From b648dde94b5ec665ffdd511e3b08382d9ef81a53 Mon Sep 17 00:00:00 2001 From: Russ Allbery Date: Wed, 6 Apr 2022 09:22:56 -0700 Subject: [PATCH] Remove portal chart, moved to Phalanx --- charts/portal/.helmignore | 22 ---- charts/portal/Chart.yaml | 8 -- charts/portal/README.md | 53 -------- charts/portal/templates/_helpers.tpl | 51 -------- charts/portal/templates/deployment.yaml | 111 ---------------- charts/portal/templates/ingress.yaml | 44 ------- charts/portal/templates/networkpolicy.yaml | 21 --- charts/portal/templates/redis-deployment.yaml | 76 ----------- .../portal/templates/redis-networkpolicy.yaml | 26 ---- charts/portal/templates/redis-service.yaml | 15 --- charts/portal/templates/service.yaml | 14 -- charts/portal/templates/vault-secret.yaml | 9 -- charts/portal/values.yaml | 122 ------------------ 13 files changed, 572 deletions(-) delete mode 100644 charts/portal/.helmignore delete mode 100644 charts/portal/Chart.yaml delete mode 100644 charts/portal/README.md delete mode 100644 charts/portal/templates/_helpers.tpl delete mode 100644 charts/portal/templates/deployment.yaml delete mode 100644 charts/portal/templates/ingress.yaml delete mode 100644 charts/portal/templates/networkpolicy.yaml delete mode 100644 charts/portal/templates/redis-deployment.yaml delete mode 100644 charts/portal/templates/redis-networkpolicy.yaml delete mode 100644 charts/portal/templates/redis-service.yaml delete mode 100644 charts/portal/templates/service.yaml delete mode 100644 charts/portal/templates/vault-secret.yaml delete mode 100644 charts/portal/values.yaml diff --git a/charts/portal/.helmignore b/charts/portal/.helmignore deleted file mode 100644 index 50af0317..00000000 --- a/charts/portal/.helmignore +++ /dev/null @@ -1,22 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*~ -# Various IDEs -.project -.idea/ -*.tmproj -.vscode/ diff --git a/charts/portal/Chart.yaml b/charts/portal/Chart.yaml deleted file mode 100644 index 3642f0cc..00000000 --- a/charts/portal/Chart.yaml +++ /dev/null @@ -1,8 +0,0 @@ -apiVersion: v2 -appVersion: "suit-233-7-dev" -description: "Rubin Science Platform portal aspect" -name: portal -home: "https://github.com/lsst/suit" -maintainers: - - name: cbanek -version: 0.4.1 diff --git a/charts/portal/README.md b/charts/portal/README.md deleted file mode 100644 index 1ff592a7..00000000 --- a/charts/portal/README.md +++ /dev/null @@ -1,53 +0,0 @@ -# portal - -![Version: 0.4.1](https://img.shields.io/badge/Version-0.4.1-informational?style=flat-square) ![AppVersion: suit-233-7-dev](https://img.shields.io/badge/AppVersion-suit--233--7--dev-informational?style=flat-square) - -Rubin Science Platform portal aspect - -**Homepage:** - -## Maintainers - -| Name | Email | Url | -| ---- | ------ | --- | -| cbanek | | | - -## Values - -| Key | Type | Default | Description | -|-----|------|---------|-------------| -| affinity | object | `{}` | Affinity rules for the Portal pod | -| config.cleanupInterval | string | `"36h"` | How long results should be retained before being deleted | -| config.debug | string | `"FALSE"` | Set to `TRUE` to enable service debugging | -| config.visualizeFitsSearchPath | string | `"/datasets"` | Search path for FITS files | -| config.volumes.configHostPath | string | Use an `emptyDir` | hostPath to mount as configuration. Set either this of `configNfs`, not both. | -| config.volumes.configNfs | object | Use an `emptyDir` | NFS information for a configuration. If set, must have keys for path and server, Set either this of `configHostPath`, not both. | -| config.volumes.workareaHostPath | string | Use an `emptyDir` | hostPath to mount as a shared work area. Set either this or `workareaNfs`, not both. | -| config.volumes.workareaNfs | object | Use an `emptyDir` | NFS information for a shared work area. If set, must have keys for path and server. Set either this or `workareaHostPath`, not both. | -| fullnameOverride | string | `""` | Override the full name for resources (includes the release name) | -| image.pullPolicy | string | `"IfNotPresent"` | Pull policy for the Portal image | -| image.repository | string | `"ipac/suit"` | Portal image to use | -| image.tag | string | The appVersion of the chart | Tag of Portal image to use | -| imagePullSecrets | list | `[]` | Secret names to use for all Docker pulls | -| ingress.annotations | object | `{}` | Additional annotations to add to the ingress | -| ingress.gafaelfawrAuthQuery | string | `"scope=exec:portal&delegate_to=portal&delegate_scope=read:tap"` | Gafaelfawr auth query string | -| ingress.host | string | None, must be set | Hostname for the ingress | -| nameOverride | string | `""` | Override the base name for resources | -| nodeSelector | object | `{}` | Node selector rules for the Portal pod | -| podAnnotations | object | `{}` | Annotations for the Portal pod | -| redis.affinity | object | `{}` | Affinity rules for the Redis pod | -| redis.image.pullPolicy | string | `"IfNotPresent"` | Pull policy for the Redis image | -| redis.image.repository | string | `"redis"` | Redis image to use | -| redis.image.tag | string | `"6.2.6"` | Redis image tag to use | -| redis.nodeSelector | object | `{}` | Node selection rules for the Redis pod | -| redis.podAnnotations | object | `{}` | Pod annotations for the Redis pod | -| redis.resources | object | `{"limits":{"memory":"20Mi"}}` | Resource limits and requests | -| redis.tolerations | list | `[]` | Tolerations for the Redis pod | -| replicaCount | int | `1` | Number of pods to start | -| resources | object | `{"limits":{"cpu":2,"memory":"6Gi"}}` | Resource limits and requests. The Portal will use (by default) 93% of container RAM. This is a smallish Portal; tweak it as you need to in instance definitions in Phalanx. | -| securityContext | object | `{}` | Security context for the Portal pod | -| tolerations | list | `[]` | Tolerations for the Portal pod | -| vaultSecretsPath | string | None, must be set | Path to the Vault secret (`secret/k8s_operator//portal`, for example) | - ----------------------------------------------- -Autogenerated from chart metadata using [helm-docs v1.5.0](https://github.com/norwoodj/helm-docs/releases/v1.5.0) diff --git a/charts/portal/templates/_helpers.tpl b/charts/portal/templates/_helpers.tpl deleted file mode 100644 index 114b6681..00000000 --- a/charts/portal/templates/_helpers.tpl +++ /dev/null @@ -1,51 +0,0 @@ -{{/* -Expand the name of the chart. -*/}} -{{- define "portal.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} -{{- end }} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "portal.fullname" -}} -{{- if .Values.fullnameOverride }} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} -{{- else }} -{{- $name := default .Chart.Name .Values.nameOverride }} -{{- if contains $name .Release.Name }} -{{- .Release.Name | trunc 63 | trimSuffix "-" }} -{{- else }} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} -{{- end }} -{{- end }} -{{- end }} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "portal.chart" -}} -{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} -{{- end }} - -{{/* -Common labels -*/}} -{{- define "portal.labels" -}} -helm.sh/chart: {{ include "portal.chart" . }} -{{ include "portal.selectorLabels" . }} -{{- if .Chart.AppVersion }} -app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} -{{- end }} -app.kubernetes.io/managed-by: {{ .Release.Service }} -{{- end }} - -{{/* -Selector labels -*/}} -{{- define "portal.selectorLabels" -}} -app.kubernetes.io/name: {{ include "portal.name" . }} -app.kubernetes.io/instance: {{ .Release.Name }} -{{- end }} diff --git a/charts/portal/templates/deployment.yaml b/charts/portal/templates/deployment.yaml deleted file mode 100644 index 9a252ddf..00000000 --- a/charts/portal/templates/deployment.yaml +++ /dev/null @@ -1,111 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ include "portal.fullname" . }} - labels: - {{- include "portal.labels" . | nindent 4 }} -spec: - replicas: {{ .Values.replicaCount }} - selector: - matchLabels: - {{- include "portal.selectorLabels" . | nindent 6 }} - app.kubernetes.io/component: "firefly" - template: - metadata: - {{- with .Values.podAnnotations }} - annotations: - {{- toYaml . | nindent 8 }} - {{- end }} - labels: - {{- include "portal.selectorLabels" . | nindent 8 }} - app.kubernetes.io/component: "firefly" - spec: - automountServiceAccountToken: false - {{- with .Values.imagePullSecrets }} - imagePullSecrets: - {{- toYaml . | nindent 8 }} - {{- end }} - containers: - - name: "firefly" - image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" - imagePullPolicy: {{ .Values.image.pullPolicy }} - env: - - name: "MANAGER" - value: "TRUE" - - name: "ADMIN_PASSWORD" - valueFrom: - secretKeyRef: - name: {{ include "portal.fullname" . }}-secret - key: "ADMIN_PASSWORD" - - name: "REDIS_PASSWORD" - valueFrom: - secretKeyRef: - name: {{ include "portal.fullname" . }}-secret - key: "ADMIN_PASSWORD" - - name: "FIREFLY_OPTS" - {{- if .Values.ingress.host }} - value: "-Dredis.host={{ include "portal.fullname" . }}-redis -Dsso.req.auth.hosts={{ .Values.ingress.host }}" - {{- else }} - value: "-Dredis.host={{ include "portal.fullname" . }}-redis" - {{- end }} - - name: "SERVER_CONFIG_DIR" - value: "/firefly/config" - - name: "CLEANUP_INTERVAL" - value: "{{ .Values.config.cleanupInterval }}" - - name: VISUALIZE_FITS_SEARCH_PATH - value: "{{ .Values.config.visualizeFitsSearchPath }}" - - name: DEBUG - value: "{{ .Values.config.debug }}" - ports: - - containerPort: 8080 - {{- with .Values.resources }} - resources: - {{- toYaml . | nindent 12 }} - {{- end }} - volumeMounts: - - mountPath: "/firefly/shared-workarea" - name: "firefly-shared-workarea" - - mountPath: "/firefly/config" - name: "firefly-config" - readOnly: true - {{- with .Values.securityContext }} - securityContext: - {{- toYaml . | nindent 8 }} - {{- end }} - volumes: - - name: "firefly-shared-workarea" - {{- if .Values.config.volumes.workareaHostPath }} - hostPath: - path: {{ .Values.config.volumes.workareaHostPath | quote }} - type: "Directory" - {{- else if .Values.config.volumes.workareaNfs }} - nfs: - path: {{ .Values.config.volumes.workareaNfs.path | quote }} - server: {{ .Values.config.volumes.workareaNfs.server | quote }} - {{- else }} - emptyDir: {} - {{- end }} - - name: "firefly-config" - {{- if .Values.config.volumes.configHostPath }} - hostPath: - path: {{ .Values.config.volumes.configHostPath | quote }} - type: "Directory" - {{- else if .Values.config.volumes.configNfs }} - nfs: - path: {{ .Values.config.volumes.configNfs.path | quote }} - server: {{ .Values.config.volumes.configNfs.server | quote }} - {{- else }} - emptyDir: {} - {{- end }} - {{- with .Values.nodeSelector }} - nodeSelector: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.affinity }} - affinity: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.tolerations }} - tolerations: - {{- toYaml . | nindent 8 }} - {{- end }} diff --git a/charts/portal/templates/ingress.yaml b/charts/portal/templates/ingress.yaml deleted file mode 100644 index 0c4fbaa6..00000000 --- a/charts/portal/templates/ingress.yaml +++ /dev/null @@ -1,44 +0,0 @@ -apiVersion: networking.k8s.io/v1 -kind: Ingress -metadata: - name: {{ include "portal.fullname" . }} - labels: - {{- include "portal.labels" . | nindent 4 }} - annotations: - kubernetes.io/ingress.class: "nginx" - nginx.ingress.kubernetes.io/ssl-redirect: "true" - nginx.ingress.kubernetes.io/affinity: "cookie" - nginx.ingress.kubernetes.io/proxy-body-size: "0m" - nginx.ingress.kubernetes.io/proxy-buffer-size: "24k" - nginx.ingress.kubernetes.io/client-header-buffer-size: "24k" - nginx.ingress.kubernetes.io/rewrite-target: "/suit$1$2" - nginx.ingress.kubernetes.io/proxy-redirect-from: "/suit/" - nginx.ingress.kubernetes.io/proxy-redirect-to: "/portal/app/" - nginx.ingress.kubernetes.io/proxy-cookie-path: "/suit /portal/app" - nginx.ingress.kubernetes.io/session-cookie-path: "/portal/app" - nginx.ingress.kubernetes.io/configuration-snippet: | - proxy_set_header X-Original-URI $request_uri; - proxy_set_header X-Forwarded-Proto https; - proxy_set_header X-Forwarded-Port 443; - proxy_set_header X-Forwarded-Path /firefly; - {{- if .Values.ingress.gafaelfawrAuthQuery }} - nginx.ingress.kubernetes.io/auth-method: "GET" - nginx.ingress.kubernetes.io/auth-response-headers: "X-Auth-Request-User,X-Auth-Request-Email,X-Auth-Request-Token" - nginx.ingress.kubernetes.io/auth-signin: "https://{{ .Values.ingress.host }}/login" - nginx.ingress.kubernetes.io/auth-url: "https://{{ .Values.ingress.host }}/auth?{{ .Values.ingress.gafaelfawrAuthQuery }}" - {{- end }} - {{- with .Values.ingress.annotations }} - {{- toYaml . | nindent 4 }} - {{- end }} -spec: - rules: - - host: {{ required "ingress.host must be set" .Values.ingress.host | quote }} - http: - paths: - - path: "/portal/app(/|$)(.*)" - pathType: "ImplementationSpecific" - backend: - service: - name: {{ include "portal.fullname" . }} - port: - number: 8080 diff --git a/charts/portal/templates/networkpolicy.yaml b/charts/portal/templates/networkpolicy.yaml deleted file mode 100644 index ccbd7208..00000000 --- a/charts/portal/templates/networkpolicy.yaml +++ /dev/null @@ -1,21 +0,0 @@ -apiVersion: networking.k8s.io/v1 -kind: NetworkPolicy -metadata: - name: {{ include "portal.fullname" . }} -spec: - podSelector: - matchLabels: - {{- include "portal.selectorLabels" . | nindent 6 }} - policyTypes: - - "Ingress" - ingress: - # Allow inbound access from pods (in any namespace) labeled - # gafaelfawr.lsst.io/ingress: true. - - from: - - namespaceSelector: {} - podSelector: - matchLabels: - gafaelfawr.lsst.io/ingress: "true" - ports: - - protocol: "TCP" - port: 8080 diff --git a/charts/portal/templates/redis-deployment.yaml b/charts/portal/templates/redis-deployment.yaml deleted file mode 100644 index 2e8da8e6..00000000 --- a/charts/portal/templates/redis-deployment.yaml +++ /dev/null @@ -1,76 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ include "portal.fullname" . }}-redis - labels: - {{- include "portal.labels" . | nindent 4 }} -spec: - replicas: 1 - selector: - matchLabels: - {{- include "portal.selectorLabels" . | nindent 6 }} - app.kubernetes.io/component: "redis" - template: - metadata: - {{- with .Values.redis.podAnnotations }} - annotations: - {{- toYaml . | nindent 8 }} - {{- end }} - labels: - {{- include "portal.selectorLabels" . | nindent 8 }} - app.kubernetes.io/component: "redis" - spec: - automountServiceAccountToken: false - {{- with .Values.imagePullSecrets }} - imagePullSecrets: - {{- toYaml . | nindent 8 }} - {{- end }} - securityContext: - fsGroup: 999 - runAsNonRoot: true - runAsUser: 999 - runAsGroup: 999 - containers: - - name: "redis" - image: "{{ .Values.redis.image.repository }}:{{ .Values.redis.image.tag }}" - imagePullPolicy: {{ .Values.redis.image.pullPolicy | quote }} - args: - - "redis-server" - - "--requirepass" - - "$(REDIS_PASSWORD)" - env: - - name: "REDIS_PASSWORD" - valueFrom: - secretKeyRef: - name: {{ include "portal.fullname" . }}-secret - key: "ADMIN_PASSWORD" - ports: - - containerPort: 6379 - {{- with .Values.redis.resources }} - resources: - {{- toYaml . | nindent 12 }} - {{- end }} - securityContext: - allowPrivilegeEscalation: false - capabilities: - drop: - - "all" - readOnlyRootFilesystem: true - volumeMounts: - - name: "data" - mountPath: "/data" - volumes: - - name: "data" - emptyDir: {} - {{- with .Values.redis.nodeSelector }} - nodeSelector: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.redis.affinity }} - affinity: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.redis.tolerations }} - tolerations: - {{- toYaml . | nindent 8 }} - {{- end }} diff --git a/charts/portal/templates/redis-networkpolicy.yaml b/charts/portal/templates/redis-networkpolicy.yaml deleted file mode 100644 index 56d8372d..00000000 --- a/charts/portal/templates/redis-networkpolicy.yaml +++ /dev/null @@ -1,26 +0,0 @@ -apiVersion: networking.k8s.io/v1 -kind: NetworkPolicy -metadata: - name: {{ template "portal.fullname" . }}-redis - labels: - {{- include "portal.labels" . | nindent 4 }} -spec: - podSelector: - # This policy controls inbound and outbound access to the Redis component. - matchLabels: - {{- include "portal.selectorLabels" . | nindent 6 }} - app.kubernetes.io/component: "redis" - policyTypes: - - Ingress - # Deny all outbound access; Redis doesn't need to talk to anything. - - Egress - ingress: - # Allow inbound access to Redis from all other components. - - from: - - podSelector: - matchLabels: - {{- include "portal.selectorLabels" . | nindent 14 }} - app.kubernetes.io/component: "firefly" - ports: - - protocol: "TCP" - port: 6379 diff --git a/charts/portal/templates/redis-service.yaml b/charts/portal/templates/redis-service.yaml deleted file mode 100644 index 8a2d9113..00000000 --- a/charts/portal/templates/redis-service.yaml +++ /dev/null @@ -1,15 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: {{ include "portal.fullname" . }}-redis - labels: - {{- include "portal.labels" . | nindent 4 }} -spec: - type: "ClusterIP" - ports: - - protocol: "TCP" - port: 6379 - targetPort: 6379 - selector: - {{- include "portal.selectorLabels" . | nindent 4 }} - app.kubernetes.io/component: "redis" diff --git a/charts/portal/templates/service.yaml b/charts/portal/templates/service.yaml deleted file mode 100644 index c4ac3ded..00000000 --- a/charts/portal/templates/service.yaml +++ /dev/null @@ -1,14 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: {{ include "portal.fullname" . }} - labels: - {{- include "portal.labels" . | nindent 4 }} -spec: - type: "ClusterIP" - ports: - - protocol: "TCP" - port: 8080 - targetPort: 8080 - selector: - {{- include "portal.selectorLabels" . | nindent 4 }} diff --git a/charts/portal/templates/vault-secret.yaml b/charts/portal/templates/vault-secret.yaml deleted file mode 100644 index fd735dc2..00000000 --- a/charts/portal/templates/vault-secret.yaml +++ /dev/null @@ -1,9 +0,0 @@ -apiVersion: ricoberger.de/v1alpha1 -kind: VaultSecret -metadata: - name: {{ template "portal.fullname" . }}-secret - labels: - {{- include "portal.labels" . | nindent 4 }} -spec: - path: {{ required "vaultSecretsPath must be set" .Values.vaultSecretsPath | quote }} - type: "Opaque" diff --git a/charts/portal/values.yaml b/charts/portal/values.yaml deleted file mode 100644 index 2c12f9c1..00000000 --- a/charts/portal/values.yaml +++ /dev/null @@ -1,122 +0,0 @@ -# Default values for the Portal Aspect. - -# -- Number of pods to start -replicaCount: 1 - -# -- Override the base name for resources -nameOverride: "" - -# -- Override the full name for resources (includes the release name) -fullnameOverride: "" - -image: - # -- Portal image to use - repository: "ipac/suit" - - # -- Pull policy for the Portal image - pullPolicy: "IfNotPresent" - - # -- Tag of Portal image to use - # @default -- The appVersion of the chart - tag: "" - -# -- Secret names to use for all Docker pulls -imagePullSecrets: [] - -ingress: - # -- Hostname for the ingress - # @default -- None, must be set - host: "" - - # -- Gafaelfawr auth query string - gafaelfawrAuthQuery: "scope=exec:portal&delegate_to=portal&delegate_scope=read:tap" - - # -- Additional annotations to add to the ingress - annotations: {} - -# -- Resource limits and requests. The Portal will use (by default) 93% of -# container RAM. This is a smallish Portal; tweak it as you need to in -# instance definitions in Phalanx. -resources: - limits: - cpu: 2.0 - memory: "6Gi" - -# -- Annotations for the Portal pod -podAnnotations: {} - -# -- Node selector rules for the Portal pod -nodeSelector: {} - -# -- Tolerations for the Portal pod -tolerations: [] - -# -- Affinity rules for the Portal pod -affinity: {} - -# -- Security context for the Portal pod -securityContext: {} - -# -- Path to the Vault secret (`secret/k8s_operator//portal`, for -# example) -# @default -- None, must be set -vaultSecretsPath: "" - -config: - # -- Set to `TRUE` to enable service debugging - debug: "FALSE" - - # -- How long results should be retained before being deleted - cleanupInterval: "36h" - - # -- Search path for FITS files - visualizeFitsSearchPath: "/datasets" - - volumes: - # -- hostPath to mount as a shared work area. Set either this or - # `workareaNfs`, not both. - # @default -- Use an `emptyDir` - workareaHostPath: "" - - # -- NFS information for a shared work area. If set, must have keys for - # path and server. Set either this or `workareaHostPath`, not both. - # @default -- Use an `emptyDir` - workareaNfs: {} - - # -- hostPath to mount as configuration. Set either this of - # `configNfs`, not both. - # @default -- Use an `emptyDir` - configHostPath: "" - - # -- NFS information for a configuration. If set, must have keys for path - # and server, Set either this of `configHostPath`, not both. - # @default -- Use an `emptyDir` - configNfs: {} - -redis: - image: - # -- Redis image to use - repository: "redis" - - # -- Redis image tag to use - tag: "6.2.6" - - # -- Pull policy for the Redis image - pullPolicy: "IfNotPresent" - - # -- Resource limits and requests - resources: - limits: - memory: "20Mi" - - # -- Pod annotations for the Redis pod - podAnnotations: {} - - # -- Node selection rules for the Redis pod - nodeSelector: {} - - # -- Tolerations for the Redis pod - tolerations: [] - - # -- Affinity rules for the Redis pod - affinity: {}