From beacb8a5285583766848aab9fb2c8a370d26850d Mon Sep 17 00:00:00 2001 From: Filippo Ledda Date: Tue, 22 Aug 2023 16:07:42 +0200 Subject: [PATCH 1/6] #701 proxies configuration --- .../helm/templates/auto-gatekeepers.yaml | 10 +++++++--- deployment-configuration/helm/templates/ingress.yaml | 5 ++++- deployment-configuration/helm/values.yaml | 10 ++++++++++ deployment-configuration/value-template.yaml | 10 ++++++++++ 4 files changed, 31 insertions(+), 4 deletions(-) diff --git a/deployment-configuration/helm/templates/auto-gatekeepers.yaml b/deployment-configuration/helm/templates/auto-gatekeepers.yaml index 47815797..898995cd 100644 --- a/deployment-configuration/helm/templates/auto-gatekeepers.yaml +++ b/deployment-configuration/helm/templates/auto-gatekeepers.yaml @@ -18,8 +18,12 @@ data: enable-default-deny: {{ eq (.app.harness.secured | toString) "true" }} listen: 0.0.0.0:8080 enable-refresh-tokens: true - server-write-timeout: 180s - upstream-response-header-timeout: 180s + server-write-timeout: {{ .app.harness.proxy.timeout.send | default .root.Values.proxy.timeout.send | default 180 }}s + upstream-timeout: {{ .app.harness.proxy.timeout.read | default .root.Values.proxy.timeout.read | default 180 }}s + upstream-response-header-timeout: {{ .app.harness.proxy.timeout.read | default .root.Values.proxy.timeout.read | default 180 }}s + upstream-expect-continue-timeout: {{ .app.harness.proxy.timeout.read | default .root.Values.proxy.timeout.read | default 180 }}s + server-read-timeout: {{ .app.harness.proxy.timeout.read | default .root.Values.proxy.timeout.read | default 180 }}s + upstream-keepalive-timeout: {{ .app.harness.proxy.timeout.keepalive | default .root.Values.proxy.timeout.keepalive | default 180 }}s http-only-cookie: false tls-cert: tls-private-key: @@ -65,7 +69,7 @@ data:

403 Permission Denied

Sorry, you do not have access to this page, please contact your administrator. - If you have been assigned new authorizations try to login again. + If you have been assigned new authorizations, try to refresh the page or to login again.
diff --git a/deployment-configuration/helm/templates/ingress.yaml b/deployment-configuration/helm/templates/ingress.yaml index af59d0a4..38b568a2 100644 --- a/deployment-configuration/helm/templates/ingress.yaml +++ b/deployment-configuration/helm/templates/ingress.yaml @@ -38,10 +38,13 @@ metadata: cert-manager.io/issuer: {{ printf "%s-%s" "letsencrypt" .Values.namespace }} {{- end }} nginx.ingress.kubernetes.io/ssl-redirect: {{ (and $tls .Values.ingress.ssl_redirect) | quote }} - nginx.ingress.kubernetes.io/proxy-body-size: '250m' + nginx.ingress.kubernetes.io/proxy-body-size: '{{ .Values.proxy.payload.max }}m' nginx.ingress.kubernetes.io/proxy-buffer-size: '128k' nginx.ingress.kubernetes.io/from-to-www-redirect: 'true' nginx.ingress.kubernetes.io/rewrite-target: /$1 + nginx.ingress.kubernetes.io/auth-keepalive-timeout: {{ .Values.proxy.timeout.keepalive | quote }} + nginx.ingress.kubernetes.io/proxy-read-timeout: {{ .Values.proxy.timeout.read | quote }} + nginx.ingress.kubernetes.io/proxy-send-timeout: {{ .Values.proxy.timeout.send | quote }} spec: rules: {{- range $app := .Values.apps }} diff --git a/deployment-configuration/helm/values.yaml b/deployment-configuration/helm/values.yaml index 6cf16d1e..5b09fd71 100644 --- a/deployment-configuration/helm/values.yaml +++ b/deployment-configuration/helm/values.yaml @@ -67,3 +67,13 @@ backup: memory: "64Mi" # -- K8s cpu resource definition. cpu: "50m" +proxy: + timeout: + # -- Timeout for proxy connections in seconds. + send: 60 + # -- Timeout for proxy responses in seconds. + read: 60 + keepalive: 60 + payload: + # -- Maximum size of payload in MB + max: 100 diff --git a/deployment-configuration/value-template.yaml b/deployment-configuration/value-template.yaml index 16c00b3a..98810629 100644 --- a/deployment-configuration/value-template.yaml +++ b/deployment-configuration/value-template.yaml @@ -125,3 +125,13 @@ harness: smoketest: true ignoreConsoleErrors: false ignoreRequestErrors: false + proxy: + timeout: + # -- Timeout for proxy connections in seconds. + send: + # -- Timeout for proxy responses in seconds. + read: + keepalive: + payload: + # -- Maximum size of payload in MB + max: \ No newline at end of file From 93e634c8ddf8c8645a894c54c92a4f414a475932 Mon Sep 17 00:00:00 2001 From: Filippo Ledda Date: Tue, 22 Aug 2023 16:08:03 +0200 Subject: [PATCH 2/6] #701 update model --- docs/model/ApplicationHarnessConfig.md | 1 + docs/model/HarnessMainConfig.md | 2 +- docs/model/Quota.md | 2 +- docs/model/SimpleMap.md | 2 +- libraries/models/api/openapi.yaml | 1661 +++++++++-------- .../models/application_harness_config.py | 42 +- .../models/harness_main_config.py | 8 +- .../models/jupyter_hub_config.py | 8 +- .../cloudharness_model/models/user_group.py | 8 +- 9 files changed, 886 insertions(+), 848 deletions(-) diff --git a/docs/model/ApplicationHarnessConfig.md b/docs/model/ApplicationHarnessConfig.md index a83f853a..8e8a251d 100644 --- a/docs/model/ApplicationHarnessConfig.md +++ b/docs/model/ApplicationHarnessConfig.md @@ -30,6 +30,7 @@ Key | Input Type | Accessed Type | Description | Notes **jupyterhub** | [**JupyterHubConfig**](JupyterHubConfig.md) | [**JupyterHubConfig**](JupyterHubConfig.md) | | [optional] **accounts** | [**ApplicationAccountsConfig**](ApplicationAccountsConfig.md) | [**ApplicationAccountsConfig**](ApplicationAccountsConfig.md) | | [optional] **test** | [**ApplicationTestConfig**](ApplicationTestConfig.md) | [**ApplicationTestConfig**](ApplicationTestConfig.md) | | [optional] +**quotas** | [**Quota**](Quota.md) | [**Quota**](Quota.md) | | [optional] **any_string_name** | dict, frozendict.frozendict, str, date, datetime, uuid.UUID, int, float, decimal.Decimal, bool, None, list, tuple, bytes, io.FileIO, io.BufferedReader, | frozendict.frozendict, str, decimal.Decimal, BoolClass, NoneClass, tuple, bytes, FileIO | any string name can be used but the value must be the correct type | [optional] # aliases diff --git a/docs/model/HarnessMainConfig.md b/docs/model/HarnessMainConfig.md index d7d72df1..9f00bc2b 100644 --- a/docs/model/HarnessMainConfig.md +++ b/docs/model/HarnessMainConfig.md @@ -21,7 +21,7 @@ Key | Input Type | Accessed Type | Description | Notes **backup** | [**BackupConfig**](BackupConfig.md) | [**BackupConfig**](BackupConfig.md) | | [optional] **name** | str, | str, | Base name | [optional] **task-images** | [**SimpleMap**](SimpleMap.md) | [**SimpleMap**](SimpleMap.md) | | [optional] -**any_string_name** | dict, frozendict.frozendict, str, date, datetime, int, float, bool, decimal.Decimal, None, list, tuple, bytes, io.FileIO, io.BufferedReader | frozendict.frozendict, str, BoolClass, decimal.Decimal, NoneClass, tuple, bytes, FileIO | any string name can be used but the value must be the correct type | [optional] +**any_string_name** | dict, frozendict.frozendict, str, date, datetime, uuid.UUID, int, float, decimal.Decimal, bool, None, list, tuple, bytes, io.FileIO, io.BufferedReader, | frozendict.frozendict, str, decimal.Decimal, BoolClass, NoneClass, tuple, bytes, FileIO | any string name can be used but the value must be the correct type | [optional] # env diff --git a/docs/model/Quota.md b/docs/model/Quota.md index ddf78dea..8124fe92 100644 --- a/docs/model/Quota.md +++ b/docs/model/Quota.md @@ -8,7 +8,7 @@ dict, frozendict.frozendict, | frozendict.frozendict, | | ### Dictionary Keys Key | Input Type | Accessed Type | Description | Notes ------------ | ------------- | ------------- | ------------- | ------------- -**any_string_name** | str, | str, | any string name can be used but the value must be the correct type | [optional] +**any_string_name** | dict, frozendict.frozendict, str, date, datetime, uuid.UUID, int, float, decimal.Decimal, bool, None, list, tuple, bytes, io.FileIO, io.BufferedReader, | frozendict.frozendict, str, decimal.Decimal, BoolClass, NoneClass, tuple, bytes, FileIO | any string name can be used but the value must be the correct type | [optional] [[Back to Model list]](../../README.md#documentation-for-models) [[Back to API list]](../../README.md#documentation-for-api-endpoints) [[Back to README]](../../README.md) diff --git a/docs/model/SimpleMap.md b/docs/model/SimpleMap.md index 4106066b..37074b56 100644 --- a/docs/model/SimpleMap.md +++ b/docs/model/SimpleMap.md @@ -8,7 +8,7 @@ dict, frozendict.frozendict, | frozendict.frozendict, | | ### Dictionary Keys Key | Input Type | Accessed Type | Description | Notes ------------ | ------------- | ------------- | ------------- | ------------- -**any_string_name** | str, | str, | any string name can be used but the value must be the correct type | [optional] +**any_string_name** | dict, frozendict.frozendict, str, date, datetime, uuid.UUID, int, float, decimal.Decimal, bool, None, list, tuple, bytes, io.FileIO, io.BufferedReader, | frozendict.frozendict, str, decimal.Decimal, BoolClass, NoneClass, tuple, bytes, FileIO | any string name can be used but the value must be the correct type | [optional] [[Back to Model list]](../../README.md#documentation-for-models) [[Back to API list]](../../README.md#documentation-for-api-endpoints) [[Back to README]](../../README.md) diff --git a/libraries/models/api/openapi.yaml b/libraries/models/api/openapi.yaml index a2d8400e..577bff53 100644 --- a/libraries/models/api/openapi.yaml +++ b/libraries/models/api/openapi.yaml @@ -1,839 +1,848 @@ ---- openapi: 3.0.2 info: - title: cloudharness - version: 1.0.0 + title: cloudharness + version: 1.0.0 components: - schemas: - AutoArtifactSpec: - description: "" - required: - - auto - type: object - properties: - auto: - description: "When true, enables automatic template" - type: boolean - name: - description: "" - type: string - UriRoleMappingConfig: - description: - "Defines the application Gatekeeper configuration, if enabled (i.e.\ - \ `secured: true`." - required: - - roles - - uri - type: object - properties: - uri: - $ref: "#/components/schemas/PathSpecifier" - description: Path to secure - roles: - description: Roles allowed to access the present uri - type: array - items: - type: string - ServiceAutoArtifactConfig: - description: "" - type: object - allOf: - - type: object - properties: - port: - description: Service port - type: integer - - $ref: "#/components/schemas/AutoArtifactSpec" - ApplicationDependenciesConfig: - description: "" - type: object - properties: - hard: - description: - Hard dependencies indicate that the application may not start - without these other applications. - type: array - items: - type: string - soft: - description: - Soft dependencies indicate that the application will work partially - without these other applications. - type: array - items: - type: string - build: - description: - Hard dependencies indicate that the application Docker image - build requires these base/common images - type: array - items: + schemas: + AutoArtifactSpec: + description: '' + required: + - auto + type: object + properties: + auto: + description: 'When true, enables automatic template' + type: boolean + name: + description: '' + type: string + UriRoleMappingConfig: + description: 'Defines the application Gatekeeper configuration, if enabled (i.e. `secured: true`.' + required: + - roles + - uri + type: object + properties: + uri: + $ref: '#/components/schemas/PathSpecifier' + description: Path to secure + roles: + description: Roles allowed to access the present uri + type: array + items: + type: string + ServiceAutoArtifactConfig: + description: '' + type: object + allOf: + - + type: object + properties: + port: + description: Service port + type: integer + - + $ref: '#/components/schemas/AutoArtifactSpec' + ApplicationDependenciesConfig: + description: '' + type: object + properties: + hard: + description: >- + Hard dependencies indicate that the application may not start without these other + applications. + type: array + items: + type: string + soft: + description: >- + Soft dependencies indicate that the application will work partially without these + other applications. + type: array + items: + type: string + build: + description: >- + Hard dependencies indicate that the application Docker image build requires these + base/common images + type: array + items: + type: string + DeploymentResourcesConf: + description: '' + type: object + properties: + requests: + $ref: '#/components/schemas/CpuMemoryConfig' + description: '' + limits: + $ref: '#/components/schemas/CpuMemoryConfig' + description: '' + CpuMemoryConfig: + description: '' + type: object + properties: + cpu: + description: '' + type: string + memory: + description: '' + type: string + FileResourcesConfig: + description: '' + required: + - name + - src + - dst + type: object + properties: + name: + $ref: '#/components/schemas/Filename' + description: '' + src: + $ref: '#/components/schemas/Filename' + description: '' + dst: + description: '' + type: string + ApplicationProbe: + description: >- + Define a Kubernetes probe See also the + + [official + documentation](https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/) + required: + - path + type: object + properties: + path: + $ref: '#/components/schemas/URL' + description: '' + periodSeconds: + description: '' + type: number + failureThreshold: + description: '' + type: number + initialDelaySeconds: + description: '' + type: number + URL: + description: '' type: string - DeploymentResourcesConf: - description: "" - type: object - properties: - requests: - $ref: "#/components/schemas/CpuMemoryConfig" - description: "" - limits: - $ref: "#/components/schemas/CpuMemoryConfig" - description: "" - CpuMemoryConfig: - description: "" - type: object - properties: - cpu: - description: "" - type: string - memory: - description: "" - type: string - FileResourcesConfig: - description: "" - required: - - name - - src - - dst - type: object - properties: - name: - $ref: "#/components/schemas/Filename" - description: "" - src: - $ref: "#/components/schemas/Filename" - description: "" - dst: - description: "" - type: string - ApplicationProbe: - description: |- - Define a Kubernetes probe See also the - [official documentation](https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/) - required: - - path - type: object - properties: - path: - $ref: "#/components/schemas/URL" - description: "" - periodSeconds: - description: "" - type: number - failureThreshold: - description: "" - type: number - initialDelaySeconds: - description: "" - type: number - URL: - description: "" - type: string - ApplicationConfig: - description: Place here the values to configure your application helm templates. - required: - - harness - type: object - properties: - harness: - $ref: "#/components/schemas/ApplicationHarnessConfig" - description: - Values inside this section have a special meaning to cloudharness - (e.g. enabling and configuring automatic deployment) - additionalProperties: true - HarnessMainConfig: - description: "" - required: - - local - - secured_gatekeepers - - domain - - namespace - - mainapp - - apps - type: object - properties: - local: - description: "If set to true, local DNS mapping is added to pods." - type: boolean - secured_gatekeepers: - description: - Enables/disables Gatekeepers on secured applications. Set to - false for testing/development - type: boolean - domain: - description: The root domain - type: string - example: The root domain. - namespace: - description: The K8s namespace. - type: string - mainapp: - description: Defines the app to map to the root domain - type: string - registry: - $ref: "#/components/schemas/RegistryConfig" - description: "" - tag: - description: Docker tag used to push/pull the built images. - type: string - apps: - $ref: "#/components/schemas/ApplicationsConfigsMap" - description: "" - env: - description: Environmental variables added to all pods - type: array - items: - $ref: "#/components/schemas/NameValue" - privenv: - $ref: "#/components/schemas/NameValue" - description: Private environmental variables added to all pods - backup: - $ref: "#/components/schemas/BackupConfig" - description: "" - name: - description: Base name - type: string - task-images: - $ref: "#/components/schemas/SimpleMap" - description: "" - RegistryConfig: - description: "" - required: - - name - type: object - properties: - name: - $ref: "#/components/schemas/URL" - description: The docker registry where built images are pushed - secret: - description: Optional secret used for pulling from docker registry. - type: string - SimpleMap: - description: "" - type: object - additionalProperties: - type: string - FreeObject: - description: "" - type: object - additionalProperties: true - DatabaseDeploymentConfig: - description: "" - type: object - allOf: - - type: object - properties: - type: - description: |- - Define the database type. + ApplicationConfig: + description: Place here the values to configure your application helm templates. + required: + - harness + type: object + properties: + harness: + $ref: '#/components/schemas/ApplicationHarnessConfig' + description: >- + Values inside this section have a special meaning to cloudharness (e.g. enabling and + configuring automatic deployment) + additionalProperties: true + RegistryConfig: + description: '' + required: + - name + type: object + properties: + name: + $ref: '#/components/schemas/URL' + description: The docker registry where built images are pushed + secret: + description: Optional secret used for pulling from docker registry. + type: string + FreeObject: + description: '' + type: object + additionalProperties: true + DatabaseDeploymentConfig: + description: '' + type: object + allOf: + - + type: object + properties: + type: + description: |- + Define the database type. - One of (mongo, postgres, neo4j, sqlite3) - pattern: ^(mongo|postgres|neo4j|sqlite3)$ - type: string - example: '"neo4j"' - size: - description: Specify database disk size - type: string - example: 1Gi - user: - description: database username - type: string - pass: - format: password - description: Database password - type: string - image_ref: - description: Used for referencing images from the build - type: string - example: "image_ref: myownpgimage" - mongo: - $ref: "#/components/schemas/FreeObject" - description: Mongo db specific configuration - postgres: - $ref: "#/components/schemas/FreeObject" - description: Postgres database specific configuration - neo4j: - description: Neo4j database specific configuration - resources: - $ref: "#/components/schemas/DeploymentResourcesConf" - description: Database deployment resources - - $ref: "#/components/schemas/AutoArtifactSpec" - ApplicationsConfigsMap: - description: "" - type: object - additionalProperties: - $ref: "#/components/schemas/ApplicationConfig" - NameValue: - description: "" - required: - - name - type: object - properties: - name: - description: "" - type: string - value: - description: "" - type: string - IngressConfig: - description: "" - type: object - allOf: - - type: object - properties: - ssl_redirect: - description: "" - type: boolean - letsencrypt: - description: "" - type: object - properties: + One of (mongo, postgres, neo4j, sqlite3) + pattern: ^(mongo|postgres|neo4j|sqlite3)$ + type: string + example: '"neo4j"' + size: + description: Specify database disk size + type: string + example: 1Gi + user: + description: database username + type: string + pass: + format: password + description: Database password + type: string + image_ref: + description: Used for referencing images from the build + type: string + example: 'image_ref: myownpgimage' + mongo: + $ref: '#/components/schemas/FreeObject' + description: Mongo db specific configuration + postgres: + $ref: '#/components/schemas/FreeObject' + description: Postgres database specific configuration + neo4j: + description: Neo4j database specific configuration + resources: + $ref: '#/components/schemas/DeploymentResourcesConf' + description: Database deployment resources + - + $ref: '#/components/schemas/AutoArtifactSpec' + ApplicationsConfigsMap: + description: '' + type: object + additionalProperties: + $ref: '#/components/schemas/ApplicationConfig' + NameValue: + description: '' + required: + - name + type: object + properties: + name: + description: '' + type: string + value: + description: '' + type: string + IngressConfig: + description: '' + type: object + allOf: + - + type: object + properties: + ssl_redirect: + description: '' + type: boolean + letsencrypt: + description: '' + type: object + properties: + email: + type: string + - + $ref: '#/components/schemas/AutoArtifactSpec' + BackupConfig: + description: '' + required: + - dir + - resources + type: object + properties: + active: + description: '' + type: boolean + keep_days: + description: '' + type: integer + keep_weeks: + description: '' + type: integer + keep_months: + description: '' + type: integer + schedule: + description: Cron expression + pattern: >- + /(@(annually|yearly|monthly|weekly|daily|hourly|reboot))|(@every + (\d+(ns|us|µs|ms|s|m|h))+)|((((\d+,)+\d+|(\d+(\/|-)\d+)|\d+|\*) ?){5,7})/ + type: string + suffix: + description: The file suffix added to backup files + volumesize: + description: The volume size for backups (all backups share the same volume) + type: string + dir: + $ref: '#/components/schemas/Filename' + description: 'Target directory of backups, the mount point of the persistent volume.' + resources: + $ref: '#/components/schemas/DeploymentResourcesConf' + description: '' + UserGroup: + type: object + properties: + access: + type: object + additionalProperties: true + attributes: + $ref: '#/components/schemas/SimpleMap' + additionalProperties: true + clientRoles: + type: object + additionalProperties: true + id: + type: string + name: + type: string + path: + type: string + realmRoles: + type: array + items: + type: string + subGroups: + type: array + items: + $ref: '#/components/schemas/UserGroup' + UserCredential: + type: object + properties: + createdDate: + format: int64 + type: integer + credentialData: + type: string + id: + type: string + priority: + format: int32 + type: integer + secretData: + type: string + temporary: + type: boolean + type: + type: string + userLabel: + type: string + value: + type: string + User: + type: object + properties: + access: + type: object + additionalProperties: true + attributes: + type: object + additionalProperties: true + clientRoles: + type: object + additionalProperties: true + createdTimestamp: + format: int64 + type: integer + credentials: + type: array + items: + $ref: '#/components/schemas/UserCredential' + disableableCredentialTypes: + type: array + items: + type: string email: - type: string - - $ref: "#/components/schemas/AutoArtifactSpec" - BackupConfig: - description: "" - required: - - dir - - resources - type: object - properties: - active: - description: "" - type: boolean - keep_days: - description: "" - type: integer - keep_weeks: - description: "" - type: integer - keep_months: - description: "" - type: integer - schedule: - description: Cron expression - pattern: - "/(@(annually|yearly|monthly|weekly|daily|hourly|reboot))|(@every\ - \ (\\d+(ns|us|µs|ms|s|m|h))+)|((((\\d+,)+\\d+|(\\d+(\\/|-)\\d+)|\\d+|\\\ - *) ?){5,7})/" - type: string - suffix: - description: The file suffix added to backup files - volumesize: - description: The volume size for backups (all backups share the same volume) - type: string - dir: - $ref: "#/components/schemas/Filename" - description: - "Target directory of backups, the mount point of the persistent\ - \ volume." - resources: - $ref: "#/components/schemas/DeploymentResourcesConf" - description: "" - Quota: - description: "" - type: object - additionalProperties: - type: string - example: - quota-ws-max: 5 - quota-storage-max: 1G - UserGroup: - type: object - properties: - access: - type: object - additionalProperties: true - attributes: - $ref: "#/components/schemas/SimpleMap" - additionalProperties: true - clientRoles: - type: object - additionalProperties: true - id: - type: string - name: - type: string - path: - type: string - realmRoles: - type: array - items: - type: string - subGroups: - type: array - items: - $ref: "#/components/schemas/UserGroup" - UserCredential: - type: object - properties: - createdDate: - format: int64 - type: integer - credentialData: - type: string - id: - type: string - priority: - format: int32 - type: integer - secretData: - type: string - temporary: - type: boolean - type: - type: string - userLabel: - type: string - value: - type: string - User: - type: object - properties: - access: - type: object - additionalProperties: true - attributes: - type: object - additionalProperties: true - clientRoles: - type: object - additionalProperties: true - createdTimestamp: - format: int64 - type: integer - credentials: - type: array - items: - $ref: "#/components/schemas/UserCredential" - disableableCredentialTypes: - type: array - items: - type: string - email: - type: string - emailVerified: - type: boolean - enabled: - type: boolean - federationLink: - type: string - firstName: - type: string - groups: - type: array - items: - type: string - id: - type: string - lastName: - type: string - realmRoles: - type: array - items: + type: string + emailVerified: + type: boolean + enabled: + type: boolean + federationLink: + type: string + firstName: + type: string + groups: + type: array + items: + type: string + id: + type: string + lastName: + type: string + realmRoles: + type: array + items: + type: string + requiredActions: + type: array + items: + type: string + serviceAccountClientId: + type: string + username: + type: string + additionalProperties: {} + Filename: + description: '' + pattern: '^[^<>:;,?*|]+$' type: string - requiredActions: - type: array - items: + PathSpecifier: + description: '' + pattern: '^[^<>:;,?|]+$' type: string - serviceAccountClientId: - type: string - username: - type: string - additionalProperties: {} - Filename: - description: "" - pattern: "^[^<>:;,?*|]+$" - type: string - PathSpecifier: - description: "" - pattern: "^[^<>:;,?|]+$" - type: string - CDCEvent: - description: |- - A message sent to the orchestration queue. - Applications can listen to these events to react to data change events happening - on other applications. - required: - - message_type - - operation - - uid - - meta - type: object - properties: - operation: - description: the operation on the object e.g. create / update / delete - enum: - - create - - update - - delete - - other - type: string - uid: - description: the unique identifier attribute of the object - type: string - message_type: - description: the type of the message (relates to the object type) e.g. jobs - type: string - resource: - $ref: "#/components/schemas/FreeObject" - description: The target object - meta: - $ref: "#/components/schemas/CDCEventMeta" - description: "" - CDCEventMeta: - description: "" - required: - - app_name - type: object - properties: - app_name: - description: The name of the application/microservice sending the message - type: string - user: - $ref: "#/components/schemas/User" - description: "" - args: - description: the caller function arguments - type: array - items: - $ref: "#/components/schemas/FreeObject" - kwargs: - description: the caller function keyword arguments - description: - description: General description -- for human consumption - type: string - ApplicationHarnessConfig: - description: - "Define helm variables that allow CloudHarness to enable and configure\ - \ your \napplication's deployment" - required: [] - type: object - properties: - deployment: - $ref: "#/components/schemas/DeploymentAutoArtifactConfig" - description: - Defines reference deployment parameters. Values maps to k8s - spec - service: - $ref: "#/components/schemas/ServiceAutoArtifactConfig" - description: Defines automatic service parameters. - subdomain: - description: "If specified, an ingress will be created at [subdomain].[.Values.domain]" - type: string - aliases: - description: - "If specified, an ingress will be created at [alias].[.Values.domain]\ - \ for each alias" - type: array - items: - type: string - domain: - description: "If specified, an ingress will be created at [domain]" - type: string - dependencies: - $ref: "#/components/schemas/ApplicationDependenciesConfig" - description: - Application dependencies are used to define what is required - in the deployment when --include (-i) is used. Specify application names - in the list. - secured: - description: "When true, the application is shielded with a getekeeper" - type: boolean - uri_role_mapping: - description: - "Map uri/roles to secure with the Gatekeeper (if `secured:\ - \ true`)" - type: array - items: - $ref: "#/components/schemas/UriRoleMappingConfig" - secrets: - $ref: "#/components/schemas/SimpleMap" - description: |- - Define secrets will be mounted in the deployment + CDCEvent: + description: |- + A message sent to the orchestration queue. + Applications can listen to these events to react to data change events happening + on other applications. + required: + - message_type + - operation + - uid + - meta + type: object + properties: + operation: + description: the operation on the object e.g. create / update / delete + enum: + - create + - update + - delete + - other + type: string + uid: + description: the unique identifier attribute of the object + type: string + message_type: + description: the type of the message (relates to the object type) e.g. jobs + type: string + resource: + $ref: '#/components/schemas/FreeObject' + description: The target object + meta: + $ref: '#/components/schemas/CDCEventMeta' + description: '' + CDCEventMeta: + description: '' + required: + - app_name + type: object + properties: + app_name: + description: The name of the application/microservice sending the message + type: string + user: + $ref: '#/components/schemas/User' + description: '' + args: + description: the caller function arguments + type: array + items: + $ref: '#/components/schemas/FreeObject' + kwargs: + description: the caller function keyword arguments + description: + description: General description -- for human consumption + type: string + ApplicationHarnessConfig: + description: |- + Define helm variables that allow CloudHarness to enable and configure your + application's deployment + required: [] + type: object + properties: + deployment: + $ref: '#/components/schemas/DeploymentAutoArtifactConfig' + description: Defines reference deployment parameters. Values maps to k8s spec + service: + $ref: '#/components/schemas/ServiceAutoArtifactConfig' + description: Defines automatic service parameters. + subdomain: + description: 'If specified, an ingress will be created at [subdomain].[.Values.domain]' + type: string + aliases: + description: 'If specified, an ingress will be created at [alias].[.Values.domain] for each alias' + type: array + items: + type: string + domain: + description: 'If specified, an ingress will be created at [domain]' + type: string + dependencies: + $ref: '#/components/schemas/ApplicationDependenciesConfig' + description: >- + Application dependencies are used to define what is required in the deployment when + --include (-i) is used. Specify application names in the list. + secured: + description: 'When true, the application is shielded with a getekeeper' + type: boolean + uri_role_mapping: + description: 'Map uri/roles to secure with the Gatekeeper (if `secured: true`)' + type: array + items: + $ref: '#/components/schemas/UriRoleMappingConfig' + secrets: + $ref: '#/components/schemas/SimpleMap' + description: |- + Define secrets will be mounted in the deployment - Define as + Define as - ```yaml - secrets: - secret_name: 'value' + ```yaml + secrets: + secret_name: 'value' - ``` + ``` - Values if left empty are randomly generated - use_services: - description: - "Specify which services this application uses in the frontend\ - \ to create proxy ingresses. e.g. \n```\n- name: samples\n```" - type: array - items: - type: string - database: - $ref: "#/components/schemas/DatabaseDeploymentConfig" - description: "" - resources: - description: |- - Application file resources. Maps from deploy/resources folder and mounts as - configmaps - type: array - items: - $ref: "#/components/schemas/FileResourcesConfig" - readinessProbe: - $ref: "#/components/schemas/ApplicationProbe" - description: Kubernetes readiness probe configuration - startupProbe: - $ref: "#/components/schemas/ApplicationProbe" - description: "" - livenessProbe: - $ref: "#/components/schemas/ApplicationProbe" - description: Kubernetes liveness probe configuration - sourceRoot: - $ref: "#/components/schemas/Filename" - description: "" - name: - description: |- - Application's name. Do not edit, the value is automatically set from the - application directory's name - type: string - jupyterhub: - $ref: "#/components/schemas/JupyterHubConfig" - description: | - Configurations specific to jupyterhub. Edit only if your application is - configured as a jupyterhub deployment - accounts: - $ref: "#/components/schemas/ApplicationAccountsConfig" - description: Define specific test users and roles for this application - test: - $ref: "#/components/schemas/ApplicationTestConfig" - description: Enable and configure automated testing for this application. - additionalProperties: true - JupyterHubConfig: - description: "" - type: object - properties: - args: - description: arguments passed to the container - type: array - items: - type: string - extraConfig: - $ref: "#/components/schemas/SimpleMap" - description: - allows you to add Python snippets to the jupyterhub_config.py - file - spawnerExtraConfig: - $ref: "#/components/schemas/FreeObject" - description: - allows you to add values to the spawner object without the - need of creating a new hook - applicationHook: - description: - "change the hook function (advanced)\n\nSpecify the Python\ - \ name of the function (full module path, the module must be \ninstalled\ - \ in the Docker image)" - example: my_lib.change_pod_manifest - additionalProperties: true - UserRole: - type: object - properties: - attributes: - type: object - additionalProperties: true - clientRole: - type: boolean - composite: - type: boolean - containerId: - type: string - description: - type: string - id: - type: string - name: - type: string - additionalProperties: true - ApplicationAccountsConfig: - description: "" - type: object - properties: - roles: - description: - Specify roles to be created in this deployment specific for - this application - type: array - items: - type: string - users: - description: - "Defines test users to be added to the deployment, specific\ - \ for this application" - type: array - items: - $ref: "#/components/schemas/ApplicationUser" - ApplicationUser: - description: Defines a user - required: - - username - type: object - properties: - username: - description: "" - type: string - password: - format: password - description: "" - type: string - clientRoles: - description: "" - type: array - items: - type: string - realmRoles: - description: "" - type: array - items: - type: string - ApplicationTestConfig: - description: "" - required: - - unit - - e2e - - api - type: object - properties: - unit: - $ref: "#/components/schemas/UnitTestsConfig" - description: "" - api: - $ref: "#/components/schemas/ApiTestsConfig" - description: "" - e2e: - $ref: "#/components/schemas/E2ETestsConfig" - description: "" - UnitTestsConfig: - description: "" - required: - - enabled - - commands - type: object - properties: - enabled: - description: "Enables unit tests for this application (default: true)" - type: boolean - commands: - description: Commands to run unit tests - type: array - items: - type: string - example: '["pytest /usr/src/app/samples/test"]' - E2ETestsConfig: - description: "" - required: - - enabled - - smoketest - type: object - properties: - enabled: - description: - "Enables end to end testing for this application (default:\ - \ false)" - type: boolean - smoketest: - description: Specify whether to run the common smoke tests - type: boolean - ignoreConsoleErrors: - description: "" - type: boolean - ignoreRequestErrors: - description: "" - type: boolean - ApiTestsConfig: - description: "" - required: - - enabled - - autotest - - checks - type: object - properties: - enabled: - description: "Enables api tests for this application (default: false)" - type: boolean - autotest: - description: Specify whether to run the common smoke tests - type: boolean - runParams: - description: Additional schemathesis parameters - type: array - items: - type: string - checks: - description: |- - One of the Schemathesis checks: + Values if left empty are randomly generated + use_services: + description: >- + Specify which services this application uses in the frontend to create proxy + ingresses. e.g. - - not_a_server_error. The response has 5xx HTTP status; - - status_code_conformance. The response status is not defined in the API schema; - - content_type_conformance. The response content type is not defined in the API schema; - - response_schema_conformance. The response content does not conform to the schema defined for this specific response; - - response_headers_conformance. The response headers does not contain all defined headers. - type: array - items: - type: string - example: '["not_a_server_error", "status_code_conformance"]' - DeploymentAutoArtifactConfig: - description: "" - type: object - allOf: - - type: object - properties: - port: - description: Deployment port - type: string - replicas: - description: Number of replicas - type: integer - image: - description: |- - Image name to use in the deployment. Leave it blank to set from the application's - Docker file - pattern: "(?:[a-z]+/)?([a-z]+)(?::[0-9]+)?" - type: string - resources: - $ref: "#/components/schemas/DeploymentResourcesConf" - description: Deployment resources - volume: - $ref: "#/components/schemas/DeploymentVolumeSpec" - description: Volume specification - resources: - description: Deployment resources - type: string - test: - description: ssaa - type: string - - $ref: "#/components/schemas/AutoArtifactSpec" - DeploymentVolumeSpec: - description: |- - Defines a volume attached to the deployment. - Automatically created the volume claim and mounts. - type: object - allOf: - - required: - - mountpath - type: object - properties: - mountpath: - description: The mount path for the volume - type: string - size: - description: "The volume size. \n\nE.g. 5Gi" - usenfs: - description: - Set to `true` to use the nfs on the created volume and mount - as ReadWriteMany. - type: boolean - - $ref: "#/components/schemas/AutoArtifactSpec" - example: - auto: true - mountpath: /usr/src/app/persistent - name: my-files - size: 5Gi - usenfs: true + ``` + + - name: samples + + ``` + type: array + items: + type: string + database: + $ref: '#/components/schemas/DatabaseDeploymentConfig' + description: '' + resources: + description: |- + Application file resources. Maps from deploy/resources folder and mounts as + configmaps + type: array + items: + $ref: '#/components/schemas/FileResourcesConfig' + readinessProbe: + $ref: '#/components/schemas/ApplicationProbe' + description: Kubernetes readiness probe configuration + startupProbe: + $ref: '#/components/schemas/ApplicationProbe' + description: '' + livenessProbe: + $ref: '#/components/schemas/ApplicationProbe' + description: Kubernetes liveness probe configuration + sourceRoot: + $ref: '#/components/schemas/Filename' + description: '' + name: + description: |- + Application's name. Do not edit, the value is automatically set from the + application directory's name + type: string + jupyterhub: + $ref: '#/components/schemas/JupyterHubConfig' + description: | + Configurations specific to jupyterhub. Edit only if your application is + configured as a jupyterhub deployment + accounts: + $ref: '#/components/schemas/ApplicationAccountsConfig' + description: Define specific test users and roles for this application + test: + $ref: '#/components/schemas/ApplicationTestConfig' + description: Enable and configure automated testing for this application. + quotas: + $ref: '#/components/schemas/Quota' + description: '' + additionalProperties: true + JupyterHubConfig: + description: '' + type: object + properties: + args: + description: arguments passed to the container + type: array + items: + type: string + extraConfig: + $ref: '#/components/schemas/SimpleMap' + description: allows you to add Python snippets to the jupyterhub_config.py file + spawnerExtraConfig: + $ref: '#/components/schemas/FreeObject' + description: allows you to add values to the spawner object without the need of creating a new hook + applicationHook: + description: |- + change the hook function (advanced) + + Specify the Python name of the function (full module path, the module must be + installed in the Docker image) + example: my_lib.change_pod_manifest + additionalProperties: true + UserRole: + type: object + properties: + attributes: + type: object + additionalProperties: true + clientRole: + type: boolean + composite: + type: boolean + containerId: + type: string + description: + type: string + id: + type: string + name: + type: string + additionalProperties: true + ApplicationAccountsConfig: + description: '' + type: object + properties: + roles: + description: Specify roles to be created in this deployment specific for this application + type: array + items: + type: string + users: + description: 'Defines test users to be added to the deployment, specific for this application' + type: array + items: + $ref: '#/components/schemas/ApplicationUser' + ApplicationUser: + description: Defines a user + required: + - username + type: object + properties: + username: + description: '' + type: string + password: + format: password + description: '' + type: string + clientRoles: + description: '' + type: array + items: + type: string + realmRoles: + description: '' + type: array + items: + type: string + ApplicationTestConfig: + description: '' + required: + - unit + - e2e + - api + type: object + properties: + unit: + $ref: '#/components/schemas/UnitTestsConfig' + description: '' + api: + $ref: '#/components/schemas/ApiTestsConfig' + description: '' + e2e: + $ref: '#/components/schemas/E2ETestsConfig' + description: '' + UnitTestsConfig: + description: '' + required: + - enabled + - commands + type: object + properties: + enabled: + description: 'Enables unit tests for this application (default: true)' + type: boolean + commands: + description: Commands to run unit tests + type: array + items: + type: string + example: '["pytest /usr/src/app/samples/test"]' + E2ETestsConfig: + description: '' + required: + - enabled + - smoketest + type: object + properties: + enabled: + description: 'Enables end to end testing for this application (default: false)' + type: boolean + smoketest: + description: Specify whether to run the common smoke tests + type: boolean + ignoreConsoleErrors: + description: '' + type: boolean + ignoreRequestErrors: + description: '' + type: boolean + ApiTestsConfig: + description: '' + required: + - enabled + - autotest + - checks + type: object + properties: + enabled: + description: 'Enables api tests for this application (default: false)' + type: boolean + autotest: + description: Specify whether to run the common smoke tests + type: boolean + runParams: + description: Additional schemathesis parameters + type: array + items: + type: string + checks: + description: >- + One of the Schemathesis checks: + + + - not_a_server_error. The response has 5xx HTTP status; + + - status_code_conformance. The response status is not defined in the API schema; + + - content_type_conformance. The response content type is not defined in the API + schema; + + - response_schema_conformance. The response content does not conform to the schema + defined for this specific response; + + - response_headers_conformance. The response headers does not contain all defined + headers. + type: array + items: + type: string + example: '["not_a_server_error", "status_code_conformance"]' + DeploymentAutoArtifactConfig: + description: '' + type: object + allOf: + - + type: object + properties: + port: + description: Deployment port + type: string + replicas: + description: Number of replicas + type: integer + image: + description: >- + Image name to use in the deployment. Leave it blank to set from the + application's + + Docker file + pattern: '(?:[a-z]+/)?([a-z]+)(?::[0-9]+)?' + type: string + resources: + $ref: '#/components/schemas/DeploymentResourcesConf' + description: Deployment resources + volume: + $ref: '#/components/schemas/DeploymentVolumeSpec' + description: Volume specification + resources: + description: Deployment resources + type: string + test: + description: ssaa + type: string + - + $ref: '#/components/schemas/AutoArtifactSpec' + DeploymentVolumeSpec: + description: |- + Defines a volume attached to the deployment. + Automatically created the volume claim and mounts. + type: object + allOf: + - + required: + - mountpath + type: object + properties: + mountpath: + description: The mount path for the volume + type: string + size: + description: |- + The volume size. + + E.g. 5Gi + usenfs: + description: Set to `true` to use the nfs on the created volume and mount as ReadWriteMany. + type: boolean + - + $ref: '#/components/schemas/AutoArtifactSpec' + example: + auto: true + mountpath: /usr/src/app/persistent + name: my-files + size: 5Gi + usenfs: true + HarnessMainConfig: + description: '' + required: + - local + - secured_gatekeepers + - domain + - namespace + - mainapp + - apps + type: object + properties: + local: + description: 'If set to true, local DNS mapping is added to pods.' + type: boolean + secured_gatekeepers: + description: >- + Enables/disables Gatekeepers on secured applications. Set to false for + testing/development + type: boolean + domain: + description: The root domain + type: string + example: The root domain. + namespace: + description: The K8s namespace. + type: string + mainapp: + description: Defines the app to map to the root domain + type: string + registry: + $ref: '#/components/schemas/RegistryConfig' + description: '' + tag: + description: Docker tag used to push/pull the built images. + type: string + apps: + $ref: '#/components/schemas/ApplicationsConfigsMap' + description: '' + env: + description: Environmental variables added to all pods + type: array + items: + $ref: '#/components/schemas/NameValue' + privenv: + $ref: '#/components/schemas/NameValue' + description: Private environmental variables added to all pods + backup: + $ref: '#/components/schemas/BackupConfig' + description: '' + name: + description: Base name + type: string + task-images: + $ref: '#/components/schemas/SimpleMap' + description: '' + additionalProperties: true + SimpleMap: + description: '' + type: object + additionalProperties: true + Quota: + description: '' + type: object + additionalProperties: true + example: + quota-ws-max: 5 + quota-storage-max: 1G diff --git a/libraries/models/cloudharness_model/models/application_harness_config.py b/libraries/models/cloudharness_model/models/application_harness_config.py index 4a083624..ba287654 100644 --- a/libraries/models/cloudharness_model/models/application_harness_config.py +++ b/libraries/models/cloudharness_model/models/application_harness_config.py @@ -37,7 +37,7 @@ class ApplicationHarnessConfig(Model): Do not edit the class manually. """ - def __init__(self, deployment=None, service=None, subdomain=None, aliases=None, domain=None, dependencies=None, secured=None, uri_role_mapping=None, secrets=None, use_services=None, database=None, resources=None, readiness_probe=None, startup_probe=None, liveness_probe=None, source_root=None, name=None, jupyterhub=None, accounts=None, test=None): # noqa: E501 + def __init__(self, deployment=None, service=None, subdomain=None, aliases=None, domain=None, dependencies=None, secured=None, uri_role_mapping=None, secrets=None, use_services=None, database=None, resources=None, readiness_probe=None, startup_probe=None, liveness_probe=None, source_root=None, name=None, jupyterhub=None, accounts=None, test=None, quotas=None): # noqa: E501 """ApplicationHarnessConfig - a model defined in OpenAPI :param deployment: The deployment of this ApplicationHarnessConfig. # noqa: E501 @@ -57,7 +57,7 @@ def __init__(self, deployment=None, service=None, subdomain=None, aliases=None, :param uri_role_mapping: The uri_role_mapping of this ApplicationHarnessConfig. # noqa: E501 :type uri_role_mapping: List[UriRoleMappingConfig] :param secrets: The secrets of this ApplicationHarnessConfig. # noqa: E501 - :type secrets: Dict[str, str] + :type secrets: Dict[str, object] :param use_services: The use_services of this ApplicationHarnessConfig. # noqa: E501 :type use_services: List[str] :param database: The database of this ApplicationHarnessConfig. # noqa: E501 @@ -80,6 +80,8 @@ def __init__(self, deployment=None, service=None, subdomain=None, aliases=None, :type accounts: ApplicationAccountsConfig :param test: The test of this ApplicationHarnessConfig. # noqa: E501 :type test: ApplicationTestConfig + :param quotas: The quotas of this ApplicationHarnessConfig. # noqa: E501 + :type quotas: Dict[str, object] """ self.openapi_types = { 'deployment': DeploymentAutoArtifactConfig, @@ -90,7 +92,7 @@ def __init__(self, deployment=None, service=None, subdomain=None, aliases=None, 'dependencies': ApplicationDependenciesConfig, 'secured': bool, 'uri_role_mapping': List[UriRoleMappingConfig], - 'secrets': Dict[str, str], + 'secrets': Dict[str, object], 'use_services': List[str], 'database': DatabaseDeploymentConfig, 'resources': List[FileResourcesConfig], @@ -101,7 +103,8 @@ def __init__(self, deployment=None, service=None, subdomain=None, aliases=None, 'name': str, 'jupyterhub': JupyterHubConfig, 'accounts': ApplicationAccountsConfig, - 'test': ApplicationTestConfig + 'test': ApplicationTestConfig, + 'quotas': Dict[str, object] } self.attribute_map = { @@ -124,7 +127,8 @@ def __init__(self, deployment=None, service=None, subdomain=None, aliases=None, 'name': 'name', 'jupyterhub': 'jupyterhub', 'accounts': 'accounts', - 'test': 'test' + 'test': 'test', + 'quotas': 'quotas' } self._deployment = deployment @@ -147,6 +151,7 @@ def __init__(self, deployment=None, service=None, subdomain=None, aliases=None, self._jupyterhub = jupyterhub self._accounts = accounts self._test = test + self._quotas = quotas @classmethod def from_dict(cls, dikt) -> 'ApplicationHarnessConfig': @@ -344,7 +349,7 @@ def secrets(self): # noqa: E501 :return: The secrets of this ApplicationHarnessConfig. - :rtype: Dict[str, str] + :rtype: Dict[str, object] """ return self._secrets @@ -355,7 +360,7 @@ def secrets(self, secrets): # noqa: E501 :param secrets: The secrets of this ApplicationHarnessConfig. - :type secrets: Dict[str, str] + :type secrets: Dict[str, object] """ self._secrets = secrets @@ -600,3 +605,26 @@ def test(self, test): """ self._test = test + + @property + def quotas(self): + """Gets the quotas of this ApplicationHarnessConfig. + + # noqa: E501 + + :return: The quotas of this ApplicationHarnessConfig. + :rtype: Dict[str, object] + """ + return self._quotas + + @quotas.setter + def quotas(self, quotas): + """Sets the quotas of this ApplicationHarnessConfig. + + # noqa: E501 + + :param quotas: The quotas of this ApplicationHarnessConfig. + :type quotas: Dict[str, object] + """ + + self._quotas = quotas diff --git a/libraries/models/cloudharness_model/models/harness_main_config.py b/libraries/models/cloudharness_model/models/harness_main_config.py index d3b4af7f..c75db6d3 100644 --- a/libraries/models/cloudharness_model/models/harness_main_config.py +++ b/libraries/models/cloudharness_model/models/harness_main_config.py @@ -51,7 +51,7 @@ def __init__(self, local=None, secured_gatekeepers=None, domain=None, namespace= :param name: The name of this HarnessMainConfig. # noqa: E501 :type name: str :param task_images: The task_images of this HarnessMainConfig. # noqa: E501 - :type task_images: Dict[str, str] + :type task_images: Dict[str, object] """ self.openapi_types = { 'local': bool, @@ -66,7 +66,7 @@ def __init__(self, local=None, secured_gatekeepers=None, domain=None, namespace= 'privenv': NameValue, 'backup': BackupConfig, 'name': str, - 'task_images': Dict[str, str] + 'task_images': Dict[str, object] } self.attribute_map = { @@ -399,7 +399,7 @@ def task_images(self): # noqa: E501 :return: The task_images of this HarnessMainConfig. - :rtype: Dict[str, str] + :rtype: Dict[str, object] """ return self._task_images @@ -410,7 +410,7 @@ def task_images(self, task_images): # noqa: E501 :param task_images: The task_images of this HarnessMainConfig. - :type task_images: Dict[str, str] + :type task_images: Dict[str, object] """ self._task_images = task_images diff --git a/libraries/models/cloudharness_model/models/jupyter_hub_config.py b/libraries/models/cloudharness_model/models/jupyter_hub_config.py index 51316ff2..1f04fa73 100644 --- a/libraries/models/cloudharness_model/models/jupyter_hub_config.py +++ b/libraries/models/cloudharness_model/models/jupyter_hub_config.py @@ -21,7 +21,7 @@ def __init__(self, args=None, extra_config=None, spawner_extra_config=None, appl :param args: The args of this JupyterHubConfig. # noqa: E501 :type args: List[str] :param extra_config: The extra_config of this JupyterHubConfig. # noqa: E501 - :type extra_config: Dict[str, str] + :type extra_config: Dict[str, object] :param spawner_extra_config: The spawner_extra_config of this JupyterHubConfig. # noqa: E501 :type spawner_extra_config: Dict[str, object] :param application_hook: The application_hook of this JupyterHubConfig. # noqa: E501 @@ -29,7 +29,7 @@ def __init__(self, args=None, extra_config=None, spawner_extra_config=None, appl """ self.openapi_types = { 'args': List[str], - 'extra_config': Dict[str, str], + 'extra_config': Dict[str, object], 'spawner_extra_config': Dict[str, object], 'application_hook': object } @@ -87,7 +87,7 @@ def extra_config(self): # noqa: E501 :return: The extra_config of this JupyterHubConfig. - :rtype: Dict[str, str] + :rtype: Dict[str, object] """ return self._extra_config @@ -98,7 +98,7 @@ def extra_config(self, extra_config): # noqa: E501 :param extra_config: The extra_config of this JupyterHubConfig. - :type extra_config: Dict[str, str] + :type extra_config: Dict[str, object] """ self._extra_config = extra_config diff --git a/libraries/models/cloudharness_model/models/user_group.py b/libraries/models/cloudharness_model/models/user_group.py index 50d3b30d..72e135ef 100644 --- a/libraries/models/cloudharness_model/models/user_group.py +++ b/libraries/models/cloudharness_model/models/user_group.py @@ -21,7 +21,7 @@ def __init__(self, access=None, attributes=None, client_roles=None, id=None, nam :param access: The access of this UserGroup. # noqa: E501 :type access: Dict[str, object] :param attributes: The attributes of this UserGroup. # noqa: E501 - :type attributes: Dict[str, str] + :type attributes: Dict[str, object] :param client_roles: The client_roles of this UserGroup. # noqa: E501 :type client_roles: Dict[str, object] :param id: The id of this UserGroup. # noqa: E501 @@ -37,7 +37,7 @@ def __init__(self, access=None, attributes=None, client_roles=None, id=None, nam """ self.openapi_types = { 'access': Dict[str, object], - 'attributes': Dict[str, str], + 'attributes': Dict[str, object], 'client_roles': Dict[str, object], 'id': str, 'name': str, @@ -105,7 +105,7 @@ def attributes(self): # noqa: E501 :return: The attributes of this UserGroup. - :rtype: Dict[str, str] + :rtype: Dict[str, object] """ return self._attributes @@ -116,7 +116,7 @@ def attributes(self, attributes): # noqa: E501 :param attributes: The attributes of this UserGroup. - :type attributes: Dict[str, str] + :type attributes: Dict[str, object] """ self._attributes = attributes From c29fcd5365aabdce698306d9574a9fe89ea4a638 Mon Sep 17 00:00:00 2001 From: Filippo Ledda Date: Tue, 22 Aug 2023 17:04:49 +0200 Subject: [PATCH 3/6] #701 update docs --- docs/accounts.md | 15 ++++++++ docs/ingress-domains-proxies.md | 67 +++++++++++++++++++++++++++++++++ 2 files changed, 82 insertions(+) create mode 100644 docs/ingress-domains-proxies.md diff --git a/docs/accounts.md b/docs/accounts.md index 8b52ed2f..5d5a4e41 100644 --- a/docs/accounts.md +++ b/docs/accounts.md @@ -62,7 +62,22 @@ harness: secured: open ``` +#### Proxy specific configurations +Proxy configurations can be personalized in the application in the case that we want to have more restrictive values than the global ones (see [here] for more (./ingress-domains-proxies.md#proxy-configurations)) +```yaml +harness: + proxy: + timeout: + # -- Timeout for proxy connections in seconds. + send: + # -- Timeout for proxy responses in seconds. + read: + keepalive: + payload: + # -- Maximum size of payload in MB + max: +``` ### Secure an enpoint with OpenAPI In every api endpoint that you want to secure, add the bearerAuth security as in the example: diff --git a/docs/ingress-domains-proxies.md b/docs/ingress-domains-proxies.md new file mode 100644 index 00000000..30dbdd9d --- /dev/null +++ b/docs/ingress-domains-proxies.md @@ -0,0 +1,67 @@ +# Ingress, domains and proxies + +## Default configurations for domain and subdomains +Cloud Harness makes it very easy to configure domains and proxies, by making +an underlying assumption: + +- Applications share a main base domain (say ch.org) +- Applications can define a subdomain (say myapp) + +The main domain is configured in the [root values file](../deployment-configuration/values-template.yaml) and +it is usually overridden by the `harness-deployment` command, e.g. + +``` +harness-deployment ... -d ch.org +``` + +The subdomain is defined in the application's values.yaml file in +harness.subdomain (see for instance the [samples application configuration](../applications/samples/deploy/values.yaml)) + +For instance on applications/myapp/deploy/values.yaml: + +```yaml +harness: + subdomain: myapp +``` + +The above configurations put together create an ingress configuration for https://myapp.ch.org and automatically configure letsencrypt to create and renew certificates. + +Note: +that the tls and letsencrypt configurations are enabled by default but should usually be disabled locally with + +``` +harness-deployment ... -dtls -l +``` + +## Main application + +The "main" application is deployed on the base domain. +In order to specify a main application, override the [root values file](../deployment-configuration/values-template.yaml) + +Example +```yaml +mainapp: myapp +``` +This creates a reverse proxy to https://ch.org pointing to myapp + +## Proxy configurations + +Ingress is a reverse proxy and as such has some configurations to take into account. +The most common configurations are connection timeouts and payload size. + +```yaml +proxy: + timeout: + # -- Timeout for proxy connections in seconds. + send: + # -- Timeout for proxy responses in seconds. + read: + keepalive: + payload: + # -- Maximum size of payload in MB + max: +``` + +Note that in the case that gatekeepers are enabled, the same configurations are applied +to the gatekeepers, unless the application override them on `harness.proxy.*`. +See also the [gatekeepers documentation](./accounts.md#secure-and-enpoint-with-the-gatekeeper). \ No newline at end of file From 9ff36c9acce096b3e3f39fcc35ebc2b28eda6d11 Mon Sep 17 00:00:00 2001 From: Filippo Ledda Date: Wed, 23 Aug 2023 10:00:28 +0200 Subject: [PATCH 4/6] #701 #702 fix backwards compatibility --- deployment-configuration/helm/values.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/deployment-configuration/helm/values.yaml b/deployment-configuration/helm/values.yaml index 5b09fd71..434dcac7 100644 --- a/deployment-configuration/helm/values.yaml +++ b/deployment-configuration/helm/values.yaml @@ -76,4 +76,4 @@ proxy: keepalive: 60 payload: # -- Maximum size of payload in MB - max: 100 + max: 250 From 11b844be7cb45ab3e098df28339efdc6f630e9b4 Mon Sep 17 00:00:00 2001 From: Filippo Ledda Date: Wed, 23 Aug 2023 11:37:34 +0200 Subject: [PATCH 5/6] #701 improve docs clarity --- docs/ingress-domains-proxies.md | 22 ++++++++++++---------- 1 file changed, 12 insertions(+), 10 deletions(-) diff --git a/docs/ingress-domains-proxies.md b/docs/ingress-domains-proxies.md index 30dbdd9d..49903818 100644 --- a/docs/ingress-domains-proxies.md +++ b/docs/ingress-domains-proxies.md @@ -36,7 +36,7 @@ harness-deployment ... -dtls -l ## Main application The "main" application is deployed on the base domain. -In order to specify a main application, override the [root values file](../deployment-configuration/values-template.yaml) +In order to specify a main application, override the value in your `/deployment-configuration/values-template.yaml` file. Example ```yaml @@ -49,17 +49,19 @@ This creates a reverse proxy to https://ch.org pointing to myapp Ingress is a reverse proxy and as such has some configurations to take into account. The most common configurations are connection timeouts and payload size. +To configure it, override the following values in your `deployment-configuration/values-template.yaml` file. + ```yaml proxy: - timeout: - # -- Timeout for proxy connections in seconds. - send: - # -- Timeout for proxy responses in seconds. - read: - keepalive: - payload: - # -- Maximum size of payload in MB - max: + timeout: + # -- Timeout for proxy connections in seconds. + send: 60 + # -- Timeout for proxy responses in seconds. + read: 60 + keepalive: 60 + payload: + # -- Maximum size of payload in MB + max: 250 ``` Note that in the case that gatekeepers are enabled, the same configurations are applied From a4c1e57127c07099d97b7284a8f60158b462dbb2 Mon Sep 17 00:00:00 2001 From: Filippo Ledda Date: Wed, 23 Aug 2023 17:27:10 +0200 Subject: [PATCH 6/6] #701 chore: fix broken doc link --- docs/accounts.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/accounts.md b/docs/accounts.md index 5d5a4e41..8d07ca4a 100644 --- a/docs/accounts.md +++ b/docs/accounts.md @@ -63,7 +63,7 @@ harness: ``` #### Proxy specific configurations -Proxy configurations can be personalized in the application in the case that we want to have more restrictive values than the global ones (see [here] for more (./ingress-domains-proxies.md#proxy-configurations)) +Proxy configurations can be personalized in the application in the case that we want to have more restrictive values than the global ones (see [here](./ingress-domains-proxies.md#proxy-configurations) for more ) ```yaml harness: