start reana v093 deployment on new VRE

infrastructure/cluster/flux/reana/reana-helm_repository.yaml

@@ -0,0 +1,8 @@
+apiVersion: source.toolkit.fluxcd.io/v1
+kind: HelmRepository
+metadata:
+  name: reana
+  namespace: reana
+spec:
+  interval: 5m
+  url: https://reanahub.github.io/reana/

infrastructure/cluster/flux/reana/reana-namespace.yaml

@@ -0,0 +1,6 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  labels:
+    name: reana
+  name: reana

infrastructure/cluster/flux/reana/reana-release.yaml

@@ -0,0 +1,111 @@
+apiVersion: helm.toolkit.fluxcd.io/v2
+kind: HelmRelease
+metadata:
+  name: reana
+  namespace: reana
+  annotations:
+    flux.weave.works/automated: "false" 
+
+spec:
+  releaseName: reana
+  interval: 5m
+  chart:
+    spec:
+      sourceRef:
+        kind: HelmRepository
+        name: reana
+        namespace: reana
+      chart: reana
+      interval: 1m
+      version: 0.9.3
+
+  valuesFrom:
+    # - kind: Secret
+    #   name: reana-vre-iam-client
+    #   valuesKey: client_id
+    #   targetPath: secrets.login.escape-iam.consumer_key
+    # - kind: Secret
+    #   name: reana-vre-iam-client
+    #   valuesKey: client_secret
+    #   targetPath: secrets.login.escape-iam.consumer_secret
+    - kind: Secret
+      name: reana-db
+      valuesKey: user
+      targetPath: secrets.database.user
+    - kind: Secret
+      name: reana-db
+      valuesKey: password
+      targetPath: secrets.database.password	
+
+  values:
+
+    shared_storage: 
+      backend: cephfs
+      volume_size: 1000
+      access_modes: ReadWriteMany
+      cephfs:
+        provisioner: manila-provisioner
+        type: "Meyrin CephFS"
+        availability_zone: nova
+        os_secret_name: os-trustee
+        os_secret_namespace: kube-system
+        cephfs_os_share_id: a6a85651-0b95-4e31-89ac-4ff31037f342
+        cephfs_os_share_access_id: 1cd91c50-8cc6-449d-ae39-83249aca398b
+
+    components:
+      reana_ui:
+        enabled: true
+        local_users: false 
+      reana_db:
+        enabled: false
+      reana_server:
+        environment:
+          REANA_USER_EMAIL_CONFIRMATION: false
+      # reana_workflow_controller:
+      #   image: docker.io/mdonadoni/reana-workflow-controller:0.9.1-7e03f0a-cvmfs
+      # reana_job_controller:
+      #   image: docker.io/reanahub/reana-job-controller-htcondorcern-slurmcern:0.9.1
+
+    compute_backends: 
+      - "kubernetes"
+      - "htcondorcern"
+      - "slurmcern"
+
+    notifications:
+      enabled: true 
+      email_config:
+        receiver: [email protected]
+        sender: [email protected]
+        login: ""
+        smtp_server: cernmx.cern.ch
+        smtp_port: 25
+
+    reana_hostname: "reana-vre.cern.ch"
+
+    db_env_config:
+      REANA_DB_NAME: "reana"
+      REANA_DB_PORT: "6600"
+      REANA_DB_HOST: "dbod-vre.cern.ch"
+      # There are two more environment variables that should be set in order
+      # to connect to a database:
+      # REANA_DB_USERNAME: containing the database user name.
+      # REANA_DB_PASSWORD: containing the password for the user previously set.
+      # Both environment variables should be set inside a Kubernetes secret:
+      # `[release-name]-db-secrets`
+
+    # login:
+    #   - name: "escape-iam"
+    #     type: "keycloak"
+    #     config:
+    #       title: "ESCAPE IAM"
+    #       base_url: "https://iam-escape.cloud.cnaf.infn.it"
+    #       realm_url: "https://iam-escape.cloud.cnaf.infn.it" 
+    #       auth_url: "https://iam-escape.cloud.cnaf.infn.it/authorize" 
+    #       token_url: "https://iam-escape.cloud.cnaf.infn.it/token" 
+    #       userinfo_url: "https://iam-escape.cloud.cnaf.infn.it/userinfo"
+
+    ingress:
+      enabled: false
+
+    traefik:
+      enabled: false

infrastructure/cluster/flux/reana/reana-storage.yaml

@@ -0,0 +1,54 @@
+# Follow the instructions in
+# https://kubernetes.docs.cern.ch/docs/storage/fileshares/#using-existing-shares
+#
+# Because we are recreating the cluster, the share already existed and we don't want to
+# create a new one. We will use the existing share.
+#
+apiVersion: v1
+kind: PersistentVolume
+metadata:
+  name: manila-preprovisioned-pv-reana-share
+spec:
+  csi:
+    driver: cephfs.manila.csi.openstack.org
+    # NOTE: volumeHandle MUST be unique across all PersistentVolume objects in the cluster.
+    #       The value itself can be arbitrary. You can use metadata.name for consistency.
+
+    # These values are just IDs and can be shared publically in github.
+    volumeHandle: manila-preprovisioned-pv-reana-share
+    volumeAttributes:
+      shareID: a6a85651-0b95-4e31-89ac-4ff31037f342
+      shareAccessID: 1cd91c50-8cc6-449d-ae39-83249aca398b
+
+      # CephFS shares can be mounted using either FUSE or kernel CephFS client.
+      # FUSE is used by default. Uncomment and modify the parameter below to change
+      # the mount tool. See openstack-manila-csi docs to see all supported parameters.
+      # cephfs-mounter: kernel
+
+    nodeStageSecretRef:
+      name: os-trustee
+      namespace: kube-system
+    nodePublishSecretRef:
+      name: os-trustee
+      namespace: kube-system
+  accessModes:
+  - ReadWriteMany
+  capacity:
+    storage: 1000Gi
+---
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: manila-preprovisioned-pvc-reana
+  namespace: reana
+spec:
+  accessModes:
+  - ReadWriteMany
+  resources:
+    requests:
+      storage: 1000Gi
+  # volumeName must match the name we have set in the PersistentVolume defined above.
+  volumeName: manila-preprovisioned-pv-reana-share
+  # Storage class name must be set to an empty string ""
+  # to disable dynamic provisioning.
+  storageClassName: ""

infrastructure/scripts/reana_secrets.sh

@@ -0,0 +1,53 @@
+##!/bin/bash
+
+echo "Start REANA secrets scripts"
+
+# kubeseal controller namespace
+CONTROLLER_NS="sealed-secrets"
+CONTROLLER_NAME="sealed-secrets-controller"
+
+# REANA namespace
+REANA_NS="reana"
+
+# Output dir
+SECRETS_DIR="/root/software/vre/infrastructure/secrets/reana"
+RAW_SECRETS_TMP_DIR="/root/software/vre/infrastructure/secrets/tmp_local_secrets"
+
+echo "Create REANA DB secret"
+
+# name of output secret to apply
+DB_OUTPUT_SECRET="reana-db-secrets.yaml"
+RAW_DB_FILE_SECRET=${RAW_SECRETS_TMP_DIR}/${DB_OUTPUT_SECRET}
+
+cat ${RAW_DB_FILE_SECRET} | kubeseal --controller-name=${CONTROLLER_NAME} --controller-namespace=${CONTROLLER_NS} --format yaml --namespace=${REANA_NS} > ${SECRETS_DIR}/ss_${DB_OUTPUT_SECRET}
+kubectl apply -f ${SECRETS_DIR}/ss_${DB_OUTPUT_SECRET}
+
+
+# echo "Create REANA Admin Account"
+
+# ADMIN_ACCOUNT_SECRET='reana-admin.yaml'
+# RAW_ADMIN_FILE_SECRET=${RAW_SECRETS_TMP_DIR}/${ADMIN_ACCOUNT_SECRET}
+
+# cat ${RAW_ADMIN_FILE_SECRET} | kubeseal --controller-name=${CONTROLLER_NAME} --controller-namespace=${CONTROLLER_NS} --format yaml --namespace=${REANA_NS} > ${SECRETS_DIR}/ss_${ADMIN_ACCOUNT_SECRET}
+# kubectl apply -f ${SECRETS_DIR}/ss_${ADMIN_ACCOUNT_SECRET}
+
+
+# echo "Create REANA IAM client credentials"
+
+# REANA_IAM_ACCOUNT_SECRET='reana-iam-secrets.yaml'
+# RAW_REANA_IAM_FILE_SECRET=${RAW_SECRETS_TMP_DIR}/${REANA_IAM_ACCOUNT_SECRET}
+
+# cat ${RAW_REANA_IAM_FILE_SECRET} | kubeseal --controller-name=${CONTROLLER_NAME} --controller-namespace=${CONTROLLER_NS} --format yaml --namespace=${REANA_NS} > ${SECRETS_DIR}/ss_${REANA_IAM_ACCOUNT_SECRET}
+# kubectl apply -f ${SECRETS_DIR}/ss_${REANA_IAM_ACCOUNT_SECRET}
+
+
+# echo "Create 'REANA secrets' secret"
+# # This secret is unknow for what is used - no doc :harold:
+# REANA_SECRETS_SECRET='reana-secrets.yaml'
+# RAW_REANA_SECRETS_FILE_SECRET=${RAW_SECRETS_TMP_DIR}/${REANA_SECRETS_SECRET}
+
+# cat ${RAW_REANA_SECRETS_FILE_SECRET} | kubeseal --controller-name=${CONTROLLER_NAME} --controller-namespace=${CONTROLLER_NS} --format yaml --namespace=${REANA_NS} > ${SECRETS_DIR}/ss_${REANA_SECRETS_SECRET}
+# kubectl apply -f ${SECRETS_DIR}/ss_${REANA_SECRETS_SECRET}
+
+
+echo "END REANA Secret Script"