ShinyProxy is a novel, open source platform to deploy Shiny apps for the enterprise or larger organizations.
Full Kubernetes Support
One of the main advantages of ShinyProxy is the use of plugable container back-ends which allows people to use ShinyProxy on a plain Docker host, on a Docker Swarm cluster or on internet-scale Kubernetes cluster in the cloud. The way organizations have been deploying ShinyProxy on Kubernetes clusters has grown exponentially and providing a means to configure ShinyProxy tailored to the specific Kubernetes setup became more important.
In order to give system administrators the possibility to do so in a native Kubernetes way ShinyProxy 2.4.0 now supports the use of pod patches at the level of the individual Shiny apps. This allows many advanced integrations including
- adding a ServiceAccount
- changing the namespace
- adding Volumes and VolumeMounts
- adding Environment variable
- adding secrets as Environment Variables
etc.
kubernetes-pod-patches: | - op: add path: /spec/serviceAccountName value: my-serviceaccount - op: replace path: /metadata/namespace value: my-namespace - op: add path: /spec/volumes/0 value: name: cache-volume emptyDir: {} - op: add path: /spec/containers/0/volumeMounts/0 value: mountPath: /cache name: cache-volume - op: add path: /spec/containers/0/env/- value: name: ADDED_VAR value: VALUE - op: add path: /spec/containers/0/env value: - name: SOME_PASSWORD valueFrom: secretKeyRef: name: some-password key: password
Not only can all these settings be included, it is also possible to create additional Kubernetes resources when an app starts (and removing these upon shutdown) using the mechanism of additional manifests.
For example the following configuration creates a PersistentVolumeClaim and a Secret:
kubernetes-additional-manifests:
- |
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: manifests-pvc
spec:
storageClassName: standard
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 5Gi
- |
apiVersion: v1
kind: Secret
metadata:
name: manifests-secret
type: Opaque
data:
password: cGFzc3dvcmQ=
ShinyProxy Operator
Having pod patches and additional manifests allows to fully exploit all possibilities on a Kubernetes platform, but with great power comes great responsibility. Large internet-facing deployments can involve the management of hundreds of different Shiny apps on a cluster and globally distributed teams can push new apps multiple times a day. Adding new apps typically involves updating the ShinyProxy configuration and restarting ShinyProxy to load the updated configuration. Naive restarts are of course not desirable since users of ‘old’ apps want to maintain their connections (and state in their Shiny apps) whenever ‘new’ applications are rolled out onto the platform.
In order to streamline ShinyProxy administration in line with best practices in the Kubernetes ecosystem, a new ShinyProxy operator was developed to autonomously manage multiple ShinyProxy instances and their configuration. Not only will the operator start new instances (with new configuration), it will also ensure that users who are currently using an older instance (with older configuration) can stay on that instance. All other users, are forwarded to the new server and can use the new applications deployed on the new instance. Users on an old instance will at the same time be notified and can click a button in the user interface to move to the new instance. Whenever old instances no longer have sessions running, the operator will take care to cleanly stop the old instance.
Miscellaneous improvements
Besides working on the magic for managing complex deployments, this release also includes some smaller improvements related e.g. to handling of concurrent users of a proxied resource and some extra tools for administrators (liveness and readiness probes, inclusion of ShinyProxy and ContainerProxy version numbers in the startup message etc.). Since it has been some time since we published a blog post on ShinyProxy, it may also be useful to highlight that ShinyProxy 2.3.1 contains multiple improvements to be able to fully secure your deployments. These resulted from a (successful) pentesting exercise at a large customer deployment. There is also support now for running Zeppelin notebooks from ShinyProxy, with a demo setup on Github.
Full release notes can be found on the downloads page and updated documentation can be found on https://shinyproxy.io. As always community support on this new release is available at
https://support.openanalytics.eu
Don’t hesitate to send in questions or suggestions and have fun with ShinyProxy!
