-
Notifications
You must be signed in to change notification settings - Fork 11
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
#41 Summary of changes: - Added run-user non-root user setup - Remove old non-user setup. - Update sequrity team requirements. - Re-implemented as multi-part rock.
- Loading branch information
Ivan Chvets
committed
Aug 17, 2023
1 parent
0bfee8a
commit 2bbdc84
Showing
2 changed files
with
78 additions
and
56 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,88 +1,110 @@ | ||
| # Based on https://github.com/kubeflow/kubeflow/blob/master/components/crud-web-apps/jupyter/Dockerfile | ||
| name: jupyter-web-app | ||
| summary: An image for Jupyter UI | ||
| description: | | ||
| This image is used as part of Charmed Kubeflow product. Jupyter UI web application provides | ||
| users with web UI to access and manipulate Jupyter Notebooks in Charmed Kubeflow. | ||
| version: v1.7.0_22.04_1 # version format: <KF-upstream-version>_<base-version>_<Charmed-KF-version> | ||
| version: v1.7.0_20.04_1 # version format: <KF-upstream-version>_<base-version>_<Charmed-KF-version> | ||
| license: Apache-2.0 | ||
| base: ubuntu:22.04 | ||
| base: ubuntu:20.04 | ||
| run-user: _daemon_ | ||
| services: | ||
| jupyter: | ||
| jupyter-ui: | ||
| override: replace | ||
| summary: "jupyter-ui service" | ||
| startup: enabled | ||
| user: ubuntu | ||
| command: "/bin/bash -c gunicorn -w 3 --bind 0.0.0.0:5000 --access-logfile - entrypoint:app" | ||
| platforms: | ||
| amd64: | ||
|
|
||
| parts: | ||
| jupyter-ui: | ||
| backend: | ||
| plugin: nil | ||
| source: https://github.com/kubeflow/kubeflow | ||
| source-type: git | ||
| source-tag: v1.7-branch # upstream branch | ||
| source-tag: v1.7-branch # upstream branch | ||
| source-depth: 1 | ||
| build-packages: | ||
| - bash | ||
| build-environment: | ||
| - KF_REPO: "/root/parts/kubeflow-repo" | ||
| - NG_CLI_ANALYTICS: "ci" | ||
| - python3-venv | ||
| - python3-setuptools | ||
| - python3-pip | ||
| override-build: | | ||
| set -xe | ||
| # install dependencies | ||
| curl --output get-pip.py https://bootstrap.pypa.io/get-pip.py && \ | ||
| python3 get-pip.py | ||
| # build backend kubeflow wheel | ||
| cd $CRAFT_PART_BUILD | ||
| cp $KF_REPO/src/components/crud-web-apps/common/backend/* ./ -r | ||
| python3 -m pip install wheel | ||
| cd components/crud-web-apps/common/backend | ||
| python3 setup.py bdist_wheel | ||
| cp dist/kubeflow-1.1-py3-none-any.whl $CRAFT_STAGE | ||
| # build backend kubeflow library | ||
| cp $KF_REPO/src/components/crud-web-apps/common/frontend/kubeflow-common-lib/package.json ./ | ||
| cp $KF_REPO/src/components/crud-web-apps/common/frontend/kubeflow-common-lib/package-lock.json ./ | ||
| frontend-lib: | ||
| plugin: nil | ||
| source: https://github.com/kubeflow/kubeflow | ||
| source-type: git | ||
| source-tag: v1.7-branch # upstream branch | ||
| source-depth: 1 | ||
| build-snaps: | ||
| - node/12/stable | ||
| build-environment: | ||
| - NG_CLI_ANALYTICS: "ci" | ||
| override-build: | | ||
| cd components/crud-web-apps/common/frontend/kubeflow-common-lib | ||
| npm ci | ||
| cp $KF_REPO/src/components/crud-web-apps/common/frontend/kubeflow-common-lib/projects ./ -r | ||
| cp $KF_REPO/src/components/crud-web-apps/common/frontend/kubeflow-common-lib/angular.json . | ||
| cp $KF_REPO/src/components/crud-web-apps/common/frontend/kubeflow-common-lib/tsconfig.json . | ||
| npm run build | ||
| cp -r dist/kubeflow/ $CRAFT_STAGE | ||
| # build frontend | ||
| cp $KF_REPO/src/components/crud-web-apps/jupyter/frontend/package.json ./ | ||
| cp $KF_REPO/src/components/crud-web-apps/jupyter/frontend/package-lock.json ./ | ||
| cp $KF_REPO/src/components/crud-web-apps/jupyter/frontend/tsconfig.json ./ | ||
| cp $KF_REPO/src/components/crud-web-apps/jupyter/frontend/tsconfig.app.json ./ | ||
| cp $KF_REPO/src/components/crud-web-apps/jupyter/frontend/tsconfig.spec.json ./ | ||
| cp $KF_REPO/src/components/crud-web-apps/jupyter/frontend/angular.json ./ | ||
| cp $KF_REPO/src/components/crud-web-apps/jupyter/frontend/src ./ -r | ||
| frontend: | ||
| after: [frontend-lib] | ||
| plugin: nil | ||
| source: https://github.com/kubeflow/kubeflow | ||
| source-type: git | ||
| source-tag: v1.7-branch # upstream branch | ||
| source-depth: 1 | ||
| build-snaps: | ||
| - node/12/stable | ||
| build-environment: | ||
| - NG_CLI_ANALYTICS: "ci" | ||
| override-build: | | ||
| cd components/crud-web-apps/jupyter/frontend | ||
| npm ci | ||
| # install jupyter ui web app | ||
| cp -r ./dist/kubeflow/ ./node_modules/kubeflow | ||
| cp -r $CRAFT_STAGE/kubeflow/ ./node_modules/ # TODO confirm | ||
| npm run build -- --output-path=./dist/default --configuration=production | ||
| pip3 install . | ||
| cp -r dist/default $CRAFT_STAGE | ||
| cp $KF_REPO/src/components/crud-web-apps/jupyter/backend/requirements.txt . | ||
| pip3 install -r requirements.txt | ||
| webapp: | ||
| after: [backend, frontend] | ||
| plugin: nil | ||
| source: https://github.com/kubeflow/kubeflow | ||
| source-type: git | ||
| source-tag: v1.7-branch # upstream branch | ||
| source-depth: 1 | ||
| build-packages: | ||
| - python3-venv | ||
| - python3-setuptools | ||
| - python3-pip | ||
| override-build: | | ||
| pip3 install $CRAFT_STAGE/kubeflow-1.1-py3-none-any.whl | ||
| cd components/crud-web-apps/jupyter/backend | ||
| cp -r $CRAFT_STAGE/default apps/default/static/ | ||
| cp -r apps $CRAFT_STAGE/ | ||
| cp entrypoint.py $CRAFT_STAGE | ||
| override-stage: | | ||
| cp -r apps $CRAFT_PRIME | ||
| cp entrypoint.py $CRAFT_PRIME | ||
| cp -r /usr/local/lib/python3.8/dist-packages/* $CRAFT_PRIME | ||
| cp $KF_REPO/src/components/crud-web-apps/jupyter/backend/apps/ ./ -r | ||
| cp $KF_REPO/src/components/crud-web-apps/jupyter/backend/entrypoint.py . | ||
| gunicorn: | ||
| plugin: python | ||
| source: https://github.com/kubeflow/kubeflow.git | ||
| source-tag: v1.7-branch # upstream branch | ||
| source-depth: 1 | ||
| python-requirements: | ||
| - components/crud-web-apps/jupyter/backend/requirements.txt | ||
| stage-packages: | ||
| - python3-venv | ||
|
|
||
| # security requirement | ||
| security-team-requirement: | ||
| plugin: nil | ||
| override-build: | | ||
| mkdir -p ${CRAFT_PART_INSTALL}/usr/share/rocks | ||
| (echo "# os-release" && cat /etc/os-release && echo "# dpkg-query" && \ | ||
| dpkg-query -f '${db:Status-Abbrev},${binary:Package},${Version},${source:Package},${Source:Version}\n' -W) \ | ||
| > ${CRAFT_PART_INSTALL}/usr/share/rocks/dpkg.query | ||
| organize: | ||
| ./dist/default: /src/apps/default/static | ||
| dpkg-query -f '${db:Status-Abbrev},${binary:Package},${Version},${source:Package},${Source:Version}\n' -W) \ | ||
| > ${CRAFT_PART_INSTALL}/usr/share/rocks/dpkg.query | ||
| non-root-user: | ||
| plugin: nil | ||
| after: [jupyter-ui] | ||
| overlay-script: | | ||
| # Create a user in the $CRAFT_OVERLAY chroot | ||
| groupadd -R $CRAFT_OVERLAY -g 1001 ubuntu | ||
| useradd -R $CRAFT_OVERLAY -M -r -u 1001 -g ubuntu ubuntu |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters