Merge pull request #459 from galaxyproject/anvil240

Sync anvil branch with master, plus update to 24.0

.github/workflows/packaging.yml

@@ -47,3 +47,18 @@ jobs:
           charts-token: ${{ secrets.CHARTS_TOKEN }}
           github-labels: ${{ github.event.inputs.version-bump }}
           git-branch: ${{ github.event.inputs.branch-name }}
+  tag-and-release:
+    needs: [ package-from-pr, package-from-manual ]
+    name: Create a tag and GitHub release for this version.
+    runs-on: ubuntu-latest
+    if: |
+      always() 
+      && contains(needs.*.result, 'success')
+      && !contains(needs.*.result, 'failure')
+    steps:
+      - name: Tag and release
+        run: |
+          version=v$(cat galaxy/Chart.yaml | grep ^version: | awk '{print $2}')
+          git tag -a $version -m "Automatic release of $version"
+          git push origin $version
+          gh release create $version --generate-notes --latest

.github/workflows/test.yaml

@@ -5,6 +5,7 @@ on:
       - master
       - anvil
   pull_request: {}
+  workflow_dispatch: {}
 jobs:
   linting:
     runs-on: ubuntu-latest
@@ -33,7 +34,7 @@ jobs:
       - name: Start k8s locally
         uses: jupyterhub/action-k3s-helm@v3
         with:
-          k3s-version: v1.26.1+k3s1  # releases:  https://github.com/k3s-io/k3s/tags
+          k3s-version: v1.25.15+k3s2  # releases:  https://github.com/k3s-io/k3s/tags
           metrics-enabled: false
           traefik-enabled: false
       - name: Verify function of k8s, kubectl, and helm

README.md

@@ -34,18 +34,40 @@ helm upgrade --install ingress-nginx ingress-nginx \
 This chart relies on the features of other charts for common functionality:
 - [postgres-operator](https://github.com/zalando/postgres-operator) for the
   database;
-- [CSI-S3 chart](https://github.com/ctrox/csi-s3/pull/75/) for linking the
-  reference data to Galaxy and jobs based on S3FS.
+- [galaxy-cvmfs-csi](https://github.com/CloudVE/galaxy-cvmfs-csi-helm) for linking the
+  reference data to Galaxy and jobs based on CVMFS (default).
+- [csi-s3](https://github.com/ctrox/csi-s3/pull/75/) for linking
+  reference data to Galaxy and jobs based on S3FS (optional/alternative to CVMFS).
+- [rabbitmq-cluster-operator](https://github.com/rabbitmq/cluster-operator) for deploying
+  the message queue.
 
 In a production setting, especially if the intention is to run multiple Galaxies
 in a single cluster, we recommend installing the dependency charts separately
 once per cluster, and installing Galaxy with `--set postgresql.deploy=false
---set s3csi.deploy=false`.
+--set s3csi.deploy=false --set cvmfs.deploy=false --set rabbitmq.deploy=false`.
 
 ---
 
 ## Installing the chart
 
+### Using the chart from the packaged chart repo
+
+1. The chart is automatically packaged, versioned and uploaded to a helm repository
+on each accepted PR. Therefore, the latest version of the chart can be downloaded
+from this repository.
+
+```console
+helm repo add cloudve https://raw.githubusercontent.com/CloudVE/helm-charts/master/
+helm repo update
+```
+
+2. Install the chart with the release name `my-galaxy`. It is not advisable to
+   install Galaxy in the `default` namespace.
+
+```console
+helm install my-galaxy-release cloudve/galaxy
+```
+
 ### Using the chart from GitHub repo
 
 1. Clone this repository and add required dependency charts:
@@ -68,32 +90,50 @@ In several minute, Galaxy will be available at `/galaxy/` URL of your Kubernetes
 cluster. If you are running the development Kubernetes, Galaxy will be available
 at `http://localhost/galaxy/` (note the trailing slash).
 
-### Using the chart from the packaged chart repo
+## Uninstalling the chart
 
-1. Instead of using the source code repo, you can install the packaged version
-of the chart and hence not need to clone this GitHub repo. The packaged version
-may contain a bit older but possibly more stable code than what is the GitHub
-repo at any a given point in time.
+To uninstall/delete the `my-galaxy` deployment, run:
 
 ```console
-helm repo add cloudve https://raw.githubusercontent.com/CloudVE/helm-charts/master/
-helm repo update
+helm delete my-galaxy
 ```
 
-2. Install the chart with the release name `my-galaxy`. It is not advisable to
-   install Galaxy in the `default` namespace.
+if you see that some RabbitMQ and Postgres elements remain after some 10 minutes or more, you should be able to issue:
 
-```console
-helm install my-galaxy-release cloudve/galaxy
+```
+kubectl delete RabbitmqCluster/my-galaxy-rabbitmq-server
+kubectl delete statefulset/galaxy-my-galaxy-postgres
 ```
 
-## Uninstalling the chart
+it might be needed to remove the finalizer from the RabbitmqCluster if the above doesn't seem to get rid of RabbitmqCluster, through a
 
-To uninstall/delete the `my-galaxy` deployment, run:
+```
+kubectl edit RabbitmqCluster/my-galaxy-rabbitmq-server
+```
+
+remove the finalizer in:
 
-```console
-helm delete my-galaxy
 ```
+apiVersion: rabbitmq.com/v1beta1
+kind: RabbitmqCluster
+metadata:
+  annotations:
+    meta.helm.sh/release-name: my-galaxy
+    meta.helm.sh/release-namespace: default
+  creationTimestamp: "2022-12-19T16:54:33Z"
+  deletionGracePeriodSeconds: 0
+  deletionTimestamp: "2022-12-19T17:41:40Z"
+  finalizers:
+  - deletion.finalizers.rabbitmqclusters.rabbitmq.com
+```
+
+and remove the postgres secret:
+
+```
+kubectl delete secrets/standby.galaxy-my-galaxy-postgres.credentials.postgresql.acid.zalan.do
+```
+
+Consider as well that if you set persistence to be enabled, Postgres and Galaxy will leave their PVCs behind, which you might want to delete or not depending on your use case.
 
 ## Configuration
 

VALUES.md

@@ -0,0 +1,50 @@
+| Key | Description |
+|-----|-------------|
+| nameOverride | Partial override of the `galaxy.fullname`.  The `.Release.Name` will be prepended to generate the fullname. |
+| fullnameOverride | Fully override the `galaxy.fullname` |
+| image.repository | Repository containing the Galaxy image. |
+| image.tag | Galaxy Docker image tag (generally corresponds to the desired Galaxy version) |
+| image.pullPolicy | Galaxy image [pull policy](https://kubernetes.io/docs/concepts/configuration/overview/#container-images) |
+| imagePullSecrets | Secrets used to [access a Galaxy image from a private repository](https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/) |
+| trainingHook.enabled | Enable the GTN webhook to link references to tools in tutorials to the corresponding tool panel in Galaxy. |
+| trainingHook.url | The training material server used to service the training-material webhook. |
+| service.type | The Galaxy service type |
+| service.port | The port Galaxy is listening to |
+| service.nodePort | The external port exposed on each node |
+| metrics.enabled | Enable the metrics server. Defaults to `false` |
+| serviceAccount.create | Specifies whether a service account should be created |
+| serviceAccount.annotations | Annotations to add to the service account |
+| serviceAccount.name | The name of the service account to use. If not set and create is true, a name is generated using the fullname template |
+| rbac.enabled | Does the cluster use role based access control. |
+| securityContext.fsGroup | Security context and file system group used by jobs. |
+| persistence | Configure the PVC used by Galaxy for local storage. |
+| persistence.enabled | Persistence is enabled by default |
+| persistence.name | Name of the PVC to create |
+| persistence.storageClass | StorageClass for the PVC. Must support `ReadWriteMany`. |
+| persistence.existingClaim | The name of an existing PVC to use for persistence. |
+| setupJob | tasks to perform once after installation |
+| setupJob.createDatabase | create the database |
+| setupJob.securityContext.runAsUser | the setup jobs will run as this user |
+| setupJob.securityContext.runAsGroup | the `runAsUser` will belong to this group. |
+| setupJob.securityContext.fsGroup | the filesystem group |
+| setupJob.downloadToolConfs.archives.startup | A tar.gz publicly accessible archive containing AT LEAST conf files and XML tool wrappers. Meant to be enough for Galaxy handlers to startup |
+| setupJob.downloadToolConfs.archives.running | A tar.gz publicly accessible archive containing AT LEAST confs, tool wrappers, and scripts excluding test data. Meant to be enough for Galaxy handlers to run jobs. |
+| setupJob.downloadToolConfs.archives.full | A tar.gz publicly accessible archive containing the full `tools` directory, including each tool's test data. Meant to be enough to run automated tool-tests, fully mimicking CVMFS setup |
+| extraInitContainers | Allow users to specify extra init containers |
+| ingress.enabled | Should ingress be enabled. Defaults to `true` |
+| ingress.ingressClassName |  |
+| resources.requests | We recommend updating these based on the usage levels of the server. |
+| postgresql.deploy | Whether to deploy the postgresl operator. In general, we recommend installing the operator globally in production. |
+| postgresql.existingDatabase | hostname and port of an existing database to use. |
+| refdata | Configuration block for reference data |
+| refdata.enabled | Whether or not to mount cloud-hosted Galaxy reference data and tools. |
+| refdata.type | `s3fs` or `cvmfs`, determines the CSI to use for mounting reference data. `cvmfs` is the default and recommended for the time being. |
+| cvmfs | Configuration block if `cvmfs` is used as `refdata.type` |
+| cvmfs.deploy | Deploy the Galaxy-CVMFS-CSI Helm Chart. This is an optional dependency, and for production scenarios it should be deployed separately as a cluster-wide resource |
+| s3csi | Configuration block if `s3csi` is used as the `refdata.type` |
+| s3csi.deploy | Deploy the CSI-S3 Helm Chart. This is an optional dependency, and for production scenarios it should be deployed separately as a cluster-wide resource. |
+| useSecretConfigs | When this flag is set to true, all configs will be set in secrets, when it is set to false, all configs will be set in configmaps |
+| configs | All config files will be relative to `/galaxy/server/config/` directory |
+| configs.galaxy\.yml | Galaxy configuration. See the [Galaxy documentation](https://docs.galaxyproject.org/en/master/admin/config.html) for more information. |
+| jobs | Additional dynamic rules to map into the container. |
+| jobs.priorityClass.enabled | Assign a [priorityClass](https://kubernetes.io/docs/concepts/scheduling-eviction/pod-priority-preemption/#priorityclass) to the dispatched jobs. |

galaxy/Chart.yaml

@@ -1,8 +1,8 @@
 apiVersion: v2
 name: galaxy
 type: application
-version: 5.7.6-anvil.1
-appVersion: "23.1"
+version: 5.9.0-anvil.0
+appVersion: "24.0"
 description: Chart for Galaxy, an open, web-based platform for accessible, reproducible, and transparent computational biomedical research.
 icon: https://galaxyproject.org/images/galaxy-logos/galaxy_project_logo_square.png
 dependencies:

galaxy/templates/_helpers.tpl

@@ -157,7 +157,7 @@ cp -anL /galaxy/server/config/sanitize_allowlist.txt /galaxy/server/config/mutab
 cp -anL /galaxy/server/config/data_manager_conf.xml.sample /galaxy/server/config/mutable/shed_data_manager_conf.xml;
 cp -anL /galaxy/server/config/tool_data_table_conf.xml.sample /galaxy/server/config/mutable/shed_tool_data_table_conf.xml;
 cp -aruL /galaxy/server/tool-data {{.Values.persistence.mountPath}}/;
-cp -aruL /galaxy/server/tools {{.Values.persistence.mountPath}}/tools | true;
+cp -aruL /galaxy/server/tools {{.Values.persistence.mountPath}}/;
 echo "Done" > /galaxy/server/config/mutable/init_mounts_done_{{.Release.Revision}};
 {{- end -}}
 

galaxy/templates/configmap-nginx.yaml

@@ -78,7 +78,11 @@ data:
                 add_header X-Frame-Options SAMEORIGIN;
                 add_header X-Content-Type-Options nosniff;
             }
-
+{{- if .Values.trainingHook.enabled }}
+            location /training-material/ {
+                proxy_pass {{ .Values.trainingHook.url }};
+            }
+{{- end }}
 
         # end server
         }

galaxy/templates/configs-galaxy.yaml

@@ -13,10 +13,11 @@ data:
 {{- end }}
   {{- range $key, $entry := .Values.configs -}}
   {{- if $entry -}}
-  {{- $key | nindent 2 }}: |
-  {{- $original := (toYaml $entry) -}}
-  {{- $nomultiline := (regexReplaceAll "^^\\s*\\|\\n*" $original "") -}}
-  {{- $nowhitespace := (regexReplaceAll "{{\\s*([^}\\s]+)\\s*}}" $nomultiline "{{$1}}") -}}
+  {{- $key | nindent 2 -}}: |
+  {{- /* Don't call toYaml on string objects, only on maps or other complex objects. */}}
+  {{- $isStringObject := (kindIs "string" $entry) -}}
+  {{- $original := (ternary $entry (toYaml $entry) $isStringObject) -}}
+  {{- $nowhitespace := (regexReplaceAll "{{\\s*([^}\\s]+)\\s*}}" $original "{{$1}}") -}}
   {{- tpl (tpl $nowhitespace $) $ | nindent 4 -}}
   {{- end -}}
   {{- end -}}

galaxy/templates/hook-cvmfs-fix.yaml

@@ -1,3 +1,5 @@
+{{- if and .Values.refdata.enabled (eq .Values.refdata.type "cvmfs") }}
+  # Include the code you want to run when both conditions are met
 apiVersion: batch/v1
 kind: Job
 metadata:
@@ -33,3 +35,5 @@ spec:
       - name: kubectl-script
         configMap:
           name: "{{ .Release.Name }}-configmap-cvmfs-fix"
+{{- end }}
+

galaxy/templates/priorityclass-job.yaml

@@ -5,8 +5,8 @@ metadata:
   name: {{ include "galaxy.pod-priority-class" . }}
   labels:
     {{- include "galaxy.labels" . | nindent 4 }}
-value: -1000
+value: {{ default "-1000" .Values.jobs.priorityClass.value }} 
 preemptionPolicy: Never
 globalDefault: false
-description: "Galaxy jobs will run when cluster resources are available and will not preempt existing workloads."
+description: "By default, Galaxy jobs will not preempt existing workloads but will run when cluster resources are available. Depending on the cluster setup, the preemption value can be modified to prompt scaling of the cluster for the computation."
 {{ end }}