diff --git a/README.md b/README.md index 2eb1e20..864d6a0 100644 --- a/README.md +++ b/README.md @@ -76,6 +76,7 @@ TODO | developer.enableCoverage | bool | `false` | | | developer.enabled | bool | `true` | | | developer.localCSPath | string | `"/local_cs_store"` | | +| developer.nodeImage | string | `"node:16-alpine"` | | | developer.nodeModuleToInstall | string | `nil` | | | developer.pythonModulesToEditableInstall | list | `[]` | | | developer.sourcePath | string | `"/diracx_source"` | | @@ -115,13 +116,11 @@ TODO | diracx.settings.DIRACX_CONFIG_BACKEND_URL | string | `"git+file:///cs_store/initialRepo"` | | | diracx.settings.DIRACX_SERVICE_AUTH_ALLOWED_REDIRECTS | string | `"[\"http://anything:8000/docs/oauth2-redirect\"]"` | | | diracx.settings.DIRACX_SERVICE_AUTH_TOKEN_KEY | string | `"file:///signing-key/rsa256.key"` | | -| diracxWeb.image.pullPolicy | string | `"IfNotPresent"` | | -| diracxWeb.image.repository | string | `"ghcr.io/diracgrid/diracx-web/client"` | | +| diracxWeb.image.pullPolicy | string | `"Always"` | | +| diracxWeb.image.repository | string | `"ghcr.io/diracgrid/diracx-web/static"` | | | diracxWeb.image.tag | string | `"latest"` | | -| diracxWeb.service.port | int | `3000` | | +| diracxWeb.service.port | int | `8080` | | | diracxWeb.service.type | string | `"ClusterIP"` | | -| diracxWeb.settings.DEFAULT_SCOPE | string | `"vo:diracAdmin"` | | -| diracxWeb.settings.DIRACX_CLIENT_ID | string | `"myDIRACClientID"` | | | fullnameOverride | string | `""` | | | global.batchJobTTL | int | `600` | | | image.pullPolicy | string | `"Always"` | | diff --git a/demo/demo_cluster_conf.tpl.yaml b/demo/demo_cluster_conf.tpl.yaml index 156e699..6acab4f 100644 --- a/demo/demo_cluster_conf.tpl.yaml +++ b/demo/demo_cluster_conf.tpl.yaml @@ -24,9 +24,6 @@ nodes: - containerPort: 443 hostPort: 8000 protocol: TCP - - containerPort: 3000 - hostPort: 3000 - protocol: TCP - containerPort: 32000 hostPort: 32000 protocol: TCP diff --git a/demo/values.tpl.yaml b/demo/values.tpl.yaml index d70274c..56e176e 100644 --- a/demo/values.tpl.yaml +++ b/demo/values.tpl.yaml @@ -18,16 +18,11 @@ init-cs: diracx: hostname: {{ hostname }} settings: - DIRACX_SERVICE_AUTH_ALLOWED_REDIRECTS: '["https://{{ hostname }}:8000/api/docs/oauth2-redirect", "https://{{ hostname }}:8000/dashboard/#authentication-callback"]' + DIRACX_SERVICE_AUTH_ALLOWED_REDIRECTS: '["https://{{ hostname }}:8000/api/docs/oauth2-redirect", "https://{{ hostname }}:8000/#authentication-callback"]' DIRACX_SANDBOX_STORE_BUCKET_NAME: demo-sandboxes DIRACX_SANDBOX_STORE_S3_CLIENT_KWARGS: '{"endpoint_url": "http://{{ hostname }}:32000", "aws_access_key_id": "console", "aws_secret_access_key": "console123"}' DIRACX_SANDBOX_STORE_AUTO_CREATE_BUCKET: "true" -diracxWeb: - settings: - REDIRECT_URI: https://{{ hostname }}:8000/dashboard/#authentication-callback - NEXT_PUBLIC_DIRACX_URL: https://{{ hostname }}:8000/api - minio: environment: MINIO_BROWSER_REDIRECT_URL: http://{{ hostname }}:32001/ diff --git a/diracx/templates/secrets.yaml b/diracx/templates/secrets.yaml index de71a37..ced7fcb 100644 --- a/diracx/templates/secrets.yaml +++ b/diracx/templates/secrets.yaml @@ -10,13 +10,6 @@ stringData: {{- end }} {{- end }} --- -apiVersion: v1 -kind: Secret -metadata: - name: diracx-web-secrets -stringData: -{{ .Values.diracxWeb.settings | toYaml | indent 2 }} ---- {{- if index .Values "init-sql" "enabled" }} apiVersion: v1 kind: Secret diff --git a/diracx/templates/web-deployment.yaml b/diracx/templates/web-deployment.yaml index c749b47..954ec80 100644 --- a/diracx/templates/web-deployment.yaml +++ b/diracx/templates/web-deployment.yaml @@ -1,3 +1,5 @@ +{{- $nodeDevInstall := and .Values.developer.enabled (empty .Values.developer.nodeModuleToInstall | not) -}} +{{- $nodeModulePath := $nodeDevInstall | ternary (printf "%s/%s" .Values.developer.sourcePath .Values.developer.nodeModuleToInstall) "" -}} apiVersion: apps/v1 kind: Deployment metadata: @@ -28,17 +30,48 @@ spec: securityContext: {{- toYaml .Values.podSecurityContext | nindent 8 }} volumes: - {{- if and .Values.developer.enabled .Values.developer.nodeModuleToInstall }} + {{- if $nodeDevInstall }} - name: diracx-web-code-mount persistentVolumeClaim: claimName: pvc-diracx-code + - name: diracx-web-scratch-node-modules + empty-dir: + sizeLimit: 1Gi + - name: diracx-web-scratch-next + empty-dir: + sizeLimit: 1Gi {{- end }} + initContainers: + {{- if $nodeDevInstall }} + - name: install-deps + image: {{ .Values.developer.nodeImage }} + imagePullPolicy: {{ .Values.image.pullPolicy }} + # We use "npm ci" instead of "npm install" so it will use the package-lock.json file + # rather than using the package.json file. Using package.json would fail as the mount + # is read-only so package-lock.json can't be edited. + command: ["npm", "ci"] + workingDir: {{ $nodeModulePath }} + volumeMounts: + - mountPath: "{{ .Values.developer.sourcePath }}/{{ .Values.developer.nodeModuleToInstall }}" + name: "diracx-web-code-mount" + subPath: "{{ .Values.developer.nodeModuleToInstall }}" + readOnly: true + - mountPath: "{{ $nodeModulePath }}/node_modules" + name: "diracx-web-scratch-node-modules" + - mountPath: "{{ $nodeModulePath }}/.next" + name: "diracx-web-scratch-next" + {{- end }} + containers: - name: {{ .Chart.Name }}-web securityContext: {{- toYaml .Values.securityContext | nindent 12 }} - image: "{{ .Values.diracxWeb.image.repository }}:{{ .Values.diracxWeb.image.tag | default .Chart.AppVersion }}" + {{- if $nodeDevInstall }} + image: {{ .Values.developer.nodeImage }} + {{- else }} + image: {{ .Values.diracxWeb.image.repository }}:{{ .Values.diracxWeb.image.tag }} + {{- end }} imagePullPolicy: {{ .Values.diracxWeb.image.pullPolicy }} ports: - name: http @@ -52,20 +85,20 @@ spec: httpGet: path: / port: http - {{- if and .Values.developer.enabled .Values.developer.nodeModuleToInstall }} - command: ["npm", "run", "dev", "--prefix", {{ printf "%s/%s" $.Values.developer.sourcePath $.Values.developer.nodeModuleToInstall }}] + {{- if $nodeDevInstall }} + command: ["npm", "run", "dev", "--prefix", "{{ $nodeModulePath }}", "--", "-p", "{{ .Values.diracxWeb.service.port }}"] + {{- end }} volumeMounts: - - mountPath: {{ .Values.developer.sourcePath }} + {{- if $nodeDevInstall }} + - mountPath: "{{ .Values.developer.sourcePath }}/{{ .Values.developer.nodeModuleToInstall }}" name: "diracx-web-code-mount" + subPath: "{{ .Values.developer.nodeModuleToInstall }}" readOnly: true - {{- else if .Values.developer.enabled }} - command: ["npm", "run", "dev"] - {{- else }} - command: ["npm", "start"] + - mountPath: "{{ $nodeModulePath }}/node_modules" + name: "diracx-web-scratch-node-modules" + - mountPath: "{{ $nodeModulePath }}/.next" + name: "diracx-web-scratch-next" {{- end }} - envFrom: - - secretRef: - name: diracx-web-secrets resources: {{- toYaml .Values.resources | nindent 12 }} {{- with .Values.nodeSelector }} diff --git a/diracx/values.yaml b/diracx/values.yaml index 7cf132a..6730987 100644 --- a/diracx/values.yaml +++ b/diracx/values.yaml @@ -81,6 +81,8 @@ developer: pythonModulesToEditableInstall: [] # List of node modules to install nodeModuleToInstall: null + # Image to use for the webapp if nodeModuleToInstall is set + nodeImage: node:16-alpine # Enable collection of coverage reports (intended for CI usage only) enableCoverage: false # Enable automatic reloading inside uvicorn when the sources change @@ -125,16 +127,12 @@ ingress: diracxWeb: image: - repository: ghcr.io/diracgrid/diracx-web/client - pullPolicy: IfNotPresent + repository: ghcr.io/diracgrid/diracx-web/static + pullPolicy: Always tag: latest - settings: - # This corresponds to the basic .env file - DIRACX_CLIENT_ID: "myDIRACClientID" - DEFAULT_SCOPE: "vo:diracAdmin" service: type: ClusterIP - port: 3000 + port: 8080 ##########################