Merge branch 'main' into conflict-fix

Author: shinybrar

docs/helm/cavern.md

@@ -101,6 +101,7 @@ $ curl https://myhost.example.com/cavern/availability
 | `deployment.resources.requests.cpu` | CPU request for the Cavern container | `500m` |
 | `deployment.resources.limits.memory` | Memory limit for the Cavern container | `1Gi` |
 | `deployment.resources.limits.cpu` | CPU limit for the Cavern container | `500m` |
+| `deployment.cavern.registryURL` | (list OR string) | `[]` IVOA Registry array of IVOA Registry locations or single IVOA Registry location |
 | `livenessProbe` | Configure the liveness probe check | `{}` |
 | `readinessProbe` | Configure the readiness probe check | `{}` |
 | `tolerations` | Tolerations to apply to the Cavern Pod | `[]` |

docs/helm/posix-mapper.md

@@ -146,6 +146,7 @@ See the [values.yaml](values.yaml) file for a complete list of configuration opt
 | `deployment.posixMapper.extraHosts` | List of extra hosts to be added to the POSIX Mapper deployment.  See the `values.yaml` file for examples. | `[]` |
 | `deployment.posixMapper.extraEnv` | List of extra environment variables to be set in the POSIX Mapper service.  See the `values.yaml` file for examples. | `[]` |
 | `deployment.posixMapper.resources` | Resource requests and limits for the POSIX Mapper API | `{}` |
+| `deployment.posixMapper.registryURL` | (list OR string) | `[]` IVOA Registry array of IVOA Registry locations or single IVOA Registry location |
 | `postgresql.maxActive` | Maximum number of active connections to the PostgreSQL database | `8` |
 | `postgresql.url` | Required JDBC URL for the PostgreSQL database | `""` |
 | `postgresql.schema` | Required Database schema to use for the POSIX Mapper | `""` |

docs/helm/skaha.md

@@ -79,6 +79,7 @@ The following table lists the configurable parameters for the Skaha Helm chart:
 | `deployment.skaha.serviceAccountName` | Name of the Service Account for the Skaha API Pod | `"skaha"` |
 | `deployment.skaha.identityManagerClass` | Java Class name for the [IdentityManager](https://github.com/opencadc/core/blob/main/cadc-util/src/main/java/ca/nrc/cadc/auth/IdentityManager.java) to use.  Defaults to [`org.opencadc.auth.StandardIdentityManager`](https://github.com/opencadc/ac/blob/main/cadc-gms/src/main/java/org/opencadc/auth/StandardIdentityManager.java) for use with bearer tokens (OIDC) | `"org.opencadc.auth.StandardIdentityManager"` |
 | `deployment.skaha.apiVersion` | API version used to match the Ingress path (e.g. `/skaha/v0`) | `"v0"` |
+| `deployment.skaha.registryURL` | (list OR string) | `[]` IVOA Registry array of IVOA Registry locations or single IVOA Registry location |
 | `deployment.skaha.sessions.expirySeconds` | Expiry time, in seconds, for interactive sessions.  Defaults to four (4) days. | `"345600"` |
 | `deployment.skaha.sessions.imagePullPolicy` | Image pull policy for all User Sessions. | `"Always"` |
 | `deployment.skaha.sessions.maxCount` | Maximum number of interactive sessions per user.  Defaults to three (3). | `"3"` |

helm/applications/canfar-next/science-portal/.helmignore

@@ -0,0 +1,52 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+
+# Common VCS directories
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*.orig
+*~
+
+# Various IDEs
+.project
+.idea/
+*.tmproj
+.vscode/
+*.code-workspace
+
+# OS files
+.DS_Store
+Thumbs.db
+
+# Helm-specific files
+.helmignore
+
+# Documentation
+README.md
+NOTES.md
+
+# CI/CD
+.github/
+.gitlab-ci.yml
+.travis.yml
+.circleci/
+
+# Development files
+values-dev.yaml
+values-local.yaml
+*.test.yaml
+
+# Temporary files
+tmp/
+temp/

helm/applications/canfar-next/science-portal/Chart.yaml

@@ -0,0 +1,13 @@
+apiVersion: v2
+name: science-portal
+description: A Helm chart for Science Portal Next.js application
+type: application
+version: 0.1.0
+appVersion: "0.1.0"
+keywords:
+  - nextjs
+  - science-portal
+  - web-application
+maintainers:
+  - name: Science Portal Team
+home: https://github.com/opencadc/science-portal

helm/applications/canfar-next/science-portal/templates/_helpers.tpl

@@ -0,0 +1,60 @@
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "science-portal.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Create a default fully qualified app name.
+*/}}
+{{- define "science-portal.fullname" -}}
+{{- if .Values.fullnameOverride }}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- $name := default .Chart.Name .Values.nameOverride }}
+{{- if contains $name .Release.Name }}
+{{- .Release.Name | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
+{{- end }}
+{{- end }}
+{{- end }}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "science-portal.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Common labels
+*/}}
+{{- define "science-portal.labels" -}}
+helm.sh/chart: {{ include "science-portal.chart" . }}
+{{ include "science-portal.selectorLabels" . }}
+{{- if .Chart.AppVersion }}
+app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
+{{- end }}
+app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end }}
+
+{{/*
+Selector labels
+*/}}
+{{- define "science-portal.selectorLabels" -}}
+app.kubernetes.io/name: {{ include "science-portal.name" . }}
+app.kubernetes.io/instance: {{ .Release.Name }}
+{{- end }}
+
+{{/*
+Create the name of the service account to use
+*/}}
+{{- define "science-portal.serviceAccountName" -}}
+{{- if .Values.serviceAccount.create }}
+{{- default (include "science-portal.fullname" .) .Values.serviceAccount.name }}
+{{- else }}
+{{- default "default" .Values.serviceAccount.name }}
+{{- end }}
+{{- end }}

helm/applications/canfar-next/science-portal/templates/configmap.yaml

@@ -0,0 +1,10 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ include "science-portal.fullname" . }}
+  labels:
+    {{- include "science-portal.labels" . | nindent 4 }}
+data:
+  # This ConfigMap can be used for non-sensitive configuration
+  # For now, we're using environment variables directly in the deployment
+  # Add any configuration files or non-sensitive data here

helm/applications/canfar-next/science-portal/templates/deployment.yaml

@@ -0,0 +1,108 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ include "science-portal.fullname" . }}
+  labels:
+    {{- include "science-portal.labels" . | nindent 4 }}
+spec:
+  {{- if not .Values.autoscaling.enabled }}
+  replicas: {{ .Values.replicaCount }}
+  {{- end }}
+  selector:
+    matchLabels:
+      {{- include "science-portal.selectorLabels" . | nindent 6 }}
+  strategy:
+    type: RollingUpdate
+    rollingUpdate:
+      maxSurge: 1
+      maxUnavailable: 0
+  template:
+    metadata:
+      annotations:
+        checksum/config: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }}
+        {{- with .Values.podAnnotations }}
+        {{- toYaml . | nindent 8 }}
+        {{- end }}
+      labels:
+        {{- include "science-portal.selectorLabels" . | nindent 8 }}
+    spec:
+      {{- with .Values.imagePullSecrets }}
+      imagePullSecrets:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      serviceAccountName: {{ include "science-portal.serviceAccountName" . }}
+      securityContext:
+        {{- toYaml .Values.podSecurityContext | nindent 8 }}
+      containers:
+      - name: {{ .Chart.Name }}
+        securityContext:
+          {{- toYaml .Values.securityContext | nindent 12 }}
+        image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
+        imagePullPolicy: {{ .Values.image.pullPolicy }}
+        ports:
+        - name: http
+          containerPort: {{ .Values.service.targetPort }}
+          protocol: TCP
+        livenessProbe:
+          {{- toYaml .Values.livenessProbe | nindent 12 }}
+        readinessProbe:
+          {{- toYaml .Values.readinessProbe | nindent 12 }}
+        resources:
+          {{- toYaml .Values.resources | nindent 12 }}
+        env:
+          {{- range .Values.env }}
+          - name: {{ .name }}
+            value: {{ .value | quote }}
+          {{- end }}
+          # OIDC Configuration
+          - name: NEXT_OIDC_URI
+            value: {{ .Values.oidc.uri | quote }}
+          - name: NEXT_PUBLIC_OIDC_URI
+            value: {{ .Values.oidc.uri | quote }}
+          - name: NEXT_OIDC_CLIENT_ID
+            value: {{ .Values.oidc.clientId | quote }}
+          - name: NEXT_PUBLIC_OIDC_CLIENT_ID
+            value: {{ .Values.oidc.clientId | quote }}
+          - name: NEXT_OIDC_CALLBACK_URI
+            value: {{ .Values.oidc.callbackUri | quote }}
+          - name: NEXT_PUBLIC_OIDC_CALLBACK_URI
+            value: {{ .Values.oidc.callbackUri | quote }}
+          - name: NEXT_OIDC_REDIRECT_URI
+            value: {{ .Values.oidc.redirectUri | quote }}
+          - name: NEXT_PUBLIC_OIDC_REDIRECT_URI
+            value: {{ .Values.oidc.redirectUri | quote }}
+          - name: NEXT_OIDC_SCOPE
+            value: {{ .Values.oidc.scope | quote }}
+          - name: NEXT_PUBLIC_OIDC_SCOPE
+            value: {{ .Values.oidc.scope | quote }}
+          # Secrets from Kubernetes Secret
+          - name: AUTH_SECRET
+            valueFrom:
+              secretKeyRef:
+                name: {{ .Values.secrets.existingSecret }}
+                key: {{ .Values.secrets.keys.authSecret }}
+          - name: NEXT_OIDC_CLIENT_SECRET
+            valueFrom:
+              secretKeyRef:
+                name: {{ .Values.secrets.existingSecret }}
+                key: {{ .Values.secrets.keys.oidcClientSecret }}
+        {{- with .Values.volumeMounts }}
+        volumeMounts:
+          {{- toYaml . | nindent 12 }}
+        {{- end }}
+      {{- with .Values.volumes }}
+      volumes:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      {{- with .Values.nodeSelector }}
+      nodeSelector:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      {{- with .Values.affinity }}
+      affinity:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      {{- with .Values.tolerations }}
+      tolerations:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}

helm/applications/canfar-next/science-portal/templates/hpa.yaml

@@ -0,0 +1,32 @@
+{{- if .Values.autoscaling.enabled }}
+apiVersion: autoscaling/v2
+kind: HorizontalPodAutoscaler
+metadata:
+  name: {{ include "science-portal.fullname" . }}
+  labels:
+    {{- include "science-portal.labels" . | nindent 4 }}
+spec:
+  scaleTargetRef:
+    apiVersion: apps/v1
+    kind: Deployment
+    name: {{ include "science-portal.fullname" . }}
+  minReplicas: {{ .Values.autoscaling.minReplicas }}
+  maxReplicas: {{ .Values.autoscaling.maxReplicas }}
+  metrics:
+    {{- if .Values.autoscaling.targetCPUUtilizationPercentage }}
+    - type: Resource
+      resource:
+        name: cpu
+        target:
+          type: Utilization
+          averageUtilization: {{ .Values.autoscaling.targetCPUUtilizationPercentage }}
+    {{- end }}
+    {{- if .Values.autoscaling.targetMemoryUtilizationPercentage }}
+    - type: Resource
+      resource:
+        name: memory
+        target:
+          type: Utilization
+          averageUtilization: {{ .Values.autoscaling.targetMemoryUtilizationPercentage }}
+    {{- end }}
+{{- end }}

helm/applications/canfar-next/science-portal/templates/ingress.yaml

@@ -0,0 +1,41 @@
+{{- if .Values.ingress.enabled -}}
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: {{ include "science-portal.fullname" . }}
+  labels:
+    {{- include "science-portal.labels" . | nindent 4 }}
+  {{- with .Values.ingress.annotations }}
+  annotations:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+spec:
+  {{- if .Values.ingress.className }}
+  ingressClassName: {{ .Values.ingress.className }}
+  {{- end }}
+  {{- if .Values.ingress.tls }}
+  tls:
+    {{- range .Values.ingress.tls }}
+    - hosts:
+        {{- range .hosts }}
+        - {{ . | quote }}
+        {{- end }}
+      secretName: {{ .secretName }}
+    {{- end }}
+  {{- end }}
+  rules:
+    {{- range .Values.ingress.hosts }}
+    - host: {{ .host | quote }}
+      http:
+        paths:
+          {{- range .paths }}
+          - path: {{ .path }}
+            pathType: {{ .pathType }}
+            backend:
+              service:
+                name: {{ include "science-portal.fullname" $ }}
+                port:
+                  number: {{ $.Values.service.port }}
+          {{- end }}
+    {{- end }}
+{{- end }}