Skip to content

Commit

Permalink
deploy mini phalanx
Browse files Browse the repository at this point in the history 
remove modded install script
  • Loading branch information
@pav511
pav511 committed Jul 20, 2023
1 parent 0d30648 commit adf92ff
Show file tree
Hide file tree
Showing 5 changed files with 422 additions and 0 deletions.
85 changes: 85 additions & 0 deletions applications/argocd/values-usdf-tel-rsp.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,85 @@
argo-cd:
redis:
enabled: true

server:
ingress:
enabled: true
hosts:
- "usdf-tel-rsp.slac.stanford.edu"
annotations:
kubernetes.io/ingress.class: nginx
nginx.ingress.kubernetes.io/rewrite-target: "/$2"
paths:
- /argo-cd(/|$)(.*)

extraArgs:
- "--basehref=/argo-cd"
- "--insecure=true"

env:
- name: HTTP_PROXY
value: http://squid.slac.stanford.edu:3128
- name: HTTPS_PROXY
value: http://squid.slac.stanford.edu:3128
- name: NO_PROXY
value: 127.0.0.0/8,10.0.0.0/8,172.16.0.0/12,192.168.0.0/16,.cluster.local,argocd-repo-server

config:
url: https://usdf-tel-rsp.slac.stanford.edu/argo-cd
oidc.config: |
name: SLAC
issuer: https://dex.slac.stanford.edu
clientID: $oidc.clientId
clientSecret: $oidc.clientSecret
# Optional set of OIDC scopes to request. If omitted, defaults to: ["openid", "profile", "email", "groups"]
requestedScopes: ["openid", "profile", "email", "groups"]
# Optional set of OIDC claims to request on the ID token.
requestedIDTokenClaims: {"groups": {"essential": true}}
rbacConfig:
policy.csv: |
g, [email protected], role:admin
g, [email protected], role:admin
g, [email protected], role:admin
g, [email protected], role:admin
g, [email protected], role:admin
g, [email protected], role:admin
g, [email protected], role:admin
g, [email protected], role:admin
g, [email protected], role:admin
g, [email protected], role:admin
g, [email protected], role:admin
g, [email protected], role:admin
g, [email protected], role:admin
g, [email protected], role:admin
scopes: "[email]"

helm.repositories: |
- url: https://lsst-sqre.github.io/charts/
name: lsst-sqre
- url: https://charts.helm.sh/stable
name: stable
repoServer:

env:
- name: HTTP_PROXY
value: http://squid.slac.stanford.edu:3128
- name: HTTPS_PROXY
value: http://squid.slac.stanford.edu:3128
- name: NO_PROXY
value: 127.0.0.0/8,10.0.0.0/8,172.16.0.0/12,192.168.0.0/16,.cluster.local,argocd-repo-server

controller:

env:
- name: HTTP_PROXY
value: http://squid.slac.stanford.edu:3128
- name: HTTPS_PROXY
value: http://squid.slac.stanford.edu:3128
- name: NO_PROXY
value: 127.0.0.0/8,10.0.0.0/8,172.16.0.0/12,192.168.0.0/16,.cluster.local,argocd-repo-server

configs:
secret:
createSecret: false
227 changes: 227 additions & 0 deletions applications/gafaelfawr/values-usdf-tel-rsp.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,227 @@
replicaCount: 2

# Use the CSI storage class so that we can use snapshots.
redis:
persistence:
storageClass: "wekafs--sdf-k8s01"

config:
databaseUrl: "postgresql://[email protected]/gafaelfawr"

oidcServer:
enabled: true

oidc:
clientId: rubin-usdf-tel-rsp
audience: "rubin-usdf-tel-rsp"
loginUrl: "https://dex.slac.stanford.edu/auth"
tokenUrl: "https://dex.slac.stanford.edu/token"
issuer: "https://dex.slac.stanford.edu"
scopes:
- "openid"
- "email"
- "groups"
- "profile"
usernameClaim: "name"

ldap:
url: ldaps://ldap-unix.slac.stanford.edu:636
groupBaseDn: ou=Group,dc=slac,dc=stanford,dc=edu
groupObjectClass: posixGroup
groupMemberAttr: memberUid
userBaseDn: ou=Accounts,dc=slac,dc=stanford,dc=edu
userSearchAttr: uid
addUserGroup: false
uidAttr: uidNumber
gidAttr: gidNumber
nameAttr: gecos

groupMapping:
"admin:token":
- "rubinmgr"
- "unix-admin"
"admin:users":
- "rubinmgr"
- "unix-admin"
"exec:admin":
- "rubinmgr"
- "unix-admin"
"exec:notebook":
- "lsst"
- "lsst-ccs"
- "rubin_users"
- "rubin_users-a"
- "rubin_users-b"
- "rubin_users-c"
- "rubin_users-d"
- "rubin_users-e"
- "rubin_users-f"
- "rubin_users-g"
- "rubin_users-h"
- "rubin_users-i"
- "rubin_users-j"
- "rubin_users-k"
- "rubin_users-l"
- "rubin_users-m"
- "rubin_users-n"
- "rubin_users-o"
- "rubin_users-p"
- "rubin_users-q"
- "rubin_users-r"
- "rubin_users-s"
- "rubin_users-t"
- "rubin_users-u"
- "rubin_users-v"
- "rubin_users-w"
- "rubin_users-x"
- "rubin_users-y"
- "rubin_users-z"
- "rubin_admin_datasets"
- "rubin_admin_repos"
- "unix-admin"
"exec:portal":
- "lsst"
- "lsst-ccs"
- "rubin_users"
- "rubin_users-a"
- "rubin_users-b"
- "rubin_users-c"
- "rubin_users-d"
- "rubin_users-e"
- "rubin_users-f"
- "rubin_users-g"
- "rubin_users-h"
- "rubin_users-i"
- "rubin_users-j"
- "rubin_users-k"
- "rubin_users-l"
- "rubin_users-m"
- "rubin_users-n"
- "rubin_users-o"
- "rubin_users-p"
- "rubin_users-q"
- "rubin_users-r"
- "rubin_users-s"
- "rubin_users-t"
- "rubin_users-u"
- "rubin_users-v"
- "rubin_users-w"
- "rubin_users-x"
- "rubin_users-y"
- "rubin_users-z"
- "rubin_admin_datasets"
- "rubin_admin_repos"
- "unix-admin"
"exec:user":
- "lsst"
- "lsst-ccs"
- "rubin_users"
- "rubin_users-a"
- "rubin_users-b"
- "rubin_users-c"
- "rubin_users-d"
- "rubin_users-e"
- "rubin_users-f"
- "rubin_users-g"
- "rubin_users-h"
- "rubin_users-i"
- "rubin_users-j"
- "rubin_users-k"
- "rubin_users-l"
- "rubin_users-m"
- "rubin_users-n"
- "rubin_users-o"
- "rubin_users-p"
- "rubin_users-q"
- "rubin_users-r"
- "rubin_users-s"
- "rubin_users-t"
- "rubin_users-u"
- "rubin_users-v"
- "rubin_users-w"
- "rubin_users-x"
- "rubin_users-y"
- "rubin_users-z"
- "rubin_admin_datasets"
- "rubin_admin_repos"
- "unix-admin"
"read:tap":
- "lsst"
- "lsst-ccs"
- "rubin_users"
- "rubin_users-a"
- "rubin_users-b"
- "rubin_users-c"
- "rubin_users-d"
- "rubin_users-e"
- "rubin_users-f"
- "rubin_users-g"
- "rubin_users-h"
- "rubin_users-i"
- "rubin_users-j"
- "rubin_users-k"
- "rubin_users-l"
- "rubin_users-m"
- "rubin_users-n"
- "rubin_users-o"
- "rubin_users-p"
- "rubin_users-q"
- "rubin_users-r"
- "rubin_users-s"
- "rubin_users-t"
- "rubin_users-u"
- "rubin_users-v"
- "rubin_users-w"
- "rubin_users-x"
- "rubin_users-y"
- "rubin_users-z"
- "rubin_admin_datasets"
- "rubin_admin_repos"
- "unix-admin"
"read:image":
- "lsst"
- "lsst-ccs"
- "rubin_users"
- "rubin_users-a"
- "rubin_users-b"
- "rubin_users-c"
- "rubin_users-d"
- "rubin_users-e"
- "rubin_users-f"
- "rubin_users-g"
- "rubin_users-h"
- "rubin_users-i"
- "rubin_users-j"
- "rubin_users-k"
- "rubin_users-l"
- "rubin_users-m"
- "rubin_users-n"
- "rubin_users-o"
- "rubin_users-p"
- "rubin_users-q"
- "rubin_users-r"
- "rubin_users-s"
- "rubin_users-t"
- "rubin_users-u"
- "rubin_users-v"
- "rubin_users-w"
- "rubin_users-x"
- "rubin_users-y"
- "rubin_users-z"
- rubin_admin_datasets
- rubin_admin_repos
- "unix-admin"
"write:sasquatch":
- "rubinmgr"
- "unix-admin"

initialAdmins:
- "afausti"
- "athor"
- "cbanek"
- "frossie"
- "jonathansick"
- "rra"
- "simonkrughoff"
- "ytl"
- "ppascual"
8 changes: 8 additions & 0 deletions applications/postgres/values-usdf-tel-rsp.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,8 @@
jupyterhub_db:
user: 'jovyan'
db: 'jupyterhub'
gafaelfawr_db:
user: 'gafaelfawr'
db: 'gafaelfawr'

postgresStorageClass: 'wekafs--sdf-k8s01'
22 changes: 22 additions & 0 deletions applications/vault-secrets-operator/values-usdf-tel-rsp.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,22 @@
vault-secrets-operator:
environmentVars:
- name: VAULT_AUTH_METHOD
value: approle
- name: VAULT_ROLE_ID
valueFrom:
secretKeyRef:
name: vault-secrets-operator
key: VAULT_ROLE_ID
- name: VAULT_SECRET_ID
valueFrom:
secretKeyRef:
name: vault-secrets-operator
key: VAULT_SECRET_ID
- name: VAULT_TOKEN_MAX_TTL
valueFrom:
secretKeyRef:
name: vault-secrets-operator
key: VAULT_TOKEN_MAX_TTL
vault:
address: "https://vault.slac.stanford.edu"
authMethod: approle
Loading

0 comments on commit adf92ff

Please sign in to comment.