Hey guys,
I was wondering if the possibility to add annotations to pods launched by shinyproxy on Kubernetes could be added? This would enable us to attach an AWS IAM role to a container and use AWS resources in shiny apps.
Many thanks in advance! And thanks for all the great work.
Cheers,
Emelie
I would also like to add annotations to pods launched by shiny proxy for exactly the same reason. I tried to alter the code to this end but my Java skills aren't good enough.
If anyone is still maintaining the project, this would be a really useful feature!
In case anyone else is having the same issue, I found a workaround for adding annotations and tolerations to pods launched by shiny proxy.
In my setup shiny proxy is launches pods into a dedicated namespace. I launched another container alongside shinyproxy which constantly annotates and patches any pods in that namespace.
(in spec
section of deployment):
- name: shiny-role-spammer
image: zlabjp/kubernetes-resource
command:
- "/bin/bash"
- "-c"
- |
while [ 1 ]; do
# Add annotation for kube2iam
kubectl -n external annotate pods --all iam.amazonaws.com/role="arn:aws:iam::123456654321:role/shiny-external";
# Add tolerations
kubectl -n external get pods -o jsonpath='{.items[*].metadata.name}' | grep sp- | \
xargs kubectl -n external patch -p \
'{"spec":{"tolerations":[{"key":"purpose", "operator": "Equal", "value": "external", "effect": "NoSchedule"}]}}' \
pod
sleep 2;
done
good idea! Perfect!
Hi all
Thank you for your PR!
In order to not have to implement every Kubernetes feature in ContainerProxy, we decided to add a generic way of adding Kubernetes specific configuration to a ContainerProxy app. This feature is called kubernetes-pod-patches
and allows to patch the specification of the Pod before it is created by ContainerProxy.
More information about this feature can be found here (you have to scroll down a bit).
This should cover your use-case. Feel free to open an issue if you experience any issue with this feature.
The change is included in the just ShinyProxy 2.4.0
Again thanks for your contribution.
Thanks @LEDfan this solution is really great - just see it now!
After some trial and error I managed to get it to work for adding IAM role annotations in the following way:
- id: 01_hello
displayName: Hello Application
description: Application which demonstrates the basics of a Shiny app
containerCmd: ["R", "-e", "shinyproxy::run_01_hello()"]
containerImage: openanalytics/shinyproxy-demo
kubernetes-pod-patches: |
- op: add
path: /metadata/annotations
value: { "iam.amazonaws.com/role": "<YOUR-IAM-ROLE>" }
Most helpful comment
In case anyone else is having the same issue, I found a workaround for adding annotations and tolerations to pods launched by shiny proxy.
In my setup shiny proxy is launches pods into a dedicated namespace. I launched another container alongside shinyproxy which constantly annotates and patches any pods in that namespace.
(in
spec
section of deployment):