refactoring

- add custom timestamp using jmes path
- rename jamespath to filterPath
- improve logging

Signed-off-by: Markus Blaschke <[email protected]>

Author: mblaschke

README.md

@@ -7,6 +7,9 @@
 
 Kubernetes janitor which deletes resources by TTL annotations/labels and static rules written in Golang
 
+By default the janitor uses the creation timestamp from every resource but can also use a custom timestamp by using a JMES path with `timestampPath`.
+
+
 ## Configuration
 
 see [`example.yaml`](example.yaml) for example configurations
@@ -26,6 +29,7 @@ Application Options:
       --dry-run                                    Dry run (no delete) [$JANITOR_DRYRUN]
       --once                                       Run once and exit [$JANITOR_ONCE]
       --kubeconfig=                                Kuberentes config path (should be empty if in-cluster) [$KUBECONFIG]
+      --kube.itemsperpage=                         Defines how many items per page janitor should process (default: 100) [$KUBE_ITEMSPERPAGE]
       --server.bind=                               Server address (default: :8080) [$SERVER_BIND]
       --server.timeout.read=                       Server read timeout (default: 5s) [$SERVER_TIMEOUT_READ]
       --server.timeout.write=                      Server write timeout (default: 10s) [$SERVER_TIMEOUT_WRITE]

config/opts.go

@@ -25,7 +25,8 @@ type (
 
 		// kubernetes settings
 		Kubernetes struct {
-			Config string `long:"kubeconfig"            env:"KUBECONFIG"               description:"Kuberentes config path (should be empty if in-cluster)"`
+			Config       string `long:"kubeconfig"            env:"KUBECONFIG"               description:"Kuberentes config path (should be empty if in-cluster)"`
+			ItemsPerPage int64  `long:"kube.itemsperpage"     env:"KUBE_ITEMSPERPAGE"        description:"Defines how many items per page janitor should process" default:"100"`
 		}
 
 		// general options

example.yaml

@@ -14,13 +14,36 @@ ttl:
 
 # static rules (fixed TTLs without using ttl definition in labels/annotations)
 rules:
-  - id: default
+  # cleanup of compelted/failed pods which are not yet removed by the apiserver
+  - id: CleanupCompletedPods
+    resources:
+      - group: ""
+        version: v1
+        kind: pods
+
+        ## get timestampo from containerStatuses if pod is terminated
+        timestampPath: |-
+          max(containerStatuses[*].state.terminated.finishedAt)
+
+        ## filter only pods which are in phase "Failed" or "Succeeded"
+        filterPath: |-
+          phase == 'Failed' || phase == 'Succeeded'
+
+        selector: {}
+
+    ## run on all namespaces
+    namespaceSelector: {}
+
+    ## ttl for rule (based on terminated.finishedAt)
+    ttl: 1h
+
+  - id: example
     resources:
       - group: ""
         version: v1
         kind: configmaps
         # JMESpath for additional selector, should return true if resource should be used for TTL checks, optional
-        jmespath: |-
+        filterPath: |-
           !(metadata.annotations."kubernetes.io/description")
 
         # kubernetes selector (matchLabels, matchExpressions), optional

kube_janitor/config.go

@@ -2,10 +2,8 @@ package kube_janitor
 
 import (
 	"errors"
-	"fmt"
 	"strings"
 
-	jmespath "github.com/jmespath-community/go-jmespath"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/runtime/schema"
 )
@@ -23,12 +21,12 @@ type (
 	}
 
 	ConfigResource struct {
-		Group            string                `json:"group"`
-		Version          string                `json:"version"`
-		Kind             string                `json:"kind"`
-		Selector         *metav1.LabelSelector `json:"selector"`
-		JmesPath         string                `json:"jmespath"`
-		jmesPathcompiled jmespath.JMESPath
+		Group         string                `json:"group"`
+		Version       string                `json:"version"`
+		Kind          string                `json:"kind"`
+		Selector      *metav1.LabelSelector `json:"selector"`
+		TimestampPath *JmesPath             `json:"timestampPath"`
+		FilterPath    *JmesPath             `json:"filterPath"`
 	}
 
 	ConfigRule struct {
@@ -84,19 +82,6 @@ func (c *ConfigRule) Validate() error {
 	return nil
 }
 
-func (c *ConfigResource) CompiledJmesPath() jmespath.JMESPath {
-	if c.jmesPathcompiled == nil {
-		compiledPath, err := jmespath.Compile(c.JmesPath)
-		if err != nil {
-			panic(fmt.Errorf(`failed to compile jmespath "%s": %w`, c.JmesPath, err))
-		}
-
-		c.jmesPathcompiled = compiledPath
-	}
-
-	return c.jmesPathcompiled
-}
-
 func (c *ConfigResource) String() string {
 	return c.AsGVR().String()
 }

kube_janitor/expiry.go

@@ -32,6 +32,27 @@ var (
 	}
 )
 
+func (j *Janitor) parseTimestamp(val string) *time.Time {
+	val = strings.TrimSpace(val)
+	if val == "" || val == "0" {
+		return nil
+	}
+
+	// parse as unix timestamp
+	if unixTimestamp, err := strconv.ParseInt(val, 10, 64); err == nil && unixTimestamp > 0 {
+		timestamp := time.Unix(unixTimestamp, 0)
+		return &timestamp
+	}
+
+	for _, timeFormat := range janitorTimeFormats {
+		if timestamp, parseErr := time.Parse(timeFormat, val); parseErr == nil && timestamp.Unix() > 0 {
+			return &timestamp
+		}
+	}
+
+	return nil
+}
+
 func (j *Janitor) checkExpiryDate(createdAt time.Time, expiry string) (parsedTime *time.Time, expired bool, err error) {
 	expired = false
 
@@ -41,21 +62,21 @@ func (j *Janitor) checkExpiryDate(createdAt time.Time, expiry string) (parsedTim
 		return
 	}
 
-	// parse as unix timestamp
-	if unixTimestamp, err := strconv.ParseInt(expiry, 10, 64); err == nil {
+	// first: parse as unix timestamp
+	if unixTimestamp, err := strconv.ParseInt(expiry, 10, 64); err == nil && unixTimestamp > 0 {
 		expiryTime := time.Unix(unixTimestamp, 0)
 		parsedTime = &expiryTime
 	}
 
-	// parse duration
+	// second: parse duration
 	if !createdAt.IsZero() {
 		if expiryDuration, err := duration.Parse(expiry); err == nil && expiryDuration.Seconds() > 1 {
 			expiryTime := createdAt.Add(expiryDuration)
 			parsedTime = &expiryTime
 		}
 	}
 
-	// parse time
+	// third: parse time
 	if parsedTime == nil {
 		for _, timeFormat := range janitorTimeFormats {
 			if parseVal, parseErr := time.Parse(timeFormat, expiry); parseErr == nil && parseVal.Unix() > 0 {

kube_janitor/init.go

@@ -0,0 +1,9 @@
+package kube_janitor
+
+import (
+	"github.com/goccy/go-yaml"
+)
+
+func init() {
+	yaml.RegisterCustomUnmarshalerContext(UmarshallJmesPath)
+}

kube_janitor/jmespath.go

@@ -0,0 +1,133 @@
+package kube_janitor
+
+import (
+	"context"
+	"encoding/json"
+	"fmt"
+	"strings"
+	"time"
+
+	"github.com/goccy/go-yaml"
+	"github.com/jmespath-community/go-jmespath"
+	"k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
+)
+
+type (
+	JmesPath struct {
+		Path         string
+		compiledPath jmespath.JMESPath
+	}
+)
+
+func (path *JmesPath) IsEmpty() bool {
+	return path == nil || path.compiledPath == nil
+}
+
+func UmarshallJmesPath(ctx context.Context, path *JmesPath, data []byte) error {
+	var valString string
+
+	err := yaml.UnmarshalContext(ctx, data, &valString, yaml.Strict())
+	if err != nil {
+		return fmt.Errorf(`failed to parse jmespath as string: %w`, err)
+	}
+
+	valString = strings.TrimSpace(valString)
+
+	if valString != "" {
+		compiledPath, err := jmespath.Compile(valString)
+		if err != nil {
+			return fmt.Errorf(`failed to compile jmespath "%s": %w`, valString, err)
+		}
+
+		path.Path = valString
+		path.compiledPath = compiledPath
+	}
+
+	return nil
+}
+
+//
+// func (path *JmesPath) UnmarshalJSON(data []byte) error {
+// 	var valString string
+//
+// 	err := json.Unmarshal(data, &valString)
+// 	if err != nil {
+// 		return fmt.Errorf(`failed to parse jmespath as string: %w`, err)
+// 	}
+//
+// 	valString = strings.TrimSpace(valString)
+//
+// 	if valString != "" {
+// 		compiledPath, err := jmespath.Compile(valString)
+// 		if err != nil {
+// 			return fmt.Errorf(`failed to compile jmespath "%s": %w`, valString, err)
+// 		}
+//
+// 		path.Path = valString
+// 		path.compiledPath = compiledPath
+// 	}
+//
+// 	return nil
+// }
+
+func (j *Janitor) fetchResourceValueByFromJmesPath(resource unstructured.Unstructured, jmesPath *JmesPath) (interface{}, error) {
+	resourceRaw, err := resource.MarshalJSON()
+	if err != nil {
+		return true, err
+	}
+
+	var data any
+	err = json.Unmarshal(resourceRaw, &data)
+	if err != nil {
+		return true, err
+	}
+
+	// check if resource is valid by JMES path
+	result, err := jmesPath.compiledPath.Search(data)
+	if err != nil {
+		return true, err
+	}
+
+	return result, nil
+}
+
+func (j *Janitor) checkResourceIsSkippedFromJmesPath(resource unstructured.Unstructured, jmesPath *JmesPath) (bool, error) {
+	result, err := j.fetchResourceValueByFromJmesPath(resource, jmesPath)
+	if err != nil {
+		return true, err
+	}
+
+	switch v := result.(type) {
+	case string:
+		// skip if string is empty
+		if len(v) == 0 {
+			return true, nil
+		}
+	case bool:
+		// skip if false (not selected)
+		return !v, nil
+	case nil:
+		// nil? jmes path didn't find anything? better skip the resource
+		return true, nil
+	}
+
+	return false, nil
+}
+
+func (j *Janitor) parseResourceTimestampFromJmesPath(resource unstructured.Unstructured, jmesPath *JmesPath) (*time.Time, error) {
+	result, err := j.fetchResourceValueByFromJmesPath(resource, jmesPath)
+	fmt.Println(jmesPath.Path, result, err)
+	if err != nil {
+		return nil, err
+	}
+
+	switch v := result.(type) {
+	case string:
+		// skip if string is empty
+		if timestamp := j.parseTimestamp(v); timestamp != nil {
+			return timestamp, nil
+		}
+	}
+
+	return nil, nil
+}

kube_janitor/kube.go

@@ -13,7 +13,7 @@ import (
 )
 
 const (
-	KubeListLimit = 100
+	KubeDefaultListLimit = 100
 
 	KubeNoNamespace = ""
 
@@ -46,7 +46,7 @@ func (j *Janitor) kubeEachNamespace(ctx context.Context, selector *metav1.LabelS
 	}
 
 	listOpts := metav1.ListOptions{
-		Limit:         KubeListLimit,
+		Limit:         j.kubePageLimit,
 		LabelSelector: labelSelector,
 	}
 	for {
@@ -80,7 +80,7 @@ func (j *Janitor) kubeEachResource(ctx context.Context, gvr schema.GroupVersionR
 	}
 
 	listOpts := metav1.ListOptions{
-		Limit:         KubeListLimit,
+		Limit:         j.kubePageLimit,
 		LabelSelector: labelSelector,
 	}
 	for {