需求
因为Jenkins经常产生尸体容器,所以需要一个定时任务清理错误的容器
解决方案-采用
原生命令:kubectl get pods -n kubesphere-devops-system |grep Error |awk '{print $1}' |xargs kubectl delete pod -n kubesphere-devops-system
集群管理—>配置中心—>服务账户—>项目[kubesphere-devops-system]—>创建[test]—>选择管理员权限
单独创建的原因:defalut的账户没有删除的权限,通过创建账号可以生产token,然后修改权限即可,创建的容器会默认加载defalut的token,但是因为没权限,所以需要自己挂载。
集群管理—>应用负载—>任务—>定时任务[kubesphere-devops-system]—>创建[jenkins-agent-clean]
容器镜像配置:
1
2
3
| 镜像:bitnami/kubectl:latest
运行命令:sh
参数:kubectl get pods -n kubesphere-devops-system |grep Error|awk '{print $1}' |xargs kubectl delete pod -n kubesphere-devops-system
|
挂载存储配置:
1
2
3
| 密钥:test-token-xxxx
模式:只读
挂载目录:/var/run/secrets/kubernetes.io/serviceaccount
|
生成的完整的配置
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
| apiVersion: batch/v1beta1
kind: CronJob
metadata:
namespace: kubesphere-devops-system
labels:
app: jenkins-agent-clean
name: jenkins-agent-clean
annotations:
kubesphere.io/description: 定时清理jenkins的死掉编译的容器
spec:
concurrencyPolicy: Forbid
jobTemplate:
metadata:
labels:
app: jenkins-agent-clean
spec:
template:
spec:
containers:
- name: container-suzpfl
imagePullPolicy: IfNotPresent
image: 'bitnami/kubectl:latest'
command:
- sh
args:
- '-c'
- >-
kubectl get pods -n kubesphere-devops-system |grep Error|awk
'{print $1}' |xargs kubectl delete pod -n
kubesphere-devops-system
volumeMounts:
- name: volume-sjpdty
readOnly: true
mountPath: /var/run/secrets/kubernetes.io/serviceaccount
restartPolicy: Never
serviceAccount: default
initContainers: []
volumes:
- name: volume-sjpdty
secret:
secretName: test-token-f2fxz
imagePullSecrets: null
metadata:
annotations:
logging.kubesphere.io/logsidecar-config: '{}'
schedule: 0 * * * *
|