Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
Kubernetes-enabled Drone CI job/namespace cleaner

Kubernetes-enabled Drone CI currently has two problems.

  1. Cleaning up jobs is dependent on TTL, which is not enabled by default in most Kubernetes clusters.
  1. For each app's pipelines, it creates a namespace. Which is really nice, but sometimes it creates forever terminating namespaces.

You also have to give it the right authorization on a RBAC-enabled cluster. I don't recommend using this on a production cluster. Probably waiting for Drone CI to mature is a better idea.

---
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
labels:
app: ci-job-cleaner
name: ci-job-cleaner
namespace: ci
spec:
replicas: 1
selector:
matchLabels:
app: ci-job-cleaner
strategy:
rollingUpdate:
maxSurge: 1
maxUnavailable: 1
type: RollingUpdate
template:
metadata:
labels:
app: ci-job-cleaner
spec:
containers:
- name: ci-job-cleaner
args:
- --namespace=ci
- --keep-successful=1
- --keep-failures=1
image: quay.io/lwolf/kube-cleanup-operator
imagePullPolicy: Always
- name: ci-ns-cleaner
image: ubuntu:latest
args:
- bash
- -c
- |
apt-get update && apt-get install -y jq curl
# Install kubectl
curl -LO https://storage.googleapis.com/kubernetes-release/release/$(curl -s https://storage.googleapis.com/kubernetes-release/release/stable.txt)/bin/linux/amd64/kubectl
chmod +x ./kubectl
mv ./kubectl /usr/local/bin/kubectl
# Install kill-ns
curl -LO https://gist.githubusercontent.com/stewartpark/c40e6fbd50d66bb91e1a05bb831a4660/raw/eb0043206943dbcf489ec33af001a4edcb144943/kill-ns.sh
chmod +x kill-ns.sh
mv kill-ns.sh /usr/local/bin/kill-ns
while true;
do
for ns in $(kubectl get ns --selector 'io.drone=true' | grep Terminating | awk '{ print $1 }')
do
kill-ns $ns;
done
sleep 60
done
dnsPolicy: ClusterFirst
restartPolicy: Always
terminationGracePeriodSeconds: 30
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.