helm/reana/templates/reana-workflow-controller.yaml

---
apiVersion: v1
kind: Service
metadata:
  name: {{ include "reana.prefix" . }}-workflow-controller
  namespace: {{ .Release.Namespace }}
spec:
  type: "NodePort"
  ports:
  - port: 80
    targetPort: 5000
    name: "http"
    protocol: TCP
  selector:
      app: {{ include "reana.prefix" . }}-workflow-controller
---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: {{ include "reana.prefix" . }}-workflow-controller
  namespace: {{ .Release.Namespace }}
spec:
  replicas: 1
  selector:
    matchLabels:
      app: {{ include "reana.prefix" . }}-workflow-controller
  template:
    metadata:
      labels:
        app: {{ include "reana.prefix" . }}-workflow-controller
    spec:
      serviceAccountName: {{ include "reana.prefixed_infrastructure_svaccount_name" . }}
      containers:
      - name: rest-api
        image: {{ .Values.components.reana_workflow_controller.image }}
        imagePullPolicy: {{ .Values.components.reana_workflow_controller.imagePullPolicy }}
        ports:
        - containerPort: 5000
          name: http
        {{- if .Values.debug.enabled }}
        command: ["/bin/sh","-c"]
        args: ["flask run --host=0.0.0.0"]
        tty: true
        stdin: true
        {{- end }}
        volumeMounts:
          {{- if .Values.debug.enabled }}
          - mountPath: /code
            name: reana-code
          {{- end }}
          - mountPath: {{ .Values.shared_storage.shared_volume_mount_path }}
            name: reana-shared-volume
          {{- range $workspace_paths := .Values.workspaces.paths }}
          {{- if ne (typeOf $workspace_paths) "string" -}}
          {{- fail "The workspaces.paths should be a list of strings e.g node_host_path:pod_mount_path" -}}
          {{- end }}
          {{- $workspace_path := split ":" $workspace_paths }}
          {{- if and (ne $workspace_path._0 $.Values.shared_storage.hostpath.root_path) (ne $workspace_path._1 $.Values.shared_storage.shared_volume_mount_path) }}
          - name: {{ $workspace_path._0 | quote | replace "/" "" }}
            mountPath: {{ $workspace_path._1 }}
          {{- end }}
          {{- end }}
        env:
          - name: REANA_COMPONENT_PREFIX
            value: {{ include "reana.prefix" . }}
          - name: REANA_INFRASTRUCTURE_KUBERNETES_NAMESPACE
            value: {{ .Release.Namespace }}
          - name: REANA_RUNTIME_KUBERNETES_NAMESPACE
            value: {{ .Values.namespace_runtime | default .Release.Namespace }}
          - name: REANA_DEFAULT_QUOTA_CPU_LIMIT
            value: {{ .Values.quota.default_cpu_limit | default 0 | quote }}
          - name: REANA_DEFAULT_QUOTA_DISK_LIMIT
            value: {{ .Values.quota.default_disk_limit | default 0 | quote }}
          {{- if .Values.quota.enabled }}
          - name: REANA_WORKFLOW_TERMINATION_QUOTA_UPDATE_POLICY
            value: {{ .Values.quota.termination_update_policy | default "disk,cpu" }}
          {{- end }}
          {{- if .Values.naming_scheme }}
          - name: REANA_COMPONENT_NAMING_SCHEME
            value: {{ .Values.naming_scheme }}
          {{- end }}
          - name: WORKSPACE_PATHS
            value: {{ .Values.workspaces.paths | toJson | quote }}
          {{- range $key, $value := .Values.db_env_config }}
          - name: {{ $key }}
            value: {{ $value | quote }}
          {{- end }}
          {{- range $key, $value := .Values.components.reana_workflow_controller.environment }}
          - name: {{ $key }}
            value: {{ $value | quote }}
          {{- end }}
          - name: REANA_INFRASTRUCTURE_KUBERNETES_SERVICEACCOUNT_NAME
            value: {{ include "reana.prefixed_infrastructure_svaccount_name" . }}
          {{- if .Values.namespace_runtime }}
          - name: REANA_RUNTIME_KUBERNETES_SERVICEACCOUNT_NAME
            value: {{ include "reana.prefixed_runtime_svaccount_name" . }}
          {{- end }}
          {{- if .Values.node_label_runtimebatch }}
          - name: REANA_RUNTIME_BATCH_KUBERNETES_NODE_LABEL
            value: {{ .Values.node_label_runtimebatch }}
          {{- end }}
          {{- if .Values.node_label_runtimejobs }}
          - name: REANA_RUNTIME_JOBS_KUBERNETES_NODE_LABEL
            value: {{ .Values.node_label_runtimejobs }}
          {{- end }}
          {{- if .Values.node_label_runtimesessions }}
          - name: REANA_RUNTIME_SESSIONS_KUBERNETES_NODE_LABEL
            value: {{ .Values.node_label_runtimesessions }}
          {{- end }}
          {{- if .Values.kubernetes_jobs_max_user_memory_limit }}
          - name: REANA_KUBERNETES_JOBS_MAX_USER_MEMORY_LIMIT
            value: {{ .Values.kubernetes_jobs_max_user_memory_limit }}
          {{- end }}
          - name: REANA_KUBERNETES_JOBS_MEMORY_LIMIT
            value: {{ .Values.kubernetes_jobs_memory_limit | default "4Gi" }}
          - name: REANA_JOB_CONTROLLER_IMAGE
            value: {{ .Values.components.reana_job_controller.image }}
          - name: REANA_WORKFLOW_ENGINE_IMAGE_CWL
            value: {{ .Values.components.reana_workflow_engine_cwl.image }}
          - name: REANA_WORKFLOW_ENGINE_IMAGE_YADAGE
            value: {{ .Values.components.reana_workflow_engine_yadage.image }}
          - name: REANA_WORKFLOW_ENGINE_IMAGE_SERIAL
            value: {{ .Values.components.reana_workflow_engine_serial.image }}
          - name: REANA_WORKFLOW_ENGINE_IMAGE_SNAKEMAKE
            value: {{ .Values.components.reana_workflow_engine_snakemake.image }}
          {{- if .Values.reana_hostname }}
          - name: REANA_HOSTNAME
            value: {{ .Values.reana_hostname }}
          {{- end }}
          {{- if .Values.eos.enabled }}
          - name: K8S_CERN_EOS_AVAILABLE
            value: "True"
          {{ end }}
          {{- if not (eq .Values.shared_storage.backend "hostpath") }}
          - name: REANA_STORAGE_BACKEND
            value: "network"
          {{ end }}
          - name: REANA_GITLAB_HOST
            valueFrom:
              secretKeyRef:
                name: {{ include "reana.prefix" . }}-cern-gitlab-secrets
                key: REANA_GITLAB_HOST
          - name: REANA_SECRET_KEY
            valueFrom:
              secretKeyRef:
                name: {{ include "reana.prefix" . }}-secrets
                key: REANA_SECRET_KEY
          {{- if .Values.debug.enabled }}
          - name: WDB_SOCKET_SERVER
            value: "{{ include "reana.prefix" . }}-wdb"
          - name: WDB_NO_BROWSER_AUTO_OPEN
            value: "True"
          - name: FLASK_ENV
            value:  "development"
          # Hack to not verify SSL connections https://stackoverflow.com/questions/48391750/disable-python-requests-ssl-validation-for-an-imported-module
          - name: CURL_CA_BUNDLE
            value: ""
          - name: GIT_SSL_NO_VERIFY
            value: "true"
          {{- else }}
          - name: REANA_DB_USERNAME
            valueFrom:
              secretKeyRef:
                name: {{ include "reana.prefix" . }}-db-secrets
                key: user
          - name: REANA_DB_PASSWORD
            valueFrom:
              secretKeyRef:
                name: {{ include "reana.prefix" . }}-db-secrets
                key: password
          {{ end }}
      - name: job-status-consumer
        image: {{ .Values.components.reana_workflow_controller.image }}
        imagePullPolicy: {{ .Values.components.reana_workflow_controller.imagePullPolicy }}
        command: ["flask", "consume-job-queue"]
        volumeMounts:
          {{- if .Values.debug.enabled }}
          - mountPath: /code
            name: reana-code
          {{- end }}
          - mountPath: {{ .Values.shared_storage.shared_volume_mount_path }}
            name: reana-shared-volume
        env:
        - name: REANA_COMPONENT_PREFIX
          value: {{ include "reana.prefix" . }}
        - name: REANA_INFRASTRUCTURE_KUBERNETES_NAMESPACE
          value: {{ .Release.Namespace }}
        - name: REANA_RUNTIME_KUBERNETES_NAMESPACE
          value: {{ .Values.namespace_runtime | default .Release.Namespace }}
        {{- if .Values.quota.enabled }}
        - name: REANA_WORKFLOW_TERMINATION_QUOTA_UPDATE_POLICY
          value: {{ .Values.quota.termination_update_policy | default "disk,cpu" }}
        {{- end }}
        {{- range $key, $value := .Values.db_env_config }}
        - name: {{ $key }}
          value: {{ $value | quote }}
        {{- end }}
        {{- range $key, $value := .Values.components.reana_workflow_controller.environment }}
        - name: {{ $key }}
          value: {{ $value | quote }}
        {{- end }}
        {{- if .Values.reana_hostname }}
        - name: REANA_HOSTNAME
          value: {{ .Values.reana_hostname }}
        {{- end }}
        {{- if .Values.debug.enabled }}
        - name: WDB_SOCKET_SERVER
          value: "{{ include "reana.prefix" . }}-wdb"
        - name: WDB_NO_BROWSER_AUTO_OPEN
          value: "True"
        - name: FLASK_ENV
          value:  "development"
        # Hack to not verify SSL connections https://stackoverflow.com/questions/48391750/disable-python-requests-ssl-validation-for-an-imported-module
        - name: CURL_CA_BUNDLE
          value: ""
        - name: GIT_SSL_NO_VERIFY
          value: "true"
        {{- else }}
        - name: REANA_DB_USERNAME
          valueFrom:
            secretKeyRef:
              name: {{ include "reana.prefix" . }}-db-secrets
              key: user
        - name: REANA_DB_PASSWORD
          valueFrom:
            secretKeyRef:
              name: {{ include "reana.prefix" . }}-db-secrets
              key: password
        {{ end }}
        - name: REANA_GITLAB_HOST
          valueFrom:
            secretKeyRef:
              name: {{ include "reana.prefix" . }}-cern-gitlab-secrets
              key: REANA_GITLAB_HOST
      volumes:
      - name: reana-shared-volume
        {{- if not (eq .Values.shared_storage.backend "hostpath") }}
        persistentVolumeClaim:
          claimName: {{ include "reana.prefix" . }}-shared-persistent-volume
          readOnly: false
        {{- else }}
        hostPath:
          path: {{ .Values.shared_storage.hostpath.root_path }}
        {{- end }}
      {{- if .Values.debug.enabled }}
      - name: reana-code
        hostPath:
          path: /code/reana-workflow-controller
      {{- end }}
      {{- if .Values.node_label_infrastructure }}
      {{- $full_label := split "=" .Values.node_label_infrastructure }}
      nodeSelector:
        {{ $full_label._0 }}: {{ $full_label._1 }}
      {{- end }}
      {{- range $workspace_paths := .Values.workspaces.paths }}
      {{- $workspace_path := split ":" $workspace_paths }}
      {{- if and (ne $workspace_path._0 $.Values.shared_storage.hostpath.root_path) (ne $workspace_path._1 $.Values.shared_storage.shared_volume_mount_path) }}
      - name: {{ $workspace_path._0 | quote | replace "/" "" }}
        hostPath:
          path: {{ $workspace_path._0 }}
      {{- end }}
      {{- end }}