Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Update Dockerfile for Python 3.10 support and switch PGSQL operator from zalando to cnpg #1

Draft
wants to merge 1 commit into
base: main
Choose a base branch
from
Draft
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
15 changes: 8 additions & 7 deletions docker/Dockerfile
Original file line number Diff line number Diff line change
@@ -1,12 +1,12 @@
FROM ubuntu:20.04
MAINTAINER Klavs Klavsen <[email protected]>
FROM ubuntu:24.04
LABEL maintainer="Klavs Klavsen <[email protected]>"

WORKDIR /tmp

ENV DEBIAN_FRONTEND=noninteractive
RUN apt-get update && \
apt-get install -y \
python3-pip \
python3.8-venv \
python3-venv \
build-essential \
postgresql-server-dev-all

Expand All @@ -15,9 +15,10 @@ RUN curl -fsSL https://deb.nodesource.com/setup_16.x | bash -
RUN apt-get update; DEBIAN_FRONTEND=noninteractive apt-get install -y nodejs

WORKDIR /var/www
RUN python3 -m venv relate-venv
RUN DEBIAN_FRONTEND=noninteractive apt-get install -y python3-poetry


RUN python3 -m venv relate-venv
RUN pip install poetry
RUN git clone https://github.com/inducer/relate.git
ENV VENV_PATH=/var/www/relate-venv
WORKDIR /var/www/relate
Expand All @@ -29,4 +30,4 @@ COPY local_settings_template.py /var/www/relate/local_settings_template.py
COPY run-relate.sh /run-relate.sh
RUN chmod 755 /run-relate.sh

CMD ['/run-relate.sh']
CMD ["/run-relate.sh"]
11 changes: 8 additions & 3 deletions docker/docker-compose.yml
Original file line number Diff line number Diff line change
Expand Up @@ -2,12 +2,15 @@ version: '3'

services:
app:
image: relate:latest
image: relate:latest
restart: unless-stopped
command: /run-relate.sh
environment:
DBHOST: db
DBUSER: myuser
DBPASS: mypass
DBUSER: postgres
DBPASS: LocalPassword
ports:
- 8000:8000
links:
- db

Expand All @@ -18,3 +21,5 @@ services:
- 5432:5432
environment:
POSTGRES_PASSWORD: LocalPassword
POSTGRES_DB: relate

33 changes: 22 additions & 11 deletions docker/local_settings_template.py
Original file line number Diff line number Diff line change
@@ -1,6 +1,7 @@
# See https://docs.djangoproject.com/en/dev/howto/deployment/checklist/

import os.path as path
import os

_BASEDIR = path.dirname(path.abspath(__file__))

Expand Down Expand Up @@ -58,7 +59,7 @@
# }

# SECURITY WARNING: don't run with debug turned on in production!
DEBUG = True
DEBUG = False

TIME_ZONE = "Europe/Copenhagen"

Expand Down Expand Up @@ -208,10 +209,10 @@

# {{{ sign-in methods

RELATE_SIGN_IN_BY_EMAIL_ENABLED = True
RELATE_SIGN_IN_BY_EMAIL_ENABLED = False
RELATE_SIGN_IN_BY_USERNAME_ENABLED = True
RELATE_REGISTRATION_ENABLED = False
RELATE_SIGN_IN_BY_EXAM_TICKETS_ENABLED = True
RELATE_SIGN_IN_BY_EXAM_TICKETS_ENABLED = False

# If you enable this, you must also have saml_config.py in this directory.
# See saml_config.py.example for help.
Expand All @@ -220,17 +221,27 @@
RELATE_SOCIAL_AUTH_BACKENDS = (
# See https://python-social-auth.readthedocs.io/en/latest/
# for full list.
# "social_core.backends.google.GoogleOAuth2",

'social_core.backends.keycloak.KeycloakOAuth2',
'django.contrib.auth.backends.ModelBackend',
# CAUTION: Relate uses emails returned by the backend to match
# users. Only use backends that return verified emails.
)

# Your Google "Client ID"
# SOCIAL_AUTH_GOOGLE_OAUTH2_KEY = ''
# Your Google "Client Secret"
# SOCIAL_AUTH_GOOGLE_OAUTH2_SECRET = ''
SOCIAL_AUTH_GOOGLE_OAUTH2_USE_UNIQUE_USER_ID = True
# you can configure your social auth by referencing this https://python-social-auth.readthedocs.io/en/latest/backends/
# we configured it for keyclaok as a demo
SOCIAL_AUTH_KEYCLOAK_ID_KEY = 'email'
SOCIAL_AUTH_KEYCLOAK_PUBLIC_KEY= os.environ.get('KEYCLOAK_PUBLICKEY')
SOCIAL_AUTH_KEYCLOAK_KEY = 'relate'
SOCIAL_AUTH_KEYCLOAK_SECRET = os.environ.get('KEYCLOAK_SECRET')
SOCIAL_AUTH_KEYCLOAK_SERVER_URL = 'https://<need-to-update-hostname>/realms/test-relate/' # required to fill
SOCIAL_AUTH_KEYCLOAK_AUTHORIZATION_URL = \
'https://<need-to-update-hostname>/auth/realms/test-relate/protocol/openid-connect/auth' # required to fill
SOCIAL_AUTH_KEYCLOAK_ACCESS_TOKEN_URL = \
'https://<need-to-update-hostname>/auth/realms/test-relate/protocol/openid-connect/token' # required to fill
SOCIAL_AUTH_REDIRECT_IS_HTTPS = True
SOCIAL_AUTH_SESSION_EXPIRATION = True



# When registering your OAuth2 app (and consent screen) with Google,
# specify the following authorized redirect URI:
Expand Down Expand Up @@ -377,7 +388,7 @@

# A string containing the image ID of the docker image to be used to run
# student Python code. Docker should download the image on first run.
RELATE_DOCKER_RUNPY_IMAGE = "inducer/relate-runcode-python"
RELATE_DOCKER_RUNPY_IMAGE = "inducer/relate-runcode-python-amd64"
# RELATE_DOCKER_RUNPY_IMAGE = "inducer/relate-runpy-amd64-tensorflow"
# (bigger, but includes TensorFlow)

Expand Down
2 changes: 1 addition & 1 deletion docker/run-relate.sh
Original file line number Diff line number Diff line change
Expand Up @@ -46,7 +46,7 @@ envsubst </var/www/relate/local_settings_template.py >/var/www/relate/local_sett
cd /var/www/relate

# create initial db setup if necessary - and superuser
poetry run python manage.py migrate
poetry run python manage.py migrate --verbosity 3
poetry run python manage.py createsuperuser --username=relateadmin

# run directly instead of via uwsgi
Expand Down
8 changes: 6 additions & 2 deletions helm/relate/readme.md
Original file line number Diff line number Diff line change
Expand Up @@ -2,13 +2,17 @@

This Helm chart expects you to have the following Helm charts installed:

- https://opensource.zalando.com/postgres-operator/charts/postgres-operator/
- https://cloudnative-pg.github.io/charts
- https://github.com/bitnami/charts/tree/master/bitnami/rabbitmq-cluster-operator

AND you need to have a working mail server to point it to.
- IF you do not have one - you can use this chart to setup a mailrelay service in your Kubernetes cluster: https://github.com/bokysan/docker-postfix/blob/master/helm/mail

and currently no image is pushed to any dockerhub - so you need to do that - and point to it.
and currently no image is pushed to any dockerhub - so you need to do that - and point to it. you can find the ``Dockerfile`` in ``Docker`` folder.

For additional configuration options for social authentication using Python, refer to these docs. These changes should be made in the ``local_settings_template.py`` file present in ``docker`` folder. currently it is configured to use keycloak authentication.
- https://python-social-auth.readthedocs.io/en/latest/backends/keycloak.html
- https://python-social-auth.readthedocs.io/en/latest/configuration/settings.html#urls-options

# After installing

Expand Down
10 changes: 10 additions & 0 deletions helm/relate/templates/backup.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,10 @@
apiVersion: postgresql.cnpg.io/v1
kind: ScheduledBackup
metadata:
name: relate-pg-backup # Name of the backup
spec:
immediate: true # Backup starts immediately after ScheduledBackup has been created
backupOwnerReference: self
schedule: "0 0 0 * * *"
cluster:
name: relate-pgsql # Cluster name
10 changes: 10 additions & 0 deletions helm/relate/templates/deployment.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -49,13 +49,23 @@ spec:
httpHeaders:
- name: Host
value: relate
initialDelaySeconds: 10
periodSeconds: 60
timeoutSeconds: 300
failureThreshold: 30
successThreshold: 1
readinessProbe:
httpGet:
path: /
port: http
httpHeaders:
- name: Host
value: relate
initialDelaySeconds: 10
periodSeconds: 60
timeoutSeconds: 300
failureThreshold: 30
successThreshold: 1
{{- if .Values.resources }}
resources: {{- toYaml .Values.resources | nindent 12 }}
{{- end }}
Expand Down
117 changes: 100 additions & 17 deletions helm/relate/templates/postgres.yaml
Original file line number Diff line number Diff line change
@@ -1,19 +1,102 @@
apiVersion: "acid.zalan.do/v1"
kind: postgresql
{{- if not (.Values.postgresql).enabled }}

apiVersion: postgresql.cnpg.io/v1
kind: Cluster
metadata:
name: obmondo-postgresql
namespace: relate
{{ if (.Values.cnpg).recover }}
name: relate-pgsql-recover
{{ else }}
name: relate-pgsql
{{ end }}
spec:
teamId: obmondo
volume:
size: 2Gi
numberOfInstances: 1
users:
relate_admin: # database owner
- superuser
- createdb
databases:
relate: relate_admin
postgresql:
version: "14"
enableMasterLoadBalancer: false
instances: {{ ((.Values.cnpg).instance) | default 1 }}
{{ if (.Values.cnpg).recover }}
bootstrap:
recovery:
source: relate-pgsql
{{ else }}
bootstrap:
initdb:
database: relate
owner: relate
{{ end }}
resources:
limits:
memory: {{ (((.Values.cnpg).resources).limits).memory | default "800Mi" }}
requests:
memory: {{ (((.Values.cnpg).resources).requests).memory | default "500Mi" }}
cpu: {{ (((.Values.cnpg).resources).requests).cpu | default "100m" }}
storage:
size: {{ (.Values.cnpg).size | default "4Gi" }}
{{- if (.Values.cnpg).storageClass }}
storageClass: {{ (.Values.cnpg).storageClass }}
{{- end }}
{{- if (.Values.cnpg).recover }}
externalClusters:
- name: relate-pgsql
barmanObjectStore:
destinationPath: {{ ((.Values.cnpg).backup).destinationPath }}
endpointURL: {{ ((.Values.cnpg).backup).endpointURL }}
{{- if eq ((.Values.cnpg).backup).cloud "aws" }}
s3Credentials:
accessKeyId:
name: relate-pgsql-backup-creds
key: ACCESS_KEY_ID
secretAccessKey:
name: relate-pgsql-backup-creds
key: ACCESS_SECRET_KEY
{{- end }}
{{- if eq ((.Values.cnpg).backup).cloud "azure" }}
azureCredentials:
connectionString:
name: relate-pgsql-backup-creds
key: AZURE_CONNECTION_STRING
storageAccount:
name: relate-pgsql-backup-creds
key: AZURE_STORAGE_ACCOUNT
storageKey:
name: relate-pgsql-backup-creds
key: AZURE_STORAGE_KEY
storageSasToken:
name: relate-pgsql-backup-creds
key: AZURE_STORAGE_SAS_TOKEN
{{- end }}
wal:
maxParallel: 8
{{- end }}
{{- if (.Values.cnpg).backup }}
backup:
barmanObjectStore:
destinationPath: {{ ((.Values.cnpg).backup).destinationPath }}
endpointURL: {{ ((.Values.cnpg).backup).endpointURL }}
{{- if eq ((.Values.cnpg).backup).cloud "aws" }}
s3Credentials:
accessKeyId:
name: relate-secret
key: ACCESS_KEY_ID
secretAccessKey:
name: relate-secret
key: ACCESS_SECRET_KEY
{{- end }}
{{- if eq ((.Values.cnpg).backup).cloud "azure" }}
azureCredentials:
connectionString:
name: relate-pgsql-backup-creds
key: AZURE_CONNECTION_STRING
storageAccount:
name: relate-pgsql-backup-creds
key: AZURE_STORAGE_ACCOUNT
storageKey:
name: relate-pgsql-backup-creds
key: AZURE_STORAGE_KEY
storageSasToken:
name: relate-pgsql-backup-creds
key: AZURE_STORAGE_SAS_TOKEN
{{- end }}
wal:
encryption: ""
data:
encryption: ""
retentionPolicy: "30d"
{{ end }}
{{ end }}
1 change: 1 addition & 0 deletions helm/relate/templates/pvc.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -3,6 +3,7 @@ kind: PersistentVolumeClaim
apiVersion: v1
metadata:
name: {{ template "relate.fullname" . }}
namespace: {{ include "relate.namespace" . }}
labels:
app: {{ template "relate.name" . }}
chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}"
Expand Down
8 changes: 8 additions & 0 deletions helm/relate/templates/rabbitmq.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -2,3 +2,11 @@ apiVersion: rabbitmq.com/v1beta1
kind: RabbitmqCluster
metadata:
name: rabbitmq
spec:
resources:
requests:
cpu: 500m
memory: 200Mi
limits:
cpu: 500m
memory: 400Mi
3 changes: 2 additions & 1 deletion helm/relate/values.yaml
Original file line number Diff line number Diff line change
@@ -1,4 +1,5 @@
# nameOverride: ""

## @param fullnameOverride String to fully override relate.fullname
##
# fullnameOverride: ""
Expand Down Expand Up @@ -39,7 +40,7 @@ persistence:
enabled: true
accessMode: ReadWriteOnce
size: 100Mi
storageClass:
storageClass:

# default settings for emptydir volume
emptyDir: {}
Expand Down