-
Notifications
You must be signed in to change notification settings - Fork 18
/
values.yaml
185 lines (168 loc) · 5.93 KB
/
values.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
# Default values for Helm-based deployment.
# This is a YAML-formatted file.
# Declare variables to be passed into your templates.
applicationDomain: c03.k8s-popup.csc.fi # change to wes server
clusterType: openshift # either 'kubernetes' or 'openshift'
tlsSecret: mytls-secret # put name of tlsSecret
storageAccessMode: ReadWriteOnce # mongodb-pvc.yaml/rabbitmq-pvc.yaml, change to ReadWriteMany if storageClass can do RWX
extra_config:
folder: /etc/app_config
file: config.yaml
autocert:
createJob: "true" # actually create autocert cronjob, for K8S with autocert installed set to "false"
schedule: "0 0 1 */2 *" # cronjob schedule
testCert: "true" # use test certificates so as not to exceed quota
image: elixircloud/autocert:devel
apiServer: kubernetes.default.svc:443 # address of k8s API server
email: [email protected] # email to inject into certificate
flower:
appName: flower
basicAuth: admin:admin
image: endocode/flower
wes:
appName: cwlwes
image: elixircloud/cwl-wes:latest
#netrc: # change this, add one entry per FTP/HTTP server
#- Machine: defaultmachine
# Login: defaultnetrclogin
# Password: defaultnetrcpassword
storageClass: nfs-client # <- wes-volume.yaml, only for K8S, a storageClass with readWriteMany capability is required
volumeSize: 1Gi
redirect: false
configWithJob: false
appConfig: |
# General server/service settings
#
# Any change in this file will be detected by gunicorn and the configuration will be reloaded.
#
server:
host: '0.0.0.0'
port: 8080
debug: True
environment: development
testing: False
use_reloader: True
# Security settings
security:
authorization_required: False
jwt:
add_key_to_claims: True
algorithms:
- RS256
allow_expired: False
audience: null # list of allowed audiences or 'null' (do not validate audience)
claim_identity: sub
claim_issuer: iss
claim_key_id: kid
header_name: Authorization
token_prefix: Bearer
validation_methods:
- userinfo
- public_key
validation_checks: all # 'any' or 'all'
# Database settings
database:
host: mongodb
port: 27017
name: cwl-wes-db
run_id:
length: 6
charset: string.ascii_uppercase + string.digits
# Storage
storage:
permanent_dir: '/data/output'
tmp_dir: '/data/tmp'
remote_storage_url: 'ftp://ftp-private.ebi.ac.uk/upload/foivos'
# Celery task queue
celery:
broker_host: rabbitmq
broker_port: 5672
result_backend: 'rpc://'
include:
- cwl_wes.tasks.run_workflow
- cwl_wes.tasks.cancel_run
monitor:
timeout: 0.1
message_maxsize: 16777216
# OpenAPI specs
api:
specs:
- path: '20181010.be85140.workflow_execution_service.swagger.yaml'
strict_validation: True
validate_responses: True
swagger_ui: True
swagger_json: True
endpoint_params:
default_page_size: 5
timeout_cancel_run: 60
timeout_run_workflow: Null
# WES service info settings
service_info:
contact_info: 'https://github.com/elixir-cloud-aai/cwl-WES'
auth_instructions_url: 'https://www.elixir-europe.org/services/compute/aai'
supported_filesystem_protocols:
- ftp
- https
- local
supported_wes_versions:
- 1.0.0
workflow_type_versions:
CWL:
workflow_type_version:
- v1.0
workflow_engine_versions:
cwl-tes: 0.2.0
default_workflow_engine_parameters:
- type: string
default_value: some_string
- type: int
default_value: '5'
tags:
known_tes_endpoints: 'https://tes.tsi.ebi.ac.uk/|https://tes-dev.tsi.ebi.ac.uk/|https://csc-tesk.c03.k8s-popup.csc.fi/|https://tesk.c01.k8s-popup.csc.fi/'
# TES server
tes:
url: 'https://csc-tesk.c03.k8s-popup.csc.fi/'
timeout: 5
status_query_params: 'FULL'
# DRS integration
drs:
port: Null # use this port for resolving DRS URIs; set to `Null` to use default (443)
base_path: Null # use this base path for resolving DRS URIs; set to `Null` to use default (`ga4gh/drs/v1`)
use_http: False # use `http` for resolving DRS URIs; set to `False` to use default (`https`)
file_types: # extensions of files to scan for DRS URI resolution
- cwl
- yaml
- yml
# Activate/deactivate the '/' to '/ga4gh/wes/v1/ui/' redirection
celeryWorker:
appName: celery-worker
image: elixircloud/cwl-wes:latest
tmpVolumeSize: 0Gi # Volume size for the /tmp directory. Leave 0 to not deploy. StorageClass with readWriteMany capability is required
tmpCleaner: false # If tmpVolume is deployed, then it should be cleaned hourly.
mongodb:
appName: mongodb
databaseAdminPassword: adminpasswd
databaseName: cwlwes-db
databasePassword: cwlwes-db-passwd
databaseUser: cwlwes-user
volumeSize: 1Gi
image: centos/mongodb-36-centos7
mountPath: /var/lib/mongodb/data
pullPolicy: Always
securityContext: # only for K8S
enabled: true
fsGroup: 1001
runAsUser: 1001
runAsNonRoot: true
rabbitmq:
appName: rabbitmq
volumeSize: 1Gi
image: rabbitmq:3-management
ingress: # <- wes-ingress-kubernetes.yaml, only for system ingress for K8S, ensure wes namespace has rights to access it
letsencryptSystem: "true" # if true, ensure wes namespace has rights to access letsencrypt pods - rbac
nginx_image: nginx/nginx-ingress:1.3.0
tls_letsencrypt:
annotations:
ingressclass: "nginx"
tlsacme: "\"true\""
clusterissuer: "letsencrypt-prod"