cloud-automation icon indicating copy to clipboard operation
cloud-automation copied to clipboard

Published 20 hours ago verified publisher icon uc-cdis

IRSA Changes

Open EliseCastle23 opened this issue 10 months ago • 0 comments

Improvements

These are the changes necessary for the "batch-export" sower job to run with IRSA instead of AWS keys. Also, the batch-export job will no longer rely on the config.json file. Instead, it will automatically create a batch-export-g3auto configmap that contains the bucket name. This bucket name will then be passed into the export job as an environment variable.

Deployment changes

Manifest.json files MUST be changed to use the new "batch-export-sa" service account and the "BUCKET" environment variable must be set to the batch-export-g3auto secret with the "bucket_name" key. You also no longer need to mount the batch-export-g3auto secret as this is now deprecated (it is replaced by the batch-export-g3auto configmap).

      - name: BUCKET
        valueFrom:
           configMapKeyRef:
            name: batch-export-sa
            key: bucket_name

Remove the following:   
       "volumeMounts": [
          {
            "name": "batch-export-creds-volume",
            "readOnly": true,
            "mountPath": "/batch-export-creds.json",
            "subPath": "config.json"
          }
        ],
      },
      "volumes": [
        {
          "name": "batch-export-creds-volume",
          "secret": {
            "secretName": "batch-export-g3auto"
          }
        }
      ],

EliseCastle23 avatar Apr 24 '24 22:04 EliseCastle23