From a52dafa50855d164432b3e0c6f5280944b824dbe Mon Sep 17 00:00:00 2001 From: maany Date: Tue, 12 Mar 2024 21:58:56 +0100 Subject: [PATCH 1/6] ui: allow service to run in http/https modes, add support for annotations --- charts/rucio-ui/templates/service.yaml | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/charts/rucio-ui/templates/service.yaml b/charts/rucio-ui/templates/service.yaml index a605c04..43f0286 100644 --- a/charts/rucio-ui/templates/service.yaml +++ b/charts/rucio-ui/templates/service.yaml @@ -15,10 +15,13 @@ metadata: spec: type: {{ $.Values.service.type }} ports: - - port: {{ $.Values.service.port }} - targetPort: {{ $.Values.service.targetPort }} + - port: {{ ternary 443 80 $.Values.service.useSSL }} + targetPort: {{ ternary "https" "http" $.Values.service.useSSL }} protocol: TCP - name: {{ $.Values.service.portName }} + {{- if $.Values.service.nodePort }} + nodePort: {{ $.Values.service.nodePort }} + {{- end }} + name: {{ ternary "https" "http" $.Values.service.useSSL }} selector: app: {{ template "rucio.name" . }} release: {{ .Release.Name }} From c5ecf767aafcf8c1dbe26efe01d927cb8ae5f236 Mon Sep 17 00:00:00 2001 From: maany Date: Wed, 13 Mar 2024 16:30:01 +0100 Subject: [PATCH 2/6] ui: update ingress, document the default values.yml file. --- charts/rucio-ui/templates/ingress.yaml | 2 + charts/rucio-ui/values.yaml | 58 +++++++++++++++++++------- 2 files changed, 44 insertions(+), 16 deletions(-) diff --git a/charts/rucio-ui/templates/ingress.yaml b/charts/rucio-ui/templates/ingress.yaml index 1b3c618..4a8e471 100644 --- a/charts/rucio-ui/templates/ingress.yaml +++ b/charts/rucio-ui/templates/ingress.yaml @@ -1,3 +1,4 @@ +{{- if gt .Values.replicaCount 0.0 -}} {{- if .Values.ingress.enabled -}} {{- $fullName := include "rucio.fullname" . -}} {{- $ingressPath := .Values.ingress.path -}} @@ -38,3 +39,4 @@ spec: {{- end }} {{- end }} {{- end }} +{{- end }} diff --git a/charts/rucio-ui/values.yaml b/charts/rucio-ui/values.yaml index 5d5b11b..d027485 100644 --- a/charts/rucio-ui/values.yaml +++ b/charts/rucio-ui/values.yaml @@ -13,14 +13,15 @@ exposeErrorLogs: true service: type: NodePort # Run the webui server on port 443 instead of 80 and accept X509 certificates and proxies - useSSL: true - port: 443 - targetPort: https - portName: https + useSSL: false + port: 80 + targetPort: http + nodePort: 30734 + annotations: [] image: - repository: rucio/rucio-ui - tag: release-1.21.12 + repository: maany/rucio-ui + tag: release-33.6.1 pullPolicy: Always imagePullSecrets: [] @@ -35,20 +36,46 @@ strategy: minReadySeconds: 5 proxy: - rucioProxy: "" - # rucioProxyScheme: "https" - rucioAuthProxy: "" - # rucioAuthProxyScheme: "https" + rucioProxy: "rucio-lb-prod.cern.ch" + rucioProxyScheme: "https" + rucioAuthProxy: "rucio-auth-prod.cern.ch" + rucioAuthProxyScheme: "https" ingress: enabled: false # ingressClassName: traefik annotations: {} + # traefik.ingress.kubernetes.io/frontend-entry-points: http + # traefik.ingress.kubernetes.io/redirect-entry-point: https path: / hosts: [] # - my.rucio.test - -secretMounts: {} + tls: + - secretName: rucio-server.tls-secret + secrets: + ## If you're providing your own certificates, please use this to add the certificates as secrets + ## key and certificate should start with -----BEGIN CERTIFICATE----- or + ## -----BEGIN RSA PRIVATE KEY----- + ## + ## name should line up with a tlsSecret set further up + ## If you're using kube-lego, this is unneeded, as it will create the secret for you if it is not set + ## + ## It is also possible to create and manage the certificates outside of this helm chart + ## Please see README.md for more information + # - name: rucio-server.tls-secret + # key: |+ + # -----BEGIN RSA PRIVATE KEY----- + # -----END RSA PRIVATE KEY----- + # certificate: |+ + # -----BEGIN CERTIFICATE----- + # -----END CERTIFICATE----- + + +## Additional secrets to be mounted as files in the ui container. +## Use this to mount certificates, ca-files for httpd. +## You can also use this to mount sections of rucio.cfg file. In this case, the mount path +## should be in the /opt/rucio/etc/conf.d/.cfg format. +secretMounts: # - volumeName: gcssecret # secretName: gcssecret # mountPath: /opt/rucio/etc/gcs_rucio.json @@ -109,10 +136,9 @@ config: ## config.permission.support_rucio: (default "https://github.com/rucio/rucio/issues/") # support_rucio: "https://github.com/rucio/rucio/issues/" - ## Only necessary for webui deployments - # webui: - ## config.webui.usercert: (default "/opt/rucio/etc/usercert_with_key.pem") - # usercert: "/opt/rucio/etc/usercert_with_key.pem" +# Additional environment variables to be set in the container. +# For a list, please see: https://github.com/rucio/containers/blob/master/ui/README.md +optional_config: {} resources: {} # limits: From 758d1f8dc32f0a98133f9d448b365955765bc118 Mon Sep 17 00:00:00 2001 From: maany Date: Wed, 13 Mar 2024 19:44:44 +0100 Subject: [PATCH 3/6] ui: explicitly specify hostname for apache --- charts/rucio-ui/templates/deployment.yaml | 4 ++-- charts/rucio-ui/values.yaml | 15 ++++++++------- 2 files changed, 10 insertions(+), 9 deletions(-) diff --git a/charts/rucio-ui/templates/deployment.yaml b/charts/rucio-ui/templates/deployment.yaml index a1c0b0e..ae11c32 100644 --- a/charts/rucio-ui/templates/deployment.yaml +++ b/charts/rucio-ui/templates/deployment.yaml @@ -156,8 +156,8 @@ spec: - name: RUCIO_AUTH_PROXY_SCHEME value: {{ .Values.proxy.rucioAuthProxyScheme }} {{- end }} - - name: RUCIO_DEFINE_ALIASES - value: "True" + - name: RUCIO_HOSTNAME + value: {{ .Values.httpd_config.rucio_hostname }} - name: RUCIO_OVERRIDE_CONFIGS value: "/opt/rucio/etc/conf.d/" - name: RUCIO_LOG_FORMAT diff --git a/charts/rucio-ui/values.yaml b/charts/rucio-ui/values.yaml index d027485..bbc3386 100644 --- a/charts/rucio-ui/values.yaml +++ b/charts/rucio-ui/values.yaml @@ -13,14 +13,14 @@ exposeErrorLogs: true service: type: NodePort # Run the webui server on port 443 instead of 80 and accept X509 certificates and proxies - useSSL: false - port: 80 - targetPort: http - nodePort: 30734 + useSSL: true + port: 443 + targetPort: https + nodePort: 30734 # for example annotations: [] image: - repository: maany/rucio-ui + repository: rucio/rucio-ui tag: release-33.6.1 pullPolicy: Always @@ -36,9 +36,9 @@ strategy: minReadySeconds: 5 proxy: - rucioProxy: "rucio-lb-prod.cern.ch" + rucioProxy: "" rucioProxyScheme: "https" - rucioAuthProxy: "rucio-auth-prod.cern.ch" + rucioAuthProxy: "" rucioAuthProxyScheme: "https" ingress: @@ -84,6 +84,7 @@ secretMounts: ## values used to configure apache httpd_config: legacy_dn: "False" + rucio_hostname: "my-rucio-ui.example.com" # mpm_mode: "event" # start_servers: "1" # min_spare_threads: "1" From df8d67d4efb15da3df3fbb2d0d6ffff277df0486 Mon Sep 17 00:00:00 2001 From: maany Date: Thu, 14 Mar 2024 10:38:03 +0100 Subject: [PATCH 4/6] ui: release chart version 33.0.1 --- charts/rucio-ui/Chart.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/rucio-ui/Chart.yaml b/charts/rucio-ui/Chart.yaml index 339508f..dfa766f 100644 --- a/charts/rucio-ui/Chart.yaml +++ b/charts/rucio-ui/Chart.yaml @@ -1,5 +1,5 @@ name: rucio-ui -version: 34.0.0 +version: 34.0.1 apiVersion: v1 description: A Helm chart to deploy webui servers for Rucio keywords: From d6dbe8f18264a600c36e6c25d35ca279f56761ea Mon Sep 17 00:00:00 2001 From: maany Date: Thu, 14 Mar 2024 15:04:19 +0100 Subject: [PATCH 5/6] ui: fix linting errors --- charts/rucio-ui/values.yaml | 48 +++++++++++++++++++------------------ 1 file changed, 25 insertions(+), 23 deletions(-) diff --git a/charts/rucio-ui/values.yaml b/charts/rucio-ui/values.yaml index bbc3386..a5a5ad9 100644 --- a/charts/rucio-ui/values.yaml +++ b/charts/rucio-ui/values.yaml @@ -16,7 +16,7 @@ service: useSSL: true port: 443 targetPort: https - nodePort: 30734 # for example + nodePort: 30734 annotations: [] image: @@ -44,7 +44,8 @@ proxy: ingress: enabled: false # ingressClassName: traefik - annotations: {} + annotations: + {} # traefik.ingress.kubernetes.io/frontend-entry-points: http # traefik.ingress.kubernetes.io/redirect-entry-point: https path: / @@ -70,7 +71,6 @@ ingress: # -----BEGIN CERTIFICATE----- # -----END CERTIFICATE----- - ## Additional secrets to be mounted as files in the ui container. ## Use this to mount certificates, ca-files for httpd. ## You can also use this to mount sections of rucio.cfg file. In this case, the mount path @@ -96,14 +96,15 @@ httpd_config: ## values used to configure Rucio config: # common: - ## config.common.logdir: the default directoy to write logs to (default: "/var/log/rucio") - # logdir: "/var/log/rucio" - ## config.common.logdir: the max loglevel (default: "DEBUG") - # loglevel: "DEBUG" - ## config.common.mailtemplatedir: directory containing the mail templates (default: "/opt/rucio/etc/mail_templates") - # mailtemplatedir: "/opt/rucio/etc/mail_templates" - - database: {} + ## config.common.logdir: the default directoy to write logs to (default: "/var/log/rucio") + # logdir: "/var/log/rucio" + ## config.common.logdir: the max loglevel (default: "DEBUG") + # loglevel: "DEBUG" + ## config.common.mailtemplatedir: directory containing the mail templates (default: "/opt/rucio/etc/mail_templates") + # mailtemplatedir: "/opt/rucio/etc/mail_templates" + + database: + {} ## config.database.default: the connection string for the database (default: "sqlite:////tmp/rucio.db") # default: "sqlite:////tmp/rucio.db" ## config.database.schema: the schema used in the DB. only necessary when using Oracle. @@ -126,22 +127,23 @@ config: # powuserpassword: "" # policy: - ## config.permission.policy: (default "generic") - # permission: "generic" - ## config.permission.schema: (default "generic") - # schema: "generic" - ## config.permission.lfn2pfn_algorithm_default: (default "hash") - # lfn2pfn_algorithm_default: "hash" - ## config.permission.support: (default "https://github.com/rucio/rucio/issues/") - # support: "https://github.com/rucio/rucio/issues/" - ## config.permission.support_rucio: (default "https://github.com/rucio/rucio/issues/") - # support_rucio: "https://github.com/rucio/rucio/issues/" + ## config.permission.policy: (default "generic") + # permission: "generic" + ## config.permission.schema: (default "generic") + # schema: "generic" + ## config.permission.lfn2pfn_algorithm_default: (default "hash") + # lfn2pfn_algorithm_default: "hash" + ## config.permission.support: (default "https://github.com/rucio/rucio/issues/") + # support: "https://github.com/rucio/rucio/issues/" + ## config.permission.support_rucio: (default "https://github.com/rucio/rucio/issues/") + # support_rucio: "https://github.com/rucio/rucio/issues/" # Additional environment variables to be set in the container. -# For a list, please see: https://github.com/rucio/containers/blob/master/ui/README.md +# For a list, please see: https://github.com/rucio/containers/blob/master/ui/README.md optional_config: {} -resources: {} +resources: + {} # limits: # cpu: 100m # memory: 128Mi From 0dbc5071d28c98f8820a21b77c589b5c49c1502f Mon Sep 17 00:00:00 2001 From: maany Date: Wed, 20 Mar 2024 19:02:53 +0100 Subject: [PATCH 6/6] ui: bump chart to 34.0.1 and to use containers from release-34.0.0 --- charts/rucio-ui/values.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/rucio-ui/values.yaml b/charts/rucio-ui/values.yaml index a5a5ad9..ffdac7e 100644 --- a/charts/rucio-ui/values.yaml +++ b/charts/rucio-ui/values.yaml @@ -21,7 +21,7 @@ service: image: repository: rucio/rucio-ui - tag: release-33.6.1 + tag: release-34.0.0 pullPolicy: Always imagePullSecrets: []