From 52766e08adaad7f407af9619b051ea47056843b1 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jelizaveta=20Leme=C5=A1eva?= <jelizaveta.lemeseva@gmail.com>
Date: Tue, 3 Sep 2024 16:29:09 +0200
Subject: [PATCH] feat(helm): connect r-workflow-controller to OpenSearch
 (#827)

---
 helm/reana/README.md                                | 8 ++++++++
 helm/reana/templates/reana-workflow-controller.yaml | 3 +++
 helm/reana/templates/secrets.yaml                   | 4 ++--
 3 files changed, 13 insertions(+), 2 deletions(-)

diff --git a/helm/reana/README.md b/helm/reana/README.md
index a65cc5b1..d07e33f0 100644
--- a/helm/reana/README.md
+++ b/helm/reana/README.md
@@ -51,6 +51,14 @@ This Helm automatically prefixes all names using the release name to avoid colli
 | `components.reana_workflow_controller.environment.REANA_JOB_HOSTPATH_MOUNTS`   | JSON list of optional hostPath mounts, for all user jobs. Each mount object has a key `name` (name of the mount), `hostPath` (path to the directory to be mounted from the Kubernetes nodes) and `mountPath` (path inside the job containers where the `hostPath` will be mounted)            | None                                            |
 | `components.reana_workflow_controller.environment.REANA_RUNTIME_KUBERNETES_KEEP_ALIVE_JOBS_WITH_STATUSES` | Keep alive Kubernetes user runtime jobs depending on status (`finished` and/or `failed`). | None |
 | `components.reana_workflow_controller.environment.REANA_JOB_STATUS_CONSUMER_PREFETCH_COUNT` | Define max number of unacknowledged deliveries that are permitted on `jobs-status` queue consumer. | 10 |
+| `components.reana_workflow_controller.environment.REANA_OPENSEARCH_ENABLED` | Enable workflow and job log retrieval from OpenSearch.            | false                                           |
+| `components.reana_workflow_controller.environment.REANA_OPENSEARCH_HOST` | OpenSearch host.                                                     | None                                            |
+| `components.reana_workflow_controller.environment.REANA_OPENSEARCH_PORT` | OpenSearch port.                                                     | None                                            |
+| `components.reana_workflow_controller.environment.REANA_OPENSEARCH_URL_PREFIX` | OpenSearch URL prefix.                                         | None                                            |
+| `components.reana_workflow_controller.environment.REANA_OPENSEARCH_USE_SSL` | Use SSL when connecting to OpenSearch instance.                   | true                                            |
+| `components.reana_workflow_controller.environment.REANA_OPENSEARCH_CA_CERTS` | Path to a file with OpenSearch root CA certificates.             | "/code/certs/ca.crt"                            |
+| `components.reana_workflow_controller.environment.REANA_OPENSEARCH_USER` | OpenSearch user name for Basic Authentication.                       | reana                                           |
+| `components.reana_workflow_controller.environment.REANA_OPENSEARCH_PASSWORD` | OpenSearch password for Basic Authentication. Set this value in the Helm command. | ""                             |
 | `components.reana_workflow_engine_cwl.environment`       | [REANA-Workflow-Engine-CWL](https://github.com/reanahub/reana-workflow-engine-cwl) environment variables | `{}`                        |
 | `components.reana_workflow_engine_cwl.image`             | [REANA-Workflow-Engine-CWL image](https://hub.docker.com/r/reanahub/reana-workflow-engine-cwl) to use | `docker.io/reanahub/reana-workflow-engine-cwl:<chart-release-version>` |
 | `components.reana_workflow_engine_serial.environment`    | [REANA-Workflow-Engine-Serial](https://github.com/reanahub/reana-workflow-engine-serial) environment variables | `{}`                  |
diff --git a/helm/reana/templates/reana-workflow-controller.yaml b/helm/reana/templates/reana-workflow-controller.yaml
index 1a9e52ca..a8cdc8d7 100644
--- a/helm/reana/templates/reana-workflow-controller.yaml
+++ b/helm/reana/templates/reana-workflow-controller.yaml
@@ -1,3 +1,6 @@
+{{- $opensearchEnv := .Values.components.reana_workflow_controller.environment }}
+{{- $opensearchEnabled := $opensearchEnv.REANA_OPENSEARCH_ENABLED }}
+{{- $opensearchTlsEnabled := and $opensearchEnabled $opensearchEnv.REANA_OPENSEARCH_USE_SSL }}
 ---
 apiVersion: v1
 kind: Service
diff --git a/helm/reana/templates/secrets.yaml b/helm/reana/templates/secrets.yaml
index 73a3798d..9db5992a 100644
--- a/helm/reana/templates/secrets.yaml
+++ b/helm/reana/templates/secrets.yaml
@@ -96,8 +96,8 @@ data:
   ca.crt: {{ index $idx.data "ca.crt" }}
   {{ else }}
   {{- $ca := genCA .Values.opensearch.tls.ca.cn (.Values.opensearch.tls.ca.ttl | int) }}
-  {{- $cert := genSignedCert .Values.opensearch.tls.cert.cn nil nil (.Values.opensearch.tls.cert.ttl | int) $ca }}
-  {{- $certAdmin := genSignedCert .Values.opensearch.tls.admin.cn nil nil (.Values.opensearch.tls.admin.ttl | int) $ca }}
+  {{- $cert := genSignedCert .Values.opensearch.tls.cert.cn nil (list .Values.opensearch.tls.cert.cn) (.Values.opensearch.tls.cert.ttl | int) $ca }}
+  {{- $certAdmin := genSignedCert .Values.opensearch.tls.admin.cn nil (list .Values.opensearch.tls.cert.cn) (.Values.opensearch.tls.admin.ttl | int) $ca }}
   tls.crt: {{ $cert.Cert | b64enc | quote }}
   tls.key: {{ $cert.Key | b64enc | quote }}
   admin.crt: {{ $certAdmin.Cert | b64enc | quote }}