diff --git a/.github/workflows/helm-chart.yml b/.github/workflows/helm-chart.yml index e53635d..46b551b 100644 --- a/.github/workflows/helm-chart.yml +++ b/.github/workflows/helm-chart.yml @@ -7,8 +7,8 @@ on: - Helm_artifacts env: - HELM_CHART_VERSION: 1.1.0 - MATLAB_APP_VERSION: "R2024b" + HELM_CHART_VERSION: 1.2.0 + MATLAB_APP_VERSION: "R2025a" jobs: release-helm-chart: diff --git a/LICENSE.md b/LICENSE.md index 440f91a..1db2bb8 100644 --- a/LICENSE.md +++ b/LICENSE.md @@ -4,7 +4,7 @@ The files in this GitHub repository refer to commercial software products and se The following license terms apply only to the files in this GitHub repository, including files in this folder and its subfolders, and do not apply to MathWorks Programs. References to “software” and “code” in the following license terms refer to the files in this GitHub repository. -Copyright (c) 2024, The MathWorks, Inc. +Copyright (c) 2025, The MathWorks, Inc. All rights reserved. diff --git a/README.md b/README.md index bef5930..2440012 100644 --- a/README.md +++ b/README.md @@ -25,7 +25,7 @@ Before starting, you need the following: * [Git™](https://git-scm.com/) * [Docker®](https://www.docker.com/) * Running [Kubernetes](https://kubernetes.io/) cluster that meets the following conditions: - * Uses Kubernetes version 1.28 or later. + * Uses Kubernetes version 1.29 or later. * Each MATLAB Production Server container in the Kubernetes cluster requires at least 1 CPU core and 2 GiB RAM. * [kubectl](https://kubernetes.io/docs/reference/kubectl/overview/) command-line tool that can access your Kubernetes cluster * [Helm](https://helm.sh/) package manager to install Helm charts that contain preconfigured Kubernetes resources for MATLAB Production Server @@ -35,10 +35,9 @@ If you do not have a license, please contact your MathWorks representative [here ## Quick Start The Quick Start option is recommended for the following cases: -* You are deploying MATLAB Production Server R2024b or newer -* You don't require significant changes to the Helm chart -* You are not running MATLAB Production server on Kubernetes as part of a CI/CD workflow -For CI/CD workflows, we recommend that you cache docker images in your private container registry. For more complex workflows, use the [Deployment Steps](#Deployment-Steps) +* You are deploying MATLAB Production Server R2024b or newer. +* You don't require significant changes to the Helm chart. +* For CI/CD workflows, we recommend that you retag and cache docker images in your private container registry. The Quick Start option only requires you to download a single file, rather than cloning the full GitHub repository. For more complex workflows, use the [Deployment Steps](#Deployment-Steps) @@ -54,10 +53,10 @@ The Quick Start option only requires you to download a single file, rather than To accept the license terms, set global > agreeToLicense to "yes". To specify the address of the license server, set global > licenseServer using the format port_number@host. - Next, install the Helm chart for MATLAB Production Server by using the following `helm install` command: + Next, install the Helm chart for MATLAB Production Server R2025a by using the following `helm install` command: ``` - helm install -f [-n ] --generate-name oci://containers.mathworks.com/matlab-prodserver-k8s --version 1.1.0 + helm install -f [-n ] --generate-name oci://containers.mathworks.com/matlab-prodserver-k8s --version 1.2.0 ``` 4. After the deployment is complete, upload the MATLAB Production Server deployable archive to your network file server or Azure file share. All users must have read permission to the deployable archive. @@ -71,7 +70,7 @@ The MATLAB Production Server on Kubernetes GitHub repository contains Helm chart ``` This repository includes Helm chart folders for each supported MATLAB Production Server release and a `values-overrides.yaml` file containing configuration options that apply across all release deployments. -2. Navigate to the Helm chart folder for the release you want to use. Replace `` with the release version, for example, `R2024b`. +2. Navigate to the Helm chart folder for the release you want to use. Replace `` with the release version, for example, `R2025a`. ``` cd matlab-production-server-on-kubernetes/releases//matlab-prodserver ``` @@ -88,7 +87,7 @@ The MATLAB Production Server on Kubernetes GitHub repository contains Helm chart ``` * `containers.mathworks.com` is the name of the container registry. * `matlab-production-server` is the name of the repository. - * `` is the tag name of the MATLAB Production Server release, for example, `r2024b`. + * `` is the tag name of the MATLAB Production Server release, for example, `r2025a`. The `values.yaml` file specifies these values in the `productionServer` section, in the `registry`, `repository`, and `tag` variables, respectively. @@ -99,7 +98,7 @@ The MATLAB Production Server on Kubernetes GitHub repository contains Helm chart ``` * `containers.mathworks.com` is the name of the container registry. * `matlab-runtime` is the name of the repository. - * `` is the tag name of the MATLAB Runtime release. Update this value to the release version of the MATLAB Runtime you are using, for example, `r2024b`. MATLAB Production Server supports MATLAB Runtime versions up to six releases back from the MATLAB Production Server version you are using. + * `` is the tag name of the MATLAB Runtime release. Update this value to the release version of the MATLAB Runtime you are using, for example, `r2025a`. MATLAB Production Server supports MATLAB Runtime versions up to six releases back from the MATLAB Production Server version you are using. The `values.yaml` file specifies these values in the `matlabRuntime` section, in the `registry`, `repository`, and `tag` variables, respectively. @@ -174,7 +173,7 @@ The default server configuration properties are stored in a [ConfigMap](https:// ## Execute Deployed Functions -To evaluate MATLAB functions deployed on the server, see [Client Programming](https://www.mathworks.com/help/mps/client-programming.html). Starting in R2022a, asynchronous request execution is supported, in addition to existing support for synchronous request execution. +To evaluate MATLAB functions deployed on the server, see [Client Programming](https://www.mathworks.com/help/mps/client-programming.html). Both synchronous and asynchronous request execution are supported. ## Request Enhancements @@ -187,5 +186,5 @@ If you require assistance, contact [MathWorks Technical Support](https://www.mat ## License -MATHWORKS CLOUD REFERENCE ARCHITECTURE LICENSE © 2024 The MathWorks, Inc. +MATHWORKS CLOUD REFERENCE ARCHITECTURE LICENSE © 2025 The MathWorks, Inc. diff --git a/releases/R2022a/matlab-prodserver/templates/mps-1-service-ingress.yaml b/releases/R2022a/matlab-prodserver/templates/mps-1-service-ingress.yaml deleted file mode 100644 index 033a215..0000000 --- a/releases/R2022a/matlab-prodserver/templates/mps-1-service-ingress.yaml +++ /dev/null @@ -1,49 +0,0 @@ -# -# Expose MATLAB Production Server internal endpoint -# -kind: Service -apiVersion: v1 -metadata: - name: matlab-production-server - namespace: {{ .Release.Namespace }} - labels: - app: mps - release: {{ .Release.Name }} -spec: - selector: - app: mps - ports: - - name: mps-port - port: 9910 - targetPort: 9910 - type: ClusterIP - ---- -apiVersion: networking.k8s.io/v1 -kind: Ingress -metadata: - name: matlab-production-server-ingress - namespace: {{ .Release.Namespace }} - labels: - release: {{ .Release.Name }} - annotations: - {{ if .Values.global.ingressController }} - ## set ingress-conroller vendor-specific annotations: - {{- range $key, $value := .Values.global.ingressController.annotations }} - {{ $key }}: {{ quote $value }} - {{- end }} - {{ end }} -spec: - ingressClassName: {{ .Values.global.ingressController.name }} - rules: - - host: {{ .Values.global.ingressController.domainBase }} - http: - paths: - - path: / - pathType: Prefix - backend: - service: - name: matlab-production-server - port: - number: 9910 - diff --git a/releases/R2022a/matlab-prodserver/values.yaml b/releases/R2022a/matlab-prodserver/values.yaml deleted file mode 100644 index bb4daca..0000000 --- a/releases/R2022a/matlab-prodserver/values.yaml +++ /dev/null @@ -1,65 +0,0 @@ -# Values for MATLAB Production Server Helm Chart - -global: - # MathWorks Cloud Reference Architecture License, example: "yes" (in quotes) - agreeToLicense: "" - # Network License Manager: server host and port number, example: 27000@hostname - licenseServer: 27000@hostname - ingressController: - # Nginx settings (optional) - name: nginx - annotations: - nginx.ingress.kubernetes.io/affinity: "cookie" - nginx.ingress.kubernetes.io/load-balance: "round_robin" - nginx.ingress.kubernetes.io/proxy-read-timeout: "300" - domainBase: matlabprodserver.mwcloudtest.com - -matlabProductionServerSettings: - # CTF files are placed here for automatic deployment. - autoDeploy: - # Inline mount options: hostpath, nfs, azurefileshare, empty (default) - volumeType: "empty" - # Node mount dir, example: /mnt/share/autodeploy - hostpath: "" - # ================================================================= - # NFS server, example: server-sb08-nfs - server: "" - # NFS subpath, example: /vmgr/sandbox/share/autodeploy - path: "" - # ================================================================= - # Azure storage account file share name, example: auto-deploy-share - shareName: "" - # Azure storage account key secret name, example: azure-file-secret - secretName: "" - # ================================================================= - # Maximum number of worker processes (per pod). - numWorkers: 2 - -images: - productionServer: - registry: containers.mathworks.com - repository: matlab-production-server - tag: r2022a - variant: R2022a - pullPolicy: IfNotPresent - pullSecret: "" - - matlabRuntime: - registry: containers.mathworks.com - repository: matlab-runtime - tag: r2022a - variant: v912 - pullPolicy: IfNotPresent - pullSecret: "" - -deploymentSettings: - cpuRequest: "1" - memoryRequest: "2Gi" - replicaCount: 1 - restartPolicy: Always - -optionalSettings: - Redis: - host: {} - name: myRedis - diff --git a/releases/R2022a/matlab-prodserver/Chart.yaml b/releases/R2025a/matlab-prodserver/Chart.yaml similarity index 74% rename from releases/R2022a/matlab-prodserver/Chart.yaml rename to releases/R2025a/matlab-prodserver/Chart.yaml index f3c0759..e95d5d4 100644 --- a/releases/R2022a/matlab-prodserver/Chart.yaml +++ b/releases/R2025a/matlab-prodserver/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v2 -appVersion: "R2022a" +appVersion: "R2025a" description: MATLAB Production Server Helm chart for Kubernetes name: matlab-prodserver-k8s -version: 0.1.1 +version: 1.2.0 diff --git a/releases/R2025a/matlab-prodserver/templates/_helpers.tpl b/releases/R2025a/matlab-prodserver/templates/_helpers.tpl new file mode 100644 index 0000000..e6a88ab --- /dev/null +++ b/releases/R2025a/matlab-prodserver/templates/_helpers.tpl @@ -0,0 +1,18 @@ +# Chart validation checks: + +{{- define "checkConditionReplicaCount" -}} +{{- if and (gt (int .Values.deploymentSettings.replicaCount) 1) .Values.matlabProductionServerSettings.autoDeploy.archivesApi.createPVC }} +{{- if ne .Values.matlabProductionServerSettings.autoDeploy.archivesApi.accessMode "ReadWriteMany" }} +{{- fail "Configuring multiple replicas requires PVC with ReadWriteMany Access-Mode." }} +{{- end }} +{{- end }} +{{- end }} + +{{- define "checkConditionVolumeType" -}} +{{- if .Values.matlabProductionServerSettings.autoDeploy.archivesApi.enabled }} +{{- $volumeType := .Values.matlabProductionServerSettings.autoDeploy.volumeType }} +{{- if and (ne $volumeType "pvc") (ne $volumeType "empty") }} +{{- fail "Configuring archives API is only supported with pvc or empty volume types." }} +{{- end }} +{{- end }} +{{- end }} diff --git a/releases/R2025a/matlab-prodserver/templates/mps-1-service-ingress.yaml b/releases/R2025a/matlab-prodserver/templates/mps-1-service-ingress.yaml new file mode 100644 index 0000000..0c2c9a5 --- /dev/null +++ b/releases/R2025a/matlab-prodserver/templates/mps-1-service-ingress.yaml @@ -0,0 +1,83 @@ +# +# Expose MATLAB Production Server internal endpoint +# +kind: Service +apiVersion: v1 +metadata: + name: matlab-production-server + namespace: {{ .Release.Namespace }} + labels: + app: mps + release: {{ .Release.Name }} +spec: + selector: + app: mps + ports: + - name: mps-port + port: 9910 + targetPort: 9910 + type: ClusterIP + +--- +{{- if .Values.global.ingressController.enabled }} +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: matlab-production-server-ingress + namespace: {{ .Release.Namespace }} + labels: + release: {{ .Release.Name }} + annotations: + {{ if .Values.global.ingressController }} + ## set ingress-conroller vendor-specific annotations: + {{- range $key, $value := .Values.global.ingressController.annotations }} + {{ $key }}: {{ quote $value }} + {{- end }} + {{ end }} +spec: + ingressClassName: {{ .Values.global.ingressController.name }} + {{ if .Values.global.ingressController.tls.enabled }} + tls: + - hosts: + - {{ .Values.global.ingressController.domainBase }} + {{- if .Values.global.ingressController.tls.secretName }} + secretName: {{ .Values.global.ingressController.tls.secretName }} + {{- end }} + {{ end }} + + rules: + - host: {{ .Values.global.ingressController.domainBase }} + http: + paths: + - path: / + pathType: Prefix + backend: + service: + name: matlab-production-server + port: + number: 9910 +{{- end }} + +--- +{{ if and (.Values.optionalSettings.Prometheus.enabled) (.Capabilities.APIVersions.Has "monitoring.coreos.com/v1/ServiceMonitor") }} +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: matlab-production-server-monitor + labels: + app: mps + app.kubernetes.io/part-of: {{ .Values.optionalSettings.Prometheus.matchOn }} + release: {{ .Values.optionalSettings.Prometheus.matchOn }} +spec: + selector: + matchLabels: + app: mps + release: {{ .Release.Name }} + namespaceSelector: + matchNames: + - {{ .Release.Namespace }} + endpoints: + - port: mps-port + path: /api/metrics +{{ end }} + diff --git a/releases/R2022a/matlab-prodserver/templates/mps-2-configmap.yaml b/releases/R2025a/matlab-prodserver/templates/mps-2-configmap.yaml similarity index 63% rename from releases/R2022a/matlab-prodserver/templates/mps-2-configmap.yaml rename to releases/R2025a/matlab-prodserver/templates/mps-2-configmap.yaml index 9f3e110..3c8bb89 100644 --- a/releases/R2022a/matlab-prodserver/templates/mps-2-configmap.yaml +++ b/releases/R2025a/matlab-prodserver/templates/mps-2-configmap.yaml @@ -9,7 +9,7 @@ data: main_config: | --http 9910 --ssl-verify-peer-mode no-verify-peer - --ssl-protocols TLSv1.1,TLSv1.2 + --ssl-protocols TLSv1.2 --ssl-ciphers ALL --mcr-root /opt/matlabruntime/{{ .Values.images.matlabRuntime.variant }} --num-workers {{ .Values.matlabProductionServerSettings.numWorkers | default 1 }} @@ -24,7 +24,7 @@ data: --log-rotation-size 100MB --log-archive-root ./old_logs --log-archive-max-size 1GB - --log-root ./log + {{ ternary "--log-root ./log" "" .Values.matlabProductionServerSettings.localFileLogging }} --log-stdout --license {{ .Values.global.licenseServer | default "27000@hostname" }} --license-grace-period 2:30 @@ -42,6 +42,17 @@ data: --server-memory-threshold-overflow-action purge_responses --enable-discovery --enable-metrics + {{ ternary "--enable-archive-management" "" .Values.matlabProductionServerSettings.autoDeploy.archivesApi.enabled }} + --routes-file ./config/routes.json + {{- if .Values.matlabProductionServerSettings.accessControl.enabled }} + --access-control-provider OAuth2 + --access-control-config ./config/jwt_idp.json + --access-control-policy ./config/ac_policy.json + + jwt_idp.json: {{ .Values.matlabProductionServerSettings.accessControl.identityProvider | quote }} + + ac_policy.json: {{ .Values.matlabProductionServerSettings.accessControl.policyRules | quote }} + {{- end }} {{- if .Values.optionalSettings.Redis.host }} mps_cache_config: | @@ -49,8 +60,18 @@ data: {"{{ .Values.optionalSettings.Redis.name }}": {"Provider":"Redis", "Host":{{ .Values.optionalSettings.Redis.host | quote }}, - "Port":{{ .Values.optionalSettings.Redis.port | default 6379 }}} + "Port":{{ .Values.optionalSettings.Redis.port | default 6379 }} + {{- if .Values.optionalSettings.Redis.auth }} + ,"Key":{{ .Values.optionalSettings.Redis.auth | quote }} + {{- end }} + } } } {{- end }} + routes.json: | + { + "version": "1.0.0", + "pathmap": [] + } + diff --git a/releases/R2022a/matlab-prodserver/templates/mps-3-deployment.yaml b/releases/R2025a/matlab-prodserver/templates/mps-3-deployment.yaml similarity index 57% rename from releases/R2022a/matlab-prodserver/templates/mps-3-deployment.yaml rename to releases/R2025a/matlab-prodserver/templates/mps-3-deployment.yaml index a319f63..51c956c 100644 --- a/releases/R2022a/matlab-prodserver/templates/mps-3-deployment.yaml +++ b/releases/R2025a/matlab-prodserver/templates/mps-3-deployment.yaml @@ -1,6 +1,9 @@ # # MATLAB Production Server instance # +{{- include "checkConditionVolumeType" . }} +{{- include "checkConditionReplicaCount" . }} + apiVersion: apps/v1 kind: Deployment metadata: @@ -19,25 +22,38 @@ spec: labels: app: mps annotations: + checksum/config: {{ include (print $.Template.BasePath "/mps-2-configmap.yaml") . | sha256sum }} + {{ if not .Values.optionalSettings.Prometheus.enabled }} prometheus.io/scrape: 'true' prometheus.io/path: '/api/metrics' prometheus.io/port: '9910' + {{ end }} spec: securityContext: runAsNonRoot: true - runAsUser: 1000 - runAsGroup: 1000 + runAsUser: 1001 + runAsGroup: 1001 + {{- if .Values.matlabProductionServerSettings.autoDeploy.archivesApi.createPVC }} + fsGroup: 1001 + {{- end }} containers: - name: mps - image: {{ .Values.images.productionServer.registry }}/{{ .Values.images.productionServer.repository }}:{{ .Values.images.productionServer.tag }} + image: {{ .Values.global.images.registry | default .Values.images.productionServer.registry }}/{{ .Values.images.productionServer.repository }}:{{ .Values.images.productionServer.tag }} env: - name: AGREE_TO_MATHWORKS_SOFTWARE_LICENSE - value: {{ .Values.global.agreeToLicense | default "no" | lower | quote }} + value: {{ required "agreeToLicense must be set to \"yes\"." .Values.global.agreeToLicense | default "no" | lower | quote }} - name: AGREE_TO_MATLAB_RUNTIME_LICENSE - value: {{ .Values.global.agreeToLicense | default "no" | lower | quote }} + value: {{ required "agreeToLicense must be set to \"yes\"." .Values.global.agreeToLicense | default "no" | lower | quote }} - name: LD_LIBRARY_PATH value: "/opt/matlabruntime/{{ .Values.images.matlabRuntime.variant }}/runtime/glnxa64:/opt/matlabruntime/{{ .Values.images.matlabRuntime.variant }}/bin/glnxa64:/opt/matlabruntime/{{ .Values.images.matlabRuntime.variant }}/sys/os/glnxa64:/opt/matlabruntime/{{ .Values.images.matlabRuntime.variant }}/extern/bin/glnxa64:/opt/matlabruntime/{{ .Values.images.matlabRuntime.variant }}/sys/opengl/lib/glnxa64" + {{ if .Values.optionalSettings.Redis.secretName }} + - name: MPS_REDIS_PASSWORD + valueFrom: + secretKeyRef: + name: {{ .Values.optionalSettings.Redis.secretName }} + key: {{ .Values.optionalSettings.Redis.secretKey | default "redis-password" }} + {{ end }} ports: - containerPort: 9910 @@ -62,8 +78,8 @@ spec: exec: command: - ls - - /opt/matlabruntime/{{ .Values.images.matlabRuntime.variant }}/MCR_license.txt - initialDelaySeconds: 30 + - /opt/matlabruntime/{{ .Values.images.matlabRuntime.variant }}/matlabruntime_license_agreement.pdf + initialDelaySeconds: 10 periodSeconds: 30 livenessProbe: @@ -82,13 +98,18 @@ spec: initContainers: - name: matlab-runtime - image: {{ .Values.images.matlabRuntime.registry }}/{{ .Values.images.matlabRuntime.repository }}:{{ .Values.images.matlabRuntime.tag }} + image: {{ .Values.global.images.registry | default .Values.images.matlabRuntime.registry }}/{{ .Values.images.matlabRuntime.repository }}:{{ .Values.images.matlabRuntime.tag }} command: - /bin/sh - -c - "cp -r /opt/matlabruntime/* /mnt/" + resources: + limits: + cpu: "1" + memory: "4Gi" + volumeMounts: - name: mcr-root mountPath: "/mnt" @@ -97,10 +118,13 @@ spec: restartPolicy: {{ .Values.deploymentSettings.restartPolicy }} imagePullSecrets: + {{- if .Values.global.images.pullSecret }} + - name: {{ .Values.global.images.pullSecret }} + {{- end }} {{- if .Values.images.productionServer.pullSecret }} - name: {{ .Values.images.productionServer.pullSecret }} {{- end }} - {{- if .Values.images.matlabRuntime.pullSecret }} + {{- if and .Values.images.matlabRuntime.pullSecret (ne .Values.images.matlabRuntime.pullSecret .Values.images.productionServer.pullSecret) }} - name: {{ .Values.images.matlabRuntime.pullSecret }} {{- end }} @@ -111,7 +135,19 @@ spec: configMap: name: matlab-production-server-config - name: auto-deploy - {{- if eq .Values.matlabProductionServerSettings.autoDeploy.volumeType "hostpath" }} + {{- if .Values.matlabProductionServerSettings.autoDeploy.archivesApi.enabled }} + # Valid options when archives API is enabled: createPVC: true / volumeType: pvc / empty + {{- if .Values.matlabProductionServerSettings.autoDeploy.archivesApi.createPVC }} + persistentVolumeClaim: + claimName: dynamic-auto-deploy + {{- else if eq .Values.matlabProductionServerSettings.autoDeploy.volumeType "pvc" }} + persistentVolumeClaim: + claimName: {{ .Values.matlabProductionServerSettings.autoDeploy.claimName }} + {{ else }} + emptyDir: {} + {{- end }} + # Valid options for predef static volume: hostpath / nfs / pvc / azurefileshare / empty + {{- else if eq .Values.matlabProductionServerSettings.autoDeploy.volumeType "hostpath" }} hostPath: path: {{ .Values.matlabProductionServerSettings.autoDeploy.hostpath }} type: Directory @@ -120,6 +156,9 @@ spec: server: {{ .Values.matlabProductionServerSettings.autoDeploy.server }} path: {{ .Values.matlabProductionServerSettings.autoDeploy.path }} readOnly: true + {{- else if eq .Values.matlabProductionServerSettings.autoDeploy.volumeType "pvc" }} + persistentVolumeClaim: + claimName: {{ .Values.matlabProductionServerSettings.autoDeploy.claimName }} {{- else if eq .Values.matlabProductionServerSettings.autoDeploy.volumeType "azurefileshare" }} azureFile: shareName: {{ .Values.matlabProductionServerSettings.autoDeploy.shareName }} diff --git a/releases/R2025a/matlab-prodserver/templates/mps-4-persistent-volume-claim.yaml b/releases/R2025a/matlab-prodserver/templates/mps-4-persistent-volume-claim.yaml new file mode 100644 index 0000000..a913366 --- /dev/null +++ b/releases/R2025a/matlab-prodserver/templates/mps-4-persistent-volume-claim.yaml @@ -0,0 +1,18 @@ +{{ if .Values.matlabProductionServerSettings.autoDeploy.archivesApi.createPVC }} +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: dynamic-auto-deploy + namespace: {{ .Release.Namespace }} + labels: + app: mps + release: {{ .Release.Name }} +spec: + accessModes: + - {{ .Values.matlabProductionServerSettings.autoDeploy.archivesApi.accessMode | default "ReadWriteOnce" }} + volumeMode: Filesystem + storageClassName: {{ .Values.matlabProductionServerSettings.autoDeploy.archivesApi.storageClassName | default "" }} + resources: + requests: + storage: {{ .Values.matlabProductionServerSettings.autoDeploy.archivesApi.size | default "4Gi" | quote }} +{{ end }} diff --git a/releases/R2025a/matlab-prodserver/values.yaml b/releases/R2025a/matlab-prodserver/values.yaml new file mode 100644 index 0000000..fc89cff --- /dev/null +++ b/releases/R2025a/matlab-prodserver/values.yaml @@ -0,0 +1,143 @@ +# Values for MATLAB Production Server Helm Chart + +global: + # MathWorks Cloud Reference Architecture License, example: "yes" (in quotes) + agreeToLicense: "" + # Network License Manager: server host and port number, example: 27000@hostname + licenseServer: 27000@hostname + # Override for a private container registry, example: cr.example.com, cr-secret + images: + registry: "" + pullSecret: "" + ingressController: + enabled: false # Create 'Ingress' API object + # Nginx settings (optional) + name: nginx + annotations: {} + + # Ingress host + domainBase: matlabprodserver.mwcloudtest.com + # Ingress https (tls termination) + tls: + enabled: false + # Name of kubernetes.io/tls secret with certificate data + secretName: "" + +matlabProductionServerSettings: + # CTF files are placed here for automatic deployment. + autoDeploy: + # Enable RESTful API for management of CTF 'Deployable Archives' + archivesApi: + enabled: false + createPVC: false + storageClassName: "" + accessMode: ReadWriteOnce + size: "4Gi" + # _OR_ + # Inline mount options: hostpath, nfs, pvc, azurefileshare, empty (default) + volumeType: "empty" + # Node mount dir, example: /mnt/share/autodeploy + hostpath: "" + # ================================================================= + # NFS server, example: server-sb08-nfs + server: "" + # NFS subpath, example: /vmgr/sandbox/share/autodeploy + path: "" + # ================================================================= + # Persistent-Volume-Claim name, example: autodeploy-pv-claim + claimName: "" + # ================================================================= + # Azure storage account file share name, example: auto-deploy-share + shareName: "" + # Azure storage account key secret name, example: azure-file-secret + secretName: "" + # ================================================================= + # Maximum number of worker processes (per pod). + numWorkers: 2 + # + # CTF Access Control (OAuth2) + # https://www.mathworks.com/help/mps/server/access_control.html + # ------------------------------------------------------------- + accessControl: + enabled: false + identityProvider: |- + { + "version": "1.0.0", + "jwtIssuer": "URL of the authorization server that issued the JWT", + "appId": "String representing the application ID of the client", + "jwksUri": "URL of the authorization server public keys", + "jwksStrictSSL": false, + "jwksTimeOut": 120, + "userAttributeName": "email", + "groupAttributeName": "groups" + } + policyRules: |- + { + "version": "1.0.0", + "policy" : [ + { + "id": "policy1", + "description": "Access Control policy for MATLAB Production Server", + "rule": [ + { + "id": "rule1", + "description": "Users that can execute/modify any deployable archive", + "subject": { "users": ["user1@example.com", "user2@example.com"] }, + "resource": { "ctf": ["*"] }, + "action": ["execute", "modify"] + }, + { + "id": "rule2", + "description": "Groups that can execute a specific deployable archive", + "subject": { "groups": ["aaaaaaaa-aaaa-aaaa-aaaa-aaaaaaaaaaaa"] }, + "resource": { "ctf": ["myModel"] }, + "action": ["execute"] + } + ] + } + ] + } + # ---------------------------------------------------- + # Log to pod-local file-system (in addition to stdout) + localFileLogging: false + +images: + productionServer: + registry: containers.mathworks.com + repository: matlab-production-server + tag: r2025a + variant: R2025a + pullPolicy: IfNotPresent + pullSecret: "" + + matlabRuntime: + registry: containers.mathworks.com + repository: matlab-runtime + tag: r2025a + variant: R2025a + pullPolicy: IfNotPresent + pullSecret: "" + +deploymentSettings: + cpuRequest: "1" + memoryRequest: "2Gi" + replicaCount: 1 + restartPolicy: Always + +optionalSettings: + Redis: + # Redis service fully qualified name, example: redis.namespace.svc.cluster.local + host: "" + auth: "" + name: myRedis + port: 6379 + secretName: "" + secretKey: "" + + Prometheus: + # Create a ServiceMonitor [monitoring.coreos.com/v1] for metrics discovery. + # Requires Prometheus and Prometheus Operator (CRDs) to be pre-installed. + enabled: false + # Helm release name or app.kubernetes.io/part-of label of Prometheus stack. + # ServiceMonitor needs to match on this value (if Prometheus is enabled). + matchOn: prometheus diff --git a/values-overrides.yaml b/values-overrides.yaml index 1911581..2da4c66 100644 --- a/values-overrides.yaml +++ b/values-overrides.yaml @@ -28,9 +28,19 @@ global: secretName: "" matlabProductionServerSettings: - # CTF files are placed here for automatic deployment. + # CTF files are placed in this volume for automatic deployment. autoDeploy: + # Enable RESTful API for management of CTF 'Deployable Archives' + archivesApi: # Since R2025a + enabled: false + createPVC: false # Enable when archivesApi is enabled and dynamic + # volume provisioning in enabled on K8s cluster. + storageClassName: "" + accessMode: ReadWriteOnce # ReadWriteMany when replicaCount > 1 + size: "4Gi" + # _OR_ # Inline mount options: hostpath, nfs, pvc, azurefileshare, empty (default) + # Note: archives API is supported with pvc and empty volume types. volumeType: "empty" # Node mount dir, example: /mnt/share/autodeploy hostpath: "" @@ -41,6 +51,7 @@ matlabProductionServerSettings: path: "" # ================================================================= # Persistent-Volume-Claim name, example: autodeploy-pv-claim + # If archives API is enabled, PVC Access-Mode should be RWO or RWX. claimName: "" # ================================================================= # Azure storage account file share name, example: auto-deploy-share @@ -49,6 +60,54 @@ matlabProductionServerSettings: secretName: "" # ================================================================= + # CTF Access Control (OAuth2) + # https://www.mathworks.com/help/mps/server/access_control.html + # ------------------------------------------------------------- + accessControl: # Since R2025a + enabled: false + # ------------------------------------------------------------- + identityProvider: |- + { + "version": "1.0.0", + "jwtIssuer": "URL of the authorization server that issued the JWT", + "appId": "String representing the application ID of the client", + "jwksUri": "URL of the authorization server public keys", + "jwksStrictSSL": false, + "jwksTimeOut": 120, + "userAttributeName": "email", + "groupAttributeName": "groups" + } + # Note: FQDNs configured in 'jwtIssuer' and 'jwksUri' above + # MUST be reachable from within the K8s cluster network. + # ------------------------------------------------------------- + policyRules: |- + { + "version": "1.0.0", + "policy" : [ + { + "id": "policy1", + "description": "Access Control policy for MATLAB Production Server", + "rule": [ + { + "id": "rule1", + "description": "Users that can execute/modify any deployable archive", + "subject": { "users": ["user1@example.com", "user2@example.com"] }, + "resource": { "ctf": ["*"] }, + "action": ["execute", "modify"] + }, + { + "id": "rule2", + "description": "Groups that can execute a specific deployable archive", + "subject": { "groups": ["aaaaaaaa-aaaa-aaaa-aaaa-aaaaaaaaaaaa"] }, + "resource": { "ctf": ["myModel"] }, + "action": ["execute"] + } + ] + } + ] + } + # ------------------------------------------------------------- + deploymentSettings: replicaCount: 1 restartPolicy: Always