core-deployments/longhorn/snapshot-cleaner.yaml

81 lines
No EOL
2.7 KiB
YAML

kind: Role
apiVersion: rbac.authorization.k8s.io/v1
metadata:
namespace: longhorn-system
name: snapshot-cleaner
rules:
- apiGroups:
- longhorn.io
resources:
- backups
- snapshots
verbs:
- 'list'
- 'delete'
---
kind: RoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: snapshot-cleaner
namespace: longhorn-system
subjects:
- kind: ServiceAccount
name: sa-snapshot-cleaner
namespace: longhorn-system
roleRef:
kind: Role
name: snapshot-cleaner
apiGroup: ""
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: sa-snapshot-cleaner
namespace: longhorn-system
---
apiVersion: batch/v1
kind: CronJob
metadata:
name: snapshot-cleaner
namespace: longhorn-system
spec:
concurrencyPolicy: Forbid
failedJobsHistoryLimit: 3
jobTemplate:
spec:
template:
spec:
containers:
- args:
- '-c'
- >-
comm -3 <(kubectl get backups.longhorn.io -n longhorn-system -o
custom-columns=SNAPSHOT:.spec.snapshotName | grep '^snapshot-'
| sort | uniq) <(kubectl get snapshot.longhorn.io -n longhorn-system
-o custom-columns=SNAPSHOT:.metadata.name | grep '^snapshot-' | sort
| uniq) | sed -n '/^\t/p' | sed 's/^\t//' | grep -v '^\n$'
| xargs -r kubectl delete snapshot.longhorn.io -n longhorn-system &&
comm -3 <(kubectl get snapshot.longhorn.io -n longhorn-system -o
custom-columns=SNAPSHOT:.metadata.name | grep '^snapshot-' | sort | uniq)
<(kubectl get backups.longhorn.io -n longhorn-system -o
custom-columns=SNAPSHOT:.spec.snapshotName | grep '^snapshot-' | sort | uniq)
| sed -n '/^\t/p' | sed 's/^\t//' | grep -v '^\n$' | while IFS= read -r snapshot;
do kubectl get backups.longhorn.io -n longhorn-system -o
jsonpath='{.items[?(@.spec.snapshotName=="'$snapshot'")].metadata.name}' | tr ' ' '\n'
| xargs -r -I {} kubectl delete backups.longhorn.io -n longhorn-system {}; done
command:
- /bin/bash
image: bitnami/kubectl:latest
imagePullPolicy: Always
name: snapshot-cleaner
terminationMessagePath: /dev/termination-log
terminationMessagePolicy: File
dnsPolicy: ClusterFirst
restartPolicy: OnFailure
schedulerName: default-scheduler
serviceAccount: sa-snapshot-cleaner
serviceAccountName: sa-snapshot-cleaner
terminationGracePeriodSeconds: 1800
schedule: '40 */2 * * *'
successfulJobsHistoryLimit: 1
suspend: false