|
| 1 | +apiVersion: batch/v1 |
| 2 | +kind: CronJob |
| 3 | +metadata: |
| 4 | + name: machine-config-nodes-crd-cleanup |
| 5 | + namespace: openshift-machine-config-operator |
| 6 | + annotations: |
| 7 | + include.release.openshift.io/self-managed-high-availability: "true" |
| 8 | + include.release.openshift.io/single-node-developer: "true" |
| 9 | + include.release.openshift.io/ibm-cloud-managed: "true" |
| 10 | + release.openshift.io/feature-set: Default |
| 11 | + # This prevent an update of this cronjob once the child job suspends on a successful run |
| 12 | + release.openshift.io/create-only: "true" |
| 13 | +spec: |
| 14 | + # Run every minute initially to trigger an immediate run |
| 15 | + schedule: "* * * * *" |
| 16 | + # Don't suspend initially - let it run once |
| 17 | + suspend: false |
| 18 | + # Only allow 1 concurrent job and prevent overlapping |
| 19 | + concurrencyPolicy: Forbid |
| 20 | + jobTemplate: |
| 21 | + spec: |
| 22 | + backOffLimit: 3 |
| 23 | + template: |
| 24 | + metadata: |
| 25 | + labels: |
| 26 | + app: machine-config-nodes-crd-cleanup |
| 27 | + annotations: |
| 28 | + target.workload.openshift.io/management: '{"effect": "PreferredDuringScheduling"}' |
| 29 | + openshift.io/required-scc: nonroot-v2 |
| 30 | + spec: |
| 31 | + serviceAccountName: machine-config-operator |
| 32 | + restartPolicy: OnFailure |
| 33 | + containers: |
| 34 | + - name: crd-cleanup |
| 35 | + image: placeholder.url.oc.will.replace.this.org/placeholdernamespace:rhel-coreos |
| 36 | + terminationMessagePolicy: FallbackToLogsOnError |
| 37 | + command: |
| 38 | + - /bin/bash |
| 39 | + - -c |
| 40 | + - | |
| 41 | + set -euo pipefail |
| 42 | + |
| 43 | + # Set trap to suspend cronjob on successful exit (exit code 0) |
| 44 | + trap 'if [ $? -eq 0 ]; then echo "Suspending cronjob..."; oc patch cronjob machine-config-nodes-crd-cleanup -p "{\"spec\":{\"suspend\":true}}" --field-manager=machine-config-operator || echo "Failed to suspend cronjob"; fi' EXIT |
| 45 | + |
| 46 | + CRD_NAME="machineconfignodes.machineconfiguration.openshift.io" |
| 47 | + |
| 48 | + echo "Checking for MachineConfigNodes CRD with v1alpha1 version..." |
| 49 | + |
| 50 | + # Check if CRD exists |
| 51 | + if ! oc get crd "$CRD_NAME" >/dev/null 2>&1; then |
| 52 | + echo "CRD $CRD_NAME does not exist, nothing to clean up" |
| 53 | + exit 0 |
| 54 | + fi |
| 55 | + |
| 56 | + # Check if CRD has v1alpha1 version |
| 57 | + HAS_V1ALPHA1=$(oc get crd "$CRD_NAME" -o jsonpath='{.spec.versions[?(@.name=="v1alpha1")].name}' 2>/dev/null || echo "") |
| 58 | + |
| 59 | + if [ -z "$HAS_V1ALPHA1" ]; then |
| 60 | + echo "CRD $CRD_NAME does not have v1alpha1 version, nothing to clean up" |
| 61 | + exit 0 |
| 62 | + fi |
| 63 | + |
| 64 | + echo "Found CRD $CRD_NAME with v1alpha1 version, deleting it..." |
| 65 | + |
| 66 | + # Delete the CRD |
| 67 | + if oc delete crd "$CRD_NAME"; then |
| 68 | + echo "Successfully deleted CRD $CRD_NAME" |
| 69 | + else |
| 70 | + echo "Failed to delete CRD $CRD_NAME" |
| 71 | + exit 1 |
| 72 | + fi |
| 73 | + |
| 74 | + echo "CRD cleanup completed successfully" |
| 75 | + resources: |
| 76 | + requests: |
| 77 | + cpu: 10m |
| 78 | + memory: 50Mi |
| 79 | + securityContext: |
| 80 | + allowPrivilegeEscalation: false |
| 81 | + capabilities: |
| 82 | + drop: |
| 83 | + - ALL |
| 84 | + securityContext: |
| 85 | + runAsNonRoot: true |
| 86 | + runAsUser: 65534 |
| 87 | + seccompProfile: |
| 88 | + type: RuntimeDefault |
| 89 | + nodeSelector: |
| 90 | + node-role.kubernetes.io/control-plane: "" |
| 91 | + priorityClassName: "system-cluster-critical" |
| 92 | + tolerations: |
| 93 | + - effect: NoSchedule |
| 94 | + key: node-role.kubernetes.io/master |
| 95 | + operator: Exists |
| 96 | + - effect: NoExecute |
| 97 | + key: node.kubernetes.io/unreachable |
| 98 | + operator: Exists |
| 99 | + tolerationSeconds: 120 |
| 100 | + - effect: NoExecute |
| 101 | + key: node.kubernetes.io/not-ready |
| 102 | + operator: Exists |
| 103 | + tolerationSeconds: 120 |
0 commit comments