Merge pull request #7 from MediaMarktSaturn/feat/addPodCleanupChart

feat(charts): Add Kubernetes pod cleanup chart

README.md

@@ -29,6 +29,12 @@ spec:
 
 The [OWASP Dependency-Track](https://owasp.org/www-project-dependency-track/) project with separate deployments for API-server and frontend.
 
+### [Kubernetes failed/terminated pods cleanup](https://github.com/MediaMarktSaturn/helm-charts/tree/main/charts/k8s-pod-cleanup)
+
+A CronJob that deletes terminated/failed pods from a Kubernetes cluster.
+
+Useful when e.g. provisioning Google Kubernetes Engine clusters with preemptible nodes. The preemption leads to pods being shut down during node recreation, however the pods are still kept and displayed when listing them.
+
 ---
 
 _This repository is published under the [Apache License 2.0](https://www.apache.org/licenses/LICENSE-2.0)_

chart-tests/pod-cleanup/ci/test-values.yaml

@@ -0,0 +1,12 @@
+schedule: "0 5 * * 1"
+
+successfulJobsHistoryLimit: 4
+failedJobsHistoryLimit: 1
+
+resources:
+  requests:
+    cpu: 123m
+    memory: 321Mi
+  limits:
+    cpu: 123m
+    memory: 321Mi

charts/pod-cleanup/Chart.yaml

@@ -0,0 +1,9 @@
+apiVersion: v2
+name: pod-cleanup
+home: https://github.com/MediaMarktSaturn/helm-charts
+description: Helm Chart for cleaning up failed/terminated Kubernetes pods
+type: application
+maintainers:
+  - name: MediaMarktSaturn
+    url: https://github.com/MediaMarktSaturn
+version: 1.0.0

charts/pod-cleanup/README.md

@@ -0,0 +1,31 @@
+# pod-cleanup
+
+![Version: 1.0.0](https://img.shields.io/badge/Version-1.0.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square)
+
+Helm Chart for cleaning up failed/terminated Kubernetes pods
+
+**Homepage:** <https://github.com/MediaMarktSaturn/helm-charts>
+
+## Maintainers
+
+| Name | Email | Url |
+| ---- | ------ | --- |
+| MediaMarktSaturn |  | <https://github.com/MediaMarktSaturn> |
+
+## Values
+
+| Key | Type | Default | Description |
+|-----|------|---------|-------------|
+| failedJobsHistoryLimit | int | `3` |  |
+| image.repository | string | `"bitnami/kubectl"` |  |
+| image.tag | string | `"1.25"` |  |
+| resources.limits.cpu | string | `"100m"` |  |
+| resources.limits.memory | string | `"100Mi"` |  |
+| resources.requests.cpu | string | `"100m"` |  |
+| resources.requests.memory | string | `"100Mi"` |  |
+| schedule | string | `"0 7 * * 1"` |  |
+| successfulJobsHistoryLimit | int | `3` |  |
+| ttlSecondsAfterFinished | int | `86400` |  |
+
+----------------------------------------------
+Autogenerated from chart metadata using [helm-docs v1.11.0](https://github.com/norwoodj/helm-docs/releases/v1.11.0)

charts/pod-cleanup/templates/clusterrole.yaml

@@ -0,0 +1,15 @@
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  labels:
+    app.kubernetes.io/name: {{ $.Release.Name }}
+  name: {{ $.Release.Name }}
+rules:
+  - apiGroups:
+      - ""
+    resources:
+      - pods
+    verbs:
+      - delete
+      - list

charts/pod-cleanup/templates/clusterrolebinding.yaml

@@ -0,0 +1,15 @@
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  labels:
+    app.kubernetes.io/name: {{ $.Release.Name }}
+  name: {{ $.Release.Name }}
+roleRef:
+  apiGroup: ""
+  kind: ClusterRole
+  name: {{ $.Release.Name }}
+subjects:
+  - kind: ServiceAccount
+    name: {{ $.Release.Name }}
+    namespace: {{ $.Release.Namespace }}

charts/pod-cleanup/templates/cronjob.yaml

@@ -0,0 +1,41 @@
+---
+apiVersion: batch/v1
+kind: CronJob
+metadata:
+  labels:
+    app.kubernetes.io/name: {{ $.Release.Name }}
+  name: {{ $.Release.Name }}
+  namespace: {{ $.Release.Namespace }}
+spec:
+  schedule: {{ $.Values.schedule | quote }}
+  concurrencyPolicy: Forbid
+  successfulJobsHistoryLimit: {{ $.Values.successfulJobsHistoryLimit }}
+  failedJobsHistoryLimit: {{ $.Values.failedJobsHistoryLimit }}
+  jobTemplate:
+    metadata:
+      labels:
+        app.kubernetes.io/name: {{ $.Release.Name }}
+    spec:
+      ttlSecondsAfterFinished: {{ $.Values.ttlSecondsAfterFinished }}
+      template:
+        metadata:
+          labels:
+            app.kubernetes.io/name: {{ $.Release.Name }}
+        spec:
+          securityContext:
+            runAsUser: 1000
+          automountServiceAccountToken: true
+          containers:
+            - image: "{{ $.Values.image.repository }}:{{ $.Values.image.tag }}"
+              name: {{ $.Release.Name }}
+              command:
+                - /bin/sh
+                - -c
+                - kubectl delete pods -A --field-selector=status.phase=Failed
+              resources:
+                {{- toYaml $.Values.resources | nindent 16 }}
+              imagePullPolicy: IfNotPresent
+              securityContext:
+                allowPrivilegeEscalation: false
+          restartPolicy: OnFailure
+          serviceAccountName: {{ $.Release.Name }}

charts/pod-cleanup/templates/serviceaccount.yaml

@@ -0,0 +1,8 @@
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  labels:
+    app.kubernetes.io/name: {{ $.Release.Name }}
+  name: {{ $.Release.Name }}
+  namespace: {{ $.Release.Namespace }}

charts/pod-cleanup/values.yaml

@@ -0,0 +1,27 @@
+image:
+  # Docker image used in container, defaults to https://hub.docker.com/r/bitnami/kubectl
+  # A different image can be used as long as it contains the "kubectl" tool
+  repository: bitnami/kubectl
+  # Tag can be set to any Kubernetes version, to avoid unexpected compability issues it is recommended to use the same version configured for the K8s cluster
+  tag: "1.25"
+
+# CronJob schedule https://kubernetes.io/docs/concepts/workloads/controllers/cron-jobs/#cron-schedule-syntax
+# Defaults to once every Monday on 07:00 AM (once per week)
+schedule: "0 7 * * 1"
+
+# How much completed jobs to keep in each state
+successfulJobsHistoryLimit: 3
+failedJobsHistoryLimit: 3
+
+# https://kubernetes.io/docs/concepts/workloads/controllers/ttlafterfinished/
+# Defaults to 86400 seconds = 1d
+ttlSecondsAfterFinished: 86400
+
+# Resources for containers started by CronJob
+resources:
+  requests:
+    cpu: 100m
+    memory: 100Mi
+  limits:
+    cpu: 100m
+    memory: 100Mi