Skip to content

Commit

Permalink
added a cronjob to delete orphaned jenkins job namespaces
Browse files Browse the repository at this point in the history
  • Loading branch information
@anshulvermapatel
anshulvermapatel committed Feb 25, 2025
1 parent ae6684d commit 874fed2
Showing 1 changed file with 67 additions and 19 deletions.
86 changes: 67 additions & 19 deletions cluster-service/deploy/integration/cluster-service-namespace.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,13 +4,19 @@ kind: Template
metadata:
name: cluster-service-admin
parameters:
- name: NAMESPACE
description: The namespace to create
required: true
value: cluster-service-admin
- name: CLIENT_ID
description: The Azure Client ID used for federation
required: true
- name: NAMESPACE
description: The namespace to create
required: true
value: cluster-service-admin
- name: CLIENT_ID
description: The Azure Client ID used for federation
required: true
- name: ORPHANED_NAMESPACE_CLEANER
description: The namespace to create to have a cronjob which will delete the orphaned namespace which are not deleted due to any issues with the jenkins job.
value: orphaned-namespace-cleaner
- name: KUBECTL_IMAGE
description: An image which have the `kubectl` binary in it.
value: quay.io/rhn_support_ansverma/ubi8-minimal-kubectl:latest

objects:
- apiVersion: v1
Expand All @@ -27,12 +33,12 @@ objects:
metadata:
name: namespace-admin
rules:
- apiGroups:
- ""
resources:
- namespaces
verbs:
- "*"
- apiGroups:
- ""
resources:
- namespaces
verbs:
- "*"
- apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
Expand All @@ -42,9 +48,9 @@ objects:
kind: ClusterRole
name: admin
subjects:
- kind: ServiceAccount
name: cluster-service-mgmt
namespace: cluster-service-admin
- kind: ServiceAccount
name: cluster-service-mgmt
namespace: cluster-service-admin
- apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
Expand All @@ -54,9 +60,9 @@ objects:
kind: ClusterRole
name: namespace-admin
subjects:
- kind: ServiceAccount
name: cluster-service-mgmt
namespace: cluster-service-admin
- kind: ServiceAccount
name: cluster-service-mgmt
namespace: cluster-service-admin
- apiVersion: v1
kind: Secret
metadata:
Expand All @@ -72,3 +78,45 @@ objects:
namespace: ${NAMESPACE}
data:
cs-client-id: ${CLIENT_ID}
- apiVersion: v1
kind: ServiceAccount
metadata:
name: orphaned-namespace-cleaner-cronjob
namespace: ${ORPHANED_NAMESPACE_CLEANER}
- apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: orphaned-namespace-cleaner-cronjob
subjects:
- kind: ServiceAccount
name: orphaned-namespace-cleaner-cronjob
namespace: ${ORPHANED_NAMESPACE_CLEANER}
roleRef:
kind: ClusterRole
name: namespace-admin
apiGroup: rbac.authorization.k8s.io
- apiVersion: batch/v1
kind: CronJob
metadata:
name: orphaned-namespace-cleaner
namespace: ${ORPHANED_NAMESPACE_CLEANER}
spec:
schedule: "0 0 * * *"
successfulJobsHistoryLimit: 3
failedJobsHistoryLimit: 1
jobTemplate:
spec:
template:
spec:
serviceAccountName: orphaned-namespace-cleaner-cronjob
containers:
- name: kubectl-container
image: ${KUBECTL_IMAGE}
command: ["/bin/sh", "-c"]
args:
- |
echo "Starting to clear orphaned namespaces"
echo "deleting the orphaned namespaces"
kubectl get namespaces -o json | jq -r '.items[] | select(.metadata.labels."sandbox-jenkins-type"=="aro-hcp") | select((now - (.metadata.creationTimestamp | fromdate)) / 60 > 60) | .metadata.name' | xargs kubectl delete namespace
echo "Script execution completed."
restartPolicy: Never

0 comments on commit 874fed2

Please sign in to comment.