Merge branch 'master' into chore/use-cedar-instance-id-for-mds

gen3/bin/kube-setup-cedar-wrapper.sh

@@ -60,8 +60,12 @@ if ! g3kubectl get secrets/cedar-g3auto > /dev/null 2>&1; then
     return 1
 fi
 
-gen3_log_info "Checking cedar-client creds"
-setup_creds
+if [[ -n "$JENKINS_HOME" ]]; then
+    gen3_log_info "Skipping cedar-client creds setup in non-adminvm environment"
+else
+    gen3_log_info "Checking cedar-client creds"
+    setup_creds
+fi
 
 if ! gen3 secrets decode cedar-g3auto cedar_api_key.txt > /dev/null 2>&1; then
     gen3_log_err "No CEDAR api key present in cedar-g3auto secret, not rolling CEDAR wrapper"

kube/services/argo-events/workflows/configmap.yaml

@@ -27,22 +27,48 @@ data:
           - c6a.4xlarge
           - c6a.8xlarge
           - c6a.12xlarge
+          - c7a.large
+          - c7a.xlarge
+          - c7a.2xlarge
+          - c7a.4xlarge
+          - c7a.8xlarge
+          - c7a.12xlarge
           - c6i.large
           - c6i.xlarge
           - c6i.2xlarge
           - c6i.4xlarge
           - c6i.8xlarge
           - c6i.12xlarge
+          - c7i.large
+          - c7i.xlarge
+          - c7i.2xlarge
+          - c7i.4xlarge
+          - c7i.8xlarge
+          - c7i.12xlarge
           - m6a.2xlarge
           - m6a.4xlarge
           - m6a.8xlarge
           - m6a.12xlarge
           - m6a.16xlarge
+          - m6a.24xlarge
+          - m7a.2xlarge
+          - m7a.4xlarge
+          - m7a.8xlarge
+          - m7a.12xlarge
+          - m7a.16xlarge
+          - m7a.24xlarge
           - m6i.2xlarge
           - m6i.4xlarge
           - m6i.8xlarge
           - m6i.12xlarge
           - m6i.16xlarge
+          - m6i.24xlarge
+          - m7i.2xlarge
+          - m7i.4xlarge
+          - m7i.8xlarge
+          - m7i.12xlarge
+          - m7i.16xlarge
+          - m7i.24xlarge
       taints:
         - key: role
           value: WORKFLOW_NAME

kube/services/jobs/arborist-rm-expired-access-cronjob.yaml

@@ -1,4 +1,4 @@
-apiVersion: batch/v1beta1
+apiVersion: batch/v1
 kind: CronJob
 metadata:
   name: arborist-rm-expired-access

kube/services/jobs/covid19-bayes-cronjob.yaml

@@ -1,5 +1,5 @@
 # gen3 job run covid19-bayes-cronjob S3_BUCKET <S3_BUCKET>
-apiVersion: batch/v1beta1
+apiVersion: batch/v1
 kind: CronJob
 metadata:
   name: covid19-bayes

kube/services/jobs/etl-cronjob.yaml

@@ -1,4 +1,4 @@
-apiVersion: batch/v1beta1
+apiVersion: batch/v1
 kind: CronJob
 metadata:
   name: etl

kube/services/jobs/fence-visa-update-cronjob.yaml

@@ -1,4 +1,4 @@
-apiVersion: batch/v1beta1
+apiVersion: batch/v1
 kind: CronJob
 metadata:
   name: fence-visa-update

kube/services/jobs/google-delete-expired-access-cronjob.yaml

@@ -1,5 +1,5 @@
 ---
-apiVersion: batch/v1beta1
+apiVersion: batch/v1
 kind: CronJob
 metadata:
   name: google-delete-expired-access

kube/services/jobs/google-delete-expired-service-account-cronjob.yaml

@@ -1,6 +1,6 @@
 ---
-# Note: change to batch/v1beta1 once we bump to k8s 1.8
-apiVersion: batch/v1beta1
+# Note: change to batch/v1 once we bump to k8s 1.8
+apiVersion: batch/v1
 kind: CronJob
 metadata:
   name: google-delete-expired-service-account

kube/services/jobs/google-init-proxy-groups-cronjob.yaml

@@ -1,6 +1,6 @@
 ---
-# Note: change to batch/v1beta1 once we bump to k8s 1.8
-apiVersion: batch/v1beta1
+# Note: change to batch/v1 once we bump to k8s 1.8
+apiVersion: batch/v1
 kind: CronJob
 metadata:
   name: google-init-proxy-groups

kube/services/jobs/google-manage-account-access-cronjob.yaml

@@ -1,6 +1,6 @@
 ---
-# Note: change to batch/v1beta1 once we bump to k8s 1.8
-apiVersion: batch/v1beta1
+# Note: change to batch/v1 once we bump to k8s 1.8
+apiVersion: batch/v1
 kind: CronJob
 metadata:
   name: google-manage-account-access

kube/services/jobs/google-manage-keys-cronjob.yaml

@@ -1,6 +1,6 @@
 ---
-# Note: change to batch/v1beta1 once we bump to k8s 1.8
-apiVersion: batch/v1beta1
+# Note: change to batch/v1 once we bump to k8s 1.8
+apiVersion: batch/v1
 kind: CronJob
 metadata:
   name: google-manage-keys

kube/services/jobs/google-verify-bucket-access-group-cronjob.yaml

@@ -1,6 +1,6 @@
 ---
-# Note: change to batch/v1beta1 once we bump to k8s 1.8
-apiVersion: batch/v1beta1
+# Note: change to batch/v1 once we bump to k8s 1.8
+apiVersion: batch/v1
 kind: CronJob
 metadata:
   name: google-verify-bucket-access-group

kube/services/jobs/healthcheck-cronjob.yaml

@@ -1,4 +1,4 @@
-apiVersion: batch/v1beta1
+apiVersion: batch/v1
 kind: CronJob
 metadata:
   name: healthcheck 

kube/services/jobs/s3sync-cronjob.yaml

@@ -5,7 +5,7 @@
 #####REQUIRED VARIABLE########
 #SOURCE_BUCKET
 #TARGET_BUCKET
-apiVersion: batch/v1beta1
+apiVersion: batch/v1
 kind: CronJob
 metadata:
   name: s3sync

kube/services/node-monitors/fenceshib-jenkins-test.yaml

@@ -0,0 +1,40 @@
+apiVersion: batch/v1
+kind: CronJob
+metadata:
+  name: fenceshib-service-check
+  namespace: default
+spec:
+  schedule: "0 */4 * * *"
+  jobTemplate:
+    spec:
+      template:
+        metadata:
+          labels:
+            app: gen3job
+        spec:
+          serviceAccountName: node-monitor
+          containers:
+            - name: kubectl
+              image: quay.io/cdis/awshelper
+              env:
+                - name: SLACK_WEBHOOK_URL
+                  valueFrom:
+                    configMapKeyRef:
+                      name: global
+                      key: slack_webhook
+              command: ["/bin/bash"]
+              args:
+                - "-c"
+                - |
+                  #!/bin/bash
+
+                  fenceshib=$(kubectl get services -A | grep "fenceshib-service" | awk '{print $2}')
+
+                  # Check if there are any fenceshib services
+                  if [[ ! -z "$fenceshib" ]]; then
+                      echo "Alert: Service fenceshib-service found with output: $fenceshib"
+                      curl -X POST -H 'Content-type: application/json' --data "{\"text\": \"WARNING: Fenceshib service discovered in qaplanetv1 cluster. This could cause issues with future CI runs. Please delete this service if it is not needed. Run the following in qaplanetv1 to see which namespace it is in: \`kubectl get services -A | grep "fenceshib-service"\`\"}" $SLACK_WEBHOOK_URL
+                  else
+                      echo "Fenceshib Service Not Found"
+                  fi
+          restartPolicy: OnFailure