Merge 824b347 into e727c35

.travis.yml

@@ -28,7 +28,7 @@ before_install:
 install:
   - travis_retry pip install -e .[all]
   - mkdir bin
-  - wget https://get.helm.sh/helm-v3.0.2-linux-amd64.tar.gz -O helm.tar.gz
+  - wget https://get.helm.sh/helm-v3.2.1-linux-amd64.tar.gz -O helm.tar.gz
   - tar -xzf helm.tar.gz -C $PWD/bin --strip-components=1
   - chmod +x $PWD/bin/helm
   - export PATH=$PWD/bin:$PATH

CHANGES.rst

@@ -4,6 +4,7 @@ Changes
 Version master (UNRELEASED)
 ---------------------------
 
+- Adds possibility to install REANA in different namespaces than default.
 - Moves to Helm deployment.
 - Adds command to bump common packages versions.
 - Supports prefixing by Helm release name.

Makefile

@@ -194,7 +194,8 @@ deploy: # Deploy/redeploy previously built REANA cluster.
 	if [ $$(docker images | grep -c '<none>') -gt 0 ]; then \
 		docker images | grep '<none>' | awk '{print $$3;}' | xargs docker rmi; \
 	fi && \
-	helm install ${TRUNC_INSTANCE_NAME} helm/reana $(addprefix --set , ${CLUSTER_FLAGS}) $(addprefix -f , ${VALUES_YAML_PATH}) --wait && \
+	helm install ${TRUNC_INSTANCE_NAME} helm/reana $(addprefix --set , ${CLUSTER_FLAGS}) $(addprefix -f , ${VALUES_YAML_PATH}) --wait --namespace ${INSTANCE_NAME} --create-namespace && \
+	kubectl config set-context --current --namespace=${INSTANCE_NAME} && \
 	waited=0 && while true; do \
 		waited=$$(($$waited+${TIMECHECK})); \
 		if [ $$waited -gt ${TIMEOUT} ];then \

helm/reana/README.md

@@ -41,6 +41,8 @@ This Helm automatically prefixes all names using the release name to avoid colli
 | `notifications.email_config.smtp_port`                   | SMTP email server port                                                               | None                                            |
 | `notifications.enabled`                                  | Enable REANA system events notifications                                             | false                                           |
 | `notifications.system_status`                            | Cronjob pattern representing how often the system status notification should be sent. Leave it empty to deactivate it | "0 0 * * *"                                     |
+| `reana_url`                                              | REANA URL host                                                                       | None                                            |
+| `default_runtime_namespace`                              | Namespace in which the REANA runtime pods (workflow engines, jobs etc...) will run   | None                                            |
 | `secrets.cern.sso.CERN_CONSUMER_KEY`                     | CERN SSO consumer key                                                                | None                                            |
 | `secrets.cern.sso.CERN_CONSUMER_SECRET`                  | **[Do not use in production, use secrets instead]** CERN SSO consumer secret         | None                                            |
 | `secrets.database.pasword`                               | **[Do not use in production, use secrets instead]** PostgreSQL database password     | None                                            |
@@ -51,7 +53,6 @@ This Helm automatically prefixes all names using the release name to avoid colli
 | `secrets.reana.REANA_SECRET_KEY`                         | **[Do not use in production, use secrets instead]** REANA encryption secret key     | None                                            |
 | `serviceAccount.create`                                  | Create a service account for the REANA system user                                   | true                                            |
 | `serviceAccount.name`                                    | Service account name                                                                 | reana                                           |
-| `serviceAccount.namespace`                               | Service account namespace                                                            | default                                         |
 | `shared_storage.access_modes`                            | Shared volume access mode                                                            | ReadWriteMany                                   |
 | `shared_storage.backend`                                 | Shared volume storage backend                                                        | hostpath                                        |
 | `shared_storage.cephfs.availability_zone`                | **[CERN only]** OpenStack Availability zone                                          | nova                                            |

helm/reana/templates/_helpers.tpl

@@ -24,3 +24,9 @@ naming spec: `my-reana-batch-yadage-3c640169-d3b7-41ad-9c09-392c903fc1d8`
 {{- define "reana.prefixed_svaccount_name" -}}
 {{- include "reana.prefix" . -}}-{{- .Values.serviceAccount.name -}}
 {{- end -}}
+{{- define "reana.prefixed_infrastructure_svaccount_name" -}}
+{{- include "reana.prefixed_svaccount_name" . -}}-infrastructure
+{{- end -}}
+{{- define "reana.prefixed_runtime_svaccount_name" -}}
+{{- include "reana.prefixed_svaccount_name" . -}}-runtime
+{{- end -}}

helm/reana/templates/announcement-config.yaml

@@ -3,5 +3,6 @@ apiVersion: v1
 kind: ConfigMap
 metadata:
   name: announcement-config
+  namespace: {{ .Release.Namespace }}
 data:
   announcement: ""

helm/reana/templates/cronjobs.yaml

@@ -4,6 +4,7 @@ apiVersion: batch/v1beta1
 kind: CronJob
 metadata:
   name: {{ include "reana.prefix" . }}-system-status
+  namespace: {{ .Release.Namespace }}
 spec:
   schedule: "{{ .Values.notifications.system_status }}"
   jobTemplate:

helm/reana/templates/ingress.yaml

@@ -7,6 +7,7 @@ apiVersion: extensions/v1beta1
 kind: Ingress
 metadata:
   name: {{ include "reana.prefix" . }}-ingress
+  namespace: {{ .Release.Namespace }}
   {{- with .Values.ingress.annotations }}
   annotations:
     {{- toYaml . | nindent 4 }}

helm/reana/templates/kerberos-config.yaml

@@ -3,6 +3,7 @@ apiVersion: v1
 kind: ConfigMap
 metadata:
   name: {{ include "reana.prefix" . }}-krb5-conf
+  namespace: {{ .Release.Namespace }}
 data:
   krb5.conf: |
         [libdefaults]

helm/reana/templates/reana-cache.yaml

@@ -3,6 +3,7 @@ apiVersion: v1
 kind: Service
 metadata:
   name: {{ include "reana.prefix" . }}-cache
+  namespace: {{ .Release.Namespace }}
 spec:
   type: NodePort
   selector:
@@ -16,6 +17,7 @@ apiVersion: apps/v1
 kind: Deployment
 metadata:
   name: {{ include "reana.prefix" . }}-cache
+  namespace: {{ .Release.Namespace }}
 spec:
   replicas: 1
   selector:

helm/reana/templates/reana-db.yaml

@@ -4,6 +4,7 @@ apiVersion: v1
 kind: Service
 metadata:
   name: {{ include "reana.prefix" . }}-db
+  namespace: {{ .Release.Namespace }}
 spec:
   type: NodePort
   selector:
@@ -17,6 +18,7 @@ apiVersion: apps/v1
 kind: Deployment
 metadata:
   name: {{ include "reana.prefix" . }}-db
+  namespace: {{ .Release.Namespace }}
 spec:
   replicas: 1
   selector:

helm/reana/templates/reana-mail.yaml

@@ -4,6 +4,7 @@ apiVersion: v1
 kind: Service
 metadata:
   name: {{ include "reana.prefix" . }}-mail
+  namespace: {{ .Release.Namespace }}
 spec:
   type: "NodePort"
   ports:
@@ -24,6 +25,7 @@ apiVersion: apps/v1
 kind: Deployment
 metadata:
   name: {{ include "reana.prefix" . }}-mail
+  namespace: {{ .Release.Namespace }}
 spec:
   replicas: 1
   selector:

helm/reana/templates/reana-message-broker.yaml

@@ -3,6 +3,7 @@ apiVersion: v1
 kind: Service
 metadata:
   name: {{ include "reana.prefix" . }}-message-broker
+  namespace: {{ .Release.Namespace }}
 spec:
   ports:
    - port: 5672
@@ -20,6 +21,7 @@ apiVersion: apps/v1
 kind: Deployment
 metadata:
   name: {{ include "reana.prefix" . }}-message-broker
+  namespace: {{ .Release.Namespace }}
 spec:
   replicas: 1
   selector:

helm/reana/templates/reana-server.yaml

@@ -3,6 +3,7 @@ apiVersion: v1
 kind: Service
 metadata:
   name: {{ include "reana.prefix" . }}-server
+  namespace: {{ .Release.Namespace }}
 spec:
   type: "NodePort"
   ports:
@@ -17,6 +18,7 @@ apiVersion: apps/v1
 kind: Deployment
 metadata:
   name: {{ include "reana.prefix" . }}-server
+  namespace: {{ .Release.Namespace }}
 spec:
   replicas: 1
   selector:
@@ -27,7 +29,7 @@ spec:
       labels:
         app: {{ include "reana.prefix" . }}-server
     spec:
-      serviceAccountName: {{ include "reana.prefixed_svaccount_name" . }}
+      serviceAccountName: {{ include "reana.prefixed_infrastructure_svaccount_name" . }}
       containers:
       - name: rest-api
         image: {{ .Values.components.reana_server.image }}
@@ -56,6 +58,10 @@ spec:
         env:
           - name: REANA_COMPONENT_PREFIX
             value: {{ include "reana.prefix" . }}
+          - name: REANA_INFRASTRUCTURE_KUBERNETES_NAMESPACE
+            value: {{ .Release.Namespace }}
+          - name: REANA_RUNTIME_KUBERNETES_NAMESPACE
+            value: {{ .Values.default_runtime_namespace | default  .Release.Namespace }}
           {{- range $key, $value := .Values.db_env_config }}
           - name: {{ $key }}
             value: {{ $value | quote }}
@@ -167,6 +173,10 @@ spec:
         env:
         - name: REANA_COMPONENT_PREFIX
           value: {{ include "reana.prefix" . }}
+        - name: REANA_INFRASTRUCTURE_KUBERNETES_NAMESPACE
+          value: {{ .Release.Namespace }}
+        - name: REANA_RUNTIME_KUBERNETES_NAMESPACE
+          value: {{ .Values.default_runtime_namespace | default  .Release.Namespace }}
         {{- range $key, $value := .Values.db_env_config }}
         - name: {{ $key }}
           value: {{ $value | quote }}

helm/reana/templates/reana-shared-persistent-volume.yaml

@@ -4,6 +4,7 @@ apiVersion: v1
 kind: PersistentVolumeClaim
 metadata:
   name: {{ include "reana.prefix" . }}-shared-persistent-volume
+  namespace: {{ .Release.Namespace }}
 spec:
   accessModes:
   - {{ .Values.shared_storage.access_modes }}
@@ -18,6 +19,7 @@ apiVersion: storage.k8s.io/v1
 kind: StorageClass
 metadata:
   name: {{ include "reana.prefix" . }}-shared-volume-storage-class
+  namespace: {{ .Release.Namespace }}
 provisioner: {{ .Values.shared_storage.cephfs.provisioner }}
 parameters:
   type: {{ .Values.shared_storage.cephfs.type }}

helm/reana/templates/reana-ui.yaml

@@ -4,6 +4,7 @@ apiVersion: v1
 kind: Service
 metadata:
   name: {{ include "reana.prefix" . }}-ui
+  namespace: {{ .Release.Namespace }}
 spec:
   type: "NodePort"
   ports:
@@ -18,6 +19,7 @@ apiVersion: apps/v1
 kind: Deployment
 metadata:
   name: {{ include "reana.prefix" . }}-ui
+  namespace: {{ .Release.Namespace }}
 spec:
   replicas: 1
   selector:

helm/reana/templates/reana-wdb.yaml

@@ -4,6 +4,7 @@ apiVersion: v1
 kind: Service
 metadata:
   name: {{ include "reana.prefix" . }}-wdb
+  namespace: {{ .Release.Namespace }}
 spec:
   type: "NodePort"
   ports:
@@ -23,6 +24,7 @@ apiVersion: apps/v1
 kind: Deployment
 metadata:
   name: {{ include "reana.prefix" . }}-wdb
+  namespace: {{ .Release.Namespace }}
 spec:
   replicas: 1
   selector:

helm/reana/templates/reana-workflow-controller.yaml

@@ -3,6 +3,7 @@ apiVersion: v1
 kind: Service
 metadata:
   name: {{ include "reana.prefix" . }}-workflow-controller
+  namespace: {{ .Release.Namespace }}
 spec:
   type: "NodePort"
   ports:
@@ -17,6 +18,7 @@ apiVersion: apps/v1
 kind: Deployment
 metadata:
   name: {{ include "reana.prefix" . }}-workflow-controller
+  namespace: {{ .Release.Namespace }}
 spec:
   replicas: 1
   selector:
@@ -27,7 +29,7 @@ spec:
       labels:
         app: {{ include "reana.prefix" . }}-workflow-controller
     spec:
-      serviceAccountName: {{ include "reana.prefixed_svaccount_name" . }}
+      serviceAccountName: {{ include "reana.prefixed_infrastructure_svaccount_name" . }}
       containers:
       - name: rest-api
         image: {{ .Values.components.reana_workflow_controller.image }}
@@ -51,6 +53,10 @@ spec:
         env:
           - name: REANA_COMPONENT_PREFIX
             value: {{ include "reana.prefix" . }}
+          - name: REANA_INFRASTRUCTURE_KUBERNETES_NAMESPACE
+            value: {{ .Release.Namespace }}
+          - name: REANA_RUNTIME_KUBERNETES_NAMESPACE
+            value: {{ .Values.default_runtime_namespace | default  .Release.Namespace }}
           {{- if .Values.naming_scheme }}
           - name: REANA_COMPONENT_NAMING_SCHEME
             value: {{ .Values.naming_scheme }}
@@ -63,8 +69,12 @@ spec:
           - name: {{ $key }}
             value: {{ $value | quote }}
           {{- end }}
-          - name: K8S_REANA_SERVICE_ACCOUNT_NAME
-            value: {{ include "reana.prefixed_svaccount_name" . }}
+          - name: REANA_INFRASTRUCTURE_KUBERNETES_SERVICEACCOUNT_NAME
+            value: {{ include "reana.prefixed_infrastructure_svaccount_name" . }}
+          {{- if .Values.default_runtime_namespace }}
+          - name: REANA_RUNTIME_KUBERNETES_SERVICEACCOUNT_NAME
+            value: {{ include "reana.prefixed_runtime_svaccount_name" . }}
+          {{- end }}
           - name: REANA_JOB_CONTROLLER_IMAGE
             value: {{ .Values.components.reana_job_controller.image }}
           - name: REANA_WORKFLOW_ENGINE_IMAGE_CWL
@@ -133,6 +143,10 @@ spec:
         env:
         - name: REANA_COMPONENT_PREFIX
           value: {{ include "reana.prefix" . }}
+        - name: REANA_INFRASTRUCTURE_KUBERNETES_NAMESPACE
+          value: {{ .Release.Namespace }}
+        - name: REANA_RUNTIME_KUBERNETES_NAMESPACE
+          value: {{ .Values.default_runtime_namespace | default  .Release.Namespace }}
         {{- range $key, $value := .Values.db_env_config }}
         - name: {{ $key }}
           value: {{ $value | quote }}

helm/reana/templates/roles.yaml

@@ -2,8 +2,8 @@
 kind: ClusterRole
 apiVersion: rbac.authorization.k8s.io/v1
 metadata:
-  namespace: default
   name: {{ include "reana.prefix" . }}-deployment-manager
+  namespace: {{ .Release.Namespace }}
 rules:
 - apiGroups: [""] # "" indicates the core API group
   resources: ["nodes", "nodes/status", "pods", "pods/log", "secrets", "persistentvolumeclaims", "configmaps"]
@@ -23,11 +23,17 @@ apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRoleBinding
 metadata:
   name: {{ include "reana.prefix" . }}-manage-deployments
+  namespace: {{ .Release.Namespace }}
 roleRef:
   apiGroup: rbac.authorization.k8s.io
   kind: ClusterRole
   name: {{ include "reana.prefix" . }}-deployment-manager
 subjects:
 - kind: ServiceAccount
-  name: {{ include "reana.prefixed_svaccount_name" . }}
-  namespace: default
+  name: {{ include "reana.prefixed_infrastructure_svaccount_name" . }}
+  namespace: {{ .Release.Namespace }}
+{{- if .Values.default_runtime_namespace }}
+- kind: ServiceAccount
+  name: {{ include "reana.prefixed_runtime_svaccount_name" . }}
+  namespace: {{ .Values.default_runtime_namespace }}
+{{- end }}

helm/reana/templates/secrets.yaml

@@ -3,6 +3,7 @@ apiVersion: v1
 kind: Secret
 metadata:
   name: {{ include "reana.prefix" . }}-db-secrets
+  namespace: {{ .Release.Namespace }}
   annotations:
     "helm.sh/resource-policy": keep
 type: Opaque
@@ -14,6 +15,7 @@ apiVersion: v1
 kind: Secret
 metadata:
   name: {{ include "reana.prefix" . }}-cern-sso-secrets
+  namespace: {{ .Release.Namespace }}
   annotations:
     "helm.sh/resource-policy": keep
 type: Opaque
@@ -25,6 +27,7 @@ apiVersion: v1
 kind: Secret
 metadata:
   name: {{ include "reana.prefix" . }}-cern-gitlab-secrets
+  namespace: {{ .Release.Namespace }}
   annotations:
     "helm.sh/resource-policy": keep
 type: Opaque
@@ -37,6 +40,7 @@ apiVersion: v1
 kind: Secret
 metadata:
   name: {{ include "reana.prefix" . }}-secrets
+  namespace: {{ .Release.Namespace }}
   annotations:
     "helm.sh/resource-policy": keep
 type: Opaque
@@ -48,6 +52,7 @@ apiVersion: v1
 kind: Secret
 metadata:
   name: {{ include "reana.prefix" . }}-mail-notification-sender-password
+  namespace: {{ .Release.Namespace }}
   annotations:
     "helm.sh/resource-policy": keep
 type: Opaque

helm/reana/templates/serviceaccount.yaml

@@ -1,5 +1,19 @@
+---
 apiVersion: v1
 kind: ServiceAccount
 metadata:
-  name: {{ include "reana.prefixed_svaccount_name" . }}
-  namespace: {{ .Values.serviceAccount.namespace }}
+  name: {{ include "reana.prefixed_infrastructure_svaccount_name" . }}
+  namespace: {{ .Release.Namespace }}
+{{- if .Values.default_runtime_namespace }}
+---
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: {{ .Values.default_runtime_namespace }}
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ include "reana.prefixed_runtime_svaccount_name" . }}
+  namespace: {{ .Values.default_runtime_namespace }}
+{{- end }}