diff --git a/helm-chart/renku/templates/notebooks/remote-cluster-secrets.yaml b/helm-chart/renku/templates/notebooks/remote-cluster-secrets.yaml new file mode 100644 index 0000000000..c1c8d8525b --- /dev/null +++ b/helm-chart/renku/templates/notebooks/remote-cluster-secrets.yaml @@ -0,0 +1,27 @@ +{{- if .Values.notebooks.remoteClusters }} +{{- $renkuFullname := include "renku.fullname" . -}} +{{- $secretName := cat $renkuFullname "-notebooks-remote-clusters" | nospace }} +{{- $existingSecret := (lookup "v1" "Secret" .Release.Namespace $secretName) }} +apiVersion: v1 +kind: Secret +metadata: + name: {{ $secretName }} + labels: + app: {{ template "renku.name" . }} + chart: {{ template "renku.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} + annotations: + # If "keep" resource policy is removed the secret is deleted post upgrade see https://github.com/helm/helm/issues/8420 + "helm.sh/resource-policy": keep + "helm.sh/hook": "pre-install,pre-upgrade,pre-rollback" +type: Opaque +data: +{{- range $name, $value := .Values.notebooks.remoteClusters }} +{{- $kubecfg := $value.kubeConfig | b64enc | quote }} +{{- if and $existingSecret (get $existingSecret $name ) }} +{{- $kubecfg := (get $existingSecret $name ) }} +{{- end}} + {{ $name }}: {{ $kubecfg }} +{{- end -}} +{{- end -}} diff --git a/helm-chart/renku/templates/notebooks/statefulset.yaml b/helm-chart/renku/templates/notebooks/statefulset.yaml index f800651ec3..149e66655b 100644 --- a/helm-chart/renku/templates/notebooks/statefulset.yaml +++ b/helm-chart/renku/templates/notebooks/statefulset.yaml @@ -1,3 +1,9 @@ +{{- $remote_cluster_config := list }} +{{- if .Values.notebooks.remoteClusters }} +{{- range $name, $value := .Values.notebooks.remoteClusters }} +{{- $remote_cluster_config := append $remote_cluster_config ( dict "cluster_name" $name "namespace" $value.namespace "kube_config_path" ( printf "/remote_clusters/%s" $name ) ) }} +{{- end -}} +{{- end -}} apiVersion: apps/v1 kind: StatefulSet metadata: @@ -166,6 +172,10 @@ spec: - name: NB_K8S__SESSIONS_NAMESPACE value: {{ .Values.notebooks.sessionsNamespace | quote }} {{ end }} + {{ if .Values.notebooks.remoteClusters }} + - name: NB_K8S__REMOTE_CLUSTERS + value: {{ $remote_cluster_config | toYaml | quote }} + {{ end }} - name: NB_K8S__RENKU_NAMESPACE value: {{ .Release.Namespace | quote }} - name: NB_SESSIONS__GIT_PROXY__RENKU_CLIENT_ID @@ -195,6 +205,11 @@ spec: volumeMounts: - name: server-options mountPath: /etc/renku-notebooks/server_options + {{- if .Values.notebooks.remoteClusters }} + - mountPath: "/remote_clusters/" + name: {{ template "renku.fullname" . }}-notebooks-remote-clusters + readOnly: true + {{- end -}} {{- include "certificates.volumeMounts.system" . | nindent 12 }} livenessProbe: httpGet: @@ -235,6 +250,11 @@ spec: - name: server-options configMap: name: {{ template "renku.notebooks.fullname" . }}-options +{{- if .Values.notebooks.remoteClusters }} + - name: remote-cluster-configs + secret: + secretName: {{ template "renku.fullname" . }}-notebooks-remote-clusters +{{- end -}} {{- include "certificates.volumes" . | nindent 8 }} serviceAccountName: {{ if .Values.notebooks.rbac.create }}"{{ template "renku.notebooks.fullname" . }}"{{ else }}"{{ .Values.notebooks.rbac.serviceAccountName }}"{{ end }} diff --git a/helm-chart/renku/values.yaml b/helm-chart/renku/values.yaml index a3149739ef..9449c04ed1 100644 --- a/helm-chart/renku/values.yaml +++ b/helm-chart/renku/values.yaml @@ -1030,6 +1030,12 @@ notebooks: ## If left null then sessions will be launched in the same namespace ## as where the chart is installed. sessionsNamespace: + ## Define remote clusters that sessions can be scheduled on + remoteClusters: {} + ## cluster_name: + ## namespace: namespace_in_other_cluster + ## kubeConfig: | + ## kube_config_content_for_cluster sessionAutosave: ## Any file higher than the minimum will be added to LFS minimumLFSFileSizeBytes: 1000000