feat: cleanup jobs resources (#7337)

* feat: cleanup jobs resources Signed-off-by: bakito <github@bakito.ch> * empty resources by default Signed-off-by: bakito <github@bakito.ch> --------- Signed-off-by: bakito <github@bakito.ch>
2025-03-31 03:45:17 +00:00 · 2023-05-31 12:09:13 +02:00 · 2023-05-31 12:09:13 +02:00 · 049992403c
commit 049992403c
parent efef465aab
5 changed files with 18 additions and 0 deletions
--- a/charts/kyverno/Chart.yaml
+++ b/charts/kyverno/Chart.yaml
@ -42,3 +42,5 @@ annotations:
      description: missing image pull secrets in helm hooks
    - kind: added
      description: support `excludeRoles` and `excludeClusterRoles` in config
+    - kind: added
+      description: define resources for cleanupJobs
--- a/charts/kyverno/README.md
+++ b/charts/kyverno/README.md
@ -623,6 +623,7 @@ The chart values are organised per component.
 | cleanupJobs.admissionReports.history | object | `{"failure":1,"success":1}` | Cronjob history |
 | cleanupJobs.admissionReports.podSecurityContext | object | `{}` | Security context for the pod |
 | cleanupJobs.admissionReports.securityContext | object | `{"allowPrivilegeEscalation":false,"capabilities":{"drop":["ALL"]},"privileged":false,"readOnlyRootFilesystem":true,"runAsNonRoot":true,"seccompProfile":{"type":"RuntimeDefault"}}` | Security context for the containers |
+| cleanupJobs.admissionReports.resources | object | `{}` | Job resources |
 | cleanupJobs.admissionReports.tolerations | list | `[]` | List of node taints to tolerate |
 | cleanupJobs.clusterAdmissionReports.enabled | bool | `true` | Enable cleanup cronjob |
 | cleanupJobs.clusterAdmissionReports.image.registry | string | `nil` | Image registry |
@ -634,6 +635,7 @@ The chart values are organised per component.
 | cleanupJobs.clusterAdmissionReports.history | object | `{"failure":1,"success":1}` | Cronjob history |
 | cleanupJobs.clusterAdmissionReports.podSecurityContext | object | `{}` | Security context for the pod |
 | cleanupJobs.clusterAdmissionReports.securityContext | object | `{"allowPrivilegeEscalation":false,"capabilities":{"drop":["ALL"]},"privileged":false,"readOnlyRootFilesystem":true,"runAsNonRoot":true,"seccompProfile":{"type":"RuntimeDefault"}}` | Security context for the containers |
+| cleanupJobs.clusterAdmissionReports.resources | object | `{}` | Job resources |
 | cleanupJobs.clusterAdmissionReports.tolerations | list | `[]` | List of node taints to tolerate |

 ### Other
--- a/charts/kyverno/templates/cleanup/cleanup-admission-reports.yaml
+++ b/charts/kyverno/templates/cleanup/cleanup-admission-reports.yaml
@ -39,6 +39,10 @@ spec:
            securityContext:
              {{- toYaml . | nindent 14 }}
            {{- end }}
+            {{- with .Values.cleanupJobs.admissionReports.resources }}
+            resources:
+              {{- toYaml . | nindent 14 }}
+            {{- end }}
          restartPolicy: OnFailure
          {{- with .Values.cleanupJobs.admissionReports.tolerations }}
          tolerations:
--- a/charts/kyverno/templates/cleanup/cleanup-cluster-admission-reports.yaml
+++ b/charts/kyverno/templates/cleanup/cleanup-cluster-admission-reports.yaml
@ -39,6 +39,10 @@ spec:
            securityContext:
              {{- toYaml . | nindent 14 }}
            {{- end }}
+            {{- with .Values.cleanupJobs.clusterAdmissionReports.resources }}
+            resources:
+              {{- toYaml . | nindent 14 }}
+            {{- end }}
          restartPolicy: OnFailure
          {{- with .Values.cleanupJobs.clusterAdmissionReports.tolerations }}
          tolerations:
--- a/charts/kyverno/values.yaml
+++ b/charts/kyverno/values.yaml
@ -428,6 +428,9 @@ cleanupJobs:
      seccompProfile:
        type: RuntimeDefault

+    # -- Job resources
+    resources: {}
+
    # -- List of node taints to tolerate
    tolerations: []

@ -474,6 +477,9 @@ cleanupJobs:
      seccompProfile:
        type: RuntimeDefault

+    # -- Job resources
+    resources: {}
+
    # -- List of node taints to tolerate
    tolerations: []