diff --git a/.github/workflows/k8s-manifests-ci.yml b/.github/workflows/k8s-manifests-ci.yml index 9e3dc393..bda9d542 100644 --- a/.github/workflows/k8s-manifests-ci.yml +++ b/.github/workflows/k8s-manifests-ci.yml @@ -21,7 +21,10 @@ jobs: - name: Validate K8s manifests (base) run: | - kubeconform -summary -strict -kubernetes-version 1.28.0 -ignore-filename-pattern 'kustomization.yaml' k8s/base/*.yaml + kubeconform -summary -strict -kubernetes-version 1.28.0 \ + -ignore-filename-pattern 'kustomization.yaml' \ + -ignore-filename-pattern 'traefik-ingressroute.yaml' \ + k8s/base/*.yaml - name: Install kubectl uses: azure/setup-kubectl@v3 @@ -33,7 +36,7 @@ jobs: - name: Validate kustomized output run: | - kubectl kustomize k8s/overlays/template-app/ | kubeconform -summary -strict -kubernetes-version 1.28.0 + kubectl kustomize k8s/overlays/template-app/ | kubeconform -summary -strict -kubernetes-version 1.28.0 -skip IngressRoute integration-test: runs-on: ubuntu-latest @@ -83,7 +86,9 @@ jobs: - name: Deploy with Kustomize if: steps.check.outputs.exists == 'true' run: | + # Filter out Traefik CRDs (kind cluster uses nginx, not Traefik) kubectl kustomize k8s/overlays/template-app/ | \ + yq 'select(.kind != "IngressRoute")' | \ sed 's|imagePullPolicy: IfNotPresent|imagePullPolicy: Never|g' > /tmp/manifests.yaml for i in 1 2 3 4 5; do if kubectl apply -f /tmp/manifests.yaml; then diff --git a/k8s/base/configmap.yaml b/k8s/base/configmap.yaml index c486e9c9..2b7815b9 100644 --- a/k8s/base/configmap.yaml +++ b/k8s/base/configmap.yaml @@ -3,37 +3,7 @@ kind: ConfigMap metadata: name: streamlit-config data: - settings.json: | + settings-overrides.json: | { - "app-name": "OpenMS WebApp Template", - "online_deployment": true, - "enable_workspaces": true, - "workspaces_dir": "..", - "queue_settings": { - "default_timeout": 7200, - "result_ttl": 86400 - }, - "demo_workspaces": { - "enabled": true, - "source_dirs": ["example-data/workspaces"] - }, - "max_threads": { - "local": 4, - "online": 2 - }, - "analytics": { - "matomo": { - "enabled": true, - "url": "https://cdn.matomo.cloud/openms.matomo.cloud", - "tag": "yDGK8bfY" - }, - "google-analytics": { - "enabled": false, - "tag": "" - }, - "piwik-pro": { - "enabled": false, - "tag": "" - } - } + "online_deployment": true } diff --git a/k8s/base/kustomization.yaml b/k8s/base/kustomization.yaml index e337290b..d16bf701 100644 --- a/k8s/base/kustomization.yaml +++ b/k8s/base/kustomization.yaml @@ -12,4 +12,5 @@ resources: - streamlit-service.yaml - rq-worker-deployment.yaml - ingress.yaml + - traefik-ingressroute.yaml - cleanup-cronjob.yaml diff --git a/k8s/base/rq-worker-deployment.yaml b/k8s/base/rq-worker-deployment.yaml index 18fc8541..5ae70f3c 100644 --- a/k8s/base/rq-worker-deployment.yaml +++ b/k8s/base/rq-worker-deployment.yaml @@ -32,7 +32,9 @@ spec: command: ["/bin/bash", "-c"] args: - | + set -euo pipefail source /root/miniforge3/bin/activate streamlit-env + jq -s '.[0] * .[1]' /app/settings.json /app/settings-overrides.json > /tmp/settings-merged.json && mv /tmp/settings-merged.json /app/settings.json exec rq worker openms-workflows --url $REDIS_URL env: - name: REDIS_URL @@ -41,8 +43,8 @@ spec: - name: workspaces mountPath: /workspaces-streamlit-template - name: config - mountPath: /app/settings.json - subPath: settings.json + mountPath: /app/settings-overrides.json + subPath: settings-overrides.json readOnly: true resources: requests: diff --git a/k8s/base/streamlit-deployment.yaml b/k8s/base/streamlit-deployment.yaml index bc8201f9..bf34288d 100644 --- a/k8s/base/streamlit-deployment.yaml +++ b/k8s/base/streamlit-deployment.yaml @@ -32,7 +32,9 @@ spec: command: ["/bin/bash", "-c"] args: - | + set -euo pipefail source /root/miniforge3/bin/activate streamlit-env + jq -s '.[0] * .[1]' /app/settings.json /app/settings-overrides.json > /tmp/settings-merged.json && mv /tmp/settings-merged.json /app/settings.json exec streamlit run app.py --server.address 0.0.0.0 ports: - containerPort: 8501 @@ -43,8 +45,8 @@ spec: - name: workspaces mountPath: /workspaces-streamlit-template - name: config - mountPath: /app/settings.json - subPath: settings.json + mountPath: /app/settings-overrides.json + subPath: settings-overrides.json readOnly: true readinessProbe: httpGet: diff --git a/k8s/base/traefik-ingressroute.yaml b/k8s/base/traefik-ingressroute.yaml new file mode 100644 index 00000000..b202891f --- /dev/null +++ b/k8s/base/traefik-ingressroute.yaml @@ -0,0 +1,18 @@ +apiVersion: traefik.io/v1alpha1 +kind: IngressRoute +metadata: + name: streamlit-traefik +spec: + entryPoints: + - web + routes: + - match: PathPrefix(`/`) + kind: Rule + services: + - name: streamlit + port: 8501 + sticky: + cookie: + name: stroute + httpOnly: true + sameSite: lax diff --git a/k8s/overlays/template-app/kustomization.yaml b/k8s/overlays/template-app/kustomization.yaml index 7f63fa25..a1858da4 100644 --- a/k8s/overlays/template-app/kustomization.yaml +++ b/k8s/overlays/template-app/kustomization.yaml @@ -22,3 +22,24 @@ patches: - op: replace path: /spec/rules/0/host value: template.openms.example.de + - target: + kind: Deployment + name: streamlit + patch: | + - op: replace + path: /spec/template/spec/containers/0/env/0/value + value: "redis://template-app-redis:6379/0" + - target: + kind: Deployment + name: rq-worker + patch: | + - op: replace + path: /spec/template/spec/containers/0/env/0/value + value: "redis://template-app-redis:6379/0" + - target: + kind: IngressRoute + name: streamlit-traefik + patch: | + - op: replace + path: /spec/routes/0/services/0/name + value: "template-app-streamlit"