1
0
Fork 0
mirror of https://github.com/kyverno/kyverno.git synced 2025-01-20 18:52:16 +00:00

disable up cleanup crobjob (#10678)

Signed-off-by: ShutingZhao <shuting@nirmata.com>
This commit is contained in:
shuting 2024-07-18 19:06:47 +08:00 committed by GitHub
parent bdf9613572
commit 90b24c70e5
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
3 changed files with 2 additions and 52 deletions

View file

@ -728,7 +728,7 @@ The chart values are organised per component.
| Key | Type | Default | Description |
|-----|------|---------|-------------|
| cleanupJobs.updateRequests.enabled | bool | `true` | Enable cleanup cronjob |
| cleanupJobs.updateRequests.enabled | bool | `false` | Enable cleanup cronjob |
| cleanupJobs.updateRequests.backoffLimit | int | `3` | Maximum number of retries before considering a Job as failed. Defaults to 3. |
| cleanupJobs.updateRequests.ttlSecondsAfterFinished | string | `""` | Time until the pod from the cronjob is deleted |
| cleanupJobs.updateRequests.image.registry | string | `nil` | Image registry |

View file

@ -687,7 +687,7 @@ cleanupJobs:
updateRequests:
# -- Enable cleanup cronjob
enabled: true
enabled: false
# -- Maximum number of retries before considering a Job as failed. Defaults to 3.
backoffLimit: 3

View file

@ -45333,53 +45333,3 @@ spec:
volumes:
- name: sigstore
emptyDir: {}
---
apiVersion: batch/v1
kind: CronJob
metadata:
name: kyverno-cleanup-update-requests
namespace: kyverno
labels:
app.kubernetes.io/component: cleanup
app.kubernetes.io/instance: kyverno
app.kubernetes.io/part-of: kyverno
app.kubernetes.io/version: latest
spec:
schedule: "*/10 * * * *"
concurrencyPolicy: Forbid
successfulJobsHistoryLimit: 1
failedJobsHistoryLimit: 1
jobTemplate:
spec:
backoffLimit: 3
template:
metadata:
spec:
serviceAccountName: kyverno-cleanup-jobs
containers:
- name: cleanup
image: "bitnami/kubectl:1.30.2"
imagePullPolicy:
command:
- /bin/bash
- -c
- |
set -euo pipefail
COUNT=$(kubectl get updaterequests.kyverno.io -A | wc -l)
if [ "$COUNT" -gt 10000 ]; then
echo "too many updaterequests found ($COUNT), cleaning up..."
kubectl delete updaterequests.kyverno.io --all -n kyverno
else
echo "($COUNT) reports found, no clean up needed"
fi
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
privileged: false
readOnlyRootFilesystem: true
runAsNonRoot: true
seccompProfile:
type: RuntimeDefault
restartPolicy: OnFailure