From b2074bc7b261ec7aa7eefc40590b6dd94905cc8c Mon Sep 17 00:00:00 2001 From: Alputer Date: Thu, 30 Jan 2025 12:01:39 +0100 Subject: [PATCH] feat(helm): introduce `traefik.external` Helm chart value (#866) Introduces a new Helm chart value `traefik.external` instructing REANA whether Traefik is already provided externally and should not be deployed by REANA itself. In this case, REANA will only add necessary roles for Traefik middleware. - If `traefik.external` is set to `true` and `traefik.enabled` is set to `false` the Helm chart will assume an external Traefik instance is managing ingress, and it will not deploy Traefik within the cluster. - If `traefik.external` is set to `false` and `traefik.enabled` is set to `true`, the default behaviour remains unchanged, and Traefik will be installed as part of the REANA deployment. This change fixes cluster role issues and provides greater flexibility for users who want to manage Traefik separately or already have an existing instance in their cluster. Closes #852 --- helm/reana/README.md | 1 + helm/reana/templates/reana-workflow-controller.yaml | 4 ++++ helm/reana/templates/roles.yaml | 2 +- helm/reana/values.yaml | 1 + 4 files changed, 7 insertions(+), 1 deletion(-) diff --git a/helm/reana/README.md b/helm/reana/README.md index 404a24f1..0a2d4b53 100644 --- a/helm/reana/README.md +++ b/helm/reana/README.md @@ -187,6 +187,7 @@ collisions. | `shared_storage.hostpath.root_path` | Path to the REANA directory inside the underlying storage volume | /var/reana | | `traefik.*` | Pass any value from [Traefik Helm chart values](https://github.com/helm/charts/tree/master/stable/traefik#configuration) here, e.g. `traefik.rbac.enabled=true` | - | | `traefik.enabled` | Install Traefik in the cluster when installing REANA | true | +| `traefik.external` | Use an externally installed Traefik instance | false | | `volume_paths.root_path` | Path to the REANA directory inside the underlying storage volume | /var/reana | | `volume_paths.shared_volume_path` | Path inside the REANA components where the shared volume will be mounted | /var/reana | | `quota.enabled` | Enable user workflow accounting capabilities. | true | diff --git a/helm/reana/templates/reana-workflow-controller.yaml b/helm/reana/templates/reana-workflow-controller.yaml index 7a8ab43b..d80cb6c8 100644 --- a/helm/reana/templates/reana-workflow-controller.yaml +++ b/helm/reana/templates/reana-workflow-controller.yaml @@ -179,6 +179,10 @@ spec: value: {{ .Values.components.reana_job_controller.environment | toJson | quote }} - name: REANA_INTERACTIVE_SESSIONS_ENVIRONMENTS value: {{ .Values.interactive_sessions.environments | toJson | quote }} + - name: TRAEFIK_ENABLED + value: {{ .Values.traefik.enabled | quote | default "true" }} + - name: TRAEFIK_EXTERNAL + value: {{ .Values.traefik.external | quote | default "false" }} - name: DASK_ENABLED value: {{ .Values.dask.enabled | quote }} {{- if .Values.dask.enabled }} diff --git a/helm/reana/templates/roles.yaml b/helm/reana/templates/roles.yaml index 6af871f7..8ff95111 100644 --- a/helm/reana/templates/roles.yaml +++ b/helm/reana/templates/roles.yaml @@ -29,7 +29,7 @@ rules: verbs: ["create", "get", "list", "watch", "update", "patch", "delete"] {{- end }} # Traefik Middleware permissions -{{- if and .Values.traefik.enabled .Values.dask.enabled }} +{{- if and .Values.dask.enabled (or .Values.traefik.enabled .Values.traefik.external) }} - apiGroups: ["traefik.io"] resources: ["middlewares"] verbs: ["get", "list", "watch", "create", "update", "patch", "delete"] diff --git a/helm/reana/values.yaml b/helm/reana/values.yaml index 7cddb873..090cb731 100644 --- a/helm/reana/values.yaml +++ b/helm/reana/values.yaml @@ -175,6 +175,7 @@ traefik: # without additional configs will use default insecure one enabled: true enabled: true + external: false rbac: enabled: true service: