tidy updates

README.md

@@ -16,6 +16,30 @@ This Helm chart deploys and configures:
 - an optional `ServiceAccount` 
 - a `Secret` to pull containers from container registries
 
+## Values
+
+| Key | Type | Default | Description |
+|-----|------|---------|-------------|
+| affinity | object | `{}` | node affinity |
+| image | object | `{"pullPolicy":"Always","repository":"ghcr.io/terradue/calrissian-session/calrissian-session","tag":"latest"}` | Calrissian container image for running the Calrissian pod |
+| imageCredentials | list | `[{"auth":"bXNhZ2....RVURt","registry":"ghcr.io"},{"auth":"ZmFi...mlRTldqZw==","https://index.docker.io/v1/":null}]` | container registries credentials |
+| imageCredentials[0] | object | `{"auth":"bXNhZ2....RVURt","registry":"ghcr.io"}` | registry is the container registry |
+| imageCredentials[0].auth | string | `"bXNhZ2....RVURt"` | auth is the base64 auth string (see your ~/.docker/config.json file) |
+| nodeSelector | object | `{"k8s.scaleway.com/pool-name":"processing-node-pool-iride-xl"}` | specify the node selector for the Calrissian pod and the Calrissian worker pods |
+| podAnnotations | object | `{}` | optional pod annotations |
+| podSecurityContext | object | `{}` | additional settings for the pod security context |
+| replicaCount | int | `1` | number of pods, one is usually enough |
+| resources | object | `{"limits":{"cpu":"4","memory":"12Gi"},"requests":{"cpu":"4","memory":"8Gi"}}` | specify the resources for the Calrissian pod |
+| s3 | object | `{"access_key_id":"SC...8Z","bucket_pattern":"s3:\\/\\/ir....tplace\\/.*","enabled":true,"endpoint_url":"https://s3.....cloud","region":"...","secret_access_key":"bf...dc6","signature_version":"s3v4"}` | use s3, if true, configMaps are mounted to access the S3 bucket |
+| securityContext | object | `{"privileged":true}` | running with privileged set to true allows running podman in the Calrissian pod |
+| serviceAccount | object | `{"annotations":{},"create":true,"name":"calrissian-sa"}` | Service account to use |
+| serviceAccount.annotations | object | `{}` | Annotations to add to the service account |
+| serviceAccount.create | bool | `true` | Specifies whether a service account should be created |
+| serviceAccount.name | string | `"calrissian-sa"` | The name of the service account to use. |
+| storageClass | string | `"openebs-kernel-nfs-scw"` | ReadWriteMany storage class for Calrissian worker  |
+| tolerations | list | `[]` | tolerations |
+| volumeSize | string | `"10Gi"` | size of the ReadWriteMany volume for Calrissian executions |
+
 ## Requirements
 
 - a kubeconfig file to access a kubernetes cluster

charts/calrissian-session/Chart.yaml

@@ -15,7 +15,7 @@ type: application
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 0.1.11
+version: 0.1.12
 
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to

charts/calrissian-session/templates/cm_cr.yaml

@@ -1,4 +1,3 @@
-{{- if .Values.containerRegistry.enabled -}}
 kind: ConfigMap
 apiVersion: v1
 metadata:
@@ -7,4 +6,3 @@ metadata:
 data:
   container-registry: |
 {{- include "dockerconfigjson.b64dec" . | nindent 6 }}
-{{- end }}

charts/calrissian-session/templates/cm_user_settings.yaml

@@ -10,12 +10,12 @@ data:
         "S3": {
             "Services": {
                 "iride": {
-                    "UrlPattern":  {{ .Values.s3.bucket_pattern }},
-                    "Region":  {{ .Values.s3.region }},
-                    "AuthenticationRegion":  {{ .Values.s3.region }},
-                    "AccessKey": {{ .Values.s3.access_key_id }},
-                    "SecretKey": {{ .Values.s3.secret_access_key }},
-                    "ServiceURL": {{ .Values.s3.endpoint_url }},
+                    "UrlPattern": "{{ .Values.s3.bucket_pattern }}",
+                    "Region": "{{ .Values.s3.region }}",
+                    "AuthenticationRegion": "{{ .Values.s3.region }}",
+                    "AccessKey": "{{ .Values.s3.access_key_id }}",
+                    "SecretKey": "{{ .Values.s3.secret_access_key }}",
+                    "ServiceURL": "{{ .Values.s3.endpoint_url }}",
                     "ForcePathStyle": true
                 }
             }

charts/calrissian-session/templates/cr_secret.yaml

@@ -1,10 +1,8 @@
-{{- if .Values.containerRegistry.enabled -}}
 apiVersion: v1
 kind: Secret
 metadata:
   name: container-rg-config
 type: kubernetes.io/dockerconfigjson
 data:
   .dockerconfigjson: {{ template "dockerconfigjson.b64enc" . }}
-{{- end }}
 

charts/calrissian-session/templates/deployment.yaml

@@ -39,7 +39,11 @@ spec:
           lifecycle:
             postStart:
               exec:
+                {{- if .Values.s3.enabled }}
+                command: ["/bin/sh", "-c", "cp -r /home/.docker /workspace/.podman && cp -r /home/.aws /workspace/.aws && chown -R mambauser:100 /workspace/.podman && chown -R mambauser:100 /calrissian" ]  
+                {{ else }}
                 command: ["/bin/sh", "-c", "cp -r /home/.docker /workspace/.podman && chown -R mambauser:100 /workspace/.podman && chown -R mambauser:100 /calrissian" ]
+                {{ end }}
           command: ["sleep"]
           args: ["604800"]
           resources:
@@ -62,11 +66,9 @@ spec:
             mountPath: /etc/Stars/appsettings.json
             subPath: user-settings
           {{- end }}  
-          {{- if .Values.containerRegistry.enabled }}
           - name: container-registry
             mountPath: /home/.docker/config.json
             subPath: container-registry
-          {{- end }}
           env:
           - name: CALRISSIAN_POD_NAME
             valueFrom: {fieldRef: {fieldPath: metadata.name}}
@@ -103,11 +105,9 @@ spec:
         configMap:
           name: user-settings
       {{- end }}
-      {{- if .Values.containerRegistry.enabled }}
       - name: container-registry
         configMap:
           name: container-registry
-      {{- end }}
       {{- with .Values.nodeSelector }}
       nodeSelector:
         {{- toYaml . | nindent 8 }}

charts/calrissian-session/values.yaml

@@ -1,73 +1,73 @@
 # Default values for calrissian-session.
-# This is a YAML-formatted file.
 
-# number of pods 
+# -- number of pods, one is usually enough
 replicaCount: 1
 
-# container image for running the pod
+# -- Calrissian container image for running the Calrissian pod
 image:
-  repository: terradue/calrissian-session:develop
-  pullPolicy: IfNotPresent
+  repository:  ghcr.io/terradue/calrissian-session/calrissian-session
+  pullPolicy: Always
   tag: latest
 
+# -- specify the resources for the Calrissian pod
+resources:
+  requests:
+    memory: "8Gi"
+    cpu: "4"
+  limits:
+    memory: "12Gi"
+    cpu: "4"
 
+# -- Service account to use
 serviceAccount:
-  # Specifies whether a service account should be created
-  create: false
-  # Annotations to add to the service account
+  # -- Specifies whether a service account should be created
+  create: true
+  # -- Annotations to add to the service account
   annotations: {}
-  # The name of the service account to use.
+  # -- The name of the service account to use.
   name: "calrissian-sa"
 
-# optional pod annotations
+# -- optional pod annotations
 podAnnotations: {}
 
-# additional settings for the pod security context
+# -- additional settings for the pod security context
 podSecurityContext: {}
 
-# running with privileged set to true allows running podman in the pod
+# -- running with privileged set to true allows running podman in the Calrissian pod
 securityContext: 
   privileged: true
 
-service:
-  type: ClusterIP
-  port: 80
+# -- specify the node selector for the Calrissian pod and the Calrissian worker pods
+nodeSelector: 
+  k8s.scaleway.com/pool-name: processing-node-pool-iride-xl
 
-# specify the resources for the pod
-resources: {}
-
-# specify the node selector
-nodeSelector: {}
-
-# tolerations
+# -- tolerations
 tolerations: []
 
-# node affinity
+# -- node affinity
 affinity: {}
 
-# ReadWriteMany storage class to use
+# -- ReadWriteMany storage class for Calrissian worker 
 storageClass: openebs-kernel-nfs-scw
+# -- size of the ReadWriteMany volume for Calrissian executions
+volumeSize: 10Gi
 
-# size of the ReadWriteMany volumes 
-persistence:
-  calrissian: 10Gi
 
-# use s3, if true, configMaps are mounted to access the S3 bucket
+# -- use s3, if true, configMaps are mounted to access the S3 bucket
 s3:
-  enabled: false
-  access_key_id: <access_key_id>
-  secret_access_key: <secret_access_key>
-  region: <s3 region>
-  endpoint_url: <s3 service URL>
-  signature_version: s3v4
-
-# enable the configuration of the docker config file on the pod (support for podman pull)
-containerRegistry:
   enabled: true
+  access_key_id: "SC...8Z"
+  secret_access_key: "bf...dc6"
+  region: "..."
+  endpoint_url: "https://s3.....cloud"
+  signature_version: s3v4
+  bucket_pattern: 's3:\/\/ir....tplace\/.*'
 
-# container registries credentials
+# -- container registries credentials
 imageCredentials:
-    # registry is the container registry
-  - registry: https://index.docker.io/v1/
-    # auth is the base64 auth string (see your ~/.docker/config.json file)
-    auth: ""
+    # -- registry is the container registry
+  - registry: ghcr.io # mandatory
+    # -- auth is the base64 auth string (see your ~/.docker/config.json file)
+    auth: "bXNhZ2....RVURt"
+  - 'https://index.docker.io/v1/':
+    auth: "ZmFi...mlRTldqZw=="