Better chart docs rendering

README.md

@@ -43,9 +43,10 @@ export MYSQL_ROOT_PASSWORD=$(kubectl get secret --namespace "default" mysql-secr
 export MYSQL_PASSWORD=$(kubectl get secret --namespace "default" mysql-secret -o jsonpath="{.data.mysql-password}" | base64 -d)
 
 # Show what will be changed by running "helm upgrade"
-helm diff upgrade diracx-demo  ./diracx --values .demo/values.yaml --set rabbitmq.auth.password=$RABBITMQ_PASSWORD  --set mysql.auth.^CotPassword=$MYSQL_ROOT_PASSWORD --set mysql.auth.password=$MYSQL_PASSWORD
+helm diff upgrade diracx-demo  ./diracx --values .demo/values.yaml --set rabbitmq.auth.password=$RABBITMQ_PASSWORD  --set mysql.auth.rootPassword=$MYSQL_ROOT_PASSWORD --set mysql.auth.password=$MYSQL_PASSWORD
+
 # Actually run "helm upgrade" to apply changes
-helm upgrade diracx-demo ./diracx --values .demo/values.yaml --set rabbitmq.auth.password=$RABBITMQ_PASSWORD  --set mysql.auth.^CotPassword=$MYSQL_ROOT_PASSWORD --set mysql.auth.password=$MYSQL_PASSWORD
+helm upgrade diracx-demo ./diracx --values .demo/values.yaml --set rabbitmq.auth.password=$RABBITMQ_PASSWORD  --set mysql.auth.rootPassword=$MYSQL_ROOT_PASSWORD --set mysql.auth.password=$MYSQL_PASSWORD
 ```
 
 ## Deploying a custom branch to DIRAC certification
@@ -105,18 +106,18 @@ Depending on the installation you perform, some tasks may be necessary or not. T
 | cert-manager-issuer.enabled | bool | `true` |  |
 | cert-manager.enabled | bool | `true` |  |
 | cert-manager.installCRDs | bool | `true` |  |
-| developer.autoReload | bool | `true` |  |
-| developer.editableMountedPythonModules | bool | `true` |  |
-| developer.enableCoverage | bool | `false` |  |
+| developer.autoReload | bool | `true` | Enable automatic reloading inside uvicorn when the sources change Used by the integration tests for running closer to prod setup |
+| developer.editableMountedPythonModules | bool | `true` | Use pip install -e for mountedPythonModulesToInstall This is used by the integration tests because editable install might behave differently |
+| developer.enableCoverage | bool | `false` | Enable collection of coverage reports (intended for CI usage only) |
 | developer.enabled | bool | `true` |  |
-| developer.ipAlias | string | `nil` |  |
-| developer.localCSPath | string | `"/local_cs_store"` |  |
-| developer.mountedPythonModulesToInstall | list | `[]` |  |
-| developer.nodeImage | string | `"node:16-alpine"` |  |
-| developer.nodeModuleToInstall | string | `nil` |  |
-| developer.offline | bool | `false` |  |
-| developer.sourcePath | string | `"/diracx_source"` |  |
-| developer.urls | object | `{}` |  |
+| developer.ipAlias | string | `nil` | The IP that the demo is running at |
+| developer.localCSPath | string | `"/local_cs_store"` | If set, mount the CS stored localy instead of initializing a default one |
+| developer.mountedPythonModulesToInstall | list | `[]` | List of packages which are mounted into developer.sourcePath and should be installed with pip install SOURCEPATH/... |
+| developer.nodeImage | string | `"node:16-alpine"` | Image to use for the webapp if nodeModuleToInstall is set |
+| developer.nodeModuleToInstall | string | `nil` | List of node modules to install |
+| developer.offline | bool | `false` | Make it possible to launch the demo without having an internet connection |
+| developer.sourcePath | string | `"/diracx_source"` | Path from which to mount source of DIRACX |
+| developer.urls | object | `{}` | URLs which can be used to access various components of the demo (diracx, minio, dex, etc). They are used by the diracx tests |
 | dex."https.enabled" | bool | `false` |  |
 | dex.config.enablePasswordDB | bool | `true` |  |
 | dex.config.expiry.authRequests | string | `"24h"` |  |
@@ -139,22 +140,18 @@ Depending on the installation you perform, some tasks may be necessary or not. T
 | dex.service.ports.http.nodePort | int | `32002` |  |
 | dex.service.ports.http.port | int | `8000` |  |
 | dex.service.type | string | `"NodePort"` |  |
+| diracx.hostname | string | `""` | Required: The hostname where the webapp/API is running |
 | diracx.manageOSIndices | bool | `true` |  |
-| diracx.mysqlDatabases[0] | string | `"AuthDB"` |  |
-| diracx.mysqlDatabases[1] | string | `"JobDB"` |  |
-| diracx.mysqlDatabases[2] | string | `"JobLoggingDB"` |  |
-| diracx.mysqlDatabases[3] | string | `"SandboxMetadataDB"` |  |
-| diracx.mysqlDatabases[4] | string | `"TaskQueueDB"` |  |
-| diracx.osDatabases[0] | string | `"JobParametersDB"` |  |
-| diracx.pythonModulesToInstall | list | `[]` |  |
+| diracx.mysqlDatabases | list | `["AuthDB","JobDB","JobLoggingDB","SandboxMetadataDB","TaskQueueDB"]` | Which DiracX MySQL DBs are used? |
+| diracx.osDatabases | list | `["JobParametersDB"]` | Which DiracX OpenSearch DBs are used? |
+| diracx.pythonModulesToInstall | list | `[]` | List of install specifications to pass to pip before launching each container |
 | diracx.service.port | int | `8000` |  |
-| diracx.settings.DIRACX_CONFIG_BACKEND_URL | string | `"git+file:///cs_store/initialRepo"` |  |
-| diracx.settings.DIRACX_SERVICE_AUTH_ALLOWED_REDIRECTS | string | `"[\"http://anything:8000/docs/oauth2-redirect\"]"` |  |
-| diracx.settings.DIRACX_SERVICE_AUTH_TOKEN_KEY | string | `"file:///signing-key/rsa256.key"` |  |
+| diracx.settings | object | `{"DIRACX_CONFIG_BACKEND_URL":"git+file:///cs_store/initialRepo","DIRACX_SERVICE_AUTH_ALLOWED_REDIRECTS":"[\"http://anything:8000/docs/oauth2-redirect\"]","DIRACX_SERVICE_AUTH_TOKEN_KEY":"file:///signing-key/rsa256.key"}` | Settings to inject into the API container via environment variables |
+| diracx.settings.DIRACX_CONFIG_BACKEND_URL | string | `"git+file:///cs_store/initialRepo"` | This corresponds to the basic dirac.cfg which must be present on all the servers TODO: autogenerate all of these |
 | diracxWeb.service.port | int | `8080` |  |
 | fullnameOverride | string | `""` |  |
-| global.activeDeadlineSeconds | int | `900` |  |
-| global.batchJobTTL | int | `600` |  |
+| global.activeDeadlineSeconds | int | `900` | timeout for job deadlines |
+| global.batchJobTTL | int | `600` | How long should batch jobs be retained after completing? |
 | global.imagePullPolicy | string | `"Always"` |  |
 | global.images.client | string | `"ghcr.io/diracgrid/diracx/client"` |  |
 | global.images.services | string | `"ghcr.io/diracgrid/diracx/services"` |  |
@@ -165,7 +162,6 @@ Depending on the installation you perform, some tasks may be necessary or not. T
 | ingress.className | string | `"nginx"` |  |
 | ingress.enabled | bool | `true` |  |
 | ingress.tlsSecretName | string | `"myingress-cert"` |  |
-| init-cs.defaultUsers | list | `[]` |  |
 | init-cs.enabled | bool | `true` |  |
 | init-secrets.enabled | bool | `true` |  |
 | init-secrets.rbac.create | bool | `true` |  |
@@ -209,9 +205,9 @@ Depending on the installation you perform, some tasks may be necessary or not. T
 | replicaCount | int | `1` |  |
 | resources | object | `{}` |  |
 | securityContext | object | `{}` |  |
-| serviceAccount.annotations | object | `{}` |  |
-| serviceAccount.create | bool | `true` |  |
-| serviceAccount.name | string | `""` |  |
+| serviceAccount.annotations | object | `{}` | Annotations to add to the service account |
+| serviceAccount.create | bool | `true` | Specifies whether a service account should be created |
+| serviceAccount.name | string | `""` | The name of the service account to use. If not set and create is true, a name is generated using the fullname template |
 | tolerations | list | `[]` |  |
 
 ----------------------------------------------

README.md.gotmpl

@@ -40,9 +40,10 @@ export MYSQL_ROOT_PASSWORD=$(kubectl get secret --namespace "default" mysql-secr
 export MYSQL_PASSWORD=$(kubectl get secret --namespace "default" mysql-secret -o jsonpath="{.data.mysql-password}" | base64 -d)
 
 # Show what will be changed by running "helm upgrade"
-helm diff upgrade diracx-demo  ./diracx --values .demo/values.yaml --set rabbitmq.auth.password=$RABBITMQ_PASSWORD  --set mysql.auth.^CotPassword=$MYSQL_ROOT_PASSWORD --set mysql.auth.password=$MYSQL_PASSWORD
+helm diff upgrade diracx-demo  ./diracx --values .demo/values.yaml --set rabbitmq.auth.password=$RABBITMQ_PASSWORD  --set mysql.auth.rootPassword=$MYSQL_ROOT_PASSWORD --set mysql.auth.password=$MYSQL_PASSWORD
+
 # Actually run "helm upgrade" to apply changes
-helm upgrade diracx-demo ./diracx --values .demo/values.yaml --set rabbitmq.auth.password=$RABBITMQ_PASSWORD  --set mysql.auth.^CotPassword=$MYSQL_ROOT_PASSWORD --set mysql.auth.password=$MYSQL_PASSWORD
+helm upgrade diracx-demo ./diracx --values .demo/values.yaml --set rabbitmq.auth.password=$RABBITMQ_PASSWORD  --set mysql.auth.rootPassword=$MYSQL_ROOT_PASSWORD --set mysql.auth.password=$MYSQL_PASSWORD
 ```
 
 

diracx/templates/deployment.yaml

@@ -31,7 +31,7 @@ spec:
       hostAliases:
         - ip: {{ .Values.developer.ipAlias }}
           hostnames:
-          - {{ .Values.diracx.hostname }}
+          - {{ required "diracx.hostname must be set!" .Values.diracx.hostname }}
       {{- end }}
       serviceAccountName: {{ include "diracx.serviceAccountName" . }}
       securityContext:

diracx/values.yaml

@@ -3,14 +3,14 @@
 # Declare variables to be passed into your templates.
 
 global:
-  # How long should batch jobs be retained after completing?
+  # -- How long should batch jobs be retained after completing?
   batchJobTTL: 600
   # TODO: To avoid being unable to launch a container when the remote registry
   # is down this should be changed to IfNotPresent once we start using tags.
   # For now we override it to Always to avoid confusion around having an
   # outdated reference to the "latest" tag.
   imagePullPolicy: Always
-  # timeout for job deadlines
+  # -- timeout for job deadlines
   activeDeadlineSeconds: 900
   images:
     tag: "dev"
@@ -22,7 +22,6 @@ global:
 
 replicaCount: 1
 
-
 # Created with
 # kubectl create secret generic regcred \
 # --from-file=.dockerconfigjson=/home/chaen/.docker/config.json \
@@ -35,40 +34,35 @@ nameOverride: ""
 fullnameOverride: ""
 
 serviceAccount:
-  # Specifies whether a service account should be created
+  # -- Specifies whether a service account should be created
   create: true
-  # Annotations to add to the service account
+  # -- Annotations to add to the service account
   annotations: {}
-  # The name of the service account to use.
+  # -- The name of the service account to use.
   # If not set and create is true, a name is generated using the fullname template
   name: ""
 
 podAnnotations: {}
 
-podSecurityContext: {}
+podSecurityContext:
+  {}
   # fsGroup: 2000
 
-securityContext: {}
+securityContext:
+  {}
   # capabilities:
   #   drop:
   #   - ALL
   # readOnlyRootFilesystem: true
   # runAsNonRoot: true
   # runAsUser: 1000
 
-
-
 #################
 
 # TODO: should only be present during install
-# SHould only init git
-# should be filed by run_demo or synced by admin
 init-cs:
-
   # Automatically initialize the repository in the CS volume
   enabled: true
-  # Users which should be automatically added to the CS
-  defaultUsers: []
 
 init-secrets:
   enabled: true
@@ -86,40 +80,38 @@ init-sql:
 
 developer:
   enabled: true
-  # Make it possible to launch the demo without having an internet connection
+  # -- Make it possible to launch the demo without having an internet connection
   offline: false
-  # URLs which can be used to access various components of the demo (diracx, minio, dex, etc)
+  # -- URLs which can be used to access various components of the demo (diracx, minio, dex, etc).
   # They are used by the diracx tests
   urls: {}
-  # Path from which to mount source of DIRACX
+  # -- Path from which to mount source of DIRACX
   sourcePath: /diracx_source
-  # List of packages which are mounted into developer.sourcePath and should be installed with pip install SOURCEPATH/...
+  # -- List of packages which are mounted into developer.sourcePath and should be installed with pip install SOURCEPATH/...
   mountedPythonModulesToInstall: []
-  # Use pip install -e for mountedPythonModulesToInstall
+  # -- Use pip install -e for mountedPythonModulesToInstall
   # This is used by the integration tests because editable install might behave differently
   editableMountedPythonModules: true
-  # List of node modules to install
+  # -- List of node modules to install
   nodeModuleToInstall: null
-  # Image to use for the webapp if nodeModuleToInstall is set
+  # -- Image to use for the webapp if nodeModuleToInstall is set
   nodeImage: node:16-alpine
-  # Enable collection of coverage reports (intended for CI usage only)
+  # -- Enable collection of coverage reports (intended for CI usage only)
   enableCoverage: false
-  # Enable automatic reloading inside uvicorn when the sources change
+  # -- Enable automatic reloading inside uvicorn when the sources change
   # Used by the integration tests for running closer to prod setup
   autoReload: true
-  # If set, mount the CS stored localy instead of initializing a default one
+  # -- If set, mount the CS stored localy instead of initializing a default one
   localCSPath: /local_cs_store
-  # The IP that the demo is running at
+  # -- The IP that the demo is running at
   ipAlias: null
 
 diracx:
-
-  # Required: The hostname where the webapp/API is running
-  # TODO: make sure that it gets documented and marked as required
-  # hostname:
-  # Settings to inject into the API container via environment variables
+  # -- Required: The hostname where the webapp/API is running
+  hostname: ""
+  # -- Settings to inject into the API container via environment variables
   settings:
-    # This corresponds to the basic dirac.cfg
+    # -- This corresponds to the basic dirac.cfg
     # which must be present on all the servers
     #TODO: autogenerate all of these
     DIRACX_CONFIG_BACKEND_URL: "git+file:///cs_store/initialRepo"
@@ -128,7 +120,7 @@ diracx:
   # Should DiracX include an init container which manages the OS DB indices?
   # TODO: move to pre-upgrade hook
   manageOSIndices: true
-  # Which DiracX MySQL DBs are used?
+
 
   # TODO:
   # If mysql is enabled, you are not allowed
@@ -148,16 +140,17 @@ diracx:
   #     - name: ProxyDB
   #       user: proxyUser
   #       password: hush
+  # -- Which DiracX MySQL DBs are used?
   mysqlDatabases:
     - AuthDB
     - JobDB
     - JobLoggingDB
     - SandboxMetadataDB
     - TaskQueueDB
-  # Which DiracX OpenSearch DBs are used?
+  # -- Which DiracX OpenSearch DBs are used?
   osDatabases:
     - JobParametersDB
-  # List of install specifications to pass to pip before launching each container
+  # -- List of install specifications to pass to pip before launching each container
   pythonModulesToInstall: []
   # Service
   service:
@@ -249,7 +242,6 @@ opensearch:
 
 ##########################
 
-
 minio:
   enabled: true
   service:
@@ -353,7 +345,8 @@ cert-manager-issuer:
 ##########################
 
 #TODO remove all that
-resources: {}
+resources:
+  {}
   # We usually recommend not to specify default resources and to leave this as a conscious
   # choice for the user. This also increases chances charts run on environments with little
   # resources, such as Minikube. If you do want to specify resources, uncomment the following