release v0.11.5

crs4 · Sep 6, 2023 · c8a2a9a · c8a2a9a
2 parents 6e5ea4d + 6cf39d0
commit c8a2a9a
Show file tree

Hide file tree

Showing 50 changed files with 2,954 additions and 632 deletions.
diff --git a/Makefile b/Makefile
@@ -269,7 +269,7 @@ run-tests: start-testing ## Run all tests in the Testing Environment
 tests: start-testing ## CI utility to setup, run tests and teardown a testing environment
 	@printf "\n$(bold)Running tests...$(reset)\n" ; \
 	$(docker_compose) -f ./docker-compose.yml \
-		exec -T lmtests /bin/bash -c "pytest --reruns 2 --reruns-delay 5 --durations=10 --color=yes tests"; \
+		exec -T lmtests /bin/bash -c "pytest --reruns 2 --reruns-delay 5 --durations=10 --color=yes tests --order-dependencies"; \
 	  result=$$?; \
 	  	printf "\n$(bold)Teardown services...$(reset)\n" ; \
 	  	USER_UID=$$(id -u) USER_GID=$$(id -g) \

diff --git a/docker/lifemonitor.Dockerfile b/docker/lifemonitor.Dockerfile
@@ -10,6 +10,8 @@ RUN apt-get update -q \
 
 # Create a user 'lm' with HOME at /lm and set 'lm' as default git user
 RUN useradd -d /lm -m lm
+# Set the default user
+ENV USER=lm
 
 # Copy requirements and certificates
 COPY --chown=lm:lm requirements.txt certs/*.crt /lm/
@@ -45,13 +47,13 @@ COPY \
 
 # Update permissions and install optional certificates
 RUN chmod 755 \
-      /usr/local/bin/wait-for-postgres.sh \
-      /usr/local/bin/wait-for-redis.sh \
-      /usr/local/bin/wait-for-file.sh \
-      /usr/local/bin/lm_entrypoint.sh \
-      /usr/local/bin/worker_entrypoint.sh \
-      /usr/local/bin/wss-entrypoint.sh \
-      /nextflow \
+    /usr/local/bin/wait-for-postgres.sh \
+    /usr/local/bin/wait-for-redis.sh \
+    /usr/local/bin/wait-for-file.sh \
+    /usr/local/bin/lm_entrypoint.sh \
+    /usr/local/bin/worker_entrypoint.sh \
+    /usr/local/bin/wss-entrypoint.sh \
+    /nextflow \
     && certs=$(ls *.crt 2> /dev/null) \
     && mv *.crt /usr/local/share/ca-certificates/ \
     && update-ca-certificates || true \

diff --git a/docker/nginx.conf b/docker/nginx.conf
@@ -12,24 +12,29 @@ server {
   #server_name localhost;
   keepalive_timeout 60;
   etag on;
-  
+
   ssl_certificate /nginx/certs/lm.crt;
   ssl_certificate_key /nginx/certs/lm.key;
 
   # force HTTP traffic to HTTPS
-  error_page  497 https://$host:8443$request_uri;
+  error_page 497 https://$host:8443$request_uri;
 
   # set static files location
   location /static/ {
     root /app/lifemonitor;
   }
 
+  # if the path matches to root, redirect to the account page
+  location = / {
+    return 301 https://$host:8443/account/;
+  }
+
   # set proxy location
   location / {
     # resolver 127.0.0.11 ipv6=off valid=30s;
     proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
     proxy_set_header X-Forwarded-Proto $scheme;
-    proxy_set_header Host $http_host;
+    proxy_set_header Host lm:8000;
     # we don't want nginx trying to do something clever with
     # redirects, we set the Host: header above already.
     proxy_redirect off;

diff --git a/docker/nginx.dev.conf b/docker/nginx.dev.conf
@@ -37,6 +37,11 @@ server {
     proxy_set_header        Host lm:8000;
   }
 
+  # if the path matches to root, redirect to the account page
+  location = / {
+    return 301 https://$host:8443/account/;
+  }
+
   # set proxy location
   location / {
     # resolver 127.0.0.11 ipv6=off valid=30s;

diff --git a/k8s/Chart.yaml b/k8s/Chart.yaml
@@ -7,17 +7,17 @@ type: application
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 0.8.0
+version: 0.10.0
 
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to
 # follow Semantic Versioning. They should reflect the version the application is using.
-appVersion: 0.11.4
+appVersion: 0.11.5
 
 # Chart dependencies
 dependencies:
   - name: nginx
-    version: 8.8.4
+    version: 13.2.28
     repository: https://charts.bitnami.com/bitnami
   - name: postgresql
     version: 10.1.1

diff --git a/k8s/pvc-backend-backup.yaml b/k8s/pvc-backend-backup.yaml
diff --git a/k8s/pvc-backend-data.yaml b/k8s/pvc-backend-data.yaml
diff --git a/k8s/templates/_helpers.tpl b/k8s/templates/_helpers.tpl
@@ -49,7 +49,6 @@ app.kubernetes.io/instance: {{ .Release.Name }}
 {{- end }}
 
 {{/*
-
 Define lifemonitor image
 */}}
 {{- define "chart.lifemonitor.image" -}}
@@ -61,6 +60,35 @@ Define lifemonitor image
 {{- end }}
 
 
+{{/*
+Define lifemonitor TLS secret name
+*/}}
+{{- define "chart.lifemonitor.tls" -}}
+{{- printf "%s-tls" .Release.Name }}
+{{- end }}
+
+
+{{/*
+Define volume name of LifeMonitor backup data 
+*/}}
+{{- define "chart.lifemonitor.data.backup" -}}
+{{- printf "data-%s-backup" .Release.Name }}
+{{- end }}
+
+{{/*
+Define volume name of LifeMonitor workflows data
+*/}}
+{{- define "chart.lifemonitor.data.workflows" -}}
+{{- printf "data-%s-workflows" .Release.Name }}
+{{- end }}
+
+{{/*
+Define volume name of LifeMonitor logs data
+*/}}
+{{- define "chart.lifemonitor.data.logs" -}}
+{{- printf "data-%s-logs" .Release.Name }}
+{{- end }}
+
 {{/*
 Create the name of the service account to use
 */}}
@@ -112,10 +140,12 @@ Define volumes shared by some pods.
 {{- define "lifemonitor.common-volume" -}}
 - name: lifemonitor-tls
   secret:
-    secretName: lifemonitor-tls
+    secretName: {{ include "chart.lifemonitor.tls" . }}
 - name: lifemonitor-settings
   secret:
     secretName: {{ include "chart.fullname" . }}-settings
+- name: lifemonitor-logs
+  emptyDir: {}
 - name: lifemonitor-data
   persistentVolumeClaim:
     claimName: data-{{- .Release.Name -}}-workflows
@@ -153,3 +183,32 @@ Define mount points shared by some pods.
 {{- end -}}
 {{- end -}}
 {{- end -}}
+
+
+{{/*
+Generate certificates for the LifeMonitor Api Server .
+*/}}
+{{- define "gen-certs" -}}
+{{- $altNames := list ( printf "%s.%s" (include "chart.name" .) .Release.Namespace ) ( printf "%s.%s.svc" (include "chart.name" .) .Release.Namespace ) -}}
+{{- $ca := genCA "lifemonitor-ca" 365 -}}
+{{- $cert := genSignedCert ( include "chart.name" . ) nil $altNames 365 $ca -}}
+tls.crt: {{ $cert.Cert | b64enc }}
+tls.key: {{ $cert.Key | b64enc }}
+{{- end -}}
+
+
+{{/*
+Define lifemonitor GithubApp secret name
+*/}}
+{{- define "chart.lifemonitor.githubApp.key" -}}
+{{- printf "%s-ghapp-key" .Release.Name }}
+{{- end }}
+
+{{/*
+Read and encode the GitHub App private key.
+*/}}
+{{- define "lifemonitor.githubApp.readPrivateKey" -}}
+{{- $fileContent := $.Files.Get .Values.integrations.github.private_key.path -}}
+{{- $base64Content := $fileContent | b64enc -}}
+{{- printf "%s" $base64Content -}}
+{{- end -}}
diff --git a/k8s/templates/backend-deployment.yaml → k8s/templates/backend.deployment.yaml b/k8s/templates/backend-deployment.yaml → k8s/templates/backend.deployment.yaml
@@ -1,5 +1,5 @@
 apiVersion: apps/v1
-kind: Deployment
+kind: StatefulSet
 metadata:
   name: {{ include "chart.fullname" . }}-backend
   labels:
@@ -8,6 +8,7 @@ metadata:
 spec:
   {{- if not .Values.lifemonitor.autoscaling.enabled }}
   replicas: {{ .Values.lifemonitor.replicaCount }}
+  serviceName: "lifemonitor-backend"
   {{- end }}
   selector:
     matchLabels:
@@ -16,13 +17,19 @@ spec:
   template:
     metadata:
       annotations:
-        checksum/settings: {{ include (print $.Template.BasePath "/secret.yaml") . | sha256sum }}
+        checksum/settings: {{ include (print $.Template.BasePath "/settings.secret.yaml") . | sha256sum }}
       {{- with .Values.lifemonitor.podAnnotations }}
         {{- toYaml . | nindent 8 }}
       {{- end }}       
       labels:
         {{- include "chart.selectorLabels" . | nindent 8 }}
         app.kubernetes.io/component: backend
+        {{- if $.Values.monitoring.enabled }}
+        prometheus.io/scrape: 'true'
+        prometheus.io/path: 'metrics'
+        prometheus.io/port: '9090'
+        prometheus.io/scheme: 'http'
+        {{- end }}
     spec:
       {{- with .Values.lifemonitor.imagePullSecrets }}
       imagePullSecrets:
@@ -32,19 +39,23 @@ spec:
       securityContext:
         {{- toYaml .Values.lifemonitor.podSecurityContext | nindent 8 }}
       initContainers:
-        - name: init
+        - name: init-backend
           securityContext:
             {{- toYaml .Values.lifemonitor.securityContext | nindent 12 }}
           image: {{ include "chart.lifemonitor.image" . }}
           imagePullPolicy: {{ .Values.lifemonitor.imagePullPolicy }}
-          command: ["/bin/sh","-c"]
-          args: ["wait-for-redis.sh && wait-for-postgres.sh && ./lm-admin db wait-for-db"]
+          command:
+            - "/bin/sh"
+            - "-c"
+            - |
+              wait-for-redis.sh && wait-for-postgres.sh
+              ./lm-admin db wait-for-db
           env:
           {{- include "lifemonitor.common-env" . | nindent 12 }}
           volumeMounts:
           {{- include "lifemonitor.common-volume-mounts" . | nindent 12 }}
       containers:
-        - name: app
+        - name: backend
           securityContext:
             {{- toYaml .Values.lifemonitor.securityContext | nindent 12 }}
           image: {{ include "chart.lifemonitor.image" . }}
@@ -57,6 +68,9 @@ spec:
             - name: http
               containerPort: 8000
               protocol: TCP
+            - name: metrics
+              containerPort: 9090
+              protocol: TCP
           livenessProbe:
             httpGet:
               scheme: HTTPS

diff --git a/k8s/templates/job-backup.yaml → k8s/templates/backup.job.yaml b/k8s/templates/job-backup.yaml → k8s/templates/backup.job.yaml
diff --git a/k8s/templates/data-backup.pvc.yaml b/k8s/templates/data-backup.pvc.yaml
@@ -0,0 +1,15 @@
+{{- $dataBackupExists := (lookup "v1" "PersistentVolumeClaim" .Release.Namespace ( include "chart.lifemonitor.data.backup" . ) ) }}
+{{- if not $dataBackupExists }}
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: {{ include "chart.lifemonitor.data.backup" . }}
+  namespace: {{ .Release.Namespace }}
+spec:
+  storageClassName: {{ .Values.global.readWriteManyStorageClass }}
+  accessModes:
+  - ReadWriteMany
+  resources:
+    requests:
+      storage: 1Gi
+{{- end -}}
diff --git a/k8s/templates/data-logs.pvc.yaml b/k8s/templates/data-logs.pvc.yaml
@@ -0,0 +1,15 @@
+{{- $dataLogsExists := (lookup "v1" "PersistentVolumeClaim" .Release.Namespace ( include "chart.lifemonitor.data.logs" . ) ) }}
+{{- if not $dataLogsExists }}
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: {{ include "chart.lifemonitor.data.logs" . }}
+  namespace: {{ .Release.Namespace }}
+spec:
+  storageClassName: {{ .Values.global.readWriteManyStorageClass }}
+  accessModes:
+  - ReadWriteMany
+  resources:
+    requests:
+      storage: 1Gi
+{{- end -}}
diff --git a/k8s/templates/data-workflows.pvc.yaml b/k8s/templates/data-workflows.pvc.yaml
@@ -0,0 +1,15 @@
+{{- $dataWorkflowsExists := (lookup "v1" "PersistentVolumeClaim" .Release.Namespace ( include "chart.lifemonitor.data.workflows" . ) ) }}
+{{- if not $dataWorkflowsExists }}
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: {{ include "chart.lifemonitor.data.workflows" . }}
+  namespace: {{ .Release.Namespace }}
+spec:
+  storageClassName: {{ .Values.global.readWriteManyStorageClass }}
+  accessModes:
+  - ReadWriteMany
+  resources:
+    requests:
+      storage: 1Gi
+{{- end -}}