Merge pull request #5 from govekk/update_local

Update local with changes to on-prem

.github/workflows/local.yml

@@ -40,18 +40,18 @@ jobs:
       - name: print pods
         run: kubectl get pods -A
       - name: server logs
-        run: kubectl logs omero-server
+        run: kubectl logs omero-server -n test
       - name: omero logs
         run: |
-          kubectl exec omero-server -- bash -c "tail /opt/omero/server/OMERO.server/var/log/Blitz-0.log"
-          echo $(kubectl exec omero-server -- bash -c "cat /opt/omero/server/OMERO.server/var/log/Blitz-0.log" | grep ERROR)
-          kubectl exec omero-server -- bash -c "tail /opt/omero/server/OMERO.server/var/log/master.err"
+          kubectl exec omero-server -n test -- bash -c "tail /opt/omero/server/OMERO.server/var/log/Blitz-0.log"
+          echo $(kubectl exec omero-server -n test -- bash -c "cat /opt/omero/server/OMERO.server/var/log/Blitz-0.log" | grep ERROR)
+          kubectl exec omero-server -n test -- bash -c "tail /opt/omero/server/OMERO.server/var/log/master.err"
       - name: test servers
         run: |
-          kubectl exec omero-server -- bash -c "/opt/omero/server/server_venv/bin/omero login -u root -w omero -s 127.0.0.1:4064"
+          kubectl exec omero-server -n test -- bash -c "/opt/omero/server/server_venv/bin/omero login -u root -w omero -s 127.0.0.1:4064"
       - name: test web
         run: |
-          kubectl port-forward svc/omero-web 8080:80 --address='0.0.0.0' &
+          kubectl port-forward svc/omero-web -n test 8080:80 --address='0.0.0.0' &
           sleep 30s
           echo "localhost:8080"
           curl -I localhost:8080

README.md

@@ -1,7 +1,7 @@
 # Kubernetes templates for OMERO as run at The Jackson Laboratory
 The Jackson Laboratory hosts a public image repository using OMERO on Google Cloud at [images.jax.org](https://images.jax.org). These templates are made to mimic that OMERO deployment and related testing environments as closely as possible.
 
-As a lightweight template repository, the current goal is to only require `kubectl` and either a local Kubernetes cluster or Google Cloud Project (GCP). _Kustomize_ is used to provide multiple optional deployment configurations in the GCP yamls, run as `kubectl apply -k`. _In the future this may be upgraded to Helm charts or Terraform._
+As a lightweight template repository, the current goal is to only require `kubectl` and either a local Kubernetes cluster or Google Cloud Project (GCP). _Kustomize_ is used to provide multiple optional deployment configurations in the GCP yamls, run as `kubectl apply -k`.
 
 ## Deployment overview
 ![Schematic of OMERO deployment, explained in words below](gcp_overview.png)

local_k8s/README.md

@@ -1,17 +1,19 @@
 # Local Kubernetes OMERO deployment
-Our local Kubernetes is solely used for testing currently. These templates are not as robust as the GCP ymls, and some things should probably be changed for a production environment:
 
-1. Not running Postgres through Kubernetes, since the database needs to be persistent
-2. Host a separate NFS server somewhere with lots of space for image data files, rather than as a Kubernetes persistent volume
-3. Probably use something larger than minikube to run the Kubernetes cluster
-4. More persistent port forwarding than `kubectl port-forward`
+## Current infrastructure
+- `kubeadm` runs Kubernetes cluster on `Rocky 9`
+- `postgres` baremetal database
+- `calico` networking
 
-## Current tested setup:
-`minikube` running Kubernetes cluster on `Rocky 9`
+Has also been tested with `minikube` on `Rocky 9` and `Centos 7`.
 
 ## Build images
+If using minikube, you first need to access the minikube docker environment
 ```
 eval $(minikube docker-env)
+```
+
+```
 cd omero-k8s-templates/local_k8s/containers
 docker build omero-web -t omero-web
 docker build omero-server -t omero-server
@@ -23,29 +25,25 @@ openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout nginx.key -out nginx
 cat nginx.key | base64 -w 0
 cat nginx.crt | base64 -w 0
 ```
-And put base64 nginx.key and nginx.crt in nginx.sslsecret.yml
+And put the base64 nginx.key and nginx.crt in nginx.sslsecret.yml
+
+### Changes used for testing
+- Temporary local nfs volume
+- Temporary postgres database run as kubernetes pod
 
 ## CSRF trusted origins
 When using Django 4 (required by OMERO.web 5.23.0+) with http or https, we need to set the CSRF_TRUSTED_ORIGINS environment variable. This can be set the OMERO config omero.web.csrf_trusted_origins (https://github.com/ome/omero-web/pull/477).
 
 We've put this setting in the Nginx configmap ymls. In nginx_conf_http.yml or nginx_conf_https.yml, replace `http://web_url:port` with your web url and port.
 
 ## Run kubernetes deployments/pods
+By using kustomize, we can just apply the whole folder at once:
 ```
-cd omero-k8s-templates/local_k8s/k8s_ymls
-kubectl apply -f omero-secrets.yml
-kubectl apply -f nfs_pv.yml
-kubectl apply -f postgres.yml
-kubectl apply -f omero-server.yml
-kubectl apply -f omero-readonly-secrets.yml
-kubectl apply -f omero-readonly-server.yml
-kubectl apply -f nginx_conf_https.yml
-kubectl apply -f nginx.sslsecret.yml
-kubectl apply -f omero-web.yml
+kubectl apply -k test
 ```
 
 ## Forward a local port to an internal pod port, to access OMERO.web
-
+If using minikube, `port-forward` is needed to expose port:
 ```
 screen -S port-forward
 kubectl port-forward svc/omero-web 8080:80 --address=0.0.0.0

local_k8s/containers/omero-server/Dockerfile

@@ -32,6 +32,7 @@ RUN apt-get install -y -q \
     zlib1g-dev \
     pkg-config
 
+# download and place ice files
 RUN cd /tmp
 RUN wget -q https://github.com/ome/zeroc-ice-debian10/releases/download/0.1.0/ice-3.6.5-0.1.0-debian10-amd64.tar.gz
 RUN tar xf ice-3.6.5-0.1.0-debian10-amd64.tar.gz
@@ -46,10 +47,13 @@ RUN /opt/omero/server/server_venv/bin/pip install --upgrade pip
 RUN /opt/omero/server/server_venv/bin/pip install wheel setuptools
 RUN /opt/omero/server/server_venv/bin/pip install https://github.com/glencoesoftware/zeroc-ice-py-linux-x86_64/releases/download/20231130/zeroc_ice-3.6.5-cp39-cp39-manylinux_2_28_x86_64.whl
 RUN /opt/omero/server/server_venv/bin/pip install omero-server[default]
-RUN /opt/omero/server/server_venv/bin/pip install omero-py==5.17.0
+RUN /opt/omero/server/server_venv/bin/pip install omero-py==5.19.4
 RUN /opt/omero/server/server_venv/bin/pip install omego
-RUN /opt/omero/server/server_venv/bin/pip install omero-certificates==0.3.2
-RUN /opt/omero/server/server_venv/bin/pip install omero-cli-transfer==0.8.0
+RUN /opt/omero/server/server_venv/bin/pip install omero-certificates>=3.2.0
+RUN /opt/omero/server/server_venv/bin/pip install omero-cli-transfer==1.0.1
+RUN /opt/omero/server/server_venv/bin/pip install xsdata==23.6
+# needed for OMERO.figure exports:
+RUN /opt/omero/server/server_venv/bin/pip install "reportlab<3.6" markdown "pillow==9.5.0"
 
 RUN useradd -ms /bin/bash omero-server
 
@@ -60,6 +64,7 @@ RUN unzip -q OMERO.server*
 RUN chown -R omero-server OMERO.server-*
 RUN ln -s OMERO.server-*/ OMERO.server
 RUN chown -R omero-server /opt
+
 ENV STEWARD=https://github.com/glencoesoftware/omero-pc-steward/releases/download/v0.1.0/omero-pc-steward-0.1.0.jar
 RUN wget -q $STEWARD -O /opt/omero/server/OMERO.server/lib/server/omero-pc-steward.jar
 ENV LOGSED='/<logger name="ome.adapters" level="ERROR"\/>/a \ \ <!-- omero-pc-steward memory cleanup logger -->\n  <logger name="com.glencoesoftware" level="INFO"\/>'
@@ -72,4 +77,9 @@ COPY startup /startup/
 USER omero-server
 ENV OMERODIR /opt/omero/server/OMERO.server
 
+# Copied from omero-ice36.env because /etc/profile not useful for kub pod access, just setting these env for omero-server
+ENV ICE_HOME /opt/ice-3.6.5-0.1.0		
+ENV PATH "$ICE_HOME/bin:$PATH"		
+ENV SLICEPATH "$ICE_HOME/slice"
+
 ENTRYPOINT ["/usr/local/bin/entrypoint.sh"]

local_k8s/containers/omero-web/Dockerfile

@@ -17,8 +17,8 @@ RUN /opt/omero/web/venv3/bin/pip install wheel
 RUN /opt/omero/web/venv3/bin/pip install numpy
 # TODO: Download & check hash function
 RUN /opt/omero/web/venv3/bin/pip install --upgrade https://github.com/glencoesoftware/zeroc-ice-py-linux-x86_64/releases/download/20231130/zeroc_ice-3.6.5-cp39-cp39-manylinux_2_28_x86_64.whl
-RUN /opt/omero/web/venv3/bin/pip install omero-py==5.17.0
-RUN /opt/omero/web/venv3/bin/pip install omero-web==5.23.0
+RUN /opt/omero/web/venv3/bin/pip install omero-py==5.19.4
+RUN /opt/omero/web/venv3/bin/pip install omero-web==5.27.0
 
 RUN /opt/omero/web/venv3/bin/pip install \
         omero-figure \

local_k8s/k8s_ymls/kustomization.yml

@@ -1,7 +1,6 @@
 resources:
-- nfs_pv.yml
-- postgres.yml
 - omero-server.yml
-- omero-readonly-server.yml
-- nginx_conf_http.yml
+- nginx-conf-https.yml
+# - nginx-sslsecret.yml # commented out so github action doesn't look for it
 - omero-web.yml
+- priority.yml

local_k8s/k8s_ymls/omero-server.yml

@@ -25,7 +25,7 @@ spec:
   sessionAffinity: None
 
   # Expose the service internally only
-  type: LoadBalancer
+  type: ClusterIP
 
 ---
 # Run a vanilla omero server instance
@@ -37,6 +37,7 @@ metadata:
   labels:
     app: omero-server
 spec:
+  priorityClassName: nonpreempting
   containers:
     - name: omero-server
       image: omero-server