feat: add default configuration for in-docker cleaner (#609)

Author: masontikhonov

charts/cf-runtime/Chart.yaml

@@ -1,7 +1,7 @@
 apiVersion: v2
 description: A Helm chart for Codefresh Runner
 name: cf-runtime
-version: 8.2.4
+version: 8.3.0
 keywords:
   - codefresh
   - runner
@@ -14,13 +14,11 @@ maintainers:
     url: https://codefresh-io.github.io/
 annotations:
   # 💡 Do not forget to update this annotation:
-  artifacthub.io/containsSecurityUpdates: "true"
+  artifacthub.io/containsSecurityUpdates: "false"
   # Supported kinds: `added`, `changed`, `deprecated`, `removed`, `fixed`, `security`:
   artifacthub.io/changes: |
-    - kind: changed
-      description: "Update \"dind\" to version 28.3.3-3.0.2."
-    - kind: security
-      description: "Fix CVE-2025-48060, CVE-2024-23337, CVE-2024-53427, GO-2025-3787, CVE-2025-32728, CVE-2025-5025."
+    - kind: added
+      description: "Add default configuration for in-docker cleaner."
 dependencies:
   - name: cf-common
     repository: oci://quay.io/codefresh/charts

charts/cf-runtime/README.md

@@ -1,6 +1,6 @@
 ## Codefresh Runner
 
-![Version: 8.2.4](https://img.shields.io/badge/Version-8.2.4-informational?style=flat-square)
+![Version: 8.3.0](https://img.shields.io/badge/Version-8.3.0-informational?style=flat-square)
 
 Helm chart for deploying [Codefresh Runner](https://codefresh.io/docs/docs/installation/codefresh-runner/) to Kubernetes.
 
@@ -1299,11 +1299,17 @@ Install the Helm chart
 | runtime.accounts | list | `[]` | (for On-Premise only) Assign accounts to runtime (list of account ids) |
 | runtime.agent | bool | `true` | (for On-Premise only) Enable agent |
 | runtime.description | string | `""` | Runtime description |
-| runtime.dind | object | `{"affinity":{},"containerSecurityContext":{},"env":{"CLEAN_DOCKER":true},"image":{"digest":"sha256:0f2a83603e27e6d88768a6ab8ead3e2426eaf989cd93919fa1128d98a7c617c6","pullPolicy":"IfNotPresent","registry":"quay.io","repository":"codefresh/dind","tag":"28.3.3-3.0.2"},"nodeSelector":{},"podAnnotations":{},"podLabels":{},"podSecurityContext":{},"pvcs":{"dind":{"annotations":{},"name":"dind","reuseVolumeSelector":"codefresh-app,io.codefresh.accountName","reuseVolumeSortOrder":"pipeline_id","storageClassName":"{{ include \"dind-volume-provisioner.storageClassName\" . }}","volumeSize":"16Gi"}},"resources":{"limits":{"cpu":"400m","memory":"800Mi"},"requests":null},"schedulerName":"","serviceAccount":"codefresh-engine","terminationGracePeriodSeconds":30,"tolerations":[],"userAccess":true,"userVolumeMounts":{},"userVolumes":{},"volumePermissions":{"enabled":false,"image":{"digest":"sha256:de0eb0b3f2a47ba1eb89389859a9bd88b28e82f5826b6969ad604979713c2d4f","registry":"docker.io","repository":"alpine","tag":3.18},"resources":{},"securityContext":{"runAsUser":0}}}` | Parameters for DinD (docker-in-docker) pod (aka "runtime" pod). |
+| runtime.dind | object | `{"affinity":{},"containerSecurityContext":{},"env":{"CLEAN_DOCKER":true,"CLEAN_PERIOD_BUILDS":"5","CLEAN_PERIOD_SECONDS":"21600","DISK_USAGE_THRESHOLD":"0.8","IMAGE_RETAIN_PERIOD":"14400","INODES_USAGE_THRESHOLD":"0.8","VOLUMES_RETAIN_PERIOD":"14400"},"image":{"digest":"sha256:0f2a83603e27e6d88768a6ab8ead3e2426eaf989cd93919fa1128d98a7c617c6","pullPolicy":"IfNotPresent","registry":"quay.io","repository":"codefresh/dind","tag":"28.3.3-3.0.2"},"nodeSelector":{},"podAnnotations":{},"podLabels":{},"podSecurityContext":{},"pvcs":{"dind":{"annotations":{},"name":"dind","reuseVolumeSelector":"codefresh-app,io.codefresh.accountName","reuseVolumeSortOrder":"pipeline_id","storageClassName":"{{ include \"dind-volume-provisioner.storageClassName\" . }}","volumeSize":"16Gi"}},"resources":{"limits":{"cpu":"400m","memory":"800Mi"},"requests":null},"schedulerName":"","serviceAccount":"codefresh-engine","terminationGracePeriodSeconds":30,"tolerations":[],"userAccess":true,"userVolumeMounts":{},"userVolumes":{},"volumePermissions":{"enabled":false,"image":{"digest":"sha256:de0eb0b3f2a47ba1eb89389859a9bd88b28e82f5826b6969ad604979713c2d4f","registry":"docker.io","repository":"alpine","tag":3.18},"resources":{},"securityContext":{"runAsUser":0}}}` | Parameters for DinD (docker-in-docker) pod (aka "runtime" pod). |
 | runtime.dind.affinity | object | `{}` | Set affinity |
 | runtime.dind.containerSecurityContext | object | `{}` | Set container security context. |
-| runtime.dind.env | object | `{"CLEAN_DOCKER":true}` | Set additional env vars. |
+| runtime.dind.env | object | `{"CLEAN_DOCKER":true,"CLEAN_PERIOD_BUILDS":"5","CLEAN_PERIOD_SECONDS":"21600","DISK_USAGE_THRESHOLD":"0.8","IMAGE_RETAIN_PERIOD":"14400","INODES_USAGE_THRESHOLD":"0.8","VOLUMES_RETAIN_PERIOD":"14400"}` | Set additional env vars. |
 | runtime.dind.env.CLEAN_DOCKER | bool | `true` | Enable in-docker cleaner |
+| runtime.dind.env.CLEAN_PERIOD_BUILDS | string | `"5"` | Run cleanup if there have been more than CLEAN_PERIOD_BUILDS builds since the last cleanup |
+| runtime.dind.env.CLEAN_PERIOD_SECONDS | string | `"21600"` | Run cleanup if the last cleanup was more than CLEAN_PERIOD_SECONDS seconds ago |
+| runtime.dind.env.DISK_USAGE_THRESHOLD | string | `"0.8"` | Run cleanup if current disk usage exceeds DISK_USAGE_THRESHOLD |
+| runtime.dind.env.IMAGE_RETAIN_PERIOD | string | `"14400"` | Do not delete Docker images if they have events newer than `NOW minus IMAGE_RETAIN_PERIOD` |
+| runtime.dind.env.INODES_USAGE_THRESHOLD | string | `"0.8"` | Run cleanup if current inodes usage exceeds INODES_USAGE_THRESHOLD |
+| runtime.dind.env.VOLUMES_RETAIN_PERIOD | string | `"14400"` | Do not delete Docker volumes if they have events newer than `NOW minus VOLUMES_RETAIN_PERIOD` |
 | runtime.dind.image | object | `{"digest":"sha256:0f2a83603e27e6d88768a6ab8ead3e2426eaf989cd93919fa1128d98a7c617c6","pullPolicy":"IfNotPresent","registry":"quay.io","repository":"codefresh/dind","tag":"28.3.3-3.0.2"}` | Set dind image. |
 | runtime.dind.nodeSelector | object | `{}` | Set node selector. |
 | runtime.dind.podAnnotations | object | `{}` | Set pod annotations. |

charts/cf-runtime/tests/private-registry/private_registry_test.yaml

@@ -116,6 +116,12 @@ tests:
               userAccess: true
               envVars:
                 CLEAN_DOCKER: 'true'
+                CLEAN_PERIOD_BUILDS: '5'
+                CLEAN_PERIOD_SECONDS: '21600'
+                DISK_USAGE_THRESHOLD: '0.8'
+                IMAGE_RETAIN_PERIOD: '14400'
+                INODES_USAGE_THRESHOLD: '0.8'
+                VOLUMES_RETAIN_PERIOD: '14400'
                 OTEL_RESOURCE_ATTRIBUTES: service.name=cf-classic-dind,service.version=tagoverride,service.namespace=cf-classic-runtime,cf.classic.runtime.name=my-context/codefresh,cf.classic.runtime.version=1.0.0
               cluster:
                 namespace: codefresh

charts/cf-runtime/tests/runtime/runtime_onprem_test.yaml

@@ -147,8 +147,14 @@ tests:
               envVars:
                 ALICE: 'BOB'
                 CLEAN_DOCKER: 'true'
+                CLEAN_PERIOD_BUILDS: '5'
+                CLEAN_PERIOD_SECONDS: '21600'
+                DISK_USAGE_THRESHOLD: '0.8'
                 FLOAT_AS_STRING: '12.34'
+                IMAGE_RETAIN_PERIOD: '14400'
+                INODES_USAGE_THRESHOLD: '0.8'
                 INT: '123'
+                VOLUMES_RETAIN_PERIOD: '14400'
                 OTEL_RESOURCE_ATTRIBUTES: service.name=cf-classic-dind,service.version=tagoverride,service.namespace=cf-classic-runtime,cf.classic.runtime.name=system/my-runtime,cf.classic.runtime.version=1.0.0
               cluster:
                 namespace: codefresh
@@ -361,8 +367,14 @@ tests:
               envVars:
                 ALICE: 'BOB'
                 CLEAN_DOCKER: 'true'
+                CLEAN_PERIOD_BUILDS: '5'
+                CLEAN_PERIOD_SECONDS: '21600'
+                DISK_USAGE_THRESHOLD: '0.8'
                 FLOAT_AS_STRING: '12.34'
+                IMAGE_RETAIN_PERIOD: '14400'
+                INODES_USAGE_THRESHOLD: '0.8'
                 INT: '123'
+                VOLUMES_RETAIN_PERIOD: '14400'
                 OTEL_RESOURCE_ATTRIBUTES: service.name=cf-classic-dind,service.version=tagoverride,service.namespace=cf-classic-runtime,cf.classic.runtime.name=system/default-override,cf.classic.runtime.version=1.0.0
               cluster:
                 namespace: codefresh

charts/cf-runtime/tests/runtime/runtime_test.yaml

@@ -158,8 +158,14 @@ tests:
               envVars:
                 ALICE: 'BOB'
                 CLEAN_DOCKER: 'true'
+                CLEAN_PERIOD_BUILDS: '5'
+                CLEAN_PERIOD_SECONDS: '21600'
+                DISK_USAGE_THRESHOLD: '0.8'
                 FLOAT: '12.34'
+                IMAGE_RETAIN_PERIOD: '14400'
+                INODES_USAGE_THRESHOLD: '0.8'
                 INT_AS_STRING: '123'
+                VOLUMES_RETAIN_PERIOD: '14400'
                 OTEL_RESOURCE_ATTRIBUTES: service.name=cf-classic-dind,service.version=tagoverride,service.namespace=cf-classic-runtime,cf.classic.runtime.name=my-context/codefresh,cf.classic.runtime.version=1.0.0
               cluster:
                 namespace: codefresh

charts/cf-runtime/values.yaml

@@ -449,6 +449,18 @@ runtime:
     env:
       # -- Enable in-docker cleaner
       CLEAN_DOCKER: true
+      # -- Run cleanup if the last cleanup was more than CLEAN_PERIOD_SECONDS seconds ago
+      CLEAN_PERIOD_SECONDS: '21600'
+      # -- Run cleanup if there have been more than CLEAN_PERIOD_BUILDS builds since the last cleanup
+      CLEAN_PERIOD_BUILDS: '5'
+      # -- Do not delete Docker images if they have events newer than `NOW minus IMAGE_RETAIN_PERIOD`
+      IMAGE_RETAIN_PERIOD: '14400'
+      # -- Do not delete Docker volumes if they have events newer than `NOW minus VOLUMES_RETAIN_PERIOD`
+      VOLUMES_RETAIN_PERIOD: '14400'
+      # -- Run cleanup if current disk usage exceeds DISK_USAGE_THRESHOLD
+      DISK_USAGE_THRESHOLD: '0.8'
+      # -- Run cleanup if current inodes usage exceeds INODES_USAGE_THRESHOLD
+      INODES_USAGE_THRESHOLD: '0.8'
     # -- Set pod annotations.
     podAnnotations: {}
     # -- Set pod labels.