From 824b347925fd8c1a006d777a37e131916fff4028 Mon Sep 17 00:00:00 2001 From: Diego Rodriguez Date: Thu, 11 Jun 2020 14:54:42 +0200 Subject: [PATCH] templates: add optional runtime namespace * Allows having two different namespaces for infrastructure and runtime pods (closes #268). --- helm/reana/README.md | 2 ++ helm/reana/templates/_helpers.tpl | 6 ++++++ helm/reana/templates/reana-server.yaml | 10 +++++++++- .../templates/reana-workflow-controller.yaml | 18 +++++++++++++----- helm/reana/templates/roles.yaml | 7 ++++++- helm/reana/templates/serviceaccount.yaml | 16 +++++++++++++++- 6 files changed, 51 insertions(+), 8 deletions(-) diff --git a/helm/reana/README.md b/helm/reana/README.md index 5e34a2c8..b6a05626 100644 --- a/helm/reana/README.md +++ b/helm/reana/README.md @@ -41,6 +41,8 @@ This Helm automatically prefixes all names using the release name to avoid colli | `notifications.email_config.smtp_port` | SMTP email server port | None | | `notifications.enabled` | Enable REANA system events notifications | false | | `notifications.system_status` | Cronjob pattern representing how often the system status notification should be sent. Leave it empty to deactivate it | "0 0 * * *" | +| `reana_url` | REANA URL host | None | +| `default_runtime_namespace` | Namespace in which the REANA runtime pods (workflow engines, jobs etc...) will run | None | | `secrets.cern.sso.CERN_CONSUMER_KEY` | CERN SSO consumer key | None | | `secrets.cern.sso.CERN_CONSUMER_SECRET` | **[Do not use in production, use secrets instead]** CERN SSO consumer secret | None | | `secrets.database.pasword` | **[Do not use in production, use secrets instead]** PostgreSQL database password | None | diff --git a/helm/reana/templates/_helpers.tpl b/helm/reana/templates/_helpers.tpl index c37d80e7..4ef4f0c2 100644 --- a/helm/reana/templates/_helpers.tpl +++ b/helm/reana/templates/_helpers.tpl @@ -24,3 +24,9 @@ naming spec: `my-reana-batch-yadage-3c640169-d3b7-41ad-9c09-392c903fc1d8` {{- define "reana.prefixed_svaccount_name" -}} {{- include "reana.prefix" . -}}-{{- .Values.serviceAccount.name -}} {{- end -}} +{{- define "reana.prefixed_infrastructure_svaccount_name" -}} +{{- include "reana.prefixed_svaccount_name" . -}}-infrastructure +{{- end -}} +{{- define "reana.prefixed_runtime_svaccount_name" -}} +{{- include "reana.prefixed_svaccount_name" . -}}-runtime +{{- end -}} \ No newline at end of file diff --git a/helm/reana/templates/reana-server.yaml b/helm/reana/templates/reana-server.yaml index 97170379..da09072b 100644 --- a/helm/reana/templates/reana-server.yaml +++ b/helm/reana/templates/reana-server.yaml @@ -29,7 +29,7 @@ spec: labels: app: {{ include "reana.prefix" . }}-server spec: - serviceAccountName: {{ include "reana.prefixed_svaccount_name" . }} + serviceAccountName: {{ include "reana.prefixed_infrastructure_svaccount_name" . }} containers: - name: rest-api image: {{ .Values.components.reana_server.image }} @@ -58,6 +58,10 @@ spec: env: - name: REANA_COMPONENT_PREFIX value: {{ include "reana.prefix" . }} + - name: REANA_INFRASTRUCTURE_KUBERNETES_NAMESPACE + value: {{ .Release.Namespace }} + - name: REANA_RUNTIME_KUBERNETES_NAMESPACE + value: {{ .Values.default_runtime_namespace | default .Release.Namespace }} {{- range $key, $value := .Values.db_env_config }} - name: {{ $key }} value: {{ $value | quote }} @@ -169,6 +173,10 @@ spec: env: - name: REANA_COMPONENT_PREFIX value: {{ include "reana.prefix" . }} + - name: REANA_INFRASTRUCTURE_KUBERNETES_NAMESPACE + value: {{ .Release.Namespace }} + - name: REANA_RUNTIME_KUBERNETES_NAMESPACE + value: {{ .Values.default_runtime_namespace | default .Release.Namespace }} {{- range $key, $value := .Values.db_env_config }} - name: {{ $key }} value: {{ $value | quote }} diff --git a/helm/reana/templates/reana-workflow-controller.yaml b/helm/reana/templates/reana-workflow-controller.yaml index 1c9dbb95..f784490d 100644 --- a/helm/reana/templates/reana-workflow-controller.yaml +++ b/helm/reana/templates/reana-workflow-controller.yaml @@ -29,7 +29,7 @@ spec: labels: app: {{ include "reana.prefix" . }}-workflow-controller spec: - serviceAccountName: {{ include "reana.prefixed_svaccount_name" . }} + serviceAccountName: {{ include "reana.prefixed_infrastructure_svaccount_name" . }} containers: - name: rest-api image: {{ .Values.components.reana_workflow_controller.image }} @@ -53,8 +53,10 @@ spec: env: - name: REANA_COMPONENT_PREFIX value: {{ include "reana.prefix" . }} - - name: REANA_KUBERNETES_NAMESPACE + - name: REANA_INFRASTRUCTURE_KUBERNETES_NAMESPACE value: {{ .Release.Namespace }} + - name: REANA_RUNTIME_KUBERNETES_NAMESPACE + value: {{ .Values.default_runtime_namespace | default .Release.Namespace }} {{- if .Values.naming_scheme }} - name: REANA_COMPONENT_NAMING_SCHEME value: {{ .Values.naming_scheme }} @@ -67,8 +69,12 @@ spec: - name: {{ $key }} value: {{ $value | quote }} {{- end }} - - name: K8S_REANA_SERVICE_ACCOUNT_NAME - value: {{ include "reana.prefixed_svaccount_name" . }} + - name: REANA_INFRASTRUCTURE_KUBERNETES_SERVICEACCOUNT_NAME + value: {{ include "reana.prefixed_infrastructure_svaccount_name" . }} + {{- if .Values.default_runtime_namespace }} + - name: REANA_RUNTIME_KUBERNETES_SERVICEACCOUNT_NAME + value: {{ include "reana.prefixed_runtime_svaccount_name" . }} + {{- end }} - name: REANA_JOB_CONTROLLER_IMAGE value: {{ .Values.components.reana_job_controller.image }} - name: REANA_WORKFLOW_ENGINE_IMAGE_CWL @@ -137,8 +143,10 @@ spec: env: - name: REANA_COMPONENT_PREFIX value: {{ include "reana.prefix" . }} - - name: REANA_KUBERNETES_NAMESPACE + - name: REANA_INFRASTRUCTURE_KUBERNETES_NAMESPACE value: {{ .Release.Namespace }} + - name: REANA_RUNTIME_KUBERNETES_NAMESPACE + value: {{ .Values.default_runtime_namespace | default .Release.Namespace }} {{- range $key, $value := .Values.db_env_config }} - name: {{ $key }} value: {{ $value | quote }} diff --git a/helm/reana/templates/roles.yaml b/helm/reana/templates/roles.yaml index b162f7ba..e4f4fe92 100644 --- a/helm/reana/templates/roles.yaml +++ b/helm/reana/templates/roles.yaml @@ -30,5 +30,10 @@ roleRef: name: {{ include "reana.prefix" . }}-deployment-manager subjects: - kind: ServiceAccount - name: {{ include "reana.prefixed_svaccount_name" . }} + name: {{ include "reana.prefixed_infrastructure_svaccount_name" . }} namespace: {{ .Release.Namespace }} +{{- if .Values.default_runtime_namespace }} +- kind: ServiceAccount + name: {{ include "reana.prefixed_runtime_svaccount_name" . }} + namespace: {{ .Values.default_runtime_namespace }} +{{- end }} \ No newline at end of file diff --git a/helm/reana/templates/serviceaccount.yaml b/helm/reana/templates/serviceaccount.yaml index 1245840a..ac1307c8 100644 --- a/helm/reana/templates/serviceaccount.yaml +++ b/helm/reana/templates/serviceaccount.yaml @@ -1,5 +1,19 @@ +--- apiVersion: v1 kind: ServiceAccount metadata: - name: {{ include "reana.prefixed_svaccount_name" . }} + name: {{ include "reana.prefixed_infrastructure_svaccount_name" . }} namespace: {{ .Release.Namespace }} +{{- if .Values.default_runtime_namespace }} +--- +apiVersion: v1 +kind: Namespace +metadata: + name: {{ .Values.default_runtime_namespace }} +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "reana.prefixed_runtime_svaccount_name" . }} + namespace: {{ .Values.default_runtime_namespace }} +{{- end }}