Removes unused values from helm chart

supported/osg-htc/osg-hosted-ce/Chart.yaml

@@ -3,4 +3,4 @@ apiVersion: v1
 appVersion: "V5-branch"
 description: OSG Hosted Compute Entrypoint
 name: osg-hosted-ce
-version: 4.6.3
+version: 4.7.0

supported/osg-htc/osg-hosted-ce/README.md

@@ -242,12 +242,6 @@ To avoid these rate limits, it's possible to bootstrap the certificate request p
 
         slate secret create <YOUR HOST KEY SECRET NAME> --cluster <YOUR CLUSTER> --group <YOUR GROUP> --from-file host.key=<PATH TO KEYFILE>
 
-1.  Update your values file to use the host key secret that you've created:
-
-        HostCredentials:
-          HostKeySecret: <YOUR HOST KEY SECRET NAME>
-          HostCertSecret: null
-
 1.  Upon successful startup of the Hosted CE app, the Let's Encrypt host certificate can be found in the instance logs:
 
         slate instance logs <YOUR INSTANCE NAME> --container osg-hosted-ce --max-lines 0
@@ -258,12 +252,6 @@ To avoid these rate limits, it's possible to bootstrap the certificate request p
 
         slate secret create <YOUR HOST CERT SECRET NAME> --cluster <YOUR CLUSTER> --group <YOUR GROUP> --from-file host.cert=<PATH TO CERT FILE>
 
-1.  Update your values file to use the host key secret that you've created:
-
-        HostCredentials:
-          HostKeySecret: <YOUR HOST KEY SECRET NAME>
-          HostCertSecret: <YOUR HOST CERT SECRET NAME>
-
 ### Developer 
 Simply disable this. It is in place for the purpose of OSG Internal Testbed hosts, and is not intended for use with production CEs.
 
@@ -329,8 +317,7 @@ BoscoOverrides:
   GitKeySecret: null
 
 HostCredentials:
-  HostKeySecret: null
-  HostCertSecret: null
+  HostCertKeySecret: null
 
 Developer:
   Enabled: false

supported/osg-htc/osg-hosted-ce/templates/_helpers.tpl

@@ -20,10 +20,6 @@ If release name contains chart name it will be used as a full name.
 {{- end -}}
 {{- end -}}
 
-{{- define "namespace" -}}
-{{- .Release.Namespace | trimPrefix "slate-vo-" | printf " %s" -}}
-{{- end -}}
-
 {{/*
 Create chart name and version as used by the chart label.
 */}}

supported/osg-htc/osg-hosted-ce/templates/configmap.yaml

@@ -72,7 +72,8 @@ data:
 {{ end }}
 
     SLATE_HOSTED_CE = True
-    SCHEDD_ATTRS = $(SCHEDD_ATTRS) SLATE_HOSTED_CE
+    OSG_HOSTED_CE = True
+    SCHEDD_ATTRS = $(SCHEDD_ATTRS) SLATE_HOSTED_CE OSG_HOSTED_CE
 
     # Templatize IDTOKEN generation for glidein -> CE collector advertising (SOFTWARE-5556)
     {{- range $index, $map := .Values.SciTokenRemoteUserMapping }}
@@ -136,15 +137,15 @@ data:
 apiVersion: v1
 kind: ConfigMap
 metadata:
-  name: osg-hosted-ce-{{ .Values.Instance }}-slate-scitokens
+  name: osg-hosted-ce-{{ .Values.Instance }}-scitokens
   labels:
     app: osg-hosted-ce
     instance: {{ .Values.Instance }}
     release: {{ .Release.Name }}
     app.kubernetes.io/part-of: {{ .Chart.Name }}
     app.kubernetes.io/instance: {{ .Release.Name }}
 data:
-  50-slate-scitokens.conf: |+
+  50-scitokens.conf: |+
     {{- range $index, $map := .Values.SciTokenRemoteUserMapping }}
     {{- range $url, $user := $map }}
     SCITOKENS /^{{ $url | replace "/" "\\/" | replace "." "\\." | replace "-" "\\-" }}{{ if not ( $url | contains "," ) }},{{ end }}/ {{ $user }}

supported/osg-htc/osg-hosted-ce/templates/deployment.yaml

@@ -6,7 +6,6 @@ metadata:
     app: {{ template "osg-hosted-ce.name" . }}
     release: {{ .Release.Name }}
     instance: {{ .Values.Instance }}
-    instanceID: {{ .Values.SLATE.Instance.ID | quote  }}
     app.kubernetes.io/part-of: {{ .Chart.Name }}
     app.kubernetes.io/instance: {{ .Release.Name }}
 spec:
@@ -47,9 +46,9 @@ spec:
       - name: osg-hosted-ce-{{ .Values.Instance }}-htcondor-ce-configuration
         configMap:
           name: osg-hosted-ce-{{ .Values.Instance }}-htcondor-ce-configuration
-      - name: osg-hosted-ce-{{ .Values.Instance }}-slate-scitokens
+      - name: osg-hosted-ce-{{ .Values.Instance }}-scitokens
         configMap:
-          name: osg-hosted-ce-{{ .Values.Instance }}-slate-scitokens
+          name: osg-hosted-ce-{{ .Values.Instance }}-scitokens
       - name: bosco-ssh-private-key-volume
         secret: 
           secretName: {{ .Values.RemoteCluster.PrivateKeySecret }}
@@ -82,25 +81,6 @@ spec:
           - key: tls.key
             path: hostkey.pem
             mode: 0o400
-      {{ else }}
-      {{ if and .Values.HostCredentials.HostCertSecret .Values.HostCredentials.HostKeySecret }}
-      - name: osg-hosted-ce-hostcert-volume
-        secret:
-          secretName: {{ .Values.HostCredentials.HostCertSecret }}
-          items:
-            - key: host.cert
-              path: hostcert.pem
-              mode: 256
-      {{ end }}
-      {{ if .Values.HostCredentials.HostKeySecret }}
-      - name: osg-hosted-ce-hostkey-volume
-        secret:
-          secretName: {{ .Values.HostCredentials.HostKeySecret }}
-          items:
-            - key: host.key
-              path: hostkey.pem
-              mode: 256
-      {{ end }}
       {{ end }}
       {{ if .Values.BoscoOverrides.Enabled }}
       {{ if .Values.BoscoOverrides.GitKeySecret }}
@@ -152,17 +132,6 @@ spec:
         {{ if .Values.HostCredentials.HostCertKeySecret }}
         - name: osg-hosted-ce-hostcertkey-volume
           mountPath: /etc/grid-security-orig.d
-        {{ else }}
-        {{ if and .Values.HostCredentials.HostCertSecret .Values.HostCredentials.HostKeySecret }}
-        - name: osg-hosted-ce-hostcert-volume
-          mountPath: /etc/grid-security/hostcert.pem
-          subPath: hostcert.pem
-        {{ end }}
-        {{ if .Values.HostCredentials.HostKeySecret }}
-        - name: osg-hosted-ce-hostkey-volume
-          mountPath: /etc/grid-security/hostkey.pem
-          subPath: hostkey.pem
-        {{ end }}
         {{ end }}
         {{ if .Values.Persistence.LogVolume}}
         - name: log-volume
@@ -176,21 +145,14 @@ spec:
         {{ end }}
         {{ end }}
         {{ if .Values.SciTokenRemoteUserMapping }}
-        - name: osg-hosted-ce-{{ .Values.Instance }}-slate-scitokens
-          mountPath: /etc/condor-ce/mapfiles.d/50-slate-scitokens.conf
-          subPath: 50-slate-scitokens.conf
+        - name: osg-hosted-ce-{{ .Values.Instance }}-scitokens
+          mountPath: /etc/condor-ce/mapfiles.d/50-scitokens.conf
+          subPath: 50-scitokens.conf
         {{ end }}
         ports:
         - name: htcondor-ce
           containerPort: 9619
           protocol: TCP
-        {{ if or .Values.Dashboard.Enabled
-                 ( and (not .Values.HostCredentials.HostCertKeySecret)
-                       (not .Values.HostCredentials.HostCertSecret) ) }}
-        - name: http # needed to get a cert issued from Let's Encrypt
-          containerPort: 80
-          protocol: TCP
-        {{ end }}
         env:
         {{ if eq .Values.Networking.ServiceType "HostNetwork" }}
         - name: _CONDOR_NETWORK_HOSTNAME
@@ -215,10 +177,6 @@ spec:
           {{ else }}
           value: "false"
           {{ end }}
-        {{ if .Values.Dashboard.Enabled }}
-        - name: ENABLE_CE_VIEW
-          value: "true"
-        {{ end }}
         {{ if .Values.Debug.ContinueOnError }}
         - name: HOSTED_CE_CONTINUE_ON_ERROR
           value: "true"

supported/osg-htc/osg-hosted-ce/templates/networkpolicy.yaml

@@ -13,11 +13,5 @@ spec:
   - ports:
     - protocol: TCP
       port: 9619
-    {{ if or .Values.Dashboard.Enabled
-             ( and (not .Values.HostCredentials.HostCertKeySecret)
-                   (not .Values.HostCredentials.HostCertSecret) ) }}
-    - protocol: TCP
-      port: 80
-    {{ end }}
   egress:
   - {}

supported/osg-htc/osg-hosted-ce/templates/service.yaml

@@ -22,14 +22,6 @@ spec:
     port: 9619
     targetPort: htcondor-ce
     protocol: TCP
-  {{ if or .Values.Dashboard.Enabled
-           ( and (not .Values.HostCredentials.HostCertKeySecret)
-                 (not .Values.HostCredentials.HostCertSecret) ) }}
-  - name: http  # needed to get a cert issued from Let's Encrypt (since the admin's not supplying a cert/key as a secret)
-    port: 80
-    targetPort: http
-    protocol: TCP
-  {{ end }}
   {{ if .Values.Networking.RequestIP }}
   loadBalancerIP: {{ .Values.Networking.RequestIP }}
   {{ end }}

supported/osg-htc/osg-hosted-ce/values.yaml

@@ -27,7 +27,7 @@ RemoteCluster:
   #    login04.osgconnect.net ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCqsciY/FmcH6yedW7DxbTwLjkwlgVcbcG43QwdaSvMuN5EHAeLRH2P6ig3H6s/4hZqJn7AU2oNsoIqjZZ8iHqGyiTB9r70Aovt9PUuQXw5qHvYiIoyw49/waJ+yzu4+UD3qfnxeHuRw5EOaXia72MNJJ4lBMoS6iw1JveFJY4rBgKZ7nta1eAGGfHADsf5lfhlIXnJPN050X6zcUjqEEKXjdUkFa3wDiVbFEIESCMwi1b6Q1OXGGFwuSNse1X38CREBzQ+NjOB97o70chZoh2jZ2O3iZZZbujYcDzpxF3RxmewFC3pDmkoOpJrfV2W58n1KdJJnyvjlqEZGXCXcAlB
   #    login04.osgconnect.net ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBCnySArMSVd0O3UniYN4vX3a/d9d9mEMnrf2z1S900t0GrxVazVGu3ObeLfWwYRc3qFXNRPGh3mKcz5QVG6gcm4=
   #    login04.osgconnect.net ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJBW6weAaFSdLYksn4vIvqt4+geNVQ/bUvp71kTeQsKV
-  # SLATE secret with 'bosco.key' containing the SSH key to access LoginHost:
+  # Secret with 'bosco.key' containing the SSH key to access LoginHost:
   PrivateKeySecret: lincolnb-bosco
   # Secret containing a signed certificate (required by some sites)
   # See CertificateFile in `man ssh_config`
@@ -144,9 +144,7 @@ SciTokenRemoteUserMapping:
 #   max_wall_time = 34560
 #   queue = opportunistic
 
-# Enable persistence to HostedCE files by creating corresponding SLATE Volumes
-# SLATE Creates a PVC in Kubernetes which can be reclaimed on restart
-# The value for each volume should correspond to the volume name within SLATE
+# Enable persistence to HostedCE files by creating corresponding Volumes
 Persistence:
   # /var/log/condor-ce
   LogVolume: null 
@@ -160,8 +158,9 @@ Persistence:
 BoscoOverrides:
   Enabled: false
   BoscoOverrideDir: null
-  GitEndpoint: https://github.com/slateci/bosco-override-template
-  # If GitEndpoint requires authentication, create a SLATE secret with
+  GitEndpoint: [email protected]:opensciencegrid/hosted-ce-config.git
+  RepoNeedsPrivKey: true
+  # If GitEndpoint requires authentication, create a secret with
   # 'git.key' containing the private SSH key that can access
   # it. Specify the name of the secret in GitKeySecret:
   GitKeySecret: null
@@ -188,28 +187,13 @@ ServiceAnnotations: {}
 
 HostCredentials:
   # Name of the secret containing a host key and certificate in
-  # "tls.key" and "tls.crt", respectively. If defined, values of
-  # HostCertSecret and HostKeySecret are ignored.
+  # "tls.key" and "tls.crt", respectively. 
   HostCertKeySecret: null
-  # Use a pre-existing host key to request a new Let's Encrypt
-  # certificate If HostCertSecret is also specified, the Let's Encrypt
-  # request is skipped.  Secret must contain a "host.key" key
-  # containing the encoded host key.
-  HostKeySecret: null
-  # Use a pre-existing host certificate instead of requesting a new
-  # Let'S Encrypt certificate. If HostKeySecret is not specified, a
-  # new Let's Encrypt certificate and key are requested anyway.
-  # Secret must contain a "host.cert" containing the encoded host
-  # certificate.
-  HostCertSecret: null
   # If set to 'true', use the Let's Encrypt staging server. This is
   # useful for avoiding Let's Encrypt rate limits when first setting
   # up a CE. NOT SUITABLE FOR PRODUCTION USE.
   LetsEncryptStaging: false
 
-Dashboard:
-  Enabled: false
-
 # Choose which tag to use for the specified containers
 ContainerTags:
   HostedCE: release
@@ -225,9 +209,3 @@ Debug:
 # - Generates a test CA and self-signed host cert/key pair
 Developer:
   Enabled: false
-
-### SLATE-START ###
-SLATE:
-  Instance:
-    ID: "untagged"
-### SLATE-END ###