diff --git a/applications/tasso/.helmignore b/applications/tasso/.helmignore new file mode 100644 index 0000000000..0e8a0eb36f --- /dev/null +++ b/applications/tasso/.helmignore @@ -0,0 +1,23 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*.orig +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/applications/tasso/Chart.yaml b/applications/tasso/Chart.yaml new file mode 100644 index 0000000000..b5d8c1dcd1 --- /dev/null +++ b/applications/tasso/Chart.yaml @@ -0,0 +1,8 @@ +apiVersion: v2 +appVersion: 0.1.0 +description: Cutout labeling service +name: tasso +sources: +- https://github.com/lsst-dm/tasso +type: application +version: 1.0.0 diff --git a/applications/tasso/README.md b/applications/tasso/README.md new file mode 100644 index 0000000000..f36630249e --- /dev/null +++ b/applications/tasso/README.md @@ -0,0 +1,29 @@ +# tasso + +Cutout labeling service + +## Source Code + +* + +## Values + +| Key | Type | Default | Description | +|-----|------|---------|-------------| +| affinity | object | `{}` | Affinity rules for the tasso deployment pod | +| config.logLevel | string | `"INFO"` | Logging level | +| config.logProfile | string | `"production"` | Logging profile (`production` for JSON, `development` for human-friendly) | +| config.pathPrefix | string | `"/tasso"` | URL path prefix | +| config.slackAlerts | bool | `false` | Whether to send Slack alerts for unexpected failures | +| global.baseUrl | string | Set by Argo CD | Base URL for the environment | +| global.host | string | Set by Argo CD | Host name for ingress | +| global.vaultSecretsPath | string | Set by Argo CD | Base path for Vault secrets | +| image.pullPolicy | string | `"IfNotPresent"` | Pull policy for the tasso image | +| image.repository | string | `"ghcr.io/lsst-dm/tasso"` | Image to use in the tasso deployment | +| image.tag | string | The appVersion of the chart | Tag of image to use | +| ingress.annotations | object | `{}` | Additional annotations for the ingress rule | +| nodeSelector | object | `{}` | Node selection rules for the tasso deployment pod | +| podAnnotations | object | `{}` | Annotations for the tasso deployment pod | +| replicaCount | int | `1` | Number of web deployment pods to start | +| resources | object | See `values.yaml` | Resource limits and requests for the tasso deployment pod | +| tolerations | list | `[]` | Tolerations for the tasso deployment pod | diff --git a/applications/tasso/secrets.yaml b/applications/tasso/secrets.yaml new file mode 100644 index 0000000000..e0f4154904 --- /dev/null +++ b/applications/tasso/secrets.yaml @@ -0,0 +1,8 @@ +slack-webhook: + description: >- + Slack web hook used to report internal errors to Slack. This secret may be + changed at any time. + if: config.slackAlerts + copy: + application: mobu + key: app-alert-webhook diff --git a/applications/tasso/templates/_helpers.tpl b/applications/tasso/templates/_helpers.tpl new file mode 100644 index 0000000000..725b1067b1 --- /dev/null +++ b/applications/tasso/templates/_helpers.tpl @@ -0,0 +1,26 @@ +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "tasso.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Common labels +*/}} +{{- define "tasso.labels" -}} +helm.sh/chart: {{ include "tasso.chart" . }} +{{ include "tasso.selectorLabels" . }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "tasso.selectorLabels" -}} +app.kubernetes.io/name: "tasso" +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end }} diff --git a/applications/tasso/templates/configmap.yaml b/applications/tasso/templates/configmap.yaml new file mode 100644 index 0000000000..0b5afcc9e5 --- /dev/null +++ b/applications/tasso/templates/configmap.yaml @@ -0,0 +1,10 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: "tasso" + labels: + {{- include "tasso.labels" . | nindent 4 }} +data: + TASSO_LOG_LEVEL: {{ .Values.config.logLevel | quote }} + TASSO_PATH_PREFIX: {{ .Values.config.pathPrefix | quote }} + TASSO_PROFILE: {{ .Values.config.logProfile | quote }} diff --git a/applications/tasso/templates/deployment.yaml b/applications/tasso/templates/deployment.yaml new file mode 100644 index 0000000000..b8c761390a --- /dev/null +++ b/applications/tasso/templates/deployment.yaml @@ -0,0 +1,69 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: "tasso" + labels: + {{- include "tasso.labels" . | nindent 4 }} +spec: + replicas: {{ .Values.replicaCount }} + selector: + matchLabels: + {{- include "tasso.selectorLabels" . | nindent 6 }} + template: + metadata: + annotations: + checksum/config: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }} + {{- with .Values.podAnnotations }} + {{- toYaml . | nindent 8 }} + {{- end }} + labels: + {{- include "tasso.selectorLabels" . | nindent 8 }} + spec: + {{- with .Values.affinity }} + affinity: + {{- toYaml . | nindent 8 }} + {{- end }} + automountServiceAccountToken: false + containers: + - name: {{ .Chart.Name }} + {{- if .Values.config.slackAlerts }} + env: + - name: "TASSO_SLACK_WEBHOOK" + valueFrom: + secretKeyRef: + name: "tasso" + key: "slack-webhook" + {{- end }} + envFrom: + - configMapRef: + name: "tasso" + image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" + imagePullPolicy: {{ .Values.image.pullPolicy }} + ports: + - name: "http" + containerPort: 8080 + protocol: "TCP" + readinessProbe: + httpGet: + path: "/" + port: "http" + resources: + {{- toYaml .Values.resources | nindent 12 }} + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - "all" + readOnlyRootFilesystem: true + {{- with .Values.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} + securityContext: + runAsNonRoot: true + runAsUser: 1000 + runAsGroup: 1000 diff --git a/applications/tasso/templates/ingress.yaml b/applications/tasso/templates/ingress.yaml new file mode 100644 index 0000000000..592378d444 --- /dev/null +++ b/applications/tasso/templates/ingress.yaml @@ -0,0 +1,38 @@ +apiVersion: gafaelfawr.lsst.io/v1alpha1 +kind: GafaelfawrIngress +metadata: + name: "tasso" + labels: + {{- include "tasso.labels" . | nindent 4 }} +config: + baseUrl: {{ .Values.global.baseUrl | quote }} + scopes: + all: + - "read:image" + service: "tasso" +template: + metadata: + name: "tasso" + {{- with .Values.ingress.annotations }} + annotations: + {{- toYaml . | nindent 6 }} + {{- end }} + spec: + rules: + - host: {{ required "global.host must be set" .Values.global.host | quote }} + http: + paths: + - path: {{ .Values.config.pathPrefix | quote }} + pathType: "Prefix" + backend: + service: + name: "tasso" + port: + number: 8080 + - path: "/webapp" + pathType: "Prefix" + backend: + service: + name: "tasso" + port: + number: 8080 diff --git a/applications/tasso/templates/networkpolicy.yaml b/applications/tasso/templates/networkpolicy.yaml new file mode 100644 index 0000000000..63abb4d6e2 --- /dev/null +++ b/applications/tasso/templates/networkpolicy.yaml @@ -0,0 +1,21 @@ +apiVersion: networking.k8s.io/v1 +kind: NetworkPolicy +metadata: + name: "tasso" +spec: + podSelector: + matchLabels: + {{- include "tasso.selectorLabels" . | nindent 6 }} + policyTypes: + - "Ingress" + ingress: + # Allow inbound access from pods (in any namespace) labeled + # gafaelfawr.lsst.io/ingress: true. + - from: + - namespaceSelector: {} + podSelector: + matchLabels: + gafaelfawr.lsst.io/ingress: "true" + ports: + - protocol: "TCP" + port: 8080 diff --git a/applications/tasso/templates/service.yaml b/applications/tasso/templates/service.yaml new file mode 100644 index 0000000000..ed08280f17 --- /dev/null +++ b/applications/tasso/templates/service.yaml @@ -0,0 +1,15 @@ +apiVersion: v1 +kind: Service +metadata: + name: "tasso" + labels: + {{- include "tasso.labels" . | nindent 4 }} +spec: + type: "ClusterIP" + ports: + - port: 8080 + targetPort: "http" + protocol: "TCP" + name: "http" + selector: + {{- include "tasso.selectorLabels" . | nindent 4 }} diff --git a/applications/tasso/templates/vault-secrets.yaml b/applications/tasso/templates/vault-secrets.yaml new file mode 100644 index 0000000000..9901e56b09 --- /dev/null +++ b/applications/tasso/templates/vault-secrets.yaml @@ -0,0 +1,11 @@ +{{- if .Values.config.slackAlerts -}} +apiVersion: ricoberger.de/v1alpha1 +kind: VaultSecret +metadata: + name: "tasso" + labels: + {{- include "tasso.labels" . | nindent 4 }} +spec: + path: "{{ .Values.global.vaultSecretsPath }}/tasso" + type: Opaque +{{- end }} diff --git a/applications/tasso/values-usdfdev.yaml b/applications/tasso/values-usdfdev.yaml new file mode 100644 index 0000000000..cd853b11d4 --- /dev/null +++ b/applications/tasso/values-usdfdev.yaml @@ -0,0 +1,10 @@ +image: + # -- Pull policy for the tasso image + pullPolicy: Always + + # -- Tag of image to use + # @default -- The appVersion of the chart + tag: tickets-DM-45694 + +config: + logLevel: "DEBUG" diff --git a/applications/tasso/values.yaml b/applications/tasso/values.yaml new file mode 100644 index 0000000000..df8156e987 --- /dev/null +++ b/applications/tasso/values.yaml @@ -0,0 +1,66 @@ +# Default values for tasso. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. + +# -- Number of web deployment pods to start +replicaCount: 1 + +image: + # -- Image to use in the tasso deployment + repository: "ghcr.io/lsst-dm/tasso" + + # -- Pull policy for the tasso image + pullPolicy: "IfNotPresent" + + # -- Tag of image to use + # @default -- The appVersion of the chart + tag: null + +config: + # -- Logging level + logLevel: "INFO" + + # -- Logging profile (`production` for JSON, `development` for + # human-friendly) + logProfile: "production" + + # -- URL path prefix + pathPrefix: "/tasso" + + # -- Whether to send Slack alerts for unexpected failures + slackAlerts: false + +ingress: + # -- Additional annotations for the ingress rule + annotations: {} + +# -- Affinity rules for the tasso deployment pod +affinity: {} + +# -- Node selection rules for the tasso deployment pod +nodeSelector: {} + +# -- Annotations for the tasso deployment pod +podAnnotations: {} + +# -- Resource limits and requests for the tasso deployment pod +# @default -- See `values.yaml` +resources: {} + +# -- Tolerations for the tasso deployment pod +tolerations: [] + +# The following will be set by parameters injected by Argo CD and should not +# be set in the individual environment values files. +global: + # -- Base URL for the environment + # @default -- Set by Argo CD + baseUrl: null + + # -- Host name for ingress + # @default -- Set by Argo CD + host: null + + # -- Base path for Vault secrets + # @default -- Set by Argo CD + vaultSecretsPath: null diff --git a/docs/applications/rubin.rst b/docs/applications/rubin.rst index ebd6ab8be3..aa6dd107a1 100644 --- a/docs/applications/rubin.rst +++ b/docs/applications/rubin.rst @@ -25,3 +25,4 @@ Argo CD project: ``rubin`` rubintv-dev/index s3proxy/index schedview-snapshot/index + tasso/index diff --git a/docs/applications/tasso/index.rst b/docs/applications/tasso/index.rst new file mode 100644 index 0000000000..3109b27d45 --- /dev/null +++ b/docs/applications/tasso/index.rst @@ -0,0 +1,19 @@ +.. px-app:: tasso + +############################### +tasso — Cutout labeling service +############################### + +Tasso is a small service that allows users to label static cutout images of DIASources for training machine-learned Real/Bogus models. +It is conceptually similar to Zooniverse but allows us to work with embargoed data. + +.. jinja:: tasso + :file: applications/_summary.rst.jinja + +Guides +====== + +.. toctree:: + :maxdepth: 1 + + values diff --git a/docs/applications/tasso/values.md b/docs/applications/tasso/values.md new file mode 100644 index 0000000000..1373e25657 --- /dev/null +++ b/docs/applications/tasso/values.md @@ -0,0 +1,12 @@ +```{px-app-values} tasso +``` + +# tasso Helm values reference + +Helm values reference table for the {px-app}`tasso` application. + +```{include} ../../../applications/tasso/README.md +--- +start-after: "## Values" +--- +``` \ No newline at end of file diff --git a/environments/README.md b/environments/README.md index 355a7dc4e2..ca875ac715 100644 --- a/environments/README.md +++ b/environments/README.md @@ -69,6 +69,7 @@ | applications.strimzi | bool | `false` | Enable the strimzi application | | applications.strimzi-access-operator | bool | `false` | Enable the strimzi-access-operator application | | applications.tap | bool | `false` | Enable the tap application | +| applications.tasso | bool | `false` | Enable the tasso application | | applications.telegraf | bool | `false` | Enable the telegraf application | | applications.telegraf-ds | bool | `false` | Enable the telegraf-ds application | | applications.templatebot | bool | `false` | Enable the templatebot application | diff --git a/environments/templates/applications/rubin/tasso.yaml b/environments/templates/applications/rubin/tasso.yaml new file mode 100644 index 0000000000..1b263abead --- /dev/null +++ b/environments/templates/applications/rubin/tasso.yaml @@ -0,0 +1,34 @@ +{{- if (index .Values "applications" "tasso") -}} +apiVersion: v1 +kind: Namespace +metadata: + name: "tasso" +--- +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + name: "tasso" + namespace: "argocd" + finalizers: + - "resources-finalizer.argocd.argoproj.io" +spec: + destination: + namespace: "tasso" + server: "https://kubernetes.default.svc" + project: "rubin" + source: + path: "applications/tasso" + repoURL: {{ .Values.repoUrl | quote }} + targetRevision: {{ .Values.targetRevision | quote }} + helm: + parameters: + - name: "global.host" + value: {{ .Values.fqdn | quote }} + - name: "global.baseUrl" + value: "https://{{ .Values.fqdn }}" + - name: "global.vaultSecretsPath" + value: {{ .Values.vaultPathPrefix | quote }} + valueFiles: + - "values.yaml" + - "values-{{ .Values.name }}.yaml" +{{- end -}} \ No newline at end of file diff --git a/environments/values-usdfdev.yaml b/environments/values-usdfdev.yaml index ee2390b317..c6649fa1a4 100644 --- a/environments/values-usdfdev.yaml +++ b/environments/values-usdfdev.yaml @@ -38,4 +38,5 @@ applications: squareone: true strimzi: true tap: true + tasso: true times-square: true diff --git a/environments/values.yaml b/environments/values.yaml index 37ac10bd49..e5a0f7422e 100644 --- a/environments/values.yaml +++ b/environments/values.yaml @@ -231,6 +231,9 @@ applications: # -- Enable the tap application tap: false + # -- Enable the tasso application + tasso: false + # -- Enable the telegraf application telegraf: false