From a86a42d1b82f8bf7846df09c640e9481181fdd0d Mon Sep 17 00:00:00 2001 From: esteinerMW Date: Tue, 26 Nov 2024 15:07:00 -0500 Subject: [PATCH 01/14] R2025a Prerelease: Initial commit --- .github/workflows/helm-chart.yml | 4 +- LICENSE.md | 2 +- README.md | 12 +-- .../templates/mps-1-service-ingress.yaml | 49 ----------- .../matlab-prodserver/Chart.yaml | 4 +- .../templates/mps-1-service-ingress.yaml | 83 +++++++++++++++++++ .../templates/mps-2-configmap.yaml | 15 +++- .../templates/mps-3-deployment.yaml | 33 ++++++-- .../matlab-prodserver/values.yaml | 44 +++++++--- 9 files changed, 165 insertions(+), 81 deletions(-) delete mode 100644 releases/R2022a/matlab-prodserver/templates/mps-1-service-ingress.yaml rename releases/{R2022a => R2025a}/matlab-prodserver/Chart.yaml (74%) create mode 100644 releases/R2025a/matlab-prodserver/templates/mps-1-service-ingress.yaml rename releases/{R2022a => R2025a}/matlab-prodserver/templates/mps-2-configmap.yaml (84%) rename releases/{R2022a => R2025a}/matlab-prodserver/templates/mps-3-deployment.yaml (70%) rename releases/{R2022a => R2025a}/matlab-prodserver/values.yaml (57%) diff --git a/.github/workflows/helm-chart.yml b/.github/workflows/helm-chart.yml index e53635d..46b551b 100644 --- a/.github/workflows/helm-chart.yml +++ b/.github/workflows/helm-chart.yml @@ -7,8 +7,8 @@ on: - Helm_artifacts env: - HELM_CHART_VERSION: 1.1.0 - MATLAB_APP_VERSION: "R2024b" + HELM_CHART_VERSION: 1.2.0 + MATLAB_APP_VERSION: "R2025a" jobs: release-helm-chart: diff --git a/LICENSE.md b/LICENSE.md index 440f91a..1db2bb8 100644 --- a/LICENSE.md +++ b/LICENSE.md @@ -4,7 +4,7 @@ The files in this GitHub repository refer to commercial software products and se The following license terms apply only to the files in this GitHub repository, including files in this folder and its subfolders, and do not apply to MathWorks Programs. References to “software” and “code” in the following license terms refer to the files in this GitHub repository. -Copyright (c) 2024, The MathWorks, Inc. +Copyright (c) 2025, The MathWorks, Inc. All rights reserved. diff --git a/README.md b/README.md index bef5930..00de5ce 100644 --- a/README.md +++ b/README.md @@ -54,10 +54,10 @@ The Quick Start option only requires you to download a single file, rather than To accept the license terms, set global > agreeToLicense to "yes". To specify the address of the license server, set global > licenseServer using the format port_number@host. - Next, install the Helm chart for MATLAB Production Server by using the following `helm install` command: + Next, install the Helm chart for MATLAB Production Server R2025a by using the following `helm install` command: ``` - helm install -f [-n ] --generate-name oci://containers.mathworks.com/matlab-prodserver-k8s --version 1.1.0 + helm install -f [-n ] --generate-name oci://containers.mathworks.com/matlab-prodserver-k8s --version 1.2.0 ``` 4. After the deployment is complete, upload the MATLAB Production Server deployable archive to your network file server or Azure file share. All users must have read permission to the deployable archive. @@ -71,7 +71,7 @@ The MATLAB Production Server on Kubernetes GitHub repository contains Helm chart ``` This repository includes Helm chart folders for each supported MATLAB Production Server release and a `values-overrides.yaml` file containing configuration options that apply across all release deployments. -2. Navigate to the Helm chart folder for the release you want to use. Replace `` with the release version, for example, `R2024b`. +2. Navigate to the Helm chart folder for the release you want to use. Replace `` with the release version, for example, `R2025a`. ``` cd matlab-production-server-on-kubernetes/releases//matlab-prodserver ``` @@ -88,7 +88,7 @@ The MATLAB Production Server on Kubernetes GitHub repository contains Helm chart ``` * `containers.mathworks.com` is the name of the container registry. * `matlab-production-server` is the name of the repository. - * `` is the tag name of the MATLAB Production Server release, for example, `r2024b`. + * `` is the tag name of the MATLAB Production Server release, for example, `r2025a`. The `values.yaml` file specifies these values in the `productionServer` section, in the `registry`, `repository`, and `tag` variables, respectively. @@ -99,7 +99,7 @@ The MATLAB Production Server on Kubernetes GitHub repository contains Helm chart ``` * `containers.mathworks.com` is the name of the container registry. * `matlab-runtime` is the name of the repository. - * `` is the tag name of the MATLAB Runtime release. Update this value to the release version of the MATLAB Runtime you are using, for example, `r2024b`. MATLAB Production Server supports MATLAB Runtime versions up to six releases back from the MATLAB Production Server version you are using. + * `` is the tag name of the MATLAB Runtime release. Update this value to the release version of the MATLAB Runtime you are using, for example, `r2025a`. MATLAB Production Server supports MATLAB Runtime versions up to six releases back from the MATLAB Production Server version you are using. The `values.yaml` file specifies these values in the `matlabRuntime` section, in the `registry`, `repository`, and `tag` variables, respectively. @@ -187,5 +187,5 @@ If you require assistance, contact [MathWorks Technical Support](https://www.mat ## License -MATHWORKS CLOUD REFERENCE ARCHITECTURE LICENSE © 2024 The MathWorks, Inc. +MATHWORKS CLOUD REFERENCE ARCHITECTURE LICENSE © 2025 The MathWorks, Inc. diff --git a/releases/R2022a/matlab-prodserver/templates/mps-1-service-ingress.yaml b/releases/R2022a/matlab-prodserver/templates/mps-1-service-ingress.yaml deleted file mode 100644 index 033a215..0000000 --- a/releases/R2022a/matlab-prodserver/templates/mps-1-service-ingress.yaml +++ /dev/null @@ -1,49 +0,0 @@ -# -# Expose MATLAB Production Server internal endpoint -# -kind: Service -apiVersion: v1 -metadata: - name: matlab-production-server - namespace: {{ .Release.Namespace }} - labels: - app: mps - release: {{ .Release.Name }} -spec: - selector: - app: mps - ports: - - name: mps-port - port: 9910 - targetPort: 9910 - type: ClusterIP - ---- -apiVersion: networking.k8s.io/v1 -kind: Ingress -metadata: - name: matlab-production-server-ingress - namespace: {{ .Release.Namespace }} - labels: - release: {{ .Release.Name }} - annotations: - {{ if .Values.global.ingressController }} - ## set ingress-conroller vendor-specific annotations: - {{- range $key, $value := .Values.global.ingressController.annotations }} - {{ $key }}: {{ quote $value }} - {{- end }} - {{ end }} -spec: - ingressClassName: {{ .Values.global.ingressController.name }} - rules: - - host: {{ .Values.global.ingressController.domainBase }} - http: - paths: - - path: / - pathType: Prefix - backend: - service: - name: matlab-production-server - port: - number: 9910 - diff --git a/releases/R2022a/matlab-prodserver/Chart.yaml b/releases/R2025a/matlab-prodserver/Chart.yaml similarity index 74% rename from releases/R2022a/matlab-prodserver/Chart.yaml rename to releases/R2025a/matlab-prodserver/Chart.yaml index f3c0759..e95d5d4 100644 --- a/releases/R2022a/matlab-prodserver/Chart.yaml +++ b/releases/R2025a/matlab-prodserver/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v2 -appVersion: "R2022a" +appVersion: "R2025a" description: MATLAB Production Server Helm chart for Kubernetes name: matlab-prodserver-k8s -version: 0.1.1 +version: 1.2.0 diff --git a/releases/R2025a/matlab-prodserver/templates/mps-1-service-ingress.yaml b/releases/R2025a/matlab-prodserver/templates/mps-1-service-ingress.yaml new file mode 100644 index 0000000..0c2c9a5 --- /dev/null +++ b/releases/R2025a/matlab-prodserver/templates/mps-1-service-ingress.yaml @@ -0,0 +1,83 @@ +# +# Expose MATLAB Production Server internal endpoint +# +kind: Service +apiVersion: v1 +metadata: + name: matlab-production-server + namespace: {{ .Release.Namespace }} + labels: + app: mps + release: {{ .Release.Name }} +spec: + selector: + app: mps + ports: + - name: mps-port + port: 9910 + targetPort: 9910 + type: ClusterIP + +--- +{{- if .Values.global.ingressController.enabled }} +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: matlab-production-server-ingress + namespace: {{ .Release.Namespace }} + labels: + release: {{ .Release.Name }} + annotations: + {{ if .Values.global.ingressController }} + ## set ingress-conroller vendor-specific annotations: + {{- range $key, $value := .Values.global.ingressController.annotations }} + {{ $key }}: {{ quote $value }} + {{- end }} + {{ end }} +spec: + ingressClassName: {{ .Values.global.ingressController.name }} + {{ if .Values.global.ingressController.tls.enabled }} + tls: + - hosts: + - {{ .Values.global.ingressController.domainBase }} + {{- if .Values.global.ingressController.tls.secretName }} + secretName: {{ .Values.global.ingressController.tls.secretName }} + {{- end }} + {{ end }} + + rules: + - host: {{ .Values.global.ingressController.domainBase }} + http: + paths: + - path: / + pathType: Prefix + backend: + service: + name: matlab-production-server + port: + number: 9910 +{{- end }} + +--- +{{ if and (.Values.optionalSettings.Prometheus.enabled) (.Capabilities.APIVersions.Has "monitoring.coreos.com/v1/ServiceMonitor") }} +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: matlab-production-server-monitor + labels: + app: mps + app.kubernetes.io/part-of: {{ .Values.optionalSettings.Prometheus.matchOn }} + release: {{ .Values.optionalSettings.Prometheus.matchOn }} +spec: + selector: + matchLabels: + app: mps + release: {{ .Release.Name }} + namespaceSelector: + matchNames: + - {{ .Release.Namespace }} + endpoints: + - port: mps-port + path: /api/metrics +{{ end }} + diff --git a/releases/R2022a/matlab-prodserver/templates/mps-2-configmap.yaml b/releases/R2025a/matlab-prodserver/templates/mps-2-configmap.yaml similarity index 84% rename from releases/R2022a/matlab-prodserver/templates/mps-2-configmap.yaml rename to releases/R2025a/matlab-prodserver/templates/mps-2-configmap.yaml index 9f3e110..3b3dfec 100644 --- a/releases/R2022a/matlab-prodserver/templates/mps-2-configmap.yaml +++ b/releases/R2025a/matlab-prodserver/templates/mps-2-configmap.yaml @@ -9,7 +9,7 @@ data: main_config: | --http 9910 --ssl-verify-peer-mode no-verify-peer - --ssl-protocols TLSv1.1,TLSv1.2 + --ssl-protocols TLSv1.2 --ssl-ciphers ALL --mcr-root /opt/matlabruntime/{{ .Values.images.matlabRuntime.variant }} --num-workers {{ .Values.matlabProductionServerSettings.numWorkers | default 1 }} @@ -42,6 +42,7 @@ data: --server-memory-threshold-overflow-action purge_responses --enable-discovery --enable-metrics + --routes-file ./config/routes.json {{- if .Values.optionalSettings.Redis.host }} mps_cache_config: | @@ -49,8 +50,18 @@ data: {"{{ .Values.optionalSettings.Redis.name }}": {"Provider":"Redis", "Host":{{ .Values.optionalSettings.Redis.host | quote }}, - "Port":{{ .Values.optionalSettings.Redis.port | default 6379 }}} + "Port":{{ .Values.optionalSettings.Redis.port | default 6379 }} + {{- if .Values.optionalSettings.Redis.auth }} + ,"Key":{{ .Values.optionalSettings.Redis.auth | quote }} + {{- end }} + } } } {{- end }} + routes.json: | + { + "version": "1.0.0", + "pathmap": [] + } + diff --git a/releases/R2022a/matlab-prodserver/templates/mps-3-deployment.yaml b/releases/R2025a/matlab-prodserver/templates/mps-3-deployment.yaml similarity index 70% rename from releases/R2022a/matlab-prodserver/templates/mps-3-deployment.yaml rename to releases/R2025a/matlab-prodserver/templates/mps-3-deployment.yaml index a319f63..1743fc8 100644 --- a/releases/R2022a/matlab-prodserver/templates/mps-3-deployment.yaml +++ b/releases/R2025a/matlab-prodserver/templates/mps-3-deployment.yaml @@ -19,25 +19,34 @@ spec: labels: app: mps annotations: + {{ if not .Values.optionalSettings.Prometheus.enabled }} prometheus.io/scrape: 'true' prometheus.io/path: '/api/metrics' prometheus.io/port: '9910' + {{ end }} spec: securityContext: runAsNonRoot: true - runAsUser: 1000 - runAsGroup: 1000 + runAsUser: 1001 + runAsGroup: 1001 containers: - name: mps - image: {{ .Values.images.productionServer.registry }}/{{ .Values.images.productionServer.repository }}:{{ .Values.images.productionServer.tag }} + image: {{ .Values.global.images.registry | default .Values.images.productionServer.registry }}/{{ .Values.images.productionServer.repository }}:{{ .Values.images.productionServer.tag }} env: - name: AGREE_TO_MATHWORKS_SOFTWARE_LICENSE - value: {{ .Values.global.agreeToLicense | default "no" | lower | quote }} + value: {{ required "agreeToLicense must be set to \"yes\"." .Values.global.agreeToLicense | default "no" | lower | quote }} - name: AGREE_TO_MATLAB_RUNTIME_LICENSE - value: {{ .Values.global.agreeToLicense | default "no" | lower | quote }} + value: {{ required "agreeToLicense must be set to \"yes\"." .Values.global.agreeToLicense | default "no" | lower | quote }} - name: LD_LIBRARY_PATH value: "/opt/matlabruntime/{{ .Values.images.matlabRuntime.variant }}/runtime/glnxa64:/opt/matlabruntime/{{ .Values.images.matlabRuntime.variant }}/bin/glnxa64:/opt/matlabruntime/{{ .Values.images.matlabRuntime.variant }}/sys/os/glnxa64:/opt/matlabruntime/{{ .Values.images.matlabRuntime.variant }}/extern/bin/glnxa64:/opt/matlabruntime/{{ .Values.images.matlabRuntime.variant }}/sys/opengl/lib/glnxa64" + {{ if .Values.optionalSettings.Redis.secretName }} + - name: MPS_REDIS_PASSWORD + valueFrom: + secretKeyRef: + name: {{ .Values.optionalSettings.Redis.secretName }} + key: {{ .Values.optionalSettings.Redis.secretKey | default "redis-password" }} + {{ end }} ports: - containerPort: 9910 @@ -62,8 +71,8 @@ spec: exec: command: - ls - - /opt/matlabruntime/{{ .Values.images.matlabRuntime.variant }}/MCR_license.txt - initialDelaySeconds: 30 + - /opt/matlabruntime/{{ .Values.images.matlabRuntime.variant }}/matlabruntime_license_agreement.pdf + initialDelaySeconds: 10 periodSeconds: 30 livenessProbe: @@ -82,7 +91,7 @@ spec: initContainers: - name: matlab-runtime - image: {{ .Values.images.matlabRuntime.registry }}/{{ .Values.images.matlabRuntime.repository }}:{{ .Values.images.matlabRuntime.tag }} + image: {{ .Values.global.images.registry | default .Values.images.matlabRuntime.registry }}/{{ .Values.images.matlabRuntime.repository }}:{{ .Values.images.matlabRuntime.tag }} command: - /bin/sh @@ -97,10 +106,13 @@ spec: restartPolicy: {{ .Values.deploymentSettings.restartPolicy }} imagePullSecrets: + {{- if .Values.global.images.pullSecret }} + - name: {{ .Values.global.images.pullSecret }} + {{- end }} {{- if .Values.images.productionServer.pullSecret }} - name: {{ .Values.images.productionServer.pullSecret }} {{- end }} - {{- if .Values.images.matlabRuntime.pullSecret }} + {{- if and .Values.images.matlabRuntime.pullSecret (ne .Values.images.matlabRuntime.pullSecret .Values.images.productionServer.pullSecret) }} - name: {{ .Values.images.matlabRuntime.pullSecret }} {{- end }} @@ -120,6 +132,9 @@ spec: server: {{ .Values.matlabProductionServerSettings.autoDeploy.server }} path: {{ .Values.matlabProductionServerSettings.autoDeploy.path }} readOnly: true + {{- else if eq .Values.matlabProductionServerSettings.autoDeploy.volumeType "pvc" }} + persistentVolumeClaim: + claimName: {{ .Values.matlabProductionServerSettings.autoDeploy.claimName }} {{- else if eq .Values.matlabProductionServerSettings.autoDeploy.volumeType "azurefileshare" }} azureFile: shareName: {{ .Values.matlabProductionServerSettings.autoDeploy.shareName }} diff --git a/releases/R2022a/matlab-prodserver/values.yaml b/releases/R2025a/matlab-prodserver/values.yaml similarity index 57% rename from releases/R2022a/matlab-prodserver/values.yaml rename to releases/R2025a/matlab-prodserver/values.yaml index bb4daca..7b0a546 100644 --- a/releases/R2022a/matlab-prodserver/values.yaml +++ b/releases/R2025a/matlab-prodserver/values.yaml @@ -5,19 +5,28 @@ global: agreeToLicense: "" # Network License Manager: server host and port number, example: 27000@hostname licenseServer: 27000@hostname + # Override for a private container registry, example: cr.example.com, cr-secret + images: + registry: "" + pullSecret: "" ingressController: + enabled: false # Create 'Ingress' API object # Nginx settings (optional) name: nginx - annotations: - nginx.ingress.kubernetes.io/affinity: "cookie" - nginx.ingress.kubernetes.io/load-balance: "round_robin" - nginx.ingress.kubernetes.io/proxy-read-timeout: "300" + annotations: {} + + # Ingress host domainBase: matlabprodserver.mwcloudtest.com + # Ingress https (tls termination) + tls: + enabled: false + # Name of kubernetes.io/tls secret with certificate data + secretName: "" matlabProductionServerSettings: # CTF files are placed here for automatic deployment. autoDeploy: - # Inline mount options: hostpath, nfs, azurefileshare, empty (default) + # Inline mount options: hostpath, nfs, pvc, azurefileshare, empty (default) volumeType: "empty" # Node mount dir, example: /mnt/share/autodeploy hostpath: "" @@ -27,6 +36,9 @@ matlabProductionServerSettings: # NFS subpath, example: /vmgr/sandbox/share/autodeploy path: "" # ================================================================= + # Persistent-Volume-Claim name, example: autodeploy-pv-claim + claimName: "" + # ================================================================= # Azure storage account file share name, example: auto-deploy-share shareName: "" # Azure storage account key secret name, example: azure-file-secret @@ -39,16 +51,16 @@ images: productionServer: registry: containers.mathworks.com repository: matlab-production-server - tag: r2022a - variant: R2022a + tag: r2025a + variant: R2025a pullPolicy: IfNotPresent pullSecret: "" matlabRuntime: registry: containers.mathworks.com repository: matlab-runtime - tag: r2022a - variant: v912 + tag: r2025a + variant: R2025a pullPolicy: IfNotPresent pullSecret: "" @@ -60,6 +72,18 @@ deploymentSettings: optionalSettings: Redis: - host: {} + # Redis service fully qualified name, example: redis.namespace.svc.cluster.local + host: "" + auth: "" name: myRedis + port: 6379 + secretName: "" + secretKey: "" + Prometheus: + # Create a ServiceMonitor [monitoring.coreos.com/v1] for metrics discovery. + # Requires Prometheus and Prometheus Operator (CRDs) to be pre-installed. + enabled: false + # Helm release name or app.kubernetes.io/part-of label of Prometheus stack. + # ServiceMonitor needs to match on this value (if Prometheus is enabled). + matchOn: prometheus From 7784b42a5b89078de3d06ff7f84aabf3a0e44ced Mon Sep 17 00:00:00 2001 From: esteinerMW Date: Wed, 27 Nov 2024 14:35:27 -0500 Subject: [PATCH 02/14] R2025a Prerelease: Resource utilization enhancements --- README.md | 2 +- .../R2025a/matlab-prodserver/templates/mps-2-configmap.yaml | 2 +- .../R2025a/matlab-prodserver/templates/mps-3-deployment.yaml | 5 +++++ releases/R2025a/matlab-prodserver/values.yaml | 3 +++ 4 files changed, 10 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 00de5ce..c1553cf 100644 --- a/README.md +++ b/README.md @@ -25,7 +25,7 @@ Before starting, you need the following: * [Git™](https://git-scm.com/) * [Docker®](https://www.docker.com/) * Running [Kubernetes](https://kubernetes.io/) cluster that meets the following conditions: - * Uses Kubernetes version 1.28 or later. + * Uses Kubernetes version 1.29 or later. * Each MATLAB Production Server container in the Kubernetes cluster requires at least 1 CPU core and 2 GiB RAM. * [kubectl](https://kubernetes.io/docs/reference/kubectl/overview/) command-line tool that can access your Kubernetes cluster * [Helm](https://helm.sh/) package manager to install Helm charts that contain preconfigured Kubernetes resources for MATLAB Production Server diff --git a/releases/R2025a/matlab-prodserver/templates/mps-2-configmap.yaml b/releases/R2025a/matlab-prodserver/templates/mps-2-configmap.yaml index 3b3dfec..8b51e62 100644 --- a/releases/R2025a/matlab-prodserver/templates/mps-2-configmap.yaml +++ b/releases/R2025a/matlab-prodserver/templates/mps-2-configmap.yaml @@ -24,7 +24,7 @@ data: --log-rotation-size 100MB --log-archive-root ./old_logs --log-archive-max-size 1GB - --log-root ./log + {{ ternary "--log-root ./log" "" .Values.matlabProductionServerSettings.localFileLogging }} --log-stdout --license {{ .Values.global.licenseServer | default "27000@hostname" }} --license-grace-period 2:30 diff --git a/releases/R2025a/matlab-prodserver/templates/mps-3-deployment.yaml b/releases/R2025a/matlab-prodserver/templates/mps-3-deployment.yaml index 1743fc8..2c8e2c0 100644 --- a/releases/R2025a/matlab-prodserver/templates/mps-3-deployment.yaml +++ b/releases/R2025a/matlab-prodserver/templates/mps-3-deployment.yaml @@ -98,6 +98,11 @@ spec: - -c - "cp -r /opt/matlabruntime/* /mnt/" + resources: + limits: + cpu: "1" + memory: "8Gi" + volumeMounts: - name: mcr-root mountPath: "/mnt" diff --git a/releases/R2025a/matlab-prodserver/values.yaml b/releases/R2025a/matlab-prodserver/values.yaml index 7b0a546..9acbb14 100644 --- a/releases/R2025a/matlab-prodserver/values.yaml +++ b/releases/R2025a/matlab-prodserver/values.yaml @@ -46,6 +46,9 @@ matlabProductionServerSettings: # ================================================================= # Maximum number of worker processes (per pod). numWorkers: 2 + # ---------------------------------------------------- + # Log to pod-local file-system (in addition to stdout) + localFileLogging: false images: productionServer: From db2b94f7566f0c52eb10ea3f882d5166a9722bb2 Mon Sep 17 00:00:00 2001 From: esteinerMW Date: Wed, 27 Nov 2024 18:34:08 -0500 Subject: [PATCH 03/14] R2025a Prerelease: Secure Access Control using JWT - Initial Commit --- .../templates/mps-2-configmap.yaml | 9 ++++ releases/R2025a/matlab-prodserver/values.yaml | 43 +++++++++++++++++++ 2 files changed, 52 insertions(+) diff --git a/releases/R2025a/matlab-prodserver/templates/mps-2-configmap.yaml b/releases/R2025a/matlab-prodserver/templates/mps-2-configmap.yaml index 8b51e62..c7cba9e 100644 --- a/releases/R2025a/matlab-prodserver/templates/mps-2-configmap.yaml +++ b/releases/R2025a/matlab-prodserver/templates/mps-2-configmap.yaml @@ -43,6 +43,15 @@ data: --enable-discovery --enable-metrics --routes-file ./config/routes.json + {{- if .Values.matlabProductionServerSettings.accessControl.enabled }} + --access-control-provider OAuth2 + --access-control-config ./config/jwt_idp.json + --access-control-policy ./config/ac_policy.json + + jwt_idp.json: {{ .Values.matlabProductionServerSettings.accessControl.identityProvider | quote }} + + ac_policy.json: {{ .Values.matlabProductionServerSettings.accessControl.policyRules | quote }} + {{- end }} {{- if .Values.optionalSettings.Redis.host }} mps_cache_config: | diff --git a/releases/R2025a/matlab-prodserver/values.yaml b/releases/R2025a/matlab-prodserver/values.yaml index 9acbb14..f34c2ba 100644 --- a/releases/R2025a/matlab-prodserver/values.yaml +++ b/releases/R2025a/matlab-prodserver/values.yaml @@ -46,6 +46,49 @@ matlabProductionServerSettings: # ================================================================= # Maximum number of worker processes (per pod). numWorkers: 2 + # + # CTF Access Control (OAuth2) + # https://www.mathworks.com/help/mps/server/access_control.html + # ------------------------------------------------------------- + accessControl: + enabled: false + identityProvider: |- + { + "version": "1.0.0", + "jwtIssuer": "URL of the authorization server that issued the JWT", + "appId": "String representing the application ID of the client", + "jwksUri": "URL of the authorization server public keys", + "jwksStrictSSL": false, + "jwksTimeOut": 120, + "userAttributeName": "email", + "groupAttributeName": "groups" + } + policyRules: |- + { + "version": "1.0.0", + "policy" : [ + { + "id": "policy1", + "description": "Access Control policy for MATLAB Production Server", + "rule": [ + { + "id": "rule1", + "description": "Users that can execute/modify any deployable archive", + "subject": { "users": ["user1@example.com", "user2@example.com"] }, + "resource": { "ctf": ["*"] }, + "action": ["execute", "modify"] + }, + { + "id": "rule2", + "description": "Groups that can execute a specific deployable archive", + "subject": { "groups": ["aaaaaaaa-aaaa-aaaa-aaaa-aaaaaaaaaaaa"] }, + "resource": { "ctf": ["myModel"] }, + "action": ["execute"] + } + ] + } + ] + } # ---------------------------------------------------- # Log to pod-local file-system (in addition to stdout) localFileLogging: false From f90a14063ba559b0ad2c087d302ba8d36f833e7e Mon Sep 17 00:00:00 2001 From: esteinerMW Date: Tue, 3 Dec 2024 14:38:51 -0500 Subject: [PATCH 04/14] R2025a Prerelease: CTF Management API - Initial Commit --- README.md | 2 +- .../templates/mps-1-service-ingress.yaml | 14 ++++++++++++++ .../templates/mps-2-configmap.yaml | 1 + .../templates/mps-3-deployment.yaml | 5 ++++- releases/R2025a/matlab-prodserver/values.yaml | 4 ++++ 5 files changed, 24 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index c1553cf..374867d 100644 --- a/README.md +++ b/README.md @@ -174,7 +174,7 @@ The default server configuration properties are stored in a [ConfigMap](https:// ## Execute Deployed Functions -To evaluate MATLAB functions deployed on the server, see [Client Programming](https://www.mathworks.com/help/mps/client-programming.html). Starting in R2022a, asynchronous request execution is supported, in addition to existing support for synchronous request execution. +To evaluate MATLAB functions deployed on the server, see [Client Programming](https://www.mathworks.com/help/mps/client-programming.html). Both synchronous and asynchronous request execution are supported. ## Request Enhancements diff --git a/releases/R2025a/matlab-prodserver/templates/mps-1-service-ingress.yaml b/releases/R2025a/matlab-prodserver/templates/mps-1-service-ingress.yaml index 0c2c9a5..66bf343 100644 --- a/releases/R2025a/matlab-prodserver/templates/mps-1-service-ingress.yaml +++ b/releases/R2025a/matlab-prodserver/templates/mps-1-service-ingress.yaml @@ -81,3 +81,17 @@ spec: path: /api/metrics {{ end }} +--- +{{ if .Values.matlabProductionServerSettings.autoDeploy.archivesApi.enabled }} +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: dynamic-auto-deploy +spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: {{ .Values.matlabProductionServerSettings.autoDeploy.archivesApi.storage | default "10Gi" | quote }} +{{ end }} + diff --git a/releases/R2025a/matlab-prodserver/templates/mps-2-configmap.yaml b/releases/R2025a/matlab-prodserver/templates/mps-2-configmap.yaml index c7cba9e..3c8bb89 100644 --- a/releases/R2025a/matlab-prodserver/templates/mps-2-configmap.yaml +++ b/releases/R2025a/matlab-prodserver/templates/mps-2-configmap.yaml @@ -42,6 +42,7 @@ data: --server-memory-threshold-overflow-action purge_responses --enable-discovery --enable-metrics + {{ ternary "--enable-archive-management" "" .Values.matlabProductionServerSettings.autoDeploy.archivesApi.enabled }} --routes-file ./config/routes.json {{- if .Values.matlabProductionServerSettings.accessControl.enabled }} --access-control-provider OAuth2 diff --git a/releases/R2025a/matlab-prodserver/templates/mps-3-deployment.yaml b/releases/R2025a/matlab-prodserver/templates/mps-3-deployment.yaml index 2c8e2c0..06caa32 100644 --- a/releases/R2025a/matlab-prodserver/templates/mps-3-deployment.yaml +++ b/releases/R2025a/matlab-prodserver/templates/mps-3-deployment.yaml @@ -128,7 +128,10 @@ spec: configMap: name: matlab-production-server-config - name: auto-deploy - {{- if eq .Values.matlabProductionServerSettings.autoDeploy.volumeType "hostpath" }} + {{- if .Values.matlabProductionServerSettings.autoDeploy.archivesApi.enabled }} + persistentVolumeClaim: + claimName: "dynamic-auto-deploy" + {{- else if eq .Values.matlabProductionServerSettings.autoDeploy.volumeType "hostpath" }} hostPath: path: {{ .Values.matlabProductionServerSettings.autoDeploy.hostpath }} type: Directory diff --git a/releases/R2025a/matlab-prodserver/values.yaml b/releases/R2025a/matlab-prodserver/values.yaml index f34c2ba..8f85f99 100644 --- a/releases/R2025a/matlab-prodserver/values.yaml +++ b/releases/R2025a/matlab-prodserver/values.yaml @@ -26,6 +26,10 @@ global: matlabProductionServerSettings: # CTF files are placed here for automatic deployment. autoDeploy: + # Enable RESTful API for management of CTF 'Deployable Archives' + archivesApi: + enabled: false + storage: "10Gi" # Inline mount options: hostpath, nfs, pvc, azurefileshare, empty (default) volumeType: "empty" # Node mount dir, example: /mnt/share/autodeploy From 83dd82938bd0f28b15e38947cb99a8919568c54c Mon Sep 17 00:00:00 2001 From: esteinerMW Date: Tue, 3 Dec 2024 15:52:01 -0500 Subject: [PATCH 05/14] R2025a Prerelease: CTF Management API - Initial Commit --- releases/R2025a/matlab-prodserver/values.yaml | 3 +- values-overrides.yaml | 51 +++++++++++++++++++ 2 files changed, 53 insertions(+), 1 deletion(-) diff --git a/releases/R2025a/matlab-prodserver/values.yaml b/releases/R2025a/matlab-prodserver/values.yaml index 8f85f99..4d9e31f 100644 --- a/releases/R2025a/matlab-prodserver/values.yaml +++ b/releases/R2025a/matlab-prodserver/values.yaml @@ -29,7 +29,8 @@ matlabProductionServerSettings: # Enable RESTful API for management of CTF 'Deployable Archives' archivesApi: enabled: false - storage: "10Gi" + storage: "4Gi" + # _OR_ # Inline mount options: hostpath, nfs, pvc, azurefileshare, empty (default) volumeType: "empty" # Node mount dir, example: /mnt/share/autodeploy diff --git a/values-overrides.yaml b/values-overrides.yaml index 1911581..94f73d0 100644 --- a/values-overrides.yaml +++ b/values-overrides.yaml @@ -30,6 +30,11 @@ global: matlabProductionServerSettings: # CTF files are placed here for automatic deployment. autoDeploy: + # Enable RESTful API for management of CTF 'Deployable Archives' + archivesApi: + enabled: false + storage: "4Gi" + # _OR_ # Inline mount options: hostpath, nfs, pvc, azurefileshare, empty (default) volumeType: "empty" # Node mount dir, example: /mnt/share/autodeploy @@ -49,6 +54,52 @@ matlabProductionServerSettings: secretName: "" # ================================================================= + # CTF Access Control (OAuth2) + # https://www.mathworks.com/help/mps/server/access_control.html + # ------------------------------------------------------------- + accessControl: + enabled: false + # ------------------------------------------------------------- + identityProvider: |- + { + "version": "1.0.0", + "jwtIssuer": "URL of the authorization server that issued the JWT", + "appId": "String representing the application ID of the client", + "jwksUri": "URL of the authorization server public keys", + "jwksStrictSSL": false, + "jwksTimeOut": 120, + "userAttributeName": "email", + "groupAttributeName": "groups" + } + # ------------------------------------------------------------- + policyRules: |- + { + "version": "1.0.0", + "policy" : [ + { + "id": "policy1", + "description": "Access Control policy for MATLAB Production Server", + "rule": [ + { + "id": "rule1", + "description": "Users that can execute/modify any deployable archive", + "subject": { "users": ["user1@example.com", "user2@example.com"] }, + "resource": { "ctf": ["*"] }, + "action": ["execute", "modify"] + }, + { + "id": "rule2", + "description": "Groups that can execute a specific deployable archive", + "subject": { "groups": ["aaaaaaaa-aaaa-aaaa-aaaa-aaaaaaaaaaaa"] }, + "resource": { "ctf": ["myModel"] }, + "action": ["execute"] + } + ] + } + ] + } + # ------------------------------------------------------------- + deploymentSettings: replicaCount: 1 restartPolicy: Always From 019510ec1c9520d60154c47c3f5829c5b543df7a Mon Sep 17 00:00:00 2001 From: esteinerMW Date: Tue, 3 Dec 2024 16:17:01 -0500 Subject: [PATCH 06/14] R2025a Prerelease: CTF Management API - Initial Commit --- values-overrides.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/values-overrides.yaml b/values-overrides.yaml index 94f73d0..604e693 100644 --- a/values-overrides.yaml +++ b/values-overrides.yaml @@ -31,7 +31,7 @@ matlabProductionServerSettings: # CTF files are placed here for automatic deployment. autoDeploy: # Enable RESTful API for management of CTF 'Deployable Archives' - archivesApi: + archivesApi: # Since R2025a enabled: false storage: "4Gi" # _OR_ @@ -57,7 +57,7 @@ matlabProductionServerSettings: # CTF Access Control (OAuth2) # https://www.mathworks.com/help/mps/server/access_control.html # ------------------------------------------------------------- - accessControl: + accessControl: # Since R2025a enabled: false # ------------------------------------------------------------- identityProvider: |- From a71f4deb0639be0c68f55047642a9691920c8ab8 Mon Sep 17 00:00:00 2001 From: esteinerMW Date: Tue, 3 Dec 2024 18:42:52 -0500 Subject: [PATCH 07/14] R2025a Prerelease: CTF Management API - updated pvc definition --- .../matlab-prodserver/templates/mps-1-service-ingress.yaml | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/releases/R2025a/matlab-prodserver/templates/mps-1-service-ingress.yaml b/releases/R2025a/matlab-prodserver/templates/mps-1-service-ingress.yaml index 66bf343..3a254a9 100644 --- a/releases/R2025a/matlab-prodserver/templates/mps-1-service-ingress.yaml +++ b/releases/R2025a/matlab-prodserver/templates/mps-1-service-ingress.yaml @@ -87,11 +87,14 @@ apiVersion: v1 kind: PersistentVolumeClaim metadata: name: dynamic-auto-deploy + namespace: {{ .Release.Namespace }} + labels: + release: {{ .Release.Name }} spec: accessModes: - ReadWriteOnce resources: requests: - storage: {{ .Values.matlabProductionServerSettings.autoDeploy.archivesApi.storage | default "10Gi" | quote }} + storage: {{ .Values.matlabProductionServerSettings.autoDeploy.archivesApi.storage | default "4Gi" | quote }} {{ end }} From cec91f37bfb94c7b394469898d9637af0eedc26f Mon Sep 17 00:00:00 2001 From: esteinerMW Date: Fri, 6 Dec 2024 14:44:08 -0500 Subject: [PATCH 08/14] R2025a Prerelease: CTF Management API - updated pvc definition --- .../templates/mps-1-service-ingress.yaml | 17 ----------------- .../templates/mps-3-deployment.yaml | 8 ++++++-- releases/R2025a/matlab-prodserver/values.yaml | 2 +- values-overrides.yaml | 2 +- 4 files changed, 8 insertions(+), 21 deletions(-) diff --git a/releases/R2025a/matlab-prodserver/templates/mps-1-service-ingress.yaml b/releases/R2025a/matlab-prodserver/templates/mps-1-service-ingress.yaml index 3a254a9..0c2c9a5 100644 --- a/releases/R2025a/matlab-prodserver/templates/mps-1-service-ingress.yaml +++ b/releases/R2025a/matlab-prodserver/templates/mps-1-service-ingress.yaml @@ -81,20 +81,3 @@ spec: path: /api/metrics {{ end }} ---- -{{ if .Values.matlabProductionServerSettings.autoDeploy.archivesApi.enabled }} -apiVersion: v1 -kind: PersistentVolumeClaim -metadata: - name: dynamic-auto-deploy - namespace: {{ .Release.Namespace }} - labels: - release: {{ .Release.Name }} -spec: - accessModes: - - ReadWriteOnce - resources: - requests: - storage: {{ .Values.matlabProductionServerSettings.autoDeploy.archivesApi.storage | default "4Gi" | quote }} -{{ end }} - diff --git a/releases/R2025a/matlab-prodserver/templates/mps-3-deployment.yaml b/releases/R2025a/matlab-prodserver/templates/mps-3-deployment.yaml index 06caa32..072a8df 100644 --- a/releases/R2025a/matlab-prodserver/templates/mps-3-deployment.yaml +++ b/releases/R2025a/matlab-prodserver/templates/mps-3-deployment.yaml @@ -101,7 +101,7 @@ spec: resources: limits: cpu: "1" - memory: "8Gi" + memory: "4Gi" volumeMounts: - name: mcr-root @@ -129,8 +129,12 @@ spec: name: matlab-production-server-config - name: auto-deploy {{- if .Values.matlabProductionServerSettings.autoDeploy.archivesApi.enabled }} + {{- if ne .Values.matlabProductionServerSettings.autoDeploy.archivesApi.writableStorageClaimName "" }} persistentVolumeClaim: - claimName: "dynamic-auto-deploy" + claimName: {{ .Values.matlabProductionServerSettings.autoDeploy.archivesApi.writableStorageClaimName }} + {{ else }} + emptyDir: {} + {{- end }} {{- else if eq .Values.matlabProductionServerSettings.autoDeploy.volumeType "hostpath" }} hostPath: path: {{ .Values.matlabProductionServerSettings.autoDeploy.hostpath }} diff --git a/releases/R2025a/matlab-prodserver/values.yaml b/releases/R2025a/matlab-prodserver/values.yaml index 4d9e31f..005a509 100644 --- a/releases/R2025a/matlab-prodserver/values.yaml +++ b/releases/R2025a/matlab-prodserver/values.yaml @@ -29,7 +29,7 @@ matlabProductionServerSettings: # Enable RESTful API for management of CTF 'Deployable Archives' archivesApi: enabled: false - storage: "4Gi" + writableStorageClaimName: "" # _OR_ # Inline mount options: hostpath, nfs, pvc, azurefileshare, empty (default) volumeType: "empty" diff --git a/values-overrides.yaml b/values-overrides.yaml index 604e693..500f34a 100644 --- a/values-overrides.yaml +++ b/values-overrides.yaml @@ -33,7 +33,7 @@ matlabProductionServerSettings: # Enable RESTful API for management of CTF 'Deployable Archives' archivesApi: # Since R2025a enabled: false - storage: "4Gi" + writableStorageClaimName: "" # _OR_ # Inline mount options: hostpath, nfs, pvc, azurefileshare, empty (default) volumeType: "empty" From 22a2c6d2dd83340ab26a50b2a7a949401d11fcce Mon Sep 17 00:00:00 2001 From: esteinerMW Date: Fri, 6 Dec 2024 19:29:50 -0500 Subject: [PATCH 09/14] R2025a Prerelease: Include config-map checksum to automatically roll deployment --- .../R2025a/matlab-prodserver/templates/mps-3-deployment.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/releases/R2025a/matlab-prodserver/templates/mps-3-deployment.yaml b/releases/R2025a/matlab-prodserver/templates/mps-3-deployment.yaml index 072a8df..0385fb0 100644 --- a/releases/R2025a/matlab-prodserver/templates/mps-3-deployment.yaml +++ b/releases/R2025a/matlab-prodserver/templates/mps-3-deployment.yaml @@ -19,6 +19,7 @@ spec: labels: app: mps annotations: + checksum/config: {{ include (print $.Template.BasePath "/mps-2-configmap.yaml") . | sha256sum }} {{ if not .Values.optionalSettings.Prometheus.enabled }} prometheus.io/scrape: 'true' prometheus.io/path: '/api/metrics' From c2fb1be5187c64fbc90e9f9d58f37e5a6c6f8f6a Mon Sep 17 00:00:00 2001 From: esteinerMW Date: Mon, 9 Dec 2024 13:15:15 -0500 Subject: [PATCH 10/14] R2025a Prerelease: CTF Management API - updated pvc definition --- .../R2025a/matlab-prodserver/templates/mps-3-deployment.yaml | 4 ++-- releases/R2025a/matlab-prodserver/values.yaml | 3 ++- values-overrides.yaml | 3 ++- 3 files changed, 6 insertions(+), 4 deletions(-) diff --git a/releases/R2025a/matlab-prodserver/templates/mps-3-deployment.yaml b/releases/R2025a/matlab-prodserver/templates/mps-3-deployment.yaml index 0385fb0..dc3180e 100644 --- a/releases/R2025a/matlab-prodserver/templates/mps-3-deployment.yaml +++ b/releases/R2025a/matlab-prodserver/templates/mps-3-deployment.yaml @@ -130,9 +130,9 @@ spec: name: matlab-production-server-config - name: auto-deploy {{- if .Values.matlabProductionServerSettings.autoDeploy.archivesApi.enabled }} - {{- if ne .Values.matlabProductionServerSettings.autoDeploy.archivesApi.writableStorageClaimName "" }} + {{- if ne .Values.matlabProductionServerSettings.autoDeploy.archivesApi.rwxClaimName "" }} persistentVolumeClaim: - claimName: {{ .Values.matlabProductionServerSettings.autoDeploy.archivesApi.writableStorageClaimName }} + claimName: {{ .Values.matlabProductionServerSettings.autoDeploy.archivesApi.rwxClaimName }} {{ else }} emptyDir: {} {{- end }} diff --git a/releases/R2025a/matlab-prodserver/values.yaml b/releases/R2025a/matlab-prodserver/values.yaml index 005a509..6ce2c43 100644 --- a/releases/R2025a/matlab-prodserver/values.yaml +++ b/releases/R2025a/matlab-prodserver/values.yaml @@ -29,7 +29,8 @@ matlabProductionServerSettings: # Enable RESTful API for management of CTF 'Deployable Archives' archivesApi: enabled: false - writableStorageClaimName: "" + # Persistent-Volume-Claim name (ReadWriteMany accessMode) + rwxClaimName: "" # _OR_ # Inline mount options: hostpath, nfs, pvc, azurefileshare, empty (default) volumeType: "empty" diff --git a/values-overrides.yaml b/values-overrides.yaml index 500f34a..9971f22 100644 --- a/values-overrides.yaml +++ b/values-overrides.yaml @@ -33,7 +33,8 @@ matlabProductionServerSettings: # Enable RESTful API for management of CTF 'Deployable Archives' archivesApi: # Since R2025a enabled: false - writableStorageClaimName: "" + # Persistent-Volume-Claim name (ReadWriteMany accessMode) + rwxClaimName: "" # _OR_ # Inline mount options: hostpath, nfs, pvc, azurefileshare, empty (default) volumeType: "empty" From 7b9178983bd43b4617ef109db9baba4b94ddc310 Mon Sep 17 00:00:00 2001 From: esteinerMW Date: Fri, 27 Dec 2024 10:48:08 -0500 Subject: [PATCH 11/14] Add option for dynamically provisioned persistent volumes --- .../templates/mps-3-deployment.yaml | 12 ++++++++++-- .../mps-4-persistent-volume-claim.yaml | 18 ++++++++++++++++++ releases/R2025a/matlab-prodserver/values.yaml | 6 ++++-- values-overrides.yaml | 8 ++++++-- 4 files changed, 38 insertions(+), 6 deletions(-) create mode 100644 releases/R2025a/matlab-prodserver/templates/mps-4-persistent-volume-claim.yaml diff --git a/releases/R2025a/matlab-prodserver/templates/mps-3-deployment.yaml b/releases/R2025a/matlab-prodserver/templates/mps-3-deployment.yaml index dc3180e..e868a70 100644 --- a/releases/R2025a/matlab-prodserver/templates/mps-3-deployment.yaml +++ b/releases/R2025a/matlab-prodserver/templates/mps-3-deployment.yaml @@ -30,6 +30,9 @@ spec: runAsNonRoot: true runAsUser: 1001 runAsGroup: 1001 + {{- if .Values.matlabProductionServerSettings.autoDeploy.archivesApi.createPVC }} + fsGroup: 1001 + {{- end }} containers: - name: mps @@ -130,12 +133,17 @@ spec: name: matlab-production-server-config - name: auto-deploy {{- if .Values.matlabProductionServerSettings.autoDeploy.archivesApi.enabled }} - {{- if ne .Values.matlabProductionServerSettings.autoDeploy.archivesApi.rwxClaimName "" }} + # Valid options when archives API is enabled: createPVC: true / volumeType: pvc / empty + {{- if .Values.matlabProductionServerSettings.autoDeploy.archivesApi.createPVC }} + persistentVolumeClaim: + claimName: dynamic-auto-deploy + {{- else if eq .Values.matlabProductionServerSettings.autoDeploy.volumeType "pvc" }} persistentVolumeClaim: - claimName: {{ .Values.matlabProductionServerSettings.autoDeploy.archivesApi.rwxClaimName }} + claimName: {{ .Values.matlabProductionServerSettings.autoDeploy.claimName }} {{ else }} emptyDir: {} {{- end }} + # Valid options for predef static volume: hostpath / nfs / pvc / azurefileshare / empty {{- else if eq .Values.matlabProductionServerSettings.autoDeploy.volumeType "hostpath" }} hostPath: path: {{ .Values.matlabProductionServerSettings.autoDeploy.hostpath }} diff --git a/releases/R2025a/matlab-prodserver/templates/mps-4-persistent-volume-claim.yaml b/releases/R2025a/matlab-prodserver/templates/mps-4-persistent-volume-claim.yaml new file mode 100644 index 0000000..a913366 --- /dev/null +++ b/releases/R2025a/matlab-prodserver/templates/mps-4-persistent-volume-claim.yaml @@ -0,0 +1,18 @@ +{{ if .Values.matlabProductionServerSettings.autoDeploy.archivesApi.createPVC }} +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: dynamic-auto-deploy + namespace: {{ .Release.Namespace }} + labels: + app: mps + release: {{ .Release.Name }} +spec: + accessModes: + - {{ .Values.matlabProductionServerSettings.autoDeploy.archivesApi.accessMode | default "ReadWriteOnce" }} + volumeMode: Filesystem + storageClassName: {{ .Values.matlabProductionServerSettings.autoDeploy.archivesApi.storageClassName | default "" }} + resources: + requests: + storage: {{ .Values.matlabProductionServerSettings.autoDeploy.archivesApi.size | default "4Gi" | quote }} +{{ end }} diff --git a/releases/R2025a/matlab-prodserver/values.yaml b/releases/R2025a/matlab-prodserver/values.yaml index 6ce2c43..fc89cff 100644 --- a/releases/R2025a/matlab-prodserver/values.yaml +++ b/releases/R2025a/matlab-prodserver/values.yaml @@ -29,8 +29,10 @@ matlabProductionServerSettings: # Enable RESTful API for management of CTF 'Deployable Archives' archivesApi: enabled: false - # Persistent-Volume-Claim name (ReadWriteMany accessMode) - rwxClaimName: "" + createPVC: false + storageClassName: "" + accessMode: ReadWriteOnce + size: "4Gi" # _OR_ # Inline mount options: hostpath, nfs, pvc, azurefileshare, empty (default) volumeType: "empty" diff --git a/values-overrides.yaml b/values-overrides.yaml index 9971f22..64d1309 100644 --- a/values-overrides.yaml +++ b/values-overrides.yaml @@ -33,10 +33,13 @@ matlabProductionServerSettings: # Enable RESTful API for management of CTF 'Deployable Archives' archivesApi: # Since R2025a enabled: false - # Persistent-Volume-Claim name (ReadWriteMany accessMode) - rwxClaimName: "" + createPVC: false # When dynamic volume provisioning is enabled. + storageClassName: "" + accessMode: ReadWriteOnce # ReadWriteMany when replicaCount > 1 + size: "4Gi" # _OR_ # Inline mount options: hostpath, nfs, pvc, azurefileshare, empty (default) + # Note: archives API is supported with pvc and empty volume types. volumeType: "empty" # Node mount dir, example: /mnt/share/autodeploy hostpath: "" @@ -47,6 +50,7 @@ matlabProductionServerSettings: path: "" # ================================================================= # Persistent-Volume-Claim name, example: autodeploy-pv-claim + # If archives API is enabled, PVC Access-Mode should be RWO or RWX. claimName: "" # ================================================================= # Azure storage account file share name, example: auto-deploy-share From 28cad8563ee33c0687ee94e28cc8915dca1890be Mon Sep 17 00:00:00 2001 From: esteinerMW Date: Fri, 27 Dec 2024 13:53:40 -0500 Subject: [PATCH 12/14] Added chart validation checks for new configuration options --- .../matlab-prodserver/templates/_helpers.tpl | 18 ++++++++++++++++++ .../templates/mps-3-deployment.yaml | 3 +++ 2 files changed, 21 insertions(+) create mode 100644 releases/R2025a/matlab-prodserver/templates/_helpers.tpl diff --git a/releases/R2025a/matlab-prodserver/templates/_helpers.tpl b/releases/R2025a/matlab-prodserver/templates/_helpers.tpl new file mode 100644 index 0000000..e6a88ab --- /dev/null +++ b/releases/R2025a/matlab-prodserver/templates/_helpers.tpl @@ -0,0 +1,18 @@ +# Chart validation checks: + +{{- define "checkConditionReplicaCount" -}} +{{- if and (gt (int .Values.deploymentSettings.replicaCount) 1) .Values.matlabProductionServerSettings.autoDeploy.archivesApi.createPVC }} +{{- if ne .Values.matlabProductionServerSettings.autoDeploy.archivesApi.accessMode "ReadWriteMany" }} +{{- fail "Configuring multiple replicas requires PVC with ReadWriteMany Access-Mode." }} +{{- end }} +{{- end }} +{{- end }} + +{{- define "checkConditionVolumeType" -}} +{{- if .Values.matlabProductionServerSettings.autoDeploy.archivesApi.enabled }} +{{- $volumeType := .Values.matlabProductionServerSettings.autoDeploy.volumeType }} +{{- if and (ne $volumeType "pvc") (ne $volumeType "empty") }} +{{- fail "Configuring archives API is only supported with pvc or empty volume types." }} +{{- end }} +{{- end }} +{{- end }} diff --git a/releases/R2025a/matlab-prodserver/templates/mps-3-deployment.yaml b/releases/R2025a/matlab-prodserver/templates/mps-3-deployment.yaml index e868a70..51c956c 100644 --- a/releases/R2025a/matlab-prodserver/templates/mps-3-deployment.yaml +++ b/releases/R2025a/matlab-prodserver/templates/mps-3-deployment.yaml @@ -1,6 +1,9 @@ # # MATLAB Production Server instance # +{{- include "checkConditionVolumeType" . }} +{{- include "checkConditionReplicaCount" . }} + apiVersion: apps/v1 kind: Deployment metadata: From 05cec1550f0426b58bd140f248e907d9f8c515ec Mon Sep 17 00:00:00 2001 From: esteinerMW Date: Fri, 27 Dec 2024 17:40:43 -0500 Subject: [PATCH 13/14] Updated comments --- README.md | 7 +++---- values-overrides.yaml | 2 ++ 2 files changed, 5 insertions(+), 4 deletions(-) diff --git a/README.md b/README.md index 374867d..2440012 100644 --- a/README.md +++ b/README.md @@ -35,10 +35,9 @@ If you do not have a license, please contact your MathWorks representative [here ## Quick Start The Quick Start option is recommended for the following cases: -* You are deploying MATLAB Production Server R2024b or newer -* You don't require significant changes to the Helm chart -* You are not running MATLAB Production server on Kubernetes as part of a CI/CD workflow -For CI/CD workflows, we recommend that you cache docker images in your private container registry. For more complex workflows, use the [Deployment Steps](#Deployment-Steps) +* You are deploying MATLAB Production Server R2024b or newer. +* You don't require significant changes to the Helm chart. +* For CI/CD workflows, we recommend that you retag and cache docker images in your private container registry. The Quick Start option only requires you to download a single file, rather than cloning the full GitHub repository. For more complex workflows, use the [Deployment Steps](#Deployment-Steps) diff --git a/values-overrides.yaml b/values-overrides.yaml index 64d1309..4eb1dd3 100644 --- a/values-overrides.yaml +++ b/values-overrides.yaml @@ -76,6 +76,8 @@ matlabProductionServerSettings: "userAttributeName": "email", "groupAttributeName": "groups" } + # Note: FQDNs configured in 'jwtIssuer' and 'jwksUri' above, + # must be reachable from within the Kubernetes cluster network. # ------------------------------------------------------------- policyRules: |- { From fb6de423dfe145edd3d4e9f567865a22b201fb88 Mon Sep 17 00:00:00 2001 From: esteinerMW Date: Tue, 14 Jan 2025 16:14:50 -0500 Subject: [PATCH 14/14] Updated comments --- values-overrides.yaml | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/values-overrides.yaml b/values-overrides.yaml index 4eb1dd3..2da4c66 100644 --- a/values-overrides.yaml +++ b/values-overrides.yaml @@ -28,12 +28,13 @@ global: secretName: "" matlabProductionServerSettings: - # CTF files are placed here for automatic deployment. + # CTF files are placed in this volume for automatic deployment. autoDeploy: # Enable RESTful API for management of CTF 'Deployable Archives' archivesApi: # Since R2025a enabled: false - createPVC: false # When dynamic volume provisioning is enabled. + createPVC: false # Enable when archivesApi is enabled and dynamic + # volume provisioning in enabled on K8s cluster. storageClassName: "" accessMode: ReadWriteOnce # ReadWriteMany when replicaCount > 1 size: "4Gi" @@ -76,8 +77,8 @@ matlabProductionServerSettings: "userAttributeName": "email", "groupAttributeName": "groups" } - # Note: FQDNs configured in 'jwtIssuer' and 'jwksUri' above, - # must be reachable from within the Kubernetes cluster network. + # Note: FQDNs configured in 'jwtIssuer' and 'jwksUri' above + # MUST be reachable from within the K8s cluster network. # ------------------------------------------------------------- policyRules: |- {