From 3514ea27ab32eee3c25bd1074c478f8fd56fcf3d Mon Sep 17 00:00:00 2001 From: Daniel Fernandes Date: Tue, 16 Dec 2025 09:20:57 +0000 Subject: [PATCH 1/6] Add explicit UV_CACHE_DIR to init container and blueapi container --- helm/blueapi/templates/statefulset.yaml | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/helm/blueapi/templates/statefulset.yaml b/helm/blueapi/templates/statefulset.yaml index d7595784e2..6c5af1ce4c 100644 --- a/helm/blueapi/templates/statefulset.yaml +++ b/helm/blueapi/templates/statefulset.yaml @@ -95,6 +95,9 @@ spec: if [ $? -ne 0 ]; then echo 'Blueapi failed'; exit 1; fi; echo "Exporting venv as artefact" cp -r /app/.venv/* /artefacts + - env: + - name: UV_CACHE_DIR + value: {{ .Values.worker.scratch.root }} volumeMounts: - name: init-config mountPath: "/config" @@ -196,6 +199,8 @@ spec: - configMapRef: name: {{ include "blueapi.fullname" . }}-otel-config env: + - name: UV_CACHE_DIR + value: {{ .Values.worker.scratch.root }} {{- toYaml .Values.extraEnvVars | nindent 12 }} {{- if ne 1000.0 .Values.securityContext.runAsUser }} - name: debug-account-sync From 5e785f0f3954e5b2bd6c6ba8daf74fd49c69e7d9 Mon Sep 17 00:00:00 2001 From: Daniel Fernandes Date: Tue, 16 Dec 2025 10:33:05 +0000 Subject: [PATCH 2/6] Fix templating issues --- helm/blueapi/README.md | 2 +- helm/blueapi/templates/statefulset.yaml | 12 +++++++----- helm/blueapi/values.schema.json | 2 +- helm/blueapi/values.yaml | 9 +++------ 4 files changed, 12 insertions(+), 13 deletions(-) diff --git a/helm/blueapi/README.md b/helm/blueapi/README.md index 227d264a51..1e55812f15 100644 --- a/helm/blueapi/README.md +++ b/helm/blueapi/README.md @@ -12,7 +12,7 @@ A Helm chart deploying a worker pod that runs Bluesky plans | debug.enabled | bool | `false` | If enabled, runs debugpy, allowing port-forwarding to expose port 5678 or attached vscode instance | | debug.log_to_stderr | bool | `false` | If enabled configures debugpy to use the option `--log-to-stderr` | | debug.suspend | bool | `false` | If enabled does not start the service on startup This allows connecting to the pod and starting the service manually to allow debugging on the cluster | -| extraEnvVars | list | `[]` | Additional envVars to mount to the pod | +| extraEnvVars | string | `nil` | Additional envVars to mount to the pod | | fullnameOverride | string | `""` | | | global | object | `{}` | Not used, but must be present for validation when using as a dependency of another chart | | hostNetwork | bool | `false` | May be needed for EPICS depending on gateway configuration | diff --git a/helm/blueapi/templates/statefulset.yaml b/helm/blueapi/templates/statefulset.yaml index 6c5af1ce4c..6e84848798 100644 --- a/helm/blueapi/templates/statefulset.yaml +++ b/helm/blueapi/templates/statefulset.yaml @@ -95,9 +95,9 @@ spec: if [ $? -ne 0 ]; then echo 'Blueapi failed'; exit 1; fi; echo "Exporting venv as artefact" cp -r /app/.venv/* /artefacts - - env: - - name: UV_CACHE_DIR - value: {{ .Values.worker.scratch.root }} + env: + - name: UV_CACHE_DIR + value: {{ .Values.worker.scratch.root }} volumeMounts: - name: init-config mountPath: "/config" @@ -201,8 +201,10 @@ spec: env: - name: UV_CACHE_DIR value: {{ .Values.worker.scratch.root }} - {{- toYaml .Values.extraEnvVars | nindent 12 }} - {{- if ne 1000.0 .Values.securityContext.runAsUser }} + {{- if .Values.extraEnvVars }} + {{- toYaml .Values.extraEnvVars | nindent 12 }} + {{- end }} + {{- if ne 1000.0 .Values.securityContext.runAsUser }} - name: debug-account-sync image: ghcr.io/diamondlightsource/account-sync-sidecar:3.0.0 volumeMounts: diff --git a/helm/blueapi/values.schema.json b/helm/blueapi/values.schema.json index 5747d10c0e..567a10d1e0 100644 --- a/helm/blueapi/values.schema.json +++ b/helm/blueapi/values.schema.json @@ -27,7 +27,7 @@ }, "extraEnvVars": { "description": "Additional envVars to mount to the pod", - "type": "array" + "type": "null" }, "fullnameOverride": { "type": "string" diff --git a/helm/blueapi/values.yaml b/helm/blueapi/values.yaml index 9376bc524a..4410b09437 100644 --- a/helm/blueapi/values.yaml +++ b/helm/blueapi/values.yaml @@ -36,8 +36,7 @@ podAnnotations: {} # For more information checkout: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ podLabels: {} -podSecurityContext: - {} +podSecurityContext: {} # fsGroup: 2000 securityContext: @@ -62,8 +61,7 @@ service: ingress: enabled: false className: "nginx" - annotations: - {} + annotations: {} # kubernetes.io/ingress.class: nginx # kubernetes.io/tls-acme: "true" hosts: @@ -96,7 +94,6 @@ resources: requests: cpu: 200m memory: 400Mi - # -- Override resources for init container. By default copies resources of main container. initResources: {} @@ -158,7 +155,7 @@ hostNetwork: false restartOnConfigChange: true # -- Additional envVars to mount to the pod -extraEnvVars: [] +extraEnvVars: # - name: TILED_API_KEY # valueFrom: # secretKeyRef: From ff9caf81fddb61807e5e0c8aa26a08b77296b212 Mon Sep 17 00:00:00 2001 From: Daniel Fernandes Date: Tue, 16 Dec 2025 10:33:38 +0000 Subject: [PATCH 3/6] Remove changes to values.yaml --- helm/blueapi/README.md | 2 +- helm/blueapi/values.schema.json | 2 +- helm/blueapi/values.yaml | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/helm/blueapi/README.md b/helm/blueapi/README.md index 1e55812f15..227d264a51 100644 --- a/helm/blueapi/README.md +++ b/helm/blueapi/README.md @@ -12,7 +12,7 @@ A Helm chart deploying a worker pod that runs Bluesky plans | debug.enabled | bool | `false` | If enabled, runs debugpy, allowing port-forwarding to expose port 5678 or attached vscode instance | | debug.log_to_stderr | bool | `false` | If enabled configures debugpy to use the option `--log-to-stderr` | | debug.suspend | bool | `false` | If enabled does not start the service on startup This allows connecting to the pod and starting the service manually to allow debugging on the cluster | -| extraEnvVars | string | `nil` | Additional envVars to mount to the pod | +| extraEnvVars | list | `[]` | Additional envVars to mount to the pod | | fullnameOverride | string | `""` | | | global | object | `{}` | Not used, but must be present for validation when using as a dependency of another chart | | hostNetwork | bool | `false` | May be needed for EPICS depending on gateway configuration | diff --git a/helm/blueapi/values.schema.json b/helm/blueapi/values.schema.json index 567a10d1e0..5747d10c0e 100644 --- a/helm/blueapi/values.schema.json +++ b/helm/blueapi/values.schema.json @@ -27,7 +27,7 @@ }, "extraEnvVars": { "description": "Additional envVars to mount to the pod", - "type": "null" + "type": "array" }, "fullnameOverride": { "type": "string" diff --git a/helm/blueapi/values.yaml b/helm/blueapi/values.yaml index 4410b09437..9a6eecc094 100644 --- a/helm/blueapi/values.yaml +++ b/helm/blueapi/values.yaml @@ -155,7 +155,7 @@ hostNetwork: false restartOnConfigChange: true # -- Additional envVars to mount to the pod -extraEnvVars: +extraEnvVars: [] # - name: TILED_API_KEY # valueFrom: # secretKeyRef: From 47c231e1f0b230e7c7df66cffce762085e39b6d0 Mon Sep 17 00:00:00 2001 From: Daniel Fernandes Date: Thu, 18 Dec 2025 15:10:26 +0000 Subject: [PATCH 4/6] Fix indentation --- helm/blueapi/templates/statefulset.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/helm/blueapi/templates/statefulset.yaml b/helm/blueapi/templates/statefulset.yaml index 6e84848798..c3b090a1da 100644 --- a/helm/blueapi/templates/statefulset.yaml +++ b/helm/blueapi/templates/statefulset.yaml @@ -204,7 +204,7 @@ spec: {{- if .Values.extraEnvVars }} {{- toYaml .Values.extraEnvVars | nindent 12 }} {{- end }} - {{- if ne 1000.0 .Values.securityContext.runAsUser }} + {{- if ne 1000.0 .Values.securityContext.runAsUser }} - name: debug-account-sync image: ghcr.io/diamondlightsource/account-sync-sidecar:3.0.0 volumeMounts: From 6d34bf4405337f2a795e58944d2136caa7be7685 Mon Sep 17 00:00:00 2001 From: Daniel Fernandes Date: Tue, 6 Jan 2026 11:33:35 +0000 Subject: [PATCH 5/6] Add brackets to values in case root is missing --- helm/blueapi/templates/statefulset.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/helm/blueapi/templates/statefulset.yaml b/helm/blueapi/templates/statefulset.yaml index c3b090a1da..ef400c5999 100644 --- a/helm/blueapi/templates/statefulset.yaml +++ b/helm/blueapi/templates/statefulset.yaml @@ -97,7 +97,7 @@ spec: cp -r /app/.venv/* /artefacts env: - name: UV_CACHE_DIR - value: {{ .Values.worker.scratch.root }} + value: {{ (.Values.worker.scratch).root }} volumeMounts: - name: init-config mountPath: "/config" @@ -200,7 +200,7 @@ spec: name: {{ include "blueapi.fullname" . }}-otel-config env: - name: UV_CACHE_DIR - value: {{ .Values.worker.scratch.root }} + value: {{ (.Values.worker.scratch).root }} {{- if .Values.extraEnvVars }} {{- toYaml .Values.extraEnvVars | nindent 12 }} {{- end }} From 15817d947b99c4a12d780a2e444271a6fbd4d3cc Mon Sep 17 00:00:00 2001 From: Daniel Fernandes Date: Wed, 14 Jan 2026 10:48:44 +0000 Subject: [PATCH 6/6] Fix move uc cache into own dir --- helm/blueapi/templates/statefulset.yaml | 4 +- helm/blueapi/values.schema.json | 482 +----------------------- 2 files changed, 5 insertions(+), 481 deletions(-) diff --git a/helm/blueapi/templates/statefulset.yaml b/helm/blueapi/templates/statefulset.yaml index ef400c5999..a782cde599 100644 --- a/helm/blueapi/templates/statefulset.yaml +++ b/helm/blueapi/templates/statefulset.yaml @@ -97,7 +97,7 @@ spec: cp -r /app/.venv/* /artefacts env: - name: UV_CACHE_DIR - value: {{ (.Values.worker.scratch).root }} + value: {{ (.Values.worker.scratch).root }}/.uv-cache volumeMounts: - name: init-config mountPath: "/config" @@ -200,7 +200,7 @@ spec: name: {{ include "blueapi.fullname" . }}-otel-config env: - name: UV_CACHE_DIR - value: {{ (.Values.worker.scratch).root }} + value: {{ (.Values.worker.scratch).root }}/.uv-cache {{- if .Values.extraEnvVars }} {{- toYaml .Values.extraEnvVars | nindent 12 }} {{- end }} diff --git a/helm/blueapi/values.schema.json b/helm/blueapi/values.schema.json index 5747d10c0e..6a89e5bb35 100644 --- a/helm/blueapi/values.schema.json +++ b/helm/blueapi/values.schema.json @@ -445,7 +445,8 @@ "title": "Auth Token Path", "anyOf": [ { - "type": "string" + "type": "string", + "format": "path" }, { "type": "null" @@ -495,484 +496,7 @@ "$ref": "#/$defs/TiledConfig" } }, - "additionalProperties": false, - "$defs": { - "BasicAuthentication": { - "title": "BasicAuthentication", - "description": "User credentials for basic authentication", - "type": "object", - "required": [ - "username", - "password" - ], - "properties": { - "password": { - "title": "Password", - "description": "Password to verify user's identity", - "type": "string" - }, - "username": { - "title": "Username", - "description": "Unique identifier for user", - "type": "string" - } - }, - "additionalProperties": false - }, - "CORSConfig": { - "title": "CORSConfig", - "type": "object", - "required": [ - "origins" - ], - "properties": { - "allow_credentials": { - "title": "Allow Credentials", - "default": false, - "type": "boolean" - }, - "allow_headers": { - "title": "Allow Headers", - "default": [ - "*" - ], - "type": "array", - "items": { - "type": "string" - } - }, - "allow_methods": { - "title": "Allow Methods", - "default": [ - "*" - ], - "type": "array", - "items": { - "type": "string" - } - }, - "origins": { - "title": "Origins", - "type": "array", - "items": { - "type": "string" - } - } - }, - "additionalProperties": false - }, - "DeviceManagerSource": { - "title": "DeviceManagerSource", - "type": "object", - "required": [ - "module" - ], - "properties": { - "kind": { - "title": "Kind", - "default": "deviceManager", - "const": "deviceManager" - }, - "mock": { - "title": "Mock", - "description": "If true, ophyd_async device connections are mocked", - "default": false, - "type": "boolean" - }, - "module": { - "title": "Module", - "description": "Module to be imported", - "type": "string" - }, - "name": { - "title": "Name", - "description": "Name of the device manager in the module", - "default": "devices", - "type": "string" - } - }, - "additionalProperties": false - }, - "DeviceSource": { - "title": "DeviceSource", - "type": "object", - "required": [ - "module" - ], - "properties": { - "kind": { - "title": "Kind", - "default": "deviceFunctions", - "const": "deviceFunctions" - }, - "module": { - "title": "Module", - "description": "Module to be imported", - "type": "string" - } - }, - "additionalProperties": false - }, - "DodalSource": { - "title": "DodalSource", - "type": "object", - "required": [ - "module" - ], - "properties": { - "kind": { - "title": "Kind", - "default": "dodal", - "const": "dodal" - }, - "mock": { - "title": "Mock", - "description": "If true, ophyd_async device connections are mocked", - "default": false, - "type": "boolean" - }, - "module": { - "title": "Module", - "description": "Module to be imported", - "type": "string" - } - }, - "additionalProperties": false - }, - "EnvironmentConfig": { - "title": "EnvironmentConfig", - "description": "Config for the RunEngine environment", - "type": "object", - "properties": { - "events": { - "$ref": "#/$defs/WorkerEventConfig" - }, - "metadata": { - "anyOf": [ - { - "$ref": "#/$defs/MetadataConfig" - }, - { - "type": "null" - } - ] - }, - "sources": { - "title": "Sources", - "default": [ - { - "kind": "planFunctions", - "module": "dodal.plans" - }, - { - "kind": "planFunctions", - "module": "dodal.plan_stubs.wrapped" - } - ], - "type": "array", - "items": { - "oneOf": [ - { - "$ref": "#/$defs/PlanSource" - }, - { - "$ref": "#/$defs/DeviceSource" - }, - { - "$ref": "#/$defs/DodalSource" - }, - { - "$ref": "#/$defs/DeviceManagerSource" - } - ] - } - } - }, - "additionalProperties": false - }, - "GraylogConfig": { - "title": "GraylogConfig", - "type": "object", - "properties": { - "enabled": { - "title": "Enabled", - "default": false, - "type": "boolean" - }, - "url": { - "title": "Url", - "default": "tcp://localhost:5555", - "type": "string", - "minLength": 1 - } - }, - "additionalProperties": false - }, - "LoggingConfig": { - "title": "LoggingConfig", - "type": "object", - "properties": { - "graylog": { - "default": { - "enabled": false, - "url": "tcp://localhost:5555" - }, - "$ref": "#/$defs/GraylogConfig" - }, - "level": { - "title": "Level", - "default": "INFO", - "type": "string", - "enum": [ - "NOTSET", - "DEBUG", - "INFO", - "WARNING", - "ERROR", - "CRITICAL" - ] - } - }, - "additionalProperties": false - }, - "MetadataConfig": { - "title": "MetadataConfig", - "type": "object", - "required": [ - "instrument" - ], - "properties": { - "instrument": { - "title": "Instrument", - "type": "string" - } - }, - "additionalProperties": false - }, - "NumtrackerConfig": { - "title": "NumtrackerConfig", - "type": "object", - "properties": { - "detector_file_template": { - "title": "Detector File Template", - "default": "{instrument}-{scan_id}-{device_name}", - "type": "string" - }, - "url": { - "title": "Url", - "default": "http://localhost:8406/graphql", - "type": "string", - "maxLength": 2083, - "minLength": 1 - } - }, - "additionalProperties": false - }, - "OIDCConfig": { - "title": "OIDCConfig", - "type": "object", - "required": [ - "well_known_url", - "client_id" - ], - "properties": { - "client_audience": { - "title": "Client Audience", - "description": "Client Audience(s)", - "default": "blueapi", - "type": "string" - }, - "client_id": { - "title": "Client Id", - "description": "Client ID", - "type": "string" - }, - "logout_redirect_endpoint": { - "title": "Logout Redirect Endpoint", - "description": "The oidc endpoint required to logout", - "default": "", - "type": "string" - }, - "well_known_url": { - "title": "Well Known Url", - "description": "URL to fetch OIDC config from the provider", - "type": "string" - } - }, - "additionalProperties": false - }, - "PlanSource": { - "title": "PlanSource", - "type": "object", - "required": [ - "module" - ], - "properties": { - "kind": { - "title": "Kind", - "default": "planFunctions", - "const": "planFunctions" - }, - "module": { - "title": "Module", - "description": "Module to be imported", - "type": "string" - } - }, - "additionalProperties": false - }, - "RestConfig": { - "title": "RestConfig", - "type": "object", - "properties": { - "cors": { - "anyOf": [ - { - "$ref": "#/$defs/CORSConfig" - }, - { - "type": "null" - } - ] - }, - "url": { - "title": "Url", - "default": "http://localhost:8000/", - "type": "string", - "maxLength": 2083, - "minLength": 1 - } - }, - "additionalProperties": false - }, - "ScratchConfig": { - "title": "ScratchConfig", - "type": "object", - "properties": { - "repositories": { - "title": "Repositories", - "description": "Details of repositories to be cloned and imported into blueapi", - "type": "array", - "items": { - "$ref": "#/$defs/ScratchRepository" - } - }, - "required_gid": { - "title": "Required Gid", - "description": "\nRequired owner GID for the scratch directory. If supplied, the setup-scratch\ncommand will check the scratch area ownership and raise an error if it is\nnot owned by \u003cGID\u003e, or if it does not have SGID permission bit set.\n", - "anyOf": [ - { - "type": "integer" - }, - { - "type": "null" - } - ] - }, - "root": { - "title": "Root", - "description": "The root directory of the scratch area, all repositories will be cloned under this directory.", - "default": "/tmp/scratch/blueapi", - "type": "string" - } - }, - "additionalProperties": false - }, - "ScratchRepository": { - "title": "ScratchRepository", - "type": "object", - "properties": { - "name": { - "title": "Name", - "description": "Unique name for this repository in the scratch directory", - "default": "example", - "type": "string" - }, - "remote_url": { - "title": "Remote Url", - "description": "URL to clone from", - "default": "https://github.com/example/example.git", - "type": "string" - } - }, - "additionalProperties": false - }, - "StompConfig": { - "title": "StompConfig", - "description": "Config for connecting to stomp broker", - "type": "object", - "properties": { - "auth": { - "description": "Auth information for communicating with STOMP broker, if required", - "anyOf": [ - { - "$ref": "#/$defs/BasicAuthentication" - }, - { - "type": "null" - } - ] - }, - "enabled": { - "title": "Enabled", - "description": "True if blueapi should connect to stomp for asynchronous event publishing", - "default": false, - "type": "boolean" - }, - "url": { - "title": "Url", - "default": "tcp://localhost:61613", - "type": "string", - "minLength": 1 - } - }, - "additionalProperties": false - }, - "TiledConfig": { - "title": "TiledConfig", - "type": "object", - "properties": { - "api_key": { - "title": "Api Key", - "anyOf": [ - { - "type": "string" - }, - { - "type": "null" - } - ] - }, - "enabled": { - "title": "Enabled", - "description": "True if blueapi should forward data to a Tiled instance", - "default": false, - "type": "boolean" - }, - "url": { - "title": "Url", - "default": "http://localhost:8407/", - "type": "string", - "maxLength": 2083, - "minLength": 1 - } - }, - "additionalProperties": false - }, - "WorkerEventConfig": { - "title": "WorkerEventConfig", - "description": "Config for event broadcasting via the message bus", - "type": "object", - "properties": { - "broadcast_status_events": { - "title": "Broadcast Status Events", - "default": true, - "type": "boolean" - } - }, - "additionalProperties": false - } - } + "additionalProperties": false } } }