Skip to content

Instantly share code, notes, and snippets.

@miry

miry/kube_clean_staging_deployment.yml

Created February 19, 2021 12:11
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save miry/b38418149ed552507040ca7d5310179c to your computer and use it in GitHub Desktop.
Save miry/b38418149ed552507040ca7d5310179c to your computer and use it in GitHub Desktop.
Download ZIP
A Kube resources to automaticaly to remove old kube resources that were deployed to staging
Raw
kube_clean_staging_deployment.yml
---
apiVersion: v1
kind: ServiceAccount
metadata:
labels:
k8s-app: deployments-gc
name: deployments-gc
namespace: pnd-staging
---
kind: Role
apiVersion: rbac.authorization.k8s.io/v1alpha1
metadata:
name: system:clean-deployments
namespace: pnd-staging
labels:
k8s-app: deployments-gc
rules:
- apiGroups:
- ""
- extensions
- v1beta1
resources:
- deployments
- services
- replicasets
- ingresses
- secrets
verbs:
- get
- list
- delete
- update
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: RoleBinding
metadata:
name: deployments-gc
namespace: pnd-staging
labels:
k8s-app: deployments-gc
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: system:clean-deployments
subjects:
- kind: ServiceAccount
name: deployments-gc
namespace: pnd-staging
---
apiVersion: v1
kind: ConfigMap
metadata:
name: deployments-gc-script
namespace: pnd-staging
labels:
k8s-app: deployments-gc
data:
clean_deployments.sh: |-
set -e
KUBE_URL="https://kubernetes.default.svc.cluster.local"
KUBE_TOKEN="$(cat /var/run/secrets/kubernetes.io/serviceaccount/token)"
kubectl -s $KUBE_URL --certificate-authority=/var/run/secrets/kubernetes.io/serviceaccount/ca.crt --token=${KUBE_TOKEN} -n pnd-staging delete deploy,service,replicasets,ingress -l app=dashboard,environment=staging
for secret in $(kubectl -s $KUBE_URL --certificate-authority=/var/run/secrets/kubernetes.io/serviceaccount/ca.crt --token=${KUBE_TOKEN} -n pnd-staging get secrets -o wide --sort-by=.type --field-selector=type=kubernetes.io/tls -o jsonpath='{.items[*].metadata.name}' -l certmanager.k8s.io/certificate-name)
do
if [[ $secret != "dashboard-root-cert" ]] && [[ $secret != "dashboard-master-cert" ]]; then
kubectl -s $KUBE_URL --certificate-authority=/var/run/secrets/kubernetes.io/serviceaccount/ca.crt --token=${KUBE_TOKEN} -n pnd-staging delete secret "${secret}"
fi
done
echo "Done"
---
apiVersion: v1
kind: Pod
metadata:
name: deployments-gc
namespace: pnd-staging
labels:
k8s-app: deployments-gc
spec:
serviceAccountName: deployments-gc
containers:
- image: lachlanevenson/k8s-kubectl
command:
- /bin/sh
- /opt/utils/clean_deployments.sh
name: busybox
volumeMounts:
- name: clean-deployments
mountPath: /opt/utils/
restartPolicy: Never
volumes:
- name: clean-deployments
configMap:
name: deployments-gc-script
---
apiVersion: batch/v1beta1
kind: CronJob
metadata:
name: deployments-gc
namespace: pnd-staging
labels:
k8s-app: deployments-gc
spec:
schedule: "@weekly"
jobTemplate:
spec:
template:
metadata:
name: deployments-gc
labels:
k8s-app: deployments-gc
spec:
serviceAccountName: deployments-gc
containers:
- name: busybox
image: lachlanevenson/k8s-kubectl
command:
- /bin/sh
- /opt/utils/clean_deployments.sh
volumeMounts:
- name: clean-deployments
mountPath: /opt/utils/
resources:
requests:
memory: 16Mi
cpu: 0.1
restartPolicy: Never
volumes:
- name: clean-deployments
configMap:
name: deployments-gc-script
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment