kind: Role
apiVersion: rbac.authorization.k8s.io/v1
metadata:
  namespace: longhorn-system
  name: snapshot-cleaner
rules:
- apiGroups:
  - longhorn.io
  resources:
  - backups
  - snapshots
  verbs:
  - 'list'
  - 'delete'
---
kind: RoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
  name: snapshot-cleaner
  namespace: longhorn-system
subjects:
- kind: ServiceAccount
  name: sa-snapshot-cleaner
  namespace: longhorn-system
roleRef:
  kind: Role
  name: snapshot-cleaner
  apiGroup: ""
---
apiVersion: v1
kind: ServiceAccount
metadata:
  name: sa-snapshot-cleaner
  namespace: longhorn-system
---
apiVersion: batch/v1
kind: CronJob
metadata:
  name: snapshot-cleaner
  namespace: longhorn-system
spec:
  concurrencyPolicy: Forbid
  failedJobsHistoryLimit: 3
  jobTemplate:
    spec:
      template:
        spec:
          containers:
            - args:
                - '-c'
                - >-
                  comm -3 <(kubectl get backups.longhorn.io -n longhorn-system -o 
                  custom-columns=SNAPSHOT:.spec.snapshotName | grep '^snapshot-' 
                  | sort | uniq) <(kubectl get snapshot.longhorn.io -n longhorn-system 
                  -o custom-columns=SNAPSHOT:.metadata.name | grep '^snapshot-' | sort 
                  | uniq) | sed -n '/^\t/p' | sed 's/^\t//' | grep -v '^\n$' 
                  | xargs -r kubectl delete snapshot.longhorn.io -n longhorn-system && 
                  comm -3 <(kubectl get snapshot.longhorn.io -n longhorn-system -o 
                  custom-columns=SNAPSHOT:.metadata.name | grep '^snapshot-' | sort | uniq) 
                  <(kubectl get backups.longhorn.io -n longhorn-system -o 
                  custom-columns=SNAPSHOT:.spec.snapshotName | grep '^snapshot-' | sort | uniq) 
                  | sed -n '/^\t/p' | sed 's/^\t//' | grep -v '^\n$' | while IFS= read -r snapshot; 
                  do kubectl get backups.longhorn.io -n longhorn-system -o 
                  jsonpath='{.items[?(@.spec.snapshotName=="'$snapshot'")].metadata.name}' | tr ' ' '\n' 
                  | xargs -r -I {} kubectl delete backups.longhorn.io -n longhorn-system {}; done
              command:
                - /bin/bash
              image: bitnami/kubectl:latest
              imagePullPolicy: Always
              name: snapshot-cleaner
              terminationMessagePath: /dev/termination-log
              terminationMessagePolicy: File
          dnsPolicy: ClusterFirst
          restartPolicy: OnFailure
          schedulerName: default-scheduler
          serviceAccount: sa-snapshot-cleaner
          serviceAccountName: sa-snapshot-cleaner
          terminationGracePeriodSeconds: 1800
  schedule: '40 */2 * * *'
  successfulJobsHistoryLimit: 1
  suspend: false