From c2c8a53378e7e762dac632f715dc2b4fdc095b20 Mon Sep 17 00:00:00 2001 From: Alberto Chiusole Date: Fri, 30 Jan 2026 17:32:16 +0100 Subject: [PATCH 01/20] Add Pipeline Optimization and Studios helm docs in ent vNext --- .../enterprise/groundswell-helm.md | 29 +++++++++++++++++++ .../enterprise/install-groundswell.md | 3 +- .../enterprise/install-platform.md | 4 +-- .../enterprise/install-studios.md | 3 +- .../enterprise/studios-docker-compose.md | 9 +----- .../enterprise/studios-helm.md | 29 +++++++++++++++++++ .../enterprise/studios-kubernetes.md | 7 +---- .../enterprise/studios.md | 10 ++++--- 8 files changed, 72 insertions(+), 22 deletions(-) create mode 100644 platform-enterprise_docs/enterprise/groundswell-helm.md create mode 100644 platform-enterprise_docs/enterprise/studios-helm.md diff --git a/platform-enterprise_docs/enterprise/groundswell-helm.md b/platform-enterprise_docs/enterprise/groundswell-helm.md new file mode 100644 index 000000000..0c9753a03 --- /dev/null +++ b/platform-enterprise_docs/enterprise/groundswell-helm.md @@ -0,0 +1,29 @@ +--- +title: "Pipeline Optimization: Helm" +description: Deploy Pipeline Optimization Enterprise on Kubernetes with Helm +date created: "2026-01-30" +tags: [helm, deployment, installation, kubernetes, pipeline-optimization] +--- + +[Helm](https://helm.sh) is an open-source command line tool used for managing Kubernetes applications. Seqera offers a [Helm chart](https://github.com/seqeralabs/helm-charts/tree/pipeline-optimization-0.2.4/platform/charts/pipeline-optimization) to deploy Pipeline Optimization Enterprise on a Kubernetes cluster. + +Refer to the [Pipeline Optimization installation overview](./install-pipeline-optimization) for prerequisites and configuration options. + +For generic instructions on how to install Seqera Helm charts, refer to the Seqera Platform Enterprise installation guide [using Helm](./platform-helm). + +## Installation as part of Seqera Platform Enterprise + +The Pipeline Optimization Helm chart has been designed as a sub-chart of the main Seqera Platform Enterprise Helm +chart, but can optionally be installed independently like the Platform chart. + +To install Pipeline Optimization as part of your Seqera Platform Enterprise deployment, make sure the +`pipeline-optimization.enabled` value in your custom Platform's `values.yaml` file is set to `true`: + +```yaml +pipeline-optimization: + enabled: true +``` + +At the same time, configure the desired Pipeline Optimization options as described in the [Pipeline Optimization Helm chart documentation](https://github.com/seqeralabs/helm-charts/tree/pipeline-optimization-0.2.4/platform/charts/pipeline-optimization), in particular the Pipeline Optimization and Platform databases. Also refer to the [example](https://github.com/seqeralabs/helm-charts/tree/pipeline-optimization-0.2.4/platform/examples/pipeline-optimization) provided in the Helm charts repository. + +Then, follow the instructions in the Seqera Platform Enterprise installation guide [using Helm](./platform-helm) to install or upgrade your Platform deployment with Pipeline Optimization. diff --git a/platform-enterprise_docs/enterprise/install-groundswell.md b/platform-enterprise_docs/enterprise/install-groundswell.md index ce899648e..39656839f 100644 --- a/platform-enterprise_docs/enterprise/install-groundswell.md +++ b/platform-enterprise_docs/enterprise/install-groundswell.md @@ -11,8 +11,9 @@ Pipeline resource optimization (Groundswell) uses resource usage data from previ | Method | Guide | | :----- | :---- | -| Docker Compose | [Pipeline optimization: Docker Compose](./groundswell-docker-compose) | +| Helm | [Pipeline optimization: Helm](./groundswell-helm) | | Kubernetes | [Pipeline optimization: Kubernetes](./groundswell-kubernetes) | +| Docker Compose | [Pipeline optimization: Docker Compose](./groundswell-docker-compose) | ## Prerequisites diff --git a/platform-enterprise_docs/enterprise/install-platform.md b/platform-enterprise_docs/enterprise/install-platform.md index 5d3b13541..f50e70c15 100644 --- a/platform-enterprise_docs/enterprise/install-platform.md +++ b/platform-enterprise_docs/enterprise/install-platform.md @@ -12,9 +12,9 @@ Seqera Platform Enterprise can be deployed using Docker Compose, Kubernetes, or | Method | Use case | | :----- | :------- | -| [Docker Compose](./platform-docker-compose) | Evaluation, development, small production workloads | -| [Kubernetes](./platform-kubernetes) | Production workloads requiring high availability | | [Helm](./platform-helm) | Kubernetes deployments using Helm charts | +| [Kubernetes](./platform-kubernetes) | Production workloads requiring high availability | +| [Docker Compose](./platform-docker-compose) | Evaluation, development, small production workloads | ## Prerequisites diff --git a/platform-enterprise_docs/enterprise/install-studios.md b/platform-enterprise_docs/enterprise/install-studios.md index 3c61f946e..0620e8d0d 100644 --- a/platform-enterprise_docs/enterprise/install-studios.md +++ b/platform-enterprise_docs/enterprise/install-studios.md @@ -11,8 +11,9 @@ Studios provides interactive analysis environments within Seqera Platform. Deplo | Method | Guide | | :----- | :---- | -| Docker Compose | [Studios: Docker Compose](./studios-docker-compose) | +| Helm | [Studios: Helm](./studios-helm) | | Kubernetes | [Studios: Kubernetes](./studios-kubernetes) | +| Docker Compose | [Studios: Docker Compose](./studios-docker-compose) | ## Prerequisites diff --git a/platform-enterprise_docs/enterprise/studios-docker-compose.md b/platform-enterprise_docs/enterprise/studios-docker-compose.md index 1545ab384..1d24871d8 100644 --- a/platform-enterprise_docs/enterprise/studios-docker-compose.md +++ b/platform-enterprise_docs/enterprise/studios-docker-compose.md @@ -7,14 +7,7 @@ tags: [docker, compose, studios, deployment] This guide describes how to deploy Studios for Seqera Platform Enterprise with Docker Compose. -## Prerequisites - -Before you begin, you need: -- A running Seqera Platform Enterprise Docker Compose deployment -- A wildcard TLS certificate for your domain (e.g., `*.example.com`) -- A wildcard DNS record (e.g., `*.example.com`) -- Inbound traffic allowed on port 9090 -- Traffic on port 9090 through your load balancer +Refer to the [Studios installation overview](./install-studios) for prerequisites and configuration options. ## Procedure diff --git a/platform-enterprise_docs/enterprise/studios-helm.md b/platform-enterprise_docs/enterprise/studios-helm.md new file mode 100644 index 000000000..62668a47f --- /dev/null +++ b/platform-enterprise_docs/enterprise/studios-helm.md @@ -0,0 +1,29 @@ +--- +title: "Studios: Helm" +description: Deploy Studios Enterprise on Kubernetes with Helm +date created: "2026-01-30" +tags: [helm, deployment, installation, kubernetes, studios] +--- + +[Helm](https://helm.sh) is an open-source command line tool used for managing Kubernetes applications. Seqera offers a [Helm chart](https://github.com/seqeralabs/helm-charts/tree/studios-1.1.3/platform/charts/studios) to deploy Studios Enterprise on a Kubernetes cluster. + +Refer to the [Studios installation overview](./install-studios) for prerequisites and configuration options. + +For generic instructions on how to install Seqera Helm charts, refer to the Seqera Platform Enterprise installation guide [using Helm](./platform-helm). + +## Installation as part of Seqera Platform Enterprise + +The Studios Helm chart has been designed as a sub-chart of the main Seqera Platform Enterprise Helm +chart, but can optionally be installed independently like the Platform chart. + +To install Studios as part of your Seqera Platform Enterprise deployment, make sure the +`studios.enabled` value in your custom Platform's `values.yaml` file is set to `true`: + +```yaml +studios: + enabled: true +``` + +At the same time, configure the desired Studios options as described in the [Studios Helm chart documentation](https://github.com/seqeralabs/helm-charts/tree/studios-1.1.3/platform/charts/studios), in particular the Studios service domain and the subdomains that it will use for incoming connections. Also refer to the [example](https://github.com/seqeralabs/helm-charts/tree/studios-1.1.3/platform/examples/studios) provided in the Helm charts repository. + +Then, follow the instructions in the Seqera Platform Enterprise installation guide [using Helm](./platform-helm) to install or upgrade your Platform deployment with Studios. diff --git a/platform-enterprise_docs/enterprise/studios-kubernetes.md b/platform-enterprise_docs/enterprise/studios-kubernetes.md index 779e688cb..6826cfe02 100644 --- a/platform-enterprise_docs/enterprise/studios-kubernetes.md +++ b/platform-enterprise_docs/enterprise/studios-kubernetes.md @@ -7,12 +7,7 @@ tags: [kubernetes, studios, deployment] This guide describes how to deploy Studios for Seqera Platform Enterprise on Kubernetes. -## Prerequisites - -Before you begin, you need: -- A running Seqera Platform Enterprise Kubernetes deployment -- A wildcard TLS certificate for your domain (e.g., `*.example.com`) -- A wildcard DNS record (e.g., `*.example.com`) +Refer to the [Studios installation overview](./install-studios) for prerequisites and configuration options. ## Procedure diff --git a/platform-enterprise_docs/enterprise/studios.md b/platform-enterprise_docs/enterprise/studios.md index e7e932218..961dae449 100644 --- a/platform-enterprise_docs/enterprise/studios.md +++ b/platform-enterprise_docs/enterprise/studios.md @@ -8,11 +8,13 @@ tags: [docker, compose, kubernetes, studios, deployment] Enable Studios as part of your Seqera Platform Enterprise instance. You must have Data Explorer enabled to use Studios. AWS, Azure, and GCP public clouds are currently supported. -:::caution -You must upgrade your Seqera Enterprise installation to version 25.1 to enable and configure Studios. -::: +## Prerequisites -Studios requires a Redis 7 instance separate from the one used by Seqera Platform. +Before you begin, you need: +- A running Seqera Platform Enterprise Docker Compose deployment +- A wildcard TLS certificate for your domain (e.g., `*.example.com`) +- A wildcard DNS record (e.g., `*.example.com`) +- A Redis 7 instance separate from the one used by Seqera Platform ## DNS configuration From 4acfd695bb771c24416dd91f96b115bb03842807 Mon Sep 17 00:00:00 2001 From: Alberto Chiusole Date: Mon, 2 Feb 2026 15:03:30 +0100 Subject: [PATCH 02/20] Move generic Studios instructions to install-studios page, keep k8s and compose pages --- .../enterprise/install-studios.md | 73 ++++- .../enterprise/studios-docker-compose.md | 26 +- .../enterprise/studios-kubernetes.md | 62 +++- .../enterprise/studios.md | 279 ------------------ 4 files changed, 137 insertions(+), 303 deletions(-) delete mode 100644 platform-enterprise_docs/enterprise/studios.md diff --git a/platform-enterprise_docs/enterprise/install-studios.md b/platform-enterprise_docs/enterprise/install-studios.md index 0620e8d0d..c373eb9b8 100644 --- a/platform-enterprise_docs/enterprise/install-studios.md +++ b/platform-enterprise_docs/enterprise/install-studios.md @@ -18,11 +18,74 @@ Studios provides interactive analysis environments within Seqera Platform. Deplo ## Prerequisites Before you begin, you need: -- A running Seqera Platform Enterprise deployment +- A running Seqera Platform Enterprise deployment at hostname `example.com` or `platform.example.com` - A Redis 7 instance separate from the one used by Seqera Platform -- TLS certificates for the Studios service and Studios subdomains (you can use a single certificate covering both or separate certificates) -- A wildcard DNS record +- TLS certificates for the Studios service `connect.example.com` and its wildcard Studios subdomains `*.connect.example.com` + * A single certificate covering both entries can be used, or separate certificates + * The studios subdomain must share the same "root domain" with the Platform installation, for example with platform installed at `example.com` or `platform.example.com`, Studios can be installed at: + - `connect.example.com` or using another name such as `studios.example.com` + - `connect.platform.example.com` + - `connect.another.subdomain.example.com` +- A wildcard DNS record covering the Studios subdomains, e.g., `*.connect.example.com` +- Data Explorer enabled in your Seqera Platform instance (automatic with Helm deployments) -## Configuration +## DNS Configuration -See [Studios](./studios) for DNS configuration, workspace availability, and environment image options. +Each Studio is reachable at a unique URL that includes a randomly generated subdomain name. For example: `https://abcd.connect.example.com/`, where `connect.example.com` is the Studios service domain. + +Provide a wildcard TLS certificate to allow for uniquely generated subdomains. A wildcard certificate common name includes `*.` in the domain name, such as `*.connect.example.com`, thereby securing any subdomain name at this level. + +Studios uses the following set of domains and subdomains: + +- The Platform domain that you set for `TOWER_SERVER_URL`, such as `example.com`. +- A wildcard subdomain that you must configure specifically for Studios. This wildcard subdomain is the parent for each unique session URL, such as `abcd.connect.example.com`. +- The connection proxy, defined by `CONNECT_PROXY_URL`. This URL is a first-level subdomain of your `TOWER_SERVER_URL`. For example, `https://connect.example.com`. + +## Studios workspace availability + +You can configure which organizational workspaces have access to Studios. This configuration is set in the `tower.yml` file. The `tower.data-studio.allowed-workspaces` field supports the following options: + +- `allowed-workspaces: []`: Disables Studios. This is the default if the `allowed-workspaces` field is not specified. +- `allowed-workspaces: [ , ]`: Enables Studios for the comma-separated list of organizational workspace IDs. +- `allowed-workspaces: null`: Enables Studios for all organizational workspaces. + +In the Platform Helm chart, set the desired configuration in the `platform.YAMLConfigFileContent` field. For example, to enable Studios for workspaces 12345 and 67890: + +```yaml +platform: + YAMLConfigFileContent: |- + tower: + data-studio: + allowed-workspaces: [12345,67890] +``` + +## Available Studios environment images + +Each of the provided environments includes a particular version of the underlying software package and the version of Seqera Connect, an integrated web- and file-server. + +To quickly identify which version of the software an image includes, the version string for each container is in the form of `-`. For example, if the version string for the R-IDE is `2025.04.1-0.9`, version `2025.04.01` is the R-IDE version and `0.9` is the Connect version of this Seqera-built container image. Learn more about Studios [environment versioning](../studios/container-images). + +- To see the list of all JupyterLab image templates available, including security scan results or to inspect the container specification (including container specifications, configuration, and manifest), see [public.cr.seqera.io/repo/platform/data-studio-jupyter][ds-jupyter]. +- To see the list of all R-IDE image templates available, including security scan results or to inspect the container specification (including container specifications, configuration, and manifest), see [https://public.cr.seqera.io/repo/platform/data-studio-ride][ds-ride]. +- To see the list of all Visual Studio Code image templates available, including security scan results or to inspect the container specification (including container specifications, configuration, and manifest), see [public.cr.seqera.io/platform/data-studio-vscode][ds-vscode]. +- To see the list of all Xpra image templates available, including security scan results or to inspect the container specification (including container specifications, configuration, and manifest), see [public.cr.seqera.io/repo/platform/data-studio-xpra][ds-xpra]. + +## Path-based routing configuration + +If your Enterprise deployment requires non-wildcard SSL certificates, enable path-based routing for Studios. This changes the dynamic subdomain used for each Studios session to a fixed subdomain with path-based routing. + +- When `TOWER_DATA_STUDIO_ENABLE_PATH_ROUTING` is omitted, empty, or `false`, the Studios session URLs use unique subdomains: + - https://a1234abc.connect.cloud.seqera.io/ + - https://a5678abcd.connect.cloud.seqera.io/ + +- When `TOWER_DATA_STUDIO_ENABLE_PATH_ROUTING=true`, the Studios session URLs use path-based routing: + - https://connect.connect.cloud.seqera.io/_studio/a1234abc + - https://connect.connect.cloud.seqera.io/_studio/a5678abcd + +Path-based routing is only available from Seqera Platform version 25.2 and the latest Connect server and clients. It is supported for Visual Studio Code, JupyterLab, and R-IDE container template images. It is not supported for the Xpra container template image. + +{/* links */} +[ds-jupyter]: https://public.cr.seqera.io/repo/platform/data-studio-jupyter +[ds-ride]: https://public.cr.seqera.io/repo/platform/data-studio-ride +[ds-vscode]: https://public.cr.seqera.io/repo/platform/data-studio-vscode +[ds-xpra]: https://public.cr.seqera.io/repo/platform/data-studio-xpra diff --git a/platform-enterprise_docs/enterprise/studios-docker-compose.md b/platform-enterprise_docs/enterprise/studios-docker-compose.md index 1d24871d8..4ef752acf 100644 --- a/platform-enterprise_docs/enterprise/studios-docker-compose.md +++ b/platform-enterprise_docs/enterprise/studios-docker-compose.md @@ -46,7 +46,7 @@ Refer to the [Studios installation overview](./install-studios) for prerequisite 1. Open `data-studios.env` and set the following: - Uncomment the `connect-proxy` and `connect-server` services. - - `PLATFORM_URL`: The same value as `TOWER_SERVER_URL` (e.g., `https://example.com`). + - `PLATFORM_URL`: The same value as `TOWER_SERVER_URL` (e.g., `https://platform.example.com/` or `https://example.com/`). - `CONNECT_PROXY_URL`: A URL for the connect proxy subdomain (e.g., `https://connect.example.com`). - `CONNECT_OIDC_CLIENT_REGISTRATION_TOKEN`: The same value as `oidc_registration_token`. @@ -57,7 +57,7 @@ Refer to the [Studios installation overview](./install-studios) for prerequisite - `TOWER_OIDC_REGISTRATION_INITIAL_ACCESS_TOKEN`: The same value as `oidc_registration_token`. - `TOWER_OIDC_PEM_PATH`: The file path to the PEM certificate (e.g., `/data-studios-rsa.pem`). -1. Edit `tower.yml` to enable Studios: +1. Edit the `tower.yml` file and include the following snippet to enable Studios in all workspaces in your Platform instance: ```yaml tower: @@ -65,14 +65,30 @@ Refer to the [Studios installation overview](./install-studios) for prerequisite allowed-workspaces: null ``` + Alternatively, you can specify a comma-separated list of workspace IDs to enable Studios only on those workspaces. + + ```yaml + tower: + data-studio: + allowed-workspaces: [12345,67890] + ``` + 1. Start your Platform instance: ```bash docker compose up -d ``` -1. Verify Studios is available by logging into Seqera and navigating to an organizational workspace. The **Studios** tab should be displayed. +1. To confirm that Studios is available, log in to your Platform instance and navigate to an organizational workspace that has Studios enabled. The **Studios** tab is included with the available tabs. + +## Tool Configuration + +This guide assumes that all services will be run in the same container as the rest of your Seqera Platform services. + +If you were using Studios prior to GA (v25.1) please review the `tower.env` file and make sure you are using the latest version which includes a new variable `TOWER_DATA_STUDIO_TEMPLATES__TOOL`. This variable needs to be added to the default/Seqera-provided Studio templates: + +`TOWER_DATA_STUDIO_TEMPLATES__TOOL: ''` -## Configuration +The `TEMPLATE_KEY` can be any string, but the `TOOL_NAME` has to be the template name (`jupyter`/`vscode`/`rstudio`/`xpra`). -See [Studios deployment](./studios) for DNS configuration, workspace availability, and environment image options. +You can also check the current template configuration using `https://towerurl/api/studios/templates?workspaceId=`. The response should include the `TOOL` configuration and template name (`jupyter`/`vscode`/`rstudio`/`xpra`) - not `custom`. diff --git a/platform-enterprise_docs/enterprise/studios-kubernetes.md b/platform-enterprise_docs/enterprise/studios-kubernetes.md index 6826cfe02..e9cdd143f 100644 --- a/platform-enterprise_docs/enterprise/studios-kubernetes.md +++ b/platform-enterprise_docs/enterprise/studios-kubernetes.md @@ -9,6 +9,16 @@ This guide describes how to deploy Studios for Seqera Platform Enterprise on Kub Refer to the [Studios installation overview](./install-studios) for prerequisites and configuration options. +## Tool configuration + +This procedure describes how to configure Studios for Seqera Enterprise deployments in Kubernetes. If you were using Studios prior to GA (v25.1) please review the `configmap.yaml` file and make sure you are using the latest version which includes a new variable `TOWER_DATA_STUDIO_TEMPLATES__TOOL`. This variable needs to be added to the default/Seqera-provided Studio templates: + +`TOWER_DATA_STUDIO_TEMPLATES__TOOL: ''` + +The `TEMPLATE_KEY` can be any string, but the `TOOL_NAME` has to be the template name (`jupyter`/`vscode`/`rstudio`/`xpra`). + +You can also check the current template configuration using `https://towerurl/api/studios/templates?workspaceId=`. The response should include the `TOOL` configuration and template name (`jupyter`/`vscode`/`rstudio`/`xpra`) - not `custom`. + ## Procedure 1. Download the Kubernetes manifests for the Studios service: @@ -24,7 +34,7 @@ Refer to the [Studios installation overview](./install-studios) for prerequisite 1. Edit the `server.yml` file and set the `CONNECT_REDIS_ADDRESS` environment variable to the hostname or IP address of the Redis server configured for Platform. -1. Create an initial OIDC registration token: +1. Create an initial OIDC registration token, which can be any secure random string. For example, using openssl: ```bash oidc_registration_token=$(openssl rand -base64 32 | tr -d /=+ | cut -c -32) @@ -34,7 +44,7 @@ Refer to the [Studios installation overview](./install-studios) for prerequisite - `CONNECT_REDIS_ADDRESS`: The hostname or IP address of the Redis server configured for Seqera. - `CONNECT_PROXY_URL`: A URL for the connect proxy subdomain (e.g., `https://connect.example.com`). - - `PLATFORM_URL`: The base URL for your installation (e.g., `https://example.com/`). + - `PLATFORM_URL`: The base URL for your installation (e.g., `https://platform.example.com/` or `https://example.com/`). - `CONNECT_OIDC_CLIENT_REGISTRATION_TOKEN`: The same value as the `oidc_registration_token` value created previously. 1. Edit your `ingress.eks.yml` file: @@ -42,14 +52,21 @@ Refer to the [Studios installation overview](./install-studios) for prerequisite - Uncomment the `host` section at the bottom of the file. - Replace `` with the base domain of your installation. -1. Generate an RSA public/private key pair: + :::note + This assumes that you have an existing Seqera ingress already configured with the following fields: + + - `alb.ingress.kubernetes.io/certificate-arn`: The ARN of a wildcard TLS certificate that secures your URL and connect proxy URL. For example, if `TOWER_SERVER_URL=https://example.com` and `CONNECT_PROXY_URL=https://connect.example.com`, the certificate must secure both `example.com` and `*.example.com`. + - `alb.ingress.kubernetes.io/load-balancer-attributes`: The attributes of the ALB Load Balancer used in your installation. + ::: + +1. Generate an RSA public/private key pair. A key size of at least 2048 bits is recommended. In the following example, the `openssl` command is used to generate the key pair: ```bash openssl genrsa -out private.pem 2048 openssl rsa -pubout -in private.pem -out public.pem ``` -1. Download the [data-studios-rsa.pem](./_templates/docker/data-studios-rsa.pem) file and replace its contents with the content of your private and public key files (private key on top, public key directly beneath it). +1. Download the [data-studios-rsa.pem](./_templates/docker/data-studios-rsa.pem) file and replace its contents with the content of your private and public key files created in the previous step, in the same order (private key on top, public key directly beneath it). 1. Apply a base64 encoding to the PEM file: @@ -77,12 +94,12 @@ Refer to the [Studios installation overview](./install-studios) for prerequisite 1. Edit the `tower-svc.yml` file and uncomment the `volumes.cert-volume`, `volumeMounts.cert-volume`, and `env.TOWER_OIDC_PEM_PATH` fields. -1. Edit the ConfigMap named `platform-backend-cfg` in the `configmap.yml`: +1. Edit the ConfigMap named `platform-backend-cfg` in the `configmap.yml` by changing the following environment variables: - - `TOWER_DATA_STUDIO_CONNECT_URL`: The URL of the Studios connect proxy (e.g., `https://connect.example.com/`). + - `TOWER_DATA_STUDIO_CONNECT_URL`: The URL of the Studios connect proxy, such as `https://connect.example.com/`. - `TOWER_OIDC_REGISTRATION_INITIAL_ACCESS_TOKEN`: The same value as the `oidc_registration_token` value created previously. -1. Edit the ConfigMap named `tower-yml` in the `configmap.yml`: +1. Edit the ConfigMap named `tower-yml` in the `configmap.yml` and include the following snippet: ```yaml data: @@ -92,27 +109,44 @@ Refer to the [Studios installation overview](./install-studios) for prerequisite allowed-workspaces: null ``` + Alternatively, you can specify a comma-separated list of workspace IDs to enable Studios only on those workspaces. + + ```yaml + tower: + data-studio: + allowed-workspaces: [12345,67890] + ``` + 1. Apply the updated configuration: ```bash kubectl apply -f configmap.yml + ``` + +1. Apply the configuration change to Platform: + + ```bash kubectl apply -f tower-svc.yml ``` -1. Restart the cron and backend services: +1. Restart the cron service of your deployment to load the updated configuration. For example: ```bash - kubectl rollout restart deployment/backend deployment/cron + kubectl rollout restart deployment/cron ``` -1. Apply the Studios manifests: +1. Restart the Platform backend service of your deployment to load the updated configuration. For example: ```bash - kubectl apply -f ingress.aks.yml proxy.yml server.yml + kubectl rollout restart deployment/backend ``` -1. Verify Studios is available by logging into Seqera and navigating to an organizational workspace. The **Studios** tab should be displayed. +1. Apply the Studios manifests: + + ```bash + kubectl apply -f ingress.eks.yml proxy.yml server.yml + ``` -## Configuration + It can take several minutes for Kubernetes to apply your changes, during which new pods are rolled out. -See [Studios deployment](./studios) for DNS configuration, workspace availability, and environment image options. +1. To confirm that Studios is available, log into Seqera and navigate to an organizational workspace that has Studios enabled. The **Studios** tab should be displayed in the sidebar. diff --git a/platform-enterprise_docs/enterprise/studios.md b/platform-enterprise_docs/enterprise/studios.md deleted file mode 100644 index 961dae449..000000000 --- a/platform-enterprise_docs/enterprise/studios.md +++ /dev/null @@ -1,279 +0,0 @@ ---- -title: "Studios" -description: Deploy Seqera Platform with Studios -date created: "2025-03-17" -last updated: "2025-12-05" -tags: [docker, compose, kubernetes, studios, deployment] ---- - -Enable Studios as part of your Seqera Platform Enterprise instance. You must have Data Explorer enabled to use Studios. AWS, Azure, and GCP public clouds are currently supported. - -## Prerequisites - -Before you begin, you need: -- A running Seqera Platform Enterprise Docker Compose deployment -- A wildcard TLS certificate for your domain (e.g., `*.example.com`) -- A wildcard DNS record (e.g., `*.example.com`) -- A Redis 7 instance separate from the one used by Seqera Platform - -## DNS configuration - -Each Studio is reachable at a unique URL that includes a randomly generated subdomain name. For example: `https://abcd.example.com/`, where `example.com` is your Seqera base domain name. - -Provide a wildcard TLS certificate to allow for uniquely generated subdomains. A wildcard certificate common name includes `*.` in the domain name, such as `*.example.com`, thereby securing any subdomain name at this level. - -:::info -If your Enterprise deployment requires non-wildcard SSL certificates, enable path-based routing for Studios. This changes the dynamic subdomain used for each Studio session to a fixed subdomain with path-based routing. - -- When `TOWER_DATA_STUDIO_ENABLE_PATH_ROUTING` is omitted, empty, or `false`: - - https://a1234abc.connect.cloud.seqera.io/ - - https://a5678abcd.connect.cloud.seqera.io/ - -- When `TOWER_DATA_STUDIO_ENABLE_PATH_ROUTING=true`: - - https://connect.connect.cloud.seqera.io/_studio/a1234abc - - https://connect.connect.cloud.seqera.io/_studio/a5678abcd - -Path-based routing is only available from Seqera Platform version 25.2 and the latest Connect server and clients. It is supported for Visual Studio Code, JupyterLab, and R-IDE container template images. It is not supported for the Xpra container template image. -::: - -Studios uses the following set of domains and subdomains: - -- The domain that you set for `TOWER_SERVER_URL`, such as `example.com`. -- A wildcard subdomain that you must configure specifically for Studios. This wildcard subdomain is the parent for each unique session URL, such as `abcd.example.com`. -- The connection proxy, defined by `CONNECT_PROXY_URL`. This URL is a first-level subdomain of your `TOWER_SERVER_URL`. For example, `https://connect.example.com`. - -## Studios workspace availability - -You can configure which organizational workspaces have access to Studios. This configuration is set in the `tower.yml` file. The `tower.data-studio.allowed-workspaces` field supports the following options: - -- `allowed-workspaces: []`: Disables Studios. This is the default if the `allowed-workspaces` field is not specified. -- `allowed-workspaces: [ , ]`: Enables Studios for the comma-separated list of organizational workspace IDs. -- `allowed-workspaces: null`: Enables Studios for all organizational workspaces. - -## Available Studio environment images - -Each of the provided environments includes a particular version of the underlying software package and the version of Seqera Connect, an integrated web- and file-server. - -To quickly identify which version of the software an image includes, the version string for each container is in the form of `-`. For example, if the version string for the R-IDE is `2025.04.1-0.9`, version `2025.04.01` is the R-IDE version and `0.9` is the Connect version of this Seqera-built container image. Learn more about Studios [environment versioning](../studios/container-images). - -- To see the list of all JupyterLab image templates available, including security scan results or to inspect the container specification (including container specifications, configuration, and manifest), see [public.cr.seqera.io/repo/platform/data-studio-jupyter][ds-jupyter]. -- To see the list of all R-IDE image templates available, including security scan results or to inspect the container specification (including container specifications, configuration, and manifest), see [https://public.cr.seqera.io/repo/platform/data-studio-ride][ds-ride]. -- To see the list of all Visual Studio Code image templates available, including security scan results or to inspect the container specification (including container specifications, configuration, and manifest), see [public.cr.seqera.io/platform/data-studio-vscode][ds-vscode]. -- To see the list of all Xpra image templates available, including security scan results or to inspect the container specification (including container specifications, configuration, and manifest), see [public.cr.seqera.io/repo/platform/data-studio-xpra][ds-xpra]. - -## Docker Compose - -This guide assumes that all services will be run in the same container as the rest of your Seqera Platform services. - -If you were using Studios prior to GA (v25.1) please review the `tower.env` file and make sure you are using the latest version which includes a new variable `TOWER_DATA_STUDIO_TEMPLATES__TOOL`. This variable needs to be added to the default/Seqera-provided Studio templates: - -`TOWER_DATA_STUDIO_TEMPLATES__TOOL: ''` - -The `TEMPLATE_KEY` can be any string, but the `TOOL_NAME` has to be the template name (`jupyter`/`vscode`/`rstudio`/`xpra`). - -You can also check the current template configuration using `https://towerurl/api/studios/templates?workspaceId=`. The response should include the `TOOL` configuration and template name (`jupyter`/`vscode`/`rstudio`/`xpra`) - not `custom`. - -### Prerequisites - -- Allow inbound traffic to port 9090 on the EC2 instance -- Allow traffic on port 9090 through the AWS LB (Load Balancer) -- An AWS Route53 wildcard DNS record, such as `*.` -- Execute `mkdir 777 $HOME/.tower/connect` to create a folder that will be mounted to `connect-proxy` and used to store metadata. - -### Procedure - -1. Download the Studios [environment configuration file](./_templates/docker/data-studios.env). -1. Create an initial OIDC registration token, which can be any secure random string. For example, using openssl: - - ``` - oidc_registration_token=$(openssl rand -base64 32 | tr -d /=+ | cut -c -32) - ``` - -1. Generate an RSA public/private key pair. A key size of at least 2048 bits is recommended. For example, use `openssl` to generate the key pair: - - ```shell - openssl genrsa -out private.pem 2048 - openssl rsa -pubout -in private.pem -out public.pem - ``` -1. Download the [data-studios-rsa.pem](./_templates/docker/data-studios-rsa.pem) file and replace its contents with the content of your private and public key files, in the same order (private key on top, public key directly beneath it). Save the file as `data-studios-rsa.pem`, in the same directory as your `docker-compose.yml` file. -1. Open the `docker-compose.yml` and uncomment the volume mount for the PEM key file for the `backend` and `cron` services in the `volumes` list. Your PEM file must be named `data-studios-rsa.pem`. - - ```yaml - volumes: - - $PWD/tower.yml:/tower.yml - # An RSA key is required for Studios functionality. Uncomment the line below to mount the key. - #- $PWD/data-studios-rsa.pem:/data-studios-rsa.pem - ``` - -1. Open `data-studios.env` in an editor, and make the following changes: - - 1. Uncomment the `connect-proxy` and `connect-server` services. - 1. Set the following environment variables: - - `PLATFORM_URL`: The same value assigned to `TOWER_SERVER_URL`. For example, `https://example.com`. - - `CONNECT_PROXY_URL`: A URL for the connect proxy subdomain. We recommend you set a first-level subdomain of your `PLATFORM_URL` for your connect proxy. For example, `https://connect.example.com`. - - `CONNECT_OIDC_CLIENT_REGISTRATION_TOKEN`: The same value set in the `oidc_registration_token` environment variable. - -1. Open `tower.env` in an editor and set the following variables: - - - `TOWER_DATA_EXPLORER_ENABLED`: Set `true` to enable Data Explorer. You must enable Data Explorer to mount data inside a Studio. - - `TOWER_DATA_STUDIO_CONNECT_URL`: The URL of the Studios connect proxy, such as `https://connect.example.com/`. - - `TOWER_OIDC_REGISTRATION_INITIAL_ACCESS_TOKEN`: The same value set in the `oidc_registration_token` environment variable. - - `TOWER_OIDC_PEM_PATH`: The file path to a PEM certificate used for signing the OIDC tokens for the OpenID connect provider, mounted as a volume inside the container. - -1. Edit the `tower.yml` file and include the following snippet to enable Studios in all organization workspaces: - - ```yaml - tower: - data-studio: - allowed-workspaces: null - ``` - -1. Start your Platform instance: `docker compose -d up`. -1. Confirm that the Platform containers are running: - - ``` - docker ps - ``` - -1. To confirm that Studios is available, log in to your Platform instance and navigate to an organizational workspace that has Studios enabled. The **Studios** tab is included with the available tabs. - -## Kubernetes - -This procedure describes how to configure Studios for Seqera Enterprise deployments in Kubernetes. If you were using Studios prior to GA (v25.1) please review the `configmap.yaml` file and make sure you are using the latest version which includes a new variable `TOWER_DATA_STUDIO_TEMPLATES__TOOL`. This variable needs to be added to the default/Seqera-provided Studio templates: - -`TOWER_DATA_STUDIO_TEMPLATES__TOOL: ''` - -The `TEMPLATE_KEY` can be any string, but the `TOOL_NAME` has to be the template name (`jupyter`/`vscode`/`rstudio`/`xpra`). - -You can also check the current template configuration using `https://towerurl/api/studios/templates?workspaceId=`. The response should include the `TOOL` configuration and template name (`jupyter`/`vscode`/`rstudio`/`xpra`) - not `custom`. - -### Procedure - -1. Download the Kubernetes manifests for the Studios service: - - - [Proxy](./_templates/k8s/data_studios/proxy.yml) - - [Server](./_templates/k8s/data_studios/server.yml) - -1. Change your Kubernetes context to the namespace where your Platform instance runs: - - ``` - kubectl config set-context --current --namespace= - ``` - -1. Edit the `server.yml` file and set the `CONNECT_REDIS_ADDRESS` environment variable to the hostname or IP address of the Redis server configured for Platform. -1. Create an initial OIDC registration token, which can be any secure random string. For example, using openssl: - - ``` - oidc_registration_token=$(openssl rand -base64 32 | tr -d /=+ | cut -c -32) - ``` - -1. Edit the `proxy.yml` file and set the following variables: - - - `CONNECT_REDIS_ADDRESS`: The hostname or IP address of the Redis server configured for Seqera. - - `CONNECT_PROXY_URL`: A URL for the connect proxy subdomain. We recommend you set a first-level subdomain of your installation's domain (`PLATFORM_URL` below) for your connect proxy, to be able to use the same wildcard TLS certificate for all session URLs and avoid additional domain nesting. For example, `https://connect.example.com`. - - `PLATFORM_URL`: The base URL for your installation, such as `https://example.com/`. - - `CONNECT_OIDC_CLIENT_REGISTRATION_TOKEN`: The same value as the `oidc_registration_token` value created previously. - -1. Edit your `ingress.eks.yml` file: - - - Uncomment the `host` section at the bottom of the file. - - Replace `` with the base domain of your installation. For example, `example.com`. - - :::note - This assumes that you have an existing Seqera ingress already configured with the following fields: - - - `alb.ingress.kubernetes.io/certificate-arn`: The ARN of a wildcard TLS certificate that secures your URL and connect proxy URL. For example, if `TOWER_SERVER_URL=https://example.com` and `CONNECT_PROXY_URL=https://connect.example.com`, the certificate must secure both `example.com` and `*.example.com`. - - `alb.ingress.kubernetes.io/load-balancer-attributes`: The attributes of the ALB Load Balancer used in your installation. - ::: - -1. Generate an RSA public/private key pair. A key size of at least 2048 bits is recommended. In the following example, the `openssl` command is used to generate the key pair: - - ```shell - openssl genrsa -out private.pem 2048 - openssl rsa -pubout -in private.pem -out public.pem - ``` - -1. Download the [data-studios-rsa.pem](./_templates/docker/data-studios-rsa.pem) file and replace its contents with the content of your private and public key files created in the previous step, in the same order (private key on top, public key directly beneath it). - -1. Apply a base64 encoding to the PEM file that you created in the previous step: - - ``` - base64_pem=$(cat data-studios-rsa.pem | base64 -w0) - ``` - -1. Create a secret file named `secret.yml` and set the `oidc.pem` key by pasting the contents of the base64-encoded public/private key pair: - - ```yaml - apiVersion: v1 - kind: Secret - metadata: - name: platform-oidc-certs - namespace: platform-stage - data: - oidc.pem: - ``` - -1. Create the secret: - - ``` - kubectl apply -f secret.yml - ``` - -1. Edit the `tower-svc.yml` file and uncomment the `volumes.cert-volume`, `volumeMounts.cert-volume`, and `env.TOWER_OIDC_PEM_PATH` fields so that the public/private key pair is available to Platform. -1. Edit the ConfigMap named `platform-backend-cfg` in the `configmap.yml` by changing the following environment variables: - - - `TOWER_DATA_STUDIO_CONNECT_URL`: The URL of the Studios connect proxy, such as `https://connect.example.com/`. - - `TOWER_OIDC_REGISTRATION_INITIAL_ACCESS_TOKEN`: The same value as the `oidc_registration_token` value created previously. - -1. Edit the ConfigMap named `tower-yml` in the `configmap.yml` and include the following snippet: - - ```yaml - data: - tower.yml: |- - tower: - data-studio: - allowed-workspaces: null - ``` - -1. Apply the updated configuration: - - ``` - kubectl apply -f configmap.yml - ``` - -1. Apply the configuration change to Platform: - - ``` - kubectl apply -f tower-svc.yml - ``` - -1. Restart the cron service of your deployment to load the updated configuration. For example: - - ``` - kubectl delete -f tower-cron.yml - kubectl apply -f tower-cron.yml - ``` - - -1. Restart the backend service of your deployment to load the updated configuration. For example: - - ``` - kubectl scale --replicas=0 deployment/backend - kubectl scale --replicas=1 deployment/backend - ``` - -1. Apply the Studios manifests: - - ``` - kubectl apply -f ingress.aks.yml proxy.yml server.yml - ``` - - It can take several minutes for Kubernetes to apply your changes, during which new pods are rolled out. - -1. To confirm that Studios is available, log into Seqera and navigate to an organizational workspace that has Studios enabled. The **Studios** tab should be displayed in the sidebar. - -{/* links */} -[ds-jupyter]: https://public.cr.seqera.io/repo/platform/data-studio-jupyter -[ds-ride]: https://public.cr.seqera.io/repo/platform/data-studio-ride -[ds-vscode]: https://public.cr.seqera.io/repo/platform/data-studio-vscode -[ds-xpra]: https://public.cr.seqera.io/repo/platform/data-studio-xpra From 08b6bda268941f7da1fb07341469b183726f2f67 Mon Sep 17 00:00:00 2001 From: Alberto Chiusole Date: Mon, 2 Feb 2026 15:22:20 +0100 Subject: [PATCH 03/20] Update ingress mention and warning, make it more cloud-agnostic --- .../enterprise/install-studios.md | 4 ++-- .../enterprise/studios-kubernetes.md | 13 +++++-------- 2 files changed, 7 insertions(+), 10 deletions(-) diff --git a/platform-enterprise_docs/enterprise/install-studios.md b/platform-enterprise_docs/enterprise/install-studios.md index c373eb9b8..bc9167e4a 100644 --- a/platform-enterprise_docs/enterprise/install-studios.md +++ b/platform-enterprise_docs/enterprise/install-studios.md @@ -20,8 +20,8 @@ Studios provides interactive analysis environments within Seqera Platform. Deplo Before you begin, you need: - A running Seqera Platform Enterprise deployment at hostname `example.com` or `platform.example.com` - A Redis 7 instance separate from the one used by Seqera Platform -- TLS certificates for the Studios service `connect.example.com` and its wildcard Studios subdomains `*.connect.example.com` - * A single certificate covering both entries can be used, or separate certificates +- TLS certificates for the Studios subdomains `*.connect.example.com` + * A single certificate covering both Platform and Studios subdomains can be used; if preferring to use separate certificates, you may need to configure a separate ingress when working with plain Kubernetes manifests (the Studios Helm chart already uses separate ingresses) * The studios subdomain must share the same "root domain" with the Platform installation, for example with platform installed at `example.com` or `platform.example.com`, Studios can be installed at: - `connect.example.com` or using another name such as `studios.example.com` - `connect.platform.example.com` diff --git a/platform-enterprise_docs/enterprise/studios-kubernetes.md b/platform-enterprise_docs/enterprise/studios-kubernetes.md index e9cdd143f..bfce2ea07 100644 --- a/platform-enterprise_docs/enterprise/studios-kubernetes.md +++ b/platform-enterprise_docs/enterprise/studios-kubernetes.md @@ -47,16 +47,15 @@ You can also check the current template configuration using `https://towerurl/ap - `PLATFORM_URL`: The base URL for your installation (e.g., `https://platform.example.com/` or `https://example.com/`). - `CONNECT_OIDC_CLIENT_REGISTRATION_TOKEN`: The same value as the `oidc_registration_token` value created previously. -1. Edit your `ingress.eks.yml` file: +1. Edit the `ingress..yml` file appropriate for your Kubernetes environment: - Uncomment the `host` section at the bottom of the file. - Replace `` with the base domain of your installation. :::note - This assumes that you have an existing Seqera ingress already configured with the following fields: + In the case you're using AWS EKS, this assumes that you have an existing Seqera ingress already configured with the following fields: - - `alb.ingress.kubernetes.io/certificate-arn`: The ARN of a wildcard TLS certificate that secures your URL and connect proxy URL. For example, if `TOWER_SERVER_URL=https://example.com` and `CONNECT_PROXY_URL=https://connect.example.com`, the certificate must secure both `example.com` and `*.example.com`. - - `alb.ingress.kubernetes.io/load-balancer-attributes`: The attributes of the ALB Load Balancer used in your installation. + - `alb.ingress.kubernetes.io/certificate-arn`: The ARN of a wildcard TLS certificate that secures the Platform URL and connect proxy URL. For example, if `TOWER_SERVER_URL=https://example.com` and `CONNECT_PROXY_URL=https://connect.example.com`, the certificate must secure `example.com`, and `*.example.com` at the same time; otherwise, you may need to create a second ingress resource specifically for Studios. ::: 1. Generate an RSA public/private key pair. A key size of at least 2048 bits is recommended. In the following example, the `openssl` command is used to generate the key pair: @@ -141,12 +140,10 @@ You can also check the current template configuration using `https://towerurl/ap kubectl rollout restart deployment/backend ``` -1. Apply the Studios manifests: +1. Apply the updated ingress file and the Studios manifests: ```bash - kubectl apply -f ingress.eks.yml proxy.yml server.yml + kubectl apply -f ingress..yml proxy.yml server.yml ``` - It can take several minutes for Kubernetes to apply your changes, during which new pods are rolled out. - 1. To confirm that Studios is available, log into Seqera and navigate to an organizational workspace that has Studios enabled. The **Studios** tab should be displayed in the sidebar. From 7e5ee3de1086f1cbd51aed56ac8a81fe41e77885 Mon Sep 17 00:00:00 2001 From: Alberto Chiusole Date: Mon, 2 Feb 2026 15:30:20 +0100 Subject: [PATCH 04/20] Fix sidebar --- platform-enterprise_docs/enterprise-sidebar.json | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/platform-enterprise_docs/enterprise-sidebar.json b/platform-enterprise_docs/enterprise-sidebar.json index fc9dad008..06840c438 100644 --- a/platform-enterprise_docs/enterprise-sidebar.json +++ b/platform-enterprise_docs/enterprise-sidebar.json @@ -33,9 +33,9 @@ "id": "enterprise/install-studios" }, "items": [ + "enterprise/studios-helm", "enterprise/studios-kubernetes", - "enterprise/studios-docker-compose", - "enterprise/studios" + "enterprise/studios-docker-compose" ] }, { @@ -47,6 +47,7 @@ "id": "enterprise/install-groundswell" }, "items": [ + "enterprise/groundswell-helm", "enterprise/groundswell-kubernetes", "enterprise/groundswell-docker-compose", "enterprise/configuration/pipeline_optimization" From 78422c536d7cc5c145a9f1f834ce05f7deff3fcb Mon Sep 17 00:00:00 2001 From: Alberto Chiusole Date: Mon, 2 Feb 2026 17:02:10 +0100 Subject: [PATCH 05/20] Backport studios and groundswell helm + docs reorg to v25.3 --- .../enterprise/groundswell-helm.md | 29 ++ .../enterprise/install-groundswell.md | 3 +- .../enterprise/install-platform.md | 11 +- .../enterprise/install-studios.md | 76 ++++- .../enterprise/studios-docker-compose.md | 35 ++- .../version-25.3/enterprise/studios-helm.md | 29 ++ .../enterprise/studios-kubernetes.md | 66 +++-- .../version-25.3/enterprise/studios.md | 277 ------------------ 8 files changed, 206 insertions(+), 320 deletions(-) create mode 100644 platform-enterprise_versioned_docs/version-25.3/enterprise/groundswell-helm.md create mode 100644 platform-enterprise_versioned_docs/version-25.3/enterprise/studios-helm.md delete mode 100644 platform-enterprise_versioned_docs/version-25.3/enterprise/studios.md diff --git a/platform-enterprise_versioned_docs/version-25.3/enterprise/groundswell-helm.md b/platform-enterprise_versioned_docs/version-25.3/enterprise/groundswell-helm.md new file mode 100644 index 000000000..0c9753a03 --- /dev/null +++ b/platform-enterprise_versioned_docs/version-25.3/enterprise/groundswell-helm.md @@ -0,0 +1,29 @@ +--- +title: "Pipeline Optimization: Helm" +description: Deploy Pipeline Optimization Enterprise on Kubernetes with Helm +date created: "2026-01-30" +tags: [helm, deployment, installation, kubernetes, pipeline-optimization] +--- + +[Helm](https://helm.sh) is an open-source command line tool used for managing Kubernetes applications. Seqera offers a [Helm chart](https://github.com/seqeralabs/helm-charts/tree/pipeline-optimization-0.2.4/platform/charts/pipeline-optimization) to deploy Pipeline Optimization Enterprise on a Kubernetes cluster. + +Refer to the [Pipeline Optimization installation overview](./install-pipeline-optimization) for prerequisites and configuration options. + +For generic instructions on how to install Seqera Helm charts, refer to the Seqera Platform Enterprise installation guide [using Helm](./platform-helm). + +## Installation as part of Seqera Platform Enterprise + +The Pipeline Optimization Helm chart has been designed as a sub-chart of the main Seqera Platform Enterprise Helm +chart, but can optionally be installed independently like the Platform chart. + +To install Pipeline Optimization as part of your Seqera Platform Enterprise deployment, make sure the +`pipeline-optimization.enabled` value in your custom Platform's `values.yaml` file is set to `true`: + +```yaml +pipeline-optimization: + enabled: true +``` + +At the same time, configure the desired Pipeline Optimization options as described in the [Pipeline Optimization Helm chart documentation](https://github.com/seqeralabs/helm-charts/tree/pipeline-optimization-0.2.4/platform/charts/pipeline-optimization), in particular the Pipeline Optimization and Platform databases. Also refer to the [example](https://github.com/seqeralabs/helm-charts/tree/pipeline-optimization-0.2.4/platform/examples/pipeline-optimization) provided in the Helm charts repository. + +Then, follow the instructions in the Seqera Platform Enterprise installation guide [using Helm](./platform-helm) to install or upgrade your Platform deployment with Pipeline Optimization. diff --git a/platform-enterprise_versioned_docs/version-25.3/enterprise/install-groundswell.md b/platform-enterprise_versioned_docs/version-25.3/enterprise/install-groundswell.md index ce899648e..39656839f 100644 --- a/platform-enterprise_versioned_docs/version-25.3/enterprise/install-groundswell.md +++ b/platform-enterprise_versioned_docs/version-25.3/enterprise/install-groundswell.md @@ -11,8 +11,9 @@ Pipeline resource optimization (Groundswell) uses resource usage data from previ | Method | Guide | | :----- | :---- | -| Docker Compose | [Pipeline optimization: Docker Compose](./groundswell-docker-compose) | +| Helm | [Pipeline optimization: Helm](./groundswell-helm) | | Kubernetes | [Pipeline optimization: Kubernetes](./groundswell-kubernetes) | +| Docker Compose | [Pipeline optimization: Docker Compose](./groundswell-docker-compose) | ## Prerequisites diff --git a/platform-enterprise_versioned_docs/version-25.3/enterprise/install-platform.md b/platform-enterprise_versioned_docs/version-25.3/enterprise/install-platform.md index e060f1fd8..f50e70c15 100644 --- a/platform-enterprise_versioned_docs/version-25.3/enterprise/install-platform.md +++ b/platform-enterprise_versioned_docs/version-25.3/enterprise/install-platform.md @@ -1,7 +1,8 @@ --- title: "Platform" description: Install Seqera Platform Enterprise -date: "12 Apr 2023" +date created: "2023-04-12" +last updated: "2026-01-30" tags: [installation, deployment] --- @@ -11,9 +12,9 @@ Seqera Platform Enterprise can be deployed using Docker Compose, Kubernetes, or | Method | Use case | | :----- | :------- | -| [Docker Compose](./platform-docker-compose) | Evaluation, development, small production workloads | -| [Kubernetes](./platform-kubernetes) | Production workloads requiring high availability | | [Helm](./platform-helm) | Kubernetes deployments using Helm charts | +| [Kubernetes](./platform-kubernetes) | Production workloads requiring high availability | +| [Docker Compose](./platform-docker-compose) | Evaluation, development, small production workloads | ## Prerequisites @@ -21,4 +22,8 @@ Before you begin, you need: - A MySQL 8 database - A Redis 7 instance +:::note +MySQL 8 is the only supported database version from Seqera Enterprise version 23.4 onwards. MySQL 5.6 and 5.7 are not supported. +::: + See each deployment guide for detailed requirements. diff --git a/platform-enterprise_versioned_docs/version-25.3/enterprise/install-studios.md b/platform-enterprise_versioned_docs/version-25.3/enterprise/install-studios.md index 3c61f946e..bc9167e4a 100644 --- a/platform-enterprise_versioned_docs/version-25.3/enterprise/install-studios.md +++ b/platform-enterprise_versioned_docs/version-25.3/enterprise/install-studios.md @@ -11,17 +11,81 @@ Studios provides interactive analysis environments within Seqera Platform. Deplo | Method | Guide | | :----- | :---- | -| Docker Compose | [Studios: Docker Compose](./studios-docker-compose) | +| Helm | [Studios: Helm](./studios-helm) | | Kubernetes | [Studios: Kubernetes](./studios-kubernetes) | +| Docker Compose | [Studios: Docker Compose](./studios-docker-compose) | ## Prerequisites Before you begin, you need: -- A running Seqera Platform Enterprise deployment +- A running Seqera Platform Enterprise deployment at hostname `example.com` or `platform.example.com` - A Redis 7 instance separate from the one used by Seqera Platform -- TLS certificates for the Studios service and Studios subdomains (you can use a single certificate covering both or separate certificates) -- A wildcard DNS record +- TLS certificates for the Studios subdomains `*.connect.example.com` + * A single certificate covering both Platform and Studios subdomains can be used; if preferring to use separate certificates, you may need to configure a separate ingress when working with plain Kubernetes manifests (the Studios Helm chart already uses separate ingresses) + * The studios subdomain must share the same "root domain" with the Platform installation, for example with platform installed at `example.com` or `platform.example.com`, Studios can be installed at: + - `connect.example.com` or using another name such as `studios.example.com` + - `connect.platform.example.com` + - `connect.another.subdomain.example.com` +- A wildcard DNS record covering the Studios subdomains, e.g., `*.connect.example.com` +- Data Explorer enabled in your Seqera Platform instance (automatic with Helm deployments) + +## DNS Configuration + +Each Studio is reachable at a unique URL that includes a randomly generated subdomain name. For example: `https://abcd.connect.example.com/`, where `connect.example.com` is the Studios service domain. + +Provide a wildcard TLS certificate to allow for uniquely generated subdomains. A wildcard certificate common name includes `*.` in the domain name, such as `*.connect.example.com`, thereby securing any subdomain name at this level. + +Studios uses the following set of domains and subdomains: + +- The Platform domain that you set for `TOWER_SERVER_URL`, such as `example.com`. +- A wildcard subdomain that you must configure specifically for Studios. This wildcard subdomain is the parent for each unique session URL, such as `abcd.connect.example.com`. +- The connection proxy, defined by `CONNECT_PROXY_URL`. This URL is a first-level subdomain of your `TOWER_SERVER_URL`. For example, `https://connect.example.com`. + +## Studios workspace availability + +You can configure which organizational workspaces have access to Studios. This configuration is set in the `tower.yml` file. The `tower.data-studio.allowed-workspaces` field supports the following options: + +- `allowed-workspaces: []`: Disables Studios. This is the default if the `allowed-workspaces` field is not specified. +- `allowed-workspaces: [ , ]`: Enables Studios for the comma-separated list of organizational workspace IDs. +- `allowed-workspaces: null`: Enables Studios for all organizational workspaces. + +In the Platform Helm chart, set the desired configuration in the `platform.YAMLConfigFileContent` field. For example, to enable Studios for workspaces 12345 and 67890: + +```yaml +platform: + YAMLConfigFileContent: |- + tower: + data-studio: + allowed-workspaces: [12345,67890] +``` + +## Available Studios environment images + +Each of the provided environments includes a particular version of the underlying software package and the version of Seqera Connect, an integrated web- and file-server. + +To quickly identify which version of the software an image includes, the version string for each container is in the form of `-`. For example, if the version string for the R-IDE is `2025.04.1-0.9`, version `2025.04.01` is the R-IDE version and `0.9` is the Connect version of this Seqera-built container image. Learn more about Studios [environment versioning](../studios/container-images). + +- To see the list of all JupyterLab image templates available, including security scan results or to inspect the container specification (including container specifications, configuration, and manifest), see [public.cr.seqera.io/repo/platform/data-studio-jupyter][ds-jupyter]. +- To see the list of all R-IDE image templates available, including security scan results or to inspect the container specification (including container specifications, configuration, and manifest), see [https://public.cr.seqera.io/repo/platform/data-studio-ride][ds-ride]. +- To see the list of all Visual Studio Code image templates available, including security scan results or to inspect the container specification (including container specifications, configuration, and manifest), see [public.cr.seqera.io/platform/data-studio-vscode][ds-vscode]. +- To see the list of all Xpra image templates available, including security scan results or to inspect the container specification (including container specifications, configuration, and manifest), see [public.cr.seqera.io/repo/platform/data-studio-xpra][ds-xpra]. + +## Path-based routing configuration + +If your Enterprise deployment requires non-wildcard SSL certificates, enable path-based routing for Studios. This changes the dynamic subdomain used for each Studios session to a fixed subdomain with path-based routing. + +- When `TOWER_DATA_STUDIO_ENABLE_PATH_ROUTING` is omitted, empty, or `false`, the Studios session URLs use unique subdomains: + - https://a1234abc.connect.cloud.seqera.io/ + - https://a5678abcd.connect.cloud.seqera.io/ + +- When `TOWER_DATA_STUDIO_ENABLE_PATH_ROUTING=true`, the Studios session URLs use path-based routing: + - https://connect.connect.cloud.seqera.io/_studio/a1234abc + - https://connect.connect.cloud.seqera.io/_studio/a5678abcd -## Configuration +Path-based routing is only available from Seqera Platform version 25.2 and the latest Connect server and clients. It is supported for Visual Studio Code, JupyterLab, and R-IDE container template images. It is not supported for the Xpra container template image. -See [Studios](./studios) for DNS configuration, workspace availability, and environment image options. +{/* links */} +[ds-jupyter]: https://public.cr.seqera.io/repo/platform/data-studio-jupyter +[ds-ride]: https://public.cr.seqera.io/repo/platform/data-studio-ride +[ds-vscode]: https://public.cr.seqera.io/repo/platform/data-studio-vscode +[ds-xpra]: https://public.cr.seqera.io/repo/platform/data-studio-xpra diff --git a/platform-enterprise_versioned_docs/version-25.3/enterprise/studios-docker-compose.md b/platform-enterprise_versioned_docs/version-25.3/enterprise/studios-docker-compose.md index 1545ab384..4ef752acf 100644 --- a/platform-enterprise_versioned_docs/version-25.3/enterprise/studios-docker-compose.md +++ b/platform-enterprise_versioned_docs/version-25.3/enterprise/studios-docker-compose.md @@ -7,14 +7,7 @@ tags: [docker, compose, studios, deployment] This guide describes how to deploy Studios for Seqera Platform Enterprise with Docker Compose. -## Prerequisites - -Before you begin, you need: -- A running Seqera Platform Enterprise Docker Compose deployment -- A wildcard TLS certificate for your domain (e.g., `*.example.com`) -- A wildcard DNS record (e.g., `*.example.com`) -- Inbound traffic allowed on port 9090 -- Traffic on port 9090 through your load balancer +Refer to the [Studios installation overview](./install-studios) for prerequisites and configuration options. ## Procedure @@ -53,7 +46,7 @@ Before you begin, you need: 1. Open `data-studios.env` and set the following: - Uncomment the `connect-proxy` and `connect-server` services. - - `PLATFORM_URL`: The same value as `TOWER_SERVER_URL` (e.g., `https://example.com`). + - `PLATFORM_URL`: The same value as `TOWER_SERVER_URL` (e.g., `https://platform.example.com/` or `https://example.com/`). - `CONNECT_PROXY_URL`: A URL for the connect proxy subdomain (e.g., `https://connect.example.com`). - `CONNECT_OIDC_CLIENT_REGISTRATION_TOKEN`: The same value as `oidc_registration_token`. @@ -64,7 +57,7 @@ Before you begin, you need: - `TOWER_OIDC_REGISTRATION_INITIAL_ACCESS_TOKEN`: The same value as `oidc_registration_token`. - `TOWER_OIDC_PEM_PATH`: The file path to the PEM certificate (e.g., `/data-studios-rsa.pem`). -1. Edit `tower.yml` to enable Studios: +1. Edit the `tower.yml` file and include the following snippet to enable Studios in all workspaces in your Platform instance: ```yaml tower: @@ -72,14 +65,30 @@ Before you begin, you need: allowed-workspaces: null ``` + Alternatively, you can specify a comma-separated list of workspace IDs to enable Studios only on those workspaces. + + ```yaml + tower: + data-studio: + allowed-workspaces: [12345,67890] + ``` + 1. Start your Platform instance: ```bash docker compose up -d ``` -1. Verify Studios is available by logging into Seqera and navigating to an organizational workspace. The **Studios** tab should be displayed. +1. To confirm that Studios is available, log in to your Platform instance and navigate to an organizational workspace that has Studios enabled. The **Studios** tab is included with the available tabs. + +## Tool Configuration + +This guide assumes that all services will be run in the same container as the rest of your Seqera Platform services. + +If you were using Studios prior to GA (v25.1) please review the `tower.env` file and make sure you are using the latest version which includes a new variable `TOWER_DATA_STUDIO_TEMPLATES__TOOL`. This variable needs to be added to the default/Seqera-provided Studio templates: + +`TOWER_DATA_STUDIO_TEMPLATES__TOOL: ''` -## Configuration +The `TEMPLATE_KEY` can be any string, but the `TOOL_NAME` has to be the template name (`jupyter`/`vscode`/`rstudio`/`xpra`). -See [Studios deployment](./studios) for DNS configuration, workspace availability, and environment image options. +You can also check the current template configuration using `https://towerurl/api/studios/templates?workspaceId=`. The response should include the `TOOL` configuration and template name (`jupyter`/`vscode`/`rstudio`/`xpra`) - not `custom`. diff --git a/platform-enterprise_versioned_docs/version-25.3/enterprise/studios-helm.md b/platform-enterprise_versioned_docs/version-25.3/enterprise/studios-helm.md new file mode 100644 index 000000000..62668a47f --- /dev/null +++ b/platform-enterprise_versioned_docs/version-25.3/enterprise/studios-helm.md @@ -0,0 +1,29 @@ +--- +title: "Studios: Helm" +description: Deploy Studios Enterprise on Kubernetes with Helm +date created: "2026-01-30" +tags: [helm, deployment, installation, kubernetes, studios] +--- + +[Helm](https://helm.sh) is an open-source command line tool used for managing Kubernetes applications. Seqera offers a [Helm chart](https://github.com/seqeralabs/helm-charts/tree/studios-1.1.3/platform/charts/studios) to deploy Studios Enterprise on a Kubernetes cluster. + +Refer to the [Studios installation overview](./install-studios) for prerequisites and configuration options. + +For generic instructions on how to install Seqera Helm charts, refer to the Seqera Platform Enterprise installation guide [using Helm](./platform-helm). + +## Installation as part of Seqera Platform Enterprise + +The Studios Helm chart has been designed as a sub-chart of the main Seqera Platform Enterprise Helm +chart, but can optionally be installed independently like the Platform chart. + +To install Studios as part of your Seqera Platform Enterprise deployment, make sure the +`studios.enabled` value in your custom Platform's `values.yaml` file is set to `true`: + +```yaml +studios: + enabled: true +``` + +At the same time, configure the desired Studios options as described in the [Studios Helm chart documentation](https://github.com/seqeralabs/helm-charts/tree/studios-1.1.3/platform/charts/studios), in particular the Studios service domain and the subdomains that it will use for incoming connections. Also refer to the [example](https://github.com/seqeralabs/helm-charts/tree/studios-1.1.3/platform/examples/studios) provided in the Helm charts repository. + +Then, follow the instructions in the Seqera Platform Enterprise installation guide [using Helm](./platform-helm) to install or upgrade your Platform deployment with Studios. diff --git a/platform-enterprise_versioned_docs/version-25.3/enterprise/studios-kubernetes.md b/platform-enterprise_versioned_docs/version-25.3/enterprise/studios-kubernetes.md index 779e688cb..bfce2ea07 100644 --- a/platform-enterprise_versioned_docs/version-25.3/enterprise/studios-kubernetes.md +++ b/platform-enterprise_versioned_docs/version-25.3/enterprise/studios-kubernetes.md @@ -7,12 +7,17 @@ tags: [kubernetes, studios, deployment] This guide describes how to deploy Studios for Seqera Platform Enterprise on Kubernetes. -## Prerequisites +Refer to the [Studios installation overview](./install-studios) for prerequisites and configuration options. -Before you begin, you need: -- A running Seqera Platform Enterprise Kubernetes deployment -- A wildcard TLS certificate for your domain (e.g., `*.example.com`) -- A wildcard DNS record (e.g., `*.example.com`) +## Tool configuration + +This procedure describes how to configure Studios for Seqera Enterprise deployments in Kubernetes. If you were using Studios prior to GA (v25.1) please review the `configmap.yaml` file and make sure you are using the latest version which includes a new variable `TOWER_DATA_STUDIO_TEMPLATES__TOOL`. This variable needs to be added to the default/Seqera-provided Studio templates: + +`TOWER_DATA_STUDIO_TEMPLATES__TOOL: ''` + +The `TEMPLATE_KEY` can be any string, but the `TOOL_NAME` has to be the template name (`jupyter`/`vscode`/`rstudio`/`xpra`). + +You can also check the current template configuration using `https://towerurl/api/studios/templates?workspaceId=`. The response should include the `TOOL` configuration and template name (`jupyter`/`vscode`/`rstudio`/`xpra`) - not `custom`. ## Procedure @@ -29,7 +34,7 @@ Before you begin, you need: 1. Edit the `server.yml` file and set the `CONNECT_REDIS_ADDRESS` environment variable to the hostname or IP address of the Redis server configured for Platform. -1. Create an initial OIDC registration token: +1. Create an initial OIDC registration token, which can be any secure random string. For example, using openssl: ```bash oidc_registration_token=$(openssl rand -base64 32 | tr -d /=+ | cut -c -32) @@ -39,22 +44,28 @@ Before you begin, you need: - `CONNECT_REDIS_ADDRESS`: The hostname or IP address of the Redis server configured for Seqera. - `CONNECT_PROXY_URL`: A URL for the connect proxy subdomain (e.g., `https://connect.example.com`). - - `PLATFORM_URL`: The base URL for your installation (e.g., `https://example.com/`). + - `PLATFORM_URL`: The base URL for your installation (e.g., `https://platform.example.com/` or `https://example.com/`). - `CONNECT_OIDC_CLIENT_REGISTRATION_TOKEN`: The same value as the `oidc_registration_token` value created previously. -1. Edit your `ingress.eks.yml` file: +1. Edit the `ingress..yml` file appropriate for your Kubernetes environment: - Uncomment the `host` section at the bottom of the file. - Replace `` with the base domain of your installation. -1. Generate an RSA public/private key pair: + :::note + In the case you're using AWS EKS, this assumes that you have an existing Seqera ingress already configured with the following fields: + + - `alb.ingress.kubernetes.io/certificate-arn`: The ARN of a wildcard TLS certificate that secures the Platform URL and connect proxy URL. For example, if `TOWER_SERVER_URL=https://example.com` and `CONNECT_PROXY_URL=https://connect.example.com`, the certificate must secure `example.com`, and `*.example.com` at the same time; otherwise, you may need to create a second ingress resource specifically for Studios. + ::: + +1. Generate an RSA public/private key pair. A key size of at least 2048 bits is recommended. In the following example, the `openssl` command is used to generate the key pair: ```bash openssl genrsa -out private.pem 2048 openssl rsa -pubout -in private.pem -out public.pem ``` -1. Download the [data-studios-rsa.pem](./_templates/docker/data-studios-rsa.pem) file and replace its contents with the content of your private and public key files (private key on top, public key directly beneath it). +1. Download the [data-studios-rsa.pem](./_templates/docker/data-studios-rsa.pem) file and replace its contents with the content of your private and public key files created in the previous step, in the same order (private key on top, public key directly beneath it). 1. Apply a base64 encoding to the PEM file: @@ -82,12 +93,12 @@ Before you begin, you need: 1. Edit the `tower-svc.yml` file and uncomment the `volumes.cert-volume`, `volumeMounts.cert-volume`, and `env.TOWER_OIDC_PEM_PATH` fields. -1. Edit the ConfigMap named `platform-backend-cfg` in the `configmap.yml`: +1. Edit the ConfigMap named `platform-backend-cfg` in the `configmap.yml` by changing the following environment variables: - - `TOWER_DATA_STUDIO_CONNECT_URL`: The URL of the Studios connect proxy (e.g., `https://connect.example.com/`). + - `TOWER_DATA_STUDIO_CONNECT_URL`: The URL of the Studios connect proxy, such as `https://connect.example.com/`. - `TOWER_OIDC_REGISTRATION_INITIAL_ACCESS_TOKEN`: The same value as the `oidc_registration_token` value created previously. -1. Edit the ConfigMap named `tower-yml` in the `configmap.yml`: +1. Edit the ConfigMap named `tower-yml` in the `configmap.yml` and include the following snippet: ```yaml data: @@ -97,27 +108,42 @@ Before you begin, you need: allowed-workspaces: null ``` + Alternatively, you can specify a comma-separated list of workspace IDs to enable Studios only on those workspaces. + + ```yaml + tower: + data-studio: + allowed-workspaces: [12345,67890] + ``` + 1. Apply the updated configuration: ```bash kubectl apply -f configmap.yml + ``` + +1. Apply the configuration change to Platform: + + ```bash kubectl apply -f tower-svc.yml ``` -1. Restart the cron and backend services: +1. Restart the cron service of your deployment to load the updated configuration. For example: ```bash - kubectl rollout restart deployment/backend deployment/cron + kubectl rollout restart deployment/cron ``` -1. Apply the Studios manifests: +1. Restart the Platform backend service of your deployment to load the updated configuration. For example: ```bash - kubectl apply -f ingress.aks.yml proxy.yml server.yml + kubectl rollout restart deployment/backend ``` -1. Verify Studios is available by logging into Seqera and navigating to an organizational workspace. The **Studios** tab should be displayed. +1. Apply the updated ingress file and the Studios manifests: -## Configuration + ```bash + kubectl apply -f ingress..yml proxy.yml server.yml + ``` -See [Studios deployment](./studios) for DNS configuration, workspace availability, and environment image options. +1. To confirm that Studios is available, log into Seqera and navigate to an organizational workspace that has Studios enabled. The **Studios** tab should be displayed in the sidebar. diff --git a/platform-enterprise_versioned_docs/version-25.3/enterprise/studios.md b/platform-enterprise_versioned_docs/version-25.3/enterprise/studios.md deleted file mode 100644 index e7e932218..000000000 --- a/platform-enterprise_versioned_docs/version-25.3/enterprise/studios.md +++ /dev/null @@ -1,277 +0,0 @@ ---- -title: "Studios" -description: Deploy Seqera Platform with Studios -date created: "2025-03-17" -last updated: "2025-12-05" -tags: [docker, compose, kubernetes, studios, deployment] ---- - -Enable Studios as part of your Seqera Platform Enterprise instance. You must have Data Explorer enabled to use Studios. AWS, Azure, and GCP public clouds are currently supported. - -:::caution -You must upgrade your Seqera Enterprise installation to version 25.1 to enable and configure Studios. -::: - -Studios requires a Redis 7 instance separate from the one used by Seqera Platform. - -## DNS configuration - -Each Studio is reachable at a unique URL that includes a randomly generated subdomain name. For example: `https://abcd.example.com/`, where `example.com` is your Seqera base domain name. - -Provide a wildcard TLS certificate to allow for uniquely generated subdomains. A wildcard certificate common name includes `*.` in the domain name, such as `*.example.com`, thereby securing any subdomain name at this level. - -:::info -If your Enterprise deployment requires non-wildcard SSL certificates, enable path-based routing for Studios. This changes the dynamic subdomain used for each Studio session to a fixed subdomain with path-based routing. - -- When `TOWER_DATA_STUDIO_ENABLE_PATH_ROUTING` is omitted, empty, or `false`: - - https://a1234abc.connect.cloud.seqera.io/ - - https://a5678abcd.connect.cloud.seqera.io/ - -- When `TOWER_DATA_STUDIO_ENABLE_PATH_ROUTING=true`: - - https://connect.connect.cloud.seqera.io/_studio/a1234abc - - https://connect.connect.cloud.seqera.io/_studio/a5678abcd - -Path-based routing is only available from Seqera Platform version 25.2 and the latest Connect server and clients. It is supported for Visual Studio Code, JupyterLab, and R-IDE container template images. It is not supported for the Xpra container template image. -::: - -Studios uses the following set of domains and subdomains: - -- The domain that you set for `TOWER_SERVER_URL`, such as `example.com`. -- A wildcard subdomain that you must configure specifically for Studios. This wildcard subdomain is the parent for each unique session URL, such as `abcd.example.com`. -- The connection proxy, defined by `CONNECT_PROXY_URL`. This URL is a first-level subdomain of your `TOWER_SERVER_URL`. For example, `https://connect.example.com`. - -## Studios workspace availability - -You can configure which organizational workspaces have access to Studios. This configuration is set in the `tower.yml` file. The `tower.data-studio.allowed-workspaces` field supports the following options: - -- `allowed-workspaces: []`: Disables Studios. This is the default if the `allowed-workspaces` field is not specified. -- `allowed-workspaces: [ , ]`: Enables Studios for the comma-separated list of organizational workspace IDs. -- `allowed-workspaces: null`: Enables Studios for all organizational workspaces. - -## Available Studio environment images - -Each of the provided environments includes a particular version of the underlying software package and the version of Seqera Connect, an integrated web- and file-server. - -To quickly identify which version of the software an image includes, the version string for each container is in the form of `-`. For example, if the version string for the R-IDE is `2025.04.1-0.9`, version `2025.04.01` is the R-IDE version and `0.9` is the Connect version of this Seqera-built container image. Learn more about Studios [environment versioning](../studios/container-images). - -- To see the list of all JupyterLab image templates available, including security scan results or to inspect the container specification (including container specifications, configuration, and manifest), see [public.cr.seqera.io/repo/platform/data-studio-jupyter][ds-jupyter]. -- To see the list of all R-IDE image templates available, including security scan results or to inspect the container specification (including container specifications, configuration, and manifest), see [https://public.cr.seqera.io/repo/platform/data-studio-ride][ds-ride]. -- To see the list of all Visual Studio Code image templates available, including security scan results or to inspect the container specification (including container specifications, configuration, and manifest), see [public.cr.seqera.io/platform/data-studio-vscode][ds-vscode]. -- To see the list of all Xpra image templates available, including security scan results or to inspect the container specification (including container specifications, configuration, and manifest), see [public.cr.seqera.io/repo/platform/data-studio-xpra][ds-xpra]. - -## Docker Compose - -This guide assumes that all services will be run in the same container as the rest of your Seqera Platform services. - -If you were using Studios prior to GA (v25.1) please review the `tower.env` file and make sure you are using the latest version which includes a new variable `TOWER_DATA_STUDIO_TEMPLATES__TOOL`. This variable needs to be added to the default/Seqera-provided Studio templates: - -`TOWER_DATA_STUDIO_TEMPLATES__TOOL: ''` - -The `TEMPLATE_KEY` can be any string, but the `TOOL_NAME` has to be the template name (`jupyter`/`vscode`/`rstudio`/`xpra`). - -You can also check the current template configuration using `https://towerurl/api/studios/templates?workspaceId=`. The response should include the `TOOL` configuration and template name (`jupyter`/`vscode`/`rstudio`/`xpra`) - not `custom`. - -### Prerequisites - -- Allow inbound traffic to port 9090 on the EC2 instance -- Allow traffic on port 9090 through the AWS LB (Load Balancer) -- An AWS Route53 wildcard DNS record, such as `*.` -- Execute `mkdir 777 $HOME/.tower/connect` to create a folder that will be mounted to `connect-proxy` and used to store metadata. - -### Procedure - -1. Download the Studios [environment configuration file](./_templates/docker/data-studios.env). -1. Create an initial OIDC registration token, which can be any secure random string. For example, using openssl: - - ``` - oidc_registration_token=$(openssl rand -base64 32 | tr -d /=+ | cut -c -32) - ``` - -1. Generate an RSA public/private key pair. A key size of at least 2048 bits is recommended. For example, use `openssl` to generate the key pair: - - ```shell - openssl genrsa -out private.pem 2048 - openssl rsa -pubout -in private.pem -out public.pem - ``` -1. Download the [data-studios-rsa.pem](./_templates/docker/data-studios-rsa.pem) file and replace its contents with the content of your private and public key files, in the same order (private key on top, public key directly beneath it). Save the file as `data-studios-rsa.pem`, in the same directory as your `docker-compose.yml` file. -1. Open the `docker-compose.yml` and uncomment the volume mount for the PEM key file for the `backend` and `cron` services in the `volumes` list. Your PEM file must be named `data-studios-rsa.pem`. - - ```yaml - volumes: - - $PWD/tower.yml:/tower.yml - # An RSA key is required for Studios functionality. Uncomment the line below to mount the key. - #- $PWD/data-studios-rsa.pem:/data-studios-rsa.pem - ``` - -1. Open `data-studios.env` in an editor, and make the following changes: - - 1. Uncomment the `connect-proxy` and `connect-server` services. - 1. Set the following environment variables: - - `PLATFORM_URL`: The same value assigned to `TOWER_SERVER_URL`. For example, `https://example.com`. - - `CONNECT_PROXY_URL`: A URL for the connect proxy subdomain. We recommend you set a first-level subdomain of your `PLATFORM_URL` for your connect proxy. For example, `https://connect.example.com`. - - `CONNECT_OIDC_CLIENT_REGISTRATION_TOKEN`: The same value set in the `oidc_registration_token` environment variable. - -1. Open `tower.env` in an editor and set the following variables: - - - `TOWER_DATA_EXPLORER_ENABLED`: Set `true` to enable Data Explorer. You must enable Data Explorer to mount data inside a Studio. - - `TOWER_DATA_STUDIO_CONNECT_URL`: The URL of the Studios connect proxy, such as `https://connect.example.com/`. - - `TOWER_OIDC_REGISTRATION_INITIAL_ACCESS_TOKEN`: The same value set in the `oidc_registration_token` environment variable. - - `TOWER_OIDC_PEM_PATH`: The file path to a PEM certificate used for signing the OIDC tokens for the OpenID connect provider, mounted as a volume inside the container. - -1. Edit the `tower.yml` file and include the following snippet to enable Studios in all organization workspaces: - - ```yaml - tower: - data-studio: - allowed-workspaces: null - ``` - -1. Start your Platform instance: `docker compose -d up`. -1. Confirm that the Platform containers are running: - - ``` - docker ps - ``` - -1. To confirm that Studios is available, log in to your Platform instance and navigate to an organizational workspace that has Studios enabled. The **Studios** tab is included with the available tabs. - -## Kubernetes - -This procedure describes how to configure Studios for Seqera Enterprise deployments in Kubernetes. If you were using Studios prior to GA (v25.1) please review the `configmap.yaml` file and make sure you are using the latest version which includes a new variable `TOWER_DATA_STUDIO_TEMPLATES__TOOL`. This variable needs to be added to the default/Seqera-provided Studio templates: - -`TOWER_DATA_STUDIO_TEMPLATES__TOOL: ''` - -The `TEMPLATE_KEY` can be any string, but the `TOOL_NAME` has to be the template name (`jupyter`/`vscode`/`rstudio`/`xpra`). - -You can also check the current template configuration using `https://towerurl/api/studios/templates?workspaceId=`. The response should include the `TOOL` configuration and template name (`jupyter`/`vscode`/`rstudio`/`xpra`) - not `custom`. - -### Procedure - -1. Download the Kubernetes manifests for the Studios service: - - - [Proxy](./_templates/k8s/data_studios/proxy.yml) - - [Server](./_templates/k8s/data_studios/server.yml) - -1. Change your Kubernetes context to the namespace where your Platform instance runs: - - ``` - kubectl config set-context --current --namespace= - ``` - -1. Edit the `server.yml` file and set the `CONNECT_REDIS_ADDRESS` environment variable to the hostname or IP address of the Redis server configured for Platform. -1. Create an initial OIDC registration token, which can be any secure random string. For example, using openssl: - - ``` - oidc_registration_token=$(openssl rand -base64 32 | tr -d /=+ | cut -c -32) - ``` - -1. Edit the `proxy.yml` file and set the following variables: - - - `CONNECT_REDIS_ADDRESS`: The hostname or IP address of the Redis server configured for Seqera. - - `CONNECT_PROXY_URL`: A URL for the connect proxy subdomain. We recommend you set a first-level subdomain of your installation's domain (`PLATFORM_URL` below) for your connect proxy, to be able to use the same wildcard TLS certificate for all session URLs and avoid additional domain nesting. For example, `https://connect.example.com`. - - `PLATFORM_URL`: The base URL for your installation, such as `https://example.com/`. - - `CONNECT_OIDC_CLIENT_REGISTRATION_TOKEN`: The same value as the `oidc_registration_token` value created previously. - -1. Edit your `ingress.eks.yml` file: - - - Uncomment the `host` section at the bottom of the file. - - Replace `` with the base domain of your installation. For example, `example.com`. - - :::note - This assumes that you have an existing Seqera ingress already configured with the following fields: - - - `alb.ingress.kubernetes.io/certificate-arn`: The ARN of a wildcard TLS certificate that secures your URL and connect proxy URL. For example, if `TOWER_SERVER_URL=https://example.com` and `CONNECT_PROXY_URL=https://connect.example.com`, the certificate must secure both `example.com` and `*.example.com`. - - `alb.ingress.kubernetes.io/load-balancer-attributes`: The attributes of the ALB Load Balancer used in your installation. - ::: - -1. Generate an RSA public/private key pair. A key size of at least 2048 bits is recommended. In the following example, the `openssl` command is used to generate the key pair: - - ```shell - openssl genrsa -out private.pem 2048 - openssl rsa -pubout -in private.pem -out public.pem - ``` - -1. Download the [data-studios-rsa.pem](./_templates/docker/data-studios-rsa.pem) file and replace its contents with the content of your private and public key files created in the previous step, in the same order (private key on top, public key directly beneath it). - -1. Apply a base64 encoding to the PEM file that you created in the previous step: - - ``` - base64_pem=$(cat data-studios-rsa.pem | base64 -w0) - ``` - -1. Create a secret file named `secret.yml` and set the `oidc.pem` key by pasting the contents of the base64-encoded public/private key pair: - - ```yaml - apiVersion: v1 - kind: Secret - metadata: - name: platform-oidc-certs - namespace: platform-stage - data: - oidc.pem: - ``` - -1. Create the secret: - - ``` - kubectl apply -f secret.yml - ``` - -1. Edit the `tower-svc.yml` file and uncomment the `volumes.cert-volume`, `volumeMounts.cert-volume`, and `env.TOWER_OIDC_PEM_PATH` fields so that the public/private key pair is available to Platform. -1. Edit the ConfigMap named `platform-backend-cfg` in the `configmap.yml` by changing the following environment variables: - - - `TOWER_DATA_STUDIO_CONNECT_URL`: The URL of the Studios connect proxy, such as `https://connect.example.com/`. - - `TOWER_OIDC_REGISTRATION_INITIAL_ACCESS_TOKEN`: The same value as the `oidc_registration_token` value created previously. - -1. Edit the ConfigMap named `tower-yml` in the `configmap.yml` and include the following snippet: - - ```yaml - data: - tower.yml: |- - tower: - data-studio: - allowed-workspaces: null - ``` - -1. Apply the updated configuration: - - ``` - kubectl apply -f configmap.yml - ``` - -1. Apply the configuration change to Platform: - - ``` - kubectl apply -f tower-svc.yml - ``` - -1. Restart the cron service of your deployment to load the updated configuration. For example: - - ``` - kubectl delete -f tower-cron.yml - kubectl apply -f tower-cron.yml - ``` - - -1. Restart the backend service of your deployment to load the updated configuration. For example: - - ``` - kubectl scale --replicas=0 deployment/backend - kubectl scale --replicas=1 deployment/backend - ``` - -1. Apply the Studios manifests: - - ``` - kubectl apply -f ingress.aks.yml proxy.yml server.yml - ``` - - It can take several minutes for Kubernetes to apply your changes, during which new pods are rolled out. - -1. To confirm that Studios is available, log into Seqera and navigate to an organizational workspace that has Studios enabled. The **Studios** tab should be displayed in the sidebar. - -{/* links */} -[ds-jupyter]: https://public.cr.seqera.io/repo/platform/data-studio-jupyter -[ds-ride]: https://public.cr.seqera.io/repo/platform/data-studio-ride -[ds-vscode]: https://public.cr.seqera.io/repo/platform/data-studio-vscode -[ds-xpra]: https://public.cr.seqera.io/repo/platform/data-studio-xpra From 58943e794a907edb15dd894b68dd517fea0d7aba Mon Sep 17 00:00:00 2001 From: Alberto Chiusole Date: Tue, 3 Feb 2026 10:31:58 +0100 Subject: [PATCH 06/20] Fix sidebars for v25.x --- .../version-25.1-sidebars.json | 5 +++-- .../version-25.2-sidebars.json | 5 +++-- .../version-25.3-sidebars.json | 5 +++-- 3 files changed, 9 insertions(+), 6 deletions(-) diff --git a/platform-enterprise_versioned_sidebars/version-25.1-sidebars.json b/platform-enterprise_versioned_sidebars/version-25.1-sidebars.json index 30f529b90..3c203cb2f 100644 --- a/platform-enterprise_versioned_sidebars/version-25.1-sidebars.json +++ b/platform-enterprise_versioned_sidebars/version-25.1-sidebars.json @@ -33,9 +33,9 @@ "id": "enterprise/install-studios" }, "items": [ + "enterprise/studios-helm", "enterprise/studios-kubernetes", - "enterprise/studios-docker-compose", - "enterprise/studios" + "enterprise/studios-docker-compose" ] }, { @@ -47,6 +47,7 @@ "id": "enterprise/install-groundswell" }, "items": [ + "enterprise/groundswell-helm", "enterprise/groundswell-kubernetes", "enterprise/groundswell-docker-compose", "enterprise/configuration/pipeline_optimization" diff --git a/platform-enterprise_versioned_sidebars/version-25.2-sidebars.json b/platform-enterprise_versioned_sidebars/version-25.2-sidebars.json index 324f14e0c..d53c88332 100644 --- a/platform-enterprise_versioned_sidebars/version-25.2-sidebars.json +++ b/platform-enterprise_versioned_sidebars/version-25.2-sidebars.json @@ -33,9 +33,9 @@ "id": "enterprise/install-studios" }, "items": [ + "enterprise/studios-helm", "enterprise/studios-kubernetes", - "enterprise/studios-docker-compose", - "enterprise/studios" + "enterprise/studios-docker-compose" ] }, { @@ -47,6 +47,7 @@ "id": "enterprise/install-groundswell" }, "items": [ + "enterprise/groundswell-helm", "enterprise/groundswell-kubernetes", "enterprise/groundswell-docker-compose", "enterprise/configuration/pipeline_optimization" diff --git a/platform-enterprise_versioned_sidebars/version-25.3-sidebars.json b/platform-enterprise_versioned_sidebars/version-25.3-sidebars.json index bca2773da..c54560345 100644 --- a/platform-enterprise_versioned_sidebars/version-25.3-sidebars.json +++ b/platform-enterprise_versioned_sidebars/version-25.3-sidebars.json @@ -33,9 +33,9 @@ "id": "enterprise/install-studios" }, "items": [ + "enterprise/studios-helm", "enterprise/studios-kubernetes", - "enterprise/studios-docker-compose", - "enterprise/studios" + "enterprise/studios-docker-compose" ] }, { @@ -47,6 +47,7 @@ "id": "enterprise/install-groundswell" }, "items": [ + "enterprise/groundswell-helm", "enterprise/groundswell-kubernetes", "enterprise/groundswell-docker-compose", "enterprise/configuration/pipeline_optimization" From 581070cf2f09da06b04706783071a89d764f2728 Mon Sep 17 00:00:00 2001 From: Alberto Chiusole Date: Tue, 3 Feb 2026 11:15:58 +0100 Subject: [PATCH 07/20] Consolidate product requirements in each /install-* page --- .../enterprise/groundswell-docker-compose.md | 5 ++--- platform-enterprise_docs/enterprise/groundswell-helm.md | 6 ++++-- .../enterprise/groundswell-kubernetes.md | 6 +++--- platform-enterprise_docs/enterprise/install-groundswell.md | 6 +++++- platform-enterprise_docs/enterprise/install-platform.md | 4 ++-- platform-enterprise_docs/enterprise/install-studios.md | 2 ++ .../enterprise/platform-docker-compose.md | 4 +--- platform-enterprise_docs/enterprise/platform-helm.md | 4 +--- platform-enterprise_docs/enterprise/platform-kubernetes.md | 5 ++--- .../enterprise/studios-docker-compose.md | 5 ++++- platform-enterprise_docs/enterprise/studios-helm.md | 6 ++++-- platform-enterprise_docs/enterprise/studios-kubernetes.md | 6 +++++- 12 files changed, 35 insertions(+), 24 deletions(-) diff --git a/platform-enterprise_docs/enterprise/groundswell-docker-compose.md b/platform-enterprise_docs/enterprise/groundswell-docker-compose.md index d9c33a29b..ba5a8ec1c 100644 --- a/platform-enterprise_docs/enterprise/groundswell-docker-compose.md +++ b/platform-enterprise_docs/enterprise/groundswell-docker-compose.md @@ -9,9 +9,8 @@ This guide describes how to deploy the pipeline resource optimization service (G ## Prerequisites -Before you begin, you need: -- A running Seqera Platform Enterprise Docker Compose deployment -- Access to your MySQL database +Other than the basic requirements [already listed in the Pipeline Optimization installation overview](./install-groundswell#prerequisites), you will need: +- Docker Engine and Docker Compose ## New installation diff --git a/platform-enterprise_docs/enterprise/groundswell-helm.md b/platform-enterprise_docs/enterprise/groundswell-helm.md index 0c9753a03..4bf998b62 100644 --- a/platform-enterprise_docs/enterprise/groundswell-helm.md +++ b/platform-enterprise_docs/enterprise/groundswell-helm.md @@ -7,9 +7,11 @@ tags: [helm, deployment, installation, kubernetes, pipeline-optimization] [Helm](https://helm.sh) is an open-source command line tool used for managing Kubernetes applications. Seqera offers a [Helm chart](https://github.com/seqeralabs/helm-charts/tree/pipeline-optimization-0.2.4/platform/charts/pipeline-optimization) to deploy Pipeline Optimization Enterprise on a Kubernetes cluster. -Refer to the [Pipeline Optimization installation overview](./install-pipeline-optimization) for prerequisites and configuration options. +## Prerequisites -For generic instructions on how to install Seqera Helm charts, refer to the Seqera Platform Enterprise installation guide [using Helm](./platform-helm). +Other than the basic requirements [already listed in the Pipeline Optimization installation overview](./install-groundswell#prerequisites), you will need: +- A Kubernetes cluster +- [Helm v3](https://helm.sh/docs/intro/install) and [kubectl](https://kubernetes.io/docs/tasks/tools/) installed locally ## Installation as part of Seqera Platform Enterprise diff --git a/platform-enterprise_docs/enterprise/groundswell-kubernetes.md b/platform-enterprise_docs/enterprise/groundswell-kubernetes.md index caf779bcf..7942d89cc 100644 --- a/platform-enterprise_docs/enterprise/groundswell-kubernetes.md +++ b/platform-enterprise_docs/enterprise/groundswell-kubernetes.md @@ -9,9 +9,9 @@ This guide describes how to deploy the pipeline resource optimization service (G ## Prerequisites -Before you begin, you need: -- A running Seqera Platform Enterprise Kubernetes deployment -- Access to your MySQL database +Other than the basic requirements [already listed in the Pipeline Optimization installation overview](./install-groundswell#prerequisites), you will need: +- A Kubernetes cluster +- [kubectl](https://kubernetes.io/docs/tasks/tools/) installed locally ## Procedure diff --git a/platform-enterprise_docs/enterprise/install-groundswell.md b/platform-enterprise_docs/enterprise/install-groundswell.md index 39656839f..0b369045b 100644 --- a/platform-enterprise_docs/enterprise/install-groundswell.md +++ b/platform-enterprise_docs/enterprise/install-groundswell.md @@ -15,11 +15,15 @@ Pipeline resource optimization (Groundswell) uses resource usage data from previ | Kubernetes | [Pipeline optimization: Kubernetes](./groundswell-kubernetes) | | Docker Compose | [Pipeline optimization: Docker Compose](./groundswell-docker-compose) | +See each deployment guide for detailed requirements. + ## Prerequisites Before you begin, you need: - A running Seqera Platform Enterprise deployment -- Access to your MySQL database +- A MySQL 8 database separate from the one used by Seqera Platform +- Access to the Seqera Enterprise MySQL database (Pipeline Optimization requires direct access to the Seqera database to read workflow execution data) + * Read-only access is sufficient ## Configuration diff --git a/platform-enterprise_docs/enterprise/install-platform.md b/platform-enterprise_docs/enterprise/install-platform.md index f50e70c15..8ee67a5f3 100644 --- a/platform-enterprise_docs/enterprise/install-platform.md +++ b/platform-enterprise_docs/enterprise/install-platform.md @@ -16,6 +16,8 @@ Seqera Platform Enterprise can be deployed using Docker Compose, Kubernetes, or | [Kubernetes](./platform-kubernetes) | Production workloads requiring high availability | | [Docker Compose](./platform-docker-compose) | Evaluation, development, small production workloads | +See each deployment guide for detailed requirements. + ## Prerequisites Before you begin, you need: @@ -25,5 +27,3 @@ Before you begin, you need: :::note MySQL 8 is the only supported database version from Seqera Enterprise version 23.4 onwards. MySQL 5.6 and 5.7 are not supported. ::: - -See each deployment guide for detailed requirements. diff --git a/platform-enterprise_docs/enterprise/install-studios.md b/platform-enterprise_docs/enterprise/install-studios.md index bc9167e4a..b208de951 100644 --- a/platform-enterprise_docs/enterprise/install-studios.md +++ b/platform-enterprise_docs/enterprise/install-studios.md @@ -15,6 +15,8 @@ Studios provides interactive analysis environments within Seqera Platform. Deplo | Kubernetes | [Studios: Kubernetes](./studios-kubernetes) | | Docker Compose | [Studios: Docker Compose](./studios-docker-compose) | +See each deployment guide for detailed requirements. + ## Prerequisites Before you begin, you need: diff --git a/platform-enterprise_docs/enterprise/platform-docker-compose.md b/platform-enterprise_docs/enterprise/platform-docker-compose.md index 31b229ca8..6fd24f45a 100644 --- a/platform-enterprise_docs/enterprise/platform-docker-compose.md +++ b/platform-enterprise_docs/enterprise/platform-docker-compose.md @@ -9,10 +9,8 @@ Docker Compose deployments are suitable for evaluation, development, and small p ## Prerequisites -Before you begin, you need: +Other than the basic requirements [already listed in the Platform installation overview](./install-platform#prerequisites), you will need: - Docker Engine and Docker Compose -- A MySQL 8 database -- A Redis 7 instance ## Container images diff --git a/platform-enterprise_docs/enterprise/platform-helm.md b/platform-enterprise_docs/enterprise/platform-helm.md index 38250ca1c..0bb2288fa 100644 --- a/platform-enterprise_docs/enterprise/platform-helm.md +++ b/platform-enterprise_docs/enterprise/platform-helm.md @@ -9,10 +9,8 @@ tags: [helm, deployment, installation, kubernetes] ## Prerequisites -Before you begin, you need: +Other than the basic requirements [already listed in the Platform installation overview](./install-platform#prerequisites), you will need: - A Kubernetes cluster -- A MySQL 8 database -- A Redis 7 instance - [Helm v3](https://helm.sh/docs/intro/install) and [kubectl](https://kubernetes.io/docs/tasks/tools/) installed locally ## Installing the Helm chart diff --git a/platform-enterprise_docs/enterprise/platform-kubernetes.md b/platform-enterprise_docs/enterprise/platform-kubernetes.md index e249b3848..5cbb89764 100644 --- a/platform-enterprise_docs/enterprise/platform-kubernetes.md +++ b/platform-enterprise_docs/enterprise/platform-kubernetes.md @@ -9,10 +9,9 @@ Kubernetes deployments are recommended for production workloads requiring high a ## Prerequisites -Before you begin, you need: +Other than the basic requirements [already listed in the Platform installation overview](./install-platform#prerequisites), you will need: - A Kubernetes cluster -- A MySQL 8 database -- A Redis 7 instance +- [kubectl](https://kubernetes.io/docs/tasks/tools/) installed locally ### Recommended resources diff --git a/platform-enterprise_docs/enterprise/studios-docker-compose.md b/platform-enterprise_docs/enterprise/studios-docker-compose.md index 4ef752acf..38dd77437 100644 --- a/platform-enterprise_docs/enterprise/studios-docker-compose.md +++ b/platform-enterprise_docs/enterprise/studios-docker-compose.md @@ -7,7 +7,10 @@ tags: [docker, compose, studios, deployment] This guide describes how to deploy Studios for Seqera Platform Enterprise with Docker Compose. -Refer to the [Studios installation overview](./install-studios) for prerequisites and configuration options. +## Prerequisites + +Other than the basic requirements [already listed in the Studios installation overview](./install-studios#prerequisites), you will need: +- Docker Engine and Docker Compose ## Procedure diff --git a/platform-enterprise_docs/enterprise/studios-helm.md b/platform-enterprise_docs/enterprise/studios-helm.md index 62668a47f..d90cfa999 100644 --- a/platform-enterprise_docs/enterprise/studios-helm.md +++ b/platform-enterprise_docs/enterprise/studios-helm.md @@ -7,9 +7,11 @@ tags: [helm, deployment, installation, kubernetes, studios] [Helm](https://helm.sh) is an open-source command line tool used for managing Kubernetes applications. Seqera offers a [Helm chart](https://github.com/seqeralabs/helm-charts/tree/studios-1.1.3/platform/charts/studios) to deploy Studios Enterprise on a Kubernetes cluster. -Refer to the [Studios installation overview](./install-studios) for prerequisites and configuration options. +## Prerequisites -For generic instructions on how to install Seqera Helm charts, refer to the Seqera Platform Enterprise installation guide [using Helm](./platform-helm). +Other than the basic requirements [already listed in the Studios installation overview](./install-studios#prerequisites), you will need: +- A Kubernetes cluster +- [Helm v3](https://helm.sh/docs/intro/install) and [kubectl](https://kubernetes.io/docs/tasks/tools/) installed locally ## Installation as part of Seqera Platform Enterprise diff --git a/platform-enterprise_docs/enterprise/studios-kubernetes.md b/platform-enterprise_docs/enterprise/studios-kubernetes.md index bfce2ea07..ae2a9a81a 100644 --- a/platform-enterprise_docs/enterprise/studios-kubernetes.md +++ b/platform-enterprise_docs/enterprise/studios-kubernetes.md @@ -7,7 +7,11 @@ tags: [kubernetes, studios, deployment] This guide describes how to deploy Studios for Seqera Platform Enterprise on Kubernetes. -Refer to the [Studios installation overview](./install-studios) for prerequisites and configuration options. +## Prerequisites + +Other than the basic requirements [already listed in the Studios installation overview](./install-studios#prerequisites), you will need: +- A Kubernetes cluster +- [kubectl](https://kubernetes.io/docs/tasks/tools/) installed locally ## Tool configuration From 188f182e7afa3dbb5f26fd7e5e69b41e92362d9d Mon Sep 17 00:00:00 2001 From: Alberto Chiusole Date: Tue, 3 Feb 2026 11:55:56 +0100 Subject: [PATCH 08/20] Backport changes to v25.x --- .../enterprise/overview.md | 2 +- .../enterprise/groundswell-docker-compose.md | 5 +- .../enterprise/groundswell-helm.md | 31 ++ .../enterprise/groundswell-kubernetes.md | 6 +- .../enterprise/install-groundswell.md | 9 +- .../enterprise/install-platform.md | 13 +- .../enterprise/install-studios.md | 64 +++- .../version-25.1/enterprise/overview.md | 3 +- .../enterprise/platform-docker-compose.md | 4 +- .../version-25.1/enterprise/platform-helm.md | 4 +- .../enterprise/platform-kubernetes.md | 5 +- .../enterprise/studios-docker-compose.md | 34 ++- .../version-25.1/enterprise/studios-helm.md | 31 ++ .../enterprise/studios-kubernetes.md | 68 +++-- .../version-25.1/enterprise/studios.md | 277 ------------------ .../enterprise/groundswell-docker-compose.md | 5 +- .../enterprise/groundswell-helm.md | 31 ++ .../enterprise/groundswell-kubernetes.md | 6 +- .../enterprise/install-groundswell.md | 9 +- .../enterprise/install-platform.md | 13 +- .../enterprise/install-studios.md | 78 ++++- .../version-25.2/enterprise/overview.md | 3 +- .../enterprise/platform-docker-compose.md | 4 +- .../version-25.2/enterprise/platform-helm.md | 4 +- .../enterprise/platform-kubernetes.md | 5 +- .../enterprise/studios-docker-compose.md | 34 ++- .../version-25.2/enterprise/studios-helm.md | 31 ++ .../enterprise/studios-kubernetes.md | 68 +++-- .../version-25.2/enterprise/studios.md | 277 ------------------ .../enterprise/groundswell-docker-compose.md | 5 +- .../enterprise/groundswell-helm.md | 6 +- .../enterprise/groundswell-kubernetes.md | 6 +- .../enterprise/install-groundswell.md | 6 +- .../enterprise/install-platform.md | 4 +- .../enterprise/install-studios.md | 2 + .../version-25.3/enterprise/overview.md | 3 +- .../enterprise/platform-docker-compose.md | 4 +- .../version-25.3/enterprise/platform-helm.md | 4 +- .../enterprise/platform-kubernetes.md | 5 +- .../enterprise/studios-docker-compose.md | 5 +- .../version-25.3/enterprise/studios-helm.md | 6 +- .../enterprise/studios-kubernetes.md | 6 +- 42 files changed, 490 insertions(+), 696 deletions(-) create mode 100644 platform-enterprise_versioned_docs/version-25.1/enterprise/groundswell-helm.md create mode 100644 platform-enterprise_versioned_docs/version-25.1/enterprise/studios-helm.md delete mode 100644 platform-enterprise_versioned_docs/version-25.1/enterprise/studios.md create mode 100644 platform-enterprise_versioned_docs/version-25.2/enterprise/groundswell-helm.md create mode 100644 platform-enterprise_versioned_docs/version-25.2/enterprise/studios-helm.md delete mode 100644 platform-enterprise_versioned_docs/version-25.2/enterprise/studios.md diff --git a/platform-enterprise_docs/enterprise/overview.md b/platform-enterprise_docs/enterprise/overview.md index 78e885393..c23f43498 100644 --- a/platform-enterprise_docs/enterprise/overview.md +++ b/platform-enterprise_docs/enterprise/overview.md @@ -36,7 +36,7 @@ Seqera Enterprise requires a Redis database for caching purposes. ### SQL database -Seqera requires a SQL database to persist user activities and state. The application has been tested against MySQL 8. [Contact Seqera support](https://support.seqera.io) if you need to use a different JDBC-compliant SQL database. +Seqera requires a SQL database to persist user activities and state. The application has been tested against MySQL 8.0. [Contact Seqera support](https://support.seqera.io) if you need to use a different JDBC-compliant SQL database. :::note From Seqera Enterprise version 23.4: diff --git a/platform-enterprise_versioned_docs/version-25.1/enterprise/groundswell-docker-compose.md b/platform-enterprise_versioned_docs/version-25.1/enterprise/groundswell-docker-compose.md index d9c33a29b..ba5a8ec1c 100644 --- a/platform-enterprise_versioned_docs/version-25.1/enterprise/groundswell-docker-compose.md +++ b/platform-enterprise_versioned_docs/version-25.1/enterprise/groundswell-docker-compose.md @@ -9,9 +9,8 @@ This guide describes how to deploy the pipeline resource optimization service (G ## Prerequisites -Before you begin, you need: -- A running Seqera Platform Enterprise Docker Compose deployment -- Access to your MySQL database +Other than the basic requirements [already listed in the Pipeline Optimization installation overview](./install-groundswell#prerequisites), you will need: +- Docker Engine and Docker Compose ## New installation diff --git a/platform-enterprise_versioned_docs/version-25.1/enterprise/groundswell-helm.md b/platform-enterprise_versioned_docs/version-25.1/enterprise/groundswell-helm.md new file mode 100644 index 000000000..4bf998b62 --- /dev/null +++ b/platform-enterprise_versioned_docs/version-25.1/enterprise/groundswell-helm.md @@ -0,0 +1,31 @@ +--- +title: "Pipeline Optimization: Helm" +description: Deploy Pipeline Optimization Enterprise on Kubernetes with Helm +date created: "2026-01-30" +tags: [helm, deployment, installation, kubernetes, pipeline-optimization] +--- + +[Helm](https://helm.sh) is an open-source command line tool used for managing Kubernetes applications. Seqera offers a [Helm chart](https://github.com/seqeralabs/helm-charts/tree/pipeline-optimization-0.2.4/platform/charts/pipeline-optimization) to deploy Pipeline Optimization Enterprise on a Kubernetes cluster. + +## Prerequisites + +Other than the basic requirements [already listed in the Pipeline Optimization installation overview](./install-groundswell#prerequisites), you will need: +- A Kubernetes cluster +- [Helm v3](https://helm.sh/docs/intro/install) and [kubectl](https://kubernetes.io/docs/tasks/tools/) installed locally + +## Installation as part of Seqera Platform Enterprise + +The Pipeline Optimization Helm chart has been designed as a sub-chart of the main Seqera Platform Enterprise Helm +chart, but can optionally be installed independently like the Platform chart. + +To install Pipeline Optimization as part of your Seqera Platform Enterprise deployment, make sure the +`pipeline-optimization.enabled` value in your custom Platform's `values.yaml` file is set to `true`: + +```yaml +pipeline-optimization: + enabled: true +``` + +At the same time, configure the desired Pipeline Optimization options as described in the [Pipeline Optimization Helm chart documentation](https://github.com/seqeralabs/helm-charts/tree/pipeline-optimization-0.2.4/platform/charts/pipeline-optimization), in particular the Pipeline Optimization and Platform databases. Also refer to the [example](https://github.com/seqeralabs/helm-charts/tree/pipeline-optimization-0.2.4/platform/examples/pipeline-optimization) provided in the Helm charts repository. + +Then, follow the instructions in the Seqera Platform Enterprise installation guide [using Helm](./platform-helm) to install or upgrade your Platform deployment with Pipeline Optimization. diff --git a/platform-enterprise_versioned_docs/version-25.1/enterprise/groundswell-kubernetes.md b/platform-enterprise_versioned_docs/version-25.1/enterprise/groundswell-kubernetes.md index caf779bcf..7942d89cc 100644 --- a/platform-enterprise_versioned_docs/version-25.1/enterprise/groundswell-kubernetes.md +++ b/platform-enterprise_versioned_docs/version-25.1/enterprise/groundswell-kubernetes.md @@ -9,9 +9,9 @@ This guide describes how to deploy the pipeline resource optimization service (G ## Prerequisites -Before you begin, you need: -- A running Seqera Platform Enterprise Kubernetes deployment -- Access to your MySQL database +Other than the basic requirements [already listed in the Pipeline Optimization installation overview](./install-groundswell#prerequisites), you will need: +- A Kubernetes cluster +- [kubectl](https://kubernetes.io/docs/tasks/tools/) installed locally ## Procedure diff --git a/platform-enterprise_versioned_docs/version-25.1/enterprise/install-groundswell.md b/platform-enterprise_versioned_docs/version-25.1/enterprise/install-groundswell.md index ce899648e..0b369045b 100644 --- a/platform-enterprise_versioned_docs/version-25.1/enterprise/install-groundswell.md +++ b/platform-enterprise_versioned_docs/version-25.1/enterprise/install-groundswell.md @@ -11,14 +11,19 @@ Pipeline resource optimization (Groundswell) uses resource usage data from previ | Method | Guide | | :----- | :---- | -| Docker Compose | [Pipeline optimization: Docker Compose](./groundswell-docker-compose) | +| Helm | [Pipeline optimization: Helm](./groundswell-helm) | | Kubernetes | [Pipeline optimization: Kubernetes](./groundswell-kubernetes) | +| Docker Compose | [Pipeline optimization: Docker Compose](./groundswell-docker-compose) | + +See each deployment guide for detailed requirements. ## Prerequisites Before you begin, you need: - A running Seqera Platform Enterprise deployment -- Access to your MySQL database +- A MySQL 8 database separate from the one used by Seqera Platform +- Access to the Seqera Enterprise MySQL database (Pipeline Optimization requires direct access to the Seqera database to read workflow execution data) + * Read-only access is sufficient ## Configuration diff --git a/platform-enterprise_versioned_docs/version-25.1/enterprise/install-platform.md b/platform-enterprise_versioned_docs/version-25.1/enterprise/install-platform.md index e060f1fd8..8ee67a5f3 100644 --- a/platform-enterprise_versioned_docs/version-25.1/enterprise/install-platform.md +++ b/platform-enterprise_versioned_docs/version-25.1/enterprise/install-platform.md @@ -1,7 +1,8 @@ --- title: "Platform" description: Install Seqera Platform Enterprise -date: "12 Apr 2023" +date created: "2023-04-12" +last updated: "2026-01-30" tags: [installation, deployment] --- @@ -11,9 +12,11 @@ Seqera Platform Enterprise can be deployed using Docker Compose, Kubernetes, or | Method | Use case | | :----- | :------- | -| [Docker Compose](./platform-docker-compose) | Evaluation, development, small production workloads | -| [Kubernetes](./platform-kubernetes) | Production workloads requiring high availability | | [Helm](./platform-helm) | Kubernetes deployments using Helm charts | +| [Kubernetes](./platform-kubernetes) | Production workloads requiring high availability | +| [Docker Compose](./platform-docker-compose) | Evaluation, development, small production workloads | + +See each deployment guide for detailed requirements. ## Prerequisites @@ -21,4 +24,6 @@ Before you begin, you need: - A MySQL 8 database - A Redis 7 instance -See each deployment guide for detailed requirements. +:::note +MySQL 8 is the only supported database version from Seqera Enterprise version 23.4 onwards. MySQL 5.6 and 5.7 are not supported. +::: diff --git a/platform-enterprise_versioned_docs/version-25.1/enterprise/install-studios.md b/platform-enterprise_versioned_docs/version-25.1/enterprise/install-studios.md index 3c61f946e..bb3e5b2c8 100644 --- a/platform-enterprise_versioned_docs/version-25.1/enterprise/install-studios.md +++ b/platform-enterprise_versioned_docs/version-25.1/enterprise/install-studios.md @@ -11,17 +11,69 @@ Studios provides interactive analysis environments within Seqera Platform. Deplo | Method | Guide | | :----- | :---- | -| Docker Compose | [Studios: Docker Compose](./studios-docker-compose) | +| Helm | [Studios: Helm](./studios-helm) | | Kubernetes | [Studios: Kubernetes](./studios-kubernetes) | +| Docker Compose | [Studios: Docker Compose](./studios-docker-compose) | + +See each deployment guide for detailed requirements. ## Prerequisites Before you begin, you need: -- A running Seqera Platform Enterprise deployment +- A running Seqera Platform Enterprise deployment at hostname `example.com` or `platform.example.com` - A Redis 7 instance separate from the one used by Seqera Platform -- TLS certificates for the Studios service and Studios subdomains (you can use a single certificate covering both or separate certificates) -- A wildcard DNS record +- TLS certificates for the Studios subdomains `*.connect.example.com` + * A single certificate covering both Platform and Studios subdomains can be used; if preferring to use separate certificates, you may need to configure a separate ingress when working with plain Kubernetes manifests (the Studios Helm chart already uses separate ingresses) + * The studios subdomain must share the same "root domain" with the Platform installation, for example with platform installed at `example.com` or `platform.example.com`, Studios can be installed at: + - `connect.example.com` or using another name such as `studios.example.com` + - `connect.platform.example.com` + - `connect.another.subdomain.example.com` +- A wildcard DNS record covering the Studios subdomains, e.g., `*.connect.example.com` +- Data Explorer enabled in your Seqera Platform instance (automatic with Helm deployments) + +## DNS Configuration + +Each Studio is reachable at a unique URL that includes a randomly generated subdomain name. For example: `https://abcd.connect.example.com/`, where `connect.example.com` is the Studios service domain. + +Provide a wildcard TLS certificate to allow for uniquely generated subdomains. A wildcard certificate common name includes `*.` in the domain name, such as `*.connect.example.com`, thereby securing any subdomain name at this level. + +Studios uses the following set of domains and subdomains: + +- The Platform domain that you set for `TOWER_SERVER_URL`, such as `example.com`. +- A wildcard subdomain that you must configure specifically for Studios. This wildcard subdomain is the parent for each unique session URL, such as `abcd.connect.example.com`. +- The connection proxy, defined by `CONNECT_PROXY_URL`. This URL is a first-level subdomain of your `TOWER_SERVER_URL`. For example, `https://connect.example.com`. + +## Studios workspace availability + +You can configure which organizational workspaces have access to Studios. This configuration is set in the `tower.yml` file. The `tower.data-studio.allowed-workspaces` field supports the following options: + +- `allowed-workspaces: []`: Disables Studios. This is the default if the `allowed-workspaces` field is not specified. +- `allowed-workspaces: [ , ]`: Enables Studios for the comma-separated list of organizational workspace IDs. +- `allowed-workspaces: null`: Enables Studios for all organizational workspaces. + +In the Platform Helm chart, set the desired configuration in the `platform.YAMLConfigFileContent` field. For example, to enable Studios for workspaces 12345 and 67890: + +```yaml +platform: + YAMLConfigFileContent: |- + tower: + data-studio: + allowed-workspaces: [12345,67890] +``` + +## Available Studios environment images + +Each of the provided environments includes a particular version of the underlying software package and the version of Seqera Connect, an integrated web- and file-server. + +To quickly identify which version of the software an image includes, the version string for each container is in the form of `-`. For example, if the version string for the R-IDE is `2025.04.1-0.9`, version `2025.04.01` is the R-IDE version and `0.9` is the Connect version of this Seqera-built container image. Learn more about Studios [environment versioning](../studios/container-images). -## Configuration +- To see the list of all JupyterLab image templates available, including security scan results or to inspect the container specification (including container specifications, configuration, and manifest), see [public.cr.seqera.io/repo/platform/data-studio-jupyter][ds-jupyter]. +- To see the list of all R-IDE image templates available, including security scan results or to inspect the container specification (including container specifications, configuration, and manifest), see [https://public.cr.seqera.io/repo/platform/data-studio-ride][ds-ride]. +- To see the list of all Visual Studio Code image templates available, including security scan results or to inspect the container specification (including container specifications, configuration, and manifest), see [public.cr.seqera.io/platform/data-studio-vscode][ds-vscode]. +- To see the list of all Xpra image templates available, including security scan results or to inspect the container specification (including container specifications, configuration, and manifest), see [public.cr.seqera.io/repo/platform/data-studio-xpra][ds-xpra]. -See [Studios](./studios) for DNS configuration, workspace availability, and environment image options. +{/* links */} +[ds-jupyter]: https://public.cr.seqera.io/repo/platform/data-studio-jupyter +[ds-ride]: https://public.cr.seqera.io/repo/platform/data-studio-ride +[ds-vscode]: https://public.cr.seqera.io/repo/platform/data-studio-vscode +[ds-xpra]: https://public.cr.seqera.io/repo/platform/data-studio-xpra diff --git a/platform-enterprise_versioned_docs/version-25.1/enterprise/overview.md b/platform-enterprise_versioned_docs/version-25.1/enterprise/overview.md index 02b1b1fe9..4675f267f 100644 --- a/platform-enterprise_versioned_docs/version-25.1/enterprise/overview.md +++ b/platform-enterprise_versioned_docs/version-25.1/enterprise/overview.md @@ -1,7 +1,8 @@ --- title: "Enterprise installation" description: Platform Enterprise installation overview -date: "9 April 2025" +date created: "2025-04-09" +last updated: "2026-01-30" tags: [installation, deployment] --- diff --git a/platform-enterprise_versioned_docs/version-25.1/enterprise/platform-docker-compose.md b/platform-enterprise_versioned_docs/version-25.1/enterprise/platform-docker-compose.md index 31b229ca8..6fd24f45a 100644 --- a/platform-enterprise_versioned_docs/version-25.1/enterprise/platform-docker-compose.md +++ b/platform-enterprise_versioned_docs/version-25.1/enterprise/platform-docker-compose.md @@ -9,10 +9,8 @@ Docker Compose deployments are suitable for evaluation, development, and small p ## Prerequisites -Before you begin, you need: +Other than the basic requirements [already listed in the Platform installation overview](./install-platform#prerequisites), you will need: - Docker Engine and Docker Compose -- A MySQL 8 database -- A Redis 7 instance ## Container images diff --git a/platform-enterprise_versioned_docs/version-25.1/enterprise/platform-helm.md b/platform-enterprise_versioned_docs/version-25.1/enterprise/platform-helm.md index 38250ca1c..0bb2288fa 100644 --- a/platform-enterprise_versioned_docs/version-25.1/enterprise/platform-helm.md +++ b/platform-enterprise_versioned_docs/version-25.1/enterprise/platform-helm.md @@ -9,10 +9,8 @@ tags: [helm, deployment, installation, kubernetes] ## Prerequisites -Before you begin, you need: +Other than the basic requirements [already listed in the Platform installation overview](./install-platform#prerequisites), you will need: - A Kubernetes cluster -- A MySQL 8 database -- A Redis 7 instance - [Helm v3](https://helm.sh/docs/intro/install) and [kubectl](https://kubernetes.io/docs/tasks/tools/) installed locally ## Installing the Helm chart diff --git a/platform-enterprise_versioned_docs/version-25.1/enterprise/platform-kubernetes.md b/platform-enterprise_versioned_docs/version-25.1/enterprise/platform-kubernetes.md index 0cd63a821..36c6ef8e7 100644 --- a/platform-enterprise_versioned_docs/version-25.1/enterprise/platform-kubernetes.md +++ b/platform-enterprise_versioned_docs/version-25.1/enterprise/platform-kubernetes.md @@ -9,10 +9,9 @@ Kubernetes deployments are recommended for production workloads requiring high a ## Prerequisites -Before you begin, you need: +Other than the basic requirements [already listed in the Platform installation overview](./install-platform#prerequisites), you will need: - A Kubernetes cluster -- A MySQL 8 database -- A Redis 7 instance +- [kubectl](https://kubernetes.io/docs/tasks/tools/) installed locally ### Recommended resources diff --git a/platform-enterprise_versioned_docs/version-25.1/enterprise/studios-docker-compose.md b/platform-enterprise_versioned_docs/version-25.1/enterprise/studios-docker-compose.md index 1545ab384..38dd77437 100644 --- a/platform-enterprise_versioned_docs/version-25.1/enterprise/studios-docker-compose.md +++ b/platform-enterprise_versioned_docs/version-25.1/enterprise/studios-docker-compose.md @@ -9,12 +9,8 @@ This guide describes how to deploy Studios for Seqera Platform Enterprise with D ## Prerequisites -Before you begin, you need: -- A running Seqera Platform Enterprise Docker Compose deployment -- A wildcard TLS certificate for your domain (e.g., `*.example.com`) -- A wildcard DNS record (e.g., `*.example.com`) -- Inbound traffic allowed on port 9090 -- Traffic on port 9090 through your load balancer +Other than the basic requirements [already listed in the Studios installation overview](./install-studios#prerequisites), you will need: +- Docker Engine and Docker Compose ## Procedure @@ -53,7 +49,7 @@ Before you begin, you need: 1. Open `data-studios.env` and set the following: - Uncomment the `connect-proxy` and `connect-server` services. - - `PLATFORM_URL`: The same value as `TOWER_SERVER_URL` (e.g., `https://example.com`). + - `PLATFORM_URL`: The same value as `TOWER_SERVER_URL` (e.g., `https://platform.example.com/` or `https://example.com/`). - `CONNECT_PROXY_URL`: A URL for the connect proxy subdomain (e.g., `https://connect.example.com`). - `CONNECT_OIDC_CLIENT_REGISTRATION_TOKEN`: The same value as `oidc_registration_token`. @@ -64,7 +60,7 @@ Before you begin, you need: - `TOWER_OIDC_REGISTRATION_INITIAL_ACCESS_TOKEN`: The same value as `oidc_registration_token`. - `TOWER_OIDC_PEM_PATH`: The file path to the PEM certificate (e.g., `/data-studios-rsa.pem`). -1. Edit `tower.yml` to enable Studios: +1. Edit the `tower.yml` file and include the following snippet to enable Studios in all workspaces in your Platform instance: ```yaml tower: @@ -72,14 +68,30 @@ Before you begin, you need: allowed-workspaces: null ``` + Alternatively, you can specify a comma-separated list of workspace IDs to enable Studios only on those workspaces. + + ```yaml + tower: + data-studio: + allowed-workspaces: [12345,67890] + ``` + 1. Start your Platform instance: ```bash docker compose up -d ``` -1. Verify Studios is available by logging into Seqera and navigating to an organizational workspace. The **Studios** tab should be displayed. +1. To confirm that Studios is available, log in to your Platform instance and navigate to an organizational workspace that has Studios enabled. The **Studios** tab is included with the available tabs. + +## Tool Configuration + +This guide assumes that all services will be run in the same container as the rest of your Seqera Platform services. + +If you were using Studios prior to GA (v25.1) please review the `tower.env` file and make sure you are using the latest version which includes a new variable `TOWER_DATA_STUDIO_TEMPLATES__TOOL`. This variable needs to be added to the default/Seqera-provided Studio templates: + +`TOWER_DATA_STUDIO_TEMPLATES__TOOL: ''` -## Configuration +The `TEMPLATE_KEY` can be any string, but the `TOOL_NAME` has to be the template name (`jupyter`/`vscode`/`rstudio`/`xpra`). -See [Studios deployment](./studios) for DNS configuration, workspace availability, and environment image options. +You can also check the current template configuration using `https://towerurl/api/studios/templates?workspaceId=`. The response should include the `TOOL` configuration and template name (`jupyter`/`vscode`/`rstudio`/`xpra`) - not `custom`. diff --git a/platform-enterprise_versioned_docs/version-25.1/enterprise/studios-helm.md b/platform-enterprise_versioned_docs/version-25.1/enterprise/studios-helm.md new file mode 100644 index 000000000..d90cfa999 --- /dev/null +++ b/platform-enterprise_versioned_docs/version-25.1/enterprise/studios-helm.md @@ -0,0 +1,31 @@ +--- +title: "Studios: Helm" +description: Deploy Studios Enterprise on Kubernetes with Helm +date created: "2026-01-30" +tags: [helm, deployment, installation, kubernetes, studios] +--- + +[Helm](https://helm.sh) is an open-source command line tool used for managing Kubernetes applications. Seqera offers a [Helm chart](https://github.com/seqeralabs/helm-charts/tree/studios-1.1.3/platform/charts/studios) to deploy Studios Enterprise on a Kubernetes cluster. + +## Prerequisites + +Other than the basic requirements [already listed in the Studios installation overview](./install-studios#prerequisites), you will need: +- A Kubernetes cluster +- [Helm v3](https://helm.sh/docs/intro/install) and [kubectl](https://kubernetes.io/docs/tasks/tools/) installed locally + +## Installation as part of Seqera Platform Enterprise + +The Studios Helm chart has been designed as a sub-chart of the main Seqera Platform Enterprise Helm +chart, but can optionally be installed independently like the Platform chart. + +To install Studios as part of your Seqera Platform Enterprise deployment, make sure the +`studios.enabled` value in your custom Platform's `values.yaml` file is set to `true`: + +```yaml +studios: + enabled: true +``` + +At the same time, configure the desired Studios options as described in the [Studios Helm chart documentation](https://github.com/seqeralabs/helm-charts/tree/studios-1.1.3/platform/charts/studios), in particular the Studios service domain and the subdomains that it will use for incoming connections. Also refer to the [example](https://github.com/seqeralabs/helm-charts/tree/studios-1.1.3/platform/examples/studios) provided in the Helm charts repository. + +Then, follow the instructions in the Seqera Platform Enterprise installation guide [using Helm](./platform-helm) to install or upgrade your Platform deployment with Studios. diff --git a/platform-enterprise_versioned_docs/version-25.1/enterprise/studios-kubernetes.md b/platform-enterprise_versioned_docs/version-25.1/enterprise/studios-kubernetes.md index 779e688cb..ae2a9a81a 100644 --- a/platform-enterprise_versioned_docs/version-25.1/enterprise/studios-kubernetes.md +++ b/platform-enterprise_versioned_docs/version-25.1/enterprise/studios-kubernetes.md @@ -9,10 +9,19 @@ This guide describes how to deploy Studios for Seqera Platform Enterprise on Kub ## Prerequisites -Before you begin, you need: -- A running Seqera Platform Enterprise Kubernetes deployment -- A wildcard TLS certificate for your domain (e.g., `*.example.com`) -- A wildcard DNS record (e.g., `*.example.com`) +Other than the basic requirements [already listed in the Studios installation overview](./install-studios#prerequisites), you will need: +- A Kubernetes cluster +- [kubectl](https://kubernetes.io/docs/tasks/tools/) installed locally + +## Tool configuration + +This procedure describes how to configure Studios for Seqera Enterprise deployments in Kubernetes. If you were using Studios prior to GA (v25.1) please review the `configmap.yaml` file and make sure you are using the latest version which includes a new variable `TOWER_DATA_STUDIO_TEMPLATES__TOOL`. This variable needs to be added to the default/Seqera-provided Studio templates: + +`TOWER_DATA_STUDIO_TEMPLATES__TOOL: ''` + +The `TEMPLATE_KEY` can be any string, but the `TOOL_NAME` has to be the template name (`jupyter`/`vscode`/`rstudio`/`xpra`). + +You can also check the current template configuration using `https://towerurl/api/studios/templates?workspaceId=`. The response should include the `TOOL` configuration and template name (`jupyter`/`vscode`/`rstudio`/`xpra`) - not `custom`. ## Procedure @@ -29,7 +38,7 @@ Before you begin, you need: 1. Edit the `server.yml` file and set the `CONNECT_REDIS_ADDRESS` environment variable to the hostname or IP address of the Redis server configured for Platform. -1. Create an initial OIDC registration token: +1. Create an initial OIDC registration token, which can be any secure random string. For example, using openssl: ```bash oidc_registration_token=$(openssl rand -base64 32 | tr -d /=+ | cut -c -32) @@ -39,22 +48,28 @@ Before you begin, you need: - `CONNECT_REDIS_ADDRESS`: The hostname or IP address of the Redis server configured for Seqera. - `CONNECT_PROXY_URL`: A URL for the connect proxy subdomain (e.g., `https://connect.example.com`). - - `PLATFORM_URL`: The base URL for your installation (e.g., `https://example.com/`). + - `PLATFORM_URL`: The base URL for your installation (e.g., `https://platform.example.com/` or `https://example.com/`). - `CONNECT_OIDC_CLIENT_REGISTRATION_TOKEN`: The same value as the `oidc_registration_token` value created previously. -1. Edit your `ingress.eks.yml` file: +1. Edit the `ingress..yml` file appropriate for your Kubernetes environment: - Uncomment the `host` section at the bottom of the file. - Replace `` with the base domain of your installation. -1. Generate an RSA public/private key pair: + :::note + In the case you're using AWS EKS, this assumes that you have an existing Seqera ingress already configured with the following fields: + + - `alb.ingress.kubernetes.io/certificate-arn`: The ARN of a wildcard TLS certificate that secures the Platform URL and connect proxy URL. For example, if `TOWER_SERVER_URL=https://example.com` and `CONNECT_PROXY_URL=https://connect.example.com`, the certificate must secure `example.com`, and `*.example.com` at the same time; otherwise, you may need to create a second ingress resource specifically for Studios. + ::: + +1. Generate an RSA public/private key pair. A key size of at least 2048 bits is recommended. In the following example, the `openssl` command is used to generate the key pair: ```bash openssl genrsa -out private.pem 2048 openssl rsa -pubout -in private.pem -out public.pem ``` -1. Download the [data-studios-rsa.pem](./_templates/docker/data-studios-rsa.pem) file and replace its contents with the content of your private and public key files (private key on top, public key directly beneath it). +1. Download the [data-studios-rsa.pem](./_templates/docker/data-studios-rsa.pem) file and replace its contents with the content of your private and public key files created in the previous step, in the same order (private key on top, public key directly beneath it). 1. Apply a base64 encoding to the PEM file: @@ -82,12 +97,12 @@ Before you begin, you need: 1. Edit the `tower-svc.yml` file and uncomment the `volumes.cert-volume`, `volumeMounts.cert-volume`, and `env.TOWER_OIDC_PEM_PATH` fields. -1. Edit the ConfigMap named `platform-backend-cfg` in the `configmap.yml`: +1. Edit the ConfigMap named `platform-backend-cfg` in the `configmap.yml` by changing the following environment variables: - - `TOWER_DATA_STUDIO_CONNECT_URL`: The URL of the Studios connect proxy (e.g., `https://connect.example.com/`). + - `TOWER_DATA_STUDIO_CONNECT_URL`: The URL of the Studios connect proxy, such as `https://connect.example.com/`. - `TOWER_OIDC_REGISTRATION_INITIAL_ACCESS_TOKEN`: The same value as the `oidc_registration_token` value created previously. -1. Edit the ConfigMap named `tower-yml` in the `configmap.yml`: +1. Edit the ConfigMap named `tower-yml` in the `configmap.yml` and include the following snippet: ```yaml data: @@ -97,27 +112,42 @@ Before you begin, you need: allowed-workspaces: null ``` + Alternatively, you can specify a comma-separated list of workspace IDs to enable Studios only on those workspaces. + + ```yaml + tower: + data-studio: + allowed-workspaces: [12345,67890] + ``` + 1. Apply the updated configuration: ```bash kubectl apply -f configmap.yml + ``` + +1. Apply the configuration change to Platform: + + ```bash kubectl apply -f tower-svc.yml ``` -1. Restart the cron and backend services: +1. Restart the cron service of your deployment to load the updated configuration. For example: ```bash - kubectl rollout restart deployment/backend deployment/cron + kubectl rollout restart deployment/cron ``` -1. Apply the Studios manifests: +1. Restart the Platform backend service of your deployment to load the updated configuration. For example: ```bash - kubectl apply -f ingress.aks.yml proxy.yml server.yml + kubectl rollout restart deployment/backend ``` -1. Verify Studios is available by logging into Seqera and navigating to an organizational workspace. The **Studios** tab should be displayed. +1. Apply the updated ingress file and the Studios manifests: -## Configuration + ```bash + kubectl apply -f ingress..yml proxy.yml server.yml + ``` -See [Studios deployment](./studios) for DNS configuration, workspace availability, and environment image options. +1. To confirm that Studios is available, log into Seqera and navigate to an organizational workspace that has Studios enabled. The **Studios** tab should be displayed in the sidebar. diff --git a/platform-enterprise_versioned_docs/version-25.1/enterprise/studios.md b/platform-enterprise_versioned_docs/version-25.1/enterprise/studios.md deleted file mode 100644 index 31a4b3b30..000000000 --- a/platform-enterprise_versioned_docs/version-25.1/enterprise/studios.md +++ /dev/null @@ -1,277 +0,0 @@ ---- -title: "Studios" -description: Deploy Seqera Platform with Studios -date created: "2025-03-17" -last updated: "2025-12-05" -tags: [docker, compose, kubernetes, studios, deployment] ---- - -Enable Studios as part of your Seqera Platform Enterprise instance. You must have Data Explorer enabled to use Studios. AWS, Azure, and GCP public clouds are currently supported. - -:::caution -You must upgrade your Seqera Enterprise installation to version 25.1 to enable and configure Studios. -::: - -Studios requires a Redis 7 instance separate from the one used by Seqera Platform. - -## DNS configuration - -Each Studio is reachable at a unique URL that includes a randomly generated subdomain name. For example: `https://abcd.example.com/`, where `example.com` is your Seqera base domain name. - -Provide a wildcard TLS certificate to allow for uniquely generated subdomains. A wildcard certificate common name includes `*.` in the domain name, such as `*.example.com`, thereby securing any subdomain name at this level. - -:::info -If your Enterprise deployment requires non-wildcard SSL certificates, enable path-based routing for Studios. This changes the dynamic subdomain used for each Studio session to a fixed subdomain with path-based routing. - -- When `TOWER_DATA_STUDIO_ENABLE_PATH_ROUTING` is omitted, empty, or `false`: - - https://a1234abc.connect.cloud.seqera.io/ - - https://a5678abcd.connect.cloud.seqera.io/ - -- When `TOWER_DATA_STUDIO_ENABLE_PATH_ROUTING=true`: - - https://connect.connect.cloud.seqera.io/_studio/a1234abc - - https://connect.connect.cloud.seqera.io/_studio/a5678abcd - -Path-based routing is only available from Seqera Platform version 25.2 and the latest Connect server and clients. It is supported for Visual Studio Code, JupyterLab, and R-IDE container template images. It is not supported for the Xpra container template image. -::: - -Studios uses the following set of domains and subdomains: - -- The domain that you set for `TOWER_SERVER_URL`, such as `example.com`. -- A wildcard subdomain that you must configure specifically for Studios. This wildcard subdomain is the parent for each unique session URL, such as `abcd.example.com`. -- The connection proxy, defined by `CONNECT_PROXY_URL`. This URL is a first-level subdomain of your `TOWER_SERVER_URL`. For example, `https://connect.example.com`. - -## Studios workspace availability - -You can configure which organizational workspaces have access to Studios. This configuration is set in the `tower.yml` file. The `tower.data-studio.allowed-workspaces` field supports the following options: - -- `allowed-workspaces: []`: Disables Studios. This is the default if the `allowed-workspaces` field is not specified. -- `allowed-workspaces: [ , ]`: Enables Studios for the comma-separated list of organizational workspace IDs. -- `allowed-workspaces: null`: Enables Studios for all organizational workspaces. - -## Available Studio environment images - -Each of the provided environments includes a particular version of the underlying software package and the version of Seqera Connect, an integrated web- and file-server. - -To quickly identify which version of the software an image includes, the version string for each container is in the form of `-`. For example, if the version string for the R-IDE is `2025.04.1-0.9`, version `2025.04.01` is the R-IDE version and `0.9` is the Connect version of this Seqera-built container image. - -- To see the list of all JupyterLab image templates available, including security scan results or to inspect the container specification (including container specifications, configuration, and manifest), see [public.cr.seqera.io/repo/platform/data-studio-jupyter][ds-jupyter]. -- To see the list of all R-IDE image templates available, including security scan results or to inspect the container specification (including container specifications, configuration, and manifest), see [https://public.cr.seqera.io/repo/platform/data-studio-ride][ds-ride]. -- To see the list of all Visual Studio Code image templates available, including security scan results or to inspect the container specification (including container specifications, configuration, and manifest), see [public.cr.seqera.io/platform/data-studio-vscode][ds-vscode]. -- To see the list of all Xpra image templates available, including security scan results or to inspect the container specification (including container specifications, configuration, and manifest), see [public.cr.seqera.io/repo/platform/data-studio-xpra][ds-xpra]. - -## Docker Compose - -This guide assumes that all services will be run in the same container as the rest of your Seqera Platform services. - -If you were using Studios prior to GA (v25.1) please review the `tower.env` file and make sure you are using the latest version which includes a new variable `TOWER_DATA_STUDIO_TEMPLATES__TOOL`. This variable needs to be added to the default/Seqera-provided Studio templates: - -`TOWER_DATA_STUDIO_TEMPLATES__TOOL: ''` - -The `TEMPLATE_KEY` can be any string, but the `TOOL_NAME` has to be the template name (`jupyter`/`vscode`/`rstudio`/`xpra`). - -You can also check the current template configuration using `https://towerurl/api/studios/templates?workspaceId=`. The response should include the `TOOL` configuration and template name (`jupyter`/`vscode`/`rstudio`/`xpra`) - not `custom`. - -### Prerequisites - -- Allow inbound traffic to port 9090 on the EC2 instance -- Allow traffic on port 9090 through the AWS LB (Load Balancer) -- An AWS Route53 wildcard DNS record, such as `*.` -- Execute `mkdir 777 $HOME/.tower/connect` to create a folder that will be mounted to `connect-proxy` and used to store metadata. - -### Procedure - -1. Download the Studios [environment configuration file](./_templates/docker/data-studios.env). -1. Create an initial OIDC registration token, which can be any secure random string. For example, using openssl: - - ``` - oidc_registration_token=$(openssl rand -base64 32 | tr -d /=+ | cut -c -32) - ``` - -1. Generate an RSA public/private key pair. A key size of at least 2048 bits is recommended. For example, use `openssl` to generate the key pair: - - ```shell - openssl genrsa -out private.pem 2048 - openssl rsa -pubout -in private.pem -out public.pem - ``` -1. Download the [data-studios-rsa.pem](./_templates/docker/data-studios-rsa.pem) file and replace its contents with the content of your private and public key files, in the same order (private key on top, public key directly beneath it). Save the file as `data-studios-rsa.pem`, in the same directory as your `docker-compose.yml` file. -1. Open the `docker-compose.yml` and uncomment the volume mount for the PEM key file for the `backend` and `cron` services in the `volumes` list. Your PEM file must be named `data-studios-rsa.pem`. - - ```yaml - volumes: - - $PWD/tower.yml:/tower.yml - # An RSA key is required for Studios functionality. Uncomment the line below to mount the key. - #- $PWD/data-studios-rsa.pem:/data-studios-rsa.pem - ``` - -1. Open `data-studios.env` in an editor, and make the following changes: - - 1. Uncomment the `connect-proxy` and `connect-server` services. - 1. Set the following environment variables: - - `PLATFORM_URL`: The same value assigned to `TOWER_SERVER_URL`. For example, `https://example.com`. - - `CONNECT_PROXY_URL`: A URL for the connect proxy subdomain. We recommend you set a first-level subdomain of your `PLATFORM_URL` for your connect proxy. For example, `https://connect.example.com`. - - `CONNECT_OIDC_CLIENT_REGISTRATION_TOKEN`: The same value set in the `oidc_registration_token` environment variable. - -1. Open `tower.env` in an editor and set the following variables: - - - `TOWER_DATA_EXPLORER_ENABLED`: Set `true` to enable Data Explorer. You must enable Data Explorer to mount data inside a Studio. - - `TOWER_DATA_STUDIO_CONNECT_URL`: The URL of the Studios connect proxy, such as `https://connect.example.com/`. - - `TOWER_OIDC_REGISTRATION_INITIAL_ACCESS_TOKEN`: The same value set in the `oidc_registration_token` environment variable. - - `TOWER_OIDC_PEM_PATH`: The file path to a PEM certificate used for signing the OIDC tokens for the OpenID connect provider, mounted as a volume inside the container. - -1. Edit the `tower.yml` file and include the following snippet to enable Studios in all organization workspaces: - - ```yaml - tower: - data-studio: - allowed-workspaces: null - ``` - -1. Start your Platform instance: `docker compose -d up`. -1. Confirm that the Platform containers are running: - - ``` - docker ps - ``` - -1. To confirm that Studios is available, log in to your Platform instance and navigate to an organizational workspace that has Studios enabled. The **Studios** tab is included with the available tabs. - -## Kubernetes - -This procedure describes how to configure Studios for Seqera Enterprise deployments in Kubernetes. If you were using Studios prior to GA (v25.1) please review the `configmap.yaml` file and make sure you are using the latest version which includes a new variable `TOWER_DATA_STUDIO_TEMPLATES__TOOL`. This variable needs to be added to the default/Seqera-provided Studio templates: - -`TOWER_DATA_STUDIO_TEMPLATES__TOOL: ''` - -The `TEMPLATE_KEY` can be any string, but the `TOOL_NAME` has to be the template name (`jupyter`/`vscode`/`rstudio`/`xpra`). - -You can also check the current template configuration using `https://towerurl/api/studios/templates?workspaceId=`. The response should include the `TOOL` configuration and template name (`jupyter`/`vscode`/`rstudio`/`xpra`) - not `custom`. - -### Procedure - -1. Download the Kubernetes manifests for the Studios service: - - - [Proxy](./_templates/k8s/data_studios/proxy.yml) - - [Server](./_templates/k8s/data_studios/server.yml) - -1. Change your Kubernetes context to the namespace where your Platform instance runs: - - ``` - kubectl config set-context --current --namespace= - ``` - -1. Edit the `server.yml` file and set the `CONNECT_REDIS_ADDRESS` environment variable to the hostname or IP address of the Redis server configured for Platform. -1. Create an initial OIDC registration token, which can be any secure random string. For example, using openssl: - - ``` - oidc_registration_token=$(openssl rand -base64 32 | tr -d /=+ | cut -c -32) - ``` - -1. Edit the `proxy.yml` file and set the following variables: - - - `CONNECT_REDIS_ADDRESS`: The hostname or IP address of the Redis server configured for Seqera. - - `CONNECT_PROXY_URL`: A URL for the connect proxy subdomain. We recommend you set a first-level subdomain of your installation's domain (`PLATFORM_URL` below) for your connect proxy, to be able to use the same wildcard TLS certificate for all session URLs and avoid additional domain nesting. For example, `https://connect.example.com`. - - `PLATFORM_URL`: The base URL for your installation, such as `https://example.com/`. - - `CONNECT_OIDC_CLIENT_REGISTRATION_TOKEN`: The same value as the `oidc_registration_token` value created previously. - -1. Edit your `ingress.eks.yml` file: - - - Uncomment the `host` section at the bottom of the file. - - Replace `` with the base domain of your installation. For example, `example.com`. - - :::note - This assumes that you have an existing Seqera ingress already configured with the following fields: - - - `alb.ingress.kubernetes.io/certificate-arn`: The ARN of a wildcard TLS certificate that secures your URL and connect proxy URL. For example, if `TOWER_SERVER_URL=https://example.com` and `CONNECT_PROXY_URL=https://connect.example.com`, the certificate must secure both `example.com` and `*.example.com`. - - `alb.ingress.kubernetes.io/load-balancer-attributes`: The attributes of the ALB Load Balancer used in your installation. - ::: - -1. Generate an RSA public/private key pair. A key size of at least 2048 bits is recommended. In the following example, the `openssl` command is used to generate the key pair: - - ```shell - openssl genrsa -out private.pem 2048 - openssl rsa -pubout -in private.pem -out public.pem - ``` - -1. Download the [data-studios-rsa.pem](./_templates/docker/data-studios-rsa.pem) file and replace its contents with the content of your private and public key files created in the previous step, in the same order (private key on top, public key directly beneath it). - -1. Apply a base64 encoding to the PEM file that you created in the previous step: - - ``` - base64_pem=$(cat data-studios-rsa.pem | base64 -w0) - ``` - -1. Create a secret file named `secret.yml` and set the `oidc.pem` key by pasting the contents of the base64-encoded public/private key pair: - - ```yaml - apiVersion: v1 - kind: Secret - metadata: - name: platform-oidc-certs - namespace: platform-stage - data: - oidc.pem: - ``` - -1. Create the secret: - - ``` - kubectl apply -f secret.yml - ``` - -1. Edit the `tower-svc.yml` file and uncomment the `volumes.cert-volume`, `volumeMounts.cert-volume`, and `env.TOWER_OIDC_PEM_PATH` fields so that the public/private key pair is available to Platform. -1. Edit the ConfigMap named `platform-backend-cfg` in the `configmap.yml` by changing the following environment variables: - - - `TOWER_DATA_STUDIO_CONNECT_URL`: The URL of the Studios connect proxy, such as `https://connect.example.com/`. - - `TOWER_OIDC_REGISTRATION_INITIAL_ACCESS_TOKEN`: The same value as the `oidc_registration_token` value created previously. - -1. Edit the ConfigMap named `tower-yml` in the `configmap.yml` and include the following snippet: - - ```yaml - data: - tower.yml: |- - tower: - data-studio: - allowed-workspaces: null - ``` - -1. Apply the updated configuration: - - ``` - kubectl apply -f configmap.yml - ``` - -1. Apply the configuration change to Platform: - - ``` - kubectl apply -f tower-svc.yml - ``` - -1. Restart the cron service of your deployment to load the updated configuration. For example: - - ``` - kubectl delete -f tower-cron.yml - kubectl apply -f tower-cron.yml - ``` - - -1. Restart the backend service of your deployment to load the updated configuration. For example: - - ``` - kubectl scale --replicas=0 deployment/backend - kubectl scale --replicas=1 deployment/backend - ``` - -1. Apply the Studios manifests: - - ``` - kubectl apply -f ingress.aks.yml proxy.yml server.yml - ``` - - It can take several minutes for Kubernetes to apply your changes, during which new pods are rolled out. - -1. To confirm that Studios is available, log into Seqera and navigate to an organizational workspace that has Studios enabled. The **Studios** tab should be displayed in the sidebar. - -{/* links */} -[ds-jupyter]: https://public.cr.seqera.io/repo/platform/data-studio-jupyter -[ds-ride]: https://public.cr.seqera.io/repo/platform/data-studio-ride -[ds-vscode]: https://public.cr.seqera.io/repo/platform/data-studio-vscode -[ds-xpra]: https://public.cr.seqera.io/repo/platform/data-studio-xpra diff --git a/platform-enterprise_versioned_docs/version-25.2/enterprise/groundswell-docker-compose.md b/platform-enterprise_versioned_docs/version-25.2/enterprise/groundswell-docker-compose.md index d9c33a29b..ba5a8ec1c 100644 --- a/platform-enterprise_versioned_docs/version-25.2/enterprise/groundswell-docker-compose.md +++ b/platform-enterprise_versioned_docs/version-25.2/enterprise/groundswell-docker-compose.md @@ -9,9 +9,8 @@ This guide describes how to deploy the pipeline resource optimization service (G ## Prerequisites -Before you begin, you need: -- A running Seqera Platform Enterprise Docker Compose deployment -- Access to your MySQL database +Other than the basic requirements [already listed in the Pipeline Optimization installation overview](./install-groundswell#prerequisites), you will need: +- Docker Engine and Docker Compose ## New installation diff --git a/platform-enterprise_versioned_docs/version-25.2/enterprise/groundswell-helm.md b/platform-enterprise_versioned_docs/version-25.2/enterprise/groundswell-helm.md new file mode 100644 index 000000000..4bf998b62 --- /dev/null +++ b/platform-enterprise_versioned_docs/version-25.2/enterprise/groundswell-helm.md @@ -0,0 +1,31 @@ +--- +title: "Pipeline Optimization: Helm" +description: Deploy Pipeline Optimization Enterprise on Kubernetes with Helm +date created: "2026-01-30" +tags: [helm, deployment, installation, kubernetes, pipeline-optimization] +--- + +[Helm](https://helm.sh) is an open-source command line tool used for managing Kubernetes applications. Seqera offers a [Helm chart](https://github.com/seqeralabs/helm-charts/tree/pipeline-optimization-0.2.4/platform/charts/pipeline-optimization) to deploy Pipeline Optimization Enterprise on a Kubernetes cluster. + +## Prerequisites + +Other than the basic requirements [already listed in the Pipeline Optimization installation overview](./install-groundswell#prerequisites), you will need: +- A Kubernetes cluster +- [Helm v3](https://helm.sh/docs/intro/install) and [kubectl](https://kubernetes.io/docs/tasks/tools/) installed locally + +## Installation as part of Seqera Platform Enterprise + +The Pipeline Optimization Helm chart has been designed as a sub-chart of the main Seqera Platform Enterprise Helm +chart, but can optionally be installed independently like the Platform chart. + +To install Pipeline Optimization as part of your Seqera Platform Enterprise deployment, make sure the +`pipeline-optimization.enabled` value in your custom Platform's `values.yaml` file is set to `true`: + +```yaml +pipeline-optimization: + enabled: true +``` + +At the same time, configure the desired Pipeline Optimization options as described in the [Pipeline Optimization Helm chart documentation](https://github.com/seqeralabs/helm-charts/tree/pipeline-optimization-0.2.4/platform/charts/pipeline-optimization), in particular the Pipeline Optimization and Platform databases. Also refer to the [example](https://github.com/seqeralabs/helm-charts/tree/pipeline-optimization-0.2.4/platform/examples/pipeline-optimization) provided in the Helm charts repository. + +Then, follow the instructions in the Seqera Platform Enterprise installation guide [using Helm](./platform-helm) to install or upgrade your Platform deployment with Pipeline Optimization. diff --git a/platform-enterprise_versioned_docs/version-25.2/enterprise/groundswell-kubernetes.md b/platform-enterprise_versioned_docs/version-25.2/enterprise/groundswell-kubernetes.md index caf779bcf..7942d89cc 100644 --- a/platform-enterprise_versioned_docs/version-25.2/enterprise/groundswell-kubernetes.md +++ b/platform-enterprise_versioned_docs/version-25.2/enterprise/groundswell-kubernetes.md @@ -9,9 +9,9 @@ This guide describes how to deploy the pipeline resource optimization service (G ## Prerequisites -Before you begin, you need: -- A running Seqera Platform Enterprise Kubernetes deployment -- Access to your MySQL database +Other than the basic requirements [already listed in the Pipeline Optimization installation overview](./install-groundswell#prerequisites), you will need: +- A Kubernetes cluster +- [kubectl](https://kubernetes.io/docs/tasks/tools/) installed locally ## Procedure diff --git a/platform-enterprise_versioned_docs/version-25.2/enterprise/install-groundswell.md b/platform-enterprise_versioned_docs/version-25.2/enterprise/install-groundswell.md index ce899648e..0b369045b 100644 --- a/platform-enterprise_versioned_docs/version-25.2/enterprise/install-groundswell.md +++ b/platform-enterprise_versioned_docs/version-25.2/enterprise/install-groundswell.md @@ -11,14 +11,19 @@ Pipeline resource optimization (Groundswell) uses resource usage data from previ | Method | Guide | | :----- | :---- | -| Docker Compose | [Pipeline optimization: Docker Compose](./groundswell-docker-compose) | +| Helm | [Pipeline optimization: Helm](./groundswell-helm) | | Kubernetes | [Pipeline optimization: Kubernetes](./groundswell-kubernetes) | +| Docker Compose | [Pipeline optimization: Docker Compose](./groundswell-docker-compose) | + +See each deployment guide for detailed requirements. ## Prerequisites Before you begin, you need: - A running Seqera Platform Enterprise deployment -- Access to your MySQL database +- A MySQL 8 database separate from the one used by Seqera Platform +- Access to the Seqera Enterprise MySQL database (Pipeline Optimization requires direct access to the Seqera database to read workflow execution data) + * Read-only access is sufficient ## Configuration diff --git a/platform-enterprise_versioned_docs/version-25.2/enterprise/install-platform.md b/platform-enterprise_versioned_docs/version-25.2/enterprise/install-platform.md index e060f1fd8..8ee67a5f3 100644 --- a/platform-enterprise_versioned_docs/version-25.2/enterprise/install-platform.md +++ b/platform-enterprise_versioned_docs/version-25.2/enterprise/install-platform.md @@ -1,7 +1,8 @@ --- title: "Platform" description: Install Seqera Platform Enterprise -date: "12 Apr 2023" +date created: "2023-04-12" +last updated: "2026-01-30" tags: [installation, deployment] --- @@ -11,9 +12,11 @@ Seqera Platform Enterprise can be deployed using Docker Compose, Kubernetes, or | Method | Use case | | :----- | :------- | -| [Docker Compose](./platform-docker-compose) | Evaluation, development, small production workloads | -| [Kubernetes](./platform-kubernetes) | Production workloads requiring high availability | | [Helm](./platform-helm) | Kubernetes deployments using Helm charts | +| [Kubernetes](./platform-kubernetes) | Production workloads requiring high availability | +| [Docker Compose](./platform-docker-compose) | Evaluation, development, small production workloads | + +See each deployment guide for detailed requirements. ## Prerequisites @@ -21,4 +24,6 @@ Before you begin, you need: - A MySQL 8 database - A Redis 7 instance -See each deployment guide for detailed requirements. +:::note +MySQL 8 is the only supported database version from Seqera Enterprise version 23.4 onwards. MySQL 5.6 and 5.7 are not supported. +::: diff --git a/platform-enterprise_versioned_docs/version-25.2/enterprise/install-studios.md b/platform-enterprise_versioned_docs/version-25.2/enterprise/install-studios.md index 3c61f946e..b208de951 100644 --- a/platform-enterprise_versioned_docs/version-25.2/enterprise/install-studios.md +++ b/platform-enterprise_versioned_docs/version-25.2/enterprise/install-studios.md @@ -11,17 +11,83 @@ Studios provides interactive analysis environments within Seqera Platform. Deplo | Method | Guide | | :----- | :---- | -| Docker Compose | [Studios: Docker Compose](./studios-docker-compose) | +| Helm | [Studios: Helm](./studios-helm) | | Kubernetes | [Studios: Kubernetes](./studios-kubernetes) | +| Docker Compose | [Studios: Docker Compose](./studios-docker-compose) | + +See each deployment guide for detailed requirements. ## Prerequisites Before you begin, you need: -- A running Seqera Platform Enterprise deployment +- A running Seqera Platform Enterprise deployment at hostname `example.com` or `platform.example.com` - A Redis 7 instance separate from the one used by Seqera Platform -- TLS certificates for the Studios service and Studios subdomains (you can use a single certificate covering both or separate certificates) -- A wildcard DNS record +- TLS certificates for the Studios subdomains `*.connect.example.com` + * A single certificate covering both Platform and Studios subdomains can be used; if preferring to use separate certificates, you may need to configure a separate ingress when working with plain Kubernetes manifests (the Studios Helm chart already uses separate ingresses) + * The studios subdomain must share the same "root domain" with the Platform installation, for example with platform installed at `example.com` or `platform.example.com`, Studios can be installed at: + - `connect.example.com` or using another name such as `studios.example.com` + - `connect.platform.example.com` + - `connect.another.subdomain.example.com` +- A wildcard DNS record covering the Studios subdomains, e.g., `*.connect.example.com` +- Data Explorer enabled in your Seqera Platform instance (automatic with Helm deployments) + +## DNS Configuration + +Each Studio is reachable at a unique URL that includes a randomly generated subdomain name. For example: `https://abcd.connect.example.com/`, where `connect.example.com` is the Studios service domain. + +Provide a wildcard TLS certificate to allow for uniquely generated subdomains. A wildcard certificate common name includes `*.` in the domain name, such as `*.connect.example.com`, thereby securing any subdomain name at this level. + +Studios uses the following set of domains and subdomains: + +- The Platform domain that you set for `TOWER_SERVER_URL`, such as `example.com`. +- A wildcard subdomain that you must configure specifically for Studios. This wildcard subdomain is the parent for each unique session URL, such as `abcd.connect.example.com`. +- The connection proxy, defined by `CONNECT_PROXY_URL`. This URL is a first-level subdomain of your `TOWER_SERVER_URL`. For example, `https://connect.example.com`. + +## Studios workspace availability + +You can configure which organizational workspaces have access to Studios. This configuration is set in the `tower.yml` file. The `tower.data-studio.allowed-workspaces` field supports the following options: + +- `allowed-workspaces: []`: Disables Studios. This is the default if the `allowed-workspaces` field is not specified. +- `allowed-workspaces: [ , ]`: Enables Studios for the comma-separated list of organizational workspace IDs. +- `allowed-workspaces: null`: Enables Studios for all organizational workspaces. + +In the Platform Helm chart, set the desired configuration in the `platform.YAMLConfigFileContent` field. For example, to enable Studios for workspaces 12345 and 67890: + +```yaml +platform: + YAMLConfigFileContent: |- + tower: + data-studio: + allowed-workspaces: [12345,67890] +``` + +## Available Studios environment images + +Each of the provided environments includes a particular version of the underlying software package and the version of Seqera Connect, an integrated web- and file-server. + +To quickly identify which version of the software an image includes, the version string for each container is in the form of `-`. For example, if the version string for the R-IDE is `2025.04.1-0.9`, version `2025.04.01` is the R-IDE version and `0.9` is the Connect version of this Seqera-built container image. Learn more about Studios [environment versioning](../studios/container-images). + +- To see the list of all JupyterLab image templates available, including security scan results or to inspect the container specification (including container specifications, configuration, and manifest), see [public.cr.seqera.io/repo/platform/data-studio-jupyter][ds-jupyter]. +- To see the list of all R-IDE image templates available, including security scan results or to inspect the container specification (including container specifications, configuration, and manifest), see [https://public.cr.seqera.io/repo/platform/data-studio-ride][ds-ride]. +- To see the list of all Visual Studio Code image templates available, including security scan results or to inspect the container specification (including container specifications, configuration, and manifest), see [public.cr.seqera.io/platform/data-studio-vscode][ds-vscode]. +- To see the list of all Xpra image templates available, including security scan results or to inspect the container specification (including container specifications, configuration, and manifest), see [public.cr.seqera.io/repo/platform/data-studio-xpra][ds-xpra]. + +## Path-based routing configuration + +If your Enterprise deployment requires non-wildcard SSL certificates, enable path-based routing for Studios. This changes the dynamic subdomain used for each Studios session to a fixed subdomain with path-based routing. + +- When `TOWER_DATA_STUDIO_ENABLE_PATH_ROUTING` is omitted, empty, or `false`, the Studios session URLs use unique subdomains: + - https://a1234abc.connect.cloud.seqera.io/ + - https://a5678abcd.connect.cloud.seqera.io/ + +- When `TOWER_DATA_STUDIO_ENABLE_PATH_ROUTING=true`, the Studios session URLs use path-based routing: + - https://connect.connect.cloud.seqera.io/_studio/a1234abc + - https://connect.connect.cloud.seqera.io/_studio/a5678abcd -## Configuration +Path-based routing is only available from Seqera Platform version 25.2 and the latest Connect server and clients. It is supported for Visual Studio Code, JupyterLab, and R-IDE container template images. It is not supported for the Xpra container template image. -See [Studios](./studios) for DNS configuration, workspace availability, and environment image options. +{/* links */} +[ds-jupyter]: https://public.cr.seqera.io/repo/platform/data-studio-jupyter +[ds-ride]: https://public.cr.seqera.io/repo/platform/data-studio-ride +[ds-vscode]: https://public.cr.seqera.io/repo/platform/data-studio-vscode +[ds-xpra]: https://public.cr.seqera.io/repo/platform/data-studio-xpra diff --git a/platform-enterprise_versioned_docs/version-25.2/enterprise/overview.md b/platform-enterprise_versioned_docs/version-25.2/enterprise/overview.md index 02b1b1fe9..4675f267f 100644 --- a/platform-enterprise_versioned_docs/version-25.2/enterprise/overview.md +++ b/platform-enterprise_versioned_docs/version-25.2/enterprise/overview.md @@ -1,7 +1,8 @@ --- title: "Enterprise installation" description: Platform Enterprise installation overview -date: "9 April 2025" +date created: "2025-04-09" +last updated: "2026-01-30" tags: [installation, deployment] --- diff --git a/platform-enterprise_versioned_docs/version-25.2/enterprise/platform-docker-compose.md b/platform-enterprise_versioned_docs/version-25.2/enterprise/platform-docker-compose.md index 31b229ca8..6fd24f45a 100644 --- a/platform-enterprise_versioned_docs/version-25.2/enterprise/platform-docker-compose.md +++ b/platform-enterprise_versioned_docs/version-25.2/enterprise/platform-docker-compose.md @@ -9,10 +9,8 @@ Docker Compose deployments are suitable for evaluation, development, and small p ## Prerequisites -Before you begin, you need: +Other than the basic requirements [already listed in the Platform installation overview](./install-platform#prerequisites), you will need: - Docker Engine and Docker Compose -- A MySQL 8 database -- A Redis 7 instance ## Container images diff --git a/platform-enterprise_versioned_docs/version-25.2/enterprise/platform-helm.md b/platform-enterprise_versioned_docs/version-25.2/enterprise/platform-helm.md index 38250ca1c..0bb2288fa 100644 --- a/platform-enterprise_versioned_docs/version-25.2/enterprise/platform-helm.md +++ b/platform-enterprise_versioned_docs/version-25.2/enterprise/platform-helm.md @@ -9,10 +9,8 @@ tags: [helm, deployment, installation, kubernetes] ## Prerequisites -Before you begin, you need: +Other than the basic requirements [already listed in the Platform installation overview](./install-platform#prerequisites), you will need: - A Kubernetes cluster -- A MySQL 8 database -- A Redis 7 instance - [Helm v3](https://helm.sh/docs/intro/install) and [kubectl](https://kubernetes.io/docs/tasks/tools/) installed locally ## Installing the Helm chart diff --git a/platform-enterprise_versioned_docs/version-25.2/enterprise/platform-kubernetes.md b/platform-enterprise_versioned_docs/version-25.2/enterprise/platform-kubernetes.md index 0cd63a821..36c6ef8e7 100644 --- a/platform-enterprise_versioned_docs/version-25.2/enterprise/platform-kubernetes.md +++ b/platform-enterprise_versioned_docs/version-25.2/enterprise/platform-kubernetes.md @@ -9,10 +9,9 @@ Kubernetes deployments are recommended for production workloads requiring high a ## Prerequisites -Before you begin, you need: +Other than the basic requirements [already listed in the Platform installation overview](./install-platform#prerequisites), you will need: - A Kubernetes cluster -- A MySQL 8 database -- A Redis 7 instance +- [kubectl](https://kubernetes.io/docs/tasks/tools/) installed locally ### Recommended resources diff --git a/platform-enterprise_versioned_docs/version-25.2/enterprise/studios-docker-compose.md b/platform-enterprise_versioned_docs/version-25.2/enterprise/studios-docker-compose.md index 1545ab384..38dd77437 100644 --- a/platform-enterprise_versioned_docs/version-25.2/enterprise/studios-docker-compose.md +++ b/platform-enterprise_versioned_docs/version-25.2/enterprise/studios-docker-compose.md @@ -9,12 +9,8 @@ This guide describes how to deploy Studios for Seqera Platform Enterprise with D ## Prerequisites -Before you begin, you need: -- A running Seqera Platform Enterprise Docker Compose deployment -- A wildcard TLS certificate for your domain (e.g., `*.example.com`) -- A wildcard DNS record (e.g., `*.example.com`) -- Inbound traffic allowed on port 9090 -- Traffic on port 9090 through your load balancer +Other than the basic requirements [already listed in the Studios installation overview](./install-studios#prerequisites), you will need: +- Docker Engine and Docker Compose ## Procedure @@ -53,7 +49,7 @@ Before you begin, you need: 1. Open `data-studios.env` and set the following: - Uncomment the `connect-proxy` and `connect-server` services. - - `PLATFORM_URL`: The same value as `TOWER_SERVER_URL` (e.g., `https://example.com`). + - `PLATFORM_URL`: The same value as `TOWER_SERVER_URL` (e.g., `https://platform.example.com/` or `https://example.com/`). - `CONNECT_PROXY_URL`: A URL for the connect proxy subdomain (e.g., `https://connect.example.com`). - `CONNECT_OIDC_CLIENT_REGISTRATION_TOKEN`: The same value as `oidc_registration_token`. @@ -64,7 +60,7 @@ Before you begin, you need: - `TOWER_OIDC_REGISTRATION_INITIAL_ACCESS_TOKEN`: The same value as `oidc_registration_token`. - `TOWER_OIDC_PEM_PATH`: The file path to the PEM certificate (e.g., `/data-studios-rsa.pem`). -1. Edit `tower.yml` to enable Studios: +1. Edit the `tower.yml` file and include the following snippet to enable Studios in all workspaces in your Platform instance: ```yaml tower: @@ -72,14 +68,30 @@ Before you begin, you need: allowed-workspaces: null ``` + Alternatively, you can specify a comma-separated list of workspace IDs to enable Studios only on those workspaces. + + ```yaml + tower: + data-studio: + allowed-workspaces: [12345,67890] + ``` + 1. Start your Platform instance: ```bash docker compose up -d ``` -1. Verify Studios is available by logging into Seqera and navigating to an organizational workspace. The **Studios** tab should be displayed. +1. To confirm that Studios is available, log in to your Platform instance and navigate to an organizational workspace that has Studios enabled. The **Studios** tab is included with the available tabs. + +## Tool Configuration + +This guide assumes that all services will be run in the same container as the rest of your Seqera Platform services. + +If you were using Studios prior to GA (v25.1) please review the `tower.env` file and make sure you are using the latest version which includes a new variable `TOWER_DATA_STUDIO_TEMPLATES__TOOL`. This variable needs to be added to the default/Seqera-provided Studio templates: + +`TOWER_DATA_STUDIO_TEMPLATES__TOOL: ''` -## Configuration +The `TEMPLATE_KEY` can be any string, but the `TOOL_NAME` has to be the template name (`jupyter`/`vscode`/`rstudio`/`xpra`). -See [Studios deployment](./studios) for DNS configuration, workspace availability, and environment image options. +You can also check the current template configuration using `https://towerurl/api/studios/templates?workspaceId=`. The response should include the `TOOL` configuration and template name (`jupyter`/`vscode`/`rstudio`/`xpra`) - not `custom`. diff --git a/platform-enterprise_versioned_docs/version-25.2/enterprise/studios-helm.md b/platform-enterprise_versioned_docs/version-25.2/enterprise/studios-helm.md new file mode 100644 index 000000000..d90cfa999 --- /dev/null +++ b/platform-enterprise_versioned_docs/version-25.2/enterprise/studios-helm.md @@ -0,0 +1,31 @@ +--- +title: "Studios: Helm" +description: Deploy Studios Enterprise on Kubernetes with Helm +date created: "2026-01-30" +tags: [helm, deployment, installation, kubernetes, studios] +--- + +[Helm](https://helm.sh) is an open-source command line tool used for managing Kubernetes applications. Seqera offers a [Helm chart](https://github.com/seqeralabs/helm-charts/tree/studios-1.1.3/platform/charts/studios) to deploy Studios Enterprise on a Kubernetes cluster. + +## Prerequisites + +Other than the basic requirements [already listed in the Studios installation overview](./install-studios#prerequisites), you will need: +- A Kubernetes cluster +- [Helm v3](https://helm.sh/docs/intro/install) and [kubectl](https://kubernetes.io/docs/tasks/tools/) installed locally + +## Installation as part of Seqera Platform Enterprise + +The Studios Helm chart has been designed as a sub-chart of the main Seqera Platform Enterprise Helm +chart, but can optionally be installed independently like the Platform chart. + +To install Studios as part of your Seqera Platform Enterprise deployment, make sure the +`studios.enabled` value in your custom Platform's `values.yaml` file is set to `true`: + +```yaml +studios: + enabled: true +``` + +At the same time, configure the desired Studios options as described in the [Studios Helm chart documentation](https://github.com/seqeralabs/helm-charts/tree/studios-1.1.3/platform/charts/studios), in particular the Studios service domain and the subdomains that it will use for incoming connections. Also refer to the [example](https://github.com/seqeralabs/helm-charts/tree/studios-1.1.3/platform/examples/studios) provided in the Helm charts repository. + +Then, follow the instructions in the Seqera Platform Enterprise installation guide [using Helm](./platform-helm) to install or upgrade your Platform deployment with Studios. diff --git a/platform-enterprise_versioned_docs/version-25.2/enterprise/studios-kubernetes.md b/platform-enterprise_versioned_docs/version-25.2/enterprise/studios-kubernetes.md index 779e688cb..ae2a9a81a 100644 --- a/platform-enterprise_versioned_docs/version-25.2/enterprise/studios-kubernetes.md +++ b/platform-enterprise_versioned_docs/version-25.2/enterprise/studios-kubernetes.md @@ -9,10 +9,19 @@ This guide describes how to deploy Studios for Seqera Platform Enterprise on Kub ## Prerequisites -Before you begin, you need: -- A running Seqera Platform Enterprise Kubernetes deployment -- A wildcard TLS certificate for your domain (e.g., `*.example.com`) -- A wildcard DNS record (e.g., `*.example.com`) +Other than the basic requirements [already listed in the Studios installation overview](./install-studios#prerequisites), you will need: +- A Kubernetes cluster +- [kubectl](https://kubernetes.io/docs/tasks/tools/) installed locally + +## Tool configuration + +This procedure describes how to configure Studios for Seqera Enterprise deployments in Kubernetes. If you were using Studios prior to GA (v25.1) please review the `configmap.yaml` file and make sure you are using the latest version which includes a new variable `TOWER_DATA_STUDIO_TEMPLATES__TOOL`. This variable needs to be added to the default/Seqera-provided Studio templates: + +`TOWER_DATA_STUDIO_TEMPLATES__TOOL: ''` + +The `TEMPLATE_KEY` can be any string, but the `TOOL_NAME` has to be the template name (`jupyter`/`vscode`/`rstudio`/`xpra`). + +You can also check the current template configuration using `https://towerurl/api/studios/templates?workspaceId=`. The response should include the `TOOL` configuration and template name (`jupyter`/`vscode`/`rstudio`/`xpra`) - not `custom`. ## Procedure @@ -29,7 +38,7 @@ Before you begin, you need: 1. Edit the `server.yml` file and set the `CONNECT_REDIS_ADDRESS` environment variable to the hostname or IP address of the Redis server configured for Platform. -1. Create an initial OIDC registration token: +1. Create an initial OIDC registration token, which can be any secure random string. For example, using openssl: ```bash oidc_registration_token=$(openssl rand -base64 32 | tr -d /=+ | cut -c -32) @@ -39,22 +48,28 @@ Before you begin, you need: - `CONNECT_REDIS_ADDRESS`: The hostname or IP address of the Redis server configured for Seqera. - `CONNECT_PROXY_URL`: A URL for the connect proxy subdomain (e.g., `https://connect.example.com`). - - `PLATFORM_URL`: The base URL for your installation (e.g., `https://example.com/`). + - `PLATFORM_URL`: The base URL for your installation (e.g., `https://platform.example.com/` or `https://example.com/`). - `CONNECT_OIDC_CLIENT_REGISTRATION_TOKEN`: The same value as the `oidc_registration_token` value created previously. -1. Edit your `ingress.eks.yml` file: +1. Edit the `ingress..yml` file appropriate for your Kubernetes environment: - Uncomment the `host` section at the bottom of the file. - Replace `` with the base domain of your installation. -1. Generate an RSA public/private key pair: + :::note + In the case you're using AWS EKS, this assumes that you have an existing Seqera ingress already configured with the following fields: + + - `alb.ingress.kubernetes.io/certificate-arn`: The ARN of a wildcard TLS certificate that secures the Platform URL and connect proxy URL. For example, if `TOWER_SERVER_URL=https://example.com` and `CONNECT_PROXY_URL=https://connect.example.com`, the certificate must secure `example.com`, and `*.example.com` at the same time; otherwise, you may need to create a second ingress resource specifically for Studios. + ::: + +1. Generate an RSA public/private key pair. A key size of at least 2048 bits is recommended. In the following example, the `openssl` command is used to generate the key pair: ```bash openssl genrsa -out private.pem 2048 openssl rsa -pubout -in private.pem -out public.pem ``` -1. Download the [data-studios-rsa.pem](./_templates/docker/data-studios-rsa.pem) file and replace its contents with the content of your private and public key files (private key on top, public key directly beneath it). +1. Download the [data-studios-rsa.pem](./_templates/docker/data-studios-rsa.pem) file and replace its contents with the content of your private and public key files created in the previous step, in the same order (private key on top, public key directly beneath it). 1. Apply a base64 encoding to the PEM file: @@ -82,12 +97,12 @@ Before you begin, you need: 1. Edit the `tower-svc.yml` file and uncomment the `volumes.cert-volume`, `volumeMounts.cert-volume`, and `env.TOWER_OIDC_PEM_PATH` fields. -1. Edit the ConfigMap named `platform-backend-cfg` in the `configmap.yml`: +1. Edit the ConfigMap named `platform-backend-cfg` in the `configmap.yml` by changing the following environment variables: - - `TOWER_DATA_STUDIO_CONNECT_URL`: The URL of the Studios connect proxy (e.g., `https://connect.example.com/`). + - `TOWER_DATA_STUDIO_CONNECT_URL`: The URL of the Studios connect proxy, such as `https://connect.example.com/`. - `TOWER_OIDC_REGISTRATION_INITIAL_ACCESS_TOKEN`: The same value as the `oidc_registration_token` value created previously. -1. Edit the ConfigMap named `tower-yml` in the `configmap.yml`: +1. Edit the ConfigMap named `tower-yml` in the `configmap.yml` and include the following snippet: ```yaml data: @@ -97,27 +112,42 @@ Before you begin, you need: allowed-workspaces: null ``` + Alternatively, you can specify a comma-separated list of workspace IDs to enable Studios only on those workspaces. + + ```yaml + tower: + data-studio: + allowed-workspaces: [12345,67890] + ``` + 1. Apply the updated configuration: ```bash kubectl apply -f configmap.yml + ``` + +1. Apply the configuration change to Platform: + + ```bash kubectl apply -f tower-svc.yml ``` -1. Restart the cron and backend services: +1. Restart the cron service of your deployment to load the updated configuration. For example: ```bash - kubectl rollout restart deployment/backend deployment/cron + kubectl rollout restart deployment/cron ``` -1. Apply the Studios manifests: +1. Restart the Platform backend service of your deployment to load the updated configuration. For example: ```bash - kubectl apply -f ingress.aks.yml proxy.yml server.yml + kubectl rollout restart deployment/backend ``` -1. Verify Studios is available by logging into Seqera and navigating to an organizational workspace. The **Studios** tab should be displayed. +1. Apply the updated ingress file and the Studios manifests: -## Configuration + ```bash + kubectl apply -f ingress..yml proxy.yml server.yml + ``` -See [Studios deployment](./studios) for DNS configuration, workspace availability, and environment image options. +1. To confirm that Studios is available, log into Seqera and navigate to an organizational workspace that has Studios enabled. The **Studios** tab should be displayed in the sidebar. diff --git a/platform-enterprise_versioned_docs/version-25.2/enterprise/studios.md b/platform-enterprise_versioned_docs/version-25.2/enterprise/studios.md deleted file mode 100644 index e7e932218..000000000 --- a/platform-enterprise_versioned_docs/version-25.2/enterprise/studios.md +++ /dev/null @@ -1,277 +0,0 @@ ---- -title: "Studios" -description: Deploy Seqera Platform with Studios -date created: "2025-03-17" -last updated: "2025-12-05" -tags: [docker, compose, kubernetes, studios, deployment] ---- - -Enable Studios as part of your Seqera Platform Enterprise instance. You must have Data Explorer enabled to use Studios. AWS, Azure, and GCP public clouds are currently supported. - -:::caution -You must upgrade your Seqera Enterprise installation to version 25.1 to enable and configure Studios. -::: - -Studios requires a Redis 7 instance separate from the one used by Seqera Platform. - -## DNS configuration - -Each Studio is reachable at a unique URL that includes a randomly generated subdomain name. For example: `https://abcd.example.com/`, where `example.com` is your Seqera base domain name. - -Provide a wildcard TLS certificate to allow for uniquely generated subdomains. A wildcard certificate common name includes `*.` in the domain name, such as `*.example.com`, thereby securing any subdomain name at this level. - -:::info -If your Enterprise deployment requires non-wildcard SSL certificates, enable path-based routing for Studios. This changes the dynamic subdomain used for each Studio session to a fixed subdomain with path-based routing. - -- When `TOWER_DATA_STUDIO_ENABLE_PATH_ROUTING` is omitted, empty, or `false`: - - https://a1234abc.connect.cloud.seqera.io/ - - https://a5678abcd.connect.cloud.seqera.io/ - -- When `TOWER_DATA_STUDIO_ENABLE_PATH_ROUTING=true`: - - https://connect.connect.cloud.seqera.io/_studio/a1234abc - - https://connect.connect.cloud.seqera.io/_studio/a5678abcd - -Path-based routing is only available from Seqera Platform version 25.2 and the latest Connect server and clients. It is supported for Visual Studio Code, JupyterLab, and R-IDE container template images. It is not supported for the Xpra container template image. -::: - -Studios uses the following set of domains and subdomains: - -- The domain that you set for `TOWER_SERVER_URL`, such as `example.com`. -- A wildcard subdomain that you must configure specifically for Studios. This wildcard subdomain is the parent for each unique session URL, such as `abcd.example.com`. -- The connection proxy, defined by `CONNECT_PROXY_URL`. This URL is a first-level subdomain of your `TOWER_SERVER_URL`. For example, `https://connect.example.com`. - -## Studios workspace availability - -You can configure which organizational workspaces have access to Studios. This configuration is set in the `tower.yml` file. The `tower.data-studio.allowed-workspaces` field supports the following options: - -- `allowed-workspaces: []`: Disables Studios. This is the default if the `allowed-workspaces` field is not specified. -- `allowed-workspaces: [ , ]`: Enables Studios for the comma-separated list of organizational workspace IDs. -- `allowed-workspaces: null`: Enables Studios for all organizational workspaces. - -## Available Studio environment images - -Each of the provided environments includes a particular version of the underlying software package and the version of Seqera Connect, an integrated web- and file-server. - -To quickly identify which version of the software an image includes, the version string for each container is in the form of `-`. For example, if the version string for the R-IDE is `2025.04.1-0.9`, version `2025.04.01` is the R-IDE version and `0.9` is the Connect version of this Seqera-built container image. Learn more about Studios [environment versioning](../studios/container-images). - -- To see the list of all JupyterLab image templates available, including security scan results or to inspect the container specification (including container specifications, configuration, and manifest), see [public.cr.seqera.io/repo/platform/data-studio-jupyter][ds-jupyter]. -- To see the list of all R-IDE image templates available, including security scan results or to inspect the container specification (including container specifications, configuration, and manifest), see [https://public.cr.seqera.io/repo/platform/data-studio-ride][ds-ride]. -- To see the list of all Visual Studio Code image templates available, including security scan results or to inspect the container specification (including container specifications, configuration, and manifest), see [public.cr.seqera.io/platform/data-studio-vscode][ds-vscode]. -- To see the list of all Xpra image templates available, including security scan results or to inspect the container specification (including container specifications, configuration, and manifest), see [public.cr.seqera.io/repo/platform/data-studio-xpra][ds-xpra]. - -## Docker Compose - -This guide assumes that all services will be run in the same container as the rest of your Seqera Platform services. - -If you were using Studios prior to GA (v25.1) please review the `tower.env` file and make sure you are using the latest version which includes a new variable `TOWER_DATA_STUDIO_TEMPLATES__TOOL`. This variable needs to be added to the default/Seqera-provided Studio templates: - -`TOWER_DATA_STUDIO_TEMPLATES__TOOL: ''` - -The `TEMPLATE_KEY` can be any string, but the `TOOL_NAME` has to be the template name (`jupyter`/`vscode`/`rstudio`/`xpra`). - -You can also check the current template configuration using `https://towerurl/api/studios/templates?workspaceId=`. The response should include the `TOOL` configuration and template name (`jupyter`/`vscode`/`rstudio`/`xpra`) - not `custom`. - -### Prerequisites - -- Allow inbound traffic to port 9090 on the EC2 instance -- Allow traffic on port 9090 through the AWS LB (Load Balancer) -- An AWS Route53 wildcard DNS record, such as `*.` -- Execute `mkdir 777 $HOME/.tower/connect` to create a folder that will be mounted to `connect-proxy` and used to store metadata. - -### Procedure - -1. Download the Studios [environment configuration file](./_templates/docker/data-studios.env). -1. Create an initial OIDC registration token, which can be any secure random string. For example, using openssl: - - ``` - oidc_registration_token=$(openssl rand -base64 32 | tr -d /=+ | cut -c -32) - ``` - -1. Generate an RSA public/private key pair. A key size of at least 2048 bits is recommended. For example, use `openssl` to generate the key pair: - - ```shell - openssl genrsa -out private.pem 2048 - openssl rsa -pubout -in private.pem -out public.pem - ``` -1. Download the [data-studios-rsa.pem](./_templates/docker/data-studios-rsa.pem) file and replace its contents with the content of your private and public key files, in the same order (private key on top, public key directly beneath it). Save the file as `data-studios-rsa.pem`, in the same directory as your `docker-compose.yml` file. -1. Open the `docker-compose.yml` and uncomment the volume mount for the PEM key file for the `backend` and `cron` services in the `volumes` list. Your PEM file must be named `data-studios-rsa.pem`. - - ```yaml - volumes: - - $PWD/tower.yml:/tower.yml - # An RSA key is required for Studios functionality. Uncomment the line below to mount the key. - #- $PWD/data-studios-rsa.pem:/data-studios-rsa.pem - ``` - -1. Open `data-studios.env` in an editor, and make the following changes: - - 1. Uncomment the `connect-proxy` and `connect-server` services. - 1. Set the following environment variables: - - `PLATFORM_URL`: The same value assigned to `TOWER_SERVER_URL`. For example, `https://example.com`. - - `CONNECT_PROXY_URL`: A URL for the connect proxy subdomain. We recommend you set a first-level subdomain of your `PLATFORM_URL` for your connect proxy. For example, `https://connect.example.com`. - - `CONNECT_OIDC_CLIENT_REGISTRATION_TOKEN`: The same value set in the `oidc_registration_token` environment variable. - -1. Open `tower.env` in an editor and set the following variables: - - - `TOWER_DATA_EXPLORER_ENABLED`: Set `true` to enable Data Explorer. You must enable Data Explorer to mount data inside a Studio. - - `TOWER_DATA_STUDIO_CONNECT_URL`: The URL of the Studios connect proxy, such as `https://connect.example.com/`. - - `TOWER_OIDC_REGISTRATION_INITIAL_ACCESS_TOKEN`: The same value set in the `oidc_registration_token` environment variable. - - `TOWER_OIDC_PEM_PATH`: The file path to a PEM certificate used for signing the OIDC tokens for the OpenID connect provider, mounted as a volume inside the container. - -1. Edit the `tower.yml` file and include the following snippet to enable Studios in all organization workspaces: - - ```yaml - tower: - data-studio: - allowed-workspaces: null - ``` - -1. Start your Platform instance: `docker compose -d up`. -1. Confirm that the Platform containers are running: - - ``` - docker ps - ``` - -1. To confirm that Studios is available, log in to your Platform instance and navigate to an organizational workspace that has Studios enabled. The **Studios** tab is included with the available tabs. - -## Kubernetes - -This procedure describes how to configure Studios for Seqera Enterprise deployments in Kubernetes. If you were using Studios prior to GA (v25.1) please review the `configmap.yaml` file and make sure you are using the latest version which includes a new variable `TOWER_DATA_STUDIO_TEMPLATES__TOOL`. This variable needs to be added to the default/Seqera-provided Studio templates: - -`TOWER_DATA_STUDIO_TEMPLATES__TOOL: ''` - -The `TEMPLATE_KEY` can be any string, but the `TOOL_NAME` has to be the template name (`jupyter`/`vscode`/`rstudio`/`xpra`). - -You can also check the current template configuration using `https://towerurl/api/studios/templates?workspaceId=`. The response should include the `TOOL` configuration and template name (`jupyter`/`vscode`/`rstudio`/`xpra`) - not `custom`. - -### Procedure - -1. Download the Kubernetes manifests for the Studios service: - - - [Proxy](./_templates/k8s/data_studios/proxy.yml) - - [Server](./_templates/k8s/data_studios/server.yml) - -1. Change your Kubernetes context to the namespace where your Platform instance runs: - - ``` - kubectl config set-context --current --namespace= - ``` - -1. Edit the `server.yml` file and set the `CONNECT_REDIS_ADDRESS` environment variable to the hostname or IP address of the Redis server configured for Platform. -1. Create an initial OIDC registration token, which can be any secure random string. For example, using openssl: - - ``` - oidc_registration_token=$(openssl rand -base64 32 | tr -d /=+ | cut -c -32) - ``` - -1. Edit the `proxy.yml` file and set the following variables: - - - `CONNECT_REDIS_ADDRESS`: The hostname or IP address of the Redis server configured for Seqera. - - `CONNECT_PROXY_URL`: A URL for the connect proxy subdomain. We recommend you set a first-level subdomain of your installation's domain (`PLATFORM_URL` below) for your connect proxy, to be able to use the same wildcard TLS certificate for all session URLs and avoid additional domain nesting. For example, `https://connect.example.com`. - - `PLATFORM_URL`: The base URL for your installation, such as `https://example.com/`. - - `CONNECT_OIDC_CLIENT_REGISTRATION_TOKEN`: The same value as the `oidc_registration_token` value created previously. - -1. Edit your `ingress.eks.yml` file: - - - Uncomment the `host` section at the bottom of the file. - - Replace `` with the base domain of your installation. For example, `example.com`. - - :::note - This assumes that you have an existing Seqera ingress already configured with the following fields: - - - `alb.ingress.kubernetes.io/certificate-arn`: The ARN of a wildcard TLS certificate that secures your URL and connect proxy URL. For example, if `TOWER_SERVER_URL=https://example.com` and `CONNECT_PROXY_URL=https://connect.example.com`, the certificate must secure both `example.com` and `*.example.com`. - - `alb.ingress.kubernetes.io/load-balancer-attributes`: The attributes of the ALB Load Balancer used in your installation. - ::: - -1. Generate an RSA public/private key pair. A key size of at least 2048 bits is recommended. In the following example, the `openssl` command is used to generate the key pair: - - ```shell - openssl genrsa -out private.pem 2048 - openssl rsa -pubout -in private.pem -out public.pem - ``` - -1. Download the [data-studios-rsa.pem](./_templates/docker/data-studios-rsa.pem) file and replace its contents with the content of your private and public key files created in the previous step, in the same order (private key on top, public key directly beneath it). - -1. Apply a base64 encoding to the PEM file that you created in the previous step: - - ``` - base64_pem=$(cat data-studios-rsa.pem | base64 -w0) - ``` - -1. Create a secret file named `secret.yml` and set the `oidc.pem` key by pasting the contents of the base64-encoded public/private key pair: - - ```yaml - apiVersion: v1 - kind: Secret - metadata: - name: platform-oidc-certs - namespace: platform-stage - data: - oidc.pem: - ``` - -1. Create the secret: - - ``` - kubectl apply -f secret.yml - ``` - -1. Edit the `tower-svc.yml` file and uncomment the `volumes.cert-volume`, `volumeMounts.cert-volume`, and `env.TOWER_OIDC_PEM_PATH` fields so that the public/private key pair is available to Platform. -1. Edit the ConfigMap named `platform-backend-cfg` in the `configmap.yml` by changing the following environment variables: - - - `TOWER_DATA_STUDIO_CONNECT_URL`: The URL of the Studios connect proxy, such as `https://connect.example.com/`. - - `TOWER_OIDC_REGISTRATION_INITIAL_ACCESS_TOKEN`: The same value as the `oidc_registration_token` value created previously. - -1. Edit the ConfigMap named `tower-yml` in the `configmap.yml` and include the following snippet: - - ```yaml - data: - tower.yml: |- - tower: - data-studio: - allowed-workspaces: null - ``` - -1. Apply the updated configuration: - - ``` - kubectl apply -f configmap.yml - ``` - -1. Apply the configuration change to Platform: - - ``` - kubectl apply -f tower-svc.yml - ``` - -1. Restart the cron service of your deployment to load the updated configuration. For example: - - ``` - kubectl delete -f tower-cron.yml - kubectl apply -f tower-cron.yml - ``` - - -1. Restart the backend service of your deployment to load the updated configuration. For example: - - ``` - kubectl scale --replicas=0 deployment/backend - kubectl scale --replicas=1 deployment/backend - ``` - -1. Apply the Studios manifests: - - ``` - kubectl apply -f ingress.aks.yml proxy.yml server.yml - ``` - - It can take several minutes for Kubernetes to apply your changes, during which new pods are rolled out. - -1. To confirm that Studios is available, log into Seqera and navigate to an organizational workspace that has Studios enabled. The **Studios** tab should be displayed in the sidebar. - -{/* links */} -[ds-jupyter]: https://public.cr.seqera.io/repo/platform/data-studio-jupyter -[ds-ride]: https://public.cr.seqera.io/repo/platform/data-studio-ride -[ds-vscode]: https://public.cr.seqera.io/repo/platform/data-studio-vscode -[ds-xpra]: https://public.cr.seqera.io/repo/platform/data-studio-xpra diff --git a/platform-enterprise_versioned_docs/version-25.3/enterprise/groundswell-docker-compose.md b/platform-enterprise_versioned_docs/version-25.3/enterprise/groundswell-docker-compose.md index d9c33a29b..ba5a8ec1c 100644 --- a/platform-enterprise_versioned_docs/version-25.3/enterprise/groundswell-docker-compose.md +++ b/platform-enterprise_versioned_docs/version-25.3/enterprise/groundswell-docker-compose.md @@ -9,9 +9,8 @@ This guide describes how to deploy the pipeline resource optimization service (G ## Prerequisites -Before you begin, you need: -- A running Seqera Platform Enterprise Docker Compose deployment -- Access to your MySQL database +Other than the basic requirements [already listed in the Pipeline Optimization installation overview](./install-groundswell#prerequisites), you will need: +- Docker Engine and Docker Compose ## New installation diff --git a/platform-enterprise_versioned_docs/version-25.3/enterprise/groundswell-helm.md b/platform-enterprise_versioned_docs/version-25.3/enterprise/groundswell-helm.md index 0c9753a03..4bf998b62 100644 --- a/platform-enterprise_versioned_docs/version-25.3/enterprise/groundswell-helm.md +++ b/platform-enterprise_versioned_docs/version-25.3/enterprise/groundswell-helm.md @@ -7,9 +7,11 @@ tags: [helm, deployment, installation, kubernetes, pipeline-optimization] [Helm](https://helm.sh) is an open-source command line tool used for managing Kubernetes applications. Seqera offers a [Helm chart](https://github.com/seqeralabs/helm-charts/tree/pipeline-optimization-0.2.4/platform/charts/pipeline-optimization) to deploy Pipeline Optimization Enterprise on a Kubernetes cluster. -Refer to the [Pipeline Optimization installation overview](./install-pipeline-optimization) for prerequisites and configuration options. +## Prerequisites -For generic instructions on how to install Seqera Helm charts, refer to the Seqera Platform Enterprise installation guide [using Helm](./platform-helm). +Other than the basic requirements [already listed in the Pipeline Optimization installation overview](./install-groundswell#prerequisites), you will need: +- A Kubernetes cluster +- [Helm v3](https://helm.sh/docs/intro/install) and [kubectl](https://kubernetes.io/docs/tasks/tools/) installed locally ## Installation as part of Seqera Platform Enterprise diff --git a/platform-enterprise_versioned_docs/version-25.3/enterprise/groundswell-kubernetes.md b/platform-enterprise_versioned_docs/version-25.3/enterprise/groundswell-kubernetes.md index caf779bcf..7942d89cc 100644 --- a/platform-enterprise_versioned_docs/version-25.3/enterprise/groundswell-kubernetes.md +++ b/platform-enterprise_versioned_docs/version-25.3/enterprise/groundswell-kubernetes.md @@ -9,9 +9,9 @@ This guide describes how to deploy the pipeline resource optimization service (G ## Prerequisites -Before you begin, you need: -- A running Seqera Platform Enterprise Kubernetes deployment -- Access to your MySQL database +Other than the basic requirements [already listed in the Pipeline Optimization installation overview](./install-groundswell#prerequisites), you will need: +- A Kubernetes cluster +- [kubectl](https://kubernetes.io/docs/tasks/tools/) installed locally ## Procedure diff --git a/platform-enterprise_versioned_docs/version-25.3/enterprise/install-groundswell.md b/platform-enterprise_versioned_docs/version-25.3/enterprise/install-groundswell.md index 39656839f..0b369045b 100644 --- a/platform-enterprise_versioned_docs/version-25.3/enterprise/install-groundswell.md +++ b/platform-enterprise_versioned_docs/version-25.3/enterprise/install-groundswell.md @@ -15,11 +15,15 @@ Pipeline resource optimization (Groundswell) uses resource usage data from previ | Kubernetes | [Pipeline optimization: Kubernetes](./groundswell-kubernetes) | | Docker Compose | [Pipeline optimization: Docker Compose](./groundswell-docker-compose) | +See each deployment guide for detailed requirements. + ## Prerequisites Before you begin, you need: - A running Seqera Platform Enterprise deployment -- Access to your MySQL database +- A MySQL 8 database separate from the one used by Seqera Platform +- Access to the Seqera Enterprise MySQL database (Pipeline Optimization requires direct access to the Seqera database to read workflow execution data) + * Read-only access is sufficient ## Configuration diff --git a/platform-enterprise_versioned_docs/version-25.3/enterprise/install-platform.md b/platform-enterprise_versioned_docs/version-25.3/enterprise/install-platform.md index f50e70c15..8ee67a5f3 100644 --- a/platform-enterprise_versioned_docs/version-25.3/enterprise/install-platform.md +++ b/platform-enterprise_versioned_docs/version-25.3/enterprise/install-platform.md @@ -16,6 +16,8 @@ Seqera Platform Enterprise can be deployed using Docker Compose, Kubernetes, or | [Kubernetes](./platform-kubernetes) | Production workloads requiring high availability | | [Docker Compose](./platform-docker-compose) | Evaluation, development, small production workloads | +See each deployment guide for detailed requirements. + ## Prerequisites Before you begin, you need: @@ -25,5 +27,3 @@ Before you begin, you need: :::note MySQL 8 is the only supported database version from Seqera Enterprise version 23.4 onwards. MySQL 5.6 and 5.7 are not supported. ::: - -See each deployment guide for detailed requirements. diff --git a/platform-enterprise_versioned_docs/version-25.3/enterprise/install-studios.md b/platform-enterprise_versioned_docs/version-25.3/enterprise/install-studios.md index bc9167e4a..b208de951 100644 --- a/platform-enterprise_versioned_docs/version-25.3/enterprise/install-studios.md +++ b/platform-enterprise_versioned_docs/version-25.3/enterprise/install-studios.md @@ -15,6 +15,8 @@ Studios provides interactive analysis environments within Seqera Platform. Deplo | Kubernetes | [Studios: Kubernetes](./studios-kubernetes) | | Docker Compose | [Studios: Docker Compose](./studios-docker-compose) | +See each deployment guide for detailed requirements. + ## Prerequisites Before you begin, you need: diff --git a/platform-enterprise_versioned_docs/version-25.3/enterprise/overview.md b/platform-enterprise_versioned_docs/version-25.3/enterprise/overview.md index 02b1b1fe9..4675f267f 100644 --- a/platform-enterprise_versioned_docs/version-25.3/enterprise/overview.md +++ b/platform-enterprise_versioned_docs/version-25.3/enterprise/overview.md @@ -1,7 +1,8 @@ --- title: "Enterprise installation" description: Platform Enterprise installation overview -date: "9 April 2025" +date created: "2025-04-09" +last updated: "2026-01-30" tags: [installation, deployment] --- diff --git a/platform-enterprise_versioned_docs/version-25.3/enterprise/platform-docker-compose.md b/platform-enterprise_versioned_docs/version-25.3/enterprise/platform-docker-compose.md index 31b229ca8..6fd24f45a 100644 --- a/platform-enterprise_versioned_docs/version-25.3/enterprise/platform-docker-compose.md +++ b/platform-enterprise_versioned_docs/version-25.3/enterprise/platform-docker-compose.md @@ -9,10 +9,8 @@ Docker Compose deployments are suitable for evaluation, development, and small p ## Prerequisites -Before you begin, you need: +Other than the basic requirements [already listed in the Platform installation overview](./install-platform#prerequisites), you will need: - Docker Engine and Docker Compose -- A MySQL 8 database -- A Redis 7 instance ## Container images diff --git a/platform-enterprise_versioned_docs/version-25.3/enterprise/platform-helm.md b/platform-enterprise_versioned_docs/version-25.3/enterprise/platform-helm.md index 38250ca1c..0bb2288fa 100644 --- a/platform-enterprise_versioned_docs/version-25.3/enterprise/platform-helm.md +++ b/platform-enterprise_versioned_docs/version-25.3/enterprise/platform-helm.md @@ -9,10 +9,8 @@ tags: [helm, deployment, installation, kubernetes] ## Prerequisites -Before you begin, you need: +Other than the basic requirements [already listed in the Platform installation overview](./install-platform#prerequisites), you will need: - A Kubernetes cluster -- A MySQL 8 database -- A Redis 7 instance - [Helm v3](https://helm.sh/docs/intro/install) and [kubectl](https://kubernetes.io/docs/tasks/tools/) installed locally ## Installing the Helm chart diff --git a/platform-enterprise_versioned_docs/version-25.3/enterprise/platform-kubernetes.md b/platform-enterprise_versioned_docs/version-25.3/enterprise/platform-kubernetes.md index 0cd63a821..36c6ef8e7 100644 --- a/platform-enterprise_versioned_docs/version-25.3/enterprise/platform-kubernetes.md +++ b/platform-enterprise_versioned_docs/version-25.3/enterprise/platform-kubernetes.md @@ -9,10 +9,9 @@ Kubernetes deployments are recommended for production workloads requiring high a ## Prerequisites -Before you begin, you need: +Other than the basic requirements [already listed in the Platform installation overview](./install-platform#prerequisites), you will need: - A Kubernetes cluster -- A MySQL 8 database -- A Redis 7 instance +- [kubectl](https://kubernetes.io/docs/tasks/tools/) installed locally ### Recommended resources diff --git a/platform-enterprise_versioned_docs/version-25.3/enterprise/studios-docker-compose.md b/platform-enterprise_versioned_docs/version-25.3/enterprise/studios-docker-compose.md index 4ef752acf..38dd77437 100644 --- a/platform-enterprise_versioned_docs/version-25.3/enterprise/studios-docker-compose.md +++ b/platform-enterprise_versioned_docs/version-25.3/enterprise/studios-docker-compose.md @@ -7,7 +7,10 @@ tags: [docker, compose, studios, deployment] This guide describes how to deploy Studios for Seqera Platform Enterprise with Docker Compose. -Refer to the [Studios installation overview](./install-studios) for prerequisites and configuration options. +## Prerequisites + +Other than the basic requirements [already listed in the Studios installation overview](./install-studios#prerequisites), you will need: +- Docker Engine and Docker Compose ## Procedure diff --git a/platform-enterprise_versioned_docs/version-25.3/enterprise/studios-helm.md b/platform-enterprise_versioned_docs/version-25.3/enterprise/studios-helm.md index 62668a47f..d90cfa999 100644 --- a/platform-enterprise_versioned_docs/version-25.3/enterprise/studios-helm.md +++ b/platform-enterprise_versioned_docs/version-25.3/enterprise/studios-helm.md @@ -7,9 +7,11 @@ tags: [helm, deployment, installation, kubernetes, studios] [Helm](https://helm.sh) is an open-source command line tool used for managing Kubernetes applications. Seqera offers a [Helm chart](https://github.com/seqeralabs/helm-charts/tree/studios-1.1.3/platform/charts/studios) to deploy Studios Enterprise on a Kubernetes cluster. -Refer to the [Studios installation overview](./install-studios) for prerequisites and configuration options. +## Prerequisites -For generic instructions on how to install Seqera Helm charts, refer to the Seqera Platform Enterprise installation guide [using Helm](./platform-helm). +Other than the basic requirements [already listed in the Studios installation overview](./install-studios#prerequisites), you will need: +- A Kubernetes cluster +- [Helm v3](https://helm.sh/docs/intro/install) and [kubectl](https://kubernetes.io/docs/tasks/tools/) installed locally ## Installation as part of Seqera Platform Enterprise diff --git a/platform-enterprise_versioned_docs/version-25.3/enterprise/studios-kubernetes.md b/platform-enterprise_versioned_docs/version-25.3/enterprise/studios-kubernetes.md index bfce2ea07..ae2a9a81a 100644 --- a/platform-enterprise_versioned_docs/version-25.3/enterprise/studios-kubernetes.md +++ b/platform-enterprise_versioned_docs/version-25.3/enterprise/studios-kubernetes.md @@ -7,7 +7,11 @@ tags: [kubernetes, studios, deployment] This guide describes how to deploy Studios for Seqera Platform Enterprise on Kubernetes. -Refer to the [Studios installation overview](./install-studios) for prerequisites and configuration options. +## Prerequisites + +Other than the basic requirements [already listed in the Studios installation overview](./install-studios#prerequisites), you will need: +- A Kubernetes cluster +- [kubectl](https://kubernetes.io/docs/tasks/tools/) installed locally ## Tool configuration From 24ed648bcc168abe8423cdad46042d6ecce9c2c3 Mon Sep 17 00:00:00 2001 From: Alberto Chiusole Date: Tue, 3 Feb 2026 12:21:18 +0100 Subject: [PATCH 09/20] Fix link after /enterprise/studios was removed --- platform-cli-docs/scripts/MAINTENANCE.md | 1 - .../version-25.1/studios/overview.md | 2 +- 2 files changed, 1 insertion(+), 2 deletions(-) diff --git a/platform-cli-docs/scripts/MAINTENANCE.md b/platform-cli-docs/scripts/MAINTENANCE.md index 6d7175806..a288ff2eb 100644 --- a/platform-cli-docs/scripts/MAINTENANCE.md +++ b/platform-cli-docs/scripts/MAINTENANCE.md @@ -42,7 +42,6 @@ cli/ │ ├── pipelines.md │ ├── runs.md │ ├── secrets.md -│ ├── studios.md │ ├── teams.md │ └── workspaces.md ├── metadata/ # CLI metadata JSON files diff --git a/platform-enterprise_versioned_docs/version-25.1/studios/overview.md b/platform-enterprise_versioned_docs/version-25.1/studios/overview.md index 3cd23da73..7cf286159 100644 --- a/platform-enterprise_versioned_docs/version-25.1/studios/overview.md +++ b/platform-enterprise_versioned_docs/version-25.1/studios/overview.md @@ -10,7 +10,7 @@ Studios is a unified platform where you can host a combination of container imag On Seqera Cloud, the free tier permits only one running Studio session at a time. To run simultaneous sessions, [contact Seqera][contact] for a Seqera Cloud Pro license. :::note -Studios in Enterprise is not enabled by default. You can enable Studios in the [environment variables configuration](../enterprise/studios.md). +Studios in Enterprise is not enabled by default. Refer to the [installation guide](../enterprise/install-studios) for more details. ::: ## Requirements From e53f4ea932dbfba120ff0206f17fa9852bcb3784 Mon Sep 17 00:00:00 2001 From: Alberto Chiusole Date: Tue, 3 Feb 2026 12:44:59 +0100 Subject: [PATCH 10/20] Fix some more links --- .../enterprise/platform-docker-compose.md | 4 ++-- platform-enterprise_docs/enterprise/platform-kubernetes.md | 2 +- platform-enterprise_docs/studios/overview.md | 4 ++-- .../version-25.1/enterprise/install-studios.md | 2 +- .../version-25.1/enterprise/platform-docker-compose.md | 4 ++-- .../version-25.1/enterprise/platform-kubernetes.md | 2 +- .../version-25.2/enterprise/platform-docker-compose.md | 4 ++-- .../version-25.2/enterprise/platform-kubernetes.md | 2 +- .../version-25.2/studios/overview.md | 6 +++--- .../version-25.3/enterprise/platform-docker-compose.md | 4 ++-- .../version-25.3/enterprise/platform-kubernetes.md | 2 +- .../version-25.3/studios/overview.md | 4 ++-- 12 files changed, 20 insertions(+), 20 deletions(-) diff --git a/platform-enterprise_docs/enterprise/platform-docker-compose.md b/platform-enterprise_docs/enterprise/platform-docker-compose.md index 6fd24f45a..4fe1c785b 100644 --- a/platform-enterprise_docs/enterprise/platform-docker-compose.md +++ b/platform-enterprise_docs/enterprise/platform-docker-compose.md @@ -56,7 +56,7 @@ Use a managed Redis service for production: - To configure the Seqera pipeline resource optimization service (`groundswell`), see [Pipeline resource optimization](./configuration/pipeline_optimization). - - To deploy with Studios, see [Studios deployment](./studios). + - To deploy with Studios, see [Studios deployment](./install-studios). 4. Deploy the application and wait for it to initialize (this process takes a few minutes): @@ -110,7 +110,7 @@ Seqera Platform offers a service that optimizes pipeline resource requests. Refe ### Studios -[Studios](../studios/overview) is an interactive analysis environment available in organizational workspaces. To enable Studios, see [Studios deployment](./studios). +[Studios](../studios/overview) is an interactive analysis environment available in organizational workspaces. To enable Studios, see [Studios deployment](./install-studios). :::note Studios is available from Seqera Platform v24.1. If you experience any problems during the deployment process please contact your account executive. Studios in Enterprise is not installed by default. diff --git a/platform-enterprise_docs/enterprise/platform-kubernetes.md b/platform-enterprise_docs/enterprise/platform-kubernetes.md index 5cbb89764..8ca460d98 100644 --- a/platform-enterprise_docs/enterprise/platform-kubernetes.md +++ b/platform-enterprise_docs/enterprise/platform-kubernetes.md @@ -189,7 +189,7 @@ Seqera Platform offers a service that optimizes pipeline resource requests. Refe ### Studios -[Studios](../studios/overview) is an interactive analysis environment available in organizational workspaces. To enable Studios, see [Studios deployment](./studios). +[Studios](../studios/overview) is an interactive analysis environment available in organizational workspaces. To enable Studios, see [Studios deployment](./install-studios). :::note Studios is available from Seqera Platform v24.1. If you experience any problems during the deployment process [contact Seqera support](https://support.seqera.io). Studios in Enterprise is not installed by default. diff --git a/platform-enterprise_docs/studios/overview.md b/platform-enterprise_docs/studios/overview.md index b05d9722a..db354aeb2 100644 --- a/platform-enterprise_docs/studios/overview.md +++ b/platform-enterprise_docs/studios/overview.md @@ -9,10 +9,10 @@ tags: [studios, container, image, session, interactive, analysis] Studios is a unified platform where you can host a combination of container images and compute environments for interactive analysis using your preferred tools, like JupyterLab, an R-IDE, Visual Studio Code IDEs, or Xpra remote desktops. Each Studio session is an individual interactive environment that encapsulates the live environment for dynamic data analysis. :::note -Studios in Enterprise is not enabled by default. You can enable Studios in the [environment variables configuration](../enterprise/studios). +Studios in Enterprise is not enabled by default. You can enable Studios in the [environment variables configuration](../enterprise/install-studios). ::: -- [Deploy Studios in Seqera Platform](../enterprise/studios): Enable Studios as part of your Seqera Platform Enterprise instance. +- [Deploy Studios in Seqera Platform](../enterprise/install-studios): Enable Studios as part of your Seqera Platform Enterprise instance. - [Add a Studio](./add-studio): Understand the configuration options for creating, running, and customizing Studio sessions. - [Container image templates](./container-images): Learn about the container image templates provided: JupyterLab, R-IDE, Visual Studio Code, and Xpra. - [Custom environments](./custom-envs): Augument the Seqera-provided images with a list of Conda packages or by providing your own base container template image. diff --git a/platform-enterprise_versioned_docs/version-25.1/enterprise/install-studios.md b/platform-enterprise_versioned_docs/version-25.1/enterprise/install-studios.md index bb3e5b2c8..bafc2c721 100644 --- a/platform-enterprise_versioned_docs/version-25.1/enterprise/install-studios.md +++ b/platform-enterprise_versioned_docs/version-25.1/enterprise/install-studios.md @@ -65,7 +65,7 @@ platform: Each of the provided environments includes a particular version of the underlying software package and the version of Seqera Connect, an integrated web- and file-server. -To quickly identify which version of the software an image includes, the version string for each container is in the form of `-`. For example, if the version string for the R-IDE is `2025.04.1-0.9`, version `2025.04.01` is the R-IDE version and `0.9` is the Connect version of this Seqera-built container image. Learn more about Studios [environment versioning](../studios/container-images). +To quickly identify which version of the software an image includes, the version string for each container is in the form of `-`. For example, if the version string for the R-IDE is `2025.04.1-0.9`, version `2025.04.01` is the R-IDE version and `0.9` is the Connect version of this Seqera-built container image. Learn more about Studios [environment versioning](../studios/overview#container-image-templates). - To see the list of all JupyterLab image templates available, including security scan results or to inspect the container specification (including container specifications, configuration, and manifest), see [public.cr.seqera.io/repo/platform/data-studio-jupyter][ds-jupyter]. - To see the list of all R-IDE image templates available, including security scan results or to inspect the container specification (including container specifications, configuration, and manifest), see [https://public.cr.seqera.io/repo/platform/data-studio-ride][ds-ride]. diff --git a/platform-enterprise_versioned_docs/version-25.1/enterprise/platform-docker-compose.md b/platform-enterprise_versioned_docs/version-25.1/enterprise/platform-docker-compose.md index 6fd24f45a..4fe1c785b 100644 --- a/platform-enterprise_versioned_docs/version-25.1/enterprise/platform-docker-compose.md +++ b/platform-enterprise_versioned_docs/version-25.1/enterprise/platform-docker-compose.md @@ -56,7 +56,7 @@ Use a managed Redis service for production: - To configure the Seqera pipeline resource optimization service (`groundswell`), see [Pipeline resource optimization](./configuration/pipeline_optimization). - - To deploy with Studios, see [Studios deployment](./studios). + - To deploy with Studios, see [Studios deployment](./install-studios). 4. Deploy the application and wait for it to initialize (this process takes a few minutes): @@ -110,7 +110,7 @@ Seqera Platform offers a service that optimizes pipeline resource requests. Refe ### Studios -[Studios](../studios/overview) is an interactive analysis environment available in organizational workspaces. To enable Studios, see [Studios deployment](./studios). +[Studios](../studios/overview) is an interactive analysis environment available in organizational workspaces. To enable Studios, see [Studios deployment](./install-studios). :::note Studios is available from Seqera Platform v24.1. If you experience any problems during the deployment process please contact your account executive. Studios in Enterprise is not installed by default. diff --git a/platform-enterprise_versioned_docs/version-25.1/enterprise/platform-kubernetes.md b/platform-enterprise_versioned_docs/version-25.1/enterprise/platform-kubernetes.md index 36c6ef8e7..2ab71d212 100644 --- a/platform-enterprise_versioned_docs/version-25.1/enterprise/platform-kubernetes.md +++ b/platform-enterprise_versioned_docs/version-25.1/enterprise/platform-kubernetes.md @@ -189,7 +189,7 @@ Seqera Platform offers a service that optimizes pipeline resource requests. Refe ### Studios -[Studios](../studios/overview) is an interactive analysis environment available in organizational workspaces. To enable Studios, see [Studios deployment](./studios). +[Studios](../studios/overview) is an interactive analysis environment available in organizational workspaces. To enable Studios, see [Studios deployment](./install-studios). :::note Studios is available from Seqera Platform v24.1. If you experience any problems during the deployment process [contact Seqera support](https://support.seqera.io). Studios in Enterprise is not installed by default. diff --git a/platform-enterprise_versioned_docs/version-25.2/enterprise/platform-docker-compose.md b/platform-enterprise_versioned_docs/version-25.2/enterprise/platform-docker-compose.md index 6fd24f45a..4fe1c785b 100644 --- a/platform-enterprise_versioned_docs/version-25.2/enterprise/platform-docker-compose.md +++ b/platform-enterprise_versioned_docs/version-25.2/enterprise/platform-docker-compose.md @@ -56,7 +56,7 @@ Use a managed Redis service for production: - To configure the Seqera pipeline resource optimization service (`groundswell`), see [Pipeline resource optimization](./configuration/pipeline_optimization). - - To deploy with Studios, see [Studios deployment](./studios). + - To deploy with Studios, see [Studios deployment](./install-studios). 4. Deploy the application and wait for it to initialize (this process takes a few minutes): @@ -110,7 +110,7 @@ Seqera Platform offers a service that optimizes pipeline resource requests. Refe ### Studios -[Studios](../studios/overview) is an interactive analysis environment available in organizational workspaces. To enable Studios, see [Studios deployment](./studios). +[Studios](../studios/overview) is an interactive analysis environment available in organizational workspaces. To enable Studios, see [Studios deployment](./install-studios). :::note Studios is available from Seqera Platform v24.1. If you experience any problems during the deployment process please contact your account executive. Studios in Enterprise is not installed by default. diff --git a/platform-enterprise_versioned_docs/version-25.2/enterprise/platform-kubernetes.md b/platform-enterprise_versioned_docs/version-25.2/enterprise/platform-kubernetes.md index 36c6ef8e7..2ab71d212 100644 --- a/platform-enterprise_versioned_docs/version-25.2/enterprise/platform-kubernetes.md +++ b/platform-enterprise_versioned_docs/version-25.2/enterprise/platform-kubernetes.md @@ -189,7 +189,7 @@ Seqera Platform offers a service that optimizes pipeline resource requests. Refe ### Studios -[Studios](../studios/overview) is an interactive analysis environment available in organizational workspaces. To enable Studios, see [Studios deployment](./studios). +[Studios](../studios/overview) is an interactive analysis environment available in organizational workspaces. To enable Studios, see [Studios deployment](./install-studios). :::note Studios is available from Seqera Platform v24.1. If you experience any problems during the deployment process [contact Seqera support](https://support.seqera.io). Studios in Enterprise is not installed by default. diff --git a/platform-enterprise_versioned_docs/version-25.2/studios/overview.md b/platform-enterprise_versioned_docs/version-25.2/studios/overview.md index 83c45914c..7bb94e440 100644 --- a/platform-enterprise_versioned_docs/version-25.2/studios/overview.md +++ b/platform-enterprise_versioned_docs/version-25.2/studios/overview.md @@ -9,10 +9,10 @@ tags: [studios, container, image, session, interactive, analysis] Studios is a unified platform where you can host a combination of container images and compute environments for interactive analysis using your preferred tools, like JupyterLab, an R-IDE, Visual Studio Code IDEs, or Xpra remote desktops. Each Studio session is an individual interactive environment that encapsulates the live environment for dynamic data analysis. :::note -Studios in Enterprise is not enabled by default. You can enable Studios in the [environment variables configuration](../enterprise/studios). +Studios in Enterprise is not enabled by default. You can enable Studios in the [environment variables configuration](../enterprise/install-studios). ::: -- [Deploy Studios in Seqera Platform](../enterprise/studios): Enable Studios as part of your Seqera Platform Enterprise instance. +- [Deploy Studios in Seqera Platform](../enterprise/install-studios): Enable Studios as part of your Seqera Platform Enterprise instance. - [Add a Studios](./add-studio): Understand the configuration options for creating, running, and customizing Studio sessions. - [Container image templates](./container-images): Learn about the container image templates provided: JupyterLab, R-IDE, Visual Studio Code, and Xpra. - [Custom environments](./custom-envs): Augument the Seqera-provided images with a list of Conda packages or by providing your own base container template image. @@ -27,4 +27,4 @@ Currently, Studios supports [AWS Cloud][aws-cloud], [Google Cloud][google-cloud] [aws-batch]: ../compute-envs/aws-batch [azure-cloud]: ../compute-envs/azure-cloud.md [google-cloud]: ../compute-envs/google-cloud -[contact]: https://support.seqera.io/ \ No newline at end of file +[contact]: https://support.seqera.io/ diff --git a/platform-enterprise_versioned_docs/version-25.3/enterprise/platform-docker-compose.md b/platform-enterprise_versioned_docs/version-25.3/enterprise/platform-docker-compose.md index 6fd24f45a..4fe1c785b 100644 --- a/platform-enterprise_versioned_docs/version-25.3/enterprise/platform-docker-compose.md +++ b/platform-enterprise_versioned_docs/version-25.3/enterprise/platform-docker-compose.md @@ -56,7 +56,7 @@ Use a managed Redis service for production: - To configure the Seqera pipeline resource optimization service (`groundswell`), see [Pipeline resource optimization](./configuration/pipeline_optimization). - - To deploy with Studios, see [Studios deployment](./studios). + - To deploy with Studios, see [Studios deployment](./install-studios). 4. Deploy the application and wait for it to initialize (this process takes a few minutes): @@ -110,7 +110,7 @@ Seqera Platform offers a service that optimizes pipeline resource requests. Refe ### Studios -[Studios](../studios/overview) is an interactive analysis environment available in organizational workspaces. To enable Studios, see [Studios deployment](./studios). +[Studios](../studios/overview) is an interactive analysis environment available in organizational workspaces. To enable Studios, see [Studios deployment](./install-studios). :::note Studios is available from Seqera Platform v24.1. If you experience any problems during the deployment process please contact your account executive. Studios in Enterprise is not installed by default. diff --git a/platform-enterprise_versioned_docs/version-25.3/enterprise/platform-kubernetes.md b/platform-enterprise_versioned_docs/version-25.3/enterprise/platform-kubernetes.md index 36c6ef8e7..2ab71d212 100644 --- a/platform-enterprise_versioned_docs/version-25.3/enterprise/platform-kubernetes.md +++ b/platform-enterprise_versioned_docs/version-25.3/enterprise/platform-kubernetes.md @@ -189,7 +189,7 @@ Seqera Platform offers a service that optimizes pipeline resource requests. Refe ### Studios -[Studios](../studios/overview) is an interactive analysis environment available in organizational workspaces. To enable Studios, see [Studios deployment](./studios). +[Studios](../studios/overview) is an interactive analysis environment available in organizational workspaces. To enable Studios, see [Studios deployment](./install-studios). :::note Studios is available from Seqera Platform v24.1. If you experience any problems during the deployment process [contact Seqera support](https://support.seqera.io). Studios in Enterprise is not installed by default. diff --git a/platform-enterprise_versioned_docs/version-25.3/studios/overview.md b/platform-enterprise_versioned_docs/version-25.3/studios/overview.md index b05d9722a..db354aeb2 100644 --- a/platform-enterprise_versioned_docs/version-25.3/studios/overview.md +++ b/platform-enterprise_versioned_docs/version-25.3/studios/overview.md @@ -9,10 +9,10 @@ tags: [studios, container, image, session, interactive, analysis] Studios is a unified platform where you can host a combination of container images and compute environments for interactive analysis using your preferred tools, like JupyterLab, an R-IDE, Visual Studio Code IDEs, or Xpra remote desktops. Each Studio session is an individual interactive environment that encapsulates the live environment for dynamic data analysis. :::note -Studios in Enterprise is not enabled by default. You can enable Studios in the [environment variables configuration](../enterprise/studios). +Studios in Enterprise is not enabled by default. You can enable Studios in the [environment variables configuration](../enterprise/install-studios). ::: -- [Deploy Studios in Seqera Platform](../enterprise/studios): Enable Studios as part of your Seqera Platform Enterprise instance. +- [Deploy Studios in Seqera Platform](../enterprise/install-studios): Enable Studios as part of your Seqera Platform Enterprise instance. - [Add a Studio](./add-studio): Understand the configuration options for creating, running, and customizing Studio sessions. - [Container image templates](./container-images): Learn about the container image templates provided: JupyterLab, R-IDE, Visual Studio Code, and Xpra. - [Custom environments](./custom-envs): Augument the Seqera-provided images with a list of Conda packages or by providing your own base container template image. From 516fb3cde61906c0da440f4d59c5fd24375732f8 Mon Sep 17 00:00:00 2001 From: Alberto Chiusole Date: Tue, 3 Feb 2026 14:16:10 +0100 Subject: [PATCH 11/20] Fix more links --- .../configtables/data_features_env.yml | 48 +++++++++---------- .../configtables/data_features_env.yml | 44 ++++++++--------- .../configtables/data_features_env.yml | 48 +++++++++---------- 3 files changed, 70 insertions(+), 70 deletions(-) diff --git a/platform-enterprise_docs/enterprise/configuration/configtables/data_features_env.yml b/platform-enterprise_docs/enterprise/configuration/configtables/data_features_env.yml index f9ed6d0a8..111b285b0 100644 --- a/platform-enterprise_docs/enterprise/configuration/configtables/data_features_env.yml +++ b/platform-enterprise_docs/enterprise/configuration/configtables/data_features_env.yml @@ -1,48 +1,48 @@ --- -- +- Environment variable: '`TOWER_DATA_EXPLORER_ENABLED`' - Description: > + Description: > Enable [Data Explorer](https://docs.seqera.io/platform-cloud/data/data-explorer) in all workspaces. To mount data inside a Studio, you must enable Data Explorer. Value: 'Default: `false`' -- +- Environment variable: '`TOWER_DATA_EXPLORER_CLOUD_DISABLED_WORKSPACES`' - Description: > - Disable Data Explorer automatic cloud bucket retrieval per workspace. + Description: > + Disable Data Explorer automatic cloud bucket retrieval per workspace. Value: 'Example: `,`' - Environment variable: '`TOWER_DATA_EXPLORER_CREDENTIALS_TTL`' - Description: > - Data Explorer interval to fetch credentials from cloud providers for new buckets. + Description: > + Data Explorer interval to fetch credentials from cloud providers for new buckets. Value: 'Default: `20m`' - Environment variable: '`TOWER_DATA_EXPLORER_LINK_STORE_TTL`' - Description: > - Data Explorer cloud bucket cache duration. + Description: > + Data Explorer cloud bucket cache duration. Value: 'Default: `30m`' - Environment variable: '`TOWER_DATA_EXPLORER_LINK_STORE_BACKOFF`' - Description: > - The amount of time that elapses after an error, before a retry attempt is made. + Description: > + The amount of time that elapses after an error, before a retry attempt is made. Value: 'Default: `10m`' - Environment variable: '`TOWER_DATA_EXPLORER_MAX_RETRIES`' - Description: > - The number of retries Data Explorer will attempt to fetch cloud buckets in the event of temporary errors. + Description: > + The number of retries Data Explorer will attempt to fetch cloud buckets in the event of temporary errors. Value: 'Default: `3`' - Environment variable: '`TOWER_DATA_EXPLORER_LINK_STORE_RETRY_AFTER`' - Description: > - The period of time that retry attempts will be made even when max retries has been exceeded. + Description: > + The period of time that retry attempts will be made even when max retries has been exceeded. Value: 'Default: `1d`' - Environment variable: '`TOWER_CONTENT_MAX_FILE_SIZE`' - Description: > - Data Explorer download file size limit. **Increasing this value may degrade performance.** + Description: > + Data Explorer download file size limit. **Increasing this value may degrade performance.** Value: 'Default: `25MB`' - Environment variable: '`TOWER_DATA_STUDIO_CONNECT_URL`' Description: > - The URL of the Studios connect proxy. The connect proxy is used internally by Seqera Platform. See [Studios deployment](../studios). + The URL of the Studios connect proxy. The connect proxy is used internally by Seqera Platform. See [Studios deployment](../install-studios). Value: 'Example: `https://connect.example.com/`' - Environment variable: '`TOWER_DATA_STUDIO_WAVE_CUSTOM_IMAGE_REPOSITORY`' @@ -61,16 +61,16 @@ Value: 'Default: `docker.io`' - Environment variable: '`TOWER_OIDC_REGISTRATION_INITIAL_ACCESS_TOKEN`' - Description: > - An access token used to register new clients in Seqera Platform. Any alphanumeric value is allowed. See [Studios deployment](../studios). + Description: > + An access token used to register new clients in Seqera Platform. Any alphanumeric value is allowed. See [Studios deployment](../install-studios). Value: 'd5XDoRzHpWo1c............mDnfBpB' - Environment variable: '`TOWER_DATA_STUDIO_ENABLE_PATH_ROUTING`' - Description: > - Add this variable and set it to `true` to configure Studios requests to use path-based routing and a single, fixed domain for Studio sessions. See [Studios deployment](../studios). + Description: > + Add this variable and set it to `true` to configure Studios requests to use path-based routing and a single, fixed domain for Studio sessions. See [Studios deployment](../install-studios). Value: 'Default: null' - Environment variable: '`TOWER_OIDC_PEM_PATH`' - Description: > - The file path to a PEM certificate used to sign the OIDC tokens for the OpenID connect provider. See [Studios deployment](../studios). + Description: > + The file path to a PEM certificate used to sign the OIDC tokens for the OpenID connect provider. See [Studios deployment](../install-studios). Value: 'Example: `/data-studios-rsa.pem`' diff --git a/platform-enterprise_versioned_docs/version-25.1/enterprise/configuration/configtables/data_features_env.yml b/platform-enterprise_versioned_docs/version-25.1/enterprise/configuration/configtables/data_features_env.yml index bb754b882..f08a2b668 100644 --- a/platform-enterprise_versioned_docs/version-25.1/enterprise/configuration/configtables/data_features_env.yml +++ b/platform-enterprise_versioned_docs/version-25.1/enterprise/configuration/configtables/data_features_env.yml @@ -1,56 +1,56 @@ --- -- +- Environment variable: '`TOWER_DATA_EXPLORER_ENABLED`' - Description: > + Description: > Enable [Data Explorer](https://docs.seqera.io/platform-cloud/data/data-explorer) in all workspaces. To mount data inside a Studio, you must enable Data Explorer. Value: 'Default: `false`' -- +- Environment variable: '`TOWER_DATA_EXPLORER_CLOUD_DISABLED_WORKSPACES`' - Description: > - Disable Data Explorer automatic cloud bucket retrieval per workspace. + Description: > + Disable Data Explorer automatic cloud bucket retrieval per workspace. Value: 'Example: `,`' - Environment variable: '`TOWER_DATA_EXPLORER_CREDENTIALS_TTL`' - Description: > - Data Explorer interval to fetch credentials from cloud providers for new buckets. + Description: > + Data Explorer interval to fetch credentials from cloud providers for new buckets. Value: 'Default: `20m`' - Environment variable: '`TOWER_DATA_EXPLORER_LINK_STORE_TTL`' - Description: > - Data Explorer cloud bucket cache duration. + Description: > + Data Explorer cloud bucket cache duration. Value: 'Default: `30m`' - Environment variable: '`TOWER_DATA_EXPLORER_LINK_STORE_BACKOFF`' - Description: > - The amount of time that elapses after an error, before a retry attempt is made. + Description: > + The amount of time that elapses after an error, before a retry attempt is made. Value: 'Default: `10m`' - Environment variable: '`TOWER_DATA_EXPLORER_MAX_RETRIES`' - Description: > - The number of retries Data Explorer will attempt to fetch cloud buckets in the event of temporary errors. + Description: > + The number of retries Data Explorer will attempt to fetch cloud buckets in the event of temporary errors. Value: 'Default: `3`' - Environment variable: '`TOWER_DATA_EXPLORER_LINK_STORE_RETRY_AFTER`' - Description: > - The period of time that retry attempts will be made even when max retries has been exceeded. + Description: > + The period of time that retry attempts will be made even when max retries has been exceeded. Value: 'Default: `1d`' - Environment variable: '`TOWER_CONTENT_MAX_FILE_SIZE`' - Description: > - Data Explorer download file size limit. **Increasing this value may degrade performance.** + Description: > + Data Explorer download file size limit. **Increasing this value may degrade performance.** Value: 'Default: `25MB`' - Environment variable: '`TOWER_DATA_STUDIO_CONNECT_URL`' Description: > - The URL of the Studios connect proxy. The connect proxy is used internally by Seqera Platform. See [Studios deployment](https://docs.seqera.io/platform/24.2/enterprise/studios). + The URL of the Studios connect proxy. The connect proxy is used internally by Seqera Platform. See [Studios deployment](../install-studios). Value: 'Example: `https://connect.example.com/`' - Environment variable: '`TOWER_OIDC_REGISTRATION_INITIAL_ACCESS_TOKEN`' - Description: > - An access token used to register new clients in Seqera Platform. Any alphanumeric value is allowed. See [Studios deployment](https://docs.seqera.io/platform/24.2/enterprise/studios). + Description: > + An access token used to register new clients in Seqera Platform. Any alphanumeric value is allowed. See [Studios deployment](../install-studios). Value: 'd5XDoRzHpWo1c............mDnfBpB' - Environment variable: '`TOWER_OIDC_PEM_PATH`' - Description: > - The file path to a PEM certificate used to sign the OIDC tokens for the OpenID connect provider. See [Studios deployment](https://docs.seqera.io/platform/24.2/enterprise/studios). + Description: > + The file path to a PEM certificate used to sign the OIDC tokens for the OpenID connect provider. See [Studios deployment](../install-studios). Value: 'Example: `/data-studios-rsa.pem`' diff --git a/platform-enterprise_versioned_docs/version-25.2/enterprise/configuration/configtables/data_features_env.yml b/platform-enterprise_versioned_docs/version-25.2/enterprise/configuration/configtables/data_features_env.yml index f9ed6d0a8..111b285b0 100644 --- a/platform-enterprise_versioned_docs/version-25.2/enterprise/configuration/configtables/data_features_env.yml +++ b/platform-enterprise_versioned_docs/version-25.2/enterprise/configuration/configtables/data_features_env.yml @@ -1,48 +1,48 @@ --- -- +- Environment variable: '`TOWER_DATA_EXPLORER_ENABLED`' - Description: > + Description: > Enable [Data Explorer](https://docs.seqera.io/platform-cloud/data/data-explorer) in all workspaces. To mount data inside a Studio, you must enable Data Explorer. Value: 'Default: `false`' -- +- Environment variable: '`TOWER_DATA_EXPLORER_CLOUD_DISABLED_WORKSPACES`' - Description: > - Disable Data Explorer automatic cloud bucket retrieval per workspace. + Description: > + Disable Data Explorer automatic cloud bucket retrieval per workspace. Value: 'Example: `,`' - Environment variable: '`TOWER_DATA_EXPLORER_CREDENTIALS_TTL`' - Description: > - Data Explorer interval to fetch credentials from cloud providers for new buckets. + Description: > + Data Explorer interval to fetch credentials from cloud providers for new buckets. Value: 'Default: `20m`' - Environment variable: '`TOWER_DATA_EXPLORER_LINK_STORE_TTL`' - Description: > - Data Explorer cloud bucket cache duration. + Description: > + Data Explorer cloud bucket cache duration. Value: 'Default: `30m`' - Environment variable: '`TOWER_DATA_EXPLORER_LINK_STORE_BACKOFF`' - Description: > - The amount of time that elapses after an error, before a retry attempt is made. + Description: > + The amount of time that elapses after an error, before a retry attempt is made. Value: 'Default: `10m`' - Environment variable: '`TOWER_DATA_EXPLORER_MAX_RETRIES`' - Description: > - The number of retries Data Explorer will attempt to fetch cloud buckets in the event of temporary errors. + Description: > + The number of retries Data Explorer will attempt to fetch cloud buckets in the event of temporary errors. Value: 'Default: `3`' - Environment variable: '`TOWER_DATA_EXPLORER_LINK_STORE_RETRY_AFTER`' - Description: > - The period of time that retry attempts will be made even when max retries has been exceeded. + Description: > + The period of time that retry attempts will be made even when max retries has been exceeded. Value: 'Default: `1d`' - Environment variable: '`TOWER_CONTENT_MAX_FILE_SIZE`' - Description: > - Data Explorer download file size limit. **Increasing this value may degrade performance.** + Description: > + Data Explorer download file size limit. **Increasing this value may degrade performance.** Value: 'Default: `25MB`' - Environment variable: '`TOWER_DATA_STUDIO_CONNECT_URL`' Description: > - The URL of the Studios connect proxy. The connect proxy is used internally by Seqera Platform. See [Studios deployment](../studios). + The URL of the Studios connect proxy. The connect proxy is used internally by Seqera Platform. See [Studios deployment](../install-studios). Value: 'Example: `https://connect.example.com/`' - Environment variable: '`TOWER_DATA_STUDIO_WAVE_CUSTOM_IMAGE_REPOSITORY`' @@ -61,16 +61,16 @@ Value: 'Default: `docker.io`' - Environment variable: '`TOWER_OIDC_REGISTRATION_INITIAL_ACCESS_TOKEN`' - Description: > - An access token used to register new clients in Seqera Platform. Any alphanumeric value is allowed. See [Studios deployment](../studios). + Description: > + An access token used to register new clients in Seqera Platform. Any alphanumeric value is allowed. See [Studios deployment](../install-studios). Value: 'd5XDoRzHpWo1c............mDnfBpB' - Environment variable: '`TOWER_DATA_STUDIO_ENABLE_PATH_ROUTING`' - Description: > - Add this variable and set it to `true` to configure Studios requests to use path-based routing and a single, fixed domain for Studio sessions. See [Studios deployment](../studios). + Description: > + Add this variable and set it to `true` to configure Studios requests to use path-based routing and a single, fixed domain for Studio sessions. See [Studios deployment](../install-studios). Value: 'Default: null' - Environment variable: '`TOWER_OIDC_PEM_PATH`' - Description: > - The file path to a PEM certificate used to sign the OIDC tokens for the OpenID connect provider. See [Studios deployment](../studios). + Description: > + The file path to a PEM certificate used to sign the OIDC tokens for the OpenID connect provider. See [Studios deployment](../install-studios). Value: 'Example: `/data-studios-rsa.pem`' From 951fc4810d0e3b25ae606f57af529935f60c56fb Mon Sep 17 00:00:00 2001 From: Alberto Chiusole Date: Tue, 3 Feb 2026 14:24:33 +0100 Subject: [PATCH 12/20] Fix codeowners to use the new links /enterprise/*-kubernetes and -helm --- .github/CODEOWNERS | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS index 7d0d5a541..299c8184f 100644 --- a/.github/CODEOWNERS +++ b/.github/CODEOWNERS @@ -2,7 +2,7 @@ /platform-enterprise_docs/enterprise/advanced-topics/firewall-configuration.md @justinegeffen @llewellyn-sl @seqeralabs/devops /platform-enterprise_docs/_versioned_docs/version-*/enterprise/advanced-topics/firewall-configuration.md @justinegeffen @llewellyn-sl @seqeralabs/devops -/platform-enterprise_docs/enterprise/helm.md @justinegeffen @llewellyn-sl @seqeralabs/devops -/platform-enterprise_docs/enterprise/kubernetes.md @justinegeffen @llewellyn-sl @seqeralabs/devops -/platform-enterprise_versioned_docs/*/enterprise/helm.md @justinegeffen @llewellyn-sl @seqeralabs/devops -/platform-enterprise_versioned_docs/*/enterprise/kubernetes.md @justinegeffen @llewellyn-sl @seqeralabs/devops +/platform-enterprise_docs/enterprise/*-helm.md @justinegeffen @llewellyn-sl @seqeralabs/devops +/platform-enterprise_docs/enterprise/*-kubernetes.md @justinegeffen @llewellyn-sl @seqeralabs/devops +/platform-enterprise_versioned_docs/*/enterprise/*-helm.md @justinegeffen @llewellyn-sl @seqeralabs/devops +/platform-enterprise_versioned_docs/*/enterprise/*-kubernetes.md @justinegeffen @llewellyn-sl @seqeralabs/devops From 38bd3861f2c083ba7082ccbbfd936d86d0113c87 Mon Sep 17 00:00:00 2001 From: Alberto Chiusole Date: Tue, 3 Feb 2026 14:24:48 +0100 Subject: [PATCH 13/20] Update changelogs with new links --- changelog/seqera-enterprise/v25.1.md | 6 +++--- changelog/seqera-enterprise/v25.3.md | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/changelog/seqera-enterprise/v25.1.md b/changelog/seqera-enterprise/v25.1.md index 29d068982..0bea804bf 100644 --- a/changelog/seqera-enterprise/v25.1.md +++ b/changelog/seqera-enterprise/v25.1.md @@ -110,7 +110,7 @@ Studios is Seqera's in-platform tool for secure, on-demand, interactive data ana ### Seqera AWS ECR repository customer access ends June 1, 2025 -Customers will no longer be able to pull Seqera Enterprise container images from the legacy Seqera AWS ECR repository after June 1, 2025. All Seqera Enterprise images must be retrieved via the `cr.seqera.io` container registry after this cutoff date. The installation and configuration templates provided for both [Docker Compose](https://docs.seqera.io/platform-enterprise/25.1/enterprise/docker-compose) and [Kubernetes](https://docs.seqera.io/platform-enterprise/25.1/enterprise/kubernetes) installations already reference the `cr.seqera.io` container image URLs. If you have not yet transitioned to this registry, [contact Support](https://support.seqera.io) to request credentials and for any further assistance. +Customers will no longer be able to pull Seqera Enterprise container images from the legacy Seqera AWS ECR repository after June 1, 2025. All Seqera Enterprise images must be retrieved via the `cr.seqera.io` container registry after this cutoff date. The installation and configuration templates provided for both [Docker Compose](https://docs.seqera.io/platform-enterprise/25.1/enterprise/platform-docker-compose) and [Kubernetes](https://docs.seqera.io/platform-enterprise/25.1/enterprise/platform-kubernetes) installations already reference the `cr.seqera.io` container image URLs. If you have not yet transitioned to this registry, [contact Support](https://support.seqera.io) to request credentials and for any further assistance. See [Legacy Seqera container image registries](https://docs.seqera.io/platform-enterprise/25.1/advanced-topics/seqera-container-images) for more information on the AWS ECR and other deprecated Seqera container registries. @@ -174,9 +174,9 @@ Upgrading to version 25.1 requires backend downtime in order for the database mi 1. See [Upgrade installation](https://docs.seqera.io/platform-enterprise/24.2/enterprise/upgrade) for installation upgrade guidance. :::info -Docker Compose deployments require downtime while upgrading services. Restarting the application may take several minutes. See [Docker compose deployment](https://docs.seqera.io/platform-enterprise/25.1/enterprise/docker-compose) for more information. +Docker Compose deployments require downtime while upgrading services. Restarting the application may take several minutes. See [Docker compose deployment](https://docs.seqera.io/platform-enterprise/25.1/enterprise/platform-docker-compose) for more information. -For Kubernetes deployments, apply the 25.1 `tower-cron.yml` to your cron pod and wait for the cron pod to be running before applying the `tower-svc.yml` to your backend pod and restarting the service. If the cron pod update is interrupted, you may need to restore the instance from your DB backup and start again. See [Kubernetes deployment](https://docs.seqera.io/platform-enterprise/25.1/enterprise/kubernetes) for more information. +For Kubernetes deployments, apply the 25.1 `tower-cron.yml` to your cron pod and wait for the cron pod to be running before applying the `tower-svc.yml` to your backend pod and restarting the service. If the cron pod update is interrupted, you may need to restore the instance from your DB backup and start again. See [Kubernetes deployment](https://docs.seqera.io/platform-enterprise/25.1/enterprise/platform-kubernetes) for more information. For custom deployments with third-party services such as ArgoCD, [contact support](https://support.seqera.io) for assistance during upgrade. ::: diff --git a/changelog/seqera-enterprise/v25.3.md b/changelog/seqera-enterprise/v25.3.md index eaf076f74..651200272 100644 --- a/changelog/seqera-enterprise/v25.3.md +++ b/changelog/seqera-enterprise/v25.3.md @@ -129,7 +129,7 @@ See the [MultiQC changelog](https://docs.seqera.io/changelog/tags/multiqc) for d ## General warnings -Starting from version 26.1, the front end image running as root user will be deprecated. We recommend starting to switch to the root-less image (also known as "unprivileged" image) during this upgrade. See [Kubernetes](https://docs.seqera.io/platform-enterprise/enterprise/kubernetes#seqera-frontend-unprivileged) and [docker-compose](https://docs.seqera.io/platform-enterprise/enterprise/docker-compose#seqera-frontend-unprivileged) deployment documentation for instructions. +Starting from version 26.1, the front end image running as root user will be deprecated. We recommend starting to switch to the root-less image (also known as "unprivileged" image) during this upgrade. See [Kubernetes](https://docs.seqera.io/platform-enterprise/enterprise/platform-kubernetes#seqera-frontend-unprivileged) and [docker-compose](https://docs.seqera.io/platform-enterprise/enterprise/platform-docker-compose#seqera-frontend-unprivileged) deployment documentation for instructions. ## Upgrade steps From 233c2b3ef35a959ce4f1dd29a34c01c17fd40550 Mon Sep 17 00:00:00 2001 From: Alberto Chiusole Date: Tue, 3 Feb 2026 14:28:35 +0100 Subject: [PATCH 14/20] Update homepage link to install studios enterprise --- src/modules/Homepage/index.tsx | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/modules/Homepage/index.tsx b/src/modules/Homepage/index.tsx index 4a21ab1b0..3224dde60 100644 --- a/src/modules/Homepage/index.tsx +++ b/src/modules/Homepage/index.tsx @@ -191,7 +191,7 @@ export default function Home(): JSX.Element {
  • - + Enterprise deployment
    • From 06d2e673286d8891dbcce41df1644505b159f5ac Mon Sep 17 00:00:00 2001 From: Alberto Chiusole Date: Tue, 3 Feb 2026 18:45:41 +0100 Subject: [PATCH 15/20] Improve deprecation warning in v25.3 about frontend unpriv image --- changelog/seqera-enterprise/v25.3.md | 1 + 1 file changed, 1 insertion(+) diff --git a/changelog/seqera-enterprise/v25.3.md b/changelog/seqera-enterprise/v25.3.md index 651200272..1e414b2c8 100644 --- a/changelog/seqera-enterprise/v25.3.md +++ b/changelog/seqera-enterprise/v25.3.md @@ -130,6 +130,7 @@ See the [MultiQC changelog](https://docs.seqera.io/changelog/tags/multiqc) for d ## General warnings Starting from version 26.1, the front end image running as root user will be deprecated. We recommend starting to switch to the root-less image (also known as "unprivileged" image) during this upgrade. See [Kubernetes](https://docs.seqera.io/platform-enterprise/enterprise/platform-kubernetes#seqera-frontend-unprivileged) and [docker-compose](https://docs.seqera.io/platform-enterprise/enterprise/platform-docker-compose#seqera-frontend-unprivileged) deployment documentation for instructions. +In brief, update the image tag and modify your Kubernetes Service resource or docker-compose service definition to forward requests to port `8000` (the default port for the unprivileged image). ## Upgrade steps From 4a75230dfe7e89501192cd9919ca20a5478b4698 Mon Sep 17 00:00:00 2001 From: Justine Geffen Date: Wed, 4 Feb 2026 11:23:41 +0200 Subject: [PATCH 16/20] Update v25.3.md Signed-off-by: Justine Geffen --- changelog/seqera-enterprise/v25.3.md | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/changelog/seqera-enterprise/v25.3.md b/changelog/seqera-enterprise/v25.3.md index 1e414b2c8..f9e0c03e5 100644 --- a/changelog/seqera-enterprise/v25.3.md +++ b/changelog/seqera-enterprise/v25.3.md @@ -129,8 +129,12 @@ See the [MultiQC changelog](https://docs.seqera.io/changelog/tags/multiqc) for d ## General warnings -Starting from version 26.1, the front end image running as root user will be deprecated. We recommend starting to switch to the root-less image (also known as "unprivileged" image) during this upgrade. See [Kubernetes](https://docs.seqera.io/platform-enterprise/enterprise/platform-kubernetes#seqera-frontend-unprivileged) and [docker-compose](https://docs.seqera.io/platform-enterprise/enterprise/platform-docker-compose#seqera-frontend-unprivileged) deployment documentation for instructions. -In brief, update the image tag and modify your Kubernetes Service resource or docker-compose service definition to forward requests to port `8000` (the default port for the unprivileged image). +Starting in version 26.1, the root user image is deprecated. We recommend switching to the unprivileged (rootless) image during this upgrade. To do so: + +- Update the image tag. +- Modify your Kubernetes Service resource or Docker Compose service definition to forward requests to port `8000` (the default for the unprivileged image). + +See [Kubernetes](https://docs.seqera.io/platform-enterprise/enterprise/platform-kubernetes#seqera-frontend-unprivileged) and [docker-compose](https://docs.seqera.io/platform-enterprise/enterprise/platform-docker-compose#seqera-frontend-unprivileged) deployment documentation for instructions. ## Upgrade steps From 9a23270c352e955bc7692dee7150f4ef57590bc1 Mon Sep 17 00:00:00 2001 From: Justine Geffen Date: Wed, 4 Feb 2026 13:29:58 +0200 Subject: [PATCH 17/20] Fix broken Studios links in v25.3 configuration files Corrected relative paths to Studios documentation that were broken after the Studios docs reorganization. Updated links in configuration tables and Docker Compose template to point to the correct install-studios.md file. Co-Authored-By: Claude Sonnet 4.5 --- .../_templates/docker/docker-compose.yml | 4 +- .../configtables/data_features_env.yml | 48 +++++++++---------- 2 files changed, 26 insertions(+), 26 deletions(-) diff --git a/platform-enterprise_versioned_docs/version-25.3/enterprise/_templates/docker/docker-compose.yml b/platform-enterprise_versioned_docs/version-25.3/enterprise/_templates/docker/docker-compose.yml index 7e2060579..7e30477ff 100644 --- a/platform-enterprise_versioned_docs/version-25.3/enterprise/_templates/docker/docker-compose.yml +++ b/platform-enterprise_versioned_docs/version-25.3/enterprise/_templates/docker/docker-compose.yml @@ -113,7 +113,7 @@ services: depends_on: - backend -# Uncomment the following section to enable Studios functionality. See [Studios configuration](../studios/overview) for more information. +# Uncomment the following section to enable Studios functionality. See [Studios configuration](../../../studios/overview) for more information. # connect-proxy: # image: cr.seqera.io/private/nf-tower-enterprise/data-studio/connect-proxy:0.9.0 # platform: linux/amd64 @@ -141,7 +141,7 @@ services: # - 7070:7070 # restart: always - # Uncomment the following section to enable the pipeline resource optimization service. Add TOWER_ENABLE_GROUNDSWELL + # Uncomment the following section to enable the pipeline resource optimization service. Add TOWER_ENABLE_GROUNDSWELL # or GROUNDSWELL_SERVER_URL to tower.env environment variables # groundswell: # image: cr.seqera.io/private/nf-tower-enterprise/groundswell:0.3.3 diff --git a/platform-enterprise_versioned_docs/version-25.3/enterprise/configuration/configtables/data_features_env.yml b/platform-enterprise_versioned_docs/version-25.3/enterprise/configuration/configtables/data_features_env.yml index f9ed6d0a8..6ab2dd207 100644 --- a/platform-enterprise_versioned_docs/version-25.3/enterprise/configuration/configtables/data_features_env.yml +++ b/platform-enterprise_versioned_docs/version-25.3/enterprise/configuration/configtables/data_features_env.yml @@ -1,48 +1,48 @@ --- -- +- Environment variable: '`TOWER_DATA_EXPLORER_ENABLED`' - Description: > + Description: > Enable [Data Explorer](https://docs.seqera.io/platform-cloud/data/data-explorer) in all workspaces. To mount data inside a Studio, you must enable Data Explorer. Value: 'Default: `false`' -- +- Environment variable: '`TOWER_DATA_EXPLORER_CLOUD_DISABLED_WORKSPACES`' - Description: > - Disable Data Explorer automatic cloud bucket retrieval per workspace. + Description: > + Disable Data Explorer automatic cloud bucket retrieval per workspace. Value: 'Example: `,`' - Environment variable: '`TOWER_DATA_EXPLORER_CREDENTIALS_TTL`' - Description: > - Data Explorer interval to fetch credentials from cloud providers for new buckets. + Description: > + Data Explorer interval to fetch credentials from cloud providers for new buckets. Value: 'Default: `20m`' - Environment variable: '`TOWER_DATA_EXPLORER_LINK_STORE_TTL`' - Description: > - Data Explorer cloud bucket cache duration. + Description: > + Data Explorer cloud bucket cache duration. Value: 'Default: `30m`' - Environment variable: '`TOWER_DATA_EXPLORER_LINK_STORE_BACKOFF`' - Description: > - The amount of time that elapses after an error, before a retry attempt is made. + Description: > + The amount of time that elapses after an error, before a retry attempt is made. Value: 'Default: `10m`' - Environment variable: '`TOWER_DATA_EXPLORER_MAX_RETRIES`' - Description: > - The number of retries Data Explorer will attempt to fetch cloud buckets in the event of temporary errors. + Description: > + The number of retries Data Explorer will attempt to fetch cloud buckets in the event of temporary errors. Value: 'Default: `3`' - Environment variable: '`TOWER_DATA_EXPLORER_LINK_STORE_RETRY_AFTER`' - Description: > - The period of time that retry attempts will be made even when max retries has been exceeded. + Description: > + The period of time that retry attempts will be made even when max retries has been exceeded. Value: 'Default: `1d`' - Environment variable: '`TOWER_CONTENT_MAX_FILE_SIZE`' - Description: > - Data Explorer download file size limit. **Increasing this value may degrade performance.** + Description: > + Data Explorer download file size limit. **Increasing this value may degrade performance.** Value: 'Default: `25MB`' - Environment variable: '`TOWER_DATA_STUDIO_CONNECT_URL`' Description: > - The URL of the Studios connect proxy. The connect proxy is used internally by Seqera Platform. See [Studios deployment](../studios). + The URL of the Studios connect proxy. The connect proxy is used internally by Seqera Platform. See [Studios deployment](../../install-studios). Value: 'Example: `https://connect.example.com/`' - Environment variable: '`TOWER_DATA_STUDIO_WAVE_CUSTOM_IMAGE_REPOSITORY`' @@ -61,16 +61,16 @@ Value: 'Default: `docker.io`' - Environment variable: '`TOWER_OIDC_REGISTRATION_INITIAL_ACCESS_TOKEN`' - Description: > - An access token used to register new clients in Seqera Platform. Any alphanumeric value is allowed. See [Studios deployment](../studios). + Description: > + An access token used to register new clients in Seqera Platform. Any alphanumeric value is allowed. See [Studios deployment](../../install-studios). Value: 'd5XDoRzHpWo1c............mDnfBpB' - Environment variable: '`TOWER_DATA_STUDIO_ENABLE_PATH_ROUTING`' - Description: > - Add this variable and set it to `true` to configure Studios requests to use path-based routing and a single, fixed domain for Studio sessions. See [Studios deployment](../studios). + Description: > + Add this variable and set it to `true` to configure Studios requests to use path-based routing and a single, fixed domain for Studio sessions. See [Studios deployment](../../install-studios). Value: 'Default: null' - Environment variable: '`TOWER_OIDC_PEM_PATH`' - Description: > - The file path to a PEM certificate used to sign the OIDC tokens for the OpenID connect provider. See [Studios deployment](../studios). + Description: > + The file path to a PEM certificate used to sign the OIDC tokens for the OpenID connect provider. See [Studios deployment](../../install-studios). Value: 'Example: `/data-studios-rsa.pem`' From 1ecd21d69d234a9f0ee4c598fef0b1a3ac437eee Mon Sep 17 00:00:00 2001 From: Justine Geffen Date: Wed, 4 Feb 2026 13:48:12 +0200 Subject: [PATCH 18/20] Fix broken Studios links in v25.1 and v25.2 configuration files Corrected relative paths in v25.1 and v25.2 that were pointing to incorrect locations after the Studios docs reorganization. Updated 7 broken links in configuration tables and 1 in Docker Compose template to point to the correct install-studios.md file. Co-Authored-By: Claude Sonnet 4.5 --- .../configuration/configtables/data_features_env.yml | 6 +++--- .../enterprise/_templates/docker/docker-compose.yml | 4 ++-- .../configuration/configtables/data_features_env.yml | 8 ++++---- 3 files changed, 9 insertions(+), 9 deletions(-) diff --git a/platform-enterprise_versioned_docs/version-25.1/enterprise/configuration/configtables/data_features_env.yml b/platform-enterprise_versioned_docs/version-25.1/enterprise/configuration/configtables/data_features_env.yml index f08a2b668..465fec16a 100644 --- a/platform-enterprise_versioned_docs/version-25.1/enterprise/configuration/configtables/data_features_env.yml +++ b/platform-enterprise_versioned_docs/version-25.1/enterprise/configuration/configtables/data_features_env.yml @@ -42,15 +42,15 @@ - Environment variable: '`TOWER_DATA_STUDIO_CONNECT_URL`' Description: > - The URL of the Studios connect proxy. The connect proxy is used internally by Seqera Platform. See [Studios deployment](../install-studios). + The URL of the Studios connect proxy. The connect proxy is used internally by Seqera Platform. See [Studios deployment](../../install-studios). Value: 'Example: `https://connect.example.com/`' - Environment variable: '`TOWER_OIDC_REGISTRATION_INITIAL_ACCESS_TOKEN`' Description: > - An access token used to register new clients in Seqera Platform. Any alphanumeric value is allowed. See [Studios deployment](../install-studios). + An access token used to register new clients in Seqera Platform. Any alphanumeric value is allowed. See [Studios deployment](../../install-studios). Value: 'd5XDoRzHpWo1c............mDnfBpB' - Environment variable: '`TOWER_OIDC_PEM_PATH`' Description: > - The file path to a PEM certificate used to sign the OIDC tokens for the OpenID connect provider. See [Studios deployment](../install-studios). + The file path to a PEM certificate used to sign the OIDC tokens for the OpenID connect provider. See [Studios deployment](../../install-studios). Value: 'Example: `/data-studios-rsa.pem`' diff --git a/platform-enterprise_versioned_docs/version-25.2/enterprise/_templates/docker/docker-compose.yml b/platform-enterprise_versioned_docs/version-25.2/enterprise/_templates/docker/docker-compose.yml index a57517c62..727d67954 100644 --- a/platform-enterprise_versioned_docs/version-25.2/enterprise/_templates/docker/docker-compose.yml +++ b/platform-enterprise_versioned_docs/version-25.2/enterprise/_templates/docker/docker-compose.yml @@ -113,7 +113,7 @@ services: depends_on: - backend -# Uncomment the following section to enable Studios functionality. See [Studios configuration](../studios/overview) for more information. +# Uncomment the following section to enable Studios functionality. See [Studios configuration](../../../studios/overview) for more information. # connect-proxy: # image: cr.seqera.io/private/nf-tower-enterprise/data-studio/connect-proxy:0.8.3 # platform: linux/amd64 @@ -141,7 +141,7 @@ services: # - 7070:7070 # restart: always - # Uncomment the following section to enable the pipeline resource optimization service. Add TOWER_ENABLE_GROUNDSWELL + # Uncomment the following section to enable the pipeline resource optimization service. Add TOWER_ENABLE_GROUNDSWELL # or GROUNDSWELL_SERVER_URL to tower.env environment variables # groundswell: # image: cr.seqera.io/private/nf-tower-enterprise/groundswell:0.3.3 diff --git a/platform-enterprise_versioned_docs/version-25.2/enterprise/configuration/configtables/data_features_env.yml b/platform-enterprise_versioned_docs/version-25.2/enterprise/configuration/configtables/data_features_env.yml index 111b285b0..6ab2dd207 100644 --- a/platform-enterprise_versioned_docs/version-25.2/enterprise/configuration/configtables/data_features_env.yml +++ b/platform-enterprise_versioned_docs/version-25.2/enterprise/configuration/configtables/data_features_env.yml @@ -42,7 +42,7 @@ - Environment variable: '`TOWER_DATA_STUDIO_CONNECT_URL`' Description: > - The URL of the Studios connect proxy. The connect proxy is used internally by Seqera Platform. See [Studios deployment](../install-studios). + The URL of the Studios connect proxy. The connect proxy is used internally by Seqera Platform. See [Studios deployment](../../install-studios). Value: 'Example: `https://connect.example.com/`' - Environment variable: '`TOWER_DATA_STUDIO_WAVE_CUSTOM_IMAGE_REPOSITORY`' @@ -62,15 +62,15 @@ - Environment variable: '`TOWER_OIDC_REGISTRATION_INITIAL_ACCESS_TOKEN`' Description: > - An access token used to register new clients in Seqera Platform. Any alphanumeric value is allowed. See [Studios deployment](../install-studios). + An access token used to register new clients in Seqera Platform. Any alphanumeric value is allowed. See [Studios deployment](../../install-studios). Value: 'd5XDoRzHpWo1c............mDnfBpB' - Environment variable: '`TOWER_DATA_STUDIO_ENABLE_PATH_ROUTING`' Description: > - Add this variable and set it to `true` to configure Studios requests to use path-based routing and a single, fixed domain for Studio sessions. See [Studios deployment](../install-studios). + Add this variable and set it to `true` to configure Studios requests to use path-based routing and a single, fixed domain for Studio sessions. See [Studios deployment](../../install-studios). Value: 'Default: null' - Environment variable: '`TOWER_OIDC_PEM_PATH`' Description: > - The file path to a PEM certificate used to sign the OIDC tokens for the OpenID connect provider. See [Studios deployment](../install-studios). + The file path to a PEM certificate used to sign the OIDC tokens for the OpenID connect provider. See [Studios deployment](../../install-studios). Value: 'Example: `/data-studios-rsa.pem`' From c8b0d8e699332880faf584a9ebb7c7034bc67a2f Mon Sep 17 00:00:00 2001 From: Alberto Chiusole Date: Wed, 4 Feb 2026 12:59:44 +0100 Subject: [PATCH 19/20] Update vNext too --- .../_templates/docker/docker-compose.yml | 12 +++--- .../enterprise/_templates/docker/tower.yml | 8 ++-- .../enterprise/_templates/k8s/tower-cron.yml | 4 +- .../enterprise/_templates/k8s/tower-svc.yml | 4 +- .../configuration/authentication/google.md | 6 +-- .../configtables/data_features_env.yml | 8 ++-- .../configtables/features_env.yml | 37 +++++++++++-------- .../enterprise/_templates/docker/tower.yml | 2 +- 8 files changed, 43 insertions(+), 38 deletions(-) diff --git a/platform-enterprise_docs/enterprise/_templates/docker/docker-compose.yml b/platform-enterprise_docs/enterprise/_templates/docker/docker-compose.yml index db991b521..7e30477ff 100644 --- a/platform-enterprise_docs/enterprise/_templates/docker/docker-compose.yml +++ b/platform-enterprise_docs/enterprise/_templates/docker/docker-compose.yml @@ -40,7 +40,7 @@ services: - $HOME/.tower/db/redis:/data migrate: - image: cr.seqera.io/private/nf-tower-enterprise/migrate-db:v25.3.0 + image: cr.seqera.io/private/nf-tower-enterprise/migrate-db:v25.3.1 platform: linux/amd64 command: -c "/migrate-db.sh" networks: @@ -57,7 +57,7 @@ services: condition: service_healthy cron: - image: cr.seqera.io/private/nf-tower-enterprise/backend:v25.3.0 + image: cr.seqera.io/private/nf-tower-enterprise/backend:v25.3.1 platform: linux/amd64 command: -c '/tower.sh' networks: @@ -78,7 +78,7 @@ services: backend: - image: cr.seqera.io/private/nf-tower-enterprise/backend:v25.3.0 + image: cr.seqera.io/private/nf-tower-enterprise/backend:v25.3.1 platform: linux/amd64 command: -c '/wait-for-it.sh db:3306 -t 60; /tower.sh' networks: @@ -103,7 +103,7 @@ services: - cron frontend: - image: cr.seqera.io/private/nf-tower-enterprise/frontend:v25.3.0 + image: cr.seqera.io/private/nf-tower-enterprise/frontend:v25.3.1 platform: linux/amd64 networks: - frontend @@ -113,7 +113,7 @@ services: depends_on: - backend -# Uncomment the following section to enable Studios functionality. See [Studios configuration](../studios/overview) for more information. +# Uncomment the following section to enable Studios functionality. See [Studios configuration](../../../studios/overview) for more information. # connect-proxy: # image: cr.seqera.io/private/nf-tower-enterprise/data-studio/connect-proxy:0.9.0 # platform: linux/amd64 @@ -141,7 +141,7 @@ services: # - 7070:7070 # restart: always - # Uncomment the following section to enable the pipeline resource optimization service. Add TOWER_ENABLE_GROUNDSWELL + # Uncomment the following section to enable the pipeline resource optimization service. Add TOWER_ENABLE_GROUNDSWELL # or GROUNDSWELL_SERVER_URL to tower.env environment variables # groundswell: # image: cr.seqera.io/private/nf-tower-enterprise/groundswell:0.3.3 diff --git a/platform-enterprise_docs/enterprise/_templates/docker/tower.yml b/platform-enterprise_docs/enterprise/_templates/docker/tower.yml index 20d9b1e96..ac51b56ab 100644 --- a/platform-enterprise_docs/enterprise/_templates/docker/tower.yml +++ b/platform-enterprise_docs/enterprise/_templates/docker/tower.yml @@ -21,7 +21,7 @@ auth: duration: 30m # Set a custom application name for the Micronaut environment to deploy multiple instances from the same Enterprise account -# Required for AWS Parameter Store configuration. For more information, see https://docs.seqera.io/platform/24.1/enterprise/configuration/aws_parameter_store +# Required for AWS Parameter Store configuration. For more information, see https://docs.seqera.io/platform/25.3/enterprise/configuration/aws_parameter_store micronaut: application: name: tower-app @@ -32,7 +32,7 @@ tower: - '*@org.xyz' - 'named_user@org.xyz' - # Seqera instance-wide configuration for authentication. For further information, see https://docs.seqera.io/platform/24.1/enterprise/configuration/authentication/ + # Seqera instance-wide configuration for authentication. For further information, see https://docs.seqera.io/platform/25.3/enterprise/configuration/authentication/ auth: google: allow-list: @@ -41,7 +41,7 @@ tower: allow-list: - "*@org.xyz" - # Seqera instance-wide configuration for SCM providers. For further information, see https://docs.seqera.io/platform/24.1/enterprise/configuration/overview + # Seqera instance-wide configuration for SCM providers. For further information, see https://docs.seqera.io/platform/25.3/enterprise/configuration/overview scm: providers: github: @@ -53,4 +53,4 @@ tower: token: bitbucket: user: - password: \ No newline at end of file + password: diff --git a/platform-enterprise_docs/enterprise/_templates/k8s/tower-cron.yml b/platform-enterprise_docs/enterprise/_templates/k8s/tower-cron.yml index e55d5d6d1..63be40741 100644 --- a/platform-enterprise_docs/enterprise/_templates/k8s/tower-cron.yml +++ b/platform-enterprise_docs/enterprise/_templates/k8s/tower-cron.yml @@ -21,7 +21,7 @@ spec: name: tower-yml initContainers: - name: migrate-db - image: cr.seqera.io/private/nf-tower-enterprise/migrate-db:v25.3.0 + image: cr.seqera.io/private/nf-tower-enterprise/migrate-db:v25.3.1 command: ["sh", "-c", "/migrate-db.sh"] envFrom: - configMapRef: @@ -32,7 +32,7 @@ spec: subPath: tower.yml containers: - name: backend - image: cr.seqera.io/private/nf-tower-enterprise/backend:v25.3.0 + image: cr.seqera.io/private/nf-tower-enterprise/backend:v25.3.1 envFrom: - configMapRef: name: tower-backend-cfg diff --git a/platform-enterprise_docs/enterprise/_templates/k8s/tower-svc.yml b/platform-enterprise_docs/enterprise/_templates/k8s/tower-svc.yml index bac2a8fc8..e038ec873 100644 --- a/platform-enterprise_docs/enterprise/_templates/k8s/tower-svc.yml +++ b/platform-enterprise_docs/enterprise/_templates/k8s/tower-svc.yml @@ -29,7 +29,7 @@ spec: # secretName: platform-oidc-certs containers: - name: backend - image: cr.seqera.io/private/nf-tower-enterprise/backend:v25.3.0 + image: cr.seqera.io/private/nf-tower-enterprise/backend:v25.3.1 envFrom: - configMapRef: name: tower-backend-cfg @@ -88,7 +88,7 @@ spec: - name: "cr.seqera.io" containers: - name: frontend - image: cr.seqera.io/private/nf-tower-enterprise/frontend:v25.3.0 + image: cr.seqera.io/private/nf-tower-enterprise/frontend:v25.3.1 ports: - containerPort: 80 restartPolicy: Always diff --git a/platform-enterprise_docs/enterprise/configuration/authentication/google.md b/platform-enterprise_docs/enterprise/configuration/authentication/google.md index b4fda164a..136c19919 100644 --- a/platform-enterprise_docs/enterprise/configuration/authentication/google.md +++ b/platform-enterprise_docs/enterprise/configuration/authentication/google.md @@ -29,9 +29,9 @@ Ensure you know how to create Google OAuth credentials. See Google's documentati Add the following environment variables to your Seqera configuration: -| Variable | Description | -| :-------------------- | :---------------------------- | -| `TOWER_GOOGLE_CLIENT` | The client ID from step 6 | +| Variable | Description | +| :------- | :---------- | +| `TOWER_GOOGLE_CLIENT` | The client ID from step 6 | | `TOWER_GOOGLE_SECRET` | The client secret from step 6 | ## Restrict access diff --git a/platform-enterprise_docs/enterprise/configuration/configtables/data_features_env.yml b/platform-enterprise_docs/enterprise/configuration/configtables/data_features_env.yml index 111b285b0..6ab2dd207 100644 --- a/platform-enterprise_docs/enterprise/configuration/configtables/data_features_env.yml +++ b/platform-enterprise_docs/enterprise/configuration/configtables/data_features_env.yml @@ -42,7 +42,7 @@ - Environment variable: '`TOWER_DATA_STUDIO_CONNECT_URL`' Description: > - The URL of the Studios connect proxy. The connect proxy is used internally by Seqera Platform. See [Studios deployment](../install-studios). + The URL of the Studios connect proxy. The connect proxy is used internally by Seqera Platform. See [Studios deployment](../../install-studios). Value: 'Example: `https://connect.example.com/`' - Environment variable: '`TOWER_DATA_STUDIO_WAVE_CUSTOM_IMAGE_REPOSITORY`' @@ -62,15 +62,15 @@ - Environment variable: '`TOWER_OIDC_REGISTRATION_INITIAL_ACCESS_TOKEN`' Description: > - An access token used to register new clients in Seqera Platform. Any alphanumeric value is allowed. See [Studios deployment](../install-studios). + An access token used to register new clients in Seqera Platform. Any alphanumeric value is allowed. See [Studios deployment](../../install-studios). Value: 'd5XDoRzHpWo1c............mDnfBpB' - Environment variable: '`TOWER_DATA_STUDIO_ENABLE_PATH_ROUTING`' Description: > - Add this variable and set it to `true` to configure Studios requests to use path-based routing and a single, fixed domain for Studio sessions. See [Studios deployment](../install-studios). + Add this variable and set it to `true` to configure Studios requests to use path-based routing and a single, fixed domain for Studio sessions. See [Studios deployment](../../install-studios). Value: 'Default: null' - Environment variable: '`TOWER_OIDC_PEM_PATH`' Description: > - The file path to a PEM certificate used to sign the OIDC tokens for the OpenID connect provider. See [Studios deployment](../install-studios). + The file path to a PEM certificate used to sign the OIDC tokens for the OpenID connect provider. See [Studios deployment](../../install-studios). Value: 'Example: `/data-studios-rsa.pem`' diff --git a/platform-enterprise_docs/enterprise/configuration/configtables/features_env.yml b/platform-enterprise_docs/enterprise/configuration/configtables/features_env.yml index 6d283f942..0e050f71b 100644 --- a/platform-enterprise_docs/enterprise/configuration/configtables/features_env.yml +++ b/platform-enterprise_docs/enterprise/configuration/configtables/features_env.yml @@ -1,31 +1,36 @@ --- -- +- Environment variable: '`TOWER_ENABLE_WAVE`' - Description: > - Enable Seqera integration with [Wave containers](https://wave.seqera.io). + Description: > + Enable Seqera integration with [Wave containers](https://wave.seqera.io). Value: 'Default: `false`' -- +- Environment variable: '`WAVE_SERVER_URL`' - Description: > - Define the Wave containers service endpoint URL. + Description: > + Define the Wave containers service endpoint URL. Value: 'Example: `https://wave.seqera.io`' -- +- Environment variable: '`TOWER_ENABLE_AWS_SSM`' - Description: > - Enable Seqera configuration value retrieval from [AWS Parameter Store](https://docs.seqera.io/platform-enterprise/enterprise/configuration/aws_parameter_store). + Description: > + Enable Seqera configuration value retrieval from [AWS Parameter Store](https://docs.seqera.io/platform-enterprise/enterprise/configuration/aws_parameter_store). Value: 'Default: `false`' -- +- Environment variable: '`TOWER_ENABLE_AWS_SES`' - Description: > + Description: > Use AWS Simple Email Service (SES) to send Seqera emails instead of SMTP. Value: 'Default: `false`' -- +- Environment variable: '`TOWER_ALLOW_NEXTFLOW_LOGS`' - Description: > + Description: > Allow log and report files from Nextflow CLI runs (`-with-tower`) to be accessible in the Seqera UI. Run output files must be accessible to your Seqera workspace primary compute environment. Value: 'Default: `false`' -- +- Environment variable: '`TOWER_STEPPED_LAUNCH_FORM_ALLOWED_WORKSPACES`' - Description: > - Disable the [stepped launch form](https://docs.seqera.io/platform-cloud/launch/launchpad#launch-form) in the workspaces specified. Omit or set empty (`TOWER_STEPPED_LAUNCH_FORM_ALLOWED_WORKSPACES=`) to enable the new launch form in all workspaces, or provide a comma-separated list of workspace IDs to enable the form per workspace. + Description: > + Disable the [stepped launch form](https://docs.seqera.io/platform-cloud/launch/launchpad#launch-form) in the workspaces specified. Omit or set empty (`TOWER_STEPPED_LAUNCH_FORM_ALLOWED_WORKSPACES=`) to enable the new launch form in all workspaces, or provide a comma-separated list of workspace IDs to enable the form per workspace. Value: 'Default: Enabled for all workspaces' +- + Environment variable: '`TOWER_PIPELINE_VERSIONING_ALLOWED_WORKSPACES`' + Description: > + Enable [pipeline versioning](https://docs.seqera.io/platform-enterprise/pipelines/versioning) in the workspaces specified. Accepts a comma-separated list of workspace IDs. + Value: 'Default: Disabled for all workspaces' diff --git a/platform-enterprise_versioned_docs/version-25.3/enterprise/_templates/docker/tower.yml b/platform-enterprise_versioned_docs/version-25.3/enterprise/_templates/docker/tower.yml index 11d087633..ac51b56ab 100644 --- a/platform-enterprise_versioned_docs/version-25.3/enterprise/_templates/docker/tower.yml +++ b/platform-enterprise_versioned_docs/version-25.3/enterprise/_templates/docker/tower.yml @@ -21,7 +21,7 @@ auth: duration: 30m # Set a custom application name for the Micronaut environment to deploy multiple instances from the same Enterprise account -# Required for AWS Parameter Store configuration. For more information, see https://docs.seqera.io/platform/25.3/enterprise/configuration/aws_parameter_store +# Required for AWS Parameter Store configuration. For more information, see https://docs.seqera.io/platform/25.3/enterprise/configuration/aws_parameter_store micronaut: application: name: tower-app From 24ea571466fb98774cd8093d530e66a3e550b613 Mon Sep 17 00:00:00 2001 From: Alberto Chiusole Date: Wed, 4 Feb 2026 13:14:03 +0100 Subject: [PATCH 20/20] Fix ../ in data_features_env.yml --- .../configtables/data_features_env.yml | 8 ++-- .../configtables/data_features_env.yml | 6 +-- .../configtables/data_features_env.yml | 8 ++-- .../configtables/features_env.yml | 32 +++++++-------- .../configtables/generic_config_env.yml | 40 +++++++++---------- .../configtables/data_features_env.yml | 8 ++-- .../configtables/features_env.yml | 34 ++++++++-------- 7 files changed, 68 insertions(+), 68 deletions(-) diff --git a/platform-enterprise_docs/enterprise/configuration/configtables/data_features_env.yml b/platform-enterprise_docs/enterprise/configuration/configtables/data_features_env.yml index 6ab2dd207..111b285b0 100644 --- a/platform-enterprise_docs/enterprise/configuration/configtables/data_features_env.yml +++ b/platform-enterprise_docs/enterprise/configuration/configtables/data_features_env.yml @@ -42,7 +42,7 @@ - Environment variable: '`TOWER_DATA_STUDIO_CONNECT_URL`' Description: > - The URL of the Studios connect proxy. The connect proxy is used internally by Seqera Platform. See [Studios deployment](../../install-studios). + The URL of the Studios connect proxy. The connect proxy is used internally by Seqera Platform. See [Studios deployment](../install-studios). Value: 'Example: `https://connect.example.com/`' - Environment variable: '`TOWER_DATA_STUDIO_WAVE_CUSTOM_IMAGE_REPOSITORY`' @@ -62,15 +62,15 @@ - Environment variable: '`TOWER_OIDC_REGISTRATION_INITIAL_ACCESS_TOKEN`' Description: > - An access token used to register new clients in Seqera Platform. Any alphanumeric value is allowed. See [Studios deployment](../../install-studios). + An access token used to register new clients in Seqera Platform. Any alphanumeric value is allowed. See [Studios deployment](../install-studios). Value: 'd5XDoRzHpWo1c............mDnfBpB' - Environment variable: '`TOWER_DATA_STUDIO_ENABLE_PATH_ROUTING`' Description: > - Add this variable and set it to `true` to configure Studios requests to use path-based routing and a single, fixed domain for Studio sessions. See [Studios deployment](../../install-studios). + Add this variable and set it to `true` to configure Studios requests to use path-based routing and a single, fixed domain for Studio sessions. See [Studios deployment](../install-studios). Value: 'Default: null' - Environment variable: '`TOWER_OIDC_PEM_PATH`' Description: > - The file path to a PEM certificate used to sign the OIDC tokens for the OpenID connect provider. See [Studios deployment](../../install-studios). + The file path to a PEM certificate used to sign the OIDC tokens for the OpenID connect provider. See [Studios deployment](../install-studios). Value: 'Example: `/data-studios-rsa.pem`' diff --git a/platform-enterprise_versioned_docs/version-25.1/enterprise/configuration/configtables/data_features_env.yml b/platform-enterprise_versioned_docs/version-25.1/enterprise/configuration/configtables/data_features_env.yml index 465fec16a..f08a2b668 100644 --- a/platform-enterprise_versioned_docs/version-25.1/enterprise/configuration/configtables/data_features_env.yml +++ b/platform-enterprise_versioned_docs/version-25.1/enterprise/configuration/configtables/data_features_env.yml @@ -42,15 +42,15 @@ - Environment variable: '`TOWER_DATA_STUDIO_CONNECT_URL`' Description: > - The URL of the Studios connect proxy. The connect proxy is used internally by Seqera Platform. See [Studios deployment](../../install-studios). + The URL of the Studios connect proxy. The connect proxy is used internally by Seqera Platform. See [Studios deployment](../install-studios). Value: 'Example: `https://connect.example.com/`' - Environment variable: '`TOWER_OIDC_REGISTRATION_INITIAL_ACCESS_TOKEN`' Description: > - An access token used to register new clients in Seqera Platform. Any alphanumeric value is allowed. See [Studios deployment](../../install-studios). + An access token used to register new clients in Seqera Platform. Any alphanumeric value is allowed. See [Studios deployment](../install-studios). Value: 'd5XDoRzHpWo1c............mDnfBpB' - Environment variable: '`TOWER_OIDC_PEM_PATH`' Description: > - The file path to a PEM certificate used to sign the OIDC tokens for the OpenID connect provider. See [Studios deployment](../../install-studios). + The file path to a PEM certificate used to sign the OIDC tokens for the OpenID connect provider. See [Studios deployment](../install-studios). Value: 'Example: `/data-studios-rsa.pem`' diff --git a/platform-enterprise_versioned_docs/version-25.2/enterprise/configuration/configtables/data_features_env.yml b/platform-enterprise_versioned_docs/version-25.2/enterprise/configuration/configtables/data_features_env.yml index 6ab2dd207..111b285b0 100644 --- a/platform-enterprise_versioned_docs/version-25.2/enterprise/configuration/configtables/data_features_env.yml +++ b/platform-enterprise_versioned_docs/version-25.2/enterprise/configuration/configtables/data_features_env.yml @@ -42,7 +42,7 @@ - Environment variable: '`TOWER_DATA_STUDIO_CONNECT_URL`' Description: > - The URL of the Studios connect proxy. The connect proxy is used internally by Seqera Platform. See [Studios deployment](../../install-studios). + The URL of the Studios connect proxy. The connect proxy is used internally by Seqera Platform. See [Studios deployment](../install-studios). Value: 'Example: `https://connect.example.com/`' - Environment variable: '`TOWER_DATA_STUDIO_WAVE_CUSTOM_IMAGE_REPOSITORY`' @@ -62,15 +62,15 @@ - Environment variable: '`TOWER_OIDC_REGISTRATION_INITIAL_ACCESS_TOKEN`' Description: > - An access token used to register new clients in Seqera Platform. Any alphanumeric value is allowed. See [Studios deployment](../../install-studios). + An access token used to register new clients in Seqera Platform. Any alphanumeric value is allowed. See [Studios deployment](../install-studios). Value: 'd5XDoRzHpWo1c............mDnfBpB' - Environment variable: '`TOWER_DATA_STUDIO_ENABLE_PATH_ROUTING`' Description: > - Add this variable and set it to `true` to configure Studios requests to use path-based routing and a single, fixed domain for Studio sessions. See [Studios deployment](../../install-studios). + Add this variable and set it to `true` to configure Studios requests to use path-based routing and a single, fixed domain for Studio sessions. See [Studios deployment](../install-studios). Value: 'Default: null' - Environment variable: '`TOWER_OIDC_PEM_PATH`' Description: > - The file path to a PEM certificate used to sign the OIDC tokens for the OpenID connect provider. See [Studios deployment](../../install-studios). + The file path to a PEM certificate used to sign the OIDC tokens for the OpenID connect provider. See [Studios deployment](../install-studios). Value: 'Example: `/data-studios-rsa.pem`' diff --git a/platform-enterprise_versioned_docs/version-25.2/enterprise/configuration/configtables/features_env.yml b/platform-enterprise_versioned_docs/version-25.2/enterprise/configuration/configtables/features_env.yml index 6d283f942..39c7d7a38 100644 --- a/platform-enterprise_versioned_docs/version-25.2/enterprise/configuration/configtables/features_env.yml +++ b/platform-enterprise_versioned_docs/version-25.2/enterprise/configuration/configtables/features_env.yml @@ -1,31 +1,31 @@ --- -- +- Environment variable: '`TOWER_ENABLE_WAVE`' - Description: > - Enable Seqera integration with [Wave containers](https://wave.seqera.io). + Description: > + Enable Seqera integration with [Wave containers](https://wave.seqera.io). Value: 'Default: `false`' -- +- Environment variable: '`WAVE_SERVER_URL`' - Description: > - Define the Wave containers service endpoint URL. + Description: > + Define the Wave containers service endpoint URL. Value: 'Example: `https://wave.seqera.io`' -- +- Environment variable: '`TOWER_ENABLE_AWS_SSM`' - Description: > - Enable Seqera configuration value retrieval from [AWS Parameter Store](https://docs.seqera.io/platform-enterprise/enterprise/configuration/aws_parameter_store). + Description: > + Enable Seqera configuration value retrieval from [AWS Parameter Store](https://docs.seqera.io/platform-enterprise/enterprise/configuration/aws_parameter_store). Value: 'Default: `false`' -- +- Environment variable: '`TOWER_ENABLE_AWS_SES`' - Description: > + Description: > Use AWS Simple Email Service (SES) to send Seqera emails instead of SMTP. Value: 'Default: `false`' -- +- Environment variable: '`TOWER_ALLOW_NEXTFLOW_LOGS`' - Description: > + Description: > Allow log and report files from Nextflow CLI runs (`-with-tower`) to be accessible in the Seqera UI. Run output files must be accessible to your Seqera workspace primary compute environment. Value: 'Default: `false`' -- +- Environment variable: '`TOWER_STEPPED_LAUNCH_FORM_ALLOWED_WORKSPACES`' - Description: > - Disable the [stepped launch form](https://docs.seqera.io/platform-cloud/launch/launchpad#launch-form) in the workspaces specified. Omit or set empty (`TOWER_STEPPED_LAUNCH_FORM_ALLOWED_WORKSPACES=`) to enable the new launch form in all workspaces, or provide a comma-separated list of workspace IDs to enable the form per workspace. + Description: > + Disable the [stepped launch form](https://docs.seqera.io/platform-cloud/launch/launchpad#launch-form) in the workspaces specified. Omit or set empty (`TOWER_STEPPED_LAUNCH_FORM_ALLOWED_WORKSPACES=`) to enable the new launch form in all workspaces, or provide a comma-separated list of workspace IDs to enable the form per workspace. Value: 'Default: Enabled for all workspaces' diff --git a/platform-enterprise_versioned_docs/version-25.2/enterprise/configuration/configtables/generic_config_env.yml b/platform-enterprise_versioned_docs/version-25.2/enterprise/configuration/configtables/generic_config_env.yml index 6ef7ad53d..006f04601 100644 --- a/platform-enterprise_versioned_docs/version-25.2/enterprise/configuration/configtables/generic_config_env.yml +++ b/platform-enterprise_versioned_docs/version-25.2/enterprise/configuration/configtables/generic_config_env.yml @@ -1,51 +1,51 @@ --- -- +- Environment variable: '`TOWER_SERVER_URL`' Description: > Your Seqera instance hostname, IP address, DNS name, or full [reverse proxy path](https://docs.seqera.io/platform-enterprise/latest/enterprise/configuration/reverse_proxy) where the application is exposed. The `https://` protocol is required for instances that use an SSL certificate. As of version 22.1, HTTPS is used by default. To use HTTP, set `TOWER_ENABLE_UNSAFE_MODE=true`. Value: "Default: `http://localhost:8000`" - Environment variable: '`TOWER_LICENSE`' - Description: > - Your Seqera Enterprise license key (**required**). [Contact us](mailto:sales@seqera.io) to obtain your license key. The key is base64-encoded by Seqera — paste this value exactly as received. + Description: > + Your Seqera Enterprise license key (**required**). [Contact us](mailto:sales@seqera.io) to obtain your license key. The key is base64-encoded by Seqera — paste this value exactly as received. Value: '`DT8G5F3...BBV90OW`' -- +- Environment variable: '`TOWER_APP_NAME`' - Description: > + Description: > Application name. To run multiple instances of the same Seqera account, each instance must have a unique name, e.g., `tower-dev` and `tower-prod`. Value: 'Default: `tower`' -- +- Environment variable: '`TOWER_CONFIG_FILE`' - Description: > + Description: > Custom path for the `tower.yml` file. Value: '`path/to/tower/config`' -- +- Environment variable: '`TOWER_LANDING_URL`' - Description: > + Description: > Custom landing page for the application (requires version 21.10.1 or later). This value doesn't change the `TOWER_SERVER_URL` used for inbound Seqera connections. - Value: '`https://your.custom.landing.example.net`' -- + Value: '`https://your.custom.landing.example.net`' +- Environment variable: '`TOWER_CRON_SERVER_PORT`' - Description: > + Description: > Define the HTTP port used by the Seqera cron service (requires version 21.06.1 or later). Value: '`8080`' -- +- Environment variable: '`TOWER_ROOT_USERS`' - Description: > + Description: > Grant users access to the application admin panel. Value: '`user1@your-company.com,user2@your-company.com`' -- +- Environment variable: '`TOWER_CONTACT_EMAIL`' - Description: > + Description: > Your Seqera system administrator contact email. Value: '`seqera@your-company.com`' -- +- Environment variable: '`TOWER_AUTH_DISABLE_EMAIL`' - Description: > + Description: > Set to `true` to disable the email login. Ensure that you've configured an alternative authentication provider first. - Value: 'Default: `false`' + Value: 'Default: `false`' - Environment variable: '`TOWER_USER_WORKSPACE_ENABLED`' - Description: > + Description: > Enable or disable user private workspaces (requires version 22.1.0 or later). Value: 'Default: `true`' diff --git a/platform-enterprise_versioned_docs/version-25.3/enterprise/configuration/configtables/data_features_env.yml b/platform-enterprise_versioned_docs/version-25.3/enterprise/configuration/configtables/data_features_env.yml index 6ab2dd207..111b285b0 100644 --- a/platform-enterprise_versioned_docs/version-25.3/enterprise/configuration/configtables/data_features_env.yml +++ b/platform-enterprise_versioned_docs/version-25.3/enterprise/configuration/configtables/data_features_env.yml @@ -42,7 +42,7 @@ - Environment variable: '`TOWER_DATA_STUDIO_CONNECT_URL`' Description: > - The URL of the Studios connect proxy. The connect proxy is used internally by Seqera Platform. See [Studios deployment](../../install-studios). + The URL of the Studios connect proxy. The connect proxy is used internally by Seqera Platform. See [Studios deployment](../install-studios). Value: 'Example: `https://connect.example.com/`' - Environment variable: '`TOWER_DATA_STUDIO_WAVE_CUSTOM_IMAGE_REPOSITORY`' @@ -62,15 +62,15 @@ - Environment variable: '`TOWER_OIDC_REGISTRATION_INITIAL_ACCESS_TOKEN`' Description: > - An access token used to register new clients in Seqera Platform. Any alphanumeric value is allowed. See [Studios deployment](../../install-studios). + An access token used to register new clients in Seqera Platform. Any alphanumeric value is allowed. See [Studios deployment](../install-studios). Value: 'd5XDoRzHpWo1c............mDnfBpB' - Environment variable: '`TOWER_DATA_STUDIO_ENABLE_PATH_ROUTING`' Description: > - Add this variable and set it to `true` to configure Studios requests to use path-based routing and a single, fixed domain for Studio sessions. See [Studios deployment](../../install-studios). + Add this variable and set it to `true` to configure Studios requests to use path-based routing and a single, fixed domain for Studio sessions. See [Studios deployment](../install-studios). Value: 'Default: null' - Environment variable: '`TOWER_OIDC_PEM_PATH`' Description: > - The file path to a PEM certificate used to sign the OIDC tokens for the OpenID connect provider. See [Studios deployment](../../install-studios). + The file path to a PEM certificate used to sign the OIDC tokens for the OpenID connect provider. See [Studios deployment](../install-studios). Value: 'Example: `/data-studios-rsa.pem`' diff --git a/platform-enterprise_versioned_docs/version-25.3/enterprise/configuration/configtables/features_env.yml b/platform-enterprise_versioned_docs/version-25.3/enterprise/configuration/configtables/features_env.yml index 4dbc55b4a..0e050f71b 100644 --- a/platform-enterprise_versioned_docs/version-25.3/enterprise/configuration/configtables/features_env.yml +++ b/platform-enterprise_versioned_docs/version-25.3/enterprise/configuration/configtables/features_env.yml @@ -1,36 +1,36 @@ --- -- +- Environment variable: '`TOWER_ENABLE_WAVE`' - Description: > - Enable Seqera integration with [Wave containers](https://wave.seqera.io). + Description: > + Enable Seqera integration with [Wave containers](https://wave.seqera.io). Value: 'Default: `false`' -- +- Environment variable: '`WAVE_SERVER_URL`' - Description: > - Define the Wave containers service endpoint URL. + Description: > + Define the Wave containers service endpoint URL. Value: 'Example: `https://wave.seqera.io`' -- +- Environment variable: '`TOWER_ENABLE_AWS_SSM`' - Description: > - Enable Seqera configuration value retrieval from [AWS Parameter Store](https://docs.seqera.io/platform-enterprise/enterprise/configuration/aws_parameter_store). + Description: > + Enable Seqera configuration value retrieval from [AWS Parameter Store](https://docs.seqera.io/platform-enterprise/enterprise/configuration/aws_parameter_store). Value: 'Default: `false`' -- +- Environment variable: '`TOWER_ENABLE_AWS_SES`' - Description: > + Description: > Use AWS Simple Email Service (SES) to send Seqera emails instead of SMTP. Value: 'Default: `false`' -- +- Environment variable: '`TOWER_ALLOW_NEXTFLOW_LOGS`' - Description: > + Description: > Allow log and report files from Nextflow CLI runs (`-with-tower`) to be accessible in the Seqera UI. Run output files must be accessible to your Seqera workspace primary compute environment. Value: 'Default: `false`' -- +- Environment variable: '`TOWER_STEPPED_LAUNCH_FORM_ALLOWED_WORKSPACES`' - Description: > - Disable the [stepped launch form](https://docs.seqera.io/platform-cloud/launch/launchpad#launch-form) in the workspaces specified. Omit or set empty (`TOWER_STEPPED_LAUNCH_FORM_ALLOWED_WORKSPACES=`) to enable the new launch form in all workspaces, or provide a comma-separated list of workspace IDs to enable the form per workspace. + Description: > + Disable the [stepped launch form](https://docs.seqera.io/platform-cloud/launch/launchpad#launch-form) in the workspaces specified. Omit or set empty (`TOWER_STEPPED_LAUNCH_FORM_ALLOWED_WORKSPACES=`) to enable the new launch form in all workspaces, or provide a comma-separated list of workspace IDs to enable the form per workspace. Value: 'Default: Enabled for all workspaces' - Environment variable: '`TOWER_PIPELINE_VERSIONING_ALLOWED_WORKSPACES`' - Description: > + Description: > Enable [pipeline versioning](https://docs.seqera.io/platform-enterprise/pipelines/versioning) in the workspaces specified. Accepts a comma-separated list of workspace IDs. Value: 'Default: Disabled for all workspaces'