1+ apiVersion : v1
2+ kind : ServiceAccount
3+ metadata :
4+ name : clear-mongo-logs-sa
5+ namespace : sealos
6+ ---
7+ apiVersion : rbac.authorization.k8s.io/v1
8+ kind : ClusterRole
9+ metadata :
10+ name : clear-mongo-logs-role
11+ namespace : sealos
12+ rules :
13+ - apiGroups : ["apps.kubeblocks.io"]
14+ resources : ["clusters"]
15+ verbs : ["get", "list", "watch"]
16+ - apiGroups : [""]
17+ resources : ["pods","pods/exec"]
18+ verbs : ["*"]
19+ ---
20+ apiVersion : rbac.authorization.k8s.io/v1
21+ kind : ClusterRoleBinding
22+ metadata :
23+ name : clear-mongo-logs-rolebinding
24+ namespace : sealos
25+ subjects :
26+ - kind : ServiceAccount
27+ name : clear-mongo-logs-sa
28+ namespace : sealos
29+ roleRef :
30+ kind : ClusterRole
31+ name : clear-mongo-logs-role
32+ apiGroup : rbac.authorization.k8s.io
33+ ---
34+ apiVersion : batch/v1
35+ kind : CronJob
36+ metadata :
37+ name : clear-mongo-logs
38+ namespace : sealos
39+ spec :
40+ schedule : " 0 0 * * *"
41+ jobTemplate :
42+ spec :
43+ template :
44+ spec :
45+ serviceAccountName : clear-mongo-logs-sa
46+ containers :
47+ - name : clear-logs
48+ image : bitnami/kubectl:1.28
49+ command :
50+ - /bin/bash
51+ - -c
52+ - |
53+ clusters=$(kubectl get cluster.apps.kubeblocks.io -A -l clusterdefinition.kubeblocks.io/name=mongodb)
54+ echo "$clusters" | while read -r line; do
55+ namespace=$(echo "$line" | awk '{print $1}')
56+ cluster_name=$(echo "$line" | awk '{print $2}')
57+ pods=$(kubectl get pod -n "${namespace}" -o=custom-columns=NAME:.metadata.name,NODE:.spec.nodeName | grep "${cluster_name}")
58+ echo "$pods" | while read -r pod_line; do
59+ pod_name=$(echo "$pod_line" | awk '{print $1}')
60+ if [ -n "$pod_name" ]; then
61+ kubectl exec -it ${pod_name} -n ${namespace} -- /bin/bash -c 'if [ -d /data/mongodb/logs ]; then cat /dev/null > /data/mongodb/logs/mongodb.log; fi'
62+ fi
63+ done
64+ done
65+ securityContext :
66+ runAsUser : 0
67+ allowPrivilegeEscalation : false
68+ runAsNonRoot : true
69+ restartPolicy : OnFailure
0 commit comments