Skaha Helm Chart¶
The Skaha Helm chart facilitates the deployment of the Skaha application within a Kubernetes cluster. This chart is designed to streamline the installation and management of Skaha, ensuring a seamless integration into your Kubernetes environment.
Prerequisites¶
Before deploying the Skaha Helm chart, ensure that the following conditions are met:
- Kubernetes Cluster: A running Kubernetes cluster, version 1.29 or higher.
- Helm: Helm package manager, version 3, installed on your machine. Refer to the official Helm documentation for installation instructions.
- Kueue: Kueue is recommended to be installed in your cluster, as Skaha optionally integrates with Kueue for job queueing. Follow the Kueue installation guide to set it up.
Installation¶
To deploy the Skaha application using the Helm chart, follow these steps:
-
Add the Skaha Helm Repository:
-
Update Helm Repositories:
-
Install the Skaha Chart:
Replacehelm --namespace skaha-system upgrade --install --values <your-skaha-values.yaml> skaha-release skaha-repo/skahaskaha-releasewith your desired release name.
Configuration¶
The Skaha Helm chart comes with a default configuration suitable for most deployments. However, you can customize the installation by providing your own values.yaml file. This allows you to override default settings such as resource allocations, environment variables, and other parameters.
To customize the installation:
- Create a
values.yamlFile: Define your custom configurations in this file. - Install the Chart with Custom Values:
LimitRange¶
You can define a LimitRange for User Session Pods by modifying the deployment.skaha.sessions.limitRange section in your values.yaml file. This configuration allows you to set resource limits and requests for different session types. The min clause is ignored due to hard-coded resources for Desktop and Firefly sessions. This will go directly into a LimitRange object created in the Skaha workload Namespace, and, as such, supports the Kubernetes
units.
The rbac section allows you to create the necessary Role and RoleBinding for the LimitRange object. If your organization does not permit the creation of RBAC objects, you can set create to false and manage the RBAC externally.
deployment:
skaha:
sessions:
limitRange:
rbac:
create: true
limitSpec:
max:
# maximum resource limit to grow to, also used by the UI to limit selectable resources
memory: "96Gi"
cpu: "12"
default:
# actually refers to default limit
memory: "32Gi"
cpu: "8"
defaultRequest:
# default resource requests
memory: "4Gi"
cpu: "1"
Flexible Session Pods¶
You can customize the User Session Pods by modifying the deployment.skaha.sessions section in your values.yaml file. This includes settings for resource requests, storage allocation, and more.
Flexible User sessions are created with a small amount of CPU and memory by default and are allowed to grow to a specified limit in the LimitRange configuration. You can adjust these minimum (request) settings as needed:
deployment:
skaha:
sessions:
flexResourceRequests:
# The headless session type resource requests get slightly more resources to start.
headless:
memoryInGB: "2"
cpuCores: "1"
notebook:
memoryInGB: "2"
cpuCores: "0.5"
The headless, notebook, desktop, contributed, and firefly session types can all be customized individually. Any session type not specified will use the values defined in the LimitRange configuration.
Note that Kubernetes resource units are not supported in this configuration; only floating point or integer numbers as strings are valid. For example, for 100m of CPU, use "0.1".
Notes on tolerations and nodeAffinity¶
Ensure that tolerations and nodeAffinity are at the expected indentation! These are YAML configurations passed directly to Kubernetes, and the base .tolerations and .deployment.skaha.nodeAffinity values apply to the skaha API only, whereas the .deployment.skaha.sessions.tolerations and .deployment.skaha.sessions.nodeAffinity apply to all User Session Pods.
Kueue¶
Skaha leverages Kueue for efficient job queueing and management when properly installed and configured in your cluster. For detailed information on Kueue's features and setup, refer to the Kueue documentation.
Installation¶
https://kueue.sigs.k8s.io/docs/installation/#install-a-released-version
Will install the Kueue Chart, with a default ClusterQueue, and whatever defined LocalQueues were declared in the deployment.skaha.sessions.kueue section:
To determine your cluster's allocatable resources, checkout a small Python utility (requires uv):
https://github.com/opencadc/deployments/tree/main/configs/kueue/kueuer
Then run:
git clone https://github.com/opencadc/deployments.git
cd deployments/configs/kueue/kueuer
# if not using the default ~/.kube/config
export KUBECONFIG=/home/user/.kube/my-config
# 60% of cluster resources
uv run kr cluster resources -f allocatable -s 0.6
# 80% of cluster resources
uv run kr cluster resources -f allocatable -s 0.8
Uninstallation¶
To remove the Skaha application from your cluster:
This command will delete all resources associated with the Skaha release.
License¶
This project is licensed under the MIT License. For more information, refer to the LICENSE file in the repository.
Values Reference¶
skaha¶
A Helm chart to install the Skaha web service of the CANFAR Science Platform
| Chart | AppVersion | Type |
|---|---|---|
| 1.4.0 | 1.2.0 | application |
Requirements¶
| Repository | Name | Version |
|---|---|---|
| file://../utils | utils | ^0.1.0 |
| oci://registry-1.docker.io/bitnamicharts | redis | ^18.19.0 |
Values¶
| Key | Type | Default | Description |
|---|---|---|---|
| deployment.hostname | string | "myhost.example.com" |
|
| deployment.skaha.apiVersion | string | "v1" |
|
| deployment.skaha.defaultQuotaGB | string | "10" |
|
| deployment.skaha.identityManagerClass | string | "org.opencadc.auth.StandardIdentityManager" |
|
| deployment.skaha.image | string | "images.opencadc.org/platform/skaha:1.1.7" |
|
| deployment.skaha.imageCache.refreshSchedule | string | "*/30 * * * *" |
|
| deployment.skaha.imagePullPolicy | string | "Always" |
|
| deployment.skaha.init.image | string | "busybox:1.37.0" |
|
| deployment.skaha.init.imagePullPolicy | string | "IfNotPresent" |
|
| deployment.skaha.posixMapperCacheTTLSeconds | string | "86400" |
|
| deployment.skaha.priorityClassName | string | "uber-user-preempt-high" |
|
| deployment.skaha.registryHosts | string | "images.canfar.net" |
|
| deployment.skaha.resources.limits.cpu | string | "2000m" |
|
| deployment.skaha.resources.limits.memory | string | "3Gi" |
|
| deployment.skaha.resources.requests.cpu | string | "1000m" |
|
| deployment.skaha.resources.requests.memory | string | "2Gi" |
|
| deployment.skaha.serviceAccountName | string | "skaha" |
|
| deployment.skaha.sessions.expirySeconds | string | "345600" |
|
| deployment.skaha.sessions.flexResourceRequests.headless.cpuCores | string | "1" |
|
| deployment.skaha.sessions.flexResourceRequests.headless.memoryInGB | string | "2" |
|
| deployment.skaha.sessions.imagePullPolicy | string | "Always" |
|
| deployment.skaha.sessions.ingress.customResponseHeaders | object | {} |
|
| deployment.skaha.sessions.ingress.tls | object | {} |
|
| deployment.skaha.sessions.initContainerImage | string | "redis:8.2.2-bookworm" |
|
| deployment.skaha.sessions.kueue | object | {} |
|
| deployment.skaha.sessions.limitRange | object | {} |
|
| deployment.skaha.sessions.maxCount | string | "5" |
|
| deployment.skaha.sessions.maxEphemeralStorage | string | "200Gi" |
|
| deployment.skaha.sessions.minEphemeralStorage | string | "20Gi" |
|
| deployment.skaha.sessions.nodeLabelSelector | string | nil |
|
| deployment.skaha.sessions.tolerations | list | [] |
|
| deployment.skaha.sessions.userStorage.admin.auth | string | nil |
|
| deployment.skaha.sessions.userStorage.homeDirectory | string | "home" |
|
| deployment.skaha.sessions.userStorage.persistentVolumeClaimName | string | "skaha-workload-cavern-pvc" |
|
| deployment.skaha.sessions.userStorage.projectsDirectory | string | "projects" |
|
| deployment.skaha.sessions.userStorage.topLevelDirectory | string | "/cavern" |
|
| experimentalFeatures.enabled | bool | false |
|
| experimentalFeatures.sessionLimitRange | object | {} |
|
| ingress.enabled | bool | true |
|
| ingress.path | string | "/skaha" |
|
| kubernetesClusterDomain | string | "cluster.local" |
|
| podSecurityContext | object | {} |
|
| redis.architecture | string | "standalone" |
|
| redis.auth.enabled | bool | false |
|
| redis.image.repository | string | "redis" |
|
| redis.image.tag | string | "8.2.2-bookworm" |
|
| redis.master.containerSecurityContext.allowPrivilegeEscalation | bool | false |
|
| redis.master.containerSecurityContext.capabilities.drop[0] | string | "ALL" |
|
| redis.master.containerSecurityContext.readOnlyRootFilesystem | bool | true |
|
| redis.master.containerSecurityContext.runAsGroup | int | 1001 |
|
| redis.master.containerSecurityContext.runAsNonRoot | bool | true |
|
| redis.master.containerSecurityContext.runAsUser | int | 1001 |
|
| redis.master.containerSecurityContext.seccompProfile.type | string | "RuntimeDefault" |
|
| redis.master.persistence.enabled | bool | false |
|
| replicaCount | int | 1 |
|
| secrets | string | nil |
|
| securityContext | object | {} |
|
| service.port | int | 8080 |
|
| skahaWorkload.namespace | string | "skaha-workload" |
|
| tolerations | list | [] |