Proposed version 0.2.0

.github/workflows/ci.yaml

@@ -31,7 +31,13 @@ jobs:
       matrix:
         include:
           - name: minimal
-            args: "--set serverHostname=test.example.com"
+            args: >-
+              --set serverHostname=test.example.com
+              --set sitename=TEST_EXAMPLE_COM_CACHE
+              --set cache.pvc.storageClass=fast-nvme
+              --set logging.persistence.storageClass=standard
+              --set issuerKey.existingSecret=my-issuer-key-secret
+              --set webPassword.existingSecret=my-web-passwd-secret
           - name: uw-osdf-cache
             args: "-f ci/uw-osdf-cache-values.yaml"
           - name: itb-osdf-pelican-cache

Chart.yaml

@@ -2,8 +2,8 @@ apiVersion: v2
 name: pelican-cache
 description: A Helm chart for deploying a Pelican Platform cache in the OSDF
 type: application
-version: 0.1.0
-appVersion: "7.23.0"
+version: "0.2.0"
+appVersion: "v7.24.2"
 home: https://pelicanplatform.org
 sources:
   - https://github.com/PelicanPlatform/pelican

ci/houston2-i2-pelican-cache-values.yaml

@@ -2,54 +2,54 @@
 # from tiger-osg-config. Secrets must be created separately before install.
 
 serverHostname: "dtn-pas.hous.nrp.internet2.edu"
+sitename: HOUSTON2_INTERNET2_OSDF_CACHE
 
 federation:
   discoveryUrl: "https://osg-htc.org"
-  label: osdf
-
-image:
-  repository: hub.opensciencegrid.org/pelican_platform/osdf-cache
-  tag: "v7.22.0"
-  pullPolicy: IfNotPresent
-
-cvmfsRedirector:
-  enabled: false
 
 # The real deployment uses an existing PVC (pvc-dtn-pas.hous.net.internet2.edu).
 cache:
-  storageType: existingPVC
-  existingPVC: pvc-dtn-pas.hous.net.internet2.edu
+  image:
+    repository: hub.opensciencegrid.org/pelican_platform/osdf-cache
+    tag: "v7.22.0"
+    pullPolicy: IfNotPresent
+  type: hostPath
+  hostPath:
+    path: /cache
+  resources:
+    requests:
+      cpu: "16000m"
+      memory: "210Gi"
+    limits:
+      cpu: "16000m"
+      memory: "210Gi"
+
+cacheConfig:
   concurrency: 160
 
-namespaceKey:
-  type: existingSecret
+issuerKey:
   existingSecret: houston2-i2-pelican-pelican-cache-key
   secretKey: issuer.pem
 
 # The real deployment creates its own Certificate (Issuer, not ClusterIssuer)
 # and uses a differently named secret ("certs").
 # We use tls.existingSecret to reference that pre-existing secret.
-certificate:
-  enabled: false
-
 tls:
+  certManager:
+    enabled: false
   existingSecret: houston2-i2-certs
 
-# hostNetwork: true binds directly to the node's network and disables the Service.
 hostNetwork: true
 
+server:
+  webPort: 8444
+
+# Keep network policy disabled for this hostNetwork-based profile.
 networkPolicy:
   enabled: false
 
-resources:
-  cache:
-    requests:
-      cpu: "16000m"
-      memory: "210Gi"
-    limits:
-      cpu: "16000m"
-      memory: "210Gi"
-  logrotate:
+logrotate:
+  resources:
     requests:
       cpu: "1"
       memory: "500M"
@@ -59,28 +59,38 @@ resources:
 
 # Logs go to the cache volume (/cache/pelican/), no separate logging PVC.
 logging:
-  enabled: false
+  persistence:
+    separateVolume: false
+  # NOTE: logging.origin and server.webPort from the real deployment are not
+  # supported as first-class chart values; use extraPelicanConfig if needed.
+
+loggingConfig:
   level: INFO
   cache:
     Pss: warn
     Scitokens: warn
-  origin:
-    Scitokens: warn
-
-server:
-  webPort: 8444
 
 oidc:
   enabled: true
   existingSecret: nrp-oidc-client-secret
-
-adminUsers: "http://cilogon.org/serverE/users/133679 http://cilogon.org/serverA/users/10832 http://cilogon.org/serverA/users/21441 http://cilogon.org/serverA/users/46022246 http://cilogon.org/serverA/users/9265706 http://cilogon.org/serverE/users/57152 http://cilogon.org/serverE/users/130835 http://cilogon.org/serverE/users/245993 http://cilogon.org/serverB/users/51444962"
-
-webPasswordSecret: osdf-web-pass-nrp
-webPasswordSecretKey: server-web-passwd
+  adminUsers:
+    - "http://cilogon.org/serverE/users/133679"
+    - "http://cilogon.org/serverA/users/10832"
+    - "http://cilogon.org/serverA/users/21441"
+    - "http://cilogon.org/serverA/users/46022246"
+    - "http://cilogon.org/serverA/users/9265706"
+    - "http://cilogon.org/serverE/users/57152"
+    - "http://cilogon.org/serverE/users/130835"
+    - "http://cilogon.org/serverE/users/245993"
+    - "http://cilogon.org/serverB/users/51444962"
+
+webPassword:
+  existingSecret: osdf-web-pass-nrp
+  key: server-web-passwd
+
+# NOTE: xrootdSitename is not a chart value; the chart uses "sitename" instead.
 
 xrootd:
-  sitename: HOUSTON2_INTERNET2_OSDF_CACHE
   # The real deployment uses an external ConfigMap (xrootdtrt-cfg) for xrootd config.
   # xrootd.extraConfig could inline it here if the content were known.
   extraConfig: ""
@@ -98,10 +108,6 @@ securityContext:
   capabilities:
     add: ["SYS_PTRACE"]
 
-extraEnv:
-  - name: XRD_CURLDISABLEX509
-    value: "1"
-
 # Convert remaining env-var config that doesn't have first-class values.yaml
 # knobs into proper YAML config.
 extraPelicanConfig:
@@ -110,6 +116,10 @@ extraPelicanConfig:
   IssuerKey: "/cache/privpelican/issuer.pem"
   Logging:
     LogLocation: "/cache/pelican/pelican.log"
+    Origin:
+      Scitokens: warn
+  XrootD:
+    ConfigFile: "/etc/pelican/xrootdap/xrootdtrt.cfg"
   Shoveler:
     Enable: true
     Topic: ""

ci/itb-osdf-pelican-cache-values.yaml

@@ -2,63 +2,64 @@
 # Secrets must be created separately before installing the chart.
 
 serverHostname: "itb-osdf-pelican-cache.osdf-dev.chtc.io"
+sitename: ITB-OSDF-PELICAN-CACHE
 
 federation:
-  discoveryUrl: "https://discovery.osdf-dev.chtc.io"
-  label: osdf
-
-image:
-  repository: hub.opensciencegrid.org/pelican_platform/osdf-cache
-  tag: "v7.23.0"
+  discoveryUrl: "https://osdf-itb.osg-htc.org"
 
 cvmfsRedirector:
   enabled: false
 
 cache:
-  storageType: pvc
-  storageClassName: 3x-replica-hdd-raddus
-  pvcSize: 100Gi
+  image:
+    repository: hub.opensciencegrid.org/pelican_platform/osdf-cache
+    tag: "v7.23.0"
+  type: pvc
+  pvc:
+    storageClass: 3x-replica-hdd-raddus
+    size: 100Gi
+  resources:
+    requests:
+      cpu: "8"
+      memory: "16Gi"
+
+cacheConfig:
   concurrency: 40
 
-namespaceKey:
-  type: existingSecret
+issuerKey:
   existingSecret: itb-osdf-pelican-cache-issuer-keys
   secretKey: issuer.pem
 
-certificate:
-  enabled: true
-  issuerRef:
-    name: letsencrypt-prod
-    kind: ClusterIssuer
-  dnsNames:
-    - itb-osdf-pelican-cache.osdf-dev.chtc.io
+tls:
+  certManager:
+    enabled: true
+    issuerRef:
+      name: letsencrypt-prod
+      kind: ClusterIssuer
+    dnsNames:
+      - itb-osdf-pelican-cache.osdf-dev.chtc.io
 
 service:
   type: LoadBalancer
   annotations:
     external-dns.alpha.kubernetes.io/hostname: itb-osdf-pelican-cache.osdf-dev.chtc.io
     metallb.universe.tf/address-pool: tiger-vlan5
 
-resources:
-  cache:
-    requests:
-      cpu: "8"
-      memory: "16Gi"
-
 logging:
+  persistence:
+    separateVolume: true
+    storageClass: 3x-replica-block
+    size: 10Gi
+
+loggingConfig:
   level: "debug"
-  storageClassName: 3x-replica-block
-  pvcSize: 10Gi
   cache:
     Scitokens: debug
     Pss: debug
     Http: debug
     Ofs: debug
     Pfc: debug
 
-xrootd:
-  sitename: ITB-OSDF-PELICAN-CACHE
-
 nodeSelector:
   datacenter: wid-vlan5
 
@@ -70,8 +71,9 @@ securityContext:
   capabilities:
     add: ["SYS_PTRACE"]
 
-webPasswordSecret: itb-pelican-server-web-passwd
-webPasswordSecretKey: server-web-passwd
+webPassword:
+  existingSecret: itb-pelican-server-web-passwd
+  key: server-web-passwd
 
 # Settings not directly parameterized by the chart; merged via extraPelicanConfig.
 extraPelicanConfig: