To help hub members to correctly and easily deploy a web application, developed by usin Shiny (with R or Python), under Kubernetes .
At the bioinformatics hub of Institut Pasteur - Paris, our Shiny-K8s toolkit simplifies the deployment of R Shiny and shiny-python apps. It uses Docker, Kubernetes, Helm, and GitLab-CI/CD for automated deployment. It promotes software developement best practice with GitLab source hosting and new instance automatically deployed for any new branch. Features include auto-scaling, updates without downtime, persistent storage, and private project content. The toolkit provides step-by-step documentation, and is available under an MIT license.
The toolkit is based on GitLab project for hosting the source code which encourages reproducibility, indeed every change in source code is commited, tracked, and versionized, thus we always know who made what. When it comes to projects hosted in a git repository, using branches is also a good practice for introducing new features, fixing issues, or simply testing data and libraries updates. With every new branch, the toolkit automatically starts a new instance of the application, allowing you to test and share this new version of your application before officially publishing it, thanks to the continuous Integration and continuous deployment (CI/CD).
For end-user and ease of use, the toolkit propose togglable features such as auto scaling to scall up the resources (cpu/ram) associated with your application only when it is needed, no-downtime which start the next version of your application before shutting down the old one, persistent storage if you have results computed by your app, and also the possibility to keep the content of your gitlab project private while exposing the running app publicly.
The toolkit comes with step-by-step documentation guiding the users to use the toolkit, configure the project and how to estimate and ask resources in the Kubernetes clusters.
In terms of security, the app is hosted in a container in read-only, with an applicative user (i.e not root). This means that in case of security issue in the source code of the app or shiny, the source code of the app cannot be changed by malicious attacker. This also means that an application cannot see the private data of another application. The docker image is built by ourselves, reducing the exposition to unmaintained images that have known security issues.
This Documentation is composed of several parts depending on the user profile.
This Documentation is composed of several parts depending on the user profile.
