feat(helm): connect r-workflow-controller to opensearch (reanahub#827)

jlemesh · Sep 25, 2024 · d3a4ec0 · d3a4ec0
1 parent d964344
commit d3a4ec0
Show file tree

Hide file tree

Showing 5 changed files with 20 additions and 2 deletions.
diff --git a/helm/configurations/values-dev.yaml b/helm/configurations/values-dev.yaml
@@ -14,6 +14,8 @@ components:
       image: docker.io/reanahub/reana-workflow-controller
       environment:
         REANA_RUNTIME_KUBERNETES_KEEP_ALIVE_JOBS_WITH_STATUSES: failed
+        REANA_OPENSEARCH_PASSWORD: ReanaOS1=
+        REANA_OPENSEARCH_USE_SSL: false
     reana_workflow_engine_cwl:
       image: docker.io/reanahub/reana-workflow-engine-cwl
     reana_workflow_engine_yadage:

diff --git a/helm/reana/README.md b/helm/reana/README.md
@@ -51,6 +51,14 @@ This Helm automatically prefixes all names using the release name to avoid colli
 | `components.reana_workflow_controller.environment.REANA_JOB_HOSTPATH_MOUNTS`   | JSON list of optional hostPath mounts, for all user jobs. Each mount object has a key `name` (name of the mount), `hostPath` (path to the directory to be mounted from the Kubernetes nodes) and `mountPath` (path inside the job containers where the `hostPath` will be mounted)            | None                                            |
 | `components.reana_workflow_controller.environment.REANA_RUNTIME_KUBERNETES_KEEP_ALIVE_JOBS_WITH_STATUSES` | Keep alive Kubernetes user runtime jobs depending on status (`finished` and/or `failed`). | None |
 | `components.reana_workflow_controller.environment.REANA_JOB_STATUS_CONSUMER_PREFETCH_COUNT` | Define max number of unacknowledged deliveries that are permitted on `jobs-status` queue consumer. | 10 |
+| `components.reana_workflow_controller.environment.REANA_OPENSEARCH_ENABLED` | Enable workflow and job log retrieval from OpenSearch.            | false                                           |
+| `components.reana_workflow_controller.environment.REANA_OPENSEARCH_HOST` | OpenSearch host.                                                     | None                                            |
+| `components.reana_workflow_controller.environment.REANA_OPENSEARCH_PORT` | OpenSearch port.                                                     | None                                            |
+| `components.reana_workflow_controller.environment.REANA_OPENSEARCH_URL_PREFIX` | OpenSearch URL prefix.                                         | None                                            |
+| `components.reana_workflow_controller.environment.REANA_OPENSEARCH_USE_SSL` | Use SSL when connecting to OpenSearch instance.                   | true                                            |
+| `components.reana_workflow_controller.environment.REANA_OPENSEARCH_CA_CERTS` | Path to a file with OpenSearch root CA certificates.             | "/code/certs/ca.crt"                            |
+| `components.reana_workflow_controller.environment.REANA_OPENSEARCH_USER` | OpenSearch user name for Basic Authentication.                       | reana                                           |
+| `components.reana_workflow_controller.environment.REANA_OPENSEARCH_PASSWORD` | OpenSearch password for Basic Authentication. Set this value in the Helm command. | ""                             |
 | `components.reana_workflow_engine_cwl.environment`       | [REANA-Workflow-Engine-CWL](https://github.com/reanahub/reana-workflow-engine-cwl) environment variables | `{}`                        |
 | `components.reana_workflow_engine_cwl.image`             | [REANA-Workflow-Engine-CWL image](https://hub.docker.com/r/reanahub/reana-workflow-engine-cwl) to use | `docker.io/reanahub/reana-workflow-engine-cwl:<chart-release-version>` |
 | `components.reana_workflow_engine_serial.environment`    | [REANA-Workflow-Engine-Serial](https://github.com/reanahub/reana-workflow-engine-serial) environment variables | `{}`                  |

diff --git a/helm/reana/templates/reana-workflow-controller.yaml b/helm/reana/templates/reana-workflow-controller.yaml
@@ -1,3 +1,6 @@
+{{- $opensearchEnv := .Values.components.reana_workflow_controller.environment }}
+{{- $opensearchEnabled := $opensearchEnv.REANA_OPENSEARCH_ENABLED }}
+{{- $opensearchTlsEnabled := and $opensearchEnabled $opensearchEnv.REANA_OPENSEARCH_USE_SSL }}
 ---
 apiVersion: v1
 kind: Service

diff --git a/helm/reana/templates/secrets.yaml b/helm/reana/templates/secrets.yaml
@@ -96,8 +96,8 @@ data:
   ca.crt: {{ index $idx.data "ca.crt" }}
   {{ else }}
   {{- $ca := genCA .Values.opensearch.tls.ca.cn (.Values.opensearch.tls.ca.ttl | int) }}
-  {{- $cert := genSignedCert .Values.opensearch.tls.cert.cn nil nil (.Values.opensearch.tls.cert.ttl | int) $ca }}
-  {{- $certAdmin := genSignedCert .Values.opensearch.tls.admin.cn nil nil (.Values.opensearch.tls.admin.ttl | int) $ca }}
+  {{- $cert := genSignedCert .Values.opensearch.tls.cert.cn nil (list .Values.opensearch.tls.cert.cn) (.Values.opensearch.tls.cert.ttl | int) $ca }}
+  {{- $certAdmin := genSignedCert .Values.opensearch.tls.admin.cn nil (list .Values.opensearch.tls.cert.cn) (.Values.opensearch.tls.admin.ttl | int) $ca }}
   tls.crt: {{ $cert.Cert | b64enc | quote }}
   tls.key: {{ $cert.Key | b64enc | quote }}
   admin.crt: {{ $certAdmin.Cert | b64enc | quote }}

diff --git a/helm/reana/values.yaml b/helm/reana/values.yaml
@@ -112,6 +112,11 @@ components:
     environment:
       SHARED_VOLUME_PATH: /var/reana
       REANA_JOB_STATUS_CONSUMER_PREFETCH_COUNT: 10
+      REANA_OPENSEARCH_ENABLED: false
+      REANA_OPENSEARCH_USE_SSL: true
+      REANA_OPENSEARCH_CA_CERTS: "/code/certs/ca.crt"
+      REANA_OPENSEARCH_USER: reana
+      REANA_OPENSEARCH_PASSWORD: ""  # Set this value in the Helm command
   reana_workflow_engine_cwl:
     image: docker.io/reanahub/reana-workflow-engine-cwl:0.9.3
     environment: {}