chore(base-cluster)!: migrate kube-janitor to k8s-ttl-controller

.github/image_licenses.yaml

@@ -68,9 +68,6 @@ licenses:
   docker.io/grafana/tempo:
     license: AGPL-3.0-only
     licenseLink: https://raw.githubusercontent.com/grafana/tempo/refs/heads/main/LICENSE
-  docker.io/hjacobs/kube-janitor:
-    license: GPL-3.0
-    licenseLink: https://github.com/hjacobs/kube-janitor/blob/main/LICENSE
   docker.io/memcached:
     license: BSD-3
     licenseLink: https://raw.githubusercontent.com/memcached/memcached/refs/heads/master/LICENSE
@@ -128,6 +125,9 @@ licenses:
   ghcr.io/teutonet/oci-images/solr-ckan:
     license: MIT
     licenseLink: https://github.com/teutonet/oci-images/blob/main/LICENSE
+  ghcr.io/twin/k8s-ttl-controller:
+    license: MIT
+    licenseLink: https://github.com/TwiN/k8s-ttl-controller/blob/master/LICENSE
   mirror.gcr.io/aquasec/trivy-operator:
     license: Apache-2.0
     licenseLink: https://github.com/aquasecurity/trivy-operator/blob/main/LICENSE

.github/trusted_registries.yaml

@@ -16,8 +16,6 @@ docker.io:
     kubernetes-reflector: ALL_TAGS
   fluxcd: ALL_IMAGES
   grafana: ALL_IMAGES
-  hjacobs:
-    kube-janitor: ALL_TAGS
   memcached: ALL_TAGS
   otel:
     opentelemetry-collector-contrib: ALL_TAGS
@@ -41,6 +39,8 @@ ghcr.io:
     kyverno-cli: ALL_TAGS
     readiness-checker: ALL_TAGS
   teutonet: ALL_IMAGES
+  twin:
+    k8s-ttl-controller: ALL_TAGS
 mirror.gcr.io:
   aquasec: ALL_IMAGES
 quay.io:

charts/base-cluster/README.md.gotmpl

@@ -415,4 +415,19 @@ For this we switched from the distributed deployment to the single binary deploy
 Because of this you need to migrate to the `.monitoring.tracing.<field>` instead
 of `.monitoring.tracing.ingester.<field>`
 
+### 11.x.x -> 12.0.0
+
+`kube-janitor` is replaced by `ttl-controller` ([k8s-ttl-controller](https://github.com/TwiN/k8s-ttl-controller)).
+
+If you had `kube-janitor.enabled: true`, change it to:
+
+```yaml
+ttl-controller:
+  enabled: true
+```
+
+Resources annotated with `janitor/ttl` must be re-annotated to `k8s-ttl-controller.twin.sh/ttl`.
+Duration values (e.g. `1h`, `7d`) transfer as-is. However, `janitor/expires` absolute timestamps and
+the `forever` value are not supported by `k8s-ttl-controller` and must be removed or replaced.
+
 {{ .Files.Get "values.md"  }}

charts/base-cluster/ci/artifacthub-values.yaml

@@ -47,7 +47,7 @@ monitoring:
     enabled: true
   securityScanning:
     enabled: true
-kube-janitor:
+ttl-controller:
   enabled: true
 descheduler:
   enabled: true

charts/base-cluster/templates/global/ttl-controller.yaml

@@ -0,0 +1,30 @@
+{{- if dig "ttl-controller" "enabled" false .Values.AsMap -}}
+apiVersion: helm.toolkit.fluxcd.io/v2
+kind: HelmRelease
+metadata:
+  name: ttl-controller
+  namespace: kube-system
+  labels: {{- include "common.labels.standard" $ | nindent 4 }}
+    app.kubernetes.io/component: ttl-controller
+spec:
+  chart:
+    spec: {{- include "base-cluster.helm.chartSpec" (dict "repo" "twin" "chart" "k8s-ttl-controller" "context" $) | nindent 6 }}
+  interval: 1h
+  driftDetection:
+    mode: enabled
+  values:
+    priorityClassName: cluster-components
+    image:
+      repository: {{ printf "%s/twin/k8s-ttl-controller" ($.Values.global.imageRegistry | default "ghcr.io") }}
+    resources:
+      limits:
+        memory: 1Gi
+  postRenderers:
+    - kustomize:
+        patches:
+          - target:
+              kind: Deployment
+            patch: |
+              - op: remove
+                path: /spec/template/spec/dnsPolicy
+{{- end -}}

charts/base-cluster/values.schema.json

@@ -1632,7 +1632,7 @@
       },
       "additionalProperties": false
     },
-    "kube-janitor": {
+    "ttl-controller": {
       "type": "object",
       "properties": {
         "enabled": {

charts/base-cluster/values.yaml

@@ -198,14 +198,11 @@ global:
       charts:
         velero: 7.2.2
       condition: '{{ ne (.Values.backup.provider).velero nil }}'
-    kube-janitor:
-      url: https://github.com/teutonet/kube-janitor
+    twin:
+      url: https://twin.github.io/helm-charts
       charts:
-        kube-janitor:
-          path: unsupported/helm
-          tag: 23.7.0
-      type: git
-      condition: '{{ dig "kube-janitor" "enabled" false .Values.AsMap }}'
+        k8s-ttl-controller: 0.4.0
+      condition: '{{ dig "ttl-controller" "enabled" false .Values.AsMap }}'
   authentication:
     grafana:
       authenticationPath: /protocol/openid-connect/auth
@@ -493,7 +490,7 @@ backup:
         cpu: 500m
         memory: 500Mi
 
-kube-janitor:
+ttl-controller:
   enabled: false
 
 tetragon: