diff --git a/helm-chart/renku/templates/notebooks/remote-cluster-secrets.yaml b/helm-chart/renku/templates/notebooks/remote-cluster-secrets.yaml new file mode 100644 index 0000000000..e9c759eecc --- /dev/null +++ b/helm-chart/renku/templates/notebooks/remote-cluster-secrets.yaml @@ -0,0 +1,27 @@ +# {{- if .Values.notebooks.remoteClusters }} +# {{- $renkuFullname := include "renku.fullname" . -}} +# {{- $secretName := cat $renkuFullname "-notebooks-remote-clusters" | nospace }} +# {{- $existingSecret := (lookup "v1" "Secret" .Release.Namespace $secretName) }} +# apiVersion: v1 +# kind: Secret +# metadata: +# name: {{ $secretName }} +# labels: +# app: {{ template "renku.name" . }} +# chart: {{ template "renku.chart" . }} +# release: {{ .Release.Name }} +# heritage: {{ .Release.Service }} +# annotations: +# # If "keep" resource policy is removed the secret is deleted post upgrade see https://github.com/helm/helm/issues/8420 +# "helm.sh/resource-policy": keep +# "helm.sh/hook": "pre-install,pre-upgrade,pre-rollback" +# type: Opaque +# data: +# {{- range $name, $value := .Values.notebooks.remoteClusters }} +# {{- $kubecfg := $value.kubeConfig | b64enc | quote }} +# {{- if and $existingSecret (get $existingSecret $name ) }} +# {{- $kubecfg = (get $existingSecret $name ) }} +# {{- end}} +# {{ $name }}: {{ $kubecfg }} +# {{- end -}} +# {{- end -}} diff --git a/helm-chart/renku/templates/notebooks/statefulset.yaml b/helm-chart/renku/templates/notebooks/statefulset.yaml index f800651ec3..ad0cfd0ab8 100644 --- a/helm-chart/renku/templates/notebooks/statefulset.yaml +++ b/helm-chart/renku/templates/notebooks/statefulset.yaml @@ -1,3 +1,9 @@ +{{- $remoteClusterConfig := list }} +{{- if .Values.notebooks.remoteClusters }} +{{- range $name, $value := .Values.notebooks.remoteClusters }} +{{- $remoteClusterConfig = append $remoteClusterConfig ( dict "cluster_name" $name "namespace" $value.namespace "kube_config_path" ( printf "/remote_clusters/%s" $name ) "host" $value.host ) }} +{{- end -}} +{{- end -}} apiVersion: apps/v1 kind: StatefulSet metadata: @@ -166,6 +172,10 @@ spec: - name: NB_K8S__SESSIONS_NAMESPACE value: {{ .Values.notebooks.sessionsNamespace | quote }} {{ end }} + {{ if .Values.notebooks.remoteClusters }} + - name: NB_K8S__REMOTE_CLUSTERS_ + value: {{ $remoteClusterConfig | toJson | quote }} + {{ end }} - name: NB_K8S__RENKU_NAMESPACE value: {{ .Release.Namespace | quote }} - name: NB_SESSIONS__GIT_PROXY__RENKU_CLIENT_ID @@ -195,6 +205,11 @@ spec: volumeMounts: - name: server-options mountPath: /etc/renku-notebooks/server_options + {{- if .Values.notebooks.remoteClusters }} + - mountPath: "/remote_clusters/" + name: remote-cluster-configs + readOnly: true + {{- end -}} {{- include "certificates.volumeMounts.system" . | nindent 12 }} livenessProbe: httpGet: @@ -235,6 +250,11 @@ spec: - name: server-options configMap: name: {{ template "renku.notebooks.fullname" . }}-options +{{- if .Values.notebooks.remoteClusters }} + - name: remote-cluster-configs + secret: + secretName: {{ template "renku.fullname" . }}-notebooks-remote-clusters +{{- end -}} {{- include "certificates.volumes" . | nindent 8 }} serviceAccountName: {{ if .Values.notebooks.rbac.create }}"{{ template "renku.notebooks.fullname" . }}"{{ else }}"{{ .Values.notebooks.rbac.serviceAccountName }}"{{ end }} diff --git a/helm-chart/renku/values.yaml b/helm-chart/renku/values.yaml index a3149739ef..9d5670003d 100644 --- a/helm-chart/renku/values.yaml +++ b/helm-chart/renku/values.yaml @@ -1030,6 +1030,12 @@ notebooks: ## If left null then sessions will be launched in the same namespace ## as where the chart is installed. sessionsNamespace: + ## Define remote clusters that sessions can be scheduled on + remoteClusters: + ## cluster_name: + ## namespace: namespace_in_other_cluster + ## kubeConfig: | + ## kube_config_content_for_cluster sessionAutosave: ## Any file higher than the minimum will be added to LFS minimumLFSFileSizeBytes: 1000000