fixing s3 rse secret and how servers deal with it (#247)

infrastructure/cluster/flux-v2/rucio-vre/rucio-daemons.yaml

@@ -511,3 +511,7 @@ spec:
         use_ssl: "False"
         brokers: "dashb-mb.cern.ch"
         voname: "escape"
+
+      credentials:
+        gcs: "/opt/rucio/etc/rse-accounts.cfg"
+        signature_lifetime: "3600"

infrastructure/cluster/flux-v2/rucio-vre/rucio-servers.yaml

@@ -6,6 +6,76 @@
 #   annotations:
 #     flux.weave.works/automated: "false" 
 
+<<<<<<< HEAD
+spec: 
+  releaseName: servers-vre
+  interval: 5m
+  chart:
+    spec:
+      sourceRef:
+        kind: HelmRepository
+        name: rucio-charts
+        namespace: rucio-vre
+      interval: 1m
+      chart: rucio-server
+      version: 1.30.0
+
+  valuesFrom:
+    - kind: Secret
+      name: rucio-db
+      valuesKey: values.yaml
+
+  values:
+
+    additionalSecrets:
+      idpsecrets:
+        secretName: idpsecrets
+        mountPath: /opt/rucio/etc/idpsecrets.json
+        subPath: idpsecrets.json
+      rse-accounts:
+        secretName: rse-accounts
+        mountPath: /opt/rucio/etc/rse-accounts.cfg
+        subPath: rse-accounts.cfg
+
+    replicaCount: 1
+    authReplicaCount: 1
+
+    useSSL:
+      server: true 
+      authServer: true  
+
+    image:
+      repository: rucio/rucio-server
+      tag: release-1.30.0
+      pullPolicy: Always
+
+  # The API server listens on port 6443 (by default). 
+  # Therefore, expose the API server on port 443 and listen to 6443. 
+
+    service:
+      type: LoadBalancer
+      port: 443
+      targetPort: 443
+      protocol: TCP
+      name: https
+    #   # annotations:
+    #   #   # These annotations are only required for cluster templates <=1.18
+    #   #   loadbalancer.openstack.org/network-id: "798d00f3-2af9-48a0-a7c3-a26d909a2d64"
+    #   #   service.beta.kubernetes.io/openstack-internal-load-balancer: "true"
+    #   #   loadbalancer.openstack.org/cascade-delete: "false"
+
+    authService:
+      type: LoadBalancer
+      port: 443
+      targetPort: 443
+      protocol: TCP
+      name: https
+    #   # annotations:
+    #   #   # These annotations are only required for cluster templates <=1.18
+    #   #   loadbalancer.openstack.org/network-id: "798d00f3-2af9-48a0-a7c3-a26d909a2d64"
+    #   #   service.beta.kubernetes.io/openstack-internal-load-balancer: "true"
+    #   #   loadbalancer.openstack.org/cascade-delete: "false"
+=======
 # spec: 
 #   releaseName: servers-vre
 #   interval: 5m
@@ -73,6 +143,7 @@
 #     #   #   loadbalancer.openstack.org/network-id: "798d00f3-2af9-48a0-a7c3-a26d909a2d64"
 #     #   #   service.beta.kubernetes.io/openstack-internal-load-balancer: "true"
 #     #   #   loadbalancer.openstack.org/cascade-delete: "false"
+>>>>>>> main
 
 #     # service:
 #     #   type: ClusterIP
@@ -172,6 +243,21 @@
 #         pool_size: 10
 #         max_overflow: 20
 
+<<<<<<< HEAD
+      oidc:
+        idpsecrets: "/opt/rucio/etc/idpsecrets.json"
+        admin_issuer: "escape"
+        expected_audience: "rucio"
+        expected_scope: "openid profile"
+
+      credentials:
+        gcs: "/opt/rucio/etc/rse-accounts.cfg"
+        signature_lifetime: "3600"
+
+      policy:
+        permission: "escape"
+        schema: "escape"
+=======
 #       oidc:
 #         idpsecrets: "/opt/rucio/etc/idpsecrets.json"
 #         admin_issuer: "escape"
@@ -181,6 +267,7 @@
 #       policy:
 #         permission: "escape"
 #         schema: "escape"
+>>>>>>> main
 
 #     serverResources: 
 #       limits:

infrastructure/secrets/rucio-vre/ss_servers-vre-rse-accounts.yaml

@@ -6,7 +6,7 @@ metadata:
   namespace: rucio-vre
 spec:
   encryptedData:
-    rse-accounts.cfg: AgAAOZFvJSFXzX6Y5IKdNFG1VODN8fLqpNxKI5yP3Ix8vS53CHhqueoEEpAwMgrRz6xX4K2Z8o7+0dMFo3gPN0fM0/QvfVxmoPIEXF73B2DZyKrcCd/qtjLyAbYn+9Tgo7EKFJTMH8iEy6Qw6TCsBVR5p9CjYOHhweJyN5Z9ddTeK3BfkmUL8hV/FrkY+e/3Ivm2FvVztAqX5fxa6q27MP7EndHvG8lWQS+clYrJtJuSGcIH/MSR79vcqQv09I01K+Er7gSEx9XyKiNwH27AgWM0/HVoMC41njsq+k276eFg3iIptwT9Fsdux7YtVcEBUyMoVe3fn5FvbQy3XXxp8/xSmzzkeCApJNTUNYz9vA6aw/pXBjZU2Tx32LWiFkqV9OM6tLwbRe4yxQHKzIBmk9EFjPwN9FwzNEv+bAgY43pi8To5g/wd3aZVkVaHMsauAQcgRBLKBQKhOfaTq5PECgE+n1vfsi9FGqnSovAxfpLlu/DVI6li65oH0kD49na21Xl5mBfkk+qgl+/ZrVq53OuKcl3bzzfNt72SFUgsEQu/ea+ZVPPcgjaU5bg436p0PUnfmDK9D4YIWUHV1gggfIVP5d/4vkDD/1oJ6X03lxLMgUr/yJMrCs8kFOQmG8a3MoJQoIYYThdqJ6noqvKo+ayOZo3z301wlHImqdJ7jTNXMAs1sOUxAf6Wj0ijHbhjIdD5r0StgXB9vwoNqHxml1kirqvRmg6gA/TyGX9gk9UIEV7lxziTkWNNP0hiSiHYa8ya+1bjM73Nl1vAQNY+rxWAfn2oSIx57vDdoP7PlpF7XzXdc+gNGOAs3UMVXmTPth8ApkwR+v04TPTCMt5hifr1BJ/5Ym3Y9QUO7RIpbtQ1T7WtZbSa0B623+PNDEQjmI2/SxXhJ7Qcf95JOPbNqOt82ffFZSiwjc5PTp75keqnZIwRxUxsYYEnjojRIO4n+mkbBnetVf37LppQaUIgyQkWgkoWF2TH2QIGj+hsGhnvEipDOVLdGZoKmL16ezdTSKF1ZlX6/ALrxDsBVpkD/zy7lg==
+    rse-accounts.cfg: AgCebmmwvDoy7+ajz9DzQoj0sdADLaOyeYpgArdR3T/VJvvf0PF5edRqt/YxnbfGER66HYTByNSZXF5+HC0qsfAglGlXvZSbV5NpgMfbN4HDHRugB5GMNX35avunETH/O24XqwvkkIETRs3UjNPr3oLdT8EKGpaQgnBwZv31aSx88eLxBQS+CEwuulWv6N+7SFz0ns3+I4vtFYjQHpfAxdORg+ZzUaEX5r2QBhgU6ENuvVzZQr72OlaJfZdjZBpHeOfI8cgned6rhRJNEcsLI9pFc5Z5mZ6bLAa8J4J/JOsbSgzQSA2Mt9LF+B8opuOAJiLkUDjBf8r13eD7BczQfhsI+Nk+LNCaHwEAh48nSoTRwRkM8jPev/cZR4hImCRS6RjJNUyu5r+4P5vNfG/M57jEOKpWf9TOjkJmjQdmVcdeVpOHdXqYZSJGxEOcp0E4EBfl/vq/PydvCmVITl071BaQENnlCdE+AkP4mL1uSSqwR6Oa6C3/WPmCXkzLLyHMBuNwWxz8eh74BBIuE7Ps1bAzCsQL1uGMw9ci6OrsaUqWcAhYJBIwREK4wExYSluoA74I4TMQKLSrivrkBG5UNbieevpy9KVLyYoQig/WtbqzSTsqRhRGyOhYZuNrDXY9X3qddPIUqoVuKhPIZDPBJIWVD/Rry4FTZ134OtCmsJHttoNvTGmBkxIXOcXds2ntdu6CsE/BhoCZ9xTdbfDQf4HNzKz6PKO1jGrauUhaPoqdMcuESBHGjuwJBJN33/GQJqUEx+ad/5lbX7CuWqsNlmMUcQgj6/WZAp5iWtLw0uTXCBiyr8Abbeutz6SUcPdvecUmuu4nU4zkSSvlTVs6/9WMZveo2EljGuRMvBQHNmfLN0gQ8AQLhPocZQV+iM5zIVnEF7NbCxwpy6aR/haFQeY0ot8GCfiT0+5lM+XK2Q6qTy6DG2sb/LZVxevjqWZ/GX4PV96ik+lWMqpL8lU5mmfJJPzn6C+6DozdPaSM+vGvy3KYxRZQPc6EjHDTs/hd/Fv1yJ1K4OTHOw+2OnpQ61JK+w==
   template:
     metadata:
       creationTimestamp: null