Fmi himan rosa

charts/fmi-himan/Chart.yaml

@@ -15,10 +15,13 @@ type: application
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 1.0.0
+version: 1.0.2
 
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to
 # follow Semantic Versioning. They should reflect the version the application is using.
 # It is recommended to use it with quotes.
 appVersion: "1.0.0"
+
+maintainers:
+  - name: osmundi

charts/fmi-himan/templates/buildconfig.yaml

@@ -53,4 +53,9 @@ spec:
   successfulBuildsHistoryLimit: 2
   triggers:
     - type: ConfigChange
+    - type: Generic
+      generic:
+        secretReference:
+          name: himan-build-trigger-secret
+        allowEnv: true
 {{- end }}

charts/fmi-himan/templates/job-template.yaml

@@ -10,18 +10,19 @@ objects:
 - apiVersion: batch/v1
   kind: Job
   metadata:
-    name: {{ .Release.Name }}-himan
+    name: ${RUN_IDENTIFIER}
   spec:
     parallelism: 1
     completions: 1
     backoffLimit: 0
+    ttlSecondsAfterFinished: 1500
     template:
       metadata:
         name: {{ .Release.Name }}-himan
         labels:
           app.kubernetes.io/name: {{ .Release.Name }}-himan
       spec:
-        activeDeadlineSeconds: ${{ "{{" }}TIMEOUT{{ "}}" }}
+        activeDeadlineSeconds: {{ printf "${{TIMEOUT}}" }}
         restartPolicy: Never
         containers:
         - command:
@@ -77,10 +78,14 @@ objects:
                  -H 'content-type: application/json' \
                  -H 'authorization: Bearer testitoken' \
                  -d "$payload" \
-                 http://$SNWC_ECFLOW_HTTP_SERVICE_HOST:$SNWC_ECFLOW_HTTP_SERVICE_PORT/v1/suites/$ECF_NAME/attributes
+                 {{- if .Values.ecflow.api.host }}
+                 {{ .Values.ecflow.api.host }}/v1/suites/${ECF_NAME}/attributes
+                 {{- else -}}
+                 http://$SNWC_ECFLOW_HTTP_SERVICE_HOST:$SNWC_ECFLOW_HTTP_SERVICE_PORT/v1/suites/${ECF_NAME}/attributes
+                 {{- end }}
             fi
           env:
-          {{ if .Values.s3.credentials.name }}
+          {{- if .Values.s3.credentials.name }}
           - name: S3_ACCESS_KEY_ID
             valueFrom:
               secretKeyRef:
@@ -129,15 +134,30 @@ objects:
             requests:
               cpu: ${CPU_REQUEST}
               memory: ${MEMORY_REQUEST}
-          {{- with .Values.volumeMounts }}
           volumeMounts:
+          {{- with .Values.volumeMounts }}
             {{- toYaml . | nindent 10 }}
           {{- end }}
+          {{ if eq .Values.cloud "aws" -}}
+          - name: secrets-store-inline
+            mountPath: {{ .Values.s3.credentials.storePath }}
+            readOnly: true
+          {{- end }}
         volumes:
         {{- with .Values.volumes }}
           {{- toYaml . | nindent 8 }}
         {{- end }}
+        {{ if eq .Values.cloud "aws" -}}
+        - name: secrets-store-inline
+          csi:
+            driver: secrets-store.csi.k8s.io
+            readOnly: true
+            volumeAttributes:
+              secretProviderClass: {{ .Release.Name }}-secrets
+        {{- end }}
 parameters:
+- description: Unique id for this run
+  name: RUN_IDENTIFIER
 - description: Configuration file name
   name: CONFIGURATION
 - description: Forecast analysis time, YYYY-MM-DD HH24:MI:SS (optional)

charts/fmi-himan/templates/secretstorage.yaml

@@ -0,0 +1,26 @@
+{{ if eq .Values.cloud "aws" -}}
+apiVersion: secrets-store.csi.x-k8s.io/v1
+kind: SecretProviderClass
+metadata:
+  name: {{ .Release.Name }}-secrets
+  namespace: {{ .Release.Namespace }}
+spec:
+  provider: aws
+  parameters:
+    objects: |
+      - objectName: {{ .Values.s3.credentials.name }}
+        objectType: secretsmanager
+        jmesPath:
+          - path: S3_ACCESS_KEY_ID
+            objectAlias: accessKey
+          - path: S3_SECRET_ACCESS_KEY
+            objectAlias: secretAccessKey
+  secretObjects: # map secrets from aws secret storage to kubernetes secrets
+  - data:
+    - key: S3_ACCESS_KEY_ID
+      objectName: accessKey
+    - key: S3_SECRET_ACCESS_KEY
+      objectName: secretAccessKey
+    secretName: {{ .Values.s3.credentials.name }}
+    type: Opaque
+{{- end }}

charts/fmi-himan/values.yaml

@@ -19,6 +19,7 @@ image:
 s3:
   credentials:
     name:
+    storePath: /mnt/secretstore
 
 radon:
   databaseName: radon
@@ -35,6 +36,10 @@ resources:
     cpu: "1"
     memory: 1Gi
 
+ecflow:
+  api:
+    host:
+
 volumes: []
 
 volumeMounts: []