fix: handle default priority class and remote SA

[sambuc]

Add flags to create:

• a default resource quota priority class for renku user sessions
• a service account with a role and role binding to allow a remote renku portal to manage Amalthea sessions.

[olevski]

Hey Lionel we should discuss this. I am pretty sure we just don need any of the changes in here. In the worst case if we do need something we can document and ask admins to create them manually on the remote cluster outside of a helm chart.

[olevski]

This is never referenced in the source code of amalthea. Why is it part of the helm chart? Amalthea does not make or manage priority classes.

[olevski]

This service account is not used anywhere in amalthea? Why have it here?

[olevski]

If this is the same "service account name" used in the cluster spec on the data service then that is used to assign a specific service account to the user session that is created. And in almost all cases the sessions do not need a dedicated service account. The only place we have needed this is on openshift where a dedicated service account is used to get a different security context constraint.

[aledegano]

Hey Lionel we should discuss this. I am pretty sure we just don need any of the changes in here. In the worst case if we do need something we can document and ask admins to create them manually on the remote cluster outside of a helm chart.

Hey Tasko, I can give some context here: I have asked Lionel to add some of these manifests after I did the exercise of deploying on a Switch Cloud Kaas cluster (although the provider doesn't matter).
I was following the instructions that he wrote and remarking that there are a bit too many manual/out-of-band operations that should -if possible- be brought back into the chart.

Perhaps we could make everyone happy by having a toggle for this chart to select if it's deployed alongside Renku or as an agent/remote-operator?

[sambuc]

I made the deployment of these two things based on conditions which are set to false by default.

The idea is that when an admin is OK with using the default value, they just set the conditions they want to true, or leave it as false, and create by hand the associated resources.