Generic/global TTL rules for resources without annotation

Question

Generic/global TTL rules for resources without annotation

hjacobs opened this issue 6 years ago · 1 comments

For test or prototyping environments/clusters, it can be desirable to automatically calculate a TTL for resources based on certain rules, e.g.:

a user is allowed to deploy some random Docker image from an untrusted source (like Docker Hub) to the prototyping environment, but the deployment/pods should be automatically deleted after 4 days
resources without certain labels (e.g. pointing to an registered application, team, department, service unit, etc) should be deleted automatically after 7 days
namespaces with a certain name pattern (e.g. "pr-*" created by CI/CD PR deployments) should automatically be removed after 8 hours

Answer 1 · 2019-02-17T20:12:58.000Z

Example rule evaluation logs:

DEBUG: Rule require-application-label with JMESPath "!(spec.template.metadata.labels.application)" evaluated for Deployment default/kube-janitor: False
DEBUG: Rule temporary-pr-deployments with JMESPath "starts_with(metadata.name, 'pr-')" evaluated for Deployment default/kube-janitor: False
DEBUG: Rule require-application-label with JMESPath "!(spec.template.metadata.labels.application)" evaluated for Deployment default/nginx: True
DEBUG: Rule require-application-label applies 4d TTL to Deployment default/nginx
DEBUG: Deployment nginx with TTL of 4d is 2:49:13.563265 old