diff --git a/infrastructure/cluster/flux-v2/rucio-vre/rucio-servers.yaml b/infrastructure/cluster/flux-v2/rucio-vre/rucio-servers.yaml index cc2abeb7..44a13f39 100644 --- a/infrastructure/cluster/flux-v2/rucio-vre/rucio-servers.yaml +++ b/infrastructure/cluster/flux-v2/rucio-vre/rucio-servers.yaml @@ -1,200 +1,200 @@ -# apiVersion: helm.toolkit.fluxcd.io/v2beta1 -# kind: HelmRelease -# metadata: -# name: servers-vre -# namespace: rucio-vre -# annotations: -# flux.weave.works/automated: "false" +apiVersion: helm.toolkit.fluxcd.io/v2beta1 +kind: HelmRelease +metadata: + name: servers-vre + namespace: rucio-vre + annotations: + flux.weave.works/automated: "false" -# spec: -# releaseName: servers-vre -# interval: 5m -# chart: -# spec: -# sourceRef: -# kind: HelmRepository -# name: rucio-charts -# namespace: rucio-vre -# interval: 1m -# chart: rucio-server -# version: 1.30.0 - -# valuesFrom: -# - kind: Secret -# name: rucio-db -# valuesKey: values.yaml - -# values: -# additionalSecrets: -# idpsecrets: -# secretName: idpsecrets -# mountPath: /opt/rucio/etc/idpsecrets.json -# subPath: idpsecrets.json -# rse-accounts: -# secretName: rse-accounts -# mountPath: /opt/rucio/etc/rse-accounts.json -# subPath: rse-accounts.json +spec: + releaseName: servers-vre + interval: 5m + chart: + spec: + sourceRef: + kind: HelmRepository + name: rucio-charts + namespace: rucio-vre + interval: 1m + chart: rucio-server + version: 1.30.0 + + valuesFrom: + - kind: Secret + name: rucio-db + valuesKey: values.yaml + + values: + additionalSecrets: + idpsecrets: + secretName: idpsecrets + mountPath: /opt/rucio/etc/idpsecrets.json + subPath: idpsecrets.json + rse-accounts: + secretName: rse-accounts + mountPath: /opt/rucio/etc/rse-accounts.json + subPath: rse-accounts.json -# replicaCount: 2 -# authReplicaCount: 2 - -# useSSL: -# server: true -# authServer: true - -# image: -# repository: rucio/rucio-server -# tag: release-1.30.0 -# pullPolicy: Always - -# # The API server listens on port 6443 (by default). -# # Therefore, expose the API server on port 443 and listen to 6443. - -# service: -# type: LoadBalancer -# port: 443 -# targetPort: 443 -# protocol: TCP -# name: https -# # # annotations: -# # # # These annotations are only required for cluster templates <=1.18 -# # # loadbalancer.openstack.org/network-id: "798d00f3-2af9-48a0-a7c3-a26d909a2d64" -# # # service.beta.kubernetes.io/openstack-internal-load-balancer: "true" -# # # loadbalancer.openstack.org/cascade-delete: "false" - -# authService: -# type: LoadBalancer -# port: 443 -# targetPort: 443 -# protocol: TCP -# name: https -# # # annotations: -# # # # These annotations are only required for cluster templates <=1.18 -# # # loadbalancer.openstack.org/network-id: "798d00f3-2af9-48a0-a7c3-a26d909a2d64" -# # # service.beta.kubernetes.io/openstack-internal-load-balancer: "true" -# # # loadbalancer.openstack.org/cascade-delete: "false" + replicaCount: 2 + authReplicaCount: 2 + + useSSL: + server: true + authServer: true + + image: + repository: rucio/rucio-server + tag: release-1.30.0 + pullPolicy: Always + + # The API server listens on port 6443 (by default). + # Therefore, expose the API server on port 443 and listen to 6443. + + service: + type: LoadBalancer + port: 443 + targetPort: 443 + protocol: TCP + name: https + # # annotations: + # # # These annotations are only required for cluster templates <=1.18 + # # loadbalancer.openstack.org/network-id: "798d00f3-2af9-48a0-a7c3-a26d909a2d64" + # # service.beta.kubernetes.io/openstack-internal-load-balancer: "true" + # # loadbalancer.openstack.org/cascade-delete: "false" + + authService: + type: LoadBalancer + port: 443 + targetPort: 443 + protocol: TCP + name: https + # # annotations: + # # # These annotations are only required for cluster templates <=1.18 + # # loadbalancer.openstack.org/network-id: "798d00f3-2af9-48a0-a7c3-a26d909a2d64" + # # service.beta.kubernetes.io/openstack-internal-load-balancer: "true" + # # loadbalancer.openstack.org/cascade-delete: "false" -# # service: -# # type: ClusterIP -# # port: 443 -# # targetPort: 443 -# # protocol: TCP -# # name: https - -# # authService: -# # type: ClusterIP -# # port: 443 -# # targetPort: 443 -# # protocol: TCP -# # name: https - -# # ingress: -# # enabled: true -# # path: / -# # annotations: -# # kubernetes.io/ingress.class: nginx -# # nginx.ingress.kubernetes.io/frontend-entry-points: http, https -# # nginx.ingress.kubernetes.io/ssl-redirect: "false" -# # # nginx.ingress.kubernetes.io/ssl-passthrough: "true" -# # # nginx.ingress.kubernetes.io/ssl-redirect: "true" -# # hosts: -# # - "vre-rucio.cern.ch" -# # tls: -# # - secretName: rucio-server.tls-secret - -# # authIngress: -# # enabled: true -# # path: / -# # annotations: -# # kubernetes.io/ingress.class: nginx -# # nginx.ingress.kubernetes.io/frontend-entry-points: http, https -# # nginx.ingress.kubernetes.io/ssl-redirect: "false" + # service: + # type: ClusterIP + # port: 443 + # targetPort: 443 + # protocol: TCP + # name: https + + # authService: + # type: ClusterIP + # port: 443 + # targetPort: 443 + # protocol: TCP + # name: https + + # ingress: + # enabled: true + # path: / + # annotations: + # kubernetes.io/ingress.class: nginx + # nginx.ingress.kubernetes.io/frontend-entry-points: http, https + # nginx.ingress.kubernetes.io/ssl-redirect: "false" + # # nginx.ingress.kubernetes.io/ssl-passthrough: "true" + # # nginx.ingress.kubernetes.io/ssl-redirect: "true" + # hosts: + # - "vre-rucio.cern.ch" + # tls: + # - secretName: rucio-server.tls-secret + + # authIngress: + # enabled: true + # path: / + # annotations: + # kubernetes.io/ingress.class: nginx + # nginx.ingress.kubernetes.io/frontend-entry-points: http, https + # nginx.ingress.kubernetes.io/ssl-redirect: "false" -# # # nginx.ingress.kubernetes.io/ssl-passthrough: "true" -# # # nginx.ingress.kubernetes.io/ssl-redirect: "true" -# # hosts: -# # - "vre-rucio-auth.cern.ch" -# # tls: -# # - secretName: rucio-server-auth.tls-secret + # # nginx.ingress.kubernetes.io/ssl-passthrough: "true" + # # nginx.ingress.kubernetes.io/ssl-redirect: "true" + # hosts: + # - "vre-rucio-auth.cern.ch" + # tls: + # - secretName: rucio-server-auth.tls-secret -# serverType: -# server: flask -# authServer: flask - -# # monitoring: -# # enabled: true - -# automaticRestart: -# enabled: 1 -# image: -# repository: bitnami/kubectl -# tag: latest -# pullPolicy: IfNotPresent -# schedule: "17 1 * * *" -# selectorLabel: "'app in (rucio-server,rucio-server-trace,rucio-server-auth)'" -# resources: -# limits: -# cpu: 500m -# memory: 256Mi -# requests: -# cpu: 100m -# memory: 128Mi + serverType: + server: flask + authServer: flask + + # monitoring: + # enabled: true + + automaticRestart: + enabled: 1 + image: + repository: bitnami/kubectl + tag: latest + pullPolicy: IfNotPresent + schedule: "17 1 * * *" + selectorLabel: "'app in (rucio-server,rucio-server-trace,rucio-server-auth)'" + resources: + limits: + cpu: 500m + memory: 256Mi + requests: + cpu: 100m + memory: 128Mi -# wsgi: -# daemonProcesses: "4" -# daemonThreads: "4" + wsgi: + daemonProcesses: "4" + daemonThreads: "4" -# additionalEnvs: -# - name: RUCIO_SSL_PROTOCOL -# value: "all -SSLv2 -SSLv3" - -# httpd_config: -# mpm_mode: "event" -# timeout: "300" -# enable_status: "True" -# legacy_dn: "True" -# keep_alive: "On" -# keep_alive_timeout: "5" -# max_keep_alive_requests: "128" -# server_limit: "10" -# start_servers: "4" -# thread_limit: "128" -# threads_per_child: "128" -# min_spare_threads: "256" -# max_spare_threads: "512" -# max_request_workers: "1280" -# max_connections_per_child: "2048" - -# ## values used to configure Rucio -# config: - -# database: -# pool_size: 10 -# max_overflow: 20 + additionalEnvs: + - name: RUCIO_SSL_PROTOCOL + value: "all -SSLv2 -SSLv3" + + httpd_config: + mpm_mode: "event" + timeout: "300" + enable_status: "True" + legacy_dn: "True" + keep_alive: "On" + keep_alive_timeout: "5" + max_keep_alive_requests: "128" + server_limit: "10" + start_servers: "4" + thread_limit: "128" + threads_per_child: "128" + min_spare_threads: "256" + max_spare_threads: "512" + max_request_workers: "1280" + max_connections_per_child: "2048" + + ## values used to configure Rucio + config: + + database: + pool_size: 10 + max_overflow: 20 -# oidc: -# idpsecrets: "/opt/rucio/etc/idpsecrets.json" -# admin_issuer: "escape" -# expected_audience: "rucio" -# expected_scope: "openid profile" - -# policy: -# permission: "escape" -# schema: "escape" + oidc: + idpsecrets: "/opt/rucio/etc/idpsecrets.json" + admin_issuer: "escape" + expected_audience: "rucio" + expected_scope: "openid profile" + + policy: + permission: "escape" + schema: "escape" -# serverResources: -# limits: -# cpu: "4000m" -# memory: "4000Mi" -# requests: -# cpu: "2000m" -# memory: "2000Mi" - -# authServerResources: -# limits: -# cpu: "1000m" -# memory: "1000Mi" -# requests: -# cpu: "200m" -# memory: "500Mi" + serverResources: + limits: + cpu: "4000m" + memory: "4000Mi" + requests: + cpu: "2000m" + memory: "2000Mi" + + authServerResources: + limits: + cpu: "1000m" + memory: "1000Mi" + requests: + cpu: "200m" + memory: "500Mi"