:00:00 2001 From: michitaro Date: Fri, 29 Nov 2024 11:17:14 +0900 Subject: [PATCH 07/19] make object storage bucket configurable --- applications/fov-quicklook/README.md | 4 ++-- applications/fov-quicklook/values.schema.json | 4 ++++ applications/fov-quicklook/values.yaml | 2 ++ 3 files changed, 8 insertions(+), 2 deletions(-) diff --git a/applications/fov-quicklook/README.md b/applications/fov-quicklook/README.md index 3ba428f2ff..9199c871bb 100644 --- a/applications/fov-quicklook/README.md +++ b/applications/fov-quicklook/README.md @@ -15,7 +15,7 @@ Full focal plane viewer | image.pullPolicy | string | `"Always"` | Pull policy for the fov-quicklook image | | image.repository | string | `"ghcr.io/michitaro/rubin-fov-viewer"` | Image to use in the fov-quicklook deployment | | image.tag | string | `"latest"` | Tag of image to use | -| s3_repository | object | `{"endpoint":"sdfembs3.sdf.slac.stanford.edu:443","secure":true}` | S3 configuration for the repository | -| s3_tile | object | `{"endpoint":"sdfembs3.sdf.slac.stanford.edu:443","secure":true}` | S3 configuration for the tile storage | +| s3_repository | object | `{"bucket":"fov-quicklook-repository","endpoint":"sdfembs3.sdf.slac.stanford.edu:443","secure":true}` | S3 configuration for the repository | +| s3_tile | object | `{"bucket":"fov-quicklook-tile","endpoint":"sdfembs3.sdf.slac.stanford.edu:443","secure":true}` | S3 configuration for the tile storage | | use_gafaelfawr | bool | `true` | Use gafaelfawr to authenticate | | use_vault | bool | `true` | Use vault to store secrets | diff --git a/applications/fov-quicklook/values.schema.json b/applications/fov-quicklook/values.schema.json index 1ad7be90c9..29c7c865bb 100644 --- a/applications/fov-quicklook/values.schema.json +++ b/applications/fov-quicklook/values.schema.json @@ -68,12 +68,16 @@ "endpoint": { "type": "string" }, + "bucket": { + "type": "string" + }, "secure": { "type": "boolean" } }, "required": [ "endpoint", + "bucket", "secure" ], "additionalProperties": false diff --git a/applications/fov-quicklook/values.yaml b/applications/fov-quicklook/values.yaml index 18820a731c..dd9d3bc816 100644 --- a/applications/fov-quicklook/values.yaml +++ b/applications/fov-quicklook/values.yaml @@ -22,11 +22,13 @@ config: s3_repository: endpoint: sdfembs3.sdf.slac.stanford.edu:443 secure: true + bucket: fov-quicklook-repository # -- S3 configuration for the tile storage s3_tile: endpoint: sdfembs3.sdf.slac.stanford.edu:443 secure: true + bucket: fov-quicklook-tile # -- Storage class to use for the database db_storage_class: null From 10da8e971a63458bd72b474c616239d5130fcbb9 Mon Sep 17 00:00:00 2001 From: michitaro Date: Fri, 29 Nov 2024 11:35:49 +0900 Subject: [PATCH 08/19] make db_storage_class non-mandatory --- applications/fov-quicklook/values.schema.json | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/applications/fov-quicklook/values.schema.json b/applications/fov-quicklook/values.schema.json index 29c7c865bb..2a68546f2f 100644 --- a/applications/fov-quicklook/values.schema.json +++ b/applications/fov-quicklook/values.schema.json @@ -27,8 +27,7 @@ "required": [ "image", "use_vault", - "use_gafaelfawr", - "db_storage_class" + "use_gafaelfawr" ], "additionalProperties": false, "definitions": { From e4721c4faa5fd7176f3e7025b2093df069aafa2b Mon Sep 17 00:00:00 2001 From: michitaro Date: Fri, 29 Nov 2024 11:54:19 +0900 Subject: [PATCH 09/19] remove duplicated definition of service --- applications/fov-quicklook/templates/frontend.yaml | 14 -------------- 1 file changed, 14 deletions(-) diff --git a/applications/fov-quicklook/templates/frontend.yaml b/applications/fov-quicklook/templates/frontend.yaml index a4f9f8fccb..a3c7fb1d82 100644 --- a/applications/fov-quicklook/templates/frontend.yaml +++ b/applications/fov-quicklook/templates/frontend.yaml @@ -48,20 +48,6 @@ spec: port: 9500 targetPort: 9500 --- -apiVersion: v1 -kind: Service -metadata: - name: quicklook-frontend -spec: - selector: - app: quicklook-frontend - type: ClusterIP - ports: - - name: http - protocol: TCP - port: 9500 - targetPort: 9500 ---- {{- if .Values.use_gafaelfawr }} apiVersion: gafaelfawr.lsst.io/v1alpha1 kind: GafaelfawrIngress From 11c472c139b04578c6e37c1dbf7715c95d7bedc8 Mon Sep 17 00:00:00 2001 From: michitaro Date: Fri, 29 Nov 2024 11:55:00 +0900 Subject: [PATCH 10/19] update frontend.yaml to restrict read scope to 'read:image' --- applications/fov-quicklook/templates/frontend.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/applications/fov-quicklook/templates/frontend.yaml b/applications/fov-quicklook/templates/frontend.yaml index a3c7fb1d82..43836b4319 100644 --- a/applications/fov-quicklook/templates/frontend.yaml +++ b/applications/fov-quicklook/templates/frontend.yaml @@ -56,7 +56,7 @@ metadata: config: scopes: all: - - "read:all" + - "read:image" service: service loginRedirect: true template: From f7bfeb37fdf84a131134b8d7f945bfd9caf190a6 Mon Sep 17 00:00:00 2001 From: michitaro Date: Fri, 29 Nov 2024 13:36:00 +0900 Subject: [PATCH 11/19] Rename resources: quicklook -> fov-quicklook --- .../fov-quicklook/templates/_helpers.tpl | 2 +- .../fov-quicklook/templates/coordinator.yaml | 24 +++++++-------- applications/fov-quicklook/templates/db.yaml | 30 +++++++++---------- .../fov-quicklook/templates/frontend.yaml | 20 ++++++------- .../fov-quicklook/templates/generator.yaml | 22 +++++++------- .../fov-quicklook/templates/secret.yaml | 4 +-- 6 files changed, 51 insertions(+), 51 deletions(-) diff --git a/applications/fov-quicklook/templates/_helpers.tpl b/applications/fov-quicklook/templates/_helpers.tpl index bdc075be04..42436eda3f 100644 --- a/applications/fov-quicklook/templates/_helpers.tpl +++ b/applications/fov-quicklook/templates/_helpers.tpl @@ -36,7 +36,7 @@ rules: pathType: Prefix backend: service: - name: quicklook-frontend + name: fov-quicklook-frontend port: number: 9500 {{- end -}} diff --git a/applications/fov-quicklook/templates/coordinator.yaml b/applications/fov-quicklook/templates/coordinator.yaml index ff2225902a..3ff665a1e8 100644 --- a/applications/fov-quicklook/templates/coordinator.yaml +++ b/applications/fov-quicklook/templates/coordinator.yaml @@ -1,21 +1,21 @@ apiVersion: apps/v1 kind: Deployment metadata: - name: quicklook-coordinator + name: fov-quicklook-coordinator spec: strategy: type: Recreate replicas: 1 selector: matchLabels: - app: quicklook-coordinator + app: fov-quicklook-coordinator template: metadata: labels: - app: quicklook-coordinator + app: fov-quicklook-coordinator spec: containers: - - name: quicklook-coordinator + - name: fov-quicklook-coordinator image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" imagePullPolicy: {{ .Values.image.pullPolicy | quote }} command: @@ -29,10 +29,10 @@ spec: - name: DB_PASSWORD valueFrom: secretKeyRef: - name: quicklook-db + name: fov-quicklook-db key: password - name: QUICKLOOK_db_url - value: postgresql://quicklook:$(DB_PASSWORD)@quicklook-db:5432/quicklook + value: postgresql://quicklook:$(DB_PASSWORD)@fov-quicklook-db:5432/quicklook {{- include "fov-quicklook.env.s3_tile" . | nindent 12 }} {{- include "fov-quicklook.env.s3_repository" . | nindent 12 }} ports: @@ -45,10 +45,10 @@ spec: apiVersion: v1 kind: Service metadata: - name: quicklook-coordinator + name: fov-quicklook-coordinator spec: selector: - app: quicklook-coordinator + app: fov-quicklook-coordinator type: ClusterIP ports: - name: http @@ -59,19 +59,19 @@ spec: apiVersion: networking.k8s.io/v1 kind: NetworkPolicy metadata: - name: quicklook-coordinator-policy + name: fov-quicklook-coordinator-policy spec: podSelector: matchLabels: - app: quicklook-coordinator + app: fov-quicklook-coordinator ingress: - from: - podSelector: matchLabels: - app: quicklook-generator + app: fov-quicklook-generator - podSelector: matchLabels: - app: quicklook-frontend + app: fov-quicklook-frontend ports: - protocol: TCP port: 9501 diff --git a/applications/fov-quicklook/templates/db.yaml b/applications/fov-quicklook/templates/db.yaml index 99548c7b96..5a1aaedd3f 100644 --- a/applications/fov-quicklook/templates/db.yaml +++ b/applications/fov-quicklook/templates/db.yaml @@ -1,26 +1,26 @@ apiVersion: apps/v1 kind: Deployment metadata: - name: quicklook-db + name: fov-quicklook-db spec: replicas: 1 selector: matchLabels: - app: quicklook-db + app: fov-quicklook-db template: metadata: labels: - app: quicklook-db + app: fov-quicklook-db spec: initContainers: - name: init-permissions image: 'busybox' command: ['sh', '-c', 'chown -R 999:999 /var/lib/postgresql/data'] volumeMounts: - - name: quicklook-db + - name: fov-quicklook-db mountPath: /var/lib/postgresql/data containers: - - name: quicklook-db + - name: fov-quicklook-db image: 'postgres:16' env: - name: POSTGRES_USER @@ -30,29 +30,29 @@ spec: - name: POSTGRES_PASSWORD valueFrom: secretKeyRef: - name: quicklook-db + name: fov-quicklook-db key: password ports: - containerPort: 5432 volumeMounts: - - name: quicklook-db + - name: fov-quicklook-db mountPath: /var/lib/postgresql/data securityContext: runAsNonRoot: true runAsUser: 999 runAsGroup: 999 volumes: - - name: quicklook-db + - name: fov-quicklook-db persistentVolumeClaim: - claimName: quicklook-db + claimName: fov-quicklook-db --- apiVersion: v1 kind: Service metadata: - name: quicklook-db + name: fov-quicklook-db spec: selector: - app: quicklook-db + app: fov-quicklook-db type: ClusterIP clusterIP: None ports: @@ -64,7 +64,7 @@ spec: apiVersion: v1 kind: PersistentVolumeClaim metadata: - name: quicklook-db + name: fov-quicklook-db spec: {{- if .Values.db_storage_class }} storageClassName: {{ .Values.db_storage_class }} @@ -78,16 +78,16 @@ spec: apiVersion: networking.k8s.io/v1 kind: NetworkPolicy metadata: - name: quicklook-db-policy + name: fov-quicklook-db-policy spec: podSelector: matchLabels: - app: quicklook-db + app: fov-quicklook-db ingress: - from: - podSelector: matchLabels: - app: quicklook-coordinator + app: fov-quicklook-coordinator ports: - protocol: TCP port: 5432 diff --git a/applications/fov-quicklook/templates/frontend.yaml b/applications/fov-quicklook/templates/frontend.yaml index 43836b4319..c4690f6798 100644 --- a/applications/fov-quicklook/templates/frontend.yaml +++ b/applications/fov-quicklook/templates/frontend.yaml @@ -1,19 +1,19 @@ apiVersion: apps/v1 kind: Deployment metadata: - name: quicklook-frontend + name: fov-quicklook-frontend spec: replicas: 1 selector: matchLabels: - app: quicklook-frontend + app: fov-quicklook-frontend template: metadata: labels: - app: quicklook-frontend + app: fov-quicklook-frontend spec: containers: - - name: quicklook-frontend + - name: fov-quicklook-frontend image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" command: - sh @@ -22,7 +22,7 @@ spec: exec python -m quicklook.frontend.api env: - name: QUICKLOOK_coordinator_base_url - value: http://quicklook-coordinator:9501 + value: http://fov-quicklook-coordinator:9501 - name: QUICKLOOK_frontend_app_prefix value: {{ .Values.config.pathPrefix | quote }} {{- include "fov-quicklook.env.s3_tile" . | nindent 12 }} @@ -37,10 +37,10 @@ spec: apiVersion: v1 kind: Service metadata: - name: quicklook-frontend + name: fov-quicklook-frontend spec: selector: - app: quicklook-frontend + app: fov-quicklook-frontend type: ClusterIP ports: - name: http @@ -52,7 +52,7 @@ spec: apiVersion: gafaelfawr.lsst.io/v1alpha1 kind: GafaelfawrIngress metadata: - name: quicklook-frontend + name: fov-quicklook-frontend config: scopes: all: @@ -61,14 +61,14 @@ config: loginRedirect: true template: metadata: - name: quicklook-frontend + name: fov-quicklook-frontend spec: {{- include "quicklook.ingress.spec" . | nindent 4 }} {{- else }} apiVersion: networking.k8s.io/v1 kind: Ingress metadata: - name: quicklook-frontend + name: fov-quicklook-frontend spec: {{- include "quicklook.ingress.spec" . | nindent 2 }} {{- end }} diff --git a/applications/fov-quicklook/templates/generator.yaml b/applications/fov-quicklook/templates/generator.yaml index cbb1782dbd..e4c9f9dd95 100644 --- a/applications/fov-quicklook/templates/generator.yaml +++ b/applications/fov-quicklook/templates/generator.yaml @@ -1,9 +1,9 @@ apiVersion: apps/v1 kind: DaemonSet metadata: - name: quicklook-generator + name: fov-quicklook-generator labels: - app: quicklook-generator + app: fov-quicklook-generator spec: updateStrategy: type: RollingUpdate @@ -11,23 +11,23 @@ spec: maxUnavailable: 100% selector: matchLabels: - app: quicklook-generator + app: fov-quicklook-generator template: metadata: labels: - app: quicklook-generator + app: fov-quicklook-generator spec: nodeSelector: quicklook: "true" containers: - - name: quicklook-generator + - name: fov-quicklook-generator image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" command: ["python", "-u", "-m", "quicklook.generator.api"] ports: - containerPort: 9502 env: - name: QUICKLOOK_coordinator_base_url - value: http://quicklook-coordinator:9501 + value: http://fov-quicklook-coordinator:9501 {{- include "fov-quicklook.env.s3_tile" . | nindent 12 }} {{- include "fov-quicklook.env.s3_repository" . | nindent 12 }} volumeMounts: @@ -45,22 +45,22 @@ spec: apiVersion: networking.k8s.io/v1 kind: NetworkPolicy metadata: - name: quicklook-generator-policy + name: fov-quicklook-generator-policy spec: podSelector: matchLabels: - app: quicklook-generator + app: fov-quicklook-generator ingress: - from: - podSelector: matchLabels: - app: quicklook-coordinator + app: fov-quicklook-coordinator - podSelector: matchLabels: - app: quicklook-frontend + app: fov-quicklook-frontend - podSelector: matchLabels: - app: quicklook-generator + app: fov-quicklook-generator ports: - protocol: TCP port: 9502 diff --git a/applications/fov-quicklook/templates/secret.yaml b/applications/fov-quicklook/templates/secret.yaml index 3153c5a083..f5ccd5cfa0 100644 --- a/applications/fov-quicklook/templates/secret.yaml +++ b/applications/fov-quicklook/templates/secret.yaml @@ -25,13 +25,13 @@ data: {{- end }} --- # https://itnext.io/manage-auto-generated-secrets-in-your-helm-charts-5aee48ba6918 -{{- $secretObj := (lookup "v1" "Secret" .Release.Namespace "quicklook-db") | default dict }} +{{- $secretObj := (lookup "v1" "Secret" .Release.Namespace "fov-quicklook-db") | default dict }} {{- $secretData := (get $secretObj "data") | default dict }} {{- $password := (get $secretData "password") | default (randAlphaNum 48 | b64enc) }} apiVersion: v1 kind: Secret metadata: - name: quicklook-db + name: fov-quicklook-db annotations: "helm.sh/resource-policy": "keep" type: Opaque From 7712cec7788b68c9805b531ccfa0d0eb32ae8f75 Mon Sep 17 00:00:00 2001 From: michitaro Date: Fri, 29 Nov 2024 14:26:20 +0900 Subject: [PATCH 12/19] merge secret fov-quicklook-db into secret fov-quicklook --- applications/fov-quicklook/secrets.yaml | 11 +++++++++++ .../fov-quicklook/templates/coordinator.yaml | 4 ++-- applications/fov-quicklook/templates/db.yaml | 4 ++-- applications/fov-quicklook/templates/secret.yaml | 16 ++-------------- 4 files changed, 17 insertions(+), 18 deletions(-) diff --git a/applications/fov-quicklook/secrets.yaml b/applications/fov-quicklook/secrets.yaml index a19814dad6..c0c88bb788 100644 --- a/applications/fov-quicklook/secrets.yaml +++ b/applications/fov-quicklook/secrets.yaml @@ -4,3 +4,14 @@ s3_tile_access_key: s3_tile_secret_key: description: >- The secret key for the S3 bucket that contains the tile data. +s3_repository_access_key: + description: >- + The access key for the S3 bucket that contains the repository data. +s3_repository_secret_key: + description: >- + The secret key for the S3 bucket that contains the repository data. +db_password: + description: >- + The password for the database user. + generate: + type: password diff --git a/applications/fov-quicklook/templates/coordinator.yaml b/applications/fov-quicklook/templates/coordinator.yaml index 3ff665a1e8..06a1da8c0d 100644 --- a/applications/fov-quicklook/templates/coordinator.yaml +++ b/applications/fov-quicklook/templates/coordinator.yaml @@ -29,8 +29,8 @@ spec: - name: DB_PASSWORD valueFrom: secretKeyRef: - name: fov-quicklook-db - key: password + name: fov-quicklook + key: db_password - name: QUICKLOOK_db_url value: postgresql://quicklook:$(DB_PASSWORD)@fov-quicklook-db:5432/quicklook {{- include "fov-quicklook.env.s3_tile" . | nindent 12 }} diff --git a/applications/fov-quicklook/templates/db.yaml b/applications/fov-quicklook/templates/db.yaml index 5a1aaedd3f..77cf2aeafd 100644 --- a/applications/fov-quicklook/templates/db.yaml +++ b/applications/fov-quicklook/templates/db.yaml @@ -30,8 +30,8 @@ spec: - name: POSTGRES_PASSWORD valueFrom: secretKeyRef: - name: fov-quicklook-db - key: password + name: fov-quicklook + key: db_password ports: - containerPort: 5432 volumeMounts: diff --git a/applications/fov-quicklook/templates/secret.yaml b/applications/fov-quicklook/templates/secret.yaml index f5ccd5cfa0..791f25831f 100644 --- a/applications/fov-quicklook/templates/secret.yaml +++ b/applications/fov-quicklook/templates/secret.yaml @@ -11,6 +11,7 @@ spec: - s3_repository_secret_key - s3_tile_access_key - s3_tile_secret_key + - db_password {{- else }} apiVersion: v1 kind: Secret @@ -22,18 +23,5 @@ data: s3_repository_secret_key: password s3_tile_access_key: quicklook s3_tile_secret_key: password + db_password: password {{- end }} ---- -# https://itnext.io/manage-auto-generated-secrets-in-your-helm-charts-5aee48ba6918 -{{- $secretObj := (lookup "v1" "Secret" .Release.Namespace "fov-quicklook-db") | default dict }} -{{- $secretData := (get $secretObj "data") | default dict }} -{{- $password := (get $secretData "password") | default (randAlphaNum 48 | b64enc) }} -apiVersion: v1 -kind: Secret -metadata: - name: fov-quicklook-db - annotations: - "helm.sh/resource-policy": "keep" -type: Opaque -data: - password: {{ $password | quote }} From 061f41cb695dd182b201dde3e277685be87eeb27 Mon Sep 17 00:00:00 2001 From: michitaro Date: Fri, 29 Nov 2024 14:40:25 +0900 Subject: [PATCH 13/19] remove unnecessary '-r' from chwon --- applications/fov-quicklook/templates/db.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/applications/fov-quicklook/templates/db.yaml b/applications/fov-quicklook/templates/db.yaml index 77cf2aeafd..ea99d0b2b4 100644 --- a/applications/fov-quicklook/templates/db.yaml +++ b/applications/fov-quicklook/templates/db.yaml @@ -15,7 +15,7 @@ spec: initContainers: - name: init-permissions image: 'busybox' - command: ['sh', '-c', 'chown -R 999:999 /var/lib/postgresql/data'] + command: ['sh', '-c', 'chown 999:999 /var/lib/postgresql/data'] volumeMounts: - name: fov-quicklook-db mountPath: /var/lib/postgresql/data From d793ad0b8f31d508f631d8f24a5dca0965be218c Mon Sep 17 00:00:00 2001 From: michitaro Date: Fri, 29 Nov 2024 16:43:24 +0900 Subject: [PATCH 14/19] Add resource requests and limits for coordinator, frontend, db, and generator --- applications/fov-quicklook/README.md | 8 +++ .../fov-quicklook/templates/coordinator.yaml | 1 + applications/fov-quicklook/templates/db.yaml | 1 + .../fov-quicklook/templates/frontend.yaml | 1 + .../fov-quicklook/templates/generator.yaml | 1 + applications/fov-quicklook/values.schema.json | 72 ++++++++++++++++++- applications/fov-quicklook/values.yaml | 44 ++++++++++++ 7 files changed, 126 insertions(+), 2 deletions(-) diff --git a/applications/fov-quicklook/README.md b/applications/fov-quicklook/README.md index 9199c871bb..f1a07dd8c8 100644 --- a/applications/fov-quicklook/README.md +++ b/applications/fov-quicklook/README.md @@ -11,7 +11,15 @@ Full focal plane viewer | Key | Type | Default | Description | |-----|------|---------|-------------| | config.pathPrefix | string | `"/fov-quicklook"` | URL path prefix | +| coordinator.resources.limits | object | `{"cpu":"4000m","memory":"256Mi"}` | Resource limits for the coordinator | +| coordinator.resources.requests | object | `{"cpu":"100m","memory":"256Mi"}` | Resource requests for the coordinator | +| db.resources.limits | object | `{"cpu":"2000m","memory":"256Mi"}` | Resource limits for the database | +| db.resources.requests | object | `{"cpu":"100m","memory":"256Mi"}` | Resource requests for the database | | db_storage_class | string | `nil` | Storage class to use for the database | +| frontend.resources.limits | object | `{"cpu":"8000m","memory":"256Mi"}` | Resource limits for the frontend | +| frontend.resources.requests | object | `{"cpu":"100m","memory":"256Mi"}` | Resource requests for the frontend | +| generator.resources.limits | object | `{"cpu":"16000m","memory":"2Gi"}` | Resource limits for the generator | +| generator.resources.requests | object | `{"cpu":"100m","memory":"2Gi"}` | Resource requests for the generator | | image.pullPolicy | string | `"Always"` | Pull policy for the fov-quicklook image | | image.repository | string | `"ghcr.io/michitaro/rubin-fov-viewer"` | Image to use in the fov-quicklook deployment | | image.tag | string | `"latest"` | Tag of image to use | diff --git a/applications/fov-quicklook/templates/coordinator.yaml b/applications/fov-quicklook/templates/coordinator.yaml index 06a1da8c0d..8f74ec2b04 100644 --- a/applications/fov-quicklook/templates/coordinator.yaml +++ b/applications/fov-quicklook/templates/coordinator.yaml @@ -41,6 +41,7 @@ spec: runAsNonRoot: true runAsUser: 1000 runAsGroup: 1000 + resources: {{ toYaml .Values.coordinator.resources | nindent 12 }} --- apiVersion: v1 kind: Service diff --git a/applications/fov-quicklook/templates/db.yaml b/applications/fov-quicklook/templates/db.yaml index ea99d0b2b4..f0bf6f33d8 100644 --- a/applications/fov-quicklook/templates/db.yaml +++ b/applications/fov-quicklook/templates/db.yaml @@ -41,6 +41,7 @@ spec: runAsNonRoot: true runAsUser: 999 runAsGroup: 999 + resources: {{ toYaml .Values.db.resources | nindent 12 }} volumes: - name: fov-quicklook-db persistentVolumeClaim: diff --git a/applications/fov-quicklook/templates/frontend.yaml b/applications/fov-quicklook/templates/frontend.yaml index c4690f6798..613dfb5ecc 100644 --- a/applications/fov-quicklook/templates/frontend.yaml +++ b/applications/fov-quicklook/templates/frontend.yaml @@ -29,6 +29,7 @@ spec: {{- include "fov-quicklook.env.s3_repository" . | nindent 12 }} ports: - containerPort: 9500 + resources: {{ toYaml .Values.frontend.resources | nindent 12 }} securityContext: runAsNonRoot: true runAsUser: 1000 diff --git a/applications/fov-quicklook/templates/generator.yaml b/applications/fov-quicklook/templates/generator.yaml index e4c9f9dd95..1276ef6cad 100644 --- a/applications/fov-quicklook/templates/generator.yaml +++ b/applications/fov-quicklook/templates/generator.yaml @@ -37,6 +37,7 @@ spec: runAsNonRoot: true runAsUser: 1000 runAsGroup: 1000 + resources: {{ toYaml .Values.generator.resources | nindent 12 }} volumes: - name: shm emptyDir: diff --git a/applications/fov-quicklook/values.schema.json b/applications/fov-quicklook/values.schema.json index 2a68546f2f..dc75b7a134 100644 --- a/applications/fov-quicklook/values.schema.json +++ b/applications/fov-quicklook/values.schema.json @@ -22,12 +22,52 @@ "type": ["string", "null"], "default": null }, - "global": {} + "global": {}, + "coordinator": { + "type": "object", + "properties": { + "resources": { + "$ref": "#/definitions/resources" + } + }, + "required": ["resources"] + }, + "frontend": { + "type": "object", + "properties": { + "resources": { + "$ref": "#/definitions/resources" + } + }, + "required": ["resources"] + }, + "db": { + "type": "object", + "properties": { + "resources": { + "$ref": "#/definitions/resources" + } + }, + "required": ["resources"] + }, + "generator": { + "type": "object", + "properties": { + "resources": { + "$ref": "#/definitions/resources" + } + }, + "required": ["resources"] + } }, "required": [ "image", "use_vault", - "use_gafaelfawr" + "use_gafaelfawr", + "coordinator", + "frontend", + "db", + "generator" ], "additionalProperties": false, "definitions": { @@ -80,6 +120,34 @@ "secure" ], "additionalProperties": false + }, + "resources": { + "type": "object", + "properties": { + "requests": { + "type": "object", + "properties": { + "cpu": { + "type": "string" + }, + "memory": { + "type": "string" + } + } + }, + "limits": { + "type": "object", + "properties": { + "cpu": { + "type": "string" + }, + "memory": { + "type": "string" + } + }, + "required": ["cpu", "memory"] + } + } } } } \ No newline at end of file diff --git a/applications/fov-quicklook/values.yaml b/applications/fov-quicklook/values.yaml index dd9d3bc816..257faaa9a8 100644 --- a/applications/fov-quicklook/values.yaml +++ b/applications/fov-quicklook/values.yaml @@ -32,3 +32,47 @@ s3_tile: # -- Storage class to use for the database db_storage_class: null + +coordinator: + resources: + # -- Resource requests for the coordinator + requests: + cpu: 100m + memory: 256Mi + # -- Resource limits for the coordinator + limits: + cpu: 4000m + memory: 256Mi + +frontend: + resources: + # -- Resource requests for the frontend + requests: + cpu: 100m + memory: 256Mi + # -- Resource limits for the frontend + limits: + cpu: 8000m + memory: 256Mi + +db: + resources: + # -- Resource requests for the database + requests: + cpu: 100m + memory: 256Mi + # -- Resource limits for the database + limits: + cpu: 2000m + memory: 256Mi + +generator: + resources: + # -- Resource requests for the generator + requests: + cpu: 100m + memory: 2Gi + # -- Resource limits for the generator + limits: + cpu: 16000m + memory: 2Gi From 01b2b2ec2fd3b254c6291ea23be3151049d09e41 Mon Sep 17 00:00:00 2001 From: michitaro Date: Tue, 3 Dec 2024 09:48:21 +0900 Subject: [PATCH 15/19] Add workdir configuration to generator with medium option --- applications/fov-quicklook/README.md | 1 + applications/fov-quicklook/templates/generator.yaml | 2 +- applications/fov-quicklook/values.schema.json | 12 +++++++++++- applications/fov-quicklook/values.yaml | 3 +++ 4 files changed, 16 insertions(+), 2 deletions(-) diff --git a/applications/fov-quicklook/README.md b/applications/fov-quicklook/README.md index f1a07dd8c8..6bf7ae4287 100644 --- a/applications/fov-quicklook/README.md +++ b/applications/fov-quicklook/README.md @@ -20,6 +20,7 @@ Full focal plane viewer | frontend.resources.requests | object | `{"cpu":"100m","memory":"256Mi"}` | Resource requests for the frontend | | generator.resources.limits | object | `{"cpu":"16000m","memory":"2Gi"}` | Resource limits for the generator | | generator.resources.requests | object | `{"cpu":"100m","memory":"2Gi"}` | Resource requests for the generator | +| generator.workdir.medium | string | `"Memory"` | Work directory type for the generator | | image.pullPolicy | string | `"Always"` | Pull policy for the fov-quicklook image | | image.repository | string | `"ghcr.io/michitaro/rubin-fov-viewer"` | Image to use in the fov-quicklook deployment | | image.tag | string | `"latest"` | Tag of image to use | diff --git a/applications/fov-quicklook/templates/generator.yaml b/applications/fov-quicklook/templates/generator.yaml index 1276ef6cad..674f7085f3 100644 --- a/applications/fov-quicklook/templates/generator.yaml +++ b/applications/fov-quicklook/templates/generator.yaml @@ -41,7 +41,7 @@ spec: volumes: - name: shm emptyDir: - medium: Memory + medium: {{ .Values.generator.workdir.medium | quote }} --- apiVersion: networking.k8s.io/v1 kind: NetworkPolicy diff --git a/applications/fov-quicklook/values.schema.json b/applications/fov-quicklook/values.schema.json index dc75b7a134..4567a45c07 100644 --- a/applications/fov-quicklook/values.schema.json +++ b/applications/fov-quicklook/values.schema.json @@ -55,9 +55,19 @@ "properties": { "resources": { "$ref": "#/definitions/resources" + }, + "workdir": { + "type": "object", + "properties": { + "medium": { + "type": "string", + "enum": ["", "Memory"] + } + }, + "required": ["medium"] } }, - "required": ["resources"] + "required": ["resources", "workdir"] } }, "required": [ diff --git a/applications/fov-quicklook/values.yaml b/applications/fov-quicklook/values.yaml index 257faaa9a8..3b79ab3104 100644 --- a/applications/fov-quicklook/values.yaml +++ b/applications/fov-quicklook/values.yaml @@ -76,3 +76,6 @@ generator: limits: cpu: 16000m memory: 2Gi + workdir: + # -- Work directory type for the generator + medium: Memory From 701fb1ec458c436f06754bcad178838197ca728c Mon Sep 17 00:00:00 2001 From: michitaro Date: Tue, 3 Dec 2024 09:51:15 +0900 Subject: [PATCH 16/19] update resources.limits.memory to 32GiB --- applications/fov-quicklook/README.md | 4 ++-- applications/fov-quicklook/values.yaml | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/applications/fov-quicklook/README.md b/applications/fov-quicklook/README.md index 6bf7ae4287..b26c29de49 100644 --- a/applications/fov-quicklook/README.md +++ b/applications/fov-quicklook/README.md @@ -18,8 +18,8 @@ Full focal plane viewer | db_storage_class | string | `nil` | Storage class to use for the database | | frontend.resources.limits | object | `{"cpu":"8000m","memory":"256Mi"}` | Resource limits for the frontend | | frontend.resources.requests | object | `{"cpu":"100m","memory":"256Mi"}` | Resource requests for the frontend | -| generator.resources.limits | object | `{"cpu":"16000m","memory":"2Gi"}` | Resource limits for the generator | -| generator.resources.requests | object | `{"cpu":"100m","memory":"2Gi"}` | Resource requests for the generator | +| generator.resources.limits | object | `{"cpu":"16000m","memory":"32Gi"}` | Resource limits for the generator | +| generator.resources.requests | object | `{"cpu":"100m","memory":"32Gi"}` | Resource requests for the generator | | generator.workdir.medium | string | `"Memory"` | Work directory type for the generator | | image.pullPolicy | string | `"Always"` | Pull policy for the fov-quicklook image | | image.repository | string | `"ghcr.io/michitaro/rubin-fov-viewer"` | Image to use in the fov-quicklook deployment | diff --git a/applications/fov-quicklook/values.yaml b/applications/fov-quicklook/values.yaml index 3b79ab3104..c5cab5b3b7 100644 --- a/applications/fov-quicklook/values.yaml +++ b/applications/fov-quicklook/values.yaml @@ -71,11 +71,11 @@ generator: # -- Resource requests for the generator requests: cpu: 100m - memory: 2Gi + memory: 32Gi # -- Resource limits for the generator limits: cpu: 16000m - memory: 2Gi + memory: 32Gi workdir: # -- Work directory type for the generator medium: Memory From 8cd52a1832392b780f4aefe7908d5cb587f1aa66 Mon Sep 17 00:00:00 2001 From: michitaro Date: Tue, 3 Dec 2024 10:17:57 +0900 Subject: [PATCH 17/19] Add generator replicas configuration and update deployment strategy --- applications/fov-quicklook/README.md | 1 + .../fov-quicklook/templates/generator.yaml | 19 +++++++++++++------ applications/fov-quicklook/values.schema.json | 6 +++++- applications/fov-quicklook/values.yaml | 2 ++ 4 files changed, 21 insertions(+), 7 deletions(-) diff --git a/applications/fov-quicklook/README.md b/applications/fov-quicklook/README.md index b26c29de49..948f2a36f0 100644 --- a/applications/fov-quicklook/README.md +++ b/applications/fov-quicklook/README.md @@ -18,6 +18,7 @@ Full focal plane viewer | db_storage_class | string | `nil` | Storage class to use for the database | | frontend.resources.limits | object | `{"cpu":"8000m","memory":"256Mi"}` | Resource limits for the frontend | | frontend.resources.requests | object | `{"cpu":"100m","memory":"256Mi"}` | Resource requests for the frontend | +| generator.replicas | int | `8` | Number of replicas for the generator | | generator.resources.limits | object | `{"cpu":"16000m","memory":"32Gi"}` | Resource limits for the generator | | generator.resources.requests | object | `{"cpu":"100m","memory":"32Gi"}` | Resource requests for the generator | | generator.workdir.medium | string | `"Memory"` | Work directory type for the generator | diff --git a/applications/fov-quicklook/templates/generator.yaml b/applications/fov-quicklook/templates/generator.yaml index 674f7085f3..dc7cc3b704 100644 --- a/applications/fov-quicklook/templates/generator.yaml +++ b/applications/fov-quicklook/templates/generator.yaml @@ -1,14 +1,13 @@ apiVersion: apps/v1 -kind: DaemonSet +kind: Deployment metadata: name: fov-quicklook-generator labels: app: fov-quicklook-generator spec: - updateStrategy: + replicas: {{ .Values.generator.replicas }} + strategy: type: RollingUpdate - rollingUpdate: - maxUnavailable: 100% selector: matchLabels: app: fov-quicklook-generator @@ -17,8 +16,16 @@ spec: labels: app: fov-quicklook-generator spec: - nodeSelector: - quicklook: "true" + affinity: + podAntiAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + - labelSelector: + matchExpressions: + - key: app + operator: In + values: + - fov-quicklook-generator + topologyKey: "kubernetes.io/hostname" containers: - name: fov-quicklook-generator image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" diff --git a/applications/fov-quicklook/values.schema.json b/applications/fov-quicklook/values.schema.json index 4567a45c07..f1b070c713 100644 --- a/applications/fov-quicklook/values.schema.json +++ b/applications/fov-quicklook/values.schema.json @@ -65,9 +65,13 @@ } }, "required": ["medium"] + }, + "replicas": { + "type": "integer", + "minimum": 1 } }, - "required": ["resources", "workdir"] + "required": ["resources", "workdir", "replicas"] } }, "required": [ diff --git a/applications/fov-quicklook/values.yaml b/applications/fov-quicklook/values.yaml index c5cab5b3b7..8e5f165893 100644 --- a/applications/fov-quicklook/values.yaml +++ b/applications/fov-quicklook/values.yaml @@ -79,3 +79,5 @@ generator: workdir: # -- Work directory type for the generator medium: Memory + # -- Number of replicas for the generator + replicas: 8 From 53ff699881f8a9fdccd25d485a74b3fbe918e2e0 Mon Sep 17 00:00:00 2001 From: michitaro Date: Tue, 10 Dec 2024 13:35:12 +0900 Subject: [PATCH 18/19] add settings for butler --- applications/fov-quicklook/secrets.yaml | 13 +++++++++ .../fov-quicklook/templates/_helpers.tpl | 28 +++++++++++++++++++ .../fov-quicklook/templates/coordinator.yaml | 6 ++++ .../fov-quicklook/templates/generator.yaml | 2 ++ 4 files changed, 49 insertions(+) diff --git a/applications/fov-quicklook/secrets.yaml b/applications/fov-quicklook/secrets.yaml index c0c88bb788..a14af4c463 100644 --- a/applications/fov-quicklook/secrets.yaml +++ b/applications/fov-quicklook/secrets.yaml @@ -15,3 +15,16 @@ db_password: The password for the database user. generate: type: password +"aws-credentials.ini": + description: >- + Google Cloud Storage credentials to the Butler data store, formatted using + AWS syntax for use with boto. + copy: + application: nublado + key: aws-credentials.ini +"postgres-credentials.txt": + description: >- + PostgreSQL credentials in its pgpass format for the Butler database. + copy: + application: nublado + key: postgres-credentials.txt diff --git a/applications/fov-quicklook/templates/_helpers.tpl b/applications/fov-quicklook/templates/_helpers.tpl index 42436eda3f..8fe9398d38 100644 --- a/applications/fov-quicklook/templates/_helpers.tpl +++ b/applications/fov-quicklook/templates/_helpers.tpl @@ -40,3 +40,31 @@ rules: port: number: 9500 {{- end -}} + +{{- define "quicklook.butler-settings.env" -}} +- name: AWS_SHARED_CREDENTIALS_FILE + value: /var/run/secrets/aws-credentials.ini +- name: PGPASSFILE + value: /var/run/secrets/postgres-credentials.txt +- name: PGUSER + value: rubin +- name: LSST_RESOURCES_S3_PROFILE_embargo + value: https://sdfembs3.sdf.slac.stanford.edu +- name: DAF_BUTLER_REPOSITORY_INDEX + value: s3://embargo@rubin-summit-users/data-repos.yaml +{{- end -}} + +{{- define "quicklook.butler-settings.volumes" -}} +- name: butler-settings + secret: + secretName: fov-quicklook +{{- end -}} + +{{- define "quicklook.butler-settings.volumeMounts" -}} +- name: butler-settings + mountPath: /var/run/secrets/aws-credentials.ini + subPath: aws-credentials.ini +- name: butler-settings + mountPath: /var/run/secrets/postgres-credentials.txt + subPath: postgres-credentials.txt +{{- end -}} diff --git a/applications/fov-quicklook/templates/coordinator.yaml b/applications/fov-quicklook/templates/coordinator.yaml index 8f74ec2b04..745ec6b2ed 100644 --- a/applications/fov-quicklook/templates/coordinator.yaml +++ b/applications/fov-quicklook/templates/coordinator.yaml @@ -35,6 +35,7 @@ spec: value: postgresql://quicklook:$(DB_PASSWORD)@fov-quicklook-db:5432/quicklook {{- include "fov-quicklook.env.s3_tile" . | nindent 12 }} {{- include "fov-quicklook.env.s3_repository" . | nindent 12 }} + {{- include "quicklook.butler-settings.env" . | nindent 12 }} ports: - containerPort: 9501 securityContext: @@ -42,6 +43,11 @@ spec: runAsUser: 1000 runAsGroup: 1000 resources: {{ toYaml .Values.coordinator.resources | nindent 12 }} + volumeMounts: + {{- include "quicklook.butler-settings.volumeMounts" . | nindent 12 }} + volumes: + {{- include "quicklook.butler-settings.volumes" . | nindent 8 }} + --- apiVersion: v1 kind: Service diff --git a/applications/fov-quicklook/templates/generator.yaml b/applications/fov-quicklook/templates/generator.yaml index dc7cc3b704..f9fffd0cf4 100644 --- a/applications/fov-quicklook/templates/generator.yaml +++ b/applications/fov-quicklook/templates/generator.yaml @@ -40,6 +40,7 @@ spec: volumeMounts: - mountPath: /dev/shm/quicklook name: shm + {{- include "quicklook.butler-settings.volumeMounts" . | nindent 12 }} securityContext: runAsNonRoot: true runAsUser: 1000 @@ -49,6 +50,7 @@ spec: - name: shm emptyDir: medium: {{ .Values.generator.workdir.medium | quote }} + {{- include "quicklook.butler-settings.volumes" . | nindent 8 }} --- apiVersion: networking.k8s.io/v1 kind: NetworkPolicy From 1d68dc2c0ea77e1bc5a55d25352df0dc48686a96 Mon Sep 17 00:00:00 2001 From: michitaro Date: Wed, 11 Dec 2024 09:23:09 +0900 Subject: [PATCH 19/19] Add AWS and PostgreSQL credentials to secret.yaml --- applications/fov-quicklook/templates/secret.yaml | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/applications/fov-quicklook/templates/secret.yaml b/applications/fov-quicklook/templates/secret.yaml index 791f25831f..ab9f1b2355 100644 --- a/applications/fov-quicklook/templates/secret.yaml +++ b/applications/fov-quicklook/templates/secret.yaml @@ -12,6 +12,8 @@ spec: - s3_tile_access_key - s3_tile_secret_key - db_password + - aws-credentials.ini + - postgres-credentials.txt {{- else }} apiVersion: v1 kind: Secret @@ -24,4 +26,10 @@ data: s3_tile_access_key: quicklook s3_tile_secret_key: password db_password: password + aws-credentials.ini: | + [default] + aws_access_key_id = quicklook + aws_secret_access_key = password + postgres-credentials.txt: | + quicklook:password {{- end }}