Merge pull request #656 from MetaCell/release/2.1.0

Release/2.1.0

Author: zsinnema

application-templates/webapp/frontend/package-lock.json

@@ -6,6 +6,7 @@
 from collections import Mapping
 from functools import lru_cache
 import os
+import re
 
 import yaml
 
@@ -115,6 +116,18 @@ def get_config(key, default=None):
             return default
         else:
             value = value[level]
+
+    
+    if value and isinstance(value, str):
+        replace_var = re.search("{{.*?}}",  value)
+        if replace_var:
+            variable = replace_var.group(0)[2:-2].strip()
+
+            repl = get_config(variable)
+            
+            if repl:
+                print("replace", variable, "in", value, ":", repl)
+                value = re.sub("{{.*?}}", repl, value)
     return value
 
 
@@ -124,5 +137,6 @@ def set_config_if_not_none(cparent, name, key):
     configuration item if not None
     """
     data = get_config(key)
+    
     if data is not None:
         setattr(cparent, name, data)

applications/jupyterhub/deploy/resources/hub/z2jh.py

@@ -0,0 +1,26 @@
+# Compiled Object files, Static and Dynamic libs (Shared Objects)
+*.o
+*.a
+*.so
+
+# Folders
+_obj
+_test
+
+# Architecture specific extensions/prefixes
+*.[568vq]
+[568vq].out
+
+*.cgo1.go
+*.cgo2.c
+_cgo_defun.c
+_cgo_gotypes.go
+_cgo_export.*
+
+_testmain.go
+
+*.exe
+*.test
+*.prof
+
+nfs-client-provisioner

applications/nfsserver/.gitignore

@@ -0,0 +1,19 @@
+# compile provisioner
+FROM golang:1.18.8 as provisioner
+
+WORKDIR /usr/src/app
+COPY nfs-subdir-external-provisioner ./
+
+RUN make
+
+#
+FROM k8s.gcr.io/volume-nfs:0.8
+
+RUN yum install -y e4fsprogs rpcbind nfs-utils nfs-utils-lib sysvinit-tools
+
+COPY --from=provisioner /usr/src/app/bin/nfs-subdir-external-provisioner /usr/local/bin/nfs-subdir-external-provisioner
+
+COPY resources/*.sh /usr/local/bin/
+RUN chmod +x /usr/local/bin/*.sh
+
+RUN echo "/exports *(rw,fsid=0,insecure,no_subtree_check,no_root_squash,crossmnt)" > /etc/exports

applications/nfsserver/Dockerfile

@@ -0,0 +1,92 @@
+{{/* vim: set filetype=mustache: */}}
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "nfs-subdir-external-provisioner.name" -}}
+{{- default .Chart.Name .Values.apps.nfsserver.nameOverride | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+If release name contains chart name it will be used as a full name.
+*/}}
+{{- define "nfs-subdir-external-provisioner.fullname" -}}
+{{- if .Values.apps.nfsserver.fullnameOverride -}}
+{{- .Values.apps.nfsserver.fullnameOverride | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- $name := default .Chart.Name .Values.apps.nfsserver.nameOverride -}}
+{{- if contains $name .Release.Name -}}
+{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "nfs-subdir-external-provisioner.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{- define "nfs-subdir-external-provisioner.provisionerName" -}}
+{{- if .Values.apps.nfsserver.storageClass.provisionerName -}}
+{{- printf .Values.apps.nfsserver.storageClass.provisionerName -}}
+{{- else -}}
+{{ template "nfs-subdir-external-provisioner.fullname" . -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Create the name of the service account to use
+*/}}
+{{- define "nfs-subdir-external-provisioner.serviceAccountName" -}}
+{{- if .Values.apps.nfsserver.serviceAccount.create -}}
+    {{ default (include "nfs-subdir-external-provisioner.fullname" .) .Values.apps.nfsserver.serviceAccount.name }}
+{{- else -}}
+    {{ default "default" .Values.apps.nfsserver.serviceAccount.name }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Return the appropriate apiVersion for podSecurityPolicy.
+*/}}
+{{- define "podSecurityPolicy.apiVersion" -}}
+{{- if semverCompare ">=1.10-0" .Capabilities.KubeVersion.GitVersion -}}
+{{- print "policy/v1beta1" -}}
+{{- else -}}
+{{- print "extensions/v1beta1" -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Common labels
+*/}}
+{{- define "nfs-subdir-external-provisioner.labels" -}}
+chart: {{ template "nfs-subdir-external-provisioner.chart" . }}
+heritage: {{ .Release.Service }}
+{{ include "nfs-subdir-external-provisioner.selectorLabels" . }}
+{{- with .Values.apps.nfsserver.labels }}
+{{- toYaml . | nindent 0 }}
+{{- end }}
+{{- end }}
+
+{{/*
+Pod template labels
+*/}}
+{{- define "nfs-subdir-external-provisioner.podLabels" -}}
+{{ include "nfs-subdir-external-provisioner.selectorLabels" . }}
+{{- with .Values.apps.nfsserver.labels }}
+{{- toYaml . | nindent 0 }}
+{{- end }}
+{{- end }}
+
+{{/*
+Selector labels
+*/}}
+{{- define "nfs-subdir-external-provisioner.selectorLabels" -}}
+app: {{ template "nfs-subdir-external-provisioner.name" . }}
+release: {{ .Release.Name }}
+{{- end }}

applications/nfsserver/deploy/templates/_helpers.tpl

@@ -0,0 +1,30 @@
+{{- if .Values.apps.nfsserver.rbac.create }}
+kind: ClusterRole
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  labels:
+    {{- include "nfs-subdir-external-provisioner.labels" . | nindent 4 }}
+  name: {{ template "nfs-subdir-external-provisioner.fullname" . }}-runner
+rules:
+  - apiGroups: [""]
+    resources: ["nodes"]
+    verbs: ["get", "list", "watch"]
+  - apiGroups: [""]
+    resources: ["persistentvolumes"]
+    verbs: ["get", "list", "watch", "create", "delete"]
+  - apiGroups: [""]
+    resources: ["persistentvolumeclaims"]
+    verbs: ["get", "list", "watch", "update"]
+  - apiGroups: ["storage.k8s.io"]
+    resources: ["storageclasses"]
+    verbs: ["get", "list", "watch"]
+  - apiGroups: [""]
+    resources: ["events"]
+    verbs: ["create", "update", "patch"]
+{{- if .Values.apps.nfsserver.podSecurityPolicy.enabled }}
+  - apiGroups:      ['extensions']
+    resources:      ['podsecuritypolicies']
+    verbs:          ['use']
+    resourceNames:  [{{ template "nfs-subdir-external-provisioner.fullname" . }}]
+{{- end }}
+{{- end }}

applications/nfsserver/deploy/templates/clusterrole.yaml

@@ -0,0 +1,16 @@
+{{- if .Values.apps.nfsserver.rbac.create }}
+kind: ClusterRoleBinding
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  labels:
+    {{- include "nfs-subdir-external-provisioner.labels" . | nindent 4 }}
+  name: run-{{ template "nfs-subdir-external-provisioner.fullname" . }}
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "nfs-subdir-external-provisioner.serviceAccountName" . }}
+    namespace: {{ .Release.Namespace }}
+roleRef:
+  kind: ClusterRole
+  name: {{ template "nfs-subdir-external-provisioner.fullname" . }}-runner
+  apiGroup: rbac.authorization.k8s.io
+{{- end }}

applications/nfsserver/deploy/templates/clusterrolebinding.yaml

@@ -0,0 +1,88 @@
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: nfs-exports
+  labels:
+    app: nfs-server
+spec:
+  accessModes:
+    - ReadWriteOnce
+  resources:
+    requests:
+      storage: {{ .Values.apps.nfsserver.server.diskSize }}
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: nfs-server
+  labels:
+    app: nfs-server
+    usesvolume: nfs-exports
+spec:
+  selector:
+    matchLabels:
+      app: nfs-server
+  template:
+
+    metadata:
+      labels:
+        app: nfs-server
+        usesvolume: nfs-exports
+    spec:
+      affinity:
+        podAffinity:
+          requiredDuringSchedulingIgnoredDuringExecution:
+            - labelSelector:
+                matchExpressions:
+                  - key: usesvolume
+                    operator: In
+                    values:
+                      - nfs-exports
+              topologyKey: "kubernetes.io/hostname"
+      containers:
+      - name: nfs-server
+        image: {{ .Values.apps.nfsserver.harness.deployment.image }}
+        imagePullPolicy: IfNotPresent
+        env:
+        # NFS useDNS {{ .Values.apps.nfsserver.nfs.useDNS }}
+        {{- if .Values.apps.nfsserver.nfs.useDNS }}
+        - name: NFS_SERVER
+          value: {{ printf "nfs-server.%s.svc.cluster.local" .Values.namespace }}
+        {{- end }}
+        - name: NFS_PATH
+          value: {{ .Values.apps.nfsserver.nfs.path }}
+        - name: PROVISIONER_NAME
+          value: {{ printf "%s-nfs-provisioner" .Values.namespace }}
+        ports:
+        - name: nfs
+          containerPort: 2049
+        - name: mountd
+          containerPort: 20048
+        - name: rpcbind
+          containerPort: 111
+        securityContext:
+          privileged: true
+        volumeMounts:
+        - name: storage
+          mountPath: /exports
+      volumes:
+      - name: storage
+        persistentVolumeClaim:
+          claimName: nfs-exports
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: nfs-server
+  labels:
+    app: nfs-server
+spec:
+  ports:
+  - name: nfs
+    port: 2049
+  - name: mountd
+    port: 20048
+  - name: rpcbind
+    port: 111
+  selector:
+    app: nfs-server

applications/nfsserver/deploy/templates/nfs-server.yaml

@@ -0,0 +1,29 @@
+{{- if .Values.apps.nfsserver.podSecurityPolicy.enabled }}
+apiVersion: {{ template "podSecurityPolicy.apiVersion" . }}
+kind: PodSecurityPolicy
+metadata:
+  name: {{ template "nfs-subdir-external-provisioner.fullname" . }}
+  labels:
+    {{- include "nfs-subdir-external-provisioner.labels" . | nindent 4 }}
+spec:
+  privileged: false
+  allowPrivilegeEscalation: false
+  requiredDropCapabilities:
+    - ALL
+  volumes:
+    - 'secret'
+    - 'nfs'
+    - 'persistentVolumeClaim'
+  hostNetwork: false
+  hostIPC: false
+  hostPID: false
+  runAsUser:
+    rule: 'RunAsAny'
+  seLinux:
+    rule: 'RunAsAny'
+  supplementalGroups:
+    rule: 'RunAsAny'
+  fsGroup:
+    rule: 'RunAsAny'
+  readOnlyRootFilesystem: false
+{{- end }}

applications/nfsserver/deploy/templates/podsecuritypolicy.yaml

@@ -0,0 +1,18 @@
+{{- if .Values.apps.nfsserver.rbac.create }}
+kind: Role
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  labels:
+    {{- include "nfs-subdir-external-provisioner.labels" . | nindent 4 }}
+  name: leader-locking-{{ template "nfs-subdir-external-provisioner.fullname" . }}
+rules:
+  - apiGroups: [""]
+    resources: ["endpoints"]
+    verbs: ["get", "list", "watch", "create", "update", "patch"]
+{{- if .Values.apps.nfsserver.podSecurityPolicy.enabled }}
+  - apiGroups:      ['extensions']
+    resources:      ['podsecuritypolicies']
+    verbs:          ['use']
+    resourceNames:  [{{ template "nfs-subdir-external-provisioner.fullname" . }}]
+{{- end }}
+{{- end }}