DiamondLightSource · Alexj9837 · Apr 9, 2026 · Apr 9, 2026 · Apr 9, 2026 · Apr 9, 2026
@@ -44,6 +44,7 @@ A Helm chart deploying a worker pod that runs Bluesky plans
 | serviceAccount.create | bool | `false` |  |
 | serviceAccount.name | string | `""` |  |
 | startupProbe | object | `{"failureThreshold":5,"httpGet":{"path":"/healthz","port":"http"},"periodSeconds":10}` | A more lenient livenessProbe to allow the service to start fully. This is automatically disabled when in debug mode. |
+| timeStampCron.enabled | bool | `true` |  |
 | tolerations | list | `[]` | May be required to run on specific nodes (e.g. the control machine) |
 | tracing | object | `{"fastapi":{"excludedURLs":"/healthz"},"otlp":{"enabled":false,"protocol":"http/protobuf","server":{"host":"http://opentelemetry-collector.tracing","port":4318}}}` | Exclude health probe requests from tracing by default to prevent spamming |
 | volumeMounts | list | `[{"mountPath":"/config","name":"worker-config","readOnly":true}]` | Additional volumeMounts on the output StatefulSet definition. Define how volumes are mounted to the container referenced by using the same name. |

@@ -0,0 +1,20 @@
+#!/bin/sh
+# Get PVCs belonging to this blueapi release
+ALL_PVC=$(kubectl get pvc -n  $RELEASE_NAMESPACE  \
+  -o jsonpath='{.items[*].metadata.name}' | tr ' ' '\n' | \
+  grep "^$RELEASE_NAME-scratch-")
+# Get all PVCs currently mounted by running pods
+MOUNTED_PVCS=$(kubectl get pods -n  $RELEASE_NAMESPACE  \
+  -o=jsonpath='{.items[*].spec.volumes[*].persistentVolumeClaim.claimName}' | tr ' ' '\n' | sort -u)
+NOW=$(date +%s)
+#loop through all the pvcs annotating ones thare are mounted or lack a last-used stamp
+for pvc in $ALL_PVC; do
+  # Checks if Annotation for last-used is empty
+  ANNOTATION=$(kubectl get pvc "$pvc" -n  $RELEASE_NAMESPACE  -o=jsonpath='{.metadata.annotations.last-used}')
+  # -z checks if ANNOTATION is empty, if its empty or mounted to updates last-used else it ignores it
+  if [ -z "$ANNOTATION" ]; then 
+    kubectl annotate --overwrite pvc "$pvc" -n  $RELEASE_NAMESPACE  last-used="$NOW"
+  elif echo "$MOUNTED_PVCS" | grep -qx "$pvc"; then
+    kubectl annotate --overwrite pvc "$pvc" -n  $RELEASE_NAMESPACE  last-used="$NOW"
+  fi
+done
@@ -31,6 +31,18 @@ data:
   init_config.yaml: |-
     scratch:
       {{- toYaml .Values.worker.scratch | nindent 6 }}
+
+---    
 {{- end }}
 
 ---
+{{- if .Values.timeStampCron.enabled }}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name : {{include "blueapi.fullname" . }}-pvc-stamper-script
+data:
+  {{- $files := .Files }}
+  time-stamper.sh: |-
+{{ $files.Get "files/scripts/time-stamper.sh" | indent 4 }}
+{{- end }}
@@ -0,0 +1,79 @@
+{{- if .Values.timeStampCron.enabled }}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ include "blueapi.fullname" . }}-last-used-stamper
+  namespace: {{ .Release.Namespace }}
+automountServiceAccountToken: true
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ include "blueapi.fullname" . }}-last-used-stamper
+  namespace: {{ .Release.Namespace }}
+rules:
+- apiGroups: [""]
+  resources: ["pods", "persistentvolumeclaims"]
+  verbs: ["get", "list", "patch"]
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ include "blueapi.fullname" . }}-last-used-stamper
+  namespace: {{ .Release.Namespace }}
+subjects:
+- kind: ServiceAccount
+  name: {{ include "blueapi.fullname" . }}-last-used-stamper
+  namespace: {{ .Release.Namespace }}
+roleRef:
+  kind: Role
+  name: {{ include "blueapi.fullname" . }}-last-used-stamper
+  apiGroup: rbac.authorization.k8s.io
+---
+apiVersion: batch/v1
+kind: CronJob
+metadata:
+  name: {{ include "blueapi.fullname" . }}-last-used-stamper
+  namespace: {{ .Release.Namespace }}
+spec:
+  concurrencyPolicy: Forbid
+  successfulJobsHistoryLimit: 3
+  failedJobsHistoryLimit: 1
+  schedule: "*/5 * * * *"
+
+  jobTemplate:
+    spec:
+      # amount of attempts of labeling a pvc
+      backoffLimit: 3
+      # job stops after 60 secounds
+      activeDeadlineSeconds: 60
+      template:
+        spec:
+          serviceAccountName: {{ include "blueapi.fullname" . }}-last-used-stamper
+          {{- with .Values.tolerations }}
+          tolerations:
+            {{- toYaml . | nindent 12 }}
+          {{- end }}
+
+          volumes:
+            - name : {{include "blueapi.fullname" . }}-pvc-stamper-script
+              configMap:
+                name: {{include "blueapi.fullname" . }}-pvc-stamper-script
+                defaultMode: 0555
+
+
+          containers:
+          - name: last-used-stamper
+            env:
+              - name: RELEASE_NAME
+                value: {{ .Release.Name }}
+              - name: RELEASE_NAMESPACE
+                value: {{ .Release.Namespace }}
+            volumeMounts:
+              - name: {{include "blueapi.fullname" . }}-pvc-stamper-script
+                mountPath: /scripts
+            image: bitnami/kubectl:latest
+            imagePullPolicy: IfNotPresent
+            command: ["/scripts/time-stamper.sh"]
+          restartPolicy: OnFailure
+{{- end }}
@@ -292,6 +292,14 @@
                 }
             }
         },
+        "timeStampCron": {
+            "type": "object",
+            "properties": {
+                "enabled": {
+                    "type": "boolean"
+                }
+            }
+        },
         "tolerations": {
             "description": "May be required to run on specific nodes (e.g. the control machine)",
             "type": "array"

@@ -224,6 +224,9 @@ initContainer:
     # -- Size of persistent volume
     size: "1Gi"
 
+timeStampCron:
+  enabled: true
+
 debug:
   # -- If enabled, runs debugpy, allowing port-forwarding to expose port 5678 or attached vscode instance
   enabled: false