Merge branch 'main' of https://github.com/opencadc/deployments into portal-resource-slider

Author: at88mph

.github/workflows/pre-commit.yml

@@ -43,37 +43,37 @@ jobs:
         continue-on-error: true
         run: uv run pre-commit run -a
 
-      - name: Verify latest commit message format
-        id: commitizen
-        if: ${{ github.event_name == 'pull_request' }}
-        continue-on-error: true
-        run: |
-          latest="$(git log -1 --pretty=%B)"
-          printf 'Checking latest commit message:\n%s\n' "$latest"
-          uv run cz check --message "$latest"
-
       - name: Share pre-commit guidance
-        if: ${{ github.event_name == 'pull_request' && (steps.precommit.outcome == 'failure' || steps.commitizen.outcome == 'failure') }}
+        if: ${{ github.event_name == 'pull_request' && (steps.precommit.outcome == 'failure') }}
         uses: marocchino/sticky-pull-request-comment@v2
         with:
           message: |
-            ### ⚠️ Pre-commit checks failed
+            ### ⚠️ Pre-commit Checks Failed
 
             ${{ steps.precommit.outcome == 'failure' && '- Run `uv run pre-commit run -a` locally to reproduce the issues.' || '' }}
-            ${{ steps.commitizen.outcome == 'failure' && '- Ensure your latest commit message follows the Commitizen format (e.g. `feat: add awesome thing`).' || '' }}
-            ${{ steps.commitizen.outcome == 'failure' && '  Validate it locally with `uv run cz check --message "<type>: <description>"`.' || '' }}
 
-            Fix the issues locally with:
+            To reproduce the issues locally, run the following commands:
 
             ```bash
-            uv sync
+            git clone ${{ github.event.pull_request.head.repo.clone_url }}
+            git checkout -b ${{ github.event.pull_request.head.ref  }}
             uv run pre-commit run -a
             ```
 
-            Need help? Run `uv run pre-commit install` once to enable these checks before every commit.
+            To always run pre-commit checks locally before pushing changes, simple run the following command once:
+
+            ```bash
+            uv run pre-commit install
+            ```
+
+            #### Resources
+            - [Documentation to install `uv`](https://docs.astral.sh/uv/getting-started/installation/)
+            - [Conventional Commits](https://www.conventionalcommits.org/) standards for writing commit messages
+            - [Commitizen](https://commitizen-tools.github.io/commitizen/) CLI tool for writing commit messages
+            - [pre-commit](https://pre-commit.com/) CLI tool for running pre-commit hooks
 
       - name: Celebrate spotless PR
-        if: ${{ github.event_name == 'pull_request' && steps.precommit.outcome == 'success' && steps.commitizen.outcome == 'success' }}
+        if: ${{ github.event_name == 'pull_request' && steps.precommit.outcome == 'success' }}
         uses: marocchino/sticky-pull-request-comment@v2
         with:
           message: |
@@ -82,5 +82,5 @@ jobs:
             Thanks for keeping the repo tidy! ✨
 
       - name: Fail if checks failed
-        if: ${{ steps.precommit.outcome == 'failure' || steps.commitizen.outcome == 'failure' }}
+        if: ${{ steps.precommit.outcome == 'failure' }}
         run: exit 1

.pre-commit-config.yaml

@@ -4,24 +4,20 @@ exclude: ^deployment/
 repos:
   - repo: local
     hooks:
-      - id: update-helm-maintainers
+      - id: helm-maintainers
         name: Update Helm maintainers
         entry: uv run python -m deployments.maintainers
         language: system
         pass_filenames: false
-        stages: [pre-commit]
+        stages: [pre-commit, post-commit]
         always_run: true
-        env:
-          UV_CACHE_DIR: .uv-cache
-      - id: refresh-chart-inventory
+      - id: helm-inventory
         name: Refresh chart inventory
         entry: uv run python -m deployments.inventory
         language: system
         pass_filenames: false
-        stages: [pre-commit]
+        stages: [pre-commit, post-commit]
         always_run: true
-        env:
-          UV_CACHE_DIR: .uv-cache
   # Commitizen Configuration
   # This configuration will add commitizen to your pre-commit hooks and will run it on commit-msg stage
   # of the git commit process.
@@ -51,7 +47,8 @@ repos:
       - id: check-toml
       # Attempts to load all yaml files to verify syntax.
       - id: check-yaml
-        exclude: ^skaha/src/test/resources/
+        exclude: ^helm/
+        args: [--allow-multiple-documents, --unsafe]
       # Attempts to load all xml files to verify syntax.
       - id: check-xml
       # Check for debugger imports and py37+ breakpoint() calls in python source.

README.md

@@ -8,13 +8,13 @@ This section is automatically generated. Do not edit manually.
 
 | Chart | Version | App Version | Owners | Dependencies |
 | --- | --- | --- | --- | --- |
-| [base](helm/applications/base) | 0.4.1 | 0.1.4 | Dustin Jenkins | traefik 26.1.0 |
+| [base](helm/applications/base) | 0.4.1 | 0.1.4 | Shiny Brar, Dustin Jenkins | traefik 26.1.0 |
 | [cavern](helm/applications/cavern) | 0.7.1 | 0.9.0 | Dustin Jenkins | utils ^0.1.0 |
 | [posixmapper](helm/applications/posix-mapper) | 0.5.0 | 0.3.2 | Dustin Jenkins | — |
 | [scienceportal](helm/applications/science-portal) | 1.0.0 | 1.0.1 | Dustin Jenkins | redis ^18.19.0, utils ^0.1.0 |
-| [skaha](helm/applications/skaha) | 1.0.4 | 1.0.3 | Dustin Jenkins, Shiny Brar | redis ^18.19.0, utils ^0.1.0 |
-| [sshd](helm/applications/sshd) | 1.0.1 | 1.0.0 | Dustin Jenkins | common ^1.0.0 |
-| [storageui](helm/applications/storage-ui) | 0.7.0 | 1.4.1 | Dustin Jenkins, Dustin | redis ^18.4.0, utils ^0.1.0 |
-| [utils](helm/applications/utils) | 0.1.0 | 1.0.0 | Dustin Jenkins | — |
-| [common](helm/common) | 1.0.0 | 1.0.0 | Dustin Jenkins | — |
+| [skaha](helm/applications/skaha) | 1.1.0 | 1.1.0 | Dustin Jenkins, Shiny Brar | redis ^18.19.0, utils ^0.1.0 |
+| [sshd](helm/applications/sshd) | 1.0.1 | 1.0.0 | Dustin Jenkins, Shiny Brar | common ^1.0.0 |
+| [storageui](helm/applications/storage-ui) | 0.7.0 | 1.4.1 | Dustin Jenkins, Shiny Brar | redis ^18.4.0, utils ^0.1.0 |
+| [utils](helm/applications/utils) | 0.1.0 | 1.0.0 | Shiny Brar, Dustin Jenkins | — |
+| [common](helm/common) | 1.0.0 | 1.0.0 | Shiny Brar, Dustin Jenkins | — |
 <!-- CHART-INVENTORY:END -->

docs/helm/base.md

@@ -0,0 +1,100 @@
+# Helm Chart for base objects of the CANFAR Science Platform
+
+## Install
+
+### Dependencies
+
+Kubernetes 1.27 and up are supported.
+
+### From source
+
+Installation depends on a working Kubernetes cluster version 1.23 or greater.
+
+The base install also installs the Traefik proxy, which is needed by the Ingress when the Science Platform services are installed.
+
+```sh
+$ git clone https://github.com/opencadc/science-platform.git
+$ cd science-platform/deployment/helm
+$ helm install --dependency-update --values ./base/values.yaml <name> ./base
+```
+
+Where `<name>` is the name of this installation.  Example:
+```sh
+$ helm install --dependency-update --values ./base/values.yaml base ./base
+```
+This will create the core namespace (`skaha-system`), and install the Traefik proxy dependency.  Expected output:
+```
+NAME: base
+LAST DEPLOYED: <Timestamp e.g. Fri Jun 30 10:39:04 2023>
+NAMESPACE: skaha-system
+STATUS: deployed
+REVISION: 1
+TEST SUITE: None
+```
+
+### From the CANFAR repository
+
+The Helm repository contains the current stable version as well.
+
+```sh
+$ helm repo add canfar-skaha-system https://images.canfar.net/chartrepo/skaha-system
+$ helm repo update
+$ helm install --dependency-update --values canfar-skaha-system/base/values.yaml canfar-science-platform-base canfar-skaha-system/base
+```
+
+## Verification
+
+After the install, there should exist the necessary Namespaces and Objects.  See the Namespaces:
+
+```sh
+$ kubectl get namespaces
+NAME                   STATUS   AGE
+...
+skaha-system           Active   28m
+skaha-workload         Active   28m
+```
+
+## Proxy using Traefik
+
+The [Traefik](https://traefik.io/traefik/) proxy server is also installed as a dependency, which handles SSL termination.  Helm options are under the `traefik` key in the `values.yaml` file.
+
+You can create your own secrets to contain your self-signed server certificates to be used by
+the SSL termination.  See the `values.yaml` file for more, and don't forget to `base64` encode
+the values.
+
+## Shared Storage
+
+Shared Storage is handled by the `local` Persistent Volume types.
+
+```yaml
+...
+  volumeMode: Filesystem
+  accessModes:
+    - ReadWriteMany
+  persistentVolumeReclaimPolicy: Delete
+  storageClassName: local-storage
+  local:
+    path: /data/skaha-storage
+...
+```
+
+### DNS on macOS
+
+The Docker VM on macOS cannot mount the NFS by default as it cannot do name resolution in the cluster.  It first needs to know about the `kube-dns` IP.  e.g.:
+
+```sh
+$ kubectl -n kube-system get service kube-dns
+NAME       TYPE        CLUSTER-IP   EXTERNAL-IP   PORT(S)                  AGE
+kube-dns   ClusterIP   10.96.0.10   <none>        53/UDP,53/TCP,9153/TCP   4d23h
+```
+
+The `ClusterIP` needs to be known to the Docker VM's name resolution.  A simple way to do this is to mount the Docker VM root and modify it.  It will take effect immediately:
+
+```sh
+$ docker run --rm -it -v /:/vm-root alpine sh
+$ echo "nameserver 10.96.0.10" >> /vm-root/etc/resolv.conf
+$ cat /vm-root/etc/resolv.conf
+# DNS requests are forwarded to the host. DHCP DNS options are ignored.
+nameserver 192.168.65.7
+nameserver 10.96.0.10
+```

helm/applications/canfar/README.md renamed to docs/helm/canfar.md

@@ -80,7 +80,7 @@ REVISION: 1
 
 ### Persistent Volumes and Persistent Volume Claims
 
-**Note** 
+**Note**
 The `base` MUST be installed first as it creates the necessary Namespaces for the Persistent Volume Claims!
 
 **Important**
@@ -361,7 +361,7 @@ deployment:
       maxCount: "3"  # Max number of sessions per user.
       minEphemeralStorage: "20Gi"   # The initial requested amount of ephemeral (local) storage.  Does NOT apply to Desktop sessions.
       maxEphemeralStorage: "200Gi"  # The maximum amount of ephemeral (local) storage to allow a Session to extend to.  Does NOT apply to Desktop sessions.
-      
+
       # Optionally setup a separate host for User Sessions for Skaha to redirect to.  The HTTPS scheme is assumed.  Defaults to the Skaha hostname (.Values.deployment.hostname).
       # Example:
       #   hostname: myhost.example.org
@@ -370,7 +370,7 @@ deployment:
       # When set to 'true' this flag will enable GPU node scheduling.  Don't forget to declare any related GPU configurations, if appropriate, in the nodeAffinity below!
       # gpuEnabled: false
 
-      # Set the YAML that will go into the "affinity.nodeAffinity" stanza for Pod Spec in User Sessions.  This can be used to enable GPU scheduling, for example, 
+      # Set the YAML that will go into the "affinity.nodeAffinity" stanza for Pod Spec in User Sessions.  This can be used to enable GPU scheduling, for example,
       # or to control how and where User Session Pods are scheduled.  This can be potentially dangerous unless you know what you are doing.
       # See https://kubernetes.io/docs/tasks/configure-pod-container/assign-pods-nodes-using-node-affinity
       # nodeAffinity: {}
@@ -388,7 +388,7 @@ deployment:
           mountPropagation: HostToContainer
 
       # Kueue configurations for User Sessions
-      kueue: 
+      kueue:
         default:
           # Ensure this name matches whatever was created as the LocalQueue in the workload namespace.
           queueName: canfar-science-platform-local-queue
@@ -408,9 +408,9 @@ deployment:
 
     # Other data to be included in the main ConfigMap of this deployment.
     # Of note, files that end in .key are special and base64 decoded.
-    # 
+    #
     # extraConfigData:
-    
+
     # Resources provided to the Skaha service.
     # For units of storage, see https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#meaning-of-memory.
     resources:
@@ -547,9 +547,9 @@ deployment:
 
     # Other data to be included in the main ConfigMap of this deployment.
     # Of note, files that end in .key are special and base64 decoded.
-    # 
+    #
     # extraConfigData:
-    
+
     # Resources provided to the Science Portal service.
     resources:
       requests:
@@ -634,13 +634,13 @@ deployment:
       # the rootOwner MUST be an object with the following properties set.
       rootOwner:
         # The adminUsername is required to be set whomever has admin access over the filesystem.dataDir above.
-        adminUsername: 
+        adminUsername:
 
         # The username of the root owner.
-        username: 
+        username:
 
         # The UID of the root owner.
-        uid: 
+        uid:
 
         # The GID of the root owner.
         gid:
@@ -693,7 +693,7 @@ deployment:
     # extraVolumeMounts:
     # - mountPath: "/config/cacerts"
     #   name: cacert-volume
-    # 
+    #
     # extraVolumeMounts:
 
     # Create the CA certificate volume to be mounted in extraVolumeMounts
@@ -708,9 +708,9 @@ deployment:
 
     # Other data to be included in the main ConfigMap of this deployment.
     # Of note, files that end in .key are special and base64 decoded.
-    # 
+    #
     # extraConfigData:
-    
+
     # Resources provided to the Cavern service.
     resources:
       requests:
@@ -826,9 +826,9 @@ deployment:
 
     # Other data to be included in the main ConfigMap of this deployment.
     # Of note, files that end in .key are special and base64 decoded.
-    # 
+    #
     # extraConfigData:
-    
+
     # Resources provided to the StorageUI service.
     resources:
       requests: