From 33602aeb99e677b46c0a6b6659c70990c4230f59 Mon Sep 17 00:00:00 2001 From: garciagenrique Date: Fri, 14 Jun 2024 17:17:35 +0200 Subject: [PATCH] sync rucio-dev --- .../flux/rucio-dev/rucio-dev-cronjobs.yaml | 137 +++++ .../flux/rucio-dev/rucio-dev-daemons.yaml | 504 ++++++++++++++++++ .../flux/rucio-dev/rucio-dev-serversAuth.yaml | 127 +++++ .../cluster/flux/rucio-dev/rucio-dev-ui.yaml | 125 +++++ 4 files changed, 893 insertions(+) create mode 100644 infrastructure/cluster/flux/rucio-dev/rucio-dev-cronjobs.yaml create mode 100644 infrastructure/cluster/flux/rucio-dev/rucio-dev-daemons.yaml create mode 100644 infrastructure/cluster/flux/rucio-dev/rucio-dev-serversAuth.yaml create mode 100644 infrastructure/cluster/flux/rucio-dev/rucio-dev-ui.yaml diff --git a/infrastructure/cluster/flux/rucio-dev/rucio-dev-cronjobs.yaml b/infrastructure/cluster/flux/rucio-dev/rucio-dev-cronjobs.yaml new file mode 100644 index 0000000..ea0a103 --- /dev/null +++ b/infrastructure/cluster/flux/rucio-dev/rucio-dev-cronjobs.yaml @@ -0,0 +1,137 @@ +# apiVersion: v1 +# kind: Pod +# metadata: +# name: rucio-client +# namespace: rucio-dev +# spec: +# containers: +# - name: rucio-client +# image: ghcr.io/vre-hub/vre-dev/rucio-client:sha-0fa787d +# # To make this pod run, ssh into it and run `j2 /opt/user/rucio.cfg.j2 > /opt/rucio/etc/rucio.cfg` if `rucio whoami` is not working +# imagePullPolicy: Always +# env: +# - name: RUCIO_CFG_CLIENT_RUCIO_HOST +# value: "https://vre-dev-rucio.cern.ch" +# - name: RUCIO_CFG_CLIENT_AUTH_HOST +# value: "https://vre-dev-auth-rucio.cern.ch" +# - name: RUCIO_CFG_CLIENT_CA_CERT +# value: "/etc/pki/tls/certs/CERN-bundle.pem" +# - name: RUCIO_CFG_CLIENT_ACCOUNT +# value: "root" +# - name: RUCIO_CFG_CLIENT_AUTH_TYPE +# value: "userpass" +# - name: RUCIO_CFG_CLIENT_USERNAME +# valueFrom: +# secretKeyRef: +# name: rucio-root-account +# key: root-username +# - name: RUCIO_CFG_CLIENT_PASSWORD +# valueFrom: +# secretKeyRef: +# name: rucio-root-account +# key: root-password +# - name: RUCIO_CFG_CREDENTIALS_GCS +# value: "/opt/rucio/etc/rse-accounts.cfg" +# command: ["sleep","3600"] +# resources: +# limits: +# cpu: 100m +# memory: 50Mi +# requests: +# cpu: 100m +# memory: 50Mi +# --- +# apiVersion: batch/v1 +# kind: CronJob +# metadata: +# name: rucio-noise +# namespace: rucio-dev +# spec: +# schedule: "0 */2 * * *" # Every 2 hours +# concurrencyPolicy: Forbid +# successfulJobsHistoryLimit: 1 +# jobTemplate: +# spec: +# template: +# spec: +# restartPolicy: OnFailure +# containers: +# - name: rucio-noise +# image: ghcr.io/vre-hub/vre-dev/rucio-noise:sha-a29f887 +# env: +# - name: RUCIO_CFG_CLIENT_RUCIO_HOST +# value: "https://vre-dev-rucio.cern.ch" +# - name: RUCIO_CFG_CLIENT_AUTH_HOST +# value: "https://vre-dev-auth-rucio.cern.ch" +# - name: RUCIO_CFG_CLIENT_ACCOUNT +# value: "root" +# - name: RUCIO_CFG_CLIENT_AUTH_TYPE +# value: "userpass" +# - name: RUCIO_CFG_CLIENT_USERNAME +# valueFrom: +# secretKeyRef: +# name: rucio-root-account +# key: root-username +# - name: RUCIO_CFG_CLIENT_PASSWORD +# valueFrom: +# secretKeyRef: +# name: rucio-root-account +# key: root-password +# imagePullPolicy: Always +# command: +# - /bin/bash +# - -c +# - date; echo "ls -l /etc/pki/tls/certs/"; ls -l /etc/pki/tls/certs/; echo "ls -l /tmp"; ls -l /tmp; +# echo "Hello from the DEV rucio-noise container"; echo "cat RUCIO config"; cat /opt/rucio/etc/rucio.cfg; +# cd home; export FSIZE=1M; FILE_SIZE=${FSIZE} /bin/bash produce_noise.sh; echo "Rucio noise cronjob ${FSIZE} Done!" +# # volumeMounts: +# # - name: prod-rucio-x509up +# # mountPath: /tmp/ +# # tty: true +# # volumes: +# # - name: prod-rucio-x509up +# # secret: +# # secretName: prod-rucio-x509up +# --- +# apiVersion: v1 +# kind: Pod +# metadata: +# name: rucio-noise +# namespace: rucio-dev +# spec: +# containers: +# - name: rucio-noise +# image: ghcr.io/vre-hub/vre-dev/rucio-noise:sha-a29f887 +# imagePullPolicy: IfNotPresent +# # Need to run `python3 /usr/local/rucio/tools/merge_rucio_configs.py --use-env -d /opt/rucio/etc/rucio.cfg` +# env: +# - name: RUCIO_CFG_CLIENT_RUCIO_HOST +# value: "https://vre-dev-rucio.cern.ch" +# - name: RUCIO_CFG_CLIENT_AUTH_HOST +# value: "https://vre-dev-auth-rucio.cern.ch" +# - name: RUCIO_CFG_CLIENT_CA_CERT +# value: "/etc/pki/tls/certs/CERN-bundle.pem" +# - name: RUCIO_CFG_CLIENT_ACCOUNT +# value: "root" +# - name: RUCIO_CFG_CLIENT_AUTH_TYPE +# value: "userpass" +# - name: RUCIO_CFG_CLIENT_USERNAME +# valueFrom: +# secretKeyRef: +# name: rucio-root-account +# key: root-username +# - name: RUCIO_CFG_CLIENT_PASSWORD +# valueFrom: +# secretKeyRef: +# name: rucio-root-account +# key: root-password +# - name: RUCIO_CFG_CREDENTIALS_GCS +# value: "/opt/rucio/etc/rse-accounts.cfg" +# command: ["sleep","3600"] +# resources: +# limits: +# cpu: 100m +# memory: 50Mi +# requests: +# cpu: 100m +# memory: 50Mi diff --git a/infrastructure/cluster/flux/rucio-dev/rucio-dev-daemons.yaml b/infrastructure/cluster/flux/rucio-dev/rucio-dev-daemons.yaml new file mode 100644 index 0000000..27c602b --- /dev/null +++ b/infrastructure/cluster/flux/rucio-dev/rucio-dev-daemons.yaml @@ -0,0 +1,504 @@ +apiVersion: helm.toolkit.fluxcd.io/v2beta1 +kind: HelmRelease +metadata: + name: daemons-dev + namespace: rucio-dev + annotations: + flux.weave.works/automated: "false" + +spec: + releaseName: daemons-dev + interval: 5m + chart: + spec: + sourceRef: + kind: HelmRepository + name: rucio-charts + namespace: rucio-dev + interval: 1m + chart: rucio-daemons + version: 32.0.0 + valuesFrom: + - kind: Secret + name: rucio-dev-db + valuesKey: dbfullstring + targetPath: config.database.default + + values: + # additionalSecrets: + # - volumeName: idpsecrets + # secretName: idpsecrets + # mountPath: /opt/rucio/etc/idpsecrets.json + # subPath: idpsecrets.json + # - volumeName: cafile + # secretName: cafile + # mountPath: /etc/grid-security/ca.pem + # subPath: ca.pem + # - volumeName: rucio-x509up + # secretName: rucio-x509up + # mountPath: /tmp/x509up + # subPath: x509up + + # TO START WITH + + # https://rucio.cern.ch/documentation/operator/transfers/transfers-overview/#daemon-overview + + abacusAccountCount: 1 + abacusCollectionReplicaCount: 1 + abacusRseCount: 1 + automatixCount: 1 + cacheConsumerCount: 0 + conveyorTransferSubmitterCount: 1 + conveyorPollerCount: 1 + conveyorFinisherCount: 1 + conveyorReceiverCount: 0 + conveyorStagerCount: 0 + conveyorThrottlerCount: 0 + conveyorPreparerCount: 0 # for debugging, if it is not there the submitter will do the path computation adn source replica selection, and since the preparer needs a secret but I dont know of which kind, let's try without + darkReaperCount: 0 + hermesCount: 1 + judgeCleanerCount: 1 + judgeEvaluatorCount: 1 + judgeInjectorCount: 1 + judgeRepairerCount: 1 + oauthManagerCount: 1 + undertakerCount: 1 + reaperCount: 1 + replicaRecovererCount: 0 + transmogrifierCount: 1 + tracerKronosCount: 0 + minosCount: 1 + minosTemporaryExpirationCount: 0 + necromancerCount: 1 + + image: + repository: rucio/rucio-daemons + tag: release-32.0.0 + pullPolicy: Always + + strategy: + type: RollingUpdate + rollingUpdate: + maxSurge: 1 + maxUnavailable: 1 + + useDeprecatedImplicitSecrets: false + + podLabels: {} + podAnnotations: {} + + minReadySeconds: 5 + + # monitoring: + # enabled: true + # serviceMonitorEnabled: true + # exporterPort: 8080 + # targetPort: 8080 + # interval: 30s + # telemetryPath: /metrics + # namespace: monitoring + # labels: + # release: prometheus-operator + + abacusAccount: + threads: 1 + podAnnotations: {} + resources: + limits: + memory: "200Mi" + cpu: "200m" # "700m" + requests: + memory: "50Mi" + cpu: "200m" # "700m" + + abacusCollectionReplica: + threads: 1 + podAnnotations: {} + resources: + limits: + memory: "200Mi" + cpu: "200m" # "700m" + requests: + memory: "50Mi" + cpu: "200m" # "700m" + + abacusRse: + fillHistoryTable: 0 + threads: 1 + podAnnotations: {} + resources: + limits: + memory: "200Mi" + cpu: "200m" # "700m" + requests: + memory: "50Mi" + cpu: "200m" # "700m" + + automatix: + threads: 1 + sleepTime: 30 + podAnnotations: {} + resources: + limits: + memory: "200Mi" + cpu: "200m" # "700m" + requests: + memory: "25Mi" + cpu: "100m" + + cacheConsumer: + threads: 1 + podAnnotations: {} + resources: + limits: + memory: "200Mi" + cpu: "700m" + requests: + memory: "25Mi" + cpu: "100m" + + conveyorTransferSubmitter: + threads: 3 # atlas has 10 + podAnnotations: {} + activities: "'Analysis Input' 'Analysis Output' 'Data Brokering' 'Data Consolidation' 'Data rebalancing' 'Debug' 'Express' 'Functional Test' 'Group Subscriptions' 'Production Input' 'Production Output' 'Recovery' 'Staging' 'T0 Export' 'T0 Export' 'T0 Tape' 'User Subscriptions' 'default' 'DAC21'" + sleepTime: 10 + archiveTimeout: "" + bulk: 1000 + groupBulk: 200 + resources: + limits: + memory: "200Mi" + cpu: "200m" # "700m" + requests: + memory: "50Mi" + cpu: "200m" # "700m" + + conveyorPoller: + activities: "'Analysis Input' 'Analysis Output' 'Data Brokering' 'Data Consolidation' 'Data rebalancing' 'Debug' 'Express' 'Functional Test' 'Group Subscriptions' 'Production Input' 'Production Output' 'Recovery' 'Staging' 'T0 Export' 'T0 Export' 'T0 Tape' 'User Subscriptions' 'default' 'DAC21'" + threads: 3 + podAnnotations: {} + resources: + limits: + memory: "200Mi" + cpu: "200m" # "700m" + requests: + memory: "50Mi" + cpu: "200m" # "700m" + + conveyorFinisher: + threads: 2 + podAnnotations: {} + resources: + limits: + memory: "200Mi" + cpu: "200m" # "700m" + requests: + memory: "50Mi" + cpu: "200m" # "700m" + + conveyorReceiver: + threads: 2 + podAnnotations: {} + resources: + limits: + memory: "200Mi" + cpu: "700m" + requests: + memory: "50Mi" + cpu: "700m" + + conveyorThrottler: + threads: 1 + podAnnotations: {} + resources: + limits: + memory: "200Mi" + cpu: "700m" + requests: + memory: "50Mi" + cpu: "700m" + + conveyorPreparer: + threads: 2 + podAnnotations: {} + resources: + limits: + memory: "200Mi" + cpu: "700m" + requests: + memory: "50Mi" + cpu: "700m" + + darkReaper: + workers: 1 + chunkSize: "10" + scheme: "" + rses: "" + includeRses: "" + excludeRses: "" + podAnnotations: {} + resources: + limits: + memory: "200Mi" + cpu: "700m" + requests: + memory: "50Mi" + cpu: "700m" + + hermes: + threads: 2 + podAnnotations: {} + bulk: 1000 + sleepTime: 10 + brokerTimeout: 3 + resources: + limits: + memory: "200Mi" + cpu: "400m" # "700m" + requests: + memory: "50Mi" + cpu: "400m" # "700m" + + judgeCleaner: + threads: 2 + podAnnotations: {} + resources: + limits: + memory: "1200Mi" + cpu: "400m" # "1000m" + requests: + memory: "100Mi" + cpu: "400m" # "1000m" + + judgeEvaluator: + threads: 2 + podAnnotations: {} + resources: + limits: + memory: "3000Mi" + cpu: "500m" # "2000m" + requests: + memory: "750Mi" + cpu: "500m" # "2000m" + + judgeInjector: + threads: 2 + podAnnotations: {} + resources: + limits: + memory: "200Mi" + cpu: "200m" # "700m" + requests: + memory: "50Mi" + cpu: "200m" # "700m" + + judgeRepairer: + threads: 2 + podAnnotations: {} + resources: + limits: + memory: "6000Mi" + cpu: "400m" # "1000m" + requests: + memory: "200Mi" + cpu: "400m" # "1000m" + + oauthManager: + threads: 1 + podAnnotations: {} + resources: + limits: + memory: "200Mi" + cpu: "200m" # "700m" + requests: + memory: "50Mi" + cpu: "200m" # "700m" + + undertaker: + threads: 1 + podAnnotations: {} + resources: + limits: + memory: "200Mi" + cpu: "200m" # "700m" + requests: + memory: "50Mi" + cpu: "200m" # "700m" + + reaper: + greedy: 1 + scheme: "" + threads: 2 + chunkSize: 2 + includeRses: "" + podAnnotations: {} + resources: + limits: + memory: "1600Mi" + cpu: "800m" # "2000m" + requests: + memory: "125Mi" + cpu: "30m" # "400m" + + replicaRecoverer: + threads: 1 + podAnnotations: {} + resources: + limits: + memory: "200Mi" + cpu: "700m" + requests: + memory: "50Mi" + cpu: "700m" + + transmogrifier: + threads: 1 + podAnnotations: {} + resources: + limits: + memory: "200Mi" + cpu: "200m" # "700m" + requests: + memory: "50Mi" + cpu: "200m" # "700m" + + tracerKronos: + threads: 1 + podAnnotations: {} + resources: + limits: + memory: "200Mi" + cpu: "700m" + requests: + memory: "50Mi" + cpu: "700m" + + minos: + threads: 1 + podAnnotations: {} + resources: + limits: + memory: "200Mi" + cpu: "200m" # "700m" + requests: + memory: "25Mi" + cpu: "50m" # "100m" + + minosTemporaryExpiration: + threads: 1 + podAnnotations: {} + resources: + limits: + memory: "200Mi" + cpu: "700m" + requests: + memory: "25Mi" + cpu: "100m" + + necromancer: + podAnnotations: {} + resources: + limits: + memory: "200Mi" + cpu: "700m" + requests: + memory: "25Mi" + cpu: "100m" + + ftsRenewal: + schedule: "12 */6 * * *" + enabled: 1 + image: + repository: rucio/fts-cron + tag: 32.0.0 + pullPolicy: Always + vos: + - vo: "escape" + voms: "escape" + servers: "https://fts3-devel.cern.ch:8446,https://fts3-pilot.cern.ch:8446" + script: 'escape' + secretMounts: + - secretName: fts-cert + mountPath: /opt/rucio/certs/ewp2c01-cert.pem + subPath: ewp2c01-cert.pem + - secretName: fts-key + mountPath: /opt/rucio/keys/ewp2c01-key.pem + subPath: ewp2c01-key.pem + - secretName: idpsecrets + mountPath: /opt/rucio/etc/idpsecrets.json + subPath: idpsecrets.json + additionalEnvs: + # - name: USERCERT_NAME + # value: ewp2c01-cert.pem + # - name: USERKEY_NAME + # value: ewp2c01-key.pem + # - name: RUCIO_FTS_SECRETS + # value: daemons-dev-rucio-x509up + resources: + limits: + cpu: 500m + memory: 256Mi + requests: + cpu: 100m + memory: 128Mi + + automaticRestart: + enabled: 1 + image: + repository: bitnami/kubectl + tag: latest + pullPolicy: IfNotPresent + # schedule: "7 1 * * *" + schedule: "10 */8 * * *" + selectorLabel: "app-group=rucio-daemons" + resources: + limits: + cpu: 500m + memory: 256Mi + requests: + cpu: 100m + memory: 128Mi + + config: + database: + pool_size: 10 + max_overflow: 20 + + # oidc: + # idpsecrets: "/opt/rucio/etc/idpsecrets.json" + # admin_issuer: "escape" + # expected_audience: "rucio" + # # expected_scope: "openid profile" + + monitor: + enable_metrics: "True" + + policy: + permission: "escape" + schema: "escape" + + conveyor: + scheme: "srm,gsiftp,root,http,https" + transfertool: "fts3" + ftshosts: "https://fts3-pilot.cern.ch:8446" + # cacert: "/etc/grid-security/ca.pem" + # usercert: "/tmp/x509up" + # cacert: "/opt/certs/CERN-bundle.pem" + # usercert: "/opt/proxy/x509up" + + # this needs to be messaging_hermes and not messaging-hermes for some reason + + messaging_hermes: + port: "61113" + nonssl_port: "61113" + use_ssl: "False" + destination: "/topic/eosc-dev.rucio.events" #"/topic/escape.rucio.events" changed from escape + brokers: "dashb-mb.cern.ch" + voname: "escape" + + messaging_fts3: + port: "61123" + use_ssl: "False" + brokers: "dashb-mb.cern.ch" + voname: "escape" + \ No newline at end of file diff --git a/infrastructure/cluster/flux/rucio-dev/rucio-dev-serversAuth.yaml b/infrastructure/cluster/flux/rucio-dev/rucio-dev-serversAuth.yaml new file mode 100644 index 0000000..c4f10aa --- /dev/null +++ b/infrastructure/cluster/flux/rucio-dev/rucio-dev-serversAuth.yaml @@ -0,0 +1,127 @@ +apiVersion: helm.toolkit.fluxcd.io/v2beta1 +kind: HelmRelease +metadata: + name: servers-auth-dev + namespace: rucio-dev + annotations: + flux.weave.works/automated: "false" + +spec: + releaseName: servers-auth-dev + interval: 5m + chart: + spec: + sourceRef: + kind: HelmRepository + name: rucio-charts + namespace: rucio-dev + interval: 1m + chart: rucio-server + version: 33.0.3 + valuesFrom: + - kind: Secret + name: rucio-dev-db + valuesKey: dbfullstring + targetPath: config.database.default + + values: + # secretMounts: + # - secretName: server-hostcert + # mountPath: /etc/grid-security/hostcert.pem + # subPath: hostcert.pem + # - secretName: server-hostkey + # mountPath: /etc/grid-security/hostkey.pem + # subPath: hostkey.pem + # - secretName: server-cafile + # mountPath: /etc/grid-security/ca.pem + # subPath: ca.pem + # - secretName: idpsecrets + # mountPath: /opt/rucio/etc/idpsecrets.json + # subPath: idpsecrets.json + + additionalEnvs: + # # **KIKE**: This is gonna be a pain in the ass. + # - name: RUCIO_CA_PATH + # value: "/etc/grid-security/certificates" + - name: RUCIO_SSL_PROTOCOL + value: "-SSLv3 -TLSv1 -TLSv1.1 +TLSv1.2 +TLSv1.3" + # - name: RUCIO_HTTPD_PROXY_PROTOCOL_EXCEPTIONS + # valueFrom: + # fieldRef: + # fieldPath: status.hostIP + + + replicaCount: 1 + useSSL: true + + image: + repository: rucio/rucio-server + tag: release-33.6.1 + pullPolicy: Always + + service: + type: LoadBalancer + port: 443 + targetPort: 443 + protocol: TCP + name: https + # allocateLoadBalancerNodePorts: true + # externalTrafficPolicy: Cluster + # annotations: + # service.beta.kubernetes.io/openstack-internal-load-balancer: "true" # this just tells openstack that the loadbalanced services are internal to the cluster. + # loadbalancer.openstack.org/cascade-delete: "false" + + + serverType: flask + + # automaticRestart: + # enabled: 1 + # image: + # repository: bitnami/kubectl + # tag: latest + # pullPolicy: IfNotPresent + # schedule: "01 0 * * *" + # selectorLabel: "'release in (servers-auth-dev),app in (rucio-dev)'" + + # httpd_config: + # mpm_mode: "event" + # timeout: "300" + # enable_status: "True" + # legacy_dn: "True" + # keep_alive: "On" + # keep_alive_timeout: "5" + # max_keep_alive_requests: "128" + # server_limit: "10" + # start_servers: "4" + # thread_limit: "128" + # threads_per_child: "128" + # min_spare_threads: "256" + # max_spare_threads: "512" + # max_request_workers: "1280" + # max_connections_per_child: "2048" + # max_clients: "20" + # # mpm_mode: "worker" + + ## values used to configure Rucio + config: + database: + pool_size: 10 + max_overflow: 20 + + # oidc: + # idpsecrets: "/opt/rucio/etc/idpsecrets.json" + # admin_issuer: "escape" + # expected_audience: "rucio" + # expected_scope: "openid profile" + + # policy: + # permission: "escape" + # schema: "escape" + + serverResources: + limits: + cpu: "2000m" #"4000m" + memory: "1000Mi" + requests: + cpu: #"1000m" #"2000m" + memory: "500Mi" diff --git a/infrastructure/cluster/flux/rucio-dev/rucio-dev-ui.yaml b/infrastructure/cluster/flux/rucio-dev/rucio-dev-ui.yaml new file mode 100644 index 0000000..cf65eee --- /dev/null +++ b/infrastructure/cluster/flux/rucio-dev/rucio-dev-ui.yaml @@ -0,0 +1,125 @@ +# apiVersion: helm.toolkit.fluxcd.io/v2beta1 +# kind: HelmRelease +# metadata: +# name: webui-dev +# namespace: rucio-dev + +# spec: +# releaseName: webui-dev +# interval: 5m +# chart: +# spec: +# sourceRef: +# kind: HelmRepository +# name: rucio-charts +# namespace: rucio-dev +# interval: 1m +# chart: rucio-ui +# # version: 1.30.0 +# version: 32.0.1 +# valuesFrom: +# - kind: Secret +# name: rucio-dev-db +# valuesKey: dbfullstring +# targetPath: config.database.default + +# values: +# secretMounts: +# - secretName: hostcert +# mountPath: /etc/grid-security/hostcert.pem +# subPath: hostcert.pem +# - secretName: hostkey +# mountPath: /etc/grid-security/hostkey.pem +# subPath: hostkey.pem +# - secretName: cafile +# mountPath: /etc/grid-security/ca.pem +# subPath: ca.pem +# - secretName: idpsecrets +# mountPath: /opt/rucio/etc/idpsecrets.json +# subPath: idpsecrets.json + +# replicaCount: 1 +# exposeErrorLogs: True + +# # service: +# # type: NodePort +# # useSSL: true +# # port: 443 +# # targetPort: https +# # portName: https +# service: +# # type: LoadBalancer +# # useSSL: true +# # port: 443 +# # targetPort: 443 +# # protocol: TCP +# # name: https +# # annotations: +# # service.beta.kubernetes.io/openstack-internal-load-balancer: "true" + +# type: LoadBalancer +# useSSL: true +# port: 80 +# targetPort: 80 +# protocol: TCP +# name: https +# annotations: +# service.beta.kubernetes.io/openstack-internal-load-balancer: "true" + +# image: +# repository: rucio/rucio-ui +# # tag: release-32.0.0 +# tag: release-32.5.1 +# pullPolicy: Always + +# strategy: +# type: RollingUpdate +# rollingUpdate: +# maxSurge: 1 +# maxUnavailable: 1 + +# minReadySeconds: 5 + +# proxy: +# rucioProxy: "vre-dev-rucio.cern.ch" +# rucioProxyScheme: "https" +# rucioAuthProxy: "vre-dev-auth-rucio.cern.ch" +# rucioAuthProxyScheme: "https" + +# # ingress: +# # enabled: true +# # annotations: +# # kubernetes.io/ingress.class: nginx +# # nginx.ingress.kubernetes.io/ssl-passthrough: "true" +# # nginx.ingress.kubernetes.io/ssl-redirect: "true" +# # path: / +# # hosts: +# # - vre-dev-rucio-ui.cern.ch + +# ## values used to configure apache +# httpd_config: +# legacy_dn: "False" + +# config: + +# database: [] + +# policy: +# # permission: "generic" +# # schema: "generic" +# permission: "escape" +# schema: "escape" +# lfn2pfn_algorithm_default: "identity" + +# # oidc: +# # idpsecrets: "/opt/rucio/etc/idpsecrets.json" +# # admin_issuer: "escape" + +# resources: +# limits: +# cpu: 200m +# memory: 200Mi +# requests: +# cpu: 200m +# memory: 125Mi +