Skip to content

Commit

Permalink
rucio iam sync cronjob, plus secrets script updated
Browse files Browse the repository at this point in the history
  • Loading branch information
garciagenrique committed Sep 23, 2024
1 parent 8a68c5b commit 48400da
Show file tree
Hide file tree
Showing 5 changed files with 162 additions and 7 deletions.
131 changes: 131 additions & 0 deletions infrastructure/cluster/flux/rucio/rucio-cronjobs.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,131 @@
---
apiVersion: batch/v1
kind: CronJob
metadata:
name: iam-sync
namespace: rucio
spec:
schedule: "*/10 * * * *"
concurrencyPolicy: Forbid
successfulJobsHistoryLimit: 1
jobTemplate:
spec:
template:
spec:
restartPolicy: OnFailure
containers:
- name: iam-sync
image: ghcr.io/vre-hub/vre-iam-rucio-sync:v1.0.0-rc.2
volumeMounts:
- name: rucio-cfg
mountPath: /opt/rucio/etc/
- name: daemons-rucio-x509up
mountPath: /tmp/
env:
- name: IAM_SERVER
value: "https://iam-escape.cloud.cnaf.infn.it/"
- name: IAM_CLIENT_SECRET
valueFrom:
secretKeyRef:
name: rucio-admin-iam-client
key: admin-client_secret
- name: IAM_CLIENT_ID
valueFrom:
secretKeyRef:
name: rucio-admin-iam-client
key: admin-client_id
tty: true
imagePullPolicy: Always
command:
- /bin/sh
- -c
- date; echo Hello from iam-rucio-sync container;
pwd; ls;rucio whoami;
echo $IAM_SERVER; echo $IAM_CLIENT_ID; echo $IAM_CLIENT_SECRET; python3 /home/sync_iam_rucio.py;
echo '* Sync to IAM * Done!'
volumes:
- name: rucio-cfg
secret:
secretName: escape-service-account
- name: daemons-rucio-x509up
secret:
secretName: daemons-rucio-x509up
# ---
# apiVersion: batch/v1
# kind: CronJob
# metadata:
# name: rucio-noise
# namespace: rucio-vre
# spec:
# schedule: "*/10 * * * *"
# concurrencyPolicy: Forbid
# successfulJobsHistoryLimit: 1
# jobTemplate:
# spec:
# template:
# spec:
# restartPolicy: OnFailure
# containers:
# - name: rucio-noise
# image: ghcr.io/vre-hub/vre-rucio-noise:v1.0.0-rc0-52-7e5585c
# volumeMounts:
# - name: rucio-cfg
# mountPath: /opt/rucio/etc/
# - name: prod-rucio-x509up
# mountPath: /tmp/
# tty: true
# imagePullPolicy: Always
# command:
# - /bin/sh
# - -c
# - date; ls -l /etc/pki/tls/certs/; ls -l /tmp/; cd /opt/rucio/etc/; pwd; echo Hello from rucio-noise container;
# export RUCIO_CONFIG=/opt/rucio/etc/rucio.cfg; echo Exported config; cat /opt/rucio/etc/rucio.cfg; rucio -vvv whoami;
# cd /home; export FSIZE=10M; FILE_SIZE=${FSIZE} /bin/bash produce_noise.sh; echo "Rucio noise cronjob ${FSIZE} Done!"
# volumes:
# - name: rucio-cfg
# secret:
# secretName: escape-service-account
# defaultMode: 0400
# - name: prod-rucio-x509up
# secret:
# secretName: prod-rucio-x509up
# ---
# apiVersion: v1
# kind: Pod
# metadata:
# name: rucio-client
# namespace: rucio-vre
# spec:
# containers:
# - name: rucio-client
# image: ghcr.io/vre-hub/vre-rucio-client:v0.1.2-1-0487cc0
# imagePullPolicy: Always
# env:
# - name: RUCIO_CFG_RUCIO_HOST
# value: "https://vre-rucio.cern.ch"
# - name: RUCIO_CFG_AUTH_HOST
# value: "https://vre-rucio-auth.cern.ch"
# - name: RUCIO_CFG_ACCOUNT
# value: "root"
# - name: RUCIO_CFG_AUTH_TYPE
# value: "userpass"
# - name: RUCIO_CFG_USERNAME
# valueFrom:
# secretKeyRef:
# name: root-account
# key: root-username
# - name: RUCIO_CFG_PASSWORD
# valueFrom:
# secretKeyRef:
# name: root-account
# key: root-password
# command: ["sleep","3600"]
# resources:
# limits:
# cpu: 100m
# memory: 50Mi
# requests:
# cpu: 100m
# memory: 50Mi


Original file line number Diff line number Diff line change
Expand Up @@ -24,4 +24,11 @@ OUTPUT_SECRET="escape-service-account.yaml"
cat ${RAW_SECRETS} | kubeseal --controller-name=${CONTROLLER_NAME} --controller-namespace=${CONTROLLER_NS} --format yaml --namespace=${RUCIO_NS} > ${SECRETS_DIR}/ss_${OUTPUT_SECRET}
kubectl apply -f ${SECRETS_DIR}/ss_${OUTPUT_SECRET}

echo " *** Create and apply RUCIO ADMIN IAM CLIENT details secret"

RAW_SECRETS="/root/software/vre/infrastructure/secrets/tmp_local_secrets/rucio-admin-iam-client.yaml"
OUTPUT_SECRET="rucio-admin-iam-client.yaml"
cat ${RAW_SECRETS} | kubeseal --controller-name=${CONTROLLER_NAME} --controller-namespace=${CONTROLLER_NS} --format yaml --namespace=${RUCIO_NS} > ${SECRETS_DIR}/ss_${OUTPUT_SECRET}
kubectl apply -f ${SECRETS_DIR}/ss_${OUTPUT_SECRET}

echo "Done"
Loading

0 comments on commit 48400da

Please sign in to comment.