diff --git a/.github/image_licenses.yaml b/.github/image_licenses.yaml index 97f7ed669b..930c78237e 100644 --- a/.github/image_licenses.yaml +++ b/.github/image_licenses.yaml @@ -68,9 +68,6 @@ licenses: docker.io/grafana/tempo: license: AGPL-3.0-only licenseLink: https://raw.githubusercontent.com/grafana/tempo/refs/heads/main/LICENSE - docker.io/hjacobs/kube-janitor: - license: GPL-3.0 - licenseLink: https://github.com/hjacobs/kube-janitor/blob/main/LICENSE docker.io/memcached: license: BSD-3 licenseLink: https://raw.githubusercontent.com/memcached/memcached/refs/heads/master/LICENSE @@ -128,6 +125,9 @@ licenses: ghcr.io/teutonet/oci-images/solr-ckan: license: MIT licenseLink: https://github.com/teutonet/oci-images/blob/main/LICENSE + ghcr.io/twin/k8s-ttl-controller: + license: MIT + licenseLink: https://github.com/TwiN/k8s-ttl-controller/blob/master/LICENSE mirror.gcr.io/aquasec/trivy-operator: license: Apache-2.0 licenseLink: https://github.com/aquasecurity/trivy-operator/blob/main/LICENSE diff --git a/.github/trusted_registries.yaml b/.github/trusted_registries.yaml index 839c58d5bc..ec2f21fbb9 100644 --- a/.github/trusted_registries.yaml +++ b/.github/trusted_registries.yaml @@ -16,8 +16,6 @@ docker.io: kubernetes-reflector: ALL_TAGS fluxcd: ALL_IMAGES grafana: ALL_IMAGES - hjacobs: - kube-janitor: ALL_TAGS memcached: ALL_TAGS otel: opentelemetry-collector-contrib: ALL_TAGS @@ -41,6 +39,8 @@ ghcr.io: kyverno-cli: ALL_TAGS readiness-checker: ALL_TAGS teutonet: ALL_IMAGES + twin: + k8s-ttl-controller: ALL_TAGS mirror.gcr.io: aquasec: ALL_IMAGES quay.io: diff --git a/charts/base-cluster/README.md.gotmpl b/charts/base-cluster/README.md.gotmpl index a866977d06..4452ba6fe4 100644 --- a/charts/base-cluster/README.md.gotmpl +++ b/charts/base-cluster/README.md.gotmpl @@ -415,4 +415,19 @@ For this we switched from the distributed deployment to the single binary deploy Because of this you need to migrate to the `.monitoring.tracing.` instead of `.monitoring.tracing.ingester.` +### 11.x.x -> 12.0.0 + +`kube-janitor` is replaced by `ttl-controller` ([k8s-ttl-controller](https://github.com/TwiN/k8s-ttl-controller)). + +If you had `kube-janitor.enabled: true`, change it to: + +```yaml +ttl-controller: + enabled: true +``` + +Resources annotated with `janitor/ttl` must be re-annotated to `k8s-ttl-controller.twin.sh/ttl`. +Duration values (e.g. `1h`, `7d`) transfer as-is. However, `janitor/expires` absolute timestamps and +the `forever` value are not supported by `k8s-ttl-controller` and must be removed or replaced. + {{ .Files.Get "values.md" }} diff --git a/charts/base-cluster/ci/artifacthub-values.yaml b/charts/base-cluster/ci/artifacthub-values.yaml index 50916299c6..c68d51939d 100644 --- a/charts/base-cluster/ci/artifacthub-values.yaml +++ b/charts/base-cluster/ci/artifacthub-values.yaml @@ -47,7 +47,7 @@ monitoring: enabled: true securityScanning: enabled: true -kube-janitor: +ttl-controller: enabled: true descheduler: enabled: true diff --git a/charts/base-cluster/templates/global/kube-janitor.yaml b/charts/base-cluster/templates/global/kube-janitor.yaml deleted file mode 100644 index 1c0daafb55..0000000000 --- a/charts/base-cluster/templates/global/kube-janitor.yaml +++ /dev/null @@ -1,25 +0,0 @@ -{{- if dig "kube-janitor" "enabled" false .Values.AsMap -}} -apiVersion: helm.toolkit.fluxcd.io/v2 -kind: HelmRelease -metadata: - name: kube-janitor - namespace: kube-system - labels: {{- include "common.labels.standard" $ | nindent 4 }} - app.kubernetes.io/component: kube-janitor -spec: - chart: - spec: {{- include "base-cluster.helm.chartSpec" (dict "repo" "kube-janitor" "chart" "kube-janitor" "context" $) | nindent 6 }} - interval: 1h - driftDetection: - mode: enabled - values: - priorityClassName: cluster-components - {{- $image := dict "repository" (printf "%s/hjacobs/kube-janitor" ($.Values.global.imageRegistry | default (include "base-cluster.defaultRegistry" (dict)))) -}} - {{- with dig "kube-janitor" "charts" "kube-janitor" "tag" "" .Values.global.helmRepositories -}} - {{- $image = set $image "tag" . -}} - {{- end }} - image: {{- toYaml $image | nindent 6 }} - resources: - limits: - memory: 1Gi -{{- end -}} diff --git a/charts/base-cluster/templates/global/ttl-controller.yaml b/charts/base-cluster/templates/global/ttl-controller.yaml new file mode 100644 index 0000000000..c7357774dc --- /dev/null +++ b/charts/base-cluster/templates/global/ttl-controller.yaml @@ -0,0 +1,30 @@ +{{- if dig "ttl-controller" "enabled" false .Values.AsMap -}} +apiVersion: helm.toolkit.fluxcd.io/v2 +kind: HelmRelease +metadata: + name: ttl-controller + namespace: kube-system + labels: {{- include "common.labels.standard" $ | nindent 4 }} + app.kubernetes.io/component: ttl-controller +spec: + chart: + spec: {{- include "base-cluster.helm.chartSpec" (dict "repo" "twin" "chart" "k8s-ttl-controller" "context" $) | nindent 6 }} + interval: 1h + driftDetection: + mode: enabled + values: + priorityClassName: cluster-components + image: + repository: {{ printf "%s/twin/k8s-ttl-controller" ($.Values.global.imageRegistry | default "ghcr.io") }} + resources: + limits: + memory: 1Gi + postRenderers: + - kustomize: + patches: + - target: + kind: Deployment + patch: | + - op: remove + path: /spec/template/spec/dnsPolicy +{{- end -}} diff --git a/charts/base-cluster/values.schema.json b/charts/base-cluster/values.schema.json index 37b6ed5aa8..97c1481c9d 100644 --- a/charts/base-cluster/values.schema.json +++ b/charts/base-cluster/values.schema.json @@ -1632,7 +1632,7 @@ }, "additionalProperties": false }, - "kube-janitor": { + "ttl-controller": { "type": "object", "properties": { "enabled": { diff --git a/charts/base-cluster/values.yaml b/charts/base-cluster/values.yaml index 6101254200..0432121206 100644 --- a/charts/base-cluster/values.yaml +++ b/charts/base-cluster/values.yaml @@ -198,14 +198,11 @@ global: charts: velero: 7.2.2 condition: '{{ ne (.Values.backup.provider).velero nil }}' - kube-janitor: - url: https://github.com/teutonet/kube-janitor + twin: + url: https://twin.github.io/helm-charts charts: - kube-janitor: - path: unsupported/helm - tag: 23.7.0 - type: git - condition: '{{ dig "kube-janitor" "enabled" false .Values.AsMap }}' + k8s-ttl-controller: 0.4.0 + condition: '{{ dig "ttl-controller" "enabled" false .Values.AsMap }}' authentication: grafana: authenticationPath: /protocol/openid-connect/auth @@ -493,7 +490,7 @@ backup: cpu: 500m memory: 500Mi -kube-janitor: +ttl-controller: enabled: false tetragon: