diff --git a/openshift/templates/cleanup/Dockerfile b/openshift/templates/cleanup/Dockerfile new file mode 100644 index 00000000..876880aa --- /dev/null +++ b/openshift/templates/cleanup/Dockerfile @@ -0,0 +1,4 @@ +FROM registry.redhat.io/openshift4/ose-cli +RUN mkdir /.kube && \ + chgrp -R root /.kube && \ + chmod -R g+w /.kube diff --git a/openshift/templates/cleanup/cleanup-bc-docker.yaml b/openshift/templates/cleanup/cleanup-bc-docker.yaml new file mode 100644 index 00000000..dad1c7ca --- /dev/null +++ b/openshift/templates/cleanup/cleanup-bc-docker.yaml @@ -0,0 +1,52 @@ +apiVersion: template.openshift.io/v1 +kind: Template +metadata: + creationTimestamp: null + name: frontend +parameters: + - name: GIT_URL + displayName: + description: cthub repo + required: true + - name: GIT_REF + displayName: + description: cthub branch name of the pr + required: true +objects: + - apiVersion: image.openshift.io/v1 + kind: ImageStream + metadata: + annotations: + description: cleanup + creationTimestamp: null + name: cthub-cleanup + spec: + lookupPolicy: + local: false + - apiVersion: build.openshift.io/v1 + kind: BuildConfig + metadata: + name: cthub-cleanup + creationTimestamp: + spec: + output: + to: + kind: ImageStreamTag + name: cthub-cleanup:prod + resources: + limits: + cpu: 1500m + memory: 1300Mi + requests: + cpu: 750m + memory: 650Mi + source: + contextDir: openshift/templates/cleanup + git: + uri: ${GIT_URL} + ref: ${GIT_REF} + type: Git + strategy: + type: Docker + dockerStrategy: + dockerfilePath: Dockerfile diff --git a/openshift/templates/cleanup/cleanup-cron.yaml b/openshift/templates/cleanup/cleanup-cron.yaml new file mode 100644 index 00000000..4ef48112 --- /dev/null +++ b/openshift/templates/cleanup/cleanup-cron.yaml @@ -0,0 +1,111 @@ +apiVersion: template.openshift.io/v1 +kind: Template +metadata: + creationTimestamp: null + name: cthub-cleanup +parameters: + - name: LICENSE_PLATE + description: license plate for the projec + required: true + - name: LOGIN_TOKEN_SECRET + description: The secret having the login token + required: true +objects: + - kind: CronJob + apiVersion: batch/v1 + metadata: + name: cthub-cleanup + spec: + schedule: 0 7 * * * + concurrencyPolicy: Forbid + suspend: false + jobTemplate: + metadata: + creationTimestamp: null + spec: + template: + metadata: + creationTimestamp: null + spec: + containers: + - resources: + limits: + cpu: 100m + memory: 100Mi + requests: + cpu: 50m + memory: 50Mi + terminationMessagePath: /dev/termination-log + name: oc + command: + - /bin/sh + - "-c" + env: + - name: LOGIN_TOKEN + valueFrom: + secretKeyRef: + name: ${LOGIN_TOKEN_SECRET} + key: token + imagePullPolicy: Always + terminationMessagePolicy: File + image: >- + image-registry.openshift-image-registry.svc:5000/${LICENSE_PLATE}-tools/cthub-cleanup:prod + args: + - > + date + + oc login --token=$(LOGIN_TOKEN) --server=https://api.silver.devops.gov.bc.ca:6443 + + oc version + + echo "" + + echo "====> Cleaning up ${LICENSE_PLATE}-tools" + + echo "==========> Removing expired builds" + + oc -n ${LICENSE_PLATE}-tools get builds | grep -E "Complete|Failed|Cancelled" | awk '{print $1}' | xargs oc -n ${LICENSE_PLATE}-tools delete build || true + + echo "==========> Removing expired frontend and backend image tags" + + oc -n ${LICENSE_PLATE}-tools get imagetags | grep -E "cthub-frontend|cthub-backend" | awk '{print $1}' | xargs oc -n ${LICENSE_PLATE}-tools delete imagetag || true + + echo "==========> Removing expired pods" + + oc -n ${LICENSE_PLATE}-tools get pods | grep -E "Completed|Error|ContainerStatusUnknown" | grep -v crunchy | grep -v spilo | awk '{print $1}' | xargs oc -n ${LICENSE_PLATE}-tools delete pod || true + + namespaces=("${LICENSE_PLATE}-dev" "${LICENSE_PLATE}-test") + + for namespace in "${namespaces[@]}"; do + + echo "" + + echo "====> Cleaning up $namespace" + + echo "==========> Removing expired pods" + + oc -n $namespace get pods | grep -E "Completed|Error|ContainerStatusUnknown" | grep -v crunchy | grep -v spilo | grep -v backup | awk '{print $1}' | xargs oc -n $namespace delete pod || true + + env=$(echo $namespace | awk -F '-' '{print $NF}') + + runningBackendImageTag=$(oc -n $namespace describe dc/cthub-$env-backend | grep Image | awk -F ':' '{print $4}') + + echo "==========> Removing expired backend image tags except cthub-backend:$runningBackendImageTag" + + oc -n $namespace get imagetags | grep cthub-backend | grep -v $runningBackendImageTag | awk '{print $1}' | xargs oc -n $namespace delete imagetag || true + + runningFrontendImageTag=$(oc -n $namespace describe deployment/cthub-$env-frontend| grep Image | awk -F ':' '{print $4}') + + echo "==========> Removing expired frontend image tags except cthub-frontend:$runningFrontendImageTag" + + oc -n $namespace get imagetags | grep cthub-frontend | grep -v $runningFrontendImageTag | awk '{print $1}' | xargs oc -n $namespace delete imagetag || true + + done + + restartPolicy: OnFailure + terminationGracePeriodSeconds: 30 + dnsPolicy: ClusterFirst + securityContext: {} + schedulerName: default-scheduler + successfulJobsHistoryLimit: 3 + failedJobsHistoryLimit: 1 diff --git a/openshift/templates/cleanup/readme.md b/openshift/templates/cleanup/readme.md new file mode 100644 index 00000000..52896d76 --- /dev/null +++ b/openshift/templates/cleanup/readme.md @@ -0,0 +1,13 @@ +# Cleanup Cron Job + +## cleanup-bc-docker.yaml + +The build config to build a clean up image base on Openshift4 oc client image + +## cleanup-cron.yaml + +The Openshift Cron Job to run periodically to clean up unused resource on in CTHUB spaces + +## Dockerfile + +The Dockerfile to build a new image on top of registry.redhat.io/openshift4/ose-cli