owkin / charts Goto Github PK

What would you like to be added:

Can you make GitHub releases also? Helm hub does not have any subscription, so it's hard to track latest versions of the chart.

Why is this needed:

If you make releases on GitHub, anyone can user "Watch" option to track new releases of the chart.

In our stack we use labels to identify pods to make the logs command more easily repeatable.

How about I add this option to the config (you already have the same for service and ingress).

I would say the key would be deployment.labels (like services for example) and they would also be applied to pods.

I would like to ask if there are any instructions for deploying HLF using this helm charts and how to build a simple network?

What would you like to be added:
Allow annotations for services

Why is this needed:
Cloud services such as AWS and GCP requires service's annotations for some functionalities.

There's also other useful annotations for services such as external-dns to automate creation of dns records.

What would you like to be added:
I would like to add the env FABRIC_LOGGING_SPEC to the peer and ord env for debugging purposes.

Why is this needed:
Debugging purposes, hlf has enabled this and is now the preferred logging level mechanism

https://hyperledger-fabric.readthedocs.io/en/release-2.2/logging-control.html#logging-specification

Describe the bug
Pypiserver errors when auth.actions is an empty string, i.e. we want to disable auth completely on the pypiserver.

Seems like pypiserver gets run with the flags

--passwords=/config/.htpasswd --authenticate=""

Which causes pypiserver to error, since passwords must be empty i.e. --passwords=.

To Reproduce
helm install pypiserver owkin/pypiserver --set auth.actions=""

Expected behavior
Pypiserver should start up correctly by passing the flag --passwords=. when auth.actions is empty.

Additional context
See the docs describing --authenticate to see that pypiserver requires that --passwords=. when the authentication actions is empty.

What would you like to be added:

StatefulSet in addition, as an alternative to Deployment.

Why is this needed:

PD is deleted if Deployment/release is deleted (when PVC is managed by Helm). That does not happen in case when StatefulSet is deleted. If I need to delete release, but keep all the libraries in my private PyPI repository, then I need to use StatefulSet instead of Deployment.

I would like to specify the --disable-fallback as an argument to the pypiserver, but there is currently no option for that.

How about we add a pypiserver.commandOptions (list) option for values.

The only problem I see is possible duplicates (you already specify the -P, -p and -a flag...

Optimal would be an overwrite possibility, but I will have to check that out.

Is this in line with your ideas?

In the pypiserver helm chart you need to add a fsGroup security context to the template spec so that the persistent volume claim, /data/packages, mount path group ownership is the pypiserver group (see the pypiserver docker hub dockerfile for the user and group guids). Otherwise, you will not have permissions to add files to the packages directory.

securityContext:
fsGroup: 9898

Also, their pypiserver dockerfile has an error which they haven't fixed yet. The py2-pip package needs to be in the base image otherwise the 'pypi-server -U' command does not work.

And, just a side note i don't think that you need the following code in the deployment resource:

{{- else }}
emptyDir: {}

The mountPath is dependent on the persistent volume, So, if you set up {{- if Values.persistence.enable }} logic around the Volumes: and volumeMounts: you don't need the {{- else }}

Checkout the AWS integration for ELB, NLB, and ALB. The service resource can be annotated to create the desired resource which negates the need for an ingress resource.

annotations:
service.beta.kubernetes.io/aws-load-balancer-type: nlb

https://hub.docker.com/r/pypiserver/pypiserver/dockerfile
https://kubernetes.io/docs/tasks/configure-pod-container/security-context/

What would you like to be added:
It would be nice to have an ability to provide existing secret with credentials for pypi server.

Why is this needed:
In some scenarios, it is not safe to include secrets in git repos. This change would allow using some mechanisms as f.e.: kubernetes external secrets.

What the matter?
I want to run pypiserver on kubernetes using this helm with caching mode enabled to cache requests to external libraries. How to do it using this helm?

Environment:

• Kubernetes version (use kubectl version): 1.21
• Cloud provider or hardware configuration: aws