SwissDataScienceCenter · olevski · Jul 5, 2023 · May 16, 2023 · May 16, 2023 · May 16, 2023
@@ -77,24 +77,7 @@ jobs:
           tlsSecret: dummy-tls-secret
         serverDefaults:
           defaultUrl: /lab
-          cpu_request: 0.1
-          mem_request: 0.5G
-          disk_request: 1G
-          gpu_request: 0
           lfs_auto_fetch: false
-        serverOptions:
-          cpu_request:
-            order: 1
-            displayName: Number of CPUs
-            type: enum
-            default: 0.1
-            options: [0.1, 1.0]
-          mem_request:
-            order: 2
-            displayName: Amount of Memory
-            type: enum
-            default: 0.5G
-            options: [0.5G, 2G]
         tests:
           sessionTypes:
             - ${{ matrix.session-type }}

@@ -1,23 +1,29 @@
-FROM python:3.8-alpine as base
-RUN apk add --no-cache curl tini && \
-    adduser -u 1000 -g 1000 -D kyaku
-WORKDIR /home/kyaku/renku-notebooks
-
-FROM base as builder
-ENV POETRY_HOME=/opt/poetry
+FROM python:3.11-bullseye as builder
+RUN groupadd --gid 1000 renku && \
+    useradd --gid 1000 --uid 1000 --groups 100 --create-home renku && \
+    mkdir -p /app && \
+    chown -R 1000:1000 /app 
+USER 1000:1000
+WORKDIR /app
+RUN python3 -m pip install --user pipx && \
+    python3 -m pipx ensurepath && \
+    /home/renku/.local/bin/pipx install poetry && \
+    python3 -m venv .venv
 COPY poetry.lock pyproject.toml ./
-RUN apk add --no-cache alpine-sdk libffi-dev && \
-    mkdir -p /opt/poetry && \
-    curl -sSL https://install.python-poetry.org | POETRY_VERSION=1.3.2 python3 - && \
-    /opt/poetry/bin/poetry config virtualenvs.in-project true  && \
-    /opt/poetry/bin/poetry config virtualenvs.options.no-setuptools true && \
-    /opt/poetry/bin/poetry config virtualenvs.options.no-pip true  && \
-    /opt/poetry/bin/poetry install --only main --no-root
+RUN /home/renku/.local/bin/poetry export --only main --without-hashes -o requirements.txt && \
+    .venv/bin/pip install -r requirements.txt --prefer-binary
 
-FROM base as runtime
-LABEL maintainer="info@datascience.ch"
+FROM python:3.11-slim-bullseye
+RUN apt-get update && apt-get install -y \
+    tini && \
+    rm -rf /var/lib/apt/lists/* && \
+    groupadd --gid 1000 renku && \
+    useradd --gid 1000 --uid 1000 --groups 100 --create-home renku && \
+    mkdir -p /app && \
+    chown -R 1000:1000 /app 
 USER 1000:1000
-COPY --from=builder /home/kyaku/renku-notebooks/.venv .venv
+WORKDIR /app
+COPY --from=builder /app/.venv .venv
 COPY renku_notebooks renku_notebooks
 COPY resource_schema_migrations resource_schema_migrations
 ENTRYPOINT ["tini", "-g", "--"]

@@ -1,37 +1,34 @@
-FROM python:3.8-slim
-
-LABEL maintainer="info@datascience.ch"
-
-RUN pip install --no-cache-dir --disable-pip-version-check -U pip poetry && \
-    apt-get update && \
-    apt-get install -y git && \
-    curl -s https://packagecloud.io/install/repositories/github/git-lfs/script.deb.sh | bash && \
-    apt-get install git-lfs && \
-    git lfs install && \
-    apt-get clean && \
+FROM python:3.10-bullseye as builder
+RUN groupadd --gid 1000 renku && \
+    useradd --gid 1000 --uid 1000 --groups 100 --create-home renku && \
+    mkdir -p /app && \
+    chown -R 1000:1000 /app 
+USER 1000:1000
+WORKDIR /app
+RUN python3 -m pip install --user pipx && \
+    python3 -m pipx ensurepath && \
+    /home/renku/.local/bin/pipx install poetry && \
+    python3 -m venv .venv
+COPY poetry.lock pyproject.toml ./
+RUN /home/renku/.local/bin/poetry export --only main --without-hashes -o requirements.txt && \
+    .venv/bin/pip install -r requirements.txt --prefer-binary
+RUN /home/renku/.local/bin/poetry export --with dev --without-hashes -o requirements_dev.txt && \
+    .venv/bin/pip install -r requirements_dev.txt --prefer-binary && \
+    .venv/bin/pip install renku
+
+FROM python:3.10-slim-bullseye
+RUN apt-get update && apt-get install -y \
+    tini git git-lfs && \
     rm -rf /var/lib/apt/lists/* && \
-    groupadd -g 1000 kyaku && \
-    useradd -u 1000 -g kyaku -m kyaku
-
+    groupadd --gid 1000 renku && \
+    useradd --gid 1000 --uid 1000 --groups 100 --create-home renku && \
+    mkdir -p /app && \
+    chown -R 1000:1000 /app 
 USER 1000:1000
-
-# Install renku
-ENV PATH=$PATH:/home/kyaku/.renku/bin
-
-RUN mkdir -p /home/kyaku/.renku/bin && \
-    virtualenv /home/kyaku/.renku/venv && \
-    . /home/kyaku/.renku/venv/bin/activate && \
-    pip install --no-cache renku && \
-    deactivate && \
-    ln -s /home/kyaku/.renku/venv/bin/renku /home/kyaku/.renku/bin/renku
-
-# Install all packages
-COPY pyproject.toml poetry.lock /home/kyaku/renku-notebooks/
-WORKDIR /home/kyaku/renku-notebooks/
-RUN poetry install
-
+WORKDIR /app
+COPY --from=builder /app/.venv .venv
+ENV PATH=$PATH:/app/.venv/bin
 COPY renku_notebooks renku_notebooks
 COPY resource_schema_migrations resource_schema_migrations
 COPY tests tests
-
-CMD ["poetry", "run", "pytest", "tests/integration"]
+CMD [".venv/bin/pytest", "-v", "tests/integration"]
@@ -1,23 +1,29 @@
-FROM python:3.9-alpine as base
-RUN apk add --no-cache git git-lfs curl tini && \
-    adduser jovyan -u1000 -g100 --disabled-password
-WORKDIR /git_services
-
-FROM base as builder
-ENV POETRY_HOME=/opt/poetry
-COPY pyproject.toml poetry.lock ./
-RUN apk add --no-cache alpine-sdk linux-headers && \
-    mkdir -p /opt/poetry && \
-    curl -sSL https://install.python-poetry.org | POETRY_VERSION=1.3.2 python3 - && \
-    /opt/poetry/bin/poetry config virtualenvs.in-project true  && \
-    /opt/poetry/bin/poetry config virtualenvs.options.no-setuptools true && \
-    /opt/poetry/bin/poetry config virtualenvs.options.no-pip true  && \
-    /opt/poetry/bin/poetry install --only main --no-root
+FROM python:3.10-bullseye as builder
+RUN groupadd --gid 1000 renku && \
+    useradd --gid 1000 --uid 1000 --groups 100 --create-home jovyan && \
+    mkdir -p /app && \
+    chown -R 1000:1000 /app 
+USER 1000:1000
+WORKDIR /app
+RUN python3 -m pip install --user pipx && \
+    python3 -m pipx ensurepath && \
+    /home/jovyan/.local/bin/pipx install poetry && \
+    python3 -m venv .venv
+COPY poetry.lock pyproject.toml ./
+RUN /home/jovyan/.local/bin/poetry export --only main --without-hashes -o requirements.txt && \
+    .venv/bin/pip install -r requirements.txt --prefer-binary
 
-FROM base as runtime
-LABEL maintainer="Swiss Data Science Center <info@datascience.ch>"
+FROM python:3.10-slim-bullseye
+RUN apt-get update && apt-get install -y \
+    tini git git-lfs && \
+    rm -rf /var/lib/apt/lists/* && \
+    groupadd --gid 1000 renku && \
+    useradd --gid 1000 --uid 1000 --groups 100 --create-home jovyan && \
+    mkdir -p /app && \
+    chown -R 1000:1000 /app 
 USER 1000:1000
-COPY --from=builder /git_services ./
+WORKDIR /app
+COPY --from=builder /app/.venv .venv
 ADD git_services ./git_services
 ENTRYPOINT ["tini", "-g", "--"]
 CMD [".venv/bin/python3", "-m", "git_services.init.clone"]
@@ -1,24 +1,30 @@
-FROM python:3.9-alpine as base
-RUN apk add --no-cache git git-lfs curl tini bash && \
-    adduser jovyan -u1000 -g100 --disabled-password
-WORKDIR /git_services
-
-FROM base as builder
-ENV POETRY_HOME=/opt/poetry
-COPY pyproject.toml poetry.lock ./
-RUN apk add --no-cache alpine-sdk linux-headers && \
-    mkdir -p /opt/poetry && \
-    curl -sSL https://install.python-poetry.org | POETRY_VERSION=1.3.2 python3 - && \
-    /opt/poetry/bin/poetry config virtualenvs.in-project true  && \
-    /opt/poetry/bin/poetry config virtualenvs.options.no-setuptools true && \
-    /opt/poetry/bin/poetry config virtualenvs.options.no-pip true  && \
-    /opt/poetry/bin/poetry install --only main --no-root
+FROM python:3.10-bullseye as builder
+RUN groupadd --gid 1000 renku && \
+    useradd --gid 1000 --uid 1000 --groups 100 --create-home jovyan && \
+    mkdir -p /app && \
+    chown -R 1000:1000 /app 
+USER 1000:1000
+WORKDIR /app
+RUN python3 -m pip install --user pipx && \
+    python3 -m pipx ensurepath && \
+    /home/jovyan/.local/bin/pipx install poetry && \
+    python3 -m venv .venv
+COPY poetry.lock pyproject.toml ./
+RUN /home/jovyan/.local/bin/poetry export --only main --without-hashes -o requirements.txt && \
+    .venv/bin/pip install -r requirements.txt --prefer-binary
 
-FROM base as runtime
-LABEL maintainer="Swiss Data Science Center <info@datascience.ch>"
+FROM python:3.10-slim-bullseye
+RUN apt-get update && apt-get install -y \
+    tini git git-lfs && \
+    rm -rf /var/lib/apt/lists/* && \
+    groupadd --gid 1000 renku && \
+    useradd --gid 1000 --uid 1000 --groups 100 --create-home jovyan && \
+    mkdir -p /app && \
+    chown -R 1000:1000 /app 
 USER 1000:1000
-COPY --from=builder /git_services ./
+WORKDIR /app
+COPY --from=builder /app/.venv .venv
 ADD git_services ./git_services
-ENV PATH="${PATH}:/git_services/.venv/bin"
+ENV PATH="${PATH}:/app/.venv/bin"
 ENTRYPOINT ["tini", "-g", "--"]
 CMD [".venv/bin/gunicorn", "-c", "git_services/sidecar/gunicorn.conf.py"]
@@ -1,7 +1,7 @@
 dependencies:
 - name: amalthea
   repository: "https://swissdatasciencecenter.github.io/helm-charts/"
-  version: "0.6.1"
+  version: "0.7.0"
 - name: certificates
   version: "0.0.4"
   repository: "https://swissdatasciencecenter.github.io/helm-charts/"

@@ -190,6 +190,10 @@ spec:
             - name: NB_SESSIONS__SSH__HOST_KEY_SECRET
               value: {{ .Values.ssh.hostKeySecret | quote }}
             {{- end }}
+            - name: NB_DUMMY_STORES
+              value: {{ .Values.dummyStores | quote }}
+            - name: NB_CRC_URL
+              value: {{ printf "http://%s/api/data" .Values.global.crc.serviceName }}
           ports:
             - name: http
               containerPort: 8000

@@ -99,6 +99,8 @@ spec:
           value: {{ $.Values.image.tag | quote }}
         - name: NB_SESSIONS__GIT_PROXY__RENKU_CLIENT_ID
           value: renku
+        - name: NB_DUMMY_STORES
+          value: "true"
         - name: NB_SESSIONS__GIT_PROXY__RENKU_CLIENT_SECRET
           value: {{ $.Values.global.gateway.clientSecret | default "renku-client-secret" | quote }}
         {{ if $.Values.global.keycloak.realm }}
@@ -111,12 +113,8 @@ spec:
         - name: NB_SESSIONS__SSH__HOST_KEY_SECRET
           value: {{ $.Values.ssh.hostKeySecret | quote }}
         {{- end }}
-      command:
-        - poetry
-        - run
-        - pytest
-        - -v
-        - tests/integration
+        - name: NB_CRC_URL
+          value: {{ printf "http://%s/api/data" $.Values.global.crc.serviceName }}
       volumeMounts:
         - name: server-options
           mountPath: /etc/renku-notebooks/server_options

@@ -27,6 +27,8 @@ global:
   keycloak:
     ## The name of the realm in Keycloak used by Renku
     realm:  
+  crc:
+    serviceName: renku-crc
 
 amalthea:
   scope:
@@ -232,8 +234,7 @@ serverDefaults:
 
 ## How to enforce CPU limits for sessions, options are "lax", "off" or "strict"
 ## - "strict" = CPU limit equals cpu request
-## - "lax" = CPU limit equals maximum from server_options, if CPU is not in server options then
-##   CPU limit is set to the CPU request
+## - "lax" = CPU limit equals 3x cpu request
 ## - "off" = no CPU limits at all
 enforceCPULimits: "off"
 
@@ -367,3 +368,6 @@ ssh:
   ## - ssh_host_ed25519_key
   ## - ssh_host_ed25519_key.pub
   hostKeySecret:
+
+## Used for testing - should be set to false for production
+dummyStores: false
@@ -131,7 +131,7 @@ def register_swagger(app):
             "without getting authorized at all."
         },
         security=[{"oauth2-swagger": ["openid"]}],
-        servers=[{"url": "/api"}],
+        servers=[{"url": "/api"}, {"url": "/ui-server/api"}],
     )
     # Register schemas
     spec.components.schema("LaunchNotebookRequest", schema=LaunchNotebookRequest)

@@ -78,6 +78,23 @@ def session_node_selector():
     ]
 
 
+def priority_class(server: "UserServer"):
+    if server.server_options.priority_class is None:
+        return []
+    return [
+        {
+            "type": "application/json-patch+json",
+            "patch": [
+                {
+                    "op": "add",
+                    "path": "/statefulset/spec/template/spec/priorityClassName",
+                    "value": server.server_options.priority_class,
+                }
+            ],
+        }
+    ]
+
+
 def test(server: "UserServer"):
     """RFC 6901 patches support test statements that will cause the whole patch
     to fail if the test statements are not correct. This is used to ensure that the

@@ -26,7 +26,7 @@ def git_clone(server: "UserServer"):
         },
         {
             "name": "GIT_CLONE_LFS_AUTO_FETCH",
-            "value": "1" if server.server_options["lfs_auto_fetch"] else "0",
+            "value": "1" if server.server_options.lfs_auto_fetch else "0",
         },
         {"name": "GIT_CLONE_COMMIT_SHA", "value": server.commit_sha},
         {"name": "GIT_CLONE_BRANCH", "value": server.branch},
@@ -95,7 +95,12 @@ def git_clone(server: "UserServer"):
                     "value": {
                         "image": config.sessions.git_clone.image,
                         "name": "git-clone",
-                        "resources": {},
+                        "resources": {
+                            "requests": {
+                                "cpu": "100m",
+                                "memory": "100Mi",
+                            }
+                        },
                         "securityContext": {
                             "allowPrivilegeEscalation": False,
                             "fsGroup": 100,
@@ -124,6 +129,12 @@ def certificates():
             custom_certs=True,
             read_only_etc_certs=False,
         ),
+        resources={
+            "requests": {
+                "cpu": "50m",
+                "memory": "50Mi",
+            }
+        },
     )
     volume_etc_certs = client.V1Volume(
         name="etc-ssl-certs", empty_dir=client.V1EmptyDirVolumeSource(medium="Memory")
@@ -181,6 +192,12 @@ def download_image(server: "UserServer"):
         image=server.verified_image,
         command=["sh", "-c"],
         args=["exit", "0"],
+        resources={
+            "requests": {
+                "cpu": "50m",
+                "memory": "50Mi",
+            }
+        },
     )
     api_client = client.ApiClient()
     return [