Skip to content

ServiceX Helm Chart Reference

The following table lists the configurable parameters of the ServiceX chart and their default values. Note that you may also wish to change some of the default parameters for the rabbitMQ or minio subcharts.

Parameter Description Default
secrets Name of a secret deployed into the cluster. Must follow example_secrets.yaml -
logging.logstash.enabled Enable remote logging true
logging.logstash.host Host running logstash listening for log data servicex.atlas-ml.org
logging.logstash.port Port to send logging to 5959
logging.logstash.protocol Protocol to be used (options are TCP and UDP) TCP
logging.logstash.monitor Link to be shown inside Monitor web page iframe UC Kibana dashboard
logging.logstash.logs Link to be shown inside Logs web page iframe UC Kibana dashboard
app.image ServiceX_App image name sslhep/servicex_app
app.allowedImagePrefixes A list of strings where each string is a prefix that custom Docker images must start with. Prefixes may include registry information (e.g., gitlab-registry.cern.ch/) or just image names (e.g., sslhep/) ["sslhep/", "gitlab-registry.cern.ch/"]
app.tag ServiceX image tag latest
app.logLevel Logging level for ServiceX web app (uses standard unix levels) WARNING
app.pullPolicy ServiceX image pull policy Always
app.checksImage ServiceX init container image for checks ncsa/checks:latest
app.rabbitmq.retries Number of times to retry connecting to RabbitMQ on startup 12
app.rabbitmq.retry_interval Number of seconds to wait between RabbitMQ retries on startup 10
app.replicas Number of App pods to start. Experimental! 1
app.auth Enable authentication or allow unfettered access (Python boolean string) false
app.oauthMetadataURL OpenID Connect provider well known configuration endpoint URL -
app.oauthClientID OpenID Connect application Client ID -
app.oauthClientSecret OpenID Connect application Client Secret -
app.adminEmail Email address for initial admin user admin@example.com
app.tokenExpires Seconds until the ServiceX API tokens (JWT refresh tokens) expire False (never)
app.authExpires Seconds until the JWT access tokens expire 21600 (six hours)
app.ingress.enabled Enable install of ingress false
app.ingress.class Class to be set in kubernetes.io/ingress.class annotation nginx
app.ingress.host Hostname to associate ingress with servicex.ssl-hep.org
app.ingress.defaultBackend Name of a service to send requests to internal endpoints to default-http-backend
app.ingress.tls.enabled Enable TLS for ServiceX API Ingress resource false
app.ingress.tls.secretName Name of TLS Secret used for ServiceX API server {{.Release.Name}}-app-tls
app.ingress.tls.clusterIssuer Specify a ClusterIssuer if using cert-manager -
app.resources Kubernetes pod resource spec for CPU and memory requests/limits 100m/256Mi requests, 1/1Gi limits
app.nodeSelector Kubernetes nodeSelector for app pod scheduling {}
app.tolerations Kubernetes tolerations for app pod scheduling []
app.affinity Kubernetes affinity rules for app pod scheduling {}
app.podAnnotations Additional annotations to add to app pods {}
app.slackSigningSecret Signing secret for Slack application -
app.newSignupWebhook Slack webhook URL for new signups -
app.mailgunApiKey API key to send Mailgun emails to newly approved users -
app.mailgunDomain Sender domain for emails (should be verified through Mailgun) -
app.defaultDIDFinderScheme DID Finder scheme if none provided in request. If left blank, template will attempt to guess. -
app.validateTransformerImage Should docker image name be validated at DockerHub? true
app.defaultUsers Name of secret holding json file with default users to create on deployment -
app.sqlalchemyEngineOptions String that will be interpreted as a Python dict, giving keyword arguments to the sqlalchemy.create_engine() function for the internal database. -
didFinder.rucio.enabled Should we deploy the Rucio DID Finder? true
didFinder.rucio.image Rucio DID Finder image name sslhep/servicex-did-finder
didFinder.rucio.tag Rucio DID Finder image tag latest
didFinder.rucio.pullPolicy Rucio DID Finder image pull policy Always
didFinder.rucio.site Site name to provide to Rucio to determine input replica locality -
didFinder.rucio.servicex_latitude Latitude of the computing center where ServiceX runs. Will be used by Rucio to return the closest input data replica. 41.78
didFinder.rucio.servicex_longitude Longitude of the computing center where ServiceX runs. Will be used by Rucio to return the closest input data replica. -87.7
didFinder.rucio.reportLogicalFiles For CMS xCache sites, we don't want the replicas, only logical names. Set to true to get this behavior false
didFinder.rucio.rucio_host URL for Rucio service to use https://voatlasrucio-server-prod.cern.ch:443
didFinder.rucio.auth_host URL to obtain Rucio authentication https://atlas-rucio-auth.cern.ch:443
didFinder.rucio.resources Kubernetes pod resource spec for CPU and memory requests/limits 100m/256Mi requests, 500m/1Gi limits
didFinder.rucio.nodeSelector Kubernetes nodeSelector for Rucio DID Finder pod scheduling {}
didFinder.rucio.tolerations Kubernetes tolerations for Rucio DID Finder pod scheduling []
didFinder.rucio.affinity Kubernetes affinity rules for Rucio DID Finder pod scheduling {}
didFinder.rucio.podAnnotations Additional annotations to add to Rucio DID Finder pods {}
didFinder.CERNOpenData.enabled Should we deploy the CERN OpenData DID Finder? true
didFinder.CERNOpenData.image CERN OpenData DID Finder image name sslhep/servicex-did-finder
didFinder.CERNOpenData.tag CERN OpenData DID Finder image tag latest
didFinder.CERNOpenData.pullPolicy CERN OpenData DID Finder image pull policy Always
didFinder.CERNOpenData.resources Kubernetes pod resource spec for CPU and memory requests/limits 100m/128Mi requests, 500m/512Mi limits
didFinder.CERNOpenData.nodeSelector Kubernetes nodeSelector for CERN OpenData DID Finder pod scheduling {}
didFinder.CERNOpenData.tolerations Kubernetes tolerations for CERN OpenData DID Finder pod scheduling []
didFinder.CERNOpenData.affinity Kubernetes affinity rules for CERN OpenData DID Finder pod scheduling {}
didFinder.CERNOpenData.podAnnotations Additional annotations to add to CERN OpenData DID Finder pods {}
didFinder.xrootd.enabled Should we deploy the XRootD DID Finder? true
didFinder.xrootd.image XRootD DID Finder image name sslhep/servicex-did-finder-xrootd
didFinder.xrootd.tag XRootD DID Finder image tag [chart release]
didFinder.xrootd.pullPolicy XRootD DID Finder image pull policy Always
didFinder.xrootd.resources Kubernetes pod resource spec for CPU and memory requests/limits 100m/128Mi requests, 500m/512Mi limits
didFinder.xrootd.nodeSelector Kubernetes nodeSelector for XRootD DID Finder pod scheduling {}
didFinder.xrootd.tolerations Kubernetes tolerations for XRootD DID Finder pod scheduling []
didFinder.xrootd.affinity Kubernetes affinity rules for XRootD DID Finder pod scheduling {}
didFinder.xrootd.podAnnotations Additional annotations to add to XRootD DID Finder pods {}
codeGen.<name>.enabled Deploy this code generator? true
codegen.uproot.image Code generator image sslhep/servicex_code_gen_func_adl_xaod
codegen.uproot.pullPolicy Uproot code generator image pull policy true
codegen.uproot.tag Code generator image tag develop
codegen.uproot.defaultScienceContainerImage The transformer image that should be run against this generated code sslhep/servicex_func_adl_xaod_transformer
codegen.uproot.defaultScienceContainerTag Tag for the transformer image that should be run against this generated code develop
codegen.uproot.enabled Deploy the uproot-raw (non-FuncADL) code generator? - also all of the code gen settings above are available true
codegen.cmssw-5-3-32.enabled Deploy the CMS AOD code generator? - also all of the code gen settings above are available true
codegen.atlasr21.enabled Deploy the ATLAS FuncADL Release 21 code generator? - also all of the code gen settings above are available true
codegen.atlasr22.enabled Deploy the ATLAS FuncADL Release 22 code generator? - also all of the code gen settings above are available true
codegen.python.enabled Deploy the python uproot code generator? - also all of the code gen settings, above are available true
codeGen.<name>.resources Kubernetes pod resource spec for CPU and memory requests/limits for each code generator 100m/256Mi requests, 500m/512Mi limits
codeGen.<name>.nodeSelector Kubernetes nodeSelector for code generator pod scheduling {}
codeGen.<name>.tolerations Kubernetes tolerations for code generator pod scheduling []
codeGen.<name>.affinity Kubernetes affinity rules for code generator pod scheduling {}
codeGen.<name>.podAnnotations Additional annotations to add to code generator pods {}
x509Secrets.image X509 Secret Service image name sslhep/x509-secrets
x509Secrets.tag X509 Secret Service image tag latest
x509Secrets.pullPolicy X509 Secret Service image pull policy Always
x509Secrets.vomsOrg Which VOMS org to contact for proxy? atlas
x509Secrets.initImage X509 Secret Service init container image alpine:3.6
x509Secrets.resources Kubernetes pod resource spec for CPU and memory requests/limits 50m/64Mi requests, 200m/256Mi limits
x509Secrets.nodeSelector Kubernetes nodeSelector for X509 Secrets pod scheduling {}
x509Secrets.tolerations Kubernetes tolerations for X509 Secrets pod scheduling []
x509Secrets.affinity Kubernetes affinity rules for X509 Secrets pod scheduling {}
x509Secrets.podAnnotations Additional annotations to add to X509 Secrets pods {}
rbacEnabled Specify if rbac is enabled in your cluster true
hostMount Optional path to mount in transformers as /data -
gridAccount CERN User account name to access Rucio -
noCerts Set to true to disable x509 certs and only use open data false
rabbitmq.password Override the generated RabbitMQ password leftfoot1
objectStore.enabled Deploy a minio object store with Servicex? true
objectStore.internal Deploy a captive minio instance with this chart? true
objectStore.publicURL What URL should the client use to download files? If set, this is given whether ingress is enabled or not nil
postgres.enabled Deploy a postgres database into cluster? If not, we use a sqllite db false
minio.auth.rootUser Username to log into minio miniouser
minio.auth.rootPassword Password key to log into minio leftfoot1
minio.apiIngress.enabled Should minio chart deploy an ingress to the service? false
minio.apiIngress.hostname Hostname associate with ingress controller nil
transformer.cachePrefix Prefix string to stick in front of file paths. Useful for XCache. If transformer.cacheVPSSite is also set, this will be ignored nil
transformer.cacheVPSSite Specify a Virtual Placement Service site whose XCaches we should use. Will update automatically if list changes. If set, takes priority over transformer.cachePrefix nil
transformer.cacheVPSCheckInterval How frequently should the Virtual Placement Service be consulted for the list of XCaches (in seconds) 1800
transformer.cacheVPSLivenessURL URL from which Virtual Placement Service site info can be obtained https://vps.cern.ch/liveness
transformer.autoscaler.enabled Enable/disable horizontal pod autoscaler for transformers True
transformer.autoscaler.cpuScaleThreshold CPU percentage threshold for pod scaling 30
transformer.autoscaler.minReplicas Minimum number of transformer pods per request 1
transformer.autoscaler.maxReplicas Maximum number of transformer pods per request 20
transformer.priorityClassName priorityClassName for transformer pods (Not setting it means getting global default) Not Set
transformer.nodeSelector Kubernetes nodeSelector for transformer pod scheduling {}
transformer.tolerations Kubernetes tolerations for transformer pod scheduling []
transformer.affinity Kubernetes affinity rules for transformer pod scheduling {}
transformer.podAnnotations Additional annotations to add to transformer pods {}
transformer.cpuLimit Set CPU resource limit for pod in number of cores 1
transformer.memoryLimit Set memory resource limit for pod (use Kubernetes units, e.g. the Kubernetes documentation) 2Gi
transformer.cpuRequest Set CPU resource request for pod in number of cores 500m
transformer.memoryRequest Set memory resource request for pod (use Kubernetes units, e.g. the Kubernetes documentation) 512Mi
transformer.sidecarImage Image name for the transformer sidecar container that hold the serviceX code 'sslhep/servicex_sidecar_transformer'
transformer.sidecarTag Tag for the sidecar container 'develop'
transformer.sidecarPullPolicy Pull Policy for the sidecar container 'IfNotPresent'
transformer.scienceContainerPullPolicy Pull Policy for the science container 'IfNotPresent'
transformer.persistence.existingClaim Existing persistent volume claim nil
transformer.subdir Subdirectory of the mount to write transformer results to (should end with trailing /) nil
scheduledTasks.image Default image for data lifecycle job python
scheduledTasks.tag Data lifecycle job image tag 3.10
scheduledTasks.pullPolicy Data lifecycle image pull policy IfNotPresent
scheduledTasks.resources Kubernetes pod resource spec for CPU and memory requests/limits 50m/64Mi requests, 200m/256Mi limits
scheduledTasks.nodeSelector Kubernetes nodeSelector for all scheduled task pods {}
scheduledTasks.tolerations Kubernetes tolerations for all scheduled task pods []
scheduledTasks.affinity Kubernetes affinity rules for all scheduled task pods {}
scheduledTasks.podAnnotations Additional annotations to add to all scheduled task pods {}
scheduledTasks.dataLifecycle.enabled Enable deployment of data lifecycle jobs (cleans up object store cache and archives old transforms) false
scheduledTasks.dataLifecycle.schedule Schedule for minioCleanup cronjob. See reference for details on fields 0 */8 * * * (every 8 hours)
scheduledTasks.dataLifecycle.retention We will archive any transforms older than this. Use the gnu date command --date argument. See date command for examples. 7 days ago
scheduledTasks.dataLifecycle.maxDesiredCacheSize If the server-side cache is larger than this cleanup service will keep going forward in time to delete transforms. Specify units as Mb Gb, Tb or Pb "1Tb"
scheduledTasks.datasetLifecycle.schedule Schedule for dataset cache cleanup cronjob, which obsoletes cached input file replica information. See reference for details on fields 0 * * * * (top of every hour)
scheduledTasks.datasetLifecycle.cacheLifetime Lifetime of dataset cache, in hours 24
scheduledTasks.kubernetesCleanup.enabled Run a job to clean up transformers and other Kubernetes resources older than a certain age true
scheduledTasks.kubernetesCleanup.schedule Schedule for Kubernetes resources cleanup job. See reference for details on fields 0 0 * * * (midnight)
scheduledTasks.kubernetesCleanup.maxAge Maximum age for Kubernetes resources, in hours 168