chore(base-cluster)!: migrate kube-janitor to k8s-ttl-controller

[cwrau]

kube-janitor hasn't been updated in a long time, whereas
k8s-ttl-controller seems to be quite active

Summary by CodeRabbit

• New Features

  • Added support for k8s-ttl-controller component with configurable enablement.

• Documentation

  • Added migration guide for upgrading from version 11.x.x to 12.0.0, including annotation schema updates and configuration changes.

• Chores

  • Updated trusted container registries and license metadata.
  • Updated Helm repository configurations and value schemas.

[coderabbitai]

Warning

Rate limit exceeded

@cwrau has exceeded the limit for the number of commits that can be reviewed per hour. Please wait 14 minutes and 25 seconds before requesting another review.

Your organization is not enrolled in usage-based pricing. Contact your admin to enable usage-based pricing to continue reviews beyond the rate limit, or try again in 14 minutes and 25 seconds.

⌛ How to resolve this issue?

After the wait time has elapsed, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

We recommend that you space out your commits to avoid hitting the rate limit.

🚦 How do rate limits work?

CodeRabbit enforces hourly rate limits for each developer per organization.

Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout.

Please see our FAQ for further information.

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: b927bf7b-e548-493c-a5f3-52d462d21907

📥 Commits

Reviewing files that changed from the base of the PR and between cb5ef4e and 5ac3187.

📒 Files selected for processing (8)

• .github/image_licenses.yaml
• .github/trusted_registries.yaml
• charts/base-cluster/README.md.gotmpl
• charts/base-cluster/ci/artifacthub-values.yaml
• charts/base-cluster/templates/global/kube-janitor.yaml
• charts/base-cluster/templates/global/ttl-controller.yaml
• charts/base-cluster/values.schema.json
• charts/base-cluster/values.yaml

📝 Walkthrough

Walkthrough

This pull request replaces kube-janitor with ttl-controller across the base-cluster Helm chart and infrastructure configuration. Changes include updating Docker registry and license entries, helm chart templates, configuration values, schema definitions, and adding migration documentation.

Changes

Cohort / File(s)	Summary
Docker Registry and License Configuration .github/image_licenses.yaml, .github/trusted_registries.yaml	Removed license and registry entries for docker.io/hjacobs/kube-janitor (GPL-3.0) and added entries for ghcr.io/twin/k8s-ttl-controller (MIT).
Helm Chart Documentation charts/base-cluster/README.md.gotmpl	Added migration section for version 11.x.x → 12.0.0 documenting the replacement of kube-janitor with ttl-controller, including annotation changes from janitor/ttl to k8s-ttl-controller.twin.sh/ttl.
Helm Chart Configuration charts/base-cluster/ci/artifacthub-values.yaml, charts/base-cluster/values.schema.json, charts/base-cluster/values.yaml	Updated configuration keys and Helm repository definitions to use ttl-controller instead of kube-janitor, changed chart source from teutonet to twin registry, and updated chart version to 0.4.0.
Helm Chart Templates charts/base-cluster/templates/global/kube-janitor.yaml, charts/base-cluster/templates/global/ttl-controller.yaml	Removed kube-janitor HelmRelease template and added new ttl-controller HelmRelease template with updated chart reference, registry (ghcr.io), and reduced memory limits (256Mi vs 1Gi).

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~12 minutes

Possibly related PRs

• chore(ci): review of licenses #1782: Modifies the kube-janitor license entry in .github/image_licenses.yaml that is being removed in this PR.

Suggested labels

autorelease: tagged, base-cluster

Suggested reviewers

• tasches
• marvinWolff

Poem

🐰 An old janitor departs with grace,
A new controller takes its place,
TTL tags now point anew,
From twin registry, fresh and true,
Migration paths are crystal clear! 🌟

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title accurately describes the primary change: migrating from kube-janitor to k8s-ttl-controller across the base-cluster chart, which is reflected consistently throughout all modified files.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch chore/base-cluster/migrate-kube-janitor-ttl-controller

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[gemini-code-assist]

Code Review

This pull request replaces the kube-janitor component with k8s-ttl-controller within the base-cluster chart, updating the associated licenses, trusted registries, and documentation. Feedback indicates that the new ttl-controller template should explicitly set the image tag from the global helm repositories configuration to ensure version consistency, adhering to the pattern established in the previous implementation.

[coderabbitai]

Actionable comments posted: 1

🧹 Nitpick comments (1)

.github/image_licenses.yaml (1)

116-118: Nit: alphabetical ordering.

The rest of the ghcr.io/* entries are sorted alphabetically by path (aquasecurity, jimmidyson, jkroepke, k8up-io, kyverno, teutonet, …). The new twin/k8s-ttl-controller entry at line 116 is inserted between k8up-io and kyverno, which breaks that order. Consider moving it below ghcr.io/teutonet/oci-images/solr-ckan.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In @.github/image_licenses.yaml around lines 116 - 118, The
ghcr.io/twin/k8s-ttl-controller entry is out of alphabetical order; move the
block starting with "ghcr.io/twin/k8s-ttl-controller:" so that it appears after
"ghcr.io/teutonet/oci-images/solr-ckan" to restore alphabetical ordering of
ghcr.io entries in .github/image_licenses.yaml, keeping the existing license and
licenseLink values unchanged.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@charts/base-cluster/README.md.gotmpl`:
- Around line 418-431: Update the migration note under "11.x.x -> 12.0.0" to
call out two behavioral differences: first, warn that kube-janitor's rule-based
cleanup (the rules: config loaded via --rules-file and JMESPath selectors) is
not supported by k8s-ttl-controller which is strictly annotation-driven, and
instruct operators to audit any cluster-wide `rules` usages because they will
stop running after replacing `kube-janitor` with `ttl-controller`; second,
clarify TTL/expiry value differences by documenting that `kube-janitor` accepted
relative durations (s/m/h/d/w), absolute timestamps via the `janitor/expires`
annotation and the special `forever` token, whereas `k8s-ttl-controller` only
accepts Go-style durations (e.g., 30m, 24h, 7d) for
`k8s-ttl-controller.twin.sh/ttl` (and that the previous statement "format
remains the same" only applies to overlapping duration formats), so users must
convert `janitor/expires` timestamps and `forever` values and re-audit
annotations when switching `janitor/ttl` → `k8s-ttl-controller.twin.sh/ttl`.

---

Nitpick comments:
In @.github/image_licenses.yaml:
- Around line 116-118: The ghcr.io/twin/k8s-ttl-controller entry is out of
alphabetical order; move the block starting with
"ghcr.io/twin/k8s-ttl-controller:" so that it appears after
"ghcr.io/teutonet/oci-images/solr-ckan" to restore alphabetical ordering of
ghcr.io entries in .github/image_licenses.yaml, keeping the existing license and
licenseLink values unchanged.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 57256271-5865-43d7-bafa-68e52276e8e5

📥 Commits

Reviewing files that changed from the base of the PR and between 409dc17 and cb5ef4e.

📒 Files selected for processing (8)

• .github/image_licenses.yaml
• .github/trusted_registries.yaml
• charts/base-cluster/README.md.gotmpl
• charts/base-cluster/ci/artifacthub-values.yaml
• charts/base-cluster/templates/global/kube-janitor.yaml
• charts/base-cluster/templates/global/ttl-controller.yaml
• charts/base-cluster/values.schema.json
• charts/base-cluster/values.yaml

💤 Files with no reviewable changes (1)

• charts/base-cluster/templates/global/kube-janitor.yaml

[Copilot]

Pull request overview

Migrates the base-cluster chart’s TTL cleanup component from the unmaintained kube-janitor deployment to the actively maintained k8s-ttl-controller, including values/schema updates and documentation for the breaking change.

Changes:

• Replace the kube-janitor HelmRelease with a new ttl-controller HelmRelease sourced from TwiN’s Helm repo (k8s-ttl-controller chart).
• Rename values/config surface from kube-janitor to ttl-controller (values.yaml, schema, CI example values).
• Update migration docs and GitHub CI metadata (trusted registries + image licenses).

Reviewed changes

Copilot reviewed 8 out of 8 changed files in this pull request and generated 2 comments.

Show a summary per file

File	Description
charts/base-cluster/values.yaml	Switches helm repo entry to TwiN and renames config block to ttl-controller.
charts/base-cluster/values.schema.json	Renames schema property from kube-janitor to ttl-controller.
charts/base-cluster/templates/global/ttl-controller.yaml	Adds Flux HelmRelease for k8s-ttl-controller.
charts/base-cluster/templates/global/kube-janitor.yaml	Removes Flux HelmRelease for kube-janitor.
charts/base-cluster/ci/artifacthub-values.yaml	Renames CI values to enable ttl-controller.
charts/base-cluster/README.md.gotmpl	Adds breaking-change migration guidance for ttl-controller.
.github/trusted_registries.yaml	Removes hjacobs/kube-janitor and adds twin/k8s-ttl-controller as trusted.
.github/image_licenses.yaml	Removes kube-janitor license entry and adds k8s-ttl-controller license entry.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.