config: separete infra and runtime namespaces

* Creates a new configuration variable to hold the namespace used to run runtime pods in REANA (closes reanahub/reana#268). * Creates a central configuration variable for fully qualified infrastructure component names so any component can contact them from a different namespace.
diegodelemos · Jun 11, 2020 · b0dfda6 · b0dfda6
1 parent fc9af9d
commit b0dfda6
Show file tree

Hide file tree

Showing 3 changed files with 64 additions and 24 deletions.
diff --git a/CHANGES.rst b/CHANGES.rst
@@ -14,6 +14,7 @@ Version master (UNRELEASED)
 - Centralises CephFS PVC name.
 - Updates to latest CVMFS CSI driver.
 - Introduces new configuration variable ``REANA_INFRASTRUCTURE_KUBERNETES_NAMESPACE`` to define the Kubernetes namespace in which REANA infrastructure components run.
+- Introduces new configuration variable ``REANA_RUNTIME_KUBERNETES_NAMESPACE`` to define the Kubernetes namespace in which REANA runtime components will run by default.
 - Increases default log level to ``INFO``.
 - Add Black formatter support.
 

diff --git a/reana_commons/config.py b/reana_commons/config.py
@@ -38,6 +38,16 @@
 ``secretsstore``: An instance of a user secret store
 """
 
+REANA_INFRASTRUCTURE_COMPONENTS = [
+    "ui",
+    "server",
+    "workflow-controller",
+    "cache",
+    "message-broker",
+    "db",
+]
+"""REANA infrastructure pods."""
+
 REANA_COMPONENT_NAMING_SCHEME = os.getenv(
     "REANA_COMPONENT_NAMING_SCHEME", "{prefix}-{component_type}-{id}"
 )
@@ -49,12 +59,37 @@
 - ``id``: unique identifier for the component, by default UUID4.
 """
 
-REANA_KUBERNETES_NAMESPACE = os.getenv("REANA_KUBERNETES_NAMESPACE", "default")
-"""Kubernetes namespace in which REANA is currectly deployed."""
+REANA_INFRASTRUCTURE_KUBERNETES_NAMESPACE = os.getenv(
+    "REANA_INFRASTRUCTURE_KUBERNETES_NAMESPACE", "default"
+)
+"""Kubernetes namespace in which REANA instrastructure is currectly deployed."""
+
+REANA_INFRASTRUCTURE_COMPONENTS_HOSTNAMES = {
+    component_name: (
+        "{component_prefix}-{component_name}.{namespace}.svc.cluster.local"
+    ).format(
+        component_prefix=REANA_COMPONENT_PREFIX,
+        component_name=component_name,
+        namespace=REANA_INFRASTRUCTURE_KUBERNETES_NAMESPACE,
+    )
+    for component_name in REANA_INFRASTRUCTURE_COMPONENTS
+}
+"""REANA infrastructure pods hostnames.
 
-MQ_HOST = os.getenv(
-    "RABBIT_MQ_HOST", "{}-message-broker".format(REANA_COMPONENT_PREFIX)
+Uses the FQDN of the infrastructure components (which should be behind a Kubernetes
+service) following the
+`Kubernetes DNS-Based Service Discovery <https://github.com/kubernetes/dns/blob/master/docs/specification.md>`_
+"""
+
+REANA_RUNTIME_KUBERNETES_NAMESPACE = os.getenv(
+    "REANA_RUNTIME_KUBERNETES_NAMESPACE", REANA_INFRASTRUCTURE_KUBERNETES_NAMESPACE
 )
+"""Kubernetes namespace in which REANA runtime pods should be running in.
+
+By default runtime pods will run in the same namespace as the instrastructure pods.
+"""
+
+MQ_HOST = REANA_INFRASTRUCTURE_COMPONENTS_HOSTNAMES["message-broker"]
 """Message queue (RabbitMQ) server host name."""
 
 MQ_USER = os.getenv("RABBIT_MQ_USER", "test")
@@ -96,19 +131,9 @@
 
 OPENAPI_SPECS = {
     "reana-workflow-controller": (
-        "http://{address}:{port}".format(
-            address=os.getenv(
-                "{}_WORKFLOW_CONTROLLER_SERVICE_HOST".format(
-                    REANA_COMPONENT_PREFIX_ENVIRONMENT
-                ),
-                "0.0.0.0",
-            ),
-            port=os.getenv(
-                "{}_WORKFLOW_CONTROLLER_SERVICE_PORT_HTTP".format(
-                    REANA_COMPONENT_PREFIX_ENVIRONMENT
-                ),
-                "5000",
-            ),
+        "http://{host}:{port}".format(
+            host=REANA_INFRASTRUCTURE_COMPONENTS_HOSTNAMES["workflow-controller"],
+            port="80",
         ),
         "reana_workflow_controller.json",
     ),
@@ -241,5 +266,17 @@
 cluster creation time.
 """
 
-K8S_REANA_SERVICE_ACCOUNT_NAME = os.getenv("K8S_REANA_SERVICE_ACCOUNT_NAME")
-"""REANA service account in the deployed Kubernetes cluster."""
+REANA_INFRASTRUCTURE_KUBERNETES_SERVICEACCOUNT_NAME = os.getenv(
+    "REANA_INFRASTRUCTURE_KUBERNETES_SERVICEACCOUNT_NAME"
+)
+"""REANA instrastructure service account."""
+
+REANA_RUNTIME_KUBERNETES_SERVICEACCOUNT_NAME = os.getenv(
+    "REANA_RUNTIME_KUBERNETES_SERVICEACCOUNT_NAME",
+    REANA_INFRASTRUCTURE_KUBERNETES_SERVICEACCOUNT_NAME,
+)
+"""REANA runtime service account.
+
+If no runtime namespace is deployed it will default to the infrastructure service
+account.
+"""
diff --git a/reana_commons/k8s/secrets.py b/reana_commons/k8s/secrets.py
@@ -15,7 +15,7 @@
 from kubernetes.client.rest import ApiException
 from reana_commons.config import (
     REANA_COMPONENT_PREFIX,
-    REANA_KUBERNETES_NAMESPACE,
+    REANA_RUNTIME_KUBERNETES_NAMESPACE,
     REANA_USER_SECRET_MOUNT_PATH,
 )
 from reana_commons.errors import REANASecretAlreadyExists, REANASecretDoesNotExist
@@ -41,13 +41,13 @@ def _initialise_user_secrets_store(self):
                 api_version="v1",
                 metadata=client.V1ObjectMeta(
                     name=str(self.user_secret_store_id),
-                    namespace=REANA_KUBERNETES_NAMESPACE,
+                    namespace=REANA_RUNTIME_KUBERNETES_NAMESPACE,
                 ),
                 data={},
             )
             empty_k8s_secret.metadata.annotations = {"secrets_types": "{}"}
             current_k8s_corev1_api_client.create_namespaced_secret(
-                REANA_KUBERNETES_NAMESPACE, empty_k8s_secret
+                REANA_RUNTIME_KUBERNETES_NAMESPACE, empty_k8s_secret
             )
             return empty_k8s_secret
         except ApiException as api_e:
@@ -66,14 +66,16 @@ def _update_store(self, k8s_user_secrets):
                                  version of the store.
         """
         current_k8s_corev1_api_client.replace_namespaced_secret(
-            str(self.user_secret_store_id), REANA_KUBERNETES_NAMESPACE, k8s_user_secrets
+            str(self.user_secret_store_id),
+            REANA_RUNTIME_KUBERNETES_NAMESPACE,
+            k8s_user_secrets,
         )
 
     def _get_k8s_user_secrets_store(self):
         """Retrieve the Kubernetes secret which contains all user secrets."""
         try:
             k8s_user_secrets_store = current_k8s_corev1_api_client.read_namespaced_secret(
-                str(self.user_secret_store_id), REANA_KUBERNETES_NAMESPACE
+                str(self.user_secret_store_id), REANA_RUNTIME_KUBERNETES_NAMESPACE
             )
             k8s_user_secrets_store.data = k8s_user_secrets_store.data or {}
             return k8s_user_secrets_store