Extensions
This section explains the types of Kaapana extensions and how they work. For descriptions of available workflow and application extensions, refer to the Workflows and Applications. To learn how to integrate custom components into the platform as extensions, refer to the Developing Applications and Developing Workflow Extensions.
The Extension functional unit in Kaapana serves as an app store. It allows users to install/uninstall applications, workflows, and even platforms (experimental feature). Technically, an extension is a Helm chart.
Each extension in the Kaapana repository consists of two folders: docker and <extension-name>-chart.
For more information about the file structure, refer to the Helm Charts section Advanced: How Kaapana uses Helm.
There are two types of extensions:
Workflow Extensions: Consist of single or multiple executable DAGs in Apache Airflow. After installing a workflow extension, you can see the DAGs available under Workflow Execution menu.
Applications: These provide additional functionalities such as opening a VS Code server, a JupyterLab notebook, or an MITK Workbench instance.
In addition to the distinction in type, there is also an distinction in maturiy, namely stable or experimental.
Stable extensions have been tested and maintained, while experimental extensions are not.
The filters on the Extensions page allow users to filter extensions based on type, maturiy, and hardware requirements, i.e. GPU or CPU.
The extension list is updated in real time based on the selected filters.
The Extensions page also displays the current Helm and Kubernetes status of each extension, such as Running, Completed, Failed, or Error.
Note
Kaapana supports multi-installable extensions, which will have a “Launch” button instead of “Install”. Each time a multi-installable extension is launched, it is deployed as a separate Helm release.
Hint
To install a specific version of an extension, use the dropdown in the version column.
The section Developing Workflow Extensions also explains how to write and add your own extensions.
Uploading Extensions to the Platform
Kaapana also provides an experimental upload component for extensions. This allows users to upload both Docker images and Helm charts to the platform. Currently, this component only accepts two file types: “.tar” for exported images and “.tgz” for Helm charts.
This feature is intended to be used by developers who have knowledge about configuring Helm charts and Kubernetes resources. It is strongly recommended to read the following sections before uploading anything to platform: Advanced: How Kaapana uses Helm and Writing Dockerfile
Chart Upload:
Uploaded chart files are checked for basic safety measures, such as whether they are running any resource under the admin namespace.
To create a zipped chart file that can be uploaded to Kaapana, run the following Helm command inside the chart folder:
helm dep up
helm package .
Hint
If the build step is already completed, all the chart tgz files -and their respective folders- should be available under kaapana/build/kaapana-admin-chart/kaapana-extension-collection/charts. The structure should be the same with the DAGs and services already available there.
For any Kubernetes resource yaml inside the templates folder (i.e. deployment, job), the image tag should be referenced correctly (example field that needs to be changed).
Image Upload:
Uploaded images are automatically imported into the microk8s ctr environment (for details see the images import command here) .
A useful command to check if the image is imported with the correct tag into the container runtime is
microk8s ctr images ls | grep <image-tag>
Hint
Since the images uploaded via this component are not already available in a registry, the imagePullPolicy field in the corresponding Kubernetes resource yaml files (example value to be changed) should be changed to IfNotPresent.
If you have any issues regarding the upload mechanism, check Container Upload Failed.
Extension Parameters
Introduced in version 0.2.0, Extensions support specifying parameters as environment variables. This functionality can be customized according to the requirements of the extension. Some examples of available parameters are task_ID`s for **nnUNet** and the :code:`service_type` field for MITK Workbench. Parameters can be of type string, boolean, single_selectable, or multi_selectable. Parameters should be defined in the values.yaml file of the chart. Each of them should follow this structure:
extension_params:
<parameter_name>:
default: <default_value>
definition: "definition of the parameter"
type: oneof (string, bool, list_single, list_multi)
value: <value_entered_by_the_user>
Workflows
This is a list of built-in workflow-extensions, that can be installed.
Note
The list of executable workflows in the Workflow Execution view is only refreshed once every minute.
This interval is configurable as the parameter dag_dir_list_interval in the file airflow.cfg.
classification-inference
classification-training
body-and-organ-analysis
Workflow Overview:
Runs inference on the CT images using all selected models. Submodels associated with the “total” model are only executed if they are explicitly selected and the “total” model is selected. For each input series, a dedicated workflow is started. For more information, check out their repository.
Converts the DICOM input to a NIfTI file.
Executes the BOA command line tool on the input image.
Verifies the outputs:
Checks for invalid results, such as images with only background.
If strict mode is enabled, all expected outputs must be present to continue.
Converts all NIfTI segmentation results into a single DICOM SEG file.
Uploads the results:
The DICOM SEG file is uploaded to the PACS.
All other output files are uploaded to MinIO at
<project-bucket>/body-and-organ-analysis/<dicom-series-uid>.
nnunet-predict
nnunet-training
nnunet-install-model
nnunet-uninstall-models
TotalSegmentator
TotalSegmentator v2
Automatic organ segmentation (shapemodel-organ-seg)
Radiomics (radiomics-dcmseg)
MITK Flow
DcmSendOperator fails when no data is sent.Task API workflows
Applications
Code server for Airflow
<fast_data_dir>/workflows/kaapana/app/.vscode/settings.json.Code server for development
This extension provides a VS Code Server environment within the Kaapana platform for Python and R development. Users can explore and analyze data directly within the platform.
Overview
This extension is designed for users who need an interactive coding environment similar to JupyterLab, but with the additional flexibility of VS Code. It utilizes code-server to bring VSCode in the browser. Note that this extension is intended to be used with online deployments. If the container can not access the internet, an OFFLINE_WARNING.txt will appear next to this README.md file. The environment includes:
Python 3 and R support
Preinstalled Python, R, and Jupyter extensions in VSCode
Access to the project’s MinIO storage
Ability to install additional Python or R packages
Preinstalled Components
Pyhon Environment
Python version: 3.x (installed via Ubuntu python3-full)
Virtual environment path: /opt/venv
Installed python packages
numpy
pandas
scipy
matplotlib
jupyterlab
torch, torchvision, torchaudio
R Environment
Installed from the official CRAN repository
Includes the languageserver package for IDE integration
VS Code Extensions
ms-python.python
ms-toolsai.jupyter
REditorSupport.r
ms-toolsai.jupyter-keymap
ms-toolsai.jupyter-renderers
Project Storage and Data Access
You can launch multiple instances of Code-Server simultaneously for different usecases.
Upon launching of a new application you can specify a directory within the project-bucket in MinIO that is periodically synced to the file-system of the Code Server at /kaapana/minio/.
You can also specify a comma-separated list of patterns that should be excluded during the syncing process.
The sync interval is 20 seconds.
If a file is simultaneously changed in MinIO and Code-Server, rclone will resolve this conflict during the next syncronisation.
It does not overwrite either side.
It renames one version with a .conflict suffix.
The file changed in MinIO keeps the original filename.
The file changed in Jupyterlab gets the conflict rename.
For more information check the rclone manual.
Known Limitations of The Environment
JupyterLab VSCode Extension works as expected in Firefox. In Chrome, Jupyter notebook cells may fail to render with a Service Worker SSL error:
Could not initialize webview: Error: Could not register service worker: SecurityError: Failed to register a ServiceWorker for scope (...)
This is a known issue with code-server: https://github.com/coder/code-server/issues/3410
The Jupyter extension does not automatically select the correct Python environment, therefore the users must manually choose /opt/venv/bin/python as the interpreter each time they open a notebook.
The AI chat/agent sidebar introduced in newer code-server versions cannot currently be turned off via settings. Even with configuration options such as:
"chat.disableAIFeatures": true, "chat.agent.enabled": false
the panel still appears in the beginning and must be manually closed. This is a known issue of code-server: https://github.com/coder/code-server/issues/754
Collabora
Extension Development Kit (EDK)
Starting from v0.4.0, Kaapana provides an extension development environment where users can build extensions directly inside the platform.
EDK deploys a VS Code server environment for the development of container images and Helm charts, and a local registry where the built container images can be pushed to or pulled from.
Note that currently, EDK only includes ease-of-use scripts for workflow extensions, not for application extensions.
Once you install EDK, proceed to the VS Code server by using the first link next to the application name. There are a couple of scripts for building images, charts, or directly an entire extension. Please refer to the README.md inside for more details.
To initialize the development environment, navigate to cd /kaapana/app and run ./init.sh inside the terminal. This script builds all the Kaapana base images and pushes them to the local registry. Once it completes, you can check the images in the local registry by following the second link.
For convenience, the init script copies an example pyradiomics extractor DAG under the dag folder. You can build this extension directly by running ./build_extension.sh --dir /kaapana/app/dag/pyradiomics-feature-extractor. After this command is successfully executed, the extension should be available on the Extensions page (make sure that you change the Version filter to “All” on the Extensions page).
This example DAG can be used as a template for building your own extensions. The easiest way to start modifying it is to change the script processing-containers/pyradiomics-feature-extractor/files/extract_features.py and rebuild it. This only changes the container that the operator PyradiomicsExtractorOperator pulls, and the rest of the DAG stays the same.
Once you have a better understanding of this DAG, you can start adapting the DAG definition file or even add more operators and containers that they pull. In the end, you should be able to write and deploy your own custom workflow extensions directly inside EDK and test them easily on your platform.
JupyterLab
JupyterLab is an excellent tool to swiftly analyse data stored to the MinIO object store. It comes preinstalled with a wide array of commonly used Python packages for data analysis. While JupyterLab is great for exploratory data analysis, for more complex calculations, consider developing a dedicated Workflow Extension.
You can launch multiple instances of JupyterLab simultaneously for different usecases. Each instance has access to a directory inside the project bucket in MinIO. You can specify this directory, when you launch a new instance in the extensions view. Files in this directory are periodically synced bidirectionally between MinIO and the JupyterLab instance. You can also specify a comma-separated list of file patterns that should be excluded during the syncing process. Note, that the sync interval is 20 seconds. If a file is simultaneously changed in MinIO and JupyterLab, rclone will resolve this conflict during the next syncronisation.
It does not overwrite either side.
It renames one version with a .conflict suffix.
The file changed in MinIO keeps the original filename.
The file changed in Jupyterlab gets the conflict rename.
For more information check the rclone manual.
MinIO Sync
Bidirectional: Syncs files from the host to minio and back
Host2Minio: Syncs files undirectional form host into minio
Minio2Host: Syncs files undirectional from MINIO to the host
MITK Workbench
The MITK Workbench is an instance of MITK running in a container and available to users via Virtual Network Computing (VNC). Multiple instances of MITK can be deployed simultaneously. For each deployment a dedicated MinIO bucket is created, named after the respective MITK instance. To import data into the running MITK container, upload your data to the /input directory within this MinIO bucket. All data stored at this path of the MinIO bucket will be transferred to the /input directory of the MITK container. If you wish to retrieve your results from the MITK application, ensure to save them to the /output directory within the MITK container. Any data placed in this directory will be automatically transferred to the /output directory within the dedicated MinIO bucket.
Slicer Workbench
The Slicer workbench is an instance of 3D Slicer running in a container and available to users via Virtual Network Computing (VNC). Multiple instances of Slicer can be deployed simultaneously. For each deployment a dedicated MinIO bucket is created, named after the respective Slicer instance. To import data into the running Slicer container, upload your data to the /input directory within this MinIO bucket. All data stored at this path of the MinIO bucket will be transferred to the /input directory of the Slicer container. If you wish to retrieve your results from the Slicer application, ensure to save them to the /output directory within the Slicer container. Any data placed in this directory will be automatically transferred to the /output directory within the dedicated MinIO bucket.
Tensorboard
Tensorboard can be launched to analyse results generated during a training. Multiple instances of Tensorboard can be deployed simultaneously. For each deployment a dedicated MinIO bucket is created, named after the respective Tensorboard instance. Data stored within this bucket are available to the Tensorboard application.
New Registry
This extension can be used to access container images from custom registries. The Development Guide explains detailed steps how to install a workflow extension from a custom registry.
Each instance of New Registry creates a registry-secret either in the Service-Secret scope for pulling images on a system level or in the Project-Secret scope in a single project for pulling processing-container images. Therefore, you might have to install the same registry in multiple scopes. You can select the scope when you launch the extension.
Configuration
display_name: Choose a unique and identifiable name for each instance of New Registry, e.g. REGISTRY-<project-name>-<registry-name> or REGISTRY-service-<registry-name>. Only use alphanumerical charackters and dots, dashes, and underscores.
secret_scope: Defines the scope of the secret
Service-Secret: Install the secret for system-wide functionalities like installing a new workflow extension
Project-Secret: Install the secret in the selected project for pulling processing-containers
custom_registry_url: This should be the absolute URL to the registry containing protocol and port: <protocol>://<registry>:<port>/<repository>
credentials_curstom_registry_username: The username to access the registry
credentials_curstom_registry_password: The password to access the registry
test_pull_image: This is an optional configuration if you want to test, if the connection to the registry works. You can specify an image that will be pulled after launching the extensions, e.g. <registry>:<port>/<repository>/<image>:<tag> Don’t specify the protocol here.
Installation errors
Common reasons for installation errors are:
You can only launch a single New Registry instance per registry in the Service-Secret scope.
You can only launch a single New Registry instance per registry and project for the Project-Secret scope.
The display_name must only contain supported charackters.