Shinyproxy: [Feature request] Possibility to add annotations to pods on Kubernetes

Created on 22 May 2019 · 5Comments · Source: openanalytics/shinyproxy

Hey guys,

I was wondering if the possibility to add annotations to pods launched by shinyproxy on Kubernetes could be added? This would enable us to attach an AWS IAM role to a container and use AWS resources in shiny apps.

Many thanks in advance! And thanks for all the great work.

Cheers,

Emelie

enhancement

Source

Emelieh21

👍3

Most helpful comment

In case anyone else is having the same issue, I found a workaround for adding annotations and tolerations to pods launched by shiny proxy.
In my setup shiny proxy is launches pods into a dedicated namespace. I launched another container alongside shinyproxy which constantly annotates and patches any pods in that namespace.

(in spec section of deployment):

- name: shiny-role-spammer
  image: zlabjp/kubernetes-resource
  command:
  - "/bin/bash"
  - "-c"
  - |
    while [ 1 ]; do
      # Add annotation for kube2iam
      kubectl -n external annotate pods --all iam.amazonaws.com/role="arn:aws:iam::123456654321:role/shiny-external";
      # Add tolerations
      kubectl -n external get pods -o jsonpath='{.items[*].metadata.name}' | grep sp- | \
        xargs kubectl -n external patch -p \
        '{"spec":{"tolerations":[{"key":"purpose", "operator": "Equal", "value": "external", "effect": "NoSchedule"}]}}' \
        pod
      sleep 2;
    done

lukeplausin on 11 Sep 2019

👍2 🚀1 ❤1

All 5 comments

I would also like to add annotations to pods launched by shiny proxy for exactly the same reason. I tried to alter the code to this end but my Java skills aren't good enough.

If anyone is still maintaining the project, this would be a really useful feature!

lukeplausin on 11 Sep 2019

(in spec section of deployment):

- name: shiny-role-spammer
  image: zlabjp/kubernetes-resource
  command:
  - "/bin/bash"
  - "-c"
  - |
    while [ 1 ]; do
      # Add annotation for kube2iam
      kubectl -n external annotate pods --all iam.amazonaws.com/role="arn:aws:iam::123456654321:role/shiny-external";
      # Add tolerations
      kubectl -n external get pods -o jsonpath='{.items[*].metadata.name}' | grep sp- | \
        xargs kubectl -n external patch -p \
        '{"spec":{"tolerations":[{"key":"purpose", "operator": "Equal", "value": "external", "effect": "NoSchedule"}]}}' \
        pod
      sleep 2;
    done

lukeplausin on 11 Sep 2019

👍2 🚀1 ❤1

good idea! Perfect!

RogerioScussel on 22 Nov 2019

Hi all

Thank you for your PR!
In order to not have to implement every Kubernetes feature in ContainerProxy, we decided to add a generic way of adding Kubernetes specific configuration to a ContainerProxy app. This feature is called kubernetes-pod-patches and allows to patch the specification of the Pod before it is created by ContainerProxy.
More information about this feature can be found here (you have to scroll down a bit).
This should cover your use-case. Feel free to open an issue if you experience any issue with this feature.
The change is included in the just ShinyProxy 2.4.0

Again thanks for your contribution.

LEDfan on 12 Oct 2020

❤1 🎉1 👍1

Thanks @LEDfan this solution is really great - just see it now!

After some trial and error I managed to get it to work for adding IAM role annotations in the following way:

  - id: 01_hello
    displayName: Hello Application
    description: Application which demonstrates the basics of a Shiny app
    containerCmd: ["R", "-e", "shinyproxy::run_01_hello()"]
    containerImage: openanalytics/shinyproxy-demo
    kubernetes-pod-patches: |
     - op: add
       path: /metadata/annotations
       value: { "iam.amazonaws.com/role": "<YOUR-IAM-ROLE>" }

Emelieh21 on 23 Apr 2021

👍1

Was this page helpful?

0 / 5 - 0 ratings