From d3a4ec0e7ffba665e89072b6fa5ec2339e93d73c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jelizaveta=20Leme=C5=A1eva?= Date: Tue, 3 Sep 2024 16:29:09 +0200 Subject: [PATCH] feat(helm): connect r-workflow-controller to opensearch (#827) --- helm/configurations/values-dev.yaml | 2 ++ helm/reana/README.md | 8 ++++++++ helm/reana/templates/reana-workflow-controller.yaml | 3 +++ helm/reana/templates/secrets.yaml | 4 ++-- helm/reana/values.yaml | 5 +++++ 5 files changed, 20 insertions(+), 2 deletions(-) diff --git a/helm/configurations/values-dev.yaml b/helm/configurations/values-dev.yaml index 53292eb0..e1eaf6d8 100644 --- a/helm/configurations/values-dev.yaml +++ b/helm/configurations/values-dev.yaml @@ -14,6 +14,8 @@ components: image: docker.io/reanahub/reana-workflow-controller environment: REANA_RUNTIME_KUBERNETES_KEEP_ALIVE_JOBS_WITH_STATUSES: failed + REANA_OPENSEARCH_PASSWORD: ReanaOS1= + REANA_OPENSEARCH_USE_SSL: false reana_workflow_engine_cwl: image: docker.io/reanahub/reana-workflow-engine-cwl reana_workflow_engine_yadage: diff --git a/helm/reana/README.md b/helm/reana/README.md index 931691ec..b78a1af4 100644 --- a/helm/reana/README.md +++ b/helm/reana/README.md @@ -51,6 +51,14 @@ This Helm automatically prefixes all names using the release name to avoid colli | `components.reana_workflow_controller.environment.REANA_JOB_HOSTPATH_MOUNTS` | JSON list of optional hostPath mounts, for all user jobs. Each mount object has a key `name` (name of the mount), `hostPath` (path to the directory to be mounted from the Kubernetes nodes) and `mountPath` (path inside the job containers where the `hostPath` will be mounted) | None | | `components.reana_workflow_controller.environment.REANA_RUNTIME_KUBERNETES_KEEP_ALIVE_JOBS_WITH_STATUSES` | Keep alive Kubernetes user runtime jobs depending on status (`finished` and/or `failed`). | None | | `components.reana_workflow_controller.environment.REANA_JOB_STATUS_CONSUMER_PREFETCH_COUNT` | Define max number of unacknowledged deliveries that are permitted on `jobs-status` queue consumer. | 10 | +| `components.reana_workflow_controller.environment.REANA_OPENSEARCH_ENABLED` | Enable workflow and job log retrieval from OpenSearch. | false | +| `components.reana_workflow_controller.environment.REANA_OPENSEARCH_HOST` | OpenSearch host. | None | +| `components.reana_workflow_controller.environment.REANA_OPENSEARCH_PORT` | OpenSearch port. | None | +| `components.reana_workflow_controller.environment.REANA_OPENSEARCH_URL_PREFIX` | OpenSearch URL prefix. | None | +| `components.reana_workflow_controller.environment.REANA_OPENSEARCH_USE_SSL` | Use SSL when connecting to OpenSearch instance. | true | +| `components.reana_workflow_controller.environment.REANA_OPENSEARCH_CA_CERTS` | Path to a file with OpenSearch root CA certificates. | "/code/certs/ca.crt" | +| `components.reana_workflow_controller.environment.REANA_OPENSEARCH_USER` | OpenSearch user name for Basic Authentication. | reana | +| `components.reana_workflow_controller.environment.REANA_OPENSEARCH_PASSWORD` | OpenSearch password for Basic Authentication. Set this value in the Helm command. | "" | | `components.reana_workflow_engine_cwl.environment` | [REANA-Workflow-Engine-CWL](https://github.com/reanahub/reana-workflow-engine-cwl) environment variables | `{}` | | `components.reana_workflow_engine_cwl.image` | [REANA-Workflow-Engine-CWL image](https://hub.docker.com/r/reanahub/reana-workflow-engine-cwl) to use | `docker.io/reanahub/reana-workflow-engine-cwl:` | | `components.reana_workflow_engine_serial.environment` | [REANA-Workflow-Engine-Serial](https://github.com/reanahub/reana-workflow-engine-serial) environment variables | `{}` | diff --git a/helm/reana/templates/reana-workflow-controller.yaml b/helm/reana/templates/reana-workflow-controller.yaml index 6885e417..b116faa4 100644 --- a/helm/reana/templates/reana-workflow-controller.yaml +++ b/helm/reana/templates/reana-workflow-controller.yaml @@ -1,3 +1,6 @@ +{{- $opensearchEnv := .Values.components.reana_workflow_controller.environment }} +{{- $opensearchEnabled := $opensearchEnv.REANA_OPENSEARCH_ENABLED }} +{{- $opensearchTlsEnabled := and $opensearchEnabled $opensearchEnv.REANA_OPENSEARCH_USE_SSL }} --- apiVersion: v1 kind: Service diff --git a/helm/reana/templates/secrets.yaml b/helm/reana/templates/secrets.yaml index d18595a2..f6b57b56 100644 --- a/helm/reana/templates/secrets.yaml +++ b/helm/reana/templates/secrets.yaml @@ -96,8 +96,8 @@ data: ca.crt: {{ index $idx.data "ca.crt" }} {{ else }} {{- $ca := genCA .Values.opensearch.tls.ca.cn (.Values.opensearch.tls.ca.ttl | int) }} - {{- $cert := genSignedCert .Values.opensearch.tls.cert.cn nil nil (.Values.opensearch.tls.cert.ttl | int) $ca }} - {{- $certAdmin := genSignedCert .Values.opensearch.tls.admin.cn nil nil (.Values.opensearch.tls.admin.ttl | int) $ca }} + {{- $cert := genSignedCert .Values.opensearch.tls.cert.cn nil (list .Values.opensearch.tls.cert.cn) (.Values.opensearch.tls.cert.ttl | int) $ca }} + {{- $certAdmin := genSignedCert .Values.opensearch.tls.admin.cn nil (list .Values.opensearch.tls.cert.cn) (.Values.opensearch.tls.admin.ttl | int) $ca }} tls.crt: {{ $cert.Cert | b64enc | quote }} tls.key: {{ $cert.Key | b64enc | quote }} admin.crt: {{ $certAdmin.Cert | b64enc | quote }} diff --git a/helm/reana/values.yaml b/helm/reana/values.yaml index 3f498756..81d32aa4 100644 --- a/helm/reana/values.yaml +++ b/helm/reana/values.yaml @@ -112,6 +112,11 @@ components: environment: SHARED_VOLUME_PATH: /var/reana REANA_JOB_STATUS_CONSUMER_PREFETCH_COUNT: 10 + REANA_OPENSEARCH_ENABLED: false + REANA_OPENSEARCH_USE_SSL: true + REANA_OPENSEARCH_CA_CERTS: "/code/certs/ca.crt" + REANA_OPENSEARCH_USER: reana + REANA_OPENSEARCH_PASSWORD: "" # Set this value in the Helm command reana_workflow_engine_cwl: image: docker.io/reanahub/reana-workflow-engine-cwl:0.9.3 environment: {}