initial commit

.dockerignore

@@ -0,0 +1,4 @@
+**/node_modules
+.tox
+setup.sh
+build

.gitignore

@@ -0,0 +1,8 @@
+/cloud-harness
+.idea
+**/helm
+/build
+.vscode
+skaffold.yaml
+/deployment.yaml
+**/__pycache__

README.md

@@ -0,0 +1,39 @@
+# SALK
+
+An updated version of the Open Source Brain platform
+
+## Deploy
+
+### Prerequisites
+
+The SALK deployment is built on top of [CloudHarness](https://github.com/MetaCell/cloud-harness).
+The deployment process is based on Python 3.7+ scripts. It is recommended to setup a virtual 
+environment first.
+
+With conda: 
+```bash
+conda create --name salk python=3.7
+conda activate salk
+```
+
+To install CloudHarness:
+
+```
+git clone https://github.com/MetaCell/cloud-harness.git
+cd cloud-harness
+pip install -r requirements.txt
+```
+
+## Development setup
+
+Minikube is recommended to setup locally. The procedure is different depending on where Minikube is installed.
+The simplest procedure is with Minikube hosted in the same machine where running the commands.
+
+Run the `setup.sh` script to setup your minikube cluster.
+The script will also build all Docker images and installs the deployment using `skaffold`
+
+Requirements:
+* minikube installed
+* kubectl installed
+* skaffold installed
+* helm installed

applications/salk-portal/.dockerignore

@@ -0,0 +1,7 @@
+.git
+*Dockerfile*
+*docker-compose*
+node_modules
+**/node_modules
+public
+/deploy

applications/salk-portal/.gitignore

@@ -0,0 +1,5 @@
+public
+dist
+node_modules
+.vscode
+

applications/salk-portal/Dockerfile

@@ -0,0 +1,22 @@
+FROM node:13.14 as base
+ENV BUILDDIR=/builddir
+
+COPY package.json ${BUILDDIR}/package.json
+COPY package-lock.json ${BUILDDIR}/package-lock.json
+WORKDIR ${BUILDDIR}
+RUN npm ci
+COPY . $BUILDDIR
+RUN npm run build
+###
+FROM nginx:1.17-alpine
+ENV BUILDDIR=/builddir
+COPY --from=base $BUILDDIR/public /usr/share/nginx/html
+
+EXPOSE 80
+
+RUN mv /etc/nginx/nginx.conf /etc/nginx/nginx.conf.orig
+COPY nginx.conf /etc/nginx/nginx.conf
+
+ADD entrypoint.sh /entrypoint.sh
+RUN chmod +x /entrypoint.sh
+CMD /entrypoint.sh

applications/salk-portal/README.md

@@ -0,0 +1,95 @@
+# SALK portal app (www)
+The SALK portal app is the entrypoint of the SALK platform. It serves the portal website.
+
+## Get started
+
+## Prerequisites
+
+Cloudharness must be installed.
+
+## Development instructions
+
+For developers it is very handy to run the app local instead of in the cluster.
+Locally changes made are directly reflected in the app. Also debugging a local app is easier.
+
+To start the local instance use 
+```
+sudo npm run start:dev
+```
+
+This will spin up the webpack dev server in https mode listening on port 443. Because port 443 lays in 
+the "protected" area (port numbers <1024) of linux it is needed to run it as a SuperUser
+
+Make sure the correct node version (for now 13) is installed in "/usr/local/bin"
+
+When using nvm (node version manager, see [github](https://github.com/nvm-sh/nvm)) you can sym link:
+```
+nvm install 13
+nvm use 13
+sudo ln -s "$NVM_DIR/versions/node/$(nvm version)/bin/node" "/usr/local/bin/node"
+sudo ln -s "$NVM_DIR/versions/node/$(nvm version)/bin/npm" "/usr/local/bin/npm"
+```
+
+The local webpack dev server uses [keycloak_dev.json](src/assets/keycloak_dev.json) for connecting to the keycloak accounts system.
+Please check this file and change the domain according to your setup.
+
+### Self Signed Certificates
+
+When running on a local minikube please make sure you import the generated cacert certificates. The certificate file is most likely to be found here ./deployment/helm/resources/certs/cacert.crt
+
+For Google Chrome: [manage certificates](chrome://settings/certificates?search=manage+certificate)
+
+Select Authorities
+and import the cacert
+
+### Development
+
+The application relies on other backend applications to be in place:
+ - accounts.* for user management
+ - workspaces.* for workspaces
+
+The dependency on these applications can be handled differently with the following commands:
+- `npm run start:dev`: No backend 
+- `npm run start:test`: use test deployment applications (salk.stage.metacell.us)
+- `npm run start:minikube`: use local minikube deployment applications (salk.local)
+- `USE_MOCKS=true npm run start:dev`: uses experiment mock responses
+
+The webpack-dev-server will reroute the proxy /proxy/workspaces to the given backend instead of the workspace manager app.
+
+
+#### Rest client generate
+
+The workspaces application backend rest client is connected through automatically generated api.
+
+Install generator:
+```
+npm install @openapitools/openapi-generator-cli -g
+```
+
+```
+openapi-generator-cli generate -i ../workspaces/api/openapi.yaml -g typescript-fetch -o src/apiclient/workspaces
+```
+
+After the generation, may need to fix runtime.ts file:
+
+
+replace `export type FetchAPI = GlobalFetch['fetch'];` with
+
+```typescript
+export type FetchAPI = WindowOrWorkerGlobalScope['fetch'];
+```
+
+# Trubleshooting
+
+## 502 error on registration
+
+The error is related to ingress nginx proxy size.
+Edit the configmap nginx-load-balancer-conf (or nginx-ingress-controller) and set value:
+
+```yaml
+data:
+  "proxy-buffer-size": "16k"
+```
+
+
+

applications/salk-portal/deploy/resources/keycloak.json

@@ -0,0 +1,9 @@
+{
+  "realm": {{ .Values.namespace | quote }},
+  "auth-server-url": {{ (printf  "%s://%s.%s/auth" (ternary "http" "https" (not .Values.tls)) .Values.apps.accounts.harness.subdomain  .Values.domain) | quote }},
+  "ssl-required": "external",
+  "resource": "web-client",
+  "public-client": true,
+  "verify-token-audience": true,
+  "confidential-port": 0
+}

applications/salk-portal/deploy/values-local.yaml

@@ -0,0 +1,11 @@
+harness:
+  sentry: false
+  dependencies:
+    soft:
+      - accounts
+      - common
+      - volumemanager
+      - workspaces
+      - workflows
+      - jupyterhub
+      - jupyterlab

applications/salk-portal/deploy/values-minimal.yaml

@@ -0,0 +1,9 @@
+harness:
+  sentry: false
+  dependencies:
+    soft:
+      - accounts
+      - common
+      - volumemanager
+      - workspaces
+

applications/salk-portal/deploy/values.yaml

@@ -0,0 +1,26 @@
+harness:
+  subdomain: www
+  secured: false
+  deployment:
+    auto: true
+    port: 80
+  service:
+    auto: true
+    port: 80
+  resources:
+    - name: "keycloak"
+      src: "keycloak.json"
+      dst: "/usr/share/nginx/html/keycloak.json"
+  sentry: true
+  use_services:
+    - name: workspaces
+    - name: common
+  dependencies:
+    soft:
+      - accounts
+      - common
+      - volumemanager
+      - workspaces
+      - workflows
+      - jupyterhub
+      - jupyterlab

applications/salk-portal/entrypoint.sh

@@ -0,0 +1,7 @@
+#!/bin/sh
+sed -i "s/__DOMAIN__/${CH_ACCOUNTS_AUTH_DOMAIN:-https://accounts.salk.local/auth/}/g" /usr/share/nginx/html/keycloak/keycloak.json
+sed -i "s/__NAMESPACE__/${CH_ACCOUNTS_REALM:-salk}/g" /usr/share/nginx/html/keycloak/keycloak.json
+sed -i "s/__REALM__/${CH_ACCOUNTS_REALM:-salk}/g" /etc/nginx/nginx.conf
+
+
+nginx -g "daemon off;"

applications/salk-portal/genapi.sh

@@ -0,0 +1,4 @@
+#!/bin/bash
+
+rm -rf src/apiclient/workspaces
+java -jar ../../cloud-harness/utilities/cloudharness_utilities/bin/openapi-generator-cli.jar generate -i http://127.0.0.1:8000/api/schema?format=openapi -g typescript-fetch -o src/apiclient/workspaces

applications/salk-portal/nginx.conf

@@ -0,0 +1,75 @@
+
+user  nginx;
+worker_processes  auto;
+
+error_log  /var/log/nginx/error.log warn;
+pid        /var/run/nginx.pid;
+
+
+events {
+    worker_connections  1024;
+}
+
+
+http {
+    include       /etc/nginx/mime.types;
+    default_type  application/octet-stream;
+
+    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
+                      '$status $body_bytes_sent "$http_referer" '
+                      '"$http_user_agent" "$http_x_forwarded_for"';
+
+    access_log  /var/log/nginx/access.log  main;
+
+    sendfile        on;
+    #tcp_nopush     on;
+
+    keepalive_timeout  65;
+
+    gzip  on;
+
+    server {
+        listen       80;
+        server_name  localhost;
+
+        #charset koi8-r;
+        #access_log  /var/log/nginx/host.access.log  main;
+
+        location / {
+            root   /usr/share/nginx/html;
+            try_files $uri /index.html;
+        }
+
+        #error_page  404              /404.html;
+
+        # redirect server error pages to the static page /50x.html
+        #
+        error_page   500 502 503 504  /50x.html;
+        location = /50x.html {
+            root   /usr/share/nginx/html;
+        }
+
+        # proxy the PHP scripts to Apache listening on 127.0.0.1:80
+        #
+        #location ~ \.php$ {
+        #    proxy_pass   http://127.0.0.1;
+        #}
+
+        # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
+        #
+        #location ~ \.php$ {
+        #    root           html;
+        #    fastcgi_pass   127.0.0.1:9000;
+        #    fastcgi_index  index.php;
+        #    fastcgi_param  SCRIPT_FILENAME  /scripts$fastcgi_script_name;
+        #    include        fastcgi_params;
+        #}
+
+        # deny access to .htaccess files, if Apache's document root
+        # concurs with nginx's one
+        #
+        #location ~ /\.ht {
+        #    deny  all;
+        #}
+    }
+}