Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

helm: missing permissions for Dask dashboard #852

Closed
mdonadoni opened this issue Nov 27, 2024 · 0 comments · Fixed by #866 or reanahub/reana-workflow-controller#629 · May be fixed by #791
Closed

helm: missing permissions for Dask dashboard #852

mdonadoni opened this issue Nov 27, 2024 · 0 comments · Fixed by #866 or reanahub/reana-workflow-controller#629 · May be fixed by #791
Labels
deployment/helm type/bug workflow/dask

Comments

@mdonadoni
Copy link
Member

On DEV/QA/PROD, traefik is already deployed in the cluster, so we set traefik.enabled to false.

If Dask is enabled, reana-workflow-controllor creates a Middleware to expose the Dask dashboard. However, permissions to do so are missing when traefik.enabled is false:

reana/helm/reana/templates/roles.yaml

Lines 31 to 36 in d81a814

# Traefik Middleware permissions
{{- if and .Values.traefik.enabled .Values.dask.enabled }}
- apiGroups: ["traefik.io"]
resources: ["middlewares"]
verbs: ["get", "list", "watch", "create", "update", "patch", "delete"]
{{- end }}

This causes errors when trying to start any workflow using Dask.
@mdonadoni mdonadoni added this to Dask Nov 27, 2024
@mdonadoni mdonadoni moved this to In work in Dask Nov 27, 2024
@mdonadoni mdonadoni moved this from In work to Ready for work in Dask Nov 27, 2024
Alputer added a commit to Alputer/reana-workflow-controller that referenced this issue Jan 30, 2025
@Alputer
fix(dask): check Traefik before creating dashboard ingress (reanahub#629
1fc6de1 
)

Before creating the Dask dashboard ingress, the code now checks
if either TRAEFIK_ENABLED or TRAEFIK_EXTERNAL is set. This ensures
that ingress resources are only created and deleted when Traefik
is available.

Closes reanahub/reana#852
Alputer added a commit to Alputer/reana that referenced this issue Jan 30, 2025
@Alputer
feat(helm): introduce traefik.external variable (reanahub#866)
ab5b14c 
The traefik.external variable has been introduced to allow
users to specify whether Traefik is installed externally
and to create the necessary roles for Traefik middleware.

- If `traefik.external` is set to `true` and `traefik.enabled`
  is set to `false` the Helm chart will assume an external
  Traefik instance is managing ingress, and it will not deploy
  Traefik within the cluster.
- If `traefik.external` is set to `false` and `traefik.enabled`
  is set to `true`, the default behaviour remains unchanged,
  and Traefik will be installed as part of the REANA deployment.

This change fixes cluster role issues and provides greater
flexibility for users who want to manage Traefik separately
or already have an existing instance in their cluster.

Closes reanahub#852
This was referenced Jan 30, 2025
Merged
Merged
@github-project-automation github-project-automation bot moved this from Ready for work to Done in Dask Jan 31, 2025
Alputer added a commit to Alputer/reana that referenced this issue Jan 31, 2025
@Alputer
feat(helm): introduce traefik.external Helm chart value (reanahub#866)
d3c6b36 
Introduces a new Helm chart value `traefik.external` instructing REANA whether
Traefik is already provided externally and should not be deployed by REANA
itself.  In this case, REANA will only add necessary roles for Traefik
middleware.

- If `traefik.external` is set to `true` and `traefik.enabled` is set to
  `false` the Helm chart will assume an external Traefik instance is managing
  ingress, and it will not deploy Traefik within the cluster.
- If `traefik.external` is set to `false` and `traefik.enabled` is set to
  `true`, the default behaviour remains unchanged, and Traefik will be
  installed as part of the REANA deployment.

This change fixes cluster role issues and provides greater flexibility
for users who want to manage Traefik separately or already have an existing
instance in their cluster.

Closes reanahub#852
Alputer added a commit to Alputer/reana that referenced this issue Jan 31, 2025
@Alputer
feat(helm): introduce traefik.external Helm chart value (reanahub#866)
b2074bc 
Introduces a new Helm chart value `traefik.external` instructing REANA
whether Traefik is already provided externally and should not be
deployed by REANA itself.  In this case, REANA will only add necessary
roles for Traefik middleware.

- If `traefik.external` is set to `true` and `traefik.enabled` is set to
  `false` the Helm chart will assume an external Traefik instance is
  managing ingress, and it will not deploy Traefik within the cluster.
- If `traefik.external` is set to `false` and `traefik.enabled` is set
  to `true`, the default behaviour remains unchanged, and Traefik will
  be installed as part of the REANA deployment.

This change fixes cluster role issues and provides greater flexibility
for users who want to manage Traefik separately or already have an
existing instance in their cluster.

Closes reanahub#852
@github-actions github-actions bot mentioned this issue Jan 22, 2025
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
deployment/helm type/bug workflow/dask
Projects
Dask
Status: Done
Milestone
No milestone
1 participant
@mdonadoni