feat: add last-used-stamper cronjob

Author: Alexj9837

helm/blueapi/templates/configmap.yaml

@@ -31,6 +31,31 @@ data:
   init_config.yaml: |-
     scratch:
       {{- toYaml .Values.worker.scratch | nindent 6 }}
+
+---    
 {{- end }}
 
----
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name : {{include "blueapi.fullname" . }}-pvc-stamper-script
+data:
+  time-stamper.sh: |
+    #!/bin/sh
+    # Get PVCs belonging to this blueapi release
+    ALL_PVC=$(kubectl get pvc -n {{ .Release.Namespace }} \
+      -o jsonpath='{.items[*].metadata.name}' | tr ' ' '\n' | \
+      grep "^{{ .Release.Name }}-scratch-")
+    # Get all PVCs currently mounted by running pods
+    MOUNTED_PVCS=$(kubectl get pods -n {{ .Release.Namespace }} \
+      -o=jsonpath='{.items[*].spec.volumes[*].persistentVolumeClaim.claimName}' | tr ' ' '\n' | sort -u)
+    NOW=$(date +%s)
+    #loop through all the pvcs annotating ones thare are mounted or lack a last-used stamp
+    for pvc in $ALL_PVC; do
+      ANNOTATION=$(kubectl get pvc "$pvc" -n {{ .Release.Namespace }} -o=jsonpath='{.metadata.annotations.last-used}')
+      if [ -z "$ANNOTATION" ]; then
+        kubectl annotate --overwrite pvc "$pvc" -n {{ .Release.Namespace }} last-used="$NOW"
+      elif echo "$MOUNTED_PVCS" | grep -qx "$pvc"; then
+        kubectl annotate --overwrite pvc "$pvc" -n {{ .Release.Namespace }} last-used="$NOW"
+      fi
+    done

helm/blueapi/templates/cronjob.yaml

@@ -0,0 +1,72 @@
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ include "blueapi.fullname" . }}-last-used-stamper
+  namespace: {{ .Release.Namespace }}
+automountServiceAccountToken: true
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ include "blueapi.fullname" . }}-last-used-stamper
+  namespace: {{ .Release.Namespace }}
+rules:
+- apiGroups: [""]
+  resources: ["pods", "persistentvolumeclaims"]
+  verbs: ["get", "list", "patch"]
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ include "blueapi.fullname" . }}-last-used-stamper
+  namespace: {{ .Release.Namespace }}
+subjects:
+- kind: ServiceAccount
+  name: {{ include "blueapi.fullname" . }}-last-used-stamper
+  namespace: {{ .Release.Namespace }}
+roleRef:
+  kind: Role
+  name: {{ include "blueapi.fullname" . }}-last-used-stamper
+  apiGroup: rbac.authorization.k8s.io
+---
+apiVersion: batch/v1
+kind: CronJob
+metadata:
+  name: {{ include "blueapi.fullname" . }}-last-used-stamper
+  namespace: {{ .Release.Namespace }}
+spec:
+  concurrencyPolicy: Forbid
+  successfulJobsHistoryLimit: 3
+  failedJobsHistoryLimit: 1
+  schedule: "*/5 * * * *"
+
+  jobTemplate:
+    spec:
+      # amount of attempts of labeling a pvc
+      backoffLimit: 3
+      # job stops after 60 secounds
+      activeDeadlineSeconds: 60
+      template:
+        spec:
+          serviceAccountName: {{ include "blueapi.fullname" . }}-last-used-stamper
+          {{- with .Values.tolerations }}
+          tolerations:
+            {{- toYaml . | nindent 12 }}
+          {{- end }}
+
+          volumes:
+            - name : {{include "blueapi.fullname" . }}-pvc-stamper-script
+              configMap:
+                name: {{include "blueapi.fullname" . }}-pvc-stamper-script
+                defaultMode: 0555
+
+
+          containers:
+          - name: last-used-stamper
+            volumeMounts:
+              - name: {{include "blueapi.fullname" . }}-pvc-stamper-script
+                mountPath: /scripts
+            image: bitnami/kubectl:latest
+            imagePullPolicy: IfNotPresent
+            command: ["/scripts/time-stamper.sh"]
+          restartPolicy: OnFailure