Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat: multiple improvements for REANA 0.9.4 #847

Merged
merged 4 commits into from
Nov 23, 2024
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
15 changes: 9 additions & 6 deletions helm/reana/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -98,15 +98,18 @@ This Helm automatically prefixes all names using the release name to avoid colli
| `reana_hostname` | REANA hostname (e.g. reana.example.org) | None |
| `namespace_runtime` | Namespace in which the REANA runtime pods (workflow engines, jobs etc...) will run | `.Release.Namespace` |
| `naming_scheme` | REANA component naming scheme | None |
| `secrets.cache.password` | **[Do not save it in `values.yaml`, pass it to Helm with `--set`]** Cache (Redis) password | None |
| `secrets.cern.sso.CERN_CONSUMER_KEY` | CERN SSO consumer key | None |
| `secrets.cern.sso.CERN_CONSUMER_SECRET` | **[Do not use in production, use secrets instead]** CERN SSO consumer secret | None |
| `secrets.database.password` | **[Do not use in production, use secrets instead]** PostgreSQL database password | None |
| `secrets.cern.sso.CERN_CONSUMER_SECRET` | **[Do not save it in `values.yaml`, pass it to Helm with `--set`]** CERN SSO consumer secret | None |
| `secrets.database.password` | **[Do not save it in `values.yaml`, pass it to Helm with `--set`]** PostgreSQL database password | None |
| `secrets.database.user` | PostgreSQL database username | None |
| `secrets.gitlab.REANA_GITLAB_HOST` | Hostname of the GitLab instance | None |
| `secrets.gitlab.REANA_GITLAB_OAUTH_APP_ID` | GitLab OAuth application id | None |
| `secrets.gitlab.REANA_GITLAB_OAUTH_APP_SECRET` | **[Do not use in production, use secrets instead]** GitLab OAuth application secret | None |
| `secrets.login` | **[Do not use in production, use secrets instead]** Third-party Keycloak identity provider consumer key and secret ([configuration details](https://docs.reana.io/administration/configuration/configuring-access/#keycloak-single-sign-on-configuration)) | `{}` |
| `secrets.reana.REANA_SECRET_KEY` | **[Do not use in production, use secrets instead]** REANA encryption secret key | None |
| `secrets.gitlab.REANA_GITLAB_OAUTH_APP_SECRET` | **[Do not save it in `values.yaml`, pass it to Helm with `--set`]** GitLab OAuth application secret | None |
| `secrets.login` | **[Do not save it in `values.yaml`, pass it to Helm with `--set`]** Third-party Keycloak identity provider consumer key and secret ([configuration details](https://docs.reana.io/administration/configuration/configuring-access/#keycloak-single-sign-on-configuration)) | `{}` |
| `secrets.message_broker.user` | Message broker (RabbitMQ) username. | test |
| `secrets.message_broker.password` | **[Do not save it in `values.yaml`, pass it to Helm with `--set`]** Message broker (RabbitMQ) password | 1234 |
| `secrets.reana.REANA_SECRET_KEY` | **[Do not save it in `values.yaml`, pass it to Helm with `--set`]** REANA encryption secret key | None |
| `serviceAccount.create` | Create a service account for the REANA system user | true |
| `serviceAccount.name` | Service account name | reana |
| `shared_storage.access_modes` | Shared volume access mode | ReadWriteMany |
Expand All @@ -118,7 +121,7 @@ This Helm automatically prefixes all names using the release name to avoid colli
| `shared_storage.cephfs.os_secret_namespace` | **[CERN only]** Namespace of the OpenStack credentials Secret object | kube-system |
| `shared_storage.cephfs.provisioner` | **[CERN only]** CephFS provisioner | manila-provisioner |
| `shared_storage.cephfs.type` | **[CERN only]** CephFS availability zone | "Geneva CephFS Testing" |
| `shared_storage.volume_size`               | Shared volume size | 200 |
| `shared_storage.volume_size` | Shared volume size | 200 |
| `shared_storage.shared_volume_mount_path` | Path inside the REANA components where the shared volume will be mounted | /var/reana |
| `shared_storage.hostpath.root_path` | Path to the REANA directory inside the underlying storage volume | /var/reana |
| `traefik.*` | Pass any value from [Traefik Helm chart values](https://github.com/helm/charts/tree/master/stable/traefik#configuration) here, e.g. `traefik.rbac.enabled=true` | - |
Expand Down
26 changes: 26 additions & 0 deletions helm/reana/templates/reana-cache.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -13,6 +13,23 @@ spec:
targetPort: 6379
protocol: TCP
---
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
name: {{ include "reana.prefix" . }}-cache
namespace: {{ .Release.Namespace }}
spec:
podSelector:
matchLabels:
app: {{ include "reana.prefix" . }}-cache
policyTypes:
- Ingress
ingress:
- from:
- podSelector:
matchLabels:
app: {{ include "reana.prefix" . }}-server
---
apiVersion: apps/v1
kind: Deployment
metadata:
Expand All @@ -31,6 +48,15 @@ spec:
containers:
- name: cache
image: docker.io/library/redis:5.0.5
env:
- name: REANA_CACHE_PASSWORD
valueFrom:
secretKeyRef:
name: {{ include "reana.prefix" . }}-cache-secrets
key: password
args:
- "--requirepass"
- "$(REANA_CACHE_PASSWORD)"
ports:
- containerPort: 6379
{{- if .Values.node_label_infrastructure }}
Expand Down
15 changes: 15 additions & 0 deletions helm/reana/templates/reana-message-broker.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -45,11 +45,26 @@ spec:
- name: message-broker
image: {{ .Values.components.reana_message_broker.image }}
imagePullPolicy: {{ .Values.components.reana_message_broker.imagePullPolicy }}
env:
- name: RABBIT_MQ_USER
valueFrom:
secretKeyRef:
name: {{ include "reana.prefix" . }}-message-broker-secrets
key: user
- name: RABBIT_MQ_PASS
valueFrom:
secretKeyRef:
name: {{ include "reana.prefix" . }}-message-broker-secrets
key: password
ports:
- containerPort: 5672
name: tcp
- containerPort: 15672
name: management
command:
- "/start.sh"
- "$(RABBIT_MQ_USER)"
- "$(RABBIT_MQ_PASS)"
volumeMounts:
- mountPath: /var/lib/rabbitmq/mnesia
subPath: rabbitmq/mnesia
Expand Down
25 changes: 25 additions & 0 deletions helm/reana/templates/reana-server.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -151,6 +151,21 @@ spec:
secretKeyRef:
name: {{ include "reana.prefix" . }}-secrets
key: REANA_SECRET_KEY
- name: REANA_CACHE_PASSWORD
valueFrom:
secretKeyRef:
name: {{ include "reana.prefix" . }}-cache-secrets
key: password
- name: RABBIT_MQ_USER
valueFrom:
secretKeyRef:
name: {{ include "reana.prefix" . }}-message-broker-secrets
key: user
- name: RABBIT_MQ_PASS
valueFrom:
secretKeyRef:
name: {{ include "reana.prefix" . }}-message-broker-secrets
key: password
{{- if .Values.debug.enabled }}
# Disable CORS in development environment, for example
# to connect from an external React application.
Expand Down Expand Up @@ -277,6 +292,16 @@ spec:
name: {{ include "reana.prefix" $ }}-login-provider-secrets
key: PROVIDER_SECRETS
{{- end }}
- name: RABBIT_MQ_USER
valueFrom:
secretKeyRef:
name: {{ include "reana.prefix" . }}-message-broker-secrets
key: user
- name: RABBIT_MQ_PASS
valueFrom:
secretKeyRef:
name: {{ include "reana.prefix" . }}-message-broker-secrets
key: password
volumes:
- name: reana-shared-volume
{{- if not (eq .Values.shared_storage.backend "hostpath") }}
Expand Down
20 changes: 20 additions & 0 deletions helm/reana/templates/reana-workflow-controller.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -206,6 +206,16 @@ spec:
name: {{ include "reana.prefix" . }}-db-secrets
key: password
{{ end }}
- name: RABBIT_MQ_USER
valueFrom:
secretKeyRef:
name: {{ include "reana.prefix" . }}-message-broker-secrets
key: user
- name: RABBIT_MQ_PASS
valueFrom:
secretKeyRef:
name: {{ include "reana.prefix" . }}-message-broker-secrets
key: password
- name: job-status-consumer
image: {{ .Values.components.reana_workflow_controller.image }}
imagePullPolicy: {{ .Values.components.reana_workflow_controller.imagePullPolicy }}
Expand Down Expand Up @@ -269,6 +279,16 @@ spec:
secretKeyRef:
name: {{ include "reana.prefix" . }}-cern-gitlab-secrets
key: REANA_GITLAB_HOST
- name: RABBIT_MQ_USER
valueFrom:
secretKeyRef:
name: {{ include "reana.prefix" . }}-message-broker-secrets
key: user
- name: RABBIT_MQ_PASS
valueFrom:
secretKeyRef:
name: {{ include "reana.prefix" . }}-message-broker-secrets
key: password
volumes:
- name: reana-shared-volume
{{- if not (eq .Values.shared_storage.backend "hostpath") }}
Expand Down
23 changes: 23 additions & 0 deletions helm/reana/templates/secrets.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -13,6 +13,29 @@ data:
---
apiVersion: v1
kind: Secret
metadata:
name: {{ include "reana.prefix" . }}-cache-secrets
namespace: {{ .Release.Namespace }}
annotations:
"helm.sh/resource-policy": keep
type: Opaque
data:
password: {{ .Values.secrets.cache.password | default "" | b64enc | quote }}
---
apiVersion: v1
kind: Secret
metadata:
name: {{ include "reana.prefix" . }}-message-broker-secrets
namespace: {{ .Release.Namespace }}
annotations:
"helm.sh/resource-policy": keep
type: Opaque
data:
user: {{ .Values.secrets.message_broker.user | default "test" | b64enc | quote }}
password: {{ .Values.secrets.message_broker.password | default "1234" | b64enc | quote }}
---
apiVersion: v1
kind: Secret
metadata:
name: {{ include "reana.prefix" . }}-cern-sso-secrets
namespace: {{ .Release.Namespace }}
Expand Down
2 changes: 2 additions & 0 deletions helm/reana/values.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -49,6 +49,8 @@ infrastructure_storage: {}

secrets:
database: {}
cache: {}
message_broker: {}
gitlab: {}
cern:
sso: {}
Expand Down
Loading