diff --git a/components/crossplane-control-plane/base/configmap.yaml b/components/crossplane-control-plane/base/configmap.yaml new file mode 100644 index 00000000000..5fc4d2e19e6 --- /dev/null +++ b/components/crossplane-control-plane/base/configmap.yaml @@ -0,0 +1,25 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: namespace-claim-cleaner-configmap + namespace: crossplane-system +data: + namespace-claim-cleaner.sh: | + #!/bin/bash + set -eo pipefail + + namespaces=$(kubectl get namespaces.eaas.konflux-ci.dev --all-namespaces -o json | jq -c '.items[] | "\(.metadata.name) \(.metadata.namespace) \(.metadata.creationTimestamp)"' | sed 's/"//g' | xargs) + + if [[ -z "$namespaces" ]]; then + echo "No namespaces found" + exit 0 + fi + + while read -r name namespace creationTime; do + CREATION_TIME=$(date -d "$creationTime" +%s) + CURRENT_TIME=$(date +%s) + AGE=$((CURRENT_TIME - CREATION_TIME)) + if [ $AGE -gt 14400 ]; then + kubectl delete namespaces.eaas.konflux-ci.dev $name -n $namespace + fi + done <<< "$namespaces" diff --git a/components/crossplane-control-plane/base/cronjob.yaml b/components/crossplane-control-plane/base/cronjob.yaml new file mode 100644 index 00000000000..005e2375a2a --- /dev/null +++ b/components/crossplane-control-plane/base/cronjob.yaml @@ -0,0 +1,37 @@ +apiVersion: batch/v1 +kind: CronJob +metadata: + name: namespace-claim-cleaner + namespace: crossplane-system +spec: + schedule: "0 4 * * *" # every day at 4AM UTC + jobTemplate: + spec: + template: + spec: + containers: + - name: namespace-claim-cleaner + image: quay.io/konflux-ci/appstudio-utils:e9578e46aefbe58bf77de1f154fbb846fcbdacec@sha256:2094a997c17bc168264209deb43504adcda4b97b64602041e4886f086856301d + command: + - /bin/bash + - /scripts/namespace-claim-cleaner.sh + volumeMounts: + - name: script-volume + mountPath: /scripts + readOnly: true + resources: + requests: + cpu: 250m + memory: 125Mi + limits: + cpu: 250m + memory: 125Mi + securityContext: + readOnlyRootFilesystem: true + runAsNonRoot: true + volumes: + - name: script-volume + configMap: + name: namespace-claim-cleaner-configmap + restartPolicy: Never + serviceAccountName: namespace-claim-cleaner diff --git a/components/crossplane-control-plane/base/kustomization.yaml b/components/crossplane-control-plane/base/kustomization.yaml index baf075af5c5..5caf68af6a0 100644 --- a/components/crossplane-control-plane/base/kustomization.yaml +++ b/components/crossplane-control-plane/base/kustomization.yaml @@ -1,6 +1,9 @@ resources: - https://github.com/konflux-ci/crossplane-control-plane/crossplane?ref=5d6c42730c1c9f66b5d3567bdf04d587832ceac1 - https://github.com/konflux-ci/crossplane-control-plane/config?ref=5d6c42730c1c9f66b5d3567bdf04d587832ceac1 +- rbac.yaml +- cronjob.yaml +- configmap.yaml apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization diff --git a/components/crossplane-control-plane/base/rbac.yaml b/components/crossplane-control-plane/base/rbac.yaml new file mode 100644 index 00000000000..b1dcc5b5a04 --- /dev/null +++ b/components/crossplane-control-plane/base/rbac.yaml @@ -0,0 +1,32 @@ +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: namespace-claim-cleaner + namespace: crossplane-system +--- +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: namespace-claim-cleaner +rules: + - apiGroups: + - eaas.konflux-ci.dev + resources: + - namespaces + verbs: + - list + - delete +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: namespace-claim-cleaner +subjects: + - kind: ServiceAccount + name: namespace-claim-cleaner + namespace: crossplane-system +roleRef: + kind: ClusterRole + name: namespace-claim-cleaner + apiGroup: rbac.authorization.k8s.io