chore: Update tekton pruner logic (#205)

epam · Jun 12, 2024 · e3917a3 · e3917a3
1 parent 3ec67cc
commit e3917a3
Show file tree

Hide file tree

Showing 6 changed files with 22 additions and 90 deletions.
diff --git a/charts/pipelines-library/README.md b/charts/pipelines-library/README.md
@@ -137,9 +137,7 @@ Follows [Tekton Interceptor](https://tekton.dev/vault/triggers-main/clusterinter
 | tekton.packageRegistriesSecret.name | string | `"package-registries-auth-secret"` | Secret name that will be used in Pipelines. Default: package-registries-auth-secret |
 | tekton.pruner.create | bool | `true` | Specifies whether a cronjob should be created |
 | tekton.pruner.image | string | `"bitnami/kubectl:1.25"` | Docker image to run the pruner, expected to have kubectl and jq |
-| tekton.pruner.recentMinutes_pods | string | `"720"` | Controls the retention period (in minutes) for Tekton pipeline run history. Pipeline runs older than this duration are automatically deleted. |
-| tekton.pruner.recentMinutes_pvcs | string | `"0"` | Specifies the retention period (in minutes) for pvcs related to Tekton pipeline runs. A non-zero value aids in debugging by preventing automatic deletion of pvcs once pipeline runs complete. Default: 0 (automatic deletion enabled). |
 | tekton.pruner.resources | object | `{"limits":{"cpu":"100m","memory":"70Mi"},"requests":{"cpu":"50m","memory":"50Mi"}}` | Pod resources for Tekton pruner job |
-| tekton.pruner.schedule | string | `"0 * * * *"` | How often to clean up resources |
+| tekton.pruner.schedule | string | `"0 10 */1 * *"` | How often to clean up resources |
 | tekton.resources | object | `{"limits":{"cpu":"2","memory":"3Gi"},"requests":{"cpu":"500m","memory":"1Gi"}}` | The resource limits and requests for the Tekton Tasks |
 | tekton.workspaceSize | string | `"5Gi"` | Tekton workspace size. Most cases 1Gi is enough. It's common for all pipelines |
diff --git a/charts/pipelines-library/scripts/tekton-prune.sh b/charts/pipelines-library/scripts/tekton-prune.sh
@@ -10,49 +10,25 @@ verify() {
     exit 1
   fi
   echo 'Ok'
-  echo 'Verify that required environment variables are defined'
+  echo 'Verify that namespace variables are defined'
   if test -z "${NAMESPACE}"; then
     echo 'NAMESPACE env variable not defined.'
     exit 1
   fi
-  if test -z "${RECENT_MINUTES_PODS}"; then
-    echo 'RECENT_MINUTES_PODS env variable not defined.'
-    exit 1
-  fi
-  if test -z "${RECENT_MINUTES_PVCS}"; then
-    echo 'RECENT_MINUTES_PVCS env variable not defined.'
-    exit 1
-  fi
   echo 'Ok'
 }
 
-get_pipelinerun_pods_to_file() {
+get_pipelinerun_to_file() {
   pods_file_path="$1"
-  kubectl get -n "${NAMESPACE}" pod -l tekton.dev/memberOf -o name > "${pods_file_path}"
+  kubectl get -n "${NAMESPACE}" pipelinerun -o name > "${pods_file_path}"
 }
 
-get_pipelinerun_pvcs_to_file() {
-  pvcs_file_path="$1"
-  separator="$2"
-  owner="$3"
-  kubectl get -n "${NAMESPACE}" -o json $(kubectl get -n "${NAMESPACE}" pvc -o name) \
-    | jq -r --arg separator "${separator}" --arg owner "${owner}" '.items[]
-    | select(.metadata.ownerReferences[0].kind? == "\($owner)")
-    | "\(.metadata.name)\($separator)\(.metadata.ownerReferences[0].name)"' > "${pvcs_file_path}"
-}
 
 get_active_pipelineruns() {
   kubectl get -n "${NAMESPACE}" pipelineruns \
     -o jsonpath='{.items[?(@.status.conditions[0].reason=="Running")].metadata.name}'
 }
 
-get_recent_pipelineruns() {
-  minutes="$1"
-  date_minus_minutes_iso8601=$(TZ=UTC date -u +"%FT%TZ" --date "-${minutes} min")
-  kubectl get pipelineruns -n "${NAMESPACE}" -o json \
-    | jq -r --arg d "${date_minus_minutes_iso8601}" \
-      '.items[] | select (.status.completionTime? > $d ) | .metadata.name'
-}
 
 delete_lines_from_file() {
   file="$1"
@@ -79,51 +55,26 @@ prune_resources() {
 main() {
   separator=';'
   pvc_owner_kind='PipelineRun'
-  pods_to_delete_file_path='/tmp/pods-to-delete.txt'
-  pvcs_to_delete_file_path='/tmp/PVCs-to-delete.txt'
+  pipelinerun_to_delete_file_path='/tmp/runs-to-delete.txt'
 
   verify
 
   echo 'Get active pipelineruns'
   active_pipelineruns=$(get_active_pipelineruns)
-  echo "active pipelineruns: $active_pipelineruns"
+  echo "Running pipelineruns: $active_pipelineruns"
 
-  echo "Get pipelineruns completed recently (in the last ${RECENT_MINUTES_PODS} minutes)"
-  recent_pipelineruns_pods=$(get_recent_pipelineruns "${RECENT_MINUTES_PODS}")
-  echo "recent pipelineruns: $recent_pipelineruns_pods"
+  echo "Get pipelinerun list"
+  get_pipelinerun_to_file "${pipelinerun_to_delete_file_path}"
+  cat "${pipelinerun_to_delete_file_path}"
 
-  echo "Get pipelineruns completed recently (in the last ${RECENT_MINUTES_FOR_PVCS} minutes)"
-  recent_pipelineruns_pvcs=$(get_recent_pipelineruns "${RECENT_MINUTES_FOR_PVCS}")
-  echo "recent pipelineruns: $recent_pipelineruns_pvcs"
+  echo 'Exclude running pipelineruns from deletion list':
+  delete_lines_from_file "${pipelinerun_to_delete_file_path}" "${active_pipelineruns}"
+  cat "${pipelinerun_to_delete_file_path}"
 
-  echo 'Get pods that need to be deleted, pods with tekton.dev/memberOf label:'
-  get_pipelinerun_pods_to_file "${pods_to_delete_file_path}"
-  cat "${pods_to_delete_file_path}"
-
-  echo 'Exclude pods of the active and recent pipelineruns from deletion list':
-  delete_lines_from_file "${pods_to_delete_file_path}" "${active_pipelineruns}"
-  delete_lines_from_file "${pods_to_delete_file_path}" "${recent_pipelineruns_pods}"
-  cat "${pods_to_delete_file_path}"
-
-  echo 'Get PVCs that were used by pipelineruns and now need to be deleted:'
-  get_pipelinerun_pvcs_to_file "${pvcs_to_delete_file_path}" "${separator}" "${pvc_owner_kind}"
-  cat "${pvcs_to_delete_file_path}"
-
-  echo 'Exclude PVCs of the active and recent pipelineruns from deletion list:'
-  delete_lines_from_file "${pvcs_to_delete_file_path}" "${active_pipelineruns}"
-  delete_lines_from_file "${pvcs_to_delete_file_path}" "${recent_pipelineruns_pvcs}"
-  cat "${pvcs_to_delete_file_path}"
-
-  echo 'Remove owner info from PVCs list'
-  sed -i "s,${separator}.*,," "${pvcs_to_delete_file_path}"
-
-  echo 'Delete pods'
-  prune_resources "${pods_to_delete_file_path}" ''
+  echo 'Delete pipelineruns'
+  prune_resources "${pipelinerun_to_delete_file_path}" ''
   echo 'Ok'
 
-  echo 'Delete pvcs'
-  prune_resources "${pvcs_to_delete_file_path}" 'pvc/'
-  echo 'Ok'
 }
 
 main
diff --git a/...ry/templates/resources/pruner/secret.yaml → ...templates/resources/pruner/configmap.yaml b/...ry/templates/resources/pruner/secret.yaml → ...templates/resources/pruner/configmap.yaml
@@ -1,12 +1,12 @@
 {{ if .Values.tekton.pruner.create }}
 ---
-kind: Secret
+kind: ConfigMap
 apiVersion: v1
 type: Opaque
 metadata:
   name: tekton-resource-pruner-scripts
   labels:
     {{- include "edp-tekton.labels" . | nindent 4 }}
 data:
-{{ (.Files.Glob "scripts/tekton-prune.sh").AsSecrets | indent 2 }}
-{{ end }}
+{{ (.Files.Glob "scripts/tekton-prune.sh").AsConfig | indent 2 }}
+{{ end }}
diff --git a/charts/pipelines-library/templates/resources/pruner/cron-job.yaml b/charts/pipelines-library/templates/resources/pruner/cron-job.yaml
@@ -17,8 +17,8 @@ spec:
         spec:
           volumes:
             - name: scripts
-              secret:
-                secretName: tekton-resource-pruner-scripts
+              configMap:
+                name: tekton-resource-pruner-scripts
           containers:
             - name: kubectl
               image: "{{ default "bitnami/kubectl:latest" .Values.tekton.pruner.image }}"
@@ -28,10 +28,6 @@ spec:
                     fieldRef:
                       apiVersion: v1
                       fieldPath: metadata.namespace
-                - name: RECENT_MINUTES_PODS
-                  value: {{ default 30 .Values.tekton.pruner.recentMinutes_pods | quote }}
-                - name: RECENT_MINUTES_PVCS
-                  value: {{ default 60 .Values.tekton.pruner.recentMinutes_pvcs | quote }}
               command:
                 - bash
                 - /scripts/tekton-prune.sh

diff --git a/charts/pipelines-library/templates/resources/pruner/rbac.yaml b/charts/pipelines-library/templates/resources/pruner/rbac.yaml
@@ -18,26 +18,17 @@ rules:
     verbs:
       - get
       - list
+      - delete
     resources:
       - pipelineruns
   - apiGroups:
       - ''
     verbs:
       - get
     resources:
-      - secrets
+      - ConfigMap
     resourceNames:
       - tekton-resource-pruner-scripts
-  - apiGroups:
-      - ''
-    verbs:
-      - get
-      - list
-      - watch
-      - delete
-    resources:
-      - pods
-      - persistentvolumeclaims
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: RoleBinding

diff --git a/charts/pipelines-library/values.yaml b/charts/pipelines-library/values.yaml
@@ -107,11 +107,7 @@ tekton:
     # -- Specifies whether a cronjob should be created
     create: true
     # -- How often to clean up resources
-    schedule: "0 * * * *"
-    # -- Controls the retention period (in minutes) for Tekton pipeline run history. Pipeline runs older than this duration are automatically deleted.
-    recentMinutes_pods: "720"
-    # -- Specifies the retention period (in minutes) for pvcs related to Tekton pipeline runs. A non-zero value aids in debugging by preventing automatic deletion of pvcs once pipeline runs complete. Default: 0 (automatic deletion enabled).
-    recentMinutes_pvcs: "0"
+    schedule: "0 10 */1 * *"
     # -- Docker image to run the pruner, expected to have kubectl and jq
     image: bitnami/kubectl:1.25
     # -- Pod resources for Tekton pruner job