search

uc-cdis / cloud-automation

Automation for standing up Gen3 commons
Apache License 2.0
41 stars 67 forks source link

IRSA Changes #2531

Open EliseCastle23 opened 4 months ago

EliseCastle23 commented 4 months ago

Improvements

These are the changes necessary for the "batch-export" sower job to run with IRSA instead of AWS keys. Also, the batch-export job will no longer rely on the config.json file. Instead, it will automatically create a batch-export-g3auto configmap that contains the bucket name. This bucket name will then be passed into the export job as an environment variable.

Deployment changes

Manifest.json files MUST be changed to use the new "batch-export-sa" service account and the "BUCKET" environment variable must be set to the batch-export-g3auto secret with the "bucket_name" key. You also no longer need to mount the batch-export-g3auto secret as this is now deprecated (it is replaced by the batch-export-g3auto configmap). 

      - name: BUCKET
        valueFrom:
           configMapKeyRef:
            name: batch-export-sa
            key: bucket_name

Remove the following:   
       "volumeMounts": [
          {
            "name": "batch-export-creds-volume",
            "readOnly": true,
            "mountPath": "/batch-export-creds.json",
            "subPath": "config.json"
          }
        ],
      },
      "volumes": [
        {
          "name": "batch-export-creds-volume",
          "secret": {
            "secretName": "batch-export-g3auto"
          }
        }
      ],