Sorting out the weekly cronjob for pvc auto deletion, also adding someting to value yaml to turn it off

Author: Alexj9837

helm/blueapi/README.md

@@ -32,6 +32,7 @@ A Helm chart deploying a worker pod that runs Bluesky plans
 | podAnnotations | object | `{}` |  |
 | podLabels | object | `{}` |  |
 | podSecurityContext | object | `{}` |  |
+| pvcautodeletion.enabled | bool | `true` |  |
 | readinessProbe | object | `{"failureThreshold":2,"httpGet":{"path":"/healthz","port":"http"},"periodSeconds":10}` | Readiness probe, if configured kubernetes will not route traffic to this pod if failed consecutively. This could allow the service time to recover if it is being overwhelmed by traffic, but without the to ability to load balance or scale up/outwards, upstream services will need to know to back off. This is automatically disabled when in debug mode. |
 | resources | object | `{"limits":{"cpu":"2000m","memory":"4000Mi"},"requests":{"cpu":"200m","memory":"400Mi"}}` | Sets the compute resources available to the pod. These defaults are appropriate when using debug mode or an internal PVC and therefore running VS Code server in the pod. In the Diamond cluster, requests must be >= 0.1*limits When not using either of the above, the limits may be lowered. When idle but connected, blueapi consumes ~400MB of memory and 1% cpu and may struggle when allocated less. |
 | restartOnConfigChange | bool | `true` | If enabled the blueapi pod will restart on changes to `worker` |

helm/blueapi/templates/configmap.yaml

@@ -46,3 +46,15 @@ data:
   time-stamper.sh: |-
 {{ $files.Get "files/scripts/time-stamper.sh" | indent 4 }}
 {{- end }}
+
+---
+{{- if .Values.pvcautodeletion.enabled }}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name : {{include "blueapi.fullname" . }}-pvc-autodeletion-script
+data:
+  {{- $files := .Files }}
+  pvc-deletion.sh: |-
+{{ $files.Get "files/scripts/pvc-deletion.sh" | indent 4 }}
+{{- end }}

helm/blueapi/templates/cronjob.yaml

@@ -45,7 +45,7 @@ spec:
     spec:
       # amount of attempts of labeling a pvc
       backoffLimit: 3
-      # job stops after 60 secounds
+      # job stops after 60 seconds
       activeDeadlineSeconds: 60
       template:
         spec:
@@ -77,3 +77,83 @@ spec:
             command: ["/scripts/time-stamper.sh"]
           restartPolicy: OnFailure
 {{- end }}
+
+{{- if .Values.pvcautodeletion.enabled }}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ include "blueapi.fullname" . }}-pvcautodeletion
+  namespace: {{ .Release.Namespace }}
+automountServiceAccountToken: true
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ include "blueapi.fullname" . }}-pvcautodeletion
+  namespace: {{ .Release.Namespace }}
+rules:
+- apiGroups: [""]
+  resources: ["pods", "persistentvolumeclaims"]
+  verbs: ["get", "list", "patch"]
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ include "blueapi.fullname" . }}-pvcautodeletion
+  namespace: {{ .Release.Namespace }}
+subjects:
+- kind: ServiceAccount
+  name: {{ include "blueapi.fullname" . }}-pvcautodeletion
+  namespace: {{ .Release.Namespace }}
+roleRef:
+  kind: Role
+  name: {{ include "blueapi.fullname" . }}-pvcautodeletion
+  apiGroup: rbac.authorization.k8s.io
+---
+apiVersion: batch/v1
+kind: CronJob
+metadata:
+  name: {{ include "blueapi.fullname" . }}-pvcautodeletion
+  namespace: {{ .Release.Namespace }}
+spec:
+  concurrencyPolicy: Forbid
+  successfulJobsHistoryLimit: 3
+  failedJobsHistoryLimit: 1
+  schedule: "@weekly"
+
+  jobTemplate:
+    spec:
+      # amount of attempts of labeling a pvc
+      backoffLimit: 3
+      # job stops after 300 seconds
+      activeDeadlineSeconds: 300
+      template:
+        spec:
+          serviceAccountName: {{ include "blueapi.fullname" . }}-pvcautodeletion
+          {{- with .Values.tolerations }}
+          tolerations:
+            {{- toYaml . | nindent 12 }}
+          {{- end }}
+
+          volumes:
+            - name : {{include "blueapi.fullname" . }}-pvc-autodeletion-script
+              configMap:
+                name: {{include "blueapi.fullname" . }}-pvc-autodeletion-script
+                defaultMode: 0555
+
+
+          containers:
+          - name: pvcautodeletion
+            env:
+              - name: RELEASE_NAME
+                value: {{ .Release.Name }}
+              - name: RELEASE_NAMESPACE
+                value: {{ .Release.Namespace }}
+            volumeMounts:
+              - name: {{include "blueapi.fullname" . }}-pvc-autodeletion-script
+                mountPath: /scripts
+            image: bitnami/kubectl:latest
+            imagePullPolicy: IfNotPresent
+            command: ["/scripts/pvc-deletion.sh"]
+          restartPolicy: OnFailure
+{{- end }}

helm/blueapi/values.schema.json

@@ -174,6 +174,14 @@
         "podSecurityContext": {
             "type": "object"
         },
+        "pvcautodeletion": {
+            "type": "object",
+            "properties": {
+                "enabled": {
+                    "type": "boolean"
+                }
+            }
+        },
         "readinessProbe": {
             "description": "Readiness probe, if configured kubernetes will not route traffic to this pod if failed consecutively. This could allow the service time to recover if it is being overwhelmed by traffic, but without the to ability to load balance or scale up/outwards, upstream services will need to know to back off. This is automatically disabled when in debug mode.",
             "type": "object",

helm/blueapi/values.yaml

@@ -227,6 +227,9 @@ initContainer:
 timeStampCron:
   enabled: true
 
+pvcautodeletion:
+  enabled: true
+
 debug:
   # -- If enabled, runs debugpy, allowing port-forwarding to expose port 5678 or attached vscode instance
   enabled: false