chore(KFLUXVNGD-128): Delete old crossplane namespace claims

Delete crossplane namespace claims periodically to prevent the compute provided. Jira-Url: https://issues.redhat.com/browse/KFLUXVNGD-128 Signed-off-by: Homaja Marisetty <[email protected]>
redhat-appstudio · Dec 16, 2024 · d576cd0 · d576cd0
1 parent 38bbfa0
commit d576cd0
Show file tree

Hide file tree

Showing 4 changed files with 92 additions and 0 deletions.
diff --git a/components/crossplane-control-plane/base/cronjob.yaml b/components/crossplane-control-plane/base/cronjob.yaml
@@ -0,0 +1,37 @@
+apiVersion: batch/v1
+kind: CronJob
+metadata:
+  name: namespace-claim-cleaner
+  namespace: crossplane-control-plane
+spec:
+  schedule: "0 4 * * *" # every day at 4AM UTC
+  jobTemplate:
+    spec:
+      template:
+        spec:
+          containers:
+            - name: namespace-claim-cleaner
+              image: bitnami/kubectl:latest
+              command:
+                - /bin/bash
+                - /scripts/namespace-claim-cleaner.sh
+              volumeMounts:
+                - name: script-volume
+                  mountPath: /scripts
+                  readOnly: true
+              volumes:
+                - name: script-volume
+                  configMap:
+                    name: namespace-claim-configmap
+              resources:
+                requests:
+                  cpu: 250m
+                  memory: 125Mi
+                limits:
+                  cpu: 250m
+                  memory: 125Mi
+              securityContext:
+                readOnlyRootFilesystem: true
+                runAsNonRoot: true
+          restartPolicy: Never
+          serviceAccountName: namespace-claim-cleaner
diff --git a/components/crossplane-control-plane/base/kustomization.yaml b/components/crossplane-control-plane/base/kustomization.yaml
@@ -1,6 +1,9 @@
 resources:
 - https://github.com/konflux-ci/crossplane-control-plane/crossplane?ref=5d6c42730c1c9f66b5d3567bdf04d587832ceac1
 - https://github.com/konflux-ci/crossplane-control-plane/config?ref=5d6c42730c1c9f66b5d3567bdf04d587832ceac1
+- rbac.yaml
+- cronjob.yaml
+- namespace-claim-configmap.yaml
 
 apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
diff --git a/components/crossplane-control-plane/base/namespace-claim-configmap.yaml b/components/crossplane-control-plane/base/namespace-claim-configmap.yaml
@@ -0,0 +1,20 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: namespace-claim-configmap
+  namespace: crossplane-control-plane
+data:
+  namespace-claim-cleaner.sh: |
+    #!/bin/bash
+
+    CURRENT_TIME=$(date +%s)
+    kubectl get namespaces.eaas.konflux-ci.dev -o json | jq -c '.items[]' | while read -r claim; do
+      CREATION_TIMESTAMP=$(echo $claim | jq -r '.metadata.creationTimestamp')
+      CREATION_TIME=$(date -d "$CREATION_TIMESTAMP" +%s)
+      AGE=$((CURRENT_TIME - CREATION_TIME))
+      if [ $AGE -gt (2*24*3600) ]; then
+        NAME=$(echo $claim | jq -r '.metadata.name')
+        echo "Deleting NamespaceClaim: $NAME"
+        kubectl delete namespaces.eaas.konflux-ci.dev $NAME
+      fi
+    done
diff --git a/components/crossplane-control-plane/base/rbac.yaml b/components/crossplane-control-plane/base/rbac.yaml
@@ -0,0 +1,32 @@
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: namespace-claim-cleaner
+  namespace: crossplane-control-plane
+---
+kind: ClusterRole
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: namespace-claim-cleaner
+rules:
+  - apiGroups:
+      - eaas.konflux-ci.dev
+    resources:
+      - namespaces
+    verbs:
+      - list
+      - delete
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: namespace-claim-cleaner
+subjects:
+  - kind: ServiceAccount
+    name: namespace-claim-cleaner
+    namespace: crossplane-control-plane
+roleRef:
+  kind: ClusterRole
+  name: namespace-claim-cleaner
+  apiGroup: rbac.authorization.k8s.io