From 6dbf64a93198f463a13141ff9b1eeef2b71bf95a Mon Sep 17 00:00:00 2001 From: rdimaio Date: Mon, 15 Dec 2025 10:59:09 +0100 Subject: [PATCH 1/6] Update installation commands to Helm 3+ syntax; #222 Main changes are to either: - always specify a name (required, otherwise you get "Error: INSTALLATION FAILED: must either provide a name or specify --generate-name") - not use the --name flag (deprecated) --- charts/rucio-daemons/README.md | 14 +++++--------- charts/rucio-server/README.md | 17 +++++------------ charts/rucio-ui/README.md | 17 +++++------------ charts/rucio-webui/README.md | 6 ++---- logstash/README.md | 4 ++-- 5 files changed, 19 insertions(+), 39 deletions(-) diff --git a/charts/rucio-daemons/README.md b/charts/rucio-daemons/README.md index 88217f28..21ada79b 100644 --- a/charts/rucio-daemons/README.md +++ b/charts/rucio-daemons/README.md @@ -9,7 +9,7 @@ Rucio is a software framework that provides functionality to organize, manage, a Add the Rucio Helm repository to your local Helm installation and install it using: $ helm repo add rucio https://rucio.github.io/helm-charts - $ helm install rucio/rucio-daemons + $ helm install my-release rucio/rucio-daemons ## Introduction @@ -19,20 +19,16 @@ This chart bootstraps a Rucio server deployment and service on a Kubernetes clus This chart can be used to install Rucio daemons. Not all of the possible daemons are necessary to run a instance of Rucio. Some daemons are optional. By default no daemon is activated and they have to be explicitly started. A simple daemon instance with one judge-cleaner daemon can be started like this: - $ helm install \ - --name my-release \ - --set judgeCleanerCount=1 \ - rucio/rucio-daemons + $ helm install my-release rucio/rucio-daemons \ + --set judgeCleanerCount=1 This command will start 1 judge-cleaner using an un-initialised SQLite database. To fully use this chart an already bootstraped database is necessary. The daemons can then be configured to use the DB. To install the chart so that is will connected to a MySQL DB running at `mysql.db` with the user `rucio` and password `rucio`: - $ helm install \ - --name my-release \ + $ helm install my-release rucio/rucio-daemons \ --set judgeCleanerCount=1 \ --set config.database.default="mysql://rucio:rucio@mysql.db/rucio" - rucio/rucio-daemons ## Configuration @@ -44,7 +40,7 @@ Specify each parameter using the `--set key=value[,key=value]` argument to `helm Alternatively, a YAML file that specifies the values for the parameters can be provided while installing the chart. For example, - $ helm install --name my-release -f values.yaml rucio/rucio-daemons + $ helm install my-release rucio/rucio-daemons -f values.yaml ## Certificates diff --git a/charts/rucio-server/README.md b/charts/rucio-server/README.md index 7ba3d913..c00deb70 100644 --- a/charts/rucio-server/README.md +++ b/charts/rucio-server/README.md @@ -10,7 +10,7 @@ Add the Rucio Helm repository to your local Helm installation and install it usi $ helm repo add rucio https://rucio.github.io/helm-charts - $ helm install rucio/rucio-server + $ helm install my-release rucio/rucio-server ## Introduction @@ -20,18 +20,14 @@ This chart bootstraps a Rucio server deployment and service on a Kubernetes clus To install the chart with the release name `my-release`: - $ helm install \ - --name my-release \ - rucio/rucio-server + $ helm install my-release rucio/rucio-server The command deploys a Rucio server on the Kubernetes cluster in the default configuration, i.e., 2 replicas using an un-initialised SQLite database without an ingress. To fully use this chart an already bootstraped database is necessary. The server can then be configured to use the DB. To install the chart so that is will connected to a MySQL DB running at `mysql.db` with the user `rucio` and password `rucio`: - $ helm install \ - --name my-release \ - --set config.database.default="mysql://rucio:rucio@mysql.db/rucio" \ - rucio/rucio-server + $ helm install my-release rucio/rucio-server \ + --set config.database.default="mysql://rucio:rucio@mysql.db/rucio" ## Configuration @@ -43,10 +39,7 @@ Specify each parameter using the `--set key=value[,key=value]` argument to `helm Alternatively, a YAML file that specifies the values for the parameters can be provided while installing the chart. For example, - $ helm install \ - --name my-release \ - -f values.yaml \ - rucio/rucio-server + $ helm install my-release rucio/rucio-server -f values.yaml ## Certificates diff --git a/charts/rucio-ui/README.md b/charts/rucio-ui/README.md index ac80adfe..45c47888 100644 --- a/charts/rucio-ui/README.md +++ b/charts/rucio-ui/README.md @@ -9,7 +9,7 @@ Rucio is a software framework that provides functionality to organize, manage, a Add the Rucio Helm repository to your local Helm installation and install it using: $ helm repo add rucio https://rucio.github.io/helm-charts - $ helm install rucio/rucio-ui + $ helm install my-release rucio/rucio-ui ## Introduction @@ -19,20 +19,16 @@ This chart bootstraps a Rucio WebUI deployment and service on a Kubernetes clust To install the chart with the release name `my-release`: - $ helm install \ - --name my-release \ - rucio/rucio-ui + $ helm install my-release rucio/rucio-ui The command deploys a Rucio webui server on the Kubernetes cluster in the default configuration, i.e., 1 replicas using an un-initialised SQLite database without an ingress. To fully use this chart an already bootstraped database together with a deployed rucio server and authentication server which have to configurated using the `proxy.rucioProxy` and `rucio.rucioAuthProxy` config variables. To install the chart so that is will connected to a MySQL DB running at `mysql.db` with the user `rucio` and password `rucio` and a rucio server running at `my.rucio.server` and a auth server at `my.auth.server`. - $ helm install \ - --name my-release \ + $ helm install my-release rucio/rucio-ui \ --set config.database.default="mysql://rucio:rucio@mysql.db/rucio" \ --set proxy.rucioProxy="my.rucio.server" \ - --set proxy.rucioAuthProxy="my.auth.server" \ - rucio/rucio-ui + --set proxy.rucioAuthProxy="my.auth.server" ## Configuration @@ -44,10 +40,7 @@ Specify each parameter using the `--set key=value[,key=value]` argument to `helm Alternatively, a YAML file that specifies the values for the parameters can be provided while installing the chart. For example, - $ helm install \ - --name my-release \ - -f values.yaml \ - rucio/rucio-ui + $ helm install my-release rucio/rucio-ui -f values.yaml ## Service diff --git a/charts/rucio-webui/README.md b/charts/rucio-webui/README.md index 49bb25fb..30ea16c2 100644 --- a/charts/rucio-webui/README.md +++ b/charts/rucio-webui/README.md @@ -31,10 +31,8 @@ Specify each parameter using the `--set key=value[,key=value]` argument to `helm Alternatively, a YAML file that specifies the values for the parameters can be provided while installing the chart. For example, ```bash -helm install \ - --name my-release \ - -f values.yaml \ - rucio/rucio-webui +helm install my-release rucio/rucio-webui \ + -f values.yaml ``` ### Basic Configuration diff --git a/logstash/README.md b/logstash/README.md index 234a67fa..89bd3c5c 100644 --- a/logstash/README.md +++ b/logstash/README.md @@ -2,7 +2,7 @@ Logstash and beats can be easily setup from the standard Helm "stable" repository: - helm install --name logstash --values my-logstash.yml,my-logstash-filter.yml stable/logstash - helm install --name filebeat --values my-filebeat.yml stable/filebeat + helm install logstash stable/logstash --values my-logstash.yml,my-logstash-filter.yml + helm install filebeat stable/filebeat --values my-filebeat.yml where the specifics of your logstash input/filter/output portions of the config file are left to the user (examples are provided). From bedc77df41159a7aca1ee62e7af4e0c52bbf9774 Mon Sep 17 00:00:00 2001 From: rdimaio Date: Mon, 15 Dec 2025 11:00:14 +0100 Subject: [PATCH 2/6] Update show commands to Helm 3+ syntax; #222 helm inspect is now helm show --- charts/rucio-daemons/README.md | 2 +- charts/rucio-server/README.md | 2 +- charts/rucio-ui/README.md | 2 +- charts/rucio-webui/README.md | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/charts/rucio-daemons/README.md b/charts/rucio-daemons/README.md index 21ada79b..7637b8be 100644 --- a/charts/rucio-daemons/README.md +++ b/charts/rucio-daemons/README.md @@ -34,7 +34,7 @@ To install the chart so that is will connected to a MySQL DB running at `mysql.d The default configuration values for this chart are listed in `values.yaml` our you can get them with: - $ helm inspect values rucio/rucio-daemons + $ helm show values rucio/rucio-daemons Specify each parameter using the `--set key=value[,key=value]` argument to `helm install` as shown before. diff --git a/charts/rucio-server/README.md b/charts/rucio-server/README.md index c00deb70..34f2b82c 100644 --- a/charts/rucio-server/README.md +++ b/charts/rucio-server/README.md @@ -33,7 +33,7 @@ To install the chart so that is will connected to a MySQL DB running at `mysql.d The default configuration values for this chart are listed in `values.yaml` our you can get them with: - $ helm inspect values rucio/rucio-server + $ helm show values rucio/rucio-server Specify each parameter using the `--set key=value[,key=value]` argument to `helm install` as shown before. diff --git a/charts/rucio-ui/README.md b/charts/rucio-ui/README.md index 45c47888..590b2d4d 100644 --- a/charts/rucio-ui/README.md +++ b/charts/rucio-ui/README.md @@ -34,7 +34,7 @@ To install the chart so that is will connected to a MySQL DB running at `mysql.d The default configuration values for this chart are listed in `values.yaml` our you can get them with: - $ helm inspect values rucio/rucio-ui + $ helm show values rucio/rucio-ui Specify each parameter using the `--set key=value[,key=value]` argument to `helm install` as shown before. diff --git a/charts/rucio-webui/README.md b/charts/rucio-webui/README.md index 30ea16c2..0e3b14d5 100644 --- a/charts/rucio-webui/README.md +++ b/charts/rucio-webui/README.md @@ -23,7 +23,7 @@ Rucio WebUI is a [NextJS](https://nextjs.org/) application that provides a web i The default configuration values for this chart are listed in `values.yaml` our you can get them with: ```bash -helm inspect values rucio/rucio-webui +helm show values rucio/rucio-webui ``` Specify each parameter using the `--set key=value[,key=value]` argument to `helm install` as shown before. From 1eadec69ac0726c88faae4dc52fefbb29a733989 Mon Sep 17 00:00:00 2001 From: rdimaio Date: Mon, 15 Dec 2025 11:00:42 +0100 Subject: [PATCH 3/6] Update uninstall commands to Helm 3+ syntax; #222 delete has been replaced by uninstall, and --purge is the default behaviour --- charts/rucio-daemons/README.md | 2 +- charts/rucio-server/README.md | 2 +- charts/rucio-ui/README.md | 2 +- charts/rucio-webui/README.md | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/charts/rucio-daemons/README.md b/charts/rucio-daemons/README.md index 7637b8be..1f879ede 100644 --- a/charts/rucio-daemons/README.md +++ b/charts/rucio-daemons/README.md @@ -132,7 +132,7 @@ In case you have Prometheus running in your cluster you can use the built-in exp To uninstall/delete the `my-release` deployment: - $ helm delete my-release --purge + $ helm uninstall my-release The command removes all the Kubernetes components associated with the chart and deletes the release. diff --git a/charts/rucio-server/README.md b/charts/rucio-server/README.md index 34f2b82c..bce191f6 100644 --- a/charts/rucio-server/README.md +++ b/charts/rucio-server/README.md @@ -180,7 +180,7 @@ Additionally, you also have to enable the status page in httpd config: To uninstall/delete the `my-release` deployment: - $ helm delete my-release --purge + $ helm uninstall my-release The command removes all the Kubernetes components associated with the chart and deletes the release. diff --git a/charts/rucio-ui/README.md b/charts/rucio-ui/README.md index 590b2d4d..9a44b964 100644 --- a/charts/rucio-ui/README.md +++ b/charts/rucio-ui/README.md @@ -87,7 +87,7 @@ The `httpd_config` can be used to configure the mpm mode. The default mpm mode i To uninstall/delete the `my-release` deployment: - $ helm delete my-release --purge + $ helm uninstall my-release The command removes all the Kubernetes components associated with the chart and deletes the release. diff --git a/charts/rucio-webui/README.md b/charts/rucio-webui/README.md index 0e3b14d5..203446c8 100644 --- a/charts/rucio-webui/README.md +++ b/charts/rucio-webui/README.md @@ -261,7 +261,7 @@ The `config.logs.exposeWebuiLogs` parameter will start a sidecar container that To uninstall/delete the `my-release` deployment: - $ helm delete my-release --purge + $ helm uninstall my-release The command removes all the Kubernetes components associated with the chart and deletes the release. From c6d36db9fce79e7b510d8ecb02f45efeedb01b9c Mon Sep 17 00:00:00 2001 From: rdimaio Date: Mon, 15 Dec 2025 11:12:34 +0100 Subject: [PATCH 4/6] Use proper markdown code block syntax for code blocks in docs; #321 Also converting some ```bash blocks to ```sh for consistency. --- README.md | 7 +++--- charts/rucio-daemons/README.md | 36 +++++++++++++++++++--------- charts/rucio-server/README.md | 44 ++++++++++++++++++++++++---------- charts/rucio-ui/README.md | 32 +++++++++++++++++-------- charts/rucio-webui/README.md | 14 ++++++----- logstash/README.md | 6 +++-- 6 files changed, 94 insertions(+), 45 deletions(-) diff --git a/README.md b/README.md index 65c85631..b52129c2 100644 --- a/README.md +++ b/README.md @@ -21,9 +21,10 @@ Just push to Git and Flux does the rest. Add the Rucio Helm repository to your local Helm installation then you can install the Rucio server like so. - - $ helm repo add rucio https://rucio.github.io/helm-charts - $ helm install rucio/rucio-server +```sh +helm repo add rucio https://rucio.github.io/helm-charts +helm install my-release rucio/rucio-server +``` ## Chart Versioning diff --git a/charts/rucio-daemons/README.md b/charts/rucio-daemons/README.md index 1f879ede..0059c974 100644 --- a/charts/rucio-daemons/README.md +++ b/charts/rucio-daemons/README.md @@ -8,8 +8,10 @@ Rucio is a software framework that provides functionality to organize, manage, a Add the Rucio Helm repository to your local Helm installation and install it using: - $ helm repo add rucio https://rucio.github.io/helm-charts - $ helm install my-release rucio/rucio-daemons + ```sh + helm repo add rucio https://rucio.github.io/helm-charts + helm install my-release rucio/rucio-daemons + ``` ## Introduction @@ -19,28 +21,36 @@ This chart bootstraps a Rucio server deployment and service on a Kubernetes clus This chart can be used to install Rucio daemons. Not all of the possible daemons are necessary to run a instance of Rucio. Some daemons are optional. By default no daemon is activated and they have to be explicitly started. A simple daemon instance with one judge-cleaner daemon can be started like this: - $ helm install my-release rucio/rucio-daemons \ - --set judgeCleanerCount=1 +```sh +helm install my-release rucio/rucio-daemons \ + --set judgeCleanerCount=1 +``` This command will start 1 judge-cleaner using an un-initialised SQLite database. To fully use this chart an already bootstraped database is necessary. The daemons can then be configured to use the DB. To install the chart so that is will connected to a MySQL DB running at `mysql.db` with the user `rucio` and password `rucio`: - $ helm install my-release rucio/rucio-daemons \ - --set judgeCleanerCount=1 \ - --set config.database.default="mysql://rucio:rucio@mysql.db/rucio" +```sh +helm install my-release rucio/rucio-daemons \ + --set judgeCleanerCount=1 \ + --set config.database.default="mysql://rucio:rucio@mysql.db/rucio" +``` ## Configuration The default configuration values for this chart are listed in `values.yaml` our you can get them with: - $ helm show values rucio/rucio-daemons + ```sh + helm show values rucio/rucio-daemons + ``` Specify each parameter using the `--set key=value[,key=value]` argument to `helm install` as shown before. Alternatively, a YAML file that specifies the values for the parameters can be provided while installing the chart. For example, - $ helm install my-release rucio/rucio-daemons -f values.yaml +```sh +helm install my-release rucio/rucio-daemons -f values.yaml +``` ## Certificates @@ -95,7 +105,9 @@ In case you need any additional secrets, e.g., special cloud configurations, lic `secretMounts` in the configuration file. You can install arbitrary secrets in the cluster and this config then makes it available in the pods: - $ kubectl create secret generic my-release-automatix-input --from-file=automatix.json + ```sh + kubectl create secret generic my-release-automatix-input --from-file=automatix.json + ``` secretMounts: - secretName: automatix-input @@ -132,7 +144,9 @@ In case you have Prometheus running in your cluster you can use the built-in exp To uninstall/delete the `my-release` deployment: - $ helm uninstall my-release + ```sh + helm uninstall my-release + ``` The command removes all the Kubernetes components associated with the chart and deletes the release. diff --git a/charts/rucio-server/README.md b/charts/rucio-server/README.md index bce191f6..24d98592 100644 --- a/charts/rucio-server/README.md +++ b/charts/rucio-server/README.md @@ -9,8 +9,10 @@ Rucio is a software framework that provides functionality to organize, manage, a Add the Rucio Helm repository to your local Helm installation and install it using: - $ helm repo add rucio https://rucio.github.io/helm-charts - $ helm install my-release rucio/rucio-server + ```sh + helm repo add rucio https://rucio.github.io/helm-charts + helm install my-release rucio/rucio-server + ``` ## Introduction @@ -20,26 +22,34 @@ This chart bootstraps a Rucio server deployment and service on a Kubernetes clus To install the chart with the release name `my-release`: - $ helm install my-release rucio/rucio-server +```sh +helm install my-release rucio/rucio-server +``` The command deploys a Rucio server on the Kubernetes cluster in the default configuration, i.e., 2 replicas using an un-initialised SQLite database without an ingress. To fully use this chart an already bootstraped database is necessary. The server can then be configured to use the DB. To install the chart so that is will connected to a MySQL DB running at `mysql.db` with the user `rucio` and password `rucio`: - $ helm install my-release rucio/rucio-server \ - --set config.database.default="mysql://rucio:rucio@mysql.db/rucio" +```sh +helm install my-release rucio/rucio-server \ + --set config.database.default="mysql://rucio:rucio@mysql.db/rucio" +``` ## Configuration The default configuration values for this chart are listed in `values.yaml` our you can get them with: - $ helm show values rucio/rucio-server + ```sh + helm show values rucio/rucio-server + ``` Specify each parameter using the `--set key=value[,key=value]` argument to `helm install` as shown before. Alternatively, a YAML file that specifies the values for the parameters can be provided while installing the chart. For example, - $ helm install my-release rucio/rucio-server -f values.yaml +```sh +helm install my-release rucio/rucio-server -f values.yaml +``` ## Certificates @@ -62,9 +72,11 @@ corresponding servers: First create the secrets: - kubectl create secret generic -server-hostcert --from-file=hostcert.pem=/path/to/hostcert.pem - kubectl create secret generic -server-hostkey --from-file=hostkey.pem=/path/to/hostkey.pem - kubectl create secret generic -server-cafile --from-file=ca.pem=/path/to/ca.pem +```sh +kubectl create secret generic -server-hostcert --from-file=hostcert.pem=/path/to/hostcert.pem +kubectl create secret generic -server-hostkey --from-file=hostkey.pem=/path/to/hostkey.pem +kubectl create secret generic -server-cafile --from-file=ca.pem=/path/to/ca.pem +``` Then you can use a switch in the config file to enable HTTPS per server type: @@ -103,7 +115,9 @@ The exception being the authentication servers that will be explained below. You will have to install the valid certificate and key as a secret in the cluster that you can then configure in the ingress definition: - $ kubectl create secret tls rucio-server.tls-secret --key=tls.key --cert=tls.crt + ```sh + kubectl create secret tls rucio-server.tls-secret --key=tls.key --cert=tls.crt + ``` ingress: enabled: true @@ -145,7 +159,9 @@ In case you need any additional secrets, e.g., special cloud configurations, license keys, etc., you can use `secretMounts` in the configuration file. You can install arbitrary secrets in the cluster and this config then makes it available in the pods: - $ kubectl create secret generic my-release-rse-accounts --from-file=rse-accounts.cfg + ```sh + kubectl create secret generic my-release-rse-accounts --from-file=rse-accounts.cfg + ``` secretMounts: - secretName: rse-accounts @@ -180,7 +196,9 @@ Additionally, you also have to enable the status page in httpd config: To uninstall/delete the `my-release` deployment: - $ helm uninstall my-release + ```sh + helm uninstall my-release + ``` The command removes all the Kubernetes components associated with the chart and deletes the release. diff --git a/charts/rucio-ui/README.md b/charts/rucio-ui/README.md index 9a44b964..cd3fe15a 100644 --- a/charts/rucio-ui/README.md +++ b/charts/rucio-ui/README.md @@ -8,8 +8,10 @@ Rucio is a software framework that provides functionality to organize, manage, a Add the Rucio Helm repository to your local Helm installation and install it using: - $ helm repo add rucio https://rucio.github.io/helm-charts - $ helm install my-release rucio/rucio-ui + ```sh + helm repo add rucio https://rucio.github.io/helm-charts + helm install my-release rucio/rucio-ui + ``` ## Introduction @@ -19,28 +21,36 @@ This chart bootstraps a Rucio WebUI deployment and service on a Kubernetes clust To install the chart with the release name `my-release`: - $ helm install my-release rucio/rucio-ui +```sh +helm install my-release rucio/rucio-ui +``` The command deploys a Rucio webui server on the Kubernetes cluster in the default configuration, i.e., 1 replicas using an un-initialised SQLite database without an ingress. To fully use this chart an already bootstraped database together with a deployed rucio server and authentication server which have to configurated using the `proxy.rucioProxy` and `rucio.rucioAuthProxy` config variables. To install the chart so that is will connected to a MySQL DB running at `mysql.db` with the user `rucio` and password `rucio` and a rucio server running at `my.rucio.server` and a auth server at `my.auth.server`. - $ helm install my-release rucio/rucio-ui \ - --set config.database.default="mysql://rucio:rucio@mysql.db/rucio" \ - --set proxy.rucioProxy="my.rucio.server" \ - --set proxy.rucioAuthProxy="my.auth.server" +```sh +helm install my-release rucio/rucio-ui \ + --set config.database.default="mysql://rucio:rucio@mysql.db/rucio" \ + --set proxy.rucioProxy="my.rucio.server" \ + --set proxy.rucioAuthProxy="my.auth.server" +``` ## Configuration The default configuration values for this chart are listed in `values.yaml` our you can get them with: - $ helm show values rucio/rucio-ui + ```sh + helm show values rucio/rucio-ui + ``` Specify each parameter using the `--set key=value[,key=value]` argument to `helm install` as shown before. Alternatively, a YAML file that specifies the values for the parameters can be provided while installing the chart. For example, - $ helm install my-release rucio/rucio-ui -f values.yaml +```sh +helm install my-release rucio/rucio-ui -f values.yaml +``` ## Service @@ -87,7 +97,9 @@ The `httpd_config` can be used to configure the mpm mode. The default mpm mode i To uninstall/delete the `my-release` deployment: - $ helm uninstall my-release + ```sh + helm uninstall my-release + ``` The command removes all the Kubernetes components associated with the chart and deletes the release. diff --git a/charts/rucio-webui/README.md b/charts/rucio-webui/README.md index 203446c8..3fded16f 100644 --- a/charts/rucio-webui/README.md +++ b/charts/rucio-webui/README.md @@ -8,7 +8,7 @@ Rucio is a software framework that provides functionality to organize, manage, a Add the Rucio Helm repository to your local Helm installation: -```bash +```sh helm repo add rucio https://rucio.github.io/helm-charts ``` @@ -22,7 +22,7 @@ Rucio WebUI is a [NextJS](https://nextjs.org/) application that provides a web i The default configuration values for this chart are listed in `values.yaml` our you can get them with: -```bash +```sh helm show values rucio/rucio-webui ``` @@ -30,7 +30,7 @@ Specify each parameter using the `--set key=value[,key=value]` argument to `helm Alternatively, a YAML file that specifies the values for the parameters can be provided while installing the chart. For example, -```bash +```sh helm install my-release rucio/rucio-webui \ -f values.yaml ``` @@ -100,7 +100,7 @@ type: Opaque You can generate the secrets using the following commands: -```bash +```sh kubectl create secret generic -server-hostcert --from-file=hostcert.pem=/path/to/hostcert.pem kubectl create secret generic -server-hostkey --from-file=hostkey.pem=/path/to/hostkey.pem ``` @@ -233,7 +233,7 @@ connection and then pass the requests using plain HTTP inside the cluster. You will have to install the valid certificate and key as a secret in the cluster that you can then configure in the ingress definition: -```bash +```sh kubectl create secret tls rucio-webui.tls-secret --key=tls.key --cert=tls.crt ``` @@ -261,7 +261,9 @@ The `config.logs.exposeWebuiLogs` parameter will start a sidecar container that To uninstall/delete the `my-release` deployment: - $ helm uninstall my-release +```sh +helm uninstall my-release +``` The command removes all the Kubernetes components associated with the chart and deletes the release. diff --git a/logstash/README.md b/logstash/README.md index 89bd3c5c..216ce10e 100644 --- a/logstash/README.md +++ b/logstash/README.md @@ -2,7 +2,9 @@ Logstash and beats can be easily setup from the standard Helm "stable" repository: - helm install logstash stable/logstash --values my-logstash.yml,my-logstash-filter.yml - helm install filebeat stable/filebeat --values my-filebeat.yml +```sh +helm install logstash stable/logstash --values my-logstash.yml,my-logstash-filter.yml +helm install filebeat stable/filebeat --values my-filebeat.yml +``` where the specifics of your logstash input/filter/output portions of the config file are left to the user (examples are provided). From 125cfc9ef07a3185d2a6837378e613c1fb2925c6 Mon Sep 17 00:00:00 2001 From: rdimaio Date: Mon, 15 Dec 2025 11:21:13 +0100 Subject: [PATCH 5/6] Use proper markdown yaml code block syntax for yaml config blocks in docs; #321 --- charts/rucio-daemons/README.md | 92 +++++++++++++++++--------------- charts/rucio-server/README.md | 96 ++++++++++++++++++++-------------- charts/rucio-ui/README.md | 46 +++++++++------- charts/rucio-webui/README.md | 12 +++-- 4 files changed, 141 insertions(+), 105 deletions(-) diff --git a/charts/rucio-daemons/README.md b/charts/rucio-daemons/README.md index 0059c974..470a242a 100644 --- a/charts/rucio-daemons/README.md +++ b/charts/rucio-daemons/README.md @@ -60,18 +60,20 @@ Some of the daemons require certificates and CAs to work. They expect specific s The conveyor needs a delegated X509 user proxy and the necessary CA so that it can submit jobs to FTS. For the CA you have to add a `-rucio-ca-bundle` secret. For the user proxy a cronjob can be setup to either generate it from a long proxy or directly delegate the user proxy to FTS. The cronjob uses the [fts-cron](https://github.com/rucio/containers/tree/master/fts-cron) container which expects different input secrets and has a different behaviour depending on the selected VO. When enabled, the cronjob runs once upon installation and then every 6 hours. An example configuration looks like this: - ftsRenewal: - enabled: 1 - schedule: "12 */6 * * *" - image: - repository: rucio/fts-cron - tag: latest - pullPolicy: Always - servers: "https://fts3-devel.cern.ch:8446,https://fts3-pilot.cern.ch:8446" - script: default - vos: - - vo: "cms" - voms: "cms:/cms/Role=production" +```yaml +ftsRenewal: + enabled: 1 + schedule: "12 */6 * * *" + image: + repository: rucio/fts-cron + tag: latest + pullPolicy: Always + servers: "https://fts3-devel.cern.ch:8446,https://fts3-pilot.cern.ch:8446" + script: default + vos: + - vo: "cms" + voms: "cms:/cms/Role=production" +``` Please check directly the scripts in the [fts-cron](https://github.com/rucio/containers/tree/master/fts-cron) container to see their required input. For example, the "atlas" script requires @@ -80,19 +82,21 @@ location. And it will be used to generate a short proxy into the kubernetes secret with the name given in the `RUCIO_FTS_SECRETS` env variable. The configuration will be like that: - script: atlas - vos: - - vo: "atlas" - voms: "atlas:/atlas/Role=production" - secretMounts: - - secretFullName: release-longproxy - mountPath: /opt/rucio/certs/long.proxy - subPath: long.proxy - additionalEnvs: - - name: RUCIO_LONG_PROXY - value: long.proxy - - name: RUCIO_FTS_SECRETS - value: release-rucio-x509up +```yaml +script: atlas +vos: + - vo: "atlas" + voms: "atlas:/atlas/Role=production" +secretMounts: + - secretFullName: release-longproxy + mountPath: /opt/rucio/certs/long.proxy + subPath: long.proxy +additionalEnvs: + - name: RUCIO_LONG_PROXY + value: long.proxy + - name: RUCIO_FTS_SECRETS + value: release-rucio-x509up +``` ### Reaper @@ -109,10 +113,12 @@ then makes it available in the pods: kubectl create secret generic my-release-automatix-input --from-file=automatix.json ``` - secretMounts: - - secretName: automatix-input - mountPath: /opt/rucio/etc/automatix.json - subPath: automatix.json +```yaml +secretMounts: + - secretName: automatix-input + mountPath: /opt/rucio/etc/automatix.json + subPath: automatix.json +``` This will create the file from the secret and place it at `/opt/rucio/etc/automatix.json` in every daemon container. @@ -120,9 +126,11 @@ This will create the file from the secret and place it at `/opt/rucio/etc/automa In case you want to add regular restarts for your pods there a is a cronjob available that can be configured like this: - automaticRestart: - enabled: 1 - schedule: "15 1 * * *" +```yaml +automaticRestart: + enabled: 1 + schedule: "15 1 * * *" +``` This will run according to the given schedule and do a `kubectl rollout restart deployment` for all daemons. @@ -130,15 +138,17 @@ This will run according to the given schedule and do a `kubectl rollout restart In case you have Prometheus running in your cluster you can use the built-in exporter to let Prometheus automatically scrape your metrics: - monitoring: - enabled: true - exporterPort: 8080 - targetPort: 8080 - interval: 30s - telemetryPath: /metrics - namespace: monitoring - labels: - release: prometheus-operator +```yaml +monitoring: + enabled: true + exporterPort: 8080 + targetPort: 8080 + interval: 30s + telemetryPath: /metrics + namespace: monitoring + labels: + release: prometheus-operator +``` ## Uninstalling the Chart diff --git a/charts/rucio-server/README.md b/charts/rucio-server/README.md index 24d98592..fd1f3bfc 100644 --- a/charts/rucio-server/README.md +++ b/charts/rucio-server/README.md @@ -80,16 +80,20 @@ kubectl create secret generic -server-cafile --from-file=ca.pem=/pa Then you can use a switch in the config file to enable HTTPS per server type: - useSSL: true +```yaml +useSSL: true +``` You will then have to adapt the service to port 443: - service: - type: ClusterIP - port: 443 - targetPort: 443 - protocol: TCP - name: https +```yaml +service: + type: ClusterIP + port: 443 + targetPort: 443 + protocol: TCP + name: https +``` Furthermore, you can also change the service type depending on how you want to expose your service outside of the cluster. If you don't use an ingress @@ -101,11 +105,13 @@ If you want to use and ingress controller to expose the servers you will have to configure them separately. In this case the service type should stay as `ClusterIP`. A simple ingress for the api server would like this: - ingress: - enabled: true - path: / - hosts: - - my.rucio.test +```yaml +ingress: + enabled: true + path: / + hosts: + - my.rucio.test +``` In case you want to use HTTPS with an ingress you should not change the service as explained above but instead let the ingress controller handle the TLS @@ -119,13 +125,15 @@ cluster that you can then configure in the ingress definition: kubectl create secret tls rucio-server.tls-secret --key=tls.key --cert=tls.crt ``` - ingress: - enabled: true - path: / - hosts: - - my.rucio.test - tls: - - secretName: rucio-server.tls-secret +```yaml +ingress: + enabled: true + path: / + hosts: + - my.rucio.test + tls: + - secretName: rucio-server.tls-secret +``` ## Authentication Ingress @@ -139,15 +147,17 @@ will focus on the nginx ingress controller. First, the `service` has to be configured using HTTPS as described above. Then, you can enable passthrough in the ingress definition: - ingress: - enabled: true - annotations: - kubernetes.io/ingress.class: nginx - nginx.ingress.kubernetes.io/ssl-passthrough: "true" - nginx.ingress.kubernetes.io/ssl-redirect: "true" - hosts: - - my.rucio-auth.test - path: / +```yaml +ingress: + enabled: true + annotations: + kubernetes.io/ingress.class: nginx + nginx.ingress.kubernetes.io/ssl-passthrough: "true" + nginx.ingress.kubernetes.io/ssl-redirect: "true" + hosts: + - my.rucio-auth.test + path: / +``` ## httpd config @@ -163,10 +173,12 @@ can install arbitrary secrets in the cluster and this config then makes it avail kubectl create secret generic my-release-rse-accounts --from-file=rse-accounts.cfg ``` - secretMounts: - - secretName: rse-accounts - mountPath: /opt/rucio/etc/rse-accounts.cfg - subPath: rse-accounts.cfg +```yaml +secretMounts: + - secretName: rse-accounts + mountPath: /opt/rucio/etc/rse-accounts.cfg + subPath: rse-accounts.cfg +``` This will create the file from the secret and place it at `/opt/rucio/etc/rse-accounts.cfg` in every server container. @@ -174,9 +186,11 @@ This will create the file from the secret and place it at `/opt/rucio/etc/rse-ac In case you want to add regular restarts for your pods there a is a cronjob available that can be configured like this: - automaticRestart: - enabled: 1 - schedule: "15 1 * * *" +```yaml +automaticRestart: + enabled: 1 + schedule: "15 1 * * *" +``` This will run according to the given schedule and do a `kubectl rollout restart deployment` for all servers. @@ -184,13 +198,17 @@ This will run according to the given schedule and do a `kubectl rollout restart In case you have Prometheus running in your cluster you can use the built-in exporter to let Prometheus automatically scrape your metrics: - monitoring: - enabled: true +```yaml +monitoring: + enabled: true +``` Additionally, you also have to enable the status page in httpd config: - httpd_config: - enable_status: "True" +```yaml +httpd_config: + enable_status: "True" +``` ## Uninstalling the Chart diff --git a/charts/rucio-ui/README.md b/charts/rucio-ui/README.md index cd3fe15a..571f87e4 100644 --- a/charts/rucio-ui/README.md +++ b/charts/rucio-ui/README.md @@ -56,12 +56,14 @@ helm install my-release rucio/rucio-ui -f values.yaml The service type and port can be configured in `values.yaml` like this: - service: - type: NodePort - useSSL: true - port: 443 - targetPort: https - portName: https +```yaml +service: + type: NodePort + useSSL: true + port: 443 + targetPort: https + portName: https +``` By default the WebUI uses HTTPS and expects the host certificate, key and CA file to be installed as secrets in the cluster: `-hostcert`, `-hostkey` and `-cafile`. If only userpass authentication is used the service can also be changed to use plain HTTP (not advised). But the secrets still have to be installed in the cluster for the pods to start. @@ -69,25 +71,29 @@ By default the WebUI uses HTTPS and expects the host certificate, key and CA fil If you want to use X509 user certificate authentication in the WebUI an ingress controller with TLS passthrough support is needed. This documentation will focus on the nginx ingress controller. - ingress: - enabled: true - annotations: - kubernetes.io/ingress.class: nginx - nginx.ingress.kubernetes.io/ssl-passthrough: "true" - nginx.ingress.kubernetes.io/ssl-redirect: "true" - hosts: - - my.rucio-webui.test - path: / +```yaml +ingress: + enabled: true + annotations: + kubernetes.io/ingress.class: nginx + nginx.ingress.kubernetes.io/ssl-passthrough: "true" + nginx.ingress.kubernetes.io/ssl-redirect: "true" + hosts: + - my.rucio-webui.test + path: / +``` ## Proxy The WebUI uses a local proxy to forward the requests to the api and authentication servers. They have to be configured in `values.yaml` for the WebUI to work: - proxy: - rucioProxy: "my.rucio.test" - rucioProxyScheme: "https" - rucioAuthProxy: "my.rucio-auth.test" - rucioAuthProxyScheme: "https" +```yaml +proxy: + rucioProxy: "my.rucio.test" + rucioProxyScheme: "https" + rucioAuthProxy: "my.rucio-auth.test" + rucioAuthProxyScheme: "https" +``` ## httpd config diff --git a/charts/rucio-webui/README.md b/charts/rucio-webui/README.md index 3fded16f..5fb02c3d 100644 --- a/charts/rucio-webui/README.md +++ b/charts/rucio-webui/README.md @@ -220,11 +220,13 @@ If you want to use and ingress controller to expose the servers you will have to configure them separately. In this case the service type should stay as `ClusterIP`. A simple ingress for the api server would like this: - ingress: - enabled: true - path: / - hosts: - - my.rucio.test +```yaml +ingress: + enabled: true + path: / + hosts: + - my.rucio.test +``` In case you want to use HTTPS with an ingress you should not change the service as explained above but instead let the ingress controller handle the TLS From e87e7c18f19f6353bc89742d3c90233c4fea8663 Mon Sep 17 00:00:00 2001 From: rdimaio Date: Mon, 15 Dec 2025 11:22:29 +0100 Subject: [PATCH 6/6] Bump chart versions --- charts/rucio-daemons/Chart.yaml | 2 +- charts/rucio-server/Chart.yaml | 2 +- charts/rucio-ui/Chart.yaml | 2 +- charts/rucio-webui/Chart.yaml | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/charts/rucio-daemons/Chart.yaml b/charts/rucio-daemons/Chart.yaml index be2111fa..5256bc53 100644 --- a/charts/rucio-daemons/Chart.yaml +++ b/charts/rucio-daemons/Chart.yaml @@ -1,5 +1,5 @@ name: rucio-daemons -version: 38.0.3 +version: 38.0.4 apiVersion: v1 description: A Helm chart to deploy daemons for Rucio keywords: diff --git a/charts/rucio-server/Chart.yaml b/charts/rucio-server/Chart.yaml index 7a5ec796..5650a7f3 100644 --- a/charts/rucio-server/Chart.yaml +++ b/charts/rucio-server/Chart.yaml @@ -1,5 +1,5 @@ name: rucio-server -version: 38.0.4 +version: 38.0.5 apiVersion: v1 description: A Helm chart to deploy servers for Rucio keywords: diff --git a/charts/rucio-ui/Chart.yaml b/charts/rucio-ui/Chart.yaml index 19a79e86..0a35c705 100644 --- a/charts/rucio-ui/Chart.yaml +++ b/charts/rucio-ui/Chart.yaml @@ -1,5 +1,5 @@ name: rucio-ui -version: 38.0.1 +version: 38.0.2 apiVersion: v1 description: A Helm chart to deploy webui servers for Rucio keywords: diff --git a/charts/rucio-webui/Chart.yaml b/charts/rucio-webui/Chart.yaml index 9f843f61..36e95f4f 100644 --- a/charts/rucio-webui/Chart.yaml +++ b/charts/rucio-webui/Chart.yaml @@ -1,5 +1,5 @@ name: rucio-webui -version: 38.0.1 +version: 38.0.2 apiVersion: v1 description: A Helm chart to deploy the new Rucio Webui keywords: