From d576cd0991f0ae7cdd53f97be8aac66c3d34c3e4 Mon Sep 17 00:00:00 2001
From: Homaja Marisetty <hmariset@redhat.com>
Date: Mon, 9 Dec 2024 12:16:29 -0500
Subject: [PATCH] chore(KFLUXVNGD-128): Delete old crossplane namespace claims

Delete crossplane namespace claims periodically to prevent the
compute provided.

Jira-Url: https://issues.redhat.com/browse/KFLUXVNGD-128
Signed-off-by: Homaja Marisetty <hmariset@redhat.com>
---
 .../base/cronjob.yaml                         | 37 +++++++++++++++++++
 .../base/kustomization.yaml                   |  3 ++
 .../base/namespace-claim-configmap.yaml       | 20 ++++++++++
 .../crossplane-control-plane/base/rbac.yaml   | 32 ++++++++++++++++
 4 files changed, 92 insertions(+)
 create mode 100644 components/crossplane-control-plane/base/cronjob.yaml
 create mode 100644 components/crossplane-control-plane/base/namespace-claim-configmap.yaml
 create mode 100644 components/crossplane-control-plane/base/rbac.yaml

diff --git a/components/crossplane-control-plane/base/cronjob.yaml b/components/crossplane-control-plane/base/cronjob.yaml
new file mode 100644
index 00000000000..c16d8bb6c6c
--- /dev/null
+++ b/components/crossplane-control-plane/base/cronjob.yaml
@@ -0,0 +1,37 @@
+apiVersion: batch/v1
+kind: CronJob
+metadata:
+  name: namespace-claim-cleaner
+  namespace: crossplane-control-plane
+spec:
+  schedule: "0 4 * * *" # every day at 4AM UTC
+  jobTemplate:
+    spec:
+      template:
+        spec:
+          containers:
+            - name: namespace-claim-cleaner
+              image: bitnami/kubectl:latest
+              command:
+                - /bin/bash
+                - /scripts/namespace-claim-cleaner.sh
+              volumeMounts:
+                - name: script-volume
+                  mountPath: /scripts
+                  readOnly: true
+              volumes:
+                - name: script-volume
+                  configMap:
+                    name: namespace-claim-configmap
+              resources:
+                requests:
+                  cpu: 250m
+                  memory: 125Mi
+                limits:
+                  cpu: 250m
+                  memory: 125Mi
+              securityContext:
+                readOnlyRootFilesystem: true
+                runAsNonRoot: true
+          restartPolicy: Never
+          serviceAccountName: namespace-claim-cleaner
diff --git a/components/crossplane-control-plane/base/kustomization.yaml b/components/crossplane-control-plane/base/kustomization.yaml
index baf075af5c5..4f540e84dd2 100644
--- a/components/crossplane-control-plane/base/kustomization.yaml
+++ b/components/crossplane-control-plane/base/kustomization.yaml
@@ -1,6 +1,9 @@
 resources:
 - https://github.com/konflux-ci/crossplane-control-plane/crossplane?ref=5d6c42730c1c9f66b5d3567bdf04d587832ceac1
 - https://github.com/konflux-ci/crossplane-control-plane/config?ref=5d6c42730c1c9f66b5d3567bdf04d587832ceac1
+- rbac.yaml
+- cronjob.yaml
+- namespace-claim-configmap.yaml
 
 apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
diff --git a/components/crossplane-control-plane/base/namespace-claim-configmap.yaml b/components/crossplane-control-plane/base/namespace-claim-configmap.yaml
new file mode 100644
index 00000000000..1ef5e52b15e
--- /dev/null
+++ b/components/crossplane-control-plane/base/namespace-claim-configmap.yaml
@@ -0,0 +1,20 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: namespace-claim-configmap
+  namespace: crossplane-control-plane
+data:
+  namespace-claim-cleaner.sh: |
+    #!/bin/bash
+
+    CURRENT_TIME=$(date +%s)
+    kubectl get namespaces.eaas.konflux-ci.dev -o json | jq -c '.items[]' | while read -r claim; do
+      CREATION_TIMESTAMP=$(echo $claim | jq -r '.metadata.creationTimestamp')
+      CREATION_TIME=$(date -d "$CREATION_TIMESTAMP" +%s)
+      AGE=$((CURRENT_TIME - CREATION_TIME))
+      if [ $AGE -gt (2*24*3600) ]; then
+        NAME=$(echo $claim | jq -r '.metadata.name')
+        echo "Deleting NamespaceClaim: $NAME"
+        kubectl delete namespaces.eaas.konflux-ci.dev $NAME
+      fi
+    done
diff --git a/components/crossplane-control-plane/base/rbac.yaml b/components/crossplane-control-plane/base/rbac.yaml
new file mode 100644
index 00000000000..370e754b8c0
--- /dev/null
+++ b/components/crossplane-control-plane/base/rbac.yaml
@@ -0,0 +1,32 @@
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: namespace-claim-cleaner
+  namespace: crossplane-control-plane
+---
+kind: ClusterRole
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: namespace-claim-cleaner
+rules:
+  - apiGroups:
+      - eaas.konflux-ci.dev
+    resources:
+      - namespaces
+    verbs:
+      - list
+      - delete
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: namespace-claim-cleaner
+subjects:
+  - kind: ServiceAccount
+    name: namespace-claim-cleaner
+    namespace: crossplane-control-plane
+roleRef:
+  kind: ClusterRole
+  name: namespace-claim-cleaner
+  apiGroup: rbac.authorization.k8s.io