From 1913dc56164fbe4a669defae1c8f591051897cd8 Mon Sep 17 00:00:00 2001 From: Renku Bot Date: Wed, 26 Jun 2024 12:49:12 +0000 Subject: [PATCH 01/14] chore: create release 0.54.1 --- CHANGELOG.rst | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/CHANGELOG.rst b/CHANGELOG.rst index f7d693546f..2f5a6304ec 100644 --- a/CHANGELOG.rst +++ b/CHANGELOG.rst @@ -1,5 +1,9 @@ .. _changelog: +0.54.1 +------ + + 0.54.0 ------ From 808d35e2c9269152ebcd86c9bb3c0dd2fb994789 Mon Sep 17 00:00:00 2001 From: Tasko Olevski Date: Mon, 1 Jul 2024 14:19:22 +0200 Subject: [PATCH 02/14] fix: correctly patch and resume sessions after hibernation See: https://github.com/SwissDataScienceCenter/renku-notebooks/releases/tag/1.25.3 --- CHANGELOG.rst | 15 +++++++++++++++ helm-chart/renku/values.yaml | 16 ++++++++-------- 2 files changed, 23 insertions(+), 8 deletions(-) diff --git a/CHANGELOG.rst b/CHANGELOG.rst index 2f5a6304ec..8cd0cb2b2c 100644 --- a/CHANGELOG.rst +++ b/CHANGELOG.rst @@ -3,6 +3,21 @@ 0.54.1 ------ +Renku ``0.54.1`` introduces a bug fix to an issue where sessions with users secrets could not be properly +resumed after hibernation. + +User-Facing Changes +~~~~~~~~~~~~~~~~~~~ + +**๐Ÿž Bug Fixes** + +- **Notebooks**: Patch the correct environment variables when a session is resumed after being hibernated + +Individual components +~~~~~~~~~~~~~~~~~~~~~~ + +- `renku-notebooks 1.25.3 `_ + 0.54.0 ------ diff --git a/helm-chart/renku/values.yaml b/helm-chart/renku/values.yaml index b860c13a95..6f7cba62c9 100644 --- a/helm-chart/renku/values.yaml +++ b/helm-chart/renku/values.yaml @@ -1001,7 +1001,7 @@ notebooks: targetCPUUtilizationPercentage: 50 image: repository: renku/renku-notebooks - tag: "1.25.2" + tag: "1.25.3" pullPolicy: IfNotPresent ## Optionally specify an array of imagePullSecrets. ## Secrets must be manually created in the namespace. @@ -1119,15 +1119,15 @@ notebooks: gitRpcServer: image: name: renku/git-rpc-server - tag: "1.25.2" + tag: "1.25.3" gitHttpsProxy: image: name: renku/git-https-proxy - tag: "1.25.2" + tag: "1.25.3" gitClone: image: name: renku/git-clone - tag: "1.25.2" + tag: "1.25.3" service: type: ClusterIP port: 80 @@ -1180,12 +1180,12 @@ notebooks: sessionTypes: ["registered"] image: repository: renku/renku-notebooks-tests - tag: "1.25.2" + tag: "1.25.3" pullPolicy: IfNotPresent k8sWatcher: image: repository: renku/k8s-watcher - tag: "1.25.2" + tag: "1.25.3" pullPolicy: IfNotPresent resources: {} replicaCount: 1 @@ -1197,12 +1197,12 @@ notebooks: secretsMount: image: repository: renku/secrets-mount - tag: "1.25.2" + tag: "1.25.3" ssh: enabled: false image: repository: renku/ssh-jump-host - tag: "1.25.2" + tag: "1.25.3" pullPolicy: IfNotPresent resources: {} replicaCount: 1 From f0c1ef74ea562019c92c0987f23feef4791691a8 Mon Sep 17 00:00:00 2001 From: Tasko Olevski Date: Mon, 1 Jul 2024 15:38:38 +0200 Subject: [PATCH 03/14] fix: upgrade renku data service to 0.15.1 Fixes a bug where group members cannot access all projects that are part of the group because the group permissions did not fully cascade to projects. --- CHANGELOG.rst | 7 ++++--- helm-chart/renku/values.yaml | 6 +++--- 2 files changed, 7 insertions(+), 6 deletions(-) diff --git a/CHANGELOG.rst b/CHANGELOG.rst index 8cd0cb2b2c..2f12542ba1 100644 --- a/CHANGELOG.rst +++ b/CHANGELOG.rst @@ -3,8 +3,7 @@ 0.54.1 ------ -Renku ``0.54.1`` introduces a bug fix to an issue where sessions with users secrets could not be properly -resumed after hibernation. +Renku ``0.54.1`` introduces a few bug fixes in the notebooks and data services components. User-Facing Changes ~~~~~~~~~~~~~~~~~~~ @@ -12,11 +11,13 @@ User-Facing Changes **๐Ÿž Bug Fixes** - **Notebooks**: Patch the correct environment variables when a session is resumed after being hibernated +- **Data Services**: Assign the correct project permissions to group members Individual components ~~~~~~~~~~~~~~~~~~~~~~ -- `renku-notebooks 1.25.3 `_ +- `renku-data-services 0.15.1 `__ +- `renku-notebooks 1.25.3 `__ 0.54.0 diff --git a/helm-chart/renku/values.yaml b/helm-chart/renku/values.yaml index 6f7cba62c9..e5c7863379 100644 --- a/helm-chart/renku/values.yaml +++ b/helm-chart/renku/values.yaml @@ -1603,14 +1603,14 @@ platformInit: dataService: image: repository: renku/renku-data-service - tag: "0.15.0" + tag: "0.15.1" pullPolicy: IfNotPresent backgroundJobs: events: resources: {} image: repository: renku/data-service-background-jobs - tag: "0.15.0" + tag: "0.15.1" pullPolicy: IfNotPresent total: resources: {} @@ -1663,7 +1663,7 @@ authz: secretsStorage: image: repository: renku/secrets-storage - tag: "0.15.0" + tag: "0.15.1" pullPolicy: IfNotPresent service: type: ClusterIP From efb87ac5530fea67606a2ae673454a97c462e1e2 Mon Sep 17 00:00:00 2001 From: RenkuBot <53332360+RenkuBot@users.noreply.github.com> Date: Thu, 11 Jul 2024 18:16:53 +0200 Subject: [PATCH 04/14] release 0.54.2 (#3709) Co-authored-by: Ralf Grubenmann --- CHANGELOG.rst | 17 +++++++++++++++++ docs/spelling_wordlist.txt | 1 + helm-chart/renku/values.yaml | 6 +++--- 3 files changed, 21 insertions(+), 3 deletions(-) diff --git a/CHANGELOG.rst b/CHANGELOG.rst index 2f12542ba1..3a01d5925b 100644 --- a/CHANGELOG.rst +++ b/CHANGELOG.rst @@ -1,5 +1,22 @@ .. _changelog: +0.54.2 +------ + +Renku ``0.54.2`` fixes a bug with testing the cloud storage connection for WebDAV. + +User-Facing Changes +~~~~~~~~~~~~~~~~~~~ + +**๐Ÿž Bug Fixes** + +- **Data Services**: Fix verifying cloud storage connection not working with WebDAV by correctly obscuring RClone values. + +Individual components +~~~~~~~~~~~~~~~~~~~~~~ + +- `renku-data-services 0.16.1 `__ + 0.54.1 ------ diff --git a/docs/spelling_wordlist.txt b/docs/spelling_wordlist.txt index 4f2f806c5c..35101ec4d3 100644 --- a/docs/spelling_wordlist.txt +++ b/docs/spelling_wordlist.txt @@ -326,6 +326,7 @@ vertices viewmodel vis vm +WebDAV webhook webhooks wildcard diff --git a/helm-chart/renku/values.yaml b/helm-chart/renku/values.yaml index e5c7863379..28e45e0035 100644 --- a/helm-chart/renku/values.yaml +++ b/helm-chart/renku/values.yaml @@ -1603,14 +1603,14 @@ platformInit: dataService: image: repository: renku/renku-data-service - tag: "0.15.1" + tag: "0.16.1" pullPolicy: IfNotPresent backgroundJobs: events: resources: {} image: repository: renku/data-service-background-jobs - tag: "0.15.1" + tag: "0.16.1" pullPolicy: IfNotPresent total: resources: {} @@ -1663,7 +1663,7 @@ authz: secretsStorage: image: repository: renku/secrets-storage - tag: "0.15.1" + tag: "0.16.1" pullPolicy: IfNotPresent service: type: ClusterIP From 9e40a33d6c95486f8a9704699d973a3754c68ea3 Mon Sep 17 00:00:00 2001 From: RenkuBot <53332360+RenkuBot@users.noreply.github.com> Date: Fri, 26 Jul 2024 11:01:13 +0200 Subject: [PATCH 05/14] release 0.55.0 (#3689) * chore: create release 0.55.0 * feat: add user and group pages in Renku 2.0 (#3668) Closes #3669. Renku 2.0 features: - add user pages - update group pages - update project information panel - update search page with richer search results --------- Co-authored-by: Eike Kettner Co-authored-by: Ralf Grubenmann Co-authored-by: Laura * fix: use sphinx < 7.0 for docs (#3714) * chore: CHANGELOG to include support setting default resource class for a session (#3708) * Update CHANGELOG.rst Co-authored-by: Flora Thiebaut * chore: add release summary --------- Co-authored-by: Flora Thiebaut Co-authored-by: Eike Kettner Co-authored-by: Ralf Grubenmann Co-authored-by: Laura Co-authored-by: Andrea Cordoba <43388408+andre-code@users.noreply.github.com> --- CHANGELOG.rst | 41 +++++++++++++++++++++++++++++++++++- docs/requirements.txt | 2 +- helm-chart/renku/values.yaml | 14 ++++++------ 3 files changed, 48 insertions(+), 9 deletions(-) diff --git a/CHANGELOG.rst b/CHANGELOG.rst index 3a01d5925b..6c919ea789 100644 --- a/CHANGELOG.rst +++ b/CHANGELOG.rst @@ -1,5 +1,44 @@ .. _changelog: +0.55.0 +------ + +Renku ``0.55.0`` introduces user and group pages in Renku 2.0, where you can see all projects owned +by those people. In addition, you can now fully take advantage of RenkuLab resources in Renku 2.0 by +setting a resource class for your session launchers. + +User-Facing Changes +~~~~~~~~~~~~~~~~~~~ + +**๐ŸŒŸ New Features** + +- **UI**: Renku 2.0: Add user pages that show all projects in the namespace (`#3198 `__) +- **UI**: Renku 2.0: Extend group pages to show all projects in the namespace (`#3198 `__) + +**โœจ Improvements** + +- **UI**: Renku 2.0: Provide clickable links between projects and user/group namespace pages on the project page and in search results (`#3198 `__) +- **Search Services**: Renku 2.0: Show creator name and project namespace in search results, + where before only the respective ids were included (`#3198 `__) +- **UI**: Renku 2.0: Support setting a default resource class for a session launcher in Renku 2.0 (`#3196 `__) + +Internal Changes +~~~~~~~~~~~~~~~~ + +**Improvements** + +- **Search Services**: The search query is now accepted at ``/api/search/query`` url path + and a ``/api/search/version`` endpoint has been added +- **Data Services**: Change API to provide user and group pages in Renku 2.0 + +Individual Components +~~~~~~~~~~~~~~~~~~~~~ + +- `renku-data-services 0.17.0 `_ +- `renku-search 0.4.0 `_ +- `renku-ui 3.30.0 `_ +- `renku-ui 3.31.0 `_ + 0.54.2 ------ @@ -211,7 +250,7 @@ session on the Start with Options page. More details on this feature can be foun [documentation](https://renku.readthedocs.io/en/stable/topic-guides/secrets/secrets.html). Administrators can customize the culling times (the length of time before an idle session is paused -or a paused session is deleted) for different resource pools. +or a paused session is deleted) for different resource pools. This release also contains new features related to Renku 2.0. However, Renku 2.0 is still in early development and is not yet accessible to users. For more information, see our diff --git a/docs/requirements.txt b/docs/requirements.txt index 3def945fdd..9cca5c1453 100644 --- a/docs/requirements.txt +++ b/docs/requirements.txt @@ -1,5 +1,5 @@ sphinxcontrib-plantuml==0.26 -sphinx>=4.1 +sphinx>=4.1,<7.0 sphinxcontrib-mermaid==0.9.2 sphinxcontrib-napoleon==0.7 sphinx-click==5.0.1 diff --git a/helm-chart/renku/values.yaml b/helm-chart/renku/values.yaml index 28e45e0035..f4eb46133b 100644 --- a/helm-chart/renku/values.yaml +++ b/helm-chart/renku/values.yaml @@ -672,7 +672,7 @@ ui: replicaCount: 1 image: repository: renku/renku-ui - tag: "3.29.0" + tag: "3.31.0" pullPolicy: IfNotPresent ## Optionally specify an array of imagePullSecrets. ## Secrets must be manually created in the namespace. @@ -861,7 +861,7 @@ ui: keepCookies: [] image: repository: renku/renku-ui-server - tag: "3.29.0" + tag: "3.31.0" pullPolicy: IfNotPresent imagePullSecrets: [] nameOverride: "" @@ -1391,7 +1391,7 @@ search: replicas: 1 image: repository: renku/search-api - tag: "0.3.0" + tag: "0.4.0" pullPolicy: IfNotPresent service: type: ClusterIP @@ -1404,7 +1404,7 @@ search: replicas: 1 image: repository: renku/search-provision - tag: "0.3.0" + tag: "0.4.0" pullPolicy: IfNotPresent service: type: ClusterIP @@ -1603,14 +1603,14 @@ platformInit: dataService: image: repository: renku/renku-data-service - tag: "0.16.1" + tag: "0.17.0" pullPolicy: IfNotPresent backgroundJobs: events: resources: {} image: repository: renku/data-service-background-jobs - tag: "0.16.1" + tag: "0.17.0" pullPolicy: IfNotPresent total: resources: {} @@ -1663,7 +1663,7 @@ authz: secretsStorage: image: repository: renku/secrets-storage - tag: "0.16.1" + tag: "0.17.0" pullPolicy: IfNotPresent service: type: ClusterIP From e4b1842b34883bf76af026a39f13af3bc2d644cf Mon Sep 17 00:00:00 2001 From: Tasko Olevski Date: Mon, 12 Aug 2024 12:14:27 +0200 Subject: [PATCH 06/14] release 0.56.0 (#3725) * chore: Update changelog title for 0.56.0 release * refactor: revamp design for Renku 2.0 (#3726) New design for Renku 2.0 pages based on Bootstrap v5.3 components https://github.com/SwissDataScienceCenter/renku-ui/pull/3214 * feat: upgrade Amalthea to 0.12.2 (#3724) Co-authored-by: Alessandro Degano * feat!: add platform configuration (#3716) --------- Co-authored-by: Lorenzo Cavazzi <43481553+lorenzo-cavazzi@users.noreply.github.com> Co-authored-by: Alessandro Degano Co-authored-by: Flora Thiebaut --- .github/workflows/pull-request-test.yml | 2 ++ CHANGELOG.rst | 46 +++++++++++++++++++++++++ helm-chart/renku/requirements.yaml | 2 +- helm-chart/renku/values.yaml | 10 +++--- 4 files changed, 54 insertions(+), 6 deletions(-) diff --git a/.github/workflows/pull-request-test.yml b/.github/workflows/pull-request-test.yml index 5e5030fbfb..f5fb0e8624 100644 --- a/.github/workflows/pull-request-test.yml +++ b/.github/workflows/pull-request-test.yml @@ -57,6 +57,7 @@ jobs: renku-notebooks: ${{ steps.deploy-comment.outputs.renku-notebooks}} renku-ui: ${{ steps.deploy-comment.outputs.renku-ui}} renku-data-services: ${{ steps.deploy-comment.outputs.renku-data-services}} + amalthea: ${{ steps.deploy-comment.outputs.amalthea}} test-enabled: ${{ steps.deploy-comment.outputs.test-enabled}} extra-values: ${{ steps.deploy-comment.outputs.extra-values}} steps: @@ -97,6 +98,7 @@ jobs: renku_notebooks: "${{ needs.check-deploy.outputs.renku-notebooks }}" renku_ui: "${{ needs.check-deploy.outputs.renku-ui }}" renku_data_services: "${{ needs.check-deploy.outputs.renku-data-services }}" + amalthea: "${{ needs.check-deploy.outputs.amalthea }}" extra_values: "${{ needs.check-deploy.outputs.extra-values }}" - name: Check existing renkubot comment if: needs.check-deploy.outputs.pr-contains-string == 'true' diff --git a/CHANGELOG.rst b/CHANGELOG.rst index 6c919ea789..7eb6ccff62 100644 --- a/CHANGELOG.rst +++ b/CHANGELOG.rst @@ -1,5 +1,51 @@ .. _changelog: +0.56.0 +------ + +Renku ``0.56.0`` adds new features and improvements to several components. + +User-Facing Changes +~~~~~~~~~~~~~~~~~~~ + +**๐ŸŒŸ New Features** + +- **UI**: Update incidents and maintenance banner and summary (`#3220 `__) +- **UI**: Add incidents and maintenance section in the admin panel (`#3220 `__) +- **Data Services**: Add platform configuration + +**โœจ Improvements** + +- Revamp design for Renku 2.0 (`#3214 `__). + +**๐Ÿž Bug Fixes** + +- Use standard HTML input fields for secret values (`#3233 `__). + +Internal Changes +~~~~~~~~~~~~~~~~ + +**Improvements** + +- * **Amalthea**: Sessions can now run correctly on Kubernetes version 1.29. + +**๐Ÿž Bug Fixes** + +- * **Amalthea**: Fix the repository for the scheduler image in the Amalthea Helm chart. +- * **Amalthea**: Properly load the namespace configuration when starting the operator. +- * **Amalthea**: Fix the missing health check endpoint for the old operator. + +Individual Components +~~~~~~~~~~~~~~~~~~~~~ + +- `renku-data-services 0.18.0 `_ +- `renku-data-services 0.18.1 `_ +- `renku-ui 3.32.0 `_ +- `renku-ui 3.33.0 `_ +- `amalthea 0.12.0 `_ +- `amalthea 0.12.1 `_ +- `amalthea 0.12.2 `_ + 0.55.0 ------ diff --git a/helm-chart/renku/requirements.yaml b/helm-chart/renku/requirements.yaml index 241fe30915..639efc5367 100644 --- a/helm-chart/renku/requirements.yaml +++ b/helm-chart/renku/requirements.yaml @@ -23,7 +23,7 @@ dependencies: alias: jena - name: amalthea repository: "https://swissdatasciencecenter.github.io/helm-charts/" - version: "0.11.0" + version: "0.12.2" - name: dlf-chart repository: "https://swissdatasciencecenter.github.io/datashim/" version: "0.3.9-renku-2" diff --git a/helm-chart/renku/values.yaml b/helm-chart/renku/values.yaml index f4eb46133b..39991c607e 100644 --- a/helm-chart/renku/values.yaml +++ b/helm-chart/renku/values.yaml @@ -672,7 +672,7 @@ ui: replicaCount: 1 image: repository: renku/renku-ui - tag: "3.31.0" + tag: "3.33.0" pullPolicy: IfNotPresent ## Optionally specify an array of imagePullSecrets. ## Secrets must be manually created in the namespace. @@ -861,7 +861,7 @@ ui: keepCookies: [] image: repository: renku/renku-ui-server - tag: "3.31.0" + tag: "3.33.0" pullPolicy: IfNotPresent imagePullSecrets: [] nameOverride: "" @@ -1603,14 +1603,14 @@ platformInit: dataService: image: repository: renku/renku-data-service - tag: "0.17.0" + tag: "0.18.1" pullPolicy: IfNotPresent backgroundJobs: events: resources: {} image: repository: renku/data-service-background-jobs - tag: "0.17.0" + tag: "0.18.1" pullPolicy: IfNotPresent total: resources: {} @@ -1663,7 +1663,7 @@ authz: secretsStorage: image: repository: renku/secrets-storage - tag: "0.17.0" + tag: "0.18.1" pullPolicy: IfNotPresent service: type: ClusterIP From b45f9fe0843f53a547517d3932a4fbc88cb6f5c3 Mon Sep 17 00:00:00 2001 From: Tasko Olevski Date: Mon, 12 Aug 2024 16:31:20 +0200 Subject: [PATCH 07/14] fix: update amalthea to 0.12.3 (#3730) * fix: update amalthea to 0.12.3 Addresses a bug where Amalthea would not start when prometheus metrics or the audit log export functionality is enabled. --------- Co-authored-by: Lorenzo Cavazzi <43481553+lorenzo-cavazzi@users.noreply.github.com> Co-authored-by: Alessandro Degano Co-authored-by: Flora Thiebaut --- CHANGELOG.rst | 18 ++++++++++++++++++ helm-chart/renku/requirements.yaml | 2 +- 2 files changed, 19 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.rst b/CHANGELOG.rst index 7eb6ccff62..cbff07f1f6 100644 --- a/CHANGELOG.rst +++ b/CHANGELOG.rst @@ -1,5 +1,23 @@ .. _changelog: +0.56.1 +------ + +Renku ``0.56.1`` fixes a bug where Amalthea would not start when the prometheus metrics or the +audit log export functionality is enabled. + +Internal Changes +~~~~~~~~~~~~~~~~ + +**๐Ÿž Bug Fixes** + +- * **Amalthea**: Fix failing startup when prometheus metrics or audit log is enabled. + +Individual Components +~~~~~~~~~~~~~~~~~~~~~ + +- `amalthea 0.12.3 `_ + 0.56.0 ------ diff --git a/helm-chart/renku/requirements.yaml b/helm-chart/renku/requirements.yaml index 639efc5367..df8744a33c 100644 --- a/helm-chart/renku/requirements.yaml +++ b/helm-chart/renku/requirements.yaml @@ -23,7 +23,7 @@ dependencies: alias: jena - name: amalthea repository: "https://swissdatasciencecenter.github.io/helm-charts/" - version: "0.12.2" + version: "0.12.3" - name: dlf-chart repository: "https://swissdatasciencecenter.github.io/datashim/" version: "0.3.9-renku-2" From 4aeae27a599ab8a85c203fc8d5ede8e334e7ecd8 Mon Sep 17 00:00:00 2001 From: RenkuBot <53332360+RenkuBot@users.noreply.github.com> Date: Fri, 23 Aug 2024 13:58:18 +0200 Subject: [PATCH 08/14] release 0.56.2 (#3739) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * chore: create release 0.56.2 * bump data services to 0.19.0 (#3740) * fix: typo in CHANGELOG.rst --------- Co-authored-by: Ralf Grubenmann Co-authored-by: Alessandro Degano <40891147+aledegano@users.noreply.github.com> Co-authored-by: Rok Roลกkar --- CHANGELOG.rst | 27 +++++++++++++++++++++++++++ helm-chart/renku/values.yaml | 6 +++--- 2 files changed, 30 insertions(+), 3 deletions(-) diff --git a/CHANGELOG.rst b/CHANGELOG.rst index cbff07f1f6..e996222260 100644 --- a/CHANGELOG.rst +++ b/CHANGELOG.rst @@ -1,5 +1,32 @@ .. _changelog: +0.56.2 +------ + +Renku ``0.56.2`` fixes a bug in renku-data-services where a background job would stop working +if a deleted project wasn't correctly removed from the authorization database. + +Internal Changes +~~~~~~~~~~~~~~~~ + +**๐ŸŒŸ New Features** + +- **Data Services**: Adds endpoint for saving storage credentials + + +**๐Ÿž Bug Fixes** + +- **Data Services**: Fixes background job not working with Authzed db in inconsistent state +- **Data Services**: Fixes query args validation for /api/data/user/secrets endpoint +- **Data Services**: Splits error into 401 and 403 depending on the error + + +Individual Components +~~~~~~~~~~~~~~~~~~~~~ + +- `renku-data-services 0.19.0 `__ + + 0.56.1 ------ diff --git a/helm-chart/renku/values.yaml b/helm-chart/renku/values.yaml index 39991c607e..d24dd0ce0f 100644 --- a/helm-chart/renku/values.yaml +++ b/helm-chart/renku/values.yaml @@ -1603,14 +1603,14 @@ platformInit: dataService: image: repository: renku/renku-data-service - tag: "0.18.1" + tag: "0.19.0" pullPolicy: IfNotPresent backgroundJobs: events: resources: {} image: repository: renku/data-service-background-jobs - tag: "0.18.1" + tag: "0.19.0" pullPolicy: IfNotPresent total: resources: {} @@ -1663,7 +1663,7 @@ authz: secretsStorage: image: repository: renku/secrets-storage - tag: "0.18.1" + tag: "0.19.0" pullPolicy: IfNotPresent service: type: ClusterIP From 15a50f93e0b845e0d487dd2847953677b7abcdeb Mon Sep 17 00:00:00 2001 From: RenkuBot <53332360+RenkuBot@users.noreply.github.com> Date: Fri, 30 Aug 2024 17:42:34 +0200 Subject: [PATCH 09/14] release 0.56.3 (#3742) * chore: create release 0.56.3 * fix: upgrade data services to 0.19.1 --- CHANGELOG.rst | 18 ++++++++++++++++++ helm-chart/renku/values.yaml | 6 +++--- 2 files changed, 21 insertions(+), 3 deletions(-) diff --git a/CHANGELOG.rst b/CHANGELOG.rst index e996222260..76c0e527e5 100644 --- a/CHANGELOG.rst +++ b/CHANGELOG.rst @@ -1,5 +1,23 @@ .. _changelog: +0.56.3 +------ + +Renku ``0.56.3`` fixes a bug in renku-data-services where strict user email validation +was causing problems with the admin panel and listing users. + +Internal Changes +~~~~~~~~~~~~~~~~ + +**๐Ÿž Bug Fixes** + +- **Data Services**: do not validate user emails because Keycloak can contain invalid emails + +Individual Components +~~~~~~~~~~~~~~~~~~~~~ + +- `renku-data-services 0.19.1 `__ + 0.56.2 ------ diff --git a/helm-chart/renku/values.yaml b/helm-chart/renku/values.yaml index d24dd0ce0f..c2a80e6b2d 100644 --- a/helm-chart/renku/values.yaml +++ b/helm-chart/renku/values.yaml @@ -1603,14 +1603,14 @@ platformInit: dataService: image: repository: renku/renku-data-service - tag: "0.19.0" + tag: "0.19.1" pullPolicy: IfNotPresent backgroundJobs: events: resources: {} image: repository: renku/data-service-background-jobs - tag: "0.19.0" + tag: "0.19.1" pullPolicy: IfNotPresent total: resources: {} @@ -1663,7 +1663,7 @@ authz: secretsStorage: image: repository: renku/secrets-storage - tag: "0.19.0" + tag: "0.19.1" pullPolicy: IfNotPresent service: type: ClusterIP From 2929f533eb5ea0cb6dcfdfa409350a3aae44f2c4 Mon Sep 17 00:00:00 2001 From: RenkuBot <53332360+RenkuBot@users.noreply.github.com> Date: Mon, 16 Sep 2024 14:48:50 +0200 Subject: [PATCH 10/14] release 0.57.0 (#3732) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * chore: create release 0.57.0 * feat!: gateway refactor (#3721) The previous gateway components are replaced with a single API Gateway responsible for login and reverse proxying requests. Details: * Remove the `gateway-auth` Python component * Update the `gateway-revproxy` Go component (now `gateway`) * Update the `ui-server` to remove login responsibilities --------- Co-authored-by: Tasko Olevski * feat: upgrade csi-rclone to 0.3.0 (#3753) Release notes from csi-rclone: - feat: get secret from pvc annotation by @olevski in #20 - feat: add support for decrypting storage credentials by @m-alisafaee in #17 - fix: don't error out if unmounting fails, as it might block dependent resources by @Panaetius in #16 * feat: Update search services to 0.5.0 (#3754) * feat: update notebooks to 1.26.0 (#3757) * fix: add environment variable for new redis stream to search (#3756) * (docs) redirect to Community portal for Renku 2.0 docs (#3758) * fix: bump csi rclone to 0.3.1 (#3759) This fixes an error where the new version of the csi rclone was failing when a secret annotation was not used to define the secret. This was supposed to work but the storage class that is marked to use the PVC annotation will fail if the annotation is not present. So we had to use 2 storage classes one that requires a PVC annotation for the secret and another that is the same as the current one - which expects that the PVC name and secret is the same. * chore(ci): Update renku actions to v1.12.3 (#3766) Co-authored-by: Rok Roลกkar * fix: implement browser logout from the gateway (#3764) Add browser-based logout for Keycloak and Gitlab. Previously, the logout flow would not end the Keycloak nor the GitLab browser session. This prevented users from switching accounts because their existing Keycloak and GitLab sessions would be re-used when logging in with the renku gateway. * feat: update renku-data-services to v0.20.0 and renku-ui to 3.35.0 (#3765) * data svc release v0.20.0 * bump UI -> 3.35.0 * update changelog * Update CHANGELOG.rst Co-authored-by: Laura * apply CHANGELOG suggestions --------- Co-authored-by: Flora Thiebaut Co-authored-by: Rok Roลกkar Co-authored-by: Laura Co-authored-by: Andrea Cordoba * fix: bump gateway to 1.0.2 (#3767) Fixes the `Authorization` header for the Renku 2.0 search service. * chore: add general release wording * chore: polish release 0.57.0 changelog --------- Co-authored-by: Flora Thiebaut Co-authored-by: Tasko Olevski Co-authored-by: eikek <701128+eikek@users.noreply.github.com> Co-authored-by: M. Alisafaee Co-authored-by: Laura Co-authored-by: Rok Roลกkar Co-authored-by: Ralf Grubenmann Co-authored-by: Andrea Cordoba Co-authored-by: Rok Roลกkar --- .github/workflows/cron-jobs.yaml | 2 +- .github/workflows/publish-helm-chart.yml | 2 +- .github/workflows/publish-master-merges.yaml | 2 +- .github/workflows/pull-request-test.yml | 10 +- .github/workflows/renku-dev-test.yaml | 2 +- CHANGELOG.rst | 82 +++++++++- cypress-tests/cypress/e2e/useSession.cy.ts | 2 + .../cypress/support/commands/login.ts | 2 + docs/index.rst | 7 + docs/spelling_wordlist.txt | 2 + docs/tutorials.rst | 9 ++ docs/tutorials/01_firststeps.rst | 9 ++ helm-chart/renku/requirements.yaml | 2 +- .../renku/templates/gateway/_helpers.tpl | 8 +- .../renku/templates/gateway/configmap.yaml | 89 +++++++++++ .../gateway/deployment-revproxy.yaml | 136 ++++++++-------- .../renku/templates/gateway/deployment.yaml | 149 ------------------ .../renku/templates/gateway/hpa-revproxy.yaml | 20 +-- helm-chart/renku/templates/gateway/pdb.yaml | 9 +- helm-chart/renku/templates/gateway/role.yaml | 2 +- .../renku/templates/gateway/rolebinding.yaml | 6 +- .../renku/templates/gateway/secret.yaml | 24 ++- .../renku/templates/gateway/service.yaml | 27 +--- .../templates/gateway/serviceaccount.yaml | 2 +- helm-chart/renku/templates/ingress.yaml | 12 +- .../renku/templates/setup-job-gitlab.yaml | 2 +- .../templates/setup-job-keycloak-realms.yaml | 10 +- helm-chart/renku/values.yaml | 56 +++---- helm-chart/values.yaml.changelog.md | 49 ++++++ 29 files changed, 417 insertions(+), 317 deletions(-) create mode 100644 helm-chart/renku/templates/gateway/configmap.yaml delete mode 100644 helm-chart/renku/templates/gateway/deployment.yaml diff --git a/.github/workflows/cron-jobs.yaml b/.github/workflows/cron-jobs.yaml index b4194ec918..4dd61e44cc 100644 --- a/.github/workflows/cron-jobs.yaml +++ b/.github/workflows/cron-jobs.yaml @@ -11,7 +11,7 @@ jobs: runs-on: ubuntu-22.04 steps: - name: renku teardown - uses: SwissDataScienceCenter/renku-actions/cleanup-renku-ci-deployments@v1.11.3 + uses: SwissDataScienceCenter/renku-actions/cleanup-renku-ci-deployments@v1.12.3 env: GITLAB_TOKEN: ${{ secrets.DEV_GITLAB_TOKEN }} RENKUBOT_KUBECONFIG: ${{ secrets.RENKUBOT_DEV_KUBECONFIG }} diff --git a/.github/workflows/publish-helm-chart.yml b/.github/workflows/publish-helm-chart.yml index 30422141e1..fdeb0c5704 100644 --- a/.github/workflows/publish-helm-chart.yml +++ b/.github/workflows/publish-helm-chart.yml @@ -15,7 +15,7 @@ jobs: - name: Set version id: vars run: echo "tag=${GITHUB_REF#refs/*/}" >> $GITHUB_OUTPUT - - uses: SwissDataScienceCenter/renku-actions/publish-chart@v1.11.3 + - uses: SwissDataScienceCenter/renku-actions/publish-chart@v1.12.3 env: CHART_DIR: helm-chart/ CHART_NAME: renku diff --git a/.github/workflows/publish-master-merges.yaml b/.github/workflows/publish-master-merges.yaml index df49c7c868..b0fe88420c 100644 --- a/.github/workflows/publish-master-merges.yaml +++ b/.github/workflows/publish-master-merges.yaml @@ -35,7 +35,7 @@ jobs: - id: set-version run: | echo "publish_version=${{ steps.bump-semver.outputs.new_version }}.$(echo ${{ github.sha }} | cut -c 1-7)" >> $GITHUB_ENV - - uses: SwissDataScienceCenter/renku-actions/publish-chart@v1.11.3 + - uses: SwissDataScienceCenter/renku-actions/publish-chart@v1.12.3 env: CHART_DIR: helm-chart/ CHART_TAG: "--tag ${{env.publish_version}}" diff --git a/.github/workflows/pull-request-test.yml b/.github/workflows/pull-request-test.yml index f5fb0e8624..d626f5c72d 100644 --- a/.github/workflows/pull-request-test.yml +++ b/.github/workflows/pull-request-test.yml @@ -63,7 +63,7 @@ jobs: steps: - uses: actions/checkout@v4.1.7 - id: deploy-comment - uses: SwissDataScienceCenter/renku-actions/check-pr-description@v1.11.3 + uses: SwissDataScienceCenter/renku-actions/check-pr-description@v1.12.3 with: string: /deploy pr_ref: ${{ github.event.number }} @@ -79,7 +79,7 @@ jobs: - uses: actions/checkout@v4.1.7 - name: renku build and deploy if: needs.check-deploy.outputs.pr-contains-string == 'true' - uses: SwissDataScienceCenter/renku-actions/deploy-renku@v1.11.3 + uses: SwissDataScienceCenter/renku-actions/deploy-renku@v1.12.3 env: DOCKER_PASSWORD: ${{ secrets.RENKU_DOCKER_PASSWORD }} DOCKER_USERNAME: ${{ secrets.RENKU_DOCKER_USERNAME }} @@ -122,7 +122,7 @@ jobs: needs: [check-deploy, deploy-pr] runs-on: ubuntu-22.04 steps: - - uses: SwissDataScienceCenter/renku-actions/test-renku@v1.11.3 + - uses: SwissDataScienceCenter/renku-actions/test-renku@v1.12.3 with: kubeconfig: ${{ secrets.RENKUBOT_DEV_KUBECONFIG }} renku-release: ci-renku-${{ github.event.number }} @@ -150,7 +150,7 @@ jobs: ] steps: - - uses: SwissDataScienceCenter/renku-actions/test-renku-cypress@v1.11.3 + - uses: SwissDataScienceCenter/renku-actions/test-renku-cypress@v1.12.3 if: github.event.action != 'closed' && needs.check-deploy.outputs.pr-contains-string == 'true' && needs.check-deploy.outputs.test-enabled == 'true' with: e2e-target: ${{ matrix.tests }} @@ -183,7 +183,7 @@ jobs: runs-on: ubuntu-22.04 steps: - name: renku teardown - uses: SwissDataScienceCenter/renku-actions/cleanup-renku-ci-deployments@v1.11.3 + uses: SwissDataScienceCenter/renku-actions/cleanup-renku-ci-deployments@v1.12.3 env: HELM_RELEASE_REGEX: "^ci-renku-${{ github.event.number }}$" GITLAB_TOKEN: ${{ secrets.DEV_GITLAB_TOKEN }} diff --git a/.github/workflows/renku-dev-test.yaml b/.github/workflows/renku-dev-test.yaml index 60074e2941..87dc26857a 100644 --- a/.github/workflows/renku-dev-test.yaml +++ b/.github/workflows/renku-dev-test.yaml @@ -8,7 +8,7 @@ jobs: github.event.client_payload.message == 'Helm test succeeded' }} runs-on: ubuntu-20.04 steps: - - uses: SwissDataScienceCenter/renku-actions/test-renku@v1.11.3 + - uses: SwissDataScienceCenter/renku-actions/test-renku@v1.12.3 with: kubeconfig: ${{ secrets.RENKUBOT_DEV_KUBECONFIG }} renku-release: renku diff --git a/CHANGELOG.rst b/CHANGELOG.rst index 76c0e527e5..a730d2ad3b 100644 --- a/CHANGELOG.rst +++ b/CHANGELOG.rst @@ -1,5 +1,85 @@ .. _changelog: +0.57.0 +------ + +Renku `0.57.0` brings a suite of new features and improvements to the Renku 2.0 beta. As a main +highlight, you can now save and reuse the credentials for data sources. No more copy/paste on every +session launch! We have also made small improvements to sharing, search, and sessions in Renku 2.0. +For a full list of changes, see the list below. + + +NOTE to administrators: Upgrading the `csi-rclone` component will unmount all cloud storage for all +active or hibernated sessions. Therefore, we recommend notifying your users ahead of time when you +deploy this version of Renku and also if possible deploying the upgrade when there are fewer +sessions that use cloud storage or just fewer sessions in general. Once the upgrade is complete +users will be able to mount cloud storage as usual. + +User-Facing Changes +~~~~~~~~~~~~~~~~~~~ + +**๐ŸŒŸ New Features** + +- **UI**: Support saving and managing credentials for Renku 2.0 data sources (`#3266 `__). + +**โœจ Improvements** + +- **Search Services**: Enable searching by prefix of indexed words +- **UI**: Add members to groups and projects in Renku 2.0 by username instead of email (`#3270 `__). +- **UI**: Enable sharing search URLs by reflecting the search query in the URL for Renku 2.0 (`#3245 `__). +- **UI**: Show the status of a session via a dynamic browser tab icon (`#3249 `__). +- **UI**: Display session details in session page in Renku 2.0 (`#3258 `__) +- **UI**: Set default namespace when creating a new Renku 2.0 project (`#3264 `__). + +**๐Ÿž Bug Fixes** + +- **UI**: Fix issue in Renku 2.0 where launched sessions did not use the default storage size of the selected resource class (`#3295 `__). +- **UI**: Fix misnomers on the group creation page (`#3276 `__). +- **Data Services**: Fix connected services showing errors for anonymous users +- **Data Services**: Fix 500 error being raised when modifying a session launcher + +Internal Changes +~~~~~~~~~~~~~~~~ + +**New Features** + +- **csi-rclone**: Read credential secrets from PVC annotations +- **csi-rclone**: Update the CSI sidecar container versions +- **csi-rclone**: Add support for decrypting data storage secrets. +- **Gateway**: The API Gateway components have been refactored and simplified (`#709 `__). +- **Notebooks**: Add a component for liveness detection +- **Notebooks**: Support for saving cloud storage secrets + +**Improvements** + +- **Search Services**: Reading all data service events from a single Redis stream. Processing from individual streams is kept. +- **Data Services**: Do not show user emails and use usernames instead for all interactions +- **UI**: The UI server has been refactored following the changes in the gateway (`#3271 `__). + +**Bug Fixes** + +- **csi-rclone**: Do not crash on unmounting as it might block dependent resources +- **csi-rclone**: Use extra storage class when reading secrets from a PVC annotation +- **Data Services**: Fix group member changes not being sent to search +- **Data Services**: Fix Redis not being able to connect to the master node + +Individual Components +~~~~~~~~~~~~~~~~~~~~~ + +- `csi-rclone 0.1.8 `__ +- `csi-rclone 0.2.0 `__ +- `csi-rclone 0.3.0 `__ +- `csi-rclone 0.3.1 `__ +- `renku-gateway 1.0.0 `_ +- `renku-gateway 1.0.1 `_ +- `renku-gateway 1.0.2 `_ +- `renku-ui 3.34.0 `_ +- `renku-ui 3.35.0 `_ +- `renku-search 0.5.0 `_ +- `renku-notebooks 1.26.0 `__ +- `renku-data-services 0.20.0 `__ + + 0.56.3 ------ @@ -48,7 +128,7 @@ Individual Components 0.56.1 ------ -Renku ``0.56.1`` fixes a bug where Amalthea would not start when the prometheus metrics or the +Renku ``0.56.1`` fixes a bug where Amalthea would not start when the prometheus metrics or the audit log export functionality is enabled. Internal Changes diff --git a/cypress-tests/cypress/e2e/useSession.cy.ts b/cypress-tests/cypress/e2e/useSession.cy.ts index 79b989c6e5..11119f6529 100644 --- a/cypress-tests/cypress/e2e/useSession.cy.ts +++ b/cypress-tests/cypress/e2e/useSession.cy.ts @@ -187,6 +187,8 @@ describe("Basic public project functionality", () => { // Stop the session -- mind that anonymous users cannot pause sessions cy.deleteSession({ fromSessionPage: true }); + + cy.robustLogin(); }); it("Start a new session on a project without permissions.", () => { diff --git a/cypress-tests/cypress/support/commands/login.ts b/cypress-tests/cypress/support/commands/login.ts index 0f7514ff66..6623084aad 100644 --- a/cypress-tests/cypress/support/commands/login.ts +++ b/cypress-tests/cypress/support/commands/login.ts @@ -140,6 +140,8 @@ function robustLogin(props?: RobustLoginProps) { function logout() { cy.get("#profile-dropdown").should("be.visible").click(); cy.get("#logout-link").should("be.visible").click(); + // Make sure we fully log out + cy.wait(1_000); } export default function registerLoginCommands() { diff --git a/docs/index.rst b/docs/index.rst index f16e6824a6..d61c926703 100644 --- a/docs/index.rst +++ b/docs/index.rst @@ -31,6 +31,13 @@ Renku Documentation -- Wikipedia +.. note:: + + **We're building the next version of Renku!** For documentation related to Renku 2.0, please see + our `Community Portal + `_. To learn + more about the big changes coming in Renku, check out our `blog post `_. + .. include:: ../README.rst :start-after: renku: :end-before: documentation: diff --git a/docs/spelling_wordlist.txt b/docs/spelling_wordlist.txt index 35101ec4d3..3c962635ef 100644 --- a/docs/spelling_wordlist.txt +++ b/docs/spelling_wordlist.txt @@ -152,6 +152,7 @@ kwargs ld lefthand lfs +liveness LocalClient localhost Lucene @@ -308,6 +309,7 @@ unmapped unmerged Unmount unmount +unmounting unpause unpushed unschedulable diff --git a/docs/tutorials.rst b/docs/tutorials.rst index 13fad6a4a0..bafa5da4fd 100644 --- a/docs/tutorials.rst +++ b/docs/tutorials.rst @@ -3,6 +3,15 @@ Tutorials --------- +.. note:: + + **We're building the next version of Renku!** If you're looking for a tutorial for Renku 2.0, + please see the Renku 2.0 documentation on our `Community Portal + `_ instead. + The tutorial linked below is outdated and refers to the legacy version of Renku that is no + longer under active development. To learn more about the big changes coming in Renku, check out + our `blog post `_. + The following tutorials are available for getting acquainted with Renku. We recommend you start with :ref:`first_steps`! diff --git a/docs/tutorials/01_firststeps.rst b/docs/tutorials/01_firststeps.rst index cf47e216ea..7c8a553d28 100644 --- a/docs/tutorials/01_firststeps.rst +++ b/docs/tutorials/01_firststeps.rst @@ -3,6 +3,15 @@ Get Started on RenkuLab ======================= +.. note:: + + **We're building the next version of Renku!** If you're looking for a tutorial for Renku 2.0, + please see the Renku 2.0 documentation on our `Community Portal + `_ instead. + This tutorial is outdated and refers to the legacy version of Renku that is no longer under + active development. To learn more about the big changes coming in Renku, check out our `blog + post `_. + This tutorial will help you get started working on the Renkulab platform. We will use Renku to realize a very small data science project: counting the number of flights to Austin-Bergstrom International Airport in January, 2019. In this tutorial we will provide instructions for Python, Julia (in JupyterLab) and R (in RStudio). diff --git a/helm-chart/renku/requirements.yaml b/helm-chart/renku/requirements.yaml index df8744a33c..d120749bf9 100644 --- a/helm-chart/renku/requirements.yaml +++ b/helm-chart/renku/requirements.yaml @@ -30,7 +30,7 @@ dependencies: condition: notebooks.cloudstorage.s3.installDatashim - name: csi-rclone repository: "https://swissdatasciencecenter.github.io/helm-charts/" - version: "0.1.7" + version: "0.3.1" condition: global.csi-rclone.install - name: solr repository: "oci://registry-1.docker.io/bitnamicharts" diff --git a/helm-chart/renku/templates/gateway/_helpers.tpl b/helm-chart/renku/templates/gateway/_helpers.tpl index 9bc57ea9d2..fbe9d65ddb 100644 --- a/helm-chart/renku/templates/gateway/_helpers.tpl +++ b/helm-chart/renku/templates/gateway/_helpers.tpl @@ -1,7 +1,7 @@ {{/* Template core service paths as a comma separated list */}} -{{- define "gateway.core.paths" -}} +{{- define "gateway.core.pathsYaml" -}} {{- $paths := list -}} {{- range $i, $k := (keys .Values.global.core.versions | sortAlpha) -}} {{- $paths = mustAppend $paths (printf "/api/renku/%s" (get $.Values.global.core.versions $k).prefix) -}} @@ -9,13 +9,13 @@ Template core service paths as a comma separated list {{- $paths = mustAppend $paths "/api/renku" -}} {{- end -}} {{- end -}} -{{- join "," $paths | quote -}} +{{- $paths | toYaml -}} {{- end -}} {{/* Template core service names as a comma separated list */}} -{{- define "gateway.core.serviceNames" -}} +{{- define "gateway.core.serviceNamesYaml" -}} {{- $serviceNames := list -}} {{- $coreBaseName := printf "%s-core" .Release.Name -}} {{- range $i, $k := (keys .Values.global.core.versions | sortAlpha) -}} @@ -25,7 +25,7 @@ Template core service names as a comma separated list {{- $serviceNames = mustAppend $serviceNames $serviceName -}} {{- end -}} {{- end -}} -{{- join "," $serviceNames | quote -}} +{{- $serviceNames | toYaml -}} {{- end -}} {{/* diff --git a/helm-chart/renku/templates/gateway/configmap.yaml b/helm-chart/renku/templates/gateway/configmap.yaml new file mode 100644 index 0000000000..c163177252 --- /dev/null +++ b/helm-chart/renku/templates/gateway/configmap.yaml @@ -0,0 +1,89 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ template "renku.fullname" . }}-gateway + labels: + app: {{ template "gateway.name" . }} + chart: {{ template "renku.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +data: + config.yaml: | + server: + port: 8080 + host: 0.0.0.0 + rateLimits: + enabled: {{ .Values.gateway.rateLimits.general.enabled }} + rate: {{ .Values.gateway.rateLimits.general.average }} + burst: {{ .Values.gateway.rateLimits.general.burst }} + {{- with .Values.gateway.allowOrigin }} + allowOrigin: + {{- toYaml . | nindent 8 }} + {{- end }} + sessions: + authorizationVerifiers: + - issuer: {{ printf "%s/realms/%s" (include "renku.keycloakUrl" . | trimSuffix "/") (include "renku.keycloak.realm" .) }} + audience: renku + authorizedParty: renku + - issuer: {{ printf "%s/realms/%s" (include "renku.keycloakUrl" . | trimSuffix "/") (include "renku.keycloak.realm" .) }} + audience: renku + authorizedParty: renku-cli + revproxy: + renkuBaseUrl: {{ include "renku.baseUrl" . | quote }} + {{- if .Values.gitlab.enabled }} + externalGitlabUrl: "" + {{- else }} + externalGitlabUrl: {{ .Values.global.gitlab.url | default "" | quote }} + {{- end }} + k8sNamespace: {{ .Release.Namespace }} + renkuServices: + notebooks: {{ printf "http://%s-notebooks" .Release.Name | quote }} + kg: {{ printf "http://%s-knowledge-graph" .Release.Name | quote }} + webhook: {{ printf "http://%s-webhook-service" .Release.Name | quote }} + core: + serviceNames: + {{- include "gateway.core.serviceNamesYaml" . | nindent 12 }} + servicePaths: + {{- include "gateway.core.pathsYaml" . | nindent 12 }} + sticky: true + dataService: {{ printf "http://%s-data-service" .Release.Name | quote }} + keycloak: {{ include "renku.keycloakUrl" . | quote }} + uiserver: {{ printf "http://%s" (include "ui-server.fullname" .) | quote }} + search: {{ printf "http://%s-search-api" .Release.Name | quote }} + login: + renkuBaseUrl: {{ include "renku.baseUrl" . | quote }} + loginRoutesBasePath: "/api/auth" + defaultAppRedirectURL: {{ include "renku.baseUrl" . | quote }} + tokenEncryption: + enabled: true + providers: + renku: + issuer: {{ printf "%s/realms/%s" (include "renku.keycloakUrl" . | trimSuffix "/") (include "renku.keycloak.realm" .) }} + clientID: renku + scopes: ["profile", "email", "openid", "microprofile-jwt"] + callbackURI: {{ printf "%s/api/auth/callback" (include "renku.baseUrl" .) }} + usePKCE: false + gitlab: + issuer: {{ .Values.global.gitlab.url | quote }} + clientID: {{ .Values.gateway.gitlabClientId | default .Values.global.gateway.gitlabClientId | quote }} + scopes: ["openid", "api", "read_user", "read_repository"] + callbackURI: {{ printf "%s/api/auth/callback" (include "renku.baseUrl" .) }} + usePKCE: false + oldGitLabLogout: {{ .Values.gateway.oldGitLabLogout | default false }} + logoutGitLabUponRenkuLogout: {{ .Values.gateway.logoutGitLabUponRenkuLogout | default true }} + redis: + type: redis + addresses: + - {{ printf "%s:%d" .Values.global.redis.host (.Values.global.redis.port | int) | quote }} + isSentinel: {{ .Values.global.redis.sentinel.enabled }} + masterName: {{ .Values.global.redis.sentinel.masterSet | quote }} + dbIndex: {{ .Values.global.redis.dbIndex.gateway }} + monitoring: + sentry: + enabled: {{ .Values.gateway.sentry.enabled }} + environment: {{ .Values.gateway.sentry.environment }} + sampleRate: {{ .Values.gateway.sentry.sampleRate }} + prometheus: + enabled: {{ .Values.gateway.metrics.enabled }} + port: {{ .Values.gateway.metrics.port }} +--- diff --git a/helm-chart/renku/templates/gateway/deployment-revproxy.yaml b/helm-chart/renku/templates/gateway/deployment-revproxy.yaml index 1cf3cc3419..3fc1b30214 100644 --- a/helm-chart/renku/templates/gateway/deployment-revproxy.yaml +++ b/helm-chart/renku/templates/gateway/deployment-revproxy.yaml @@ -1,41 +1,49 @@ apiVersion: apps/v1 kind: Deployment metadata: - name: {{ template "renku.fullname" . }}-gateway-revproxy + name: {{ template "renku.fullname" . }}-gateway labels: - app: {{ template "gateway.name" . }}-revproxy + app: {{ template "gateway.name" . }} chart: {{ template "renku.chart" . }} release: {{ .Release.Name }} heritage: {{ .Release.Service }} spec: - {{- if not .Values.gateway.reverseProxy.autoscaling.enabled }} - replicas: {{ .Values.gateway.reverseProxy.replicaCount }} + {{- if not .Values.gateway.autoscaling.enabled }} + replicas: {{ .Values.gateway.replicaCount }} {{- end }} strategy: - {{- toYaml .Values.gateway.reverseProxy.updateStrategy | nindent 4 }} + {{- toYaml .Values.gateway.updateStrategy | nindent 4 }} selector: matchLabels: - app: {{ template "gateway.name" . }}-revproxy + app: {{ template "gateway.name" . }} release: {{ .Release.Name }} template: metadata: labels: - app: {{ template "gateway.name" . }}-revproxy + app: {{ template "gateway.name" . }} release: {{ .Release.Name }} - {{- with .Values.gateway.reverseProxy.podAnnotations }} + # The label below enables the gateway to connect to redis + {{ .Values.global.redis.clientLabel | toYaml | nindent 8 }} + {{- if .Values.gateway.podAnnotations }} + {{- with .Values.gateway.podAnnotations }} annotations: + checksum/config: {{ include (print $.Template.BasePath "/gateway/configmap.yaml") . | sha256sum }} {{- toYaml . | nindent 8 }} {{- end }} + {{- else }} + annotations: + checksum/config: {{ include (print $.Template.BasePath "/gateway/configmap.yaml") . | sha256sum }} + {{- end }} spec: - serviceAccountName: "{{ template "renku.fullname" . }}-gateway-revproxy" + serviceAccountName: "{{ template "renku.fullname" . }}-gateway" securityContext: {{- toYaml .Values.podSecurityContext | nindent 8 }} initContainers: {{- include "certificates.initContainer" . | nindent 8 }} containers: - - name: revproxy - image: "{{ .Values.gateway.reverseProxy.image.repository }}:{{ .Values.gateway.reverseProxy.image.tag }}" - imagePullPolicy: {{ .Values.gateway.reverseProxy.image.pullPolicy }} + - name: gateway + image: "{{ .Values.gateway.image.repository }}:{{ .Values.gateway.image.tag }}" + imagePullPolicy: {{ .Values.gateway.image.pullPolicy }} securityContext: {{- toYaml .Values.securityContext | nindent 12 }} ports: @@ -43,76 +51,68 @@ spec: containerPort: 8080 protocol: TCP env: - - name: REVPROXY_RENKU_BASE_URL - value: {{ include "renku.baseUrl" . | quote }} - - name: REVPROXY_EXTERNAL_GITLAB_URL - {{- if .Values.gitlab.enabled }} - value: "" - {{- else }} - value: {{ .Values.global.gitlab.url | default "" | quote }} - {{- end }} - - name: REVPROXY_ALLOW_ORIGIN - value: {{ join "," .Values.gateway.allowOrigin | quote }} - - name: REVPROXY_NAMESPACE - value: {{ .Release.Namespace }} - - name: REVPROXY_RENKU_SERVICES_WEBHOOK - value: {{ printf "http://%s-webhook-service" .Release.Name | quote }} - - name: REVPROXY_RENKU_SERVICES_KG - value: {{ printf "http://%s-knowledge-graph" .Release.Name | quote }} - - name: REVPROXY_RENKU_SERVICES_NOTEBOOKS - value: {{ printf "http://%s-notebooks" .Release.Name | quote }} - - name: REVPROXY_RENKU_SERVICES_CORE_SERVICE_PATHS - value: {{ template "gateway.core.paths" . }} - - name: REVPROXY_RENKU_SERVICES_CORE_SERVICE_NAMES - value: {{ template "gateway.core.serviceNames" . }} - - name: REVPROXY_RENKU_SERVICES_AUTH - value: {{ printf "http://%s-gateway-auth" .Release.Name }} - - name: REVPROXY_RENKU_SERVICES_DATA_SERVICE - value: {{ printf "http://%s-data-service" .Release.Name | quote }} - - name: REVPROXY_RENKU_SERVICES_SEARCH - value: {{ printf "http://%s-search-api" .Release.Name | quote }} - - name: REVPROXY_RENKU_SERVICES_KEYCLOAK - value: {{ include "renku.keycloakUrl" . | quote }} - - name: REVPROXY_PORT - value: "8080" - - name: REVPROXY_METRICS_ENABLED - value: {{ .Values.gateway.reverseProxy.metrics.enabled | quote }} - - name: REVPROXY_METRICS_PORT - value: {{ .Values.gateway.reverseProxy.metrics.port | quote }} - - name: REVPROXY_RATE_LIMITS_ENABLED - value: {{ .Values.gateway.rateLimits.general.enabled | quote }} - - name: REVPROXY_RATE_LIMITS_AVERAGE - value: {{ .Values.gateway.rateLimits.general.average | quote }} - - name: REVPROXY_RATE_LIMITS_BURST - value: {{ .Values.gateway.rateLimits.general.burst | quote }} - - name: REVPROXY_SENTRY_ENABLED - value: {{ .Values.gateway.sentry.enabled | quote }} - - name: REVPROXY_SENTRY_DSN + - name: GATEWAY_REDIS_PASSWORD + valueFrom: + secretKeyRef: + name: {{ .Values.global.redis.existingSecret }} + key: {{ .Values.global.redis.existingSecretPasswordKey }} + - name: GATEWAY_LOGIN_PROVIDERS_RENKU_CLIENTSECRET + valueFrom: + secretKeyRef: + name: {{ cat (include "renku.fullname" .) "-gateway" | nospace }} + key: oidcClientSecret + - name: GATEWAY_LOGIN_PROVIDERS_GITLAB_CLIENTSECRET + valueFrom: + secretKeyRef: + name: {{ cat (include "renku.fullname" .) "-gateway" | nospace }} + key: gitlabClientSecret + - name: GATEWAY_LOGIN_TOKENENCRYPTION_SECRETKEY + valueFrom: + secretKeyRef: + name: {{ cat (include "renku.fullname" .) "-gateway" | nospace }} + key: tokenEncryption + - name: GATEWAY_LOGIN_PROVIDERS_RENKU_COOKIEENCODINGKEY + valueFrom: + secretKeyRef: + name: {{ cat (include "renku.fullname" .) "-gateway" | nospace }} + key: cookieEncodingKey + - name: GATEWAY_LOGIN_PROVIDERS_RENKU_COOKIEHASHKEY + valueFrom: + secretKeyRef: + name: {{ cat (include "renku.fullname" .) "-gateway" | nospace }} + key: cookieHashKey + - name: GATEWAY_LOGIN_PROVIDERS_GITLAB_COOKIEENCODINGKEY + valueFrom: + secretKeyRef: + name: {{ cat (include "renku.fullname" .) "-gateway" | nospace }} + key: cookieEncodingKey + - name: GATEWAY_LOGIN_PROVIDERS_GITLAB_COOKIEHASHKEY + valueFrom: + secretKeyRef: + name: {{ cat (include "renku.fullname" .) "-gateway" | nospace }} + key: cookieHashKey + - name: GATEWAY_MONITORING_SENTRY_DSN value: {{ .Values.gateway.sentry.dsn }} - - name: REVPROXY_SENTRY_ENVIRONMENT - value: {{ .Values.gateway.sentry.environment }} - - name: REVPROXY_SENTRY_SAMPLE_RATE - value: {{ .Values.gateway.sentry.sampleRate | quote }} - - name: REVPROXY_DEBUG - value: {{ .Values.gateway.debug | default "false" | quote }} volumeMounts: {{- include "certificates.volumeMounts.system" . | nindent 12 }} + - mountPath: "/etc/gateway" + name: public-config livenessProbe: httpGet: - path: /revproxy/health + path: /health port: http initialDelaySeconds: 10 periodSeconds: 10 failureThreshold: 6 readinessProbe: httpGet: - path: /revproxy/health + path: /health port: http initialDelaySeconds: 10 periodSeconds: 2 failureThreshold: 2 resources: - {{ toYaml .Values.gateway.reverseProxy.resources | nindent 12 }} + {{ toYaml .Values.gateway.resources | nindent 12 }} {{- with .Values.nodeSelector }} nodeSelector: {{ toYaml . | nindent 8 }} @@ -127,3 +127,7 @@ spec: {{- end }} volumes: {{- include "certificates.volumes" . | nindent 8 }} + - name: public-config + configMap: + name: {{ template "renku.fullname" . }}-gateway + diff --git a/helm-chart/renku/templates/gateway/deployment.yaml b/helm-chart/renku/templates/gateway/deployment.yaml deleted file mode 100644 index 608f33326f..0000000000 --- a/helm-chart/renku/templates/gateway/deployment.yaml +++ /dev/null @@ -1,149 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ template "renku.fullname" . }}-gateway-auth - labels: - app: {{ template "gateway.name" . }}-auth - chart: {{ template "renku.chart" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} -spec: - replicas: {{ .Values.replicaCount }} - selector: - matchLabels: - app: {{ template "gateway.name" . }}-auth - release: {{ .Release.Name }} - template: - metadata: - labels: - app: {{ template "gateway.name" . }}-auth - release: {{ .Release.Name }} - # The label below enables the gateway to connect to redis - {{ .Values.global.redis.clientLabel | toYaml | nindent 8 }} - spec: - securityContext: - {{- toYaml .Values.podSecurityContext | nindent 8 }} - automountServiceAccountToken: {{ .Values.global.debug }} - initContainers: - {{- include "certificates.initContainer" . | nindent 8 }} - containers: - - name: {{ .Chart.Name }} - image: "{{ .Values.gateway.image.auth.repository }}:{{ .Values.gateway.image.auth.tag }}" - imagePullPolicy: {{ .Values.gateway.image.auth.pullPolicy }} - securityContext: - {{- toYaml .Values.securityContext | nindent 12 }} - ports: - - name: http - containerPort: 5000 - protocol: TCP - env: - - name: HOST_NAME - value: {{ include "renku.baseUrl" . | quote }} - - name: CLI_CLIENT_ID - value: "renku-cli" - - name: CLI_CLIENT_SECRET - valueFrom: - secretKeyRef: - name: {{ cat (include "renku.fullname" .) "-gateway-revproxy" | nospace }} - key: cliClientSecret - - name: GITLAB_URL - value: {{ .Values.global.gitlab.url | quote }} - - name: GITLAB_CLIENT_SECRET - valueFrom: - secretKeyRef: - name: {{ cat (include "renku.fullname" .) "-gateway-revproxy" | nospace }} - key: gitlabClientSecret - - name: GITLAB_CLIENT_ID - value: {{ .Values.gateway.gitlabClientId | default .Values.global.gateway.gitlabClientId | quote }} - - name: KEYCLOAK_URL - value: {{ include "renku.keycloakUrl" . | quote }} - - name: KEYCLOAK_REALM - value: {{ include "renku.keycloak.realm" . | quote }} - - name: GATEWAY_SERVICE_PREFIX - value: "/api/" - - name: REDIS_HOST - value: {{ .Values.global.redis.host | quote }} - - name: REDIS_IS_SENTINEL - value: {{ .Values.global.redis.sentinel.enabled | quote }} - - name: REDIS_MASTER_SET - value: {{ .Values.global.redis.sentinel.masterSet | quote }} - - name: REDIS_DB - value: {{ .Values.global.redis.dbIndex.gateway | quote }} - - name: REDIS_PORT - value: {{ .Values.global.redis.port | quote }} - - name: REDIS_PASSWORD - valueFrom: - secretKeyRef: - name: {{ .Values.global.redis.existingSecret }} - key: {{ .Values.global.redis.existingSecretPasswordKey }} - - name: GATEWAY_SECRET_KEY - valueFrom: - secretKeyRef: - name: {{ cat (include "renku.fullname" .) "-gateway-revproxy" | nospace }} - key: gatewaySecret - - name: GATEWAY_ALLOW_ORIGIN - value: {{ .Values.gateway.allowOrigin | quote }} - - name: OIDC_CLIENT_ID - value: {{ "renku" | quote }} - - name: OIDC_CLIENT_SECRET - valueFrom: - secretKeyRef: - name: {{ cat (include "renku.fullname" .) "-gateway-revproxy" | nospace }} - key: oidcClientSecret - - name: OLD_GITLAB_LOGOUT - value: {{ .Values.gateway.oldGitLabLogout | quote }} - - name: LOGOUT_GITLAB_UPON_RENKU_LOGOUT - value: {{ .Values.gateway.logoutGitLabUponRenkuLogout | quote }} - - name: WEBHOOK_SERVICE_HOSTNAME - value: {{ printf "http://%s-graph-webhook-service" .Release.Name | quote }} - {{ if .Values.global.anonymousSessions.enabled }} - - name: ANONYMOUS_SESSIONS_ENABLED - value: "true" - {{ end }} - # Note that this is ok because we're enforcing HTTPS - # further up the processing chain. - - name: OAUTHLIB_INSECURE_TRANSPORT - value: "1" - - name: SENTRY_ENABLED - value: {{ .Values.gateway.sentry.enabled | quote }} - - name: SENTRY_DSN - value: {{ .Values.gateway.sentry.dsn }} - - name: SENTRY_ENVIRONMENT - value: {{ .Values.gateway.sentry.environment }} - - name: SENTRY_SAMPLE_RATE - value: {{ .Values.gateway.sentry.sampleRate | quote }} - - name: DEBUG - value: {{ .Values.global.debug | quote }} - {{- include "certificates.env.python" . | nindent 12 }} - volumeMounts: - {{- include "certificates.volumeMounts.system" . | nindent 12 }} - livenessProbe: - httpGet: - path: /health - port: http - initialDelaySeconds: 10 - periodSeconds: 10 - failureThreshold: 6 - readinessProbe: - httpGet: - path: /health - port: http - initialDelaySeconds: 10 - periodSeconds: 2 - failureThreshold: 2 - resources: - {{ toYaml .Values.gateway.resources | nindent 12 }} - {{- with .Values.nodeSelector }} - nodeSelector: - {{ toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.affinity }} - affinity: - {{ toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.tolerations }} - tolerations: - {{ toYaml . | nindent 8 }} - {{- end }} - volumes: - {{- include "certificates.volumes" . | nindent 8 }} diff --git a/helm-chart/renku/templates/gateway/hpa-revproxy.yaml b/helm-chart/renku/templates/gateway/hpa-revproxy.yaml index 6030b49b3a..e81938e101 100644 --- a/helm-chart/renku/templates/gateway/hpa-revproxy.yaml +++ b/helm-chart/renku/templates/gateway/hpa-revproxy.yaml @@ -1,4 +1,4 @@ -{{- if .Values.gateway.reverseProxy.autoscaling.enabled }} +{{- if .Values.gateway.autoscaling.enabled }} {{- if semverCompare ">=1.23.0-0" .Capabilities.KubeVersion.GitVersion -}} apiVersion: autoscaling/v2 {{- else -}} @@ -6,9 +6,9 @@ apiVersion: autoscaling/v2beta2 {{- end }} kind: HorizontalPodAutoscaler metadata: - name: {{ template "renku.fullname" . }}-gateway-revproxy + name: {{ template "renku.fullname" . }}-gateway labels: - app: {{ template "renku.name" . }}-gateway-revproxy + app: {{ template "renku.name" . }}-gateway chart: {{ template "renku.chart" . }} release: {{ .Release.Name }} heritage: {{ .Release.Service }} @@ -16,24 +16,24 @@ spec: scaleTargetRef: apiVersion: apps/v1 kind: Deployment - name: {{ template "renku.fullname" . }}-gateway-revproxy - minReplicas: {{ .Values.gateway.reverseProxy.autoscaling.minReplicas }} - maxReplicas: {{ .Values.gateway.reverseProxy.autoscaling.maxReplicas }} + name: {{ template "renku.fullname" . }}-gateway + minReplicas: {{ .Values.gateway.autoscaling.minReplicas }} + maxReplicas: {{ .Values.gateway.autoscaling.maxReplicas }} metrics: - {{- if .Values.gateway.reverseProxy.autoscaling.targetCPUUtilizationPercentage }} + {{- if .Values.gateway.autoscaling.targetCPUUtilizationPercentage }} - type: Resource resource: name: cpu target: type: Utilization - averageUtilization: {{ .Values.gateway.reverseProxy.autoscaling.targetCPUUtilizationPercentage }} + averageUtilization: {{ .Values.gateway.autoscaling.targetCPUUtilizationPercentage }} {{- end }} - {{- if .Values.gateway.reverseProxy.autoscaling.targetMemoryUtilizationPercentage }} + {{- if .Values.gateway.autoscaling.targetMemoryUtilizationPercentage }} - type: Resource resource: name: memory target: type: Utilization - averageUtilization: {{ .Values.gateway.reverseProxy.autoscaling.targetMemoryUtilizationPercentage }} + averageUtilization: {{ .Values.gateway.autoscaling.targetMemoryUtilizationPercentage }} {{- end }} {{- end }} diff --git a/helm-chart/renku/templates/gateway/pdb.yaml b/helm-chart/renku/templates/gateway/pdb.yaml index 5b69a5c7c2..9a8fa63f43 100644 --- a/helm-chart/renku/templates/gateway/pdb.yaml +++ b/helm-chart/renku/templates/gateway/pdb.yaml @@ -1,10 +1,10 @@ -{{- if or (gt (int .Values.gateway.reverseProxy.replicaCount) 1) (and .Values.gateway.reverseProxy.autoscaling.enabled (gt (int .Values.gateway.reverseProxy.autoscaling.minReplicas) 1)) }} +{{- if or (gt (int .Values.gateway.replicaCount) 1) (and .Values.gateway.autoscaling.enabled (gt (int .Values.gateway.autoscaling.minReplicas) 1)) }} apiVersion: policy/v1 kind: PodDisruptionBudget metadata: - name: {{ template "renku.fullname" . }}-gateway-revproxy + name: {{ template "renku.fullname" . }}-gateway labels: - app: {{ template "renku.name" . }}-gateway-revproxy + app: {{ template "renku.name" . }}-gateway chart: {{ template "renku.chart" . }} release: {{ .Release.Name }} heritage: {{ .Release.Service }} @@ -12,6 +12,7 @@ spec: maxUnavailable: 50% selector: matchLabels: - app: {{ template "renku.name" . }}-gateway-revproxy + app: {{ template "renku.name" . }}-gateway release: {{ .Release.Name }} {{- end }} + diff --git a/helm-chart/renku/templates/gateway/role.yaml b/helm-chart/renku/templates/gateway/role.yaml index 518bedbae5..70e85938b8 100644 --- a/helm-chart/renku/templates/gateway/role.yaml +++ b/helm-chart/renku/templates/gateway/role.yaml @@ -1,7 +1,7 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: - name: {{ template "renku.fullname" . }}-gateway-revproxy + name: {{ template "renku.fullname" . }}-gateway labels: app: {{ template "renku.name" . }} chart: {{ template "renku.chart" . }} diff --git a/helm-chart/renku/templates/gateway/rolebinding.yaml b/helm-chart/renku/templates/gateway/rolebinding.yaml index d1c63c2c7e..2a65474505 100644 --- a/helm-chart/renku/templates/gateway/rolebinding.yaml +++ b/helm-chart/renku/templates/gateway/rolebinding.yaml @@ -1,7 +1,7 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: - name: {{ template "renku.fullname" . }}-gateway-revproxy + name: {{ template "renku.fullname" . }}-gateway labels: app: {{ template "renku.name" . }} chart: {{ template "renku.chart" . }} @@ -10,8 +10,8 @@ metadata: roleRef: apiGroup: rbac.authorization.k8s.io kind: Role - name: {{ template "renku.fullname" . }}-gateway-revproxy + name: {{ template "renku.fullname" . }}-gateway subjects: - kind: ServiceAccount - name: {{ template "renku.fullname" . }}-gateway-revproxy + name: {{ template "renku.fullname" . }}-gateway namespace: {{ .Release.Namespace }} diff --git a/helm-chart/renku/templates/gateway/secret.yaml b/helm-chart/renku/templates/gateway/secret.yaml index 677da8562e..02feb32174 100644 --- a/helm-chart/renku/templates/gateway/secret.yaml +++ b/helm-chart/renku/templates/gateway/secret.yaml @@ -14,7 +14,7 @@ {{- $gitlabClientInKeycloakSecret := .Values.global.gitlab.clientSecret | default (randAlphaNum 64) | b64enc | quote }} {{- $renkuFullname := include "renku.fullname" . -}} -{{- $secretName := cat $renkuFullname "-gateway-revproxy" | nospace }} +{{- $secretName := cat $renkuFullname "-gateway" | nospace }} {{- if not (or .Values.gateway.oidcClientSecret .Values.global.gateway.clientSecret) -}} {{- $secret := (lookup "v1" "Secret" .Release.Namespace $secretName) }} @@ -67,6 +67,24 @@ {{- end -}} {{- end }} +{{- $tokenEncryptionSecretKey := randAlphaNum 32 | b64enc | quote }} +{{- $secret := (lookup "v1" "Secret" .Release.Namespace $secretName) }} +{{- if $secret }} +{{- $tokenEncryptionSecretKey = index $secret.data "tokenEncryption" }} +{{- end -}} + +{{- $csrfCookieEncodingKey := randAlphaNum 32 | b64enc | quote }} +{{- $secret := (lookup "v1" "Secret" .Release.Namespace $secretName) }} +{{- if $secret }} +{{- $csrfCookieEncodingKey = index $secret.data "cookieEncodingKey" }} +{{- end -}} + +{{- $csrfCookieHashKey := randAlphaNum 32 | b64enc | quote }} +{{- $secret := (lookup "v1" "Secret" .Release.Namespace $secretName) }} +{{- if $secret }} +{{- $csrfCookieHashKey = index $secret.data "cookieHashKey" }} +{{- end -}} + apiVersion: v1 kind: Secret metadata: @@ -98,3 +116,7 @@ data: # A secret for the Gitlab client in Keycloak if an internal Gitlab is used gitlabClientInKeycloakSecret: {{ $gitlabClientInKeycloakSecret }} {{- end }} + cookieEncodingKey: {{ $csrfCookieEncodingKey }} + cookieHashKey: {{ $csrfCookieHashKey }} + tokenEncryption: {{ $tokenEncryptionSecretKey }} + diff --git a/helm-chart/renku/templates/gateway/service.yaml b/helm-chart/renku/templates/gateway/service.yaml index 52cd631cd6..af32be3368 100644 --- a/helm-chart/renku/templates/gateway/service.yaml +++ b/helm-chart/renku/templates/gateway/service.yaml @@ -2,9 +2,9 @@ apiVersion: v1 kind: Service metadata: - name: {{ template "renku.fullname" . }}-gateway-auth + name: {{ template "renku.fullname" . }}-gateway labels: - app: {{ template "renku.name" . }}-gateway-auth + app: {{ template "renku.name" . }}-gateway chart: {{ template "renku.chart" . }} release: {{ .Release.Name }} heritage: {{ .Release.Service }} @@ -16,25 +16,6 @@ spec: protocol: TCP name: http selector: - app: {{ template "gateway.name" . }}-auth - release: {{ .Release.Name }} ---- -apiVersion: v1 -kind: Service -metadata: - name: renku-traefik - labels: - app: {{ template "renku.name" . }}-gateway-revproxy - chart: {{ template "renku.chart" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} -spec: - type: {{ .Values.gateway.service.type }} - ports: - - port: {{ .Values.gateway.service.port }} - targetPort: http - protocol: TCP - name: http - selector: - app: {{ template "gateway.name" . }}-revproxy + app: {{ template "gateway.name" . }} release: {{ .Release.Name }} + diff --git a/helm-chart/renku/templates/gateway/serviceaccount.yaml b/helm-chart/renku/templates/gateway/serviceaccount.yaml index 620874ce7b..8530d52ed1 100644 --- a/helm-chart/renku/templates/gateway/serviceaccount.yaml +++ b/helm-chart/renku/templates/gateway/serviceaccount.yaml @@ -1,7 +1,7 @@ apiVersion: v1 kind: ServiceAccount metadata: - name: {{ template "renku.fullname" . }}-gateway-revproxy + name: {{ template "renku.fullname" . }}-gateway labels: app: {{ template "renku.name" . }} chart: {{ template "renku.chart" . }} diff --git a/helm-chart/renku/templates/ingress.yaml b/helm-chart/renku/templates/ingress.yaml index f19b563b91..17cd9794ff 100644 --- a/helm-chart/renku/templates/ingress.yaml +++ b/helm-chart/renku/templates/ingress.yaml @@ -72,7 +72,7 @@ spec: port: number: {{ $gitlabServicePort }} {{ else }} - name: renku-traefik + name: {{ template "renku.fullname" $ }}-gateway port: number: 80 {{- end }} @@ -80,21 +80,21 @@ spec: pathType: Prefix backend: service: - name: renku-traefik + name: {{ template "renku.fullname" $ }}-gateway port: number: 80 - path: /api pathType: Prefix backend: service: - name: renku-traefik + name: {{ template "renku.fullname" $ }}-gateway port: number: 80 - path: /entities pathType: Prefix backend: service: - name: renku-traefik + name: {{ template "renku.fullname" $ }}-gateway port: number: 80 - path: / @@ -108,7 +108,7 @@ spec: pathType: Prefix backend: service: - name: {{ $uiserverFullname }} + name: {{ template "renku.fullname" $ }}-gateway port: number: {{ $uiserverServicePort }} {{- if $graphEnabled }} @@ -123,7 +123,7 @@ spec: pathType: Prefix backend: service: - name: {{ $knowledgeGraphFullname }} + name: {{ template "renku.fullname" $ }}-gateway port: number: 80 {{- end }} diff --git a/helm-chart/renku/templates/setup-job-gitlab.yaml b/helm-chart/renku/templates/setup-job-gitlab.yaml index 933a837099..9d8cb79b76 100644 --- a/helm-chart/renku/templates/setup-job-gitlab.yaml +++ b/helm-chart/renku/templates/setup-job-gitlab.yaml @@ -58,7 +58,7 @@ spec: - name: GITLAB_OAUTH_CLIENT_SECRET valueFrom: secretKeyRef: - name: {{ cat (include "renku.fullname" .) "-gateway-revproxy" | nospace }} + name: {{ cat (include "renku.fullname" .) "-gateway" | nospace }} key: gitlabClientSecret - name: GITLAB_OAUTH_CLIENT_ID value: {{ .Values.gateway.gitlabClientId | default .Values.global.gateway.gitlabClientId | quote }} diff --git a/helm-chart/renku/templates/setup-job-keycloak-realms.yaml b/helm-chart/renku/templates/setup-job-keycloak-realms.yaml index 92e3176965..8c91721c55 100644 --- a/helm-chart/renku/templates/setup-job-keycloak-realms.yaml +++ b/helm-chart/renku/templates/setup-job-keycloak-realms.yaml @@ -72,7 +72,7 @@ spec: - name: INTERNAL_GITLAB_OIDC_CLIENT_SECRET valueFrom: secretKeyRef: - name: {{ cat (include "renku.fullname" .) "-gateway-revproxy" | nospace }} + name: {{ cat (include "renku.fullname" .) "-gateway" | nospace }} key: gitlabClientInKeycloakSecret - name: INTERNAL_GITLAB_OIDC_CLIENT_ID value: "gitlab" @@ -82,7 +82,7 @@ spec: - name: RENKU_KC_CLIENT_SECRET valueFrom: secretKeyRef: - name: {{ cat (include "renku.fullname" .) "-gateway-revproxy" | nospace }} + name: {{ cat (include "renku.fullname" .) "-gateway" | nospace }} key: oidcClientSecret - name: RENKU_KC_CLIENT_PUBLIC value: "false" @@ -93,7 +93,7 @@ spec: - name: CLI_KC_CLIENT_SECRET valueFrom: secretKeyRef: - name: {{ cat (include "renku.fullname" .) "-gateway-revproxy" | nospace }} + name: {{ cat (include "renku.fullname" .) "-gateway" | nospace }} key: cliClientSecret - name: CLI_KC_CLIENT_PUBLIC value: "true" @@ -106,7 +106,7 @@ spec: - name: UI_KC_CLIENT_SECRET valueFrom: secretKeyRef: - name: {{ cat (include "renku.fullname" .) "-gateway-revproxy" | nospace }} + name: {{ cat (include "renku.fullname" .) "-gateway" | nospace }} key: uiserverClientSecret - name: UI_KC_CLIENT_PUBLIC value: "false" @@ -117,7 +117,7 @@ spec: - name: NOTEBOOKS_KC_CLIENT_SECRET valueFrom: secretKeyRef: - name: {{ cat (include "renku.fullname" .) "-gateway-revproxy" | nospace }} + name: {{ cat (include "renku.fullname" .) "-gateway" | nospace }} key: notebooksClientSecret - name: NOTEBOOKS_KC_CLIENT_PUBLIC value: "false" diff --git a/helm-chart/renku/values.yaml b/helm-chart/renku/values.yaml index c2a80e6b2d..1e210db427 100644 --- a/helm-chart/renku/values.yaml +++ b/helm-chart/renku/values.yaml @@ -103,6 +103,7 @@ global: groupMemberAdded: "groupMember.added" groupMemberUpdated: "groupMember.updated" groupMemberRemoved: "groupMember.removed" + dataServiceAllEvents: "data_service.all_events" ## Note that the graph will not turned on by default until renku 0.4.0 graph: dbEventLog: @@ -672,7 +673,7 @@ ui: replicaCount: 1 image: repository: renku/renku-ui - tag: "3.33.0" + tag: "3.35.0" pullPolicy: IfNotPresent ## Optionally specify an array of imagePullSecrets. ## Secrets must be manually created in the namespace. @@ -861,7 +862,7 @@ ui: keepCookies: [] image: repository: renku/renku-ui-server - tag: "3.33.0" + tag: "3.35.0" pullPolicy: IfNotPresent imagePullSecrets: [] nameOverride: "" @@ -1001,7 +1002,7 @@ notebooks: targetCPUUtilizationPercentage: 50 image: repository: renku/renku-notebooks - tag: "1.25.3" + tag: "1.26.0" pullPolicy: IfNotPresent ## Optionally specify an array of imagePullSecrets. ## Secrets must be manually created in the namespace. @@ -1270,7 +1271,6 @@ gateway: allowOrigin: # - http://example.com # - https://foo.example.com - replicaCount: 1 ## Set to true to enable the developement mode. This has negative security ## implications and should never be done in a production setting. development: false @@ -1289,11 +1289,9 @@ gateway: ## Use `openssl rand -hex 32`. secretKey: image: - ## Define the image for the auth middleware - auth: - repository: renku/renku-gateway - tag: "0.24.0" - pullPolicy: IfNotPresent + repository: renku/renku-gateway + tag: "1.0.2" + pullPolicy: IfNotPresent service: type: ClusterIP port: 80 @@ -1325,24 +1323,18 @@ gateway: dsn: environment: sampleRate: 0.1 - reverseProxy: - image: - repository: renku/renku-revproxy - tag: "0.24.0" - pullPolicy: IfNotPresent - metrics: - enabled: true - port: 8765 - replicaCount: 2 - podAnnotations: {} - resources: {} - autoscaling: - enabled: false - minReplicas: 2 - maxReplicas: 5 - targetMemoryUtilizationPercentage: 75 - targetCPUUtilizationPercentage: 75 - updateStrategy: {} + metrics: + enabled: true + port: 8765 + replicaCount: 2 + podAnnotations: {} + autoscaling: + enabled: false + minReplicas: 2 + maxReplicas: 5 + targetMemoryUtilizationPercentage: 75 + targetCPUUtilizationPercentage: 75 + updateStrategy: {} jena: image: repository: renku/renku-jena @@ -1391,7 +1383,7 @@ search: replicas: 1 image: repository: renku/search-api - tag: "0.4.0" + tag: "0.5.0" pullPolicy: IfNotPresent service: type: ClusterIP @@ -1404,7 +1396,7 @@ search: replicas: 1 image: repository: renku/search-provision - tag: "0.4.0" + tag: "0.5.0" pullPolicy: IfNotPresent service: type: ClusterIP @@ -1603,14 +1595,14 @@ platformInit: dataService: image: repository: renku/renku-data-service - tag: "0.19.1" + tag: "0.20.0" pullPolicy: IfNotPresent backgroundJobs: events: resources: {} image: repository: renku/data-service-background-jobs - tag: "0.19.1" + tag: "0.20.0" pullPolicy: IfNotPresent total: resources: {} @@ -1663,7 +1655,7 @@ authz: secretsStorage: image: repository: renku/secrets-storage - tag: "0.19.1" + tag: "0.20.0" pullPolicy: IfNotPresent service: type: ClusterIP diff --git a/helm-chart/values.yaml.changelog.md b/helm-chart/values.yaml.changelog.md index df3e0a8546..bb7064242f 100644 --- a/helm-chart/values.yaml.changelog.md +++ b/helm-chart/values.yaml.changelog.md @@ -5,6 +5,55 @@ For changes that require manual steps other than changing values, please check o Please follow this convention when adding a new row * ` - **:
` +## Upgrading to Renku 0.57.0 + +* DELETE ``gateway.image.auth`` has been removed. +* EDIT ``gateway.reverseProxy`` settings have been moved to ``gateway``: + +Old + ``` + gateway: + reverseProxy: + image: + repository: renku/renku-revproxy + tag: "0.24.0" + pullPolicy: IfNotPresent + metrics: + enabled: true + port: 8765 + replicaCount: 2 + podAnnotations: {} + resources: {} + autoscaling: + enabled: false + minReplicas: 2 + maxReplicas: 5 + targetMemoryUtilizationPercentage: 75 + targetCPUUtilizationPercentage: 75 + updateStrategy: {} + ``` +New + ``` + gateway: + image: + repository: renku/renku-gateway + tag: "1.0.0" + pullPolicy: IfNotPresent + metrics: + enabled: true + port: 8765 + replicaCount: 2 + podAnnotations: {} + resources: {} + autoscaling: + enabled: false + minReplicas: 2 + maxReplicas: 5 + targetMemoryUtilizationPercentage: 75 + targetCPUUtilizationPercentage: 75 + updateStrategy: {} + ``` + ## Upgrading to Renku 0.54.0 * NEW ``global.platformConfig``: The YAML string can now contain a new key, `secretServicePreviousPrivateKey` which allows for rotating the secret-storage private key. From 5a7f1b1f6509b3f20146f7c3e9dfde8203add9ae Mon Sep 17 00:00:00 2001 From: RenkuBot <53332360+RenkuBot@users.noreply.github.com> Date: Fri, 20 Sep 2024 08:39:21 +0200 Subject: [PATCH 11/14] release 0.57.1 (#3771) * chore: create release 0.57.1 * fix: bump ui to 3.35.1 (#3772) Fixes the crash loop of `ui-server`. Also, update test to match new defaults for data sources. --------- Co-authored-by: Chandrasekhar Ramakrishnan * fix: bump renku-gateway to 1.0.3 (#3773) * fix: bump renku-notebooks to 1.26.1 (#3777) * fix: renku-jupyterserver logged out in session tests (#3774) --------- Co-authored-by: Flora Thiebaut Co-authored-by: Chandrasekhar Ramakrishnan Co-authored-by: Alessandro Degano <40891147+aledegano@users.noreply.github.com> --- CHANGELOG.rst | 30 ++++++++++++++++++++++ cypress-tests/cypress/e2e/useSession.cy.ts | 8 +++--- helm-chart/renku/values.yaml | 8 +++--- 3 files changed, 38 insertions(+), 8 deletions(-) diff --git a/CHANGELOG.rst b/CHANGELOG.rst index a730d2ad3b..66283099a2 100644 --- a/CHANGELOG.rst +++ b/CHANGELOG.rst @@ -1,5 +1,35 @@ .. _changelog: +0.57.1 +------ + +Renku ``0.57.1`` fixes a bug in renku-ui-server where the service would be stuck in a crash loop when Sentry is enabled. +It also fixes two bugs in Notebooks related to the access token and shared memory in the user-sessions. + +User-Facing Changes +~~~~~~~~~~~~~~~~~~~ + +**๐Ÿž Bug Fixes** + +- **UI**: Access mode defaults to read-only when adding a new data source in Renku 2.0 (`#3275 `__). +- **Notebooks**: Don't fail clone process if access token doesn't exist (`#1971 `__). +- **Notebooks**: Fix shared memory attached to the JupyterServer container to be half of the total requested memory (`#1984 `__). + +Internal Changes +~~~~~~~~~~~~~~~~ + +**Bug Fixes** + +- **UI**: Fix the UI server being stuck in a crash loop at startup when Sentry is enabled (`#3318 `__). +- **Gateway**: Fix getting HTTP error 500 when logging in (`#723 `__). + +Individual Components +~~~~~~~~~~~~~~~~~~~~~ + +- `renku-ui 3.35.1 `_ +- `renku-gateway 1.0.3 `_ +- `renku-notebooks 1.26.1 `_ + 0.57.0 ------ diff --git a/cypress-tests/cypress/e2e/useSession.cy.ts b/cypress-tests/cypress/e2e/useSession.cy.ts index 11119f6529..22b22d712c 100644 --- a/cypress-tests/cypress/e2e/useSession.cy.ts +++ b/cypress-tests/cypress/e2e/useSession.cy.ts @@ -166,9 +166,11 @@ describe("Basic public project functionality", () => { }); it("Start a new session as anonymous user.", () => { + // Do not re-use the logged-in session + cy.session("anonymous", () => {}); + // Log out and go to the project again cy.visit("/"); - cy.logout(); cy.visitAndLoadProject(projectIdentifier); // Check we show the appropriate message @@ -187,8 +189,6 @@ describe("Basic public project functionality", () => { // Stop the session -- mind that anonymous users cannot pause sessions cy.deleteSession({ fromSessionPage: true }); - - cy.robustLogin(); }); it("Start a new session on a project without permissions.", () => { @@ -277,7 +277,7 @@ describe("Basic public project functionality", () => { cy.get("#mountPoint") .should("have.value", "external_storage/data_s3") .type("{selectAll}data_s3"); - cy.get("#readOnly").should("not.be.checked").check(); + cy.get("#readOnly").should("be.checked").check(); cy.getDataCy("cloud-storage-edit-update-button") .should("be.visible") diff --git a/helm-chart/renku/values.yaml b/helm-chart/renku/values.yaml index 1e210db427..b500a21118 100644 --- a/helm-chart/renku/values.yaml +++ b/helm-chart/renku/values.yaml @@ -673,7 +673,7 @@ ui: replicaCount: 1 image: repository: renku/renku-ui - tag: "3.35.0" + tag: "3.35.1" pullPolicy: IfNotPresent ## Optionally specify an array of imagePullSecrets. ## Secrets must be manually created in the namespace. @@ -862,7 +862,7 @@ ui: keepCookies: [] image: repository: renku/renku-ui-server - tag: "3.35.0" + tag: "3.35.1" pullPolicy: IfNotPresent imagePullSecrets: [] nameOverride: "" @@ -1002,7 +1002,7 @@ notebooks: targetCPUUtilizationPercentage: 50 image: repository: renku/renku-notebooks - tag: "1.26.0" + tag: "1.26.1" pullPolicy: IfNotPresent ## Optionally specify an array of imagePullSecrets. ## Secrets must be manually created in the namespace. @@ -1290,7 +1290,7 @@ gateway: secretKey: image: repository: renku/renku-gateway - tag: "1.0.2" + tag: "1.0.3" pullPolicy: IfNotPresent service: type: ClusterIP From 7a7cbff2299c6c9a6949a8b6d112737757496007 Mon Sep 17 00:00:00 2001 From: Flora Thiebaut Date: Fri, 20 Sep 2024 10:50:52 +0200 Subject: [PATCH 12/14] fix: update admin documentation on GitLab (#3779) Following the release of the new API Gateway, the redirect URLs configuration for external GitLab instances needs to be updated. --- docs/how-to-guides/admin/gitlab.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/how-to-guides/admin/gitlab.rst b/docs/how-to-guides/admin/gitlab.rst index 541c2f3705..be3ef7cab1 100644 --- a/docs/how-to-guides/admin/gitlab.rst +++ b/docs/how-to-guides/admin/gitlab.rst @@ -50,7 +50,7 @@ Callback URLs: .. code-block:: console - https:///login/redirect/gitlab + https:///api/auth/callback https:///api/auth/gitlab/token Scopes: From 67b64b9f96b0d47b414efb0fc46a826356f79835 Mon Sep 17 00:00:00 2001 From: RenkuBot <53332360+RenkuBot@users.noreply.github.com> Date: Wed, 2 Oct 2024 19:06:46 +0200 Subject: [PATCH 13/14] release 0.57.2 (#3782) --- CHANGELOG.rst | 29 +++++++++++++++++++ helm-chart/renku/requirements.yaml | 2 +- .../renku/templates/authz/deployment.yaml | 4 +++ helm-chart/renku/values.yaml | 2 +- 4 files changed, 35 insertions(+), 2 deletions(-) diff --git a/CHANGELOG.rst b/CHANGELOG.rst index 66283099a2..5ba08e4260 100644 --- a/CHANGELOG.rst +++ b/CHANGELOG.rst @@ -1,5 +1,34 @@ .. _changelog: +0.57.2 +------ + +Renku ``0.57.2`` fixes several bugs in gateway and the `csi-rclone` driver. + +User-facing Changes +~~~~~~~~~~~~~~~~~~~ + +**Bug Fixes** + +- **UI**: show the correct repository access status +- **Sessions**: allow paused sessions with cloud storage secrets to resume normally + +Internal Changes +~~~~~~~~~~~~~~~~ + +**Bug Fixes** + +- **Gateway**: Fix path rewrite middleware when the path contains escaped characters (`#726 `__). +- **csi-rclone**: Correctly use OAuth2 tokens for cloud storage to enable mounting. +- **csi-rclone**: Remounting volumes created with older versions did not work. + +Individual Components +~~~~~~~~~~~~~~~~~~~~~ + +- `renku-gateway 1.0.4 `_ +- `csi-rclone 0.3.2 `__ +- `csi-rclone 0.3.3 `__ + 0.57.1 ------ diff --git a/helm-chart/renku/requirements.yaml b/helm-chart/renku/requirements.yaml index d120749bf9..7a214673d5 100644 --- a/helm-chart/renku/requirements.yaml +++ b/helm-chart/renku/requirements.yaml @@ -30,7 +30,7 @@ dependencies: condition: notebooks.cloudstorage.s3.installDatashim - name: csi-rclone repository: "https://swissdatasciencecenter.github.io/helm-charts/" - version: "0.3.1" + version: "0.3.3" condition: global.csi-rclone.install - name: solr repository: "oci://registry-1.docker.io/bitnamicharts" diff --git a/helm-chart/renku/templates/authz/deployment.yaml b/helm-chart/renku/templates/authz/deployment.yaml index 5e87f7434e..306f3ac814 100644 --- a/helm-chart/renku/templates/authz/deployment.yaml +++ b/helm-chart/renku/templates/authz/deployment.yaml @@ -108,6 +108,8 @@ spec: - -addr=127.0.0.1:50051 - -tls - -tls-server-name={{ template "renku.fullname" . }}-authz + timeoutSeconds: 3 + periodSeconds: 10 readinessProbe: exec: command: @@ -116,6 +118,8 @@ spec: - -addr=127.0.0.1:50051 - -tls - -tls-server-name={{ template "renku.fullname" . }}-authz + timeoutSeconds: 3 + periodSeconds: 10 resources: {{- toYaml .Values.authz.resources | nindent 12 }} {{- with .Values.nodeSelector }} diff --git a/helm-chart/renku/values.yaml b/helm-chart/renku/values.yaml index b500a21118..d0cde27f64 100644 --- a/helm-chart/renku/values.yaml +++ b/helm-chart/renku/values.yaml @@ -1290,7 +1290,7 @@ gateway: secretKey: image: repository: renku/renku-gateway - tag: "1.0.3" + tag: "1.0.4" pullPolicy: IfNotPresent service: type: ClusterIP From aefdb144d2d01a4431946d75f16f0adedc6e7e1f Mon Sep 17 00:00:00 2001 From: Renku Bot Date: Wed, 9 Oct 2024 14:18:32 +0000 Subject: [PATCH 14/14] chore: create release 0.60.0 --- CHANGELOG.rst | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/CHANGELOG.rst b/CHANGELOG.rst index 5ba08e4260..8441811a8f 100644 --- a/CHANGELOG.rst +++ b/CHANGELOG.rst @@ -1,5 +1,10 @@ .. _changelog: +0.60.0 +------ + + + 0.57.2 ------