SciDx Remote Execution v0.0.8 GitHub ↗
Helm Chart

R-Exec Helm Chart

The rexec-stack chart deploys the full Rexec server-side stack — broker, deploy API, and NDP Endpoint API — as a single Helm release with three managed subcharts.

Quick Install Values Reference

Quick Install

1

Add the Helm repo

helm repo add rexec https://sci-ndp.github.io/rexec
helm repo update
2

Download the values template

Download the annotated template, fill in your values, then pass it to helm install.

Download my-values.yaml template
3

Edit my-values.yaml — minimum required fields

global:
  authApiUrl: https://idp-test.nationaldataplatform.org/temp/information

rexec-server-deployment-api:
  ingress:
    hosts:
      - host: your-domain.example.org
        paths: [{path: /rexec, pathType: Prefix}]

ndp-ep-api:
  ingress:
    host: your-domain.example.org
  env:
    ORGANIZATION: "Your Organization"
    EP_NAME: "Your Endpoint Name"
    REXEC_CONNECTION: True
    REXEC_DEPLOYMENT_API_URL: https://your-domain.example.org/rexec
4

Install

helm upgrade --install rexec rexec/rexec-stack \
  -f my-values.yaml \
  -n rexec --create-namespace

Chart Information

FieldValue
namerexec-stack
version0.0.8
appVersion0.1.0
apiVersionv2
typeapplication
repo URLhttps://sci-ndp.github.io/rexec
sourcehelm/rexec/ ↗

Subcharts

The umbrella chart manages three subcharts. Each can be independently enabled or disabled.

Subchart nameAliasEnable keyVersion
rexec-brokerrexec-broker.enabled0.1.0
rexec-server-deployment-apirexec-server-deployment-apirexec-server-deployment-api.enabled0.1.0
ndp-ep-apindp-ep-apindp-ep-api.enabled0.1.0

Values: global.*

Global values are passed down to all subcharts.

KeyDefaultDescription
global.authApiUrlhttps://idp-test…Identity provider URL used by all three components to validate Bearer tokens.
global.enableGroupBasedAccessfalseEnable group-based ACL on write operations (Deploy API + NDP EP API).
global.groupNames/ndp_ep/ep-***Comma-separated allowed group names. Only used when ACL is enabled.

Values: rexec-broker.*

KeyDefaultDescription
rexec-broker.enabledtrueDeploy the broker subchart.
rexec-broker.replicaCount1Number of broker pod replicas.
rexec-broker.service.external.clientNodePort30001NodePort for client ZMQ connections.
rexec-broker.service.external.controlNodePort30002NodePort for control/management.

Values: rexec-server-deployment-api.*

KeyDefaultDescription
…enabledtrueDeploy the server deployment API subchart.
…ingress.enabledtrueCreate an Ingress resource.
…ingress.className""Ingress class (e.g., nginx).
…ingress.hosts[].host""Hostname for the Ingress rule.
…ingress.hosts[].paths[].path/rexecURL path prefix.
…env.rexecServerNamespacePrefixrexec-server-Namespace prefix for spawned server pods.
…env.rootPath/rexecFastAPI root path (must match ingress path).

Values: ndp-ep-api.*

KeyDefaultDescription
ndp-ep-api.enabledtrueDeploy the NDP Endpoint API subchart.
ndp-ep-api.resources.limits.memory512MiMemory limit for the EP API pod.
ndp-ep-api.resources.limits.cpu500mCPU limit.
ndp-ep-api.resources.requests.memory256MiMemory request.
ndp-ep-api.resources.requests.cpu250mCPU request.
ndp-ep-api.ingress.enabledtrueCreate an Ingress resource.
ndp-ep-api.ingress.className""Ingress class.
ndp-ep-api.ingress.host""Hostname.
ndp-ep-api.ingress.path/apiURL path prefix.
ndp-ep-api.rootPath.enabledtrueEnable FastAPI root_path (must match ingress path).
ndp-ep-api.rootPath.value/apiFastAPI root_path value.

Values: ndp-ep-api.env.*

These map directly to environment variables for the NDP Endpoint API container.

KeyRequiredDescription
ORGANIZATIONRequiredYour organization name displayed in the endpoint metadata.
EP_NAMERequiredYour endpoint's human-readable name.
METRICS_INTERVAL_SECONDSOptionalInterval for metrics reporting (default: 3300).
METRICS_ENDPOINTOptionalFederation metrics collection URL.
KeyDefaultDescription
LOCAL_CATALOG_BACKENDckanckan or mongodb — backend for local dataset catalog.
CKAN_LOCAL_ENABLEDFalseEnable write operations (POST/PUT/DELETE) to local catalog.
CKAN_URL""Your CKAN instance URL (only for CKAN backend).
CKAN_API_KEY""CKAN API key for authentication.
MONGODB_CONNECTION_STRINGmongodb://admin:…MongoDB connection string (only for MongoDB backend).
MONGODB_DATABASEndp_local_catalogMongoDB database name.
PRE_CKAN_ENABLEDFalseEnable Pre-CKAN instance access.
PRE_CKAN_URL""Pre-CKAN URL.
KeyDefaultDescription
REXEC_CONNECTIONTrueEnable Rexec integration. Set to True to enable remote execution.
REXEC_DEPLOYMENT_API_URL""Public URL of the Rexec Deploy API (the /rexec ingress endpoint).
KeyDefaultDescription
KAFKA_CONNECTIONFalseEnable Kafka streaming support.
KAFKA_HOST""Kafka broker hostname.
KAFKA_PORT""Kafka broker port.
S3_ENABLEDFalseEnable S3-compatible storage.
S3_ENDPOINTminio:9000S3 endpoint (host:port).
S3_ACCESS_KEYminioadminS3 access key.
S3_SECRET_KEYminioadmin123S3 secret key.
S3_SECUREFalseUse TLS for S3 connection.
PELICAN_ENABLEDFalseEnable Pelican federation access (OSDF, etc.).
PELICAN_FEDERATION_URL""Pelican federation URL.
USE_JUPYTERLABFalseEnable JupyterLab integration.
JUPYTER_URL""JupyterLab instance URL.
TEST_TOKEN""Test token for development (leave blank in production).

Upgrade

# Pull latest chart version
helm repo update

# Upgrade in-place (preserves existing release name and namespace)
helm upgrade rexec rexec/rexec-stack \
  -f my-values.yaml \
  -n rexec
⚠️
Check the changelog before upgrading. Minor version bumps may change default values. Always diff your values file against the latest my-values.yaml template after updating the repo.

Uninstall

helm uninstall rexec -n rexec
# Optionally remove the namespacekubectl delete namespace rexec

Debugging

# Render chart manifests without installing (dry run)
helm template rexec rexec/rexec-stack -f my-values.yaml --debug

# Validate values against the chart schema
helm lint rexec/rexec-stack -f my-values.yaml

# Check release status
helm status rexec -n rexec

# Get computed values for a live release
helm get values rexec -n rexec

# Full manifest of what was deployed
helm get manifest rexec -n rexec