-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathrucio-servers.yaml
172 lines (148 loc) · 3.75 KB
/
rucio-servers.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
apiVersion: helm.toolkit.fluxcd.io/v2beta1
kind: HelmRelease
metadata:
name: servers-vre
namespace: rucio-vre
annotations:
flux.weave.works/automated: "false"
spec:
releaseName: servers-vre
interval: 5m
chart:
spec:
sourceRef:
kind: HelmRepository
name: rucio-charts
namespace: rucio-vre
interval: 1m
chart: rucio-server
version: 1.30.0
valuesFrom:
- kind: Secret
name: rucio-db
valuesKey: dbconnectstring
values:
replicaCount: 2
authReplicaCount: 2
useSSL:
server: true
authServer: true
image:
repository: rucio/rucio-server
tag: release-1.30.0
pullPolicy: Always
# The API server listens on port 6443 (by default).
# Therefore, expose the API server on port 443 and listen to 6443.
service:
type: ClusterIP
port: 80
targetPort: 80
protocol: TCP
name: http
annotations: {}
authService:
type: ClusterIP
port: 443
targetPort: 443
protocol: TCP
name: https
annotations: {}
serverType:
server: flask
authServer: flask
ingress:
enabled: true
path: /
annotations:
kubernetes.io/ingress.class: nginx
nginx.ingress.kubernetes.io/frontend-entry-points: http, https
nginx.ingress.kubernetes.io/ssl-redirect: "false"
hosts:
- "vre-rucio.cern.ch"
tls:
- secretName: vre-rucio-server.tls-secret
authIngress:
enabled: true
annotations:
kubernetes.io/ingress.class: nginx
nginx.ingress.kubernetes.io/ssl-passthrough: "true"
nginx.ingress.kubernetes.io/ssl-redirect: "true"
hosts:
- "vre-rucio-auth.cern.ch"
path: /
monitoring:
enabled: true
automaticRestart:
enabled: 1
image:
repository: bitnami/kubectl
tag: latest
pullPolicy: IfNotPresent
schedule: "17 1 * * *"
selectorLabel: "'app in (rucio-server,rucio-server-trace,rucio-server-auth)'"
resources:
limits:
cpu: 500m
memory: 256Mi
requests:
cpu: 100m
memory: 128Mi
additionalSecrets:
- volumeName: rucio-db
secretName: rucio-db
mountPath: /opt/rucio/etc/rucio-db
subPath: rucio-db
- volumeName: idpsecrets
secretName: idpsecrets
mountPath: /opt/rucio/etc/idpsecrets.json
subPath: idpsecrets.json
- volumeName: rse-accounts
secretName: rse-accounts
mountPath: /opt/rucio/etc/rse-accounts.json
subPath: rse-accounts.json
wsgi:
daemonProcesses: "4"
daemonThreads: "4"
httpd_config:
mpm_mode: "event"
timeout: "300"
enable_status: "True"
legacy_dn: "True"
keep_alive: "On"
keep_alive_timeout: "5"
max_keep_alive_requests: "128"
server_limit: "10"
start_servers: "4"
thread_limit: "128"
threads_per_child: "128"
min_spare_threads: "256"
max_spare_threads: "512"
max_request_workers: "1280"
max_connections_per_child: "2048"
## values used to configure Rucio
config:
database:
pool_size: 10
max_overflow: 20
oidc:
idpsecrets: "/opt/rucio/etc/idpsecrets.json"
admin_issuer: "escape"
expected_audience: "rucio"
expected_scope: "openid profile"
policy:
permission: "escape"
schema: "escape"
serverResources:
limits:
cpu: "4000m"
memory: "4000Mi"
requests:
cpu: "2000m"
memory: "2000Mi"
authServerResources:
limits:
cpu: "4000m"
memory: "4000Mi"
requests:
cpu: "2000m"
memory: "2000Mi"