Merge remote-tracking branch 'origin/master' into HEAD

docs/region-configuration.md

@@ -46,6 +46,8 @@ Users can work on Onyxia as a User or as a Group to which they belong. Each user
 | --------------------- | ------- | ------------------------------------------------------------------ | ---- |
 | `type` | | Type of the platform on which services are launched. Only Kubernetes is supported, Marathon has been removed. | "KUBERNETES" |
 | `allowNamespaceCreation` | true | If true, the /onboarding endpoint is enabled and the user will have a namespace created on its first request on a service resource. | true |
+| `namespaceLabels` |  | Labels to add at namespace creation | {"zone":"prod"} |
+| `namespaceAnnotations` |  | Annotations to add at namespace creation | {"zone":"prod"} |
 | `singleNamespace` | true | When true, all users share the same namespace on the service provider. This configuration can be used if a project works on its own Onyxia region. | |
 | `userNamespace` | true | When true, all users have a namespace for their work. This configuration can be used if you don't allow a user to have their own space to work and only use project space | |
 | `namespacePrefix` | "user-" | User has a personal namespace like namespacePrefix + userId (should only be used when not singleNamespace but not the case) | |
@@ -99,7 +101,7 @@ When this feature is enabled, namespaces are created with **quotas**.
 | --------------------- | ------- | ------------------------------------------------------------------ |
 | `enabled` | false | Whether or not users are subject to a resource limitation. Quotas can only be applied to users and not to groups. |
 | `allowUserModification` | true | Whether or not the user can manually disable or change its own limitation. |
-| `defaultQuota` | | The quota is applied on the namespace before user modification or reset. |
+| `default` | | The quota is applied on the namespace at creation, before user modification or reset. New configuration will not be applied to existing namespaces. |
 
 A quota follows the Kubernetes model which is composed of:
 "requests.memory"

onyxia-api/entrypoint.sh

@@ -1,11 +1,16 @@
 #!/bin/bash
 
 # Import CA certificates to Java keystore
-for file in $CACERTS_DIR/*
-do
-  echo "Adding $file to keystore"
-  keytool -import -cacerts -trustcacerts -noprompt -storepass changeit -alias $(basename $file) -file $file
-done
+if [[ -n "$CACERTS_DIR" ]]; then
+  for file in $CACERTS_DIR/*
+  do
+    if [ -f "$file" ]
+    then
+      echo "Adding $file to keystore"
+      keytool -import -cacerts -trustcacerts -noprompt -storepass changeit -alias $(basename $file) -file $file
+    fi
+  done
+fi
 
 # Run application
 java -jar /app.jar

onyxia-api/src/main/java/fr/insee/onyxia/api/services/impl/HelmAppsService.java

@@ -357,7 +357,7 @@ private Service getServiceFromRelease(
         KubernetesClient client = kubernetesClientProvider.getUserClient(region, user);
         InputStream inputStream =
                 new ByteArrayInputStream(manifest.getBytes(Charset.forName("UTF-8")));
-        List<HasMetadata> hasMetadatas = client.load(inputStream).get();
+        List<HasMetadata> hasMetadatas = client.load(inputStream).items();
         List<Ingress> ingresses =
                 hasMetadatas.stream()
                         .filter(hasMetadata -> hasMetadata instanceof Ingress)

onyxia-api/src/main/java/fr/insee/onyxia/api/services/impl/kubernetes/KubernetesService.java

@@ -73,7 +73,9 @@ private String createNamespace(Region region, String namespaceId, Owner owner) {
                         new NamespaceBuilder()
                                 .withNewMetadata()
                                 .withName(namespaceId)
+                                .withLabels(region.getServices().getNamespaceLabels())
                                 .addToLabels("onyxia_owner", owner.getId())
+                                .withAnnotations(region.getServices().getNamespaceAnnotations())
                                 .endMetadata()
                                 .build())
                 .create();

onyxia-model/src/main/java/fr/insee/onyxia/model/region/Region.java

@@ -6,7 +6,9 @@
 import fr.insee.onyxia.model.service.quota.Quota;
 import io.swagger.v3.oas.annotations.media.Schema;
 import java.util.ArrayList;
+import java.util.HashMap;
 import java.util.List;
+import java.util.Map;
 
 @Schema(description = "")
 public class Region {
@@ -183,6 +185,8 @@ public static enum AuthenticationMode {
         private Service.ServiceType type;
         private boolean singleNamespace = true;
         private boolean allowNamespaceCreation = true;
+        private Map<String, String> namespaceLabels = new HashMap<String, String>();
+        private Map<String, String> namespaceAnnotations = new HashMap<String, String>();
         private boolean userNamespace = true;
         private String namespacePrefix = "user-";
         private String groupNamespacePrefix = "projet-";
@@ -508,6 +512,22 @@ public void setAllowNamespaceCreation(boolean allowNamespaceCreation) {
             this.allowNamespaceCreation = allowNamespaceCreation;
         }
 
+        public Map<String, String> getNamespaceLabels() {
+            return namespaceLabels;
+        }
+
+        public void getNamespaceLabels(Map<String, String> namespaceLabels) {
+            this.namespaceLabels = namespaceLabels;
+        }
+
+        public Map<String, String> getNamespaceAnnotations() {
+            return namespaceAnnotations;
+        }
+
+        public void getNamespaceAnnotations(Map<String, String> namespaceAnnotations) {
+            this.namespaceAnnotations = namespaceAnnotations;
+        }
+
         public boolean isUserNamespace() {
             return userNamespace;
         }