50 lines
1.5 KiB
YAML
50 lines
1.5 KiB
YAML
apiVersion: batch/v1
|
|
kind: CronJob
|
|
metadata:
|
|
name: niks3-gc
|
|
namespace: niks3
|
|
labels:
|
|
app: niks3-gc
|
|
spec:
|
|
# Daily at 03:00. niks3 gc asks the server to drop closures older than
|
|
# --older-than and clean up stale failed uploads; the server performs the
|
|
# actual S3 deletions, so this job only needs to reach the in-cluster API.
|
|
schedule: "0 3 * * *"
|
|
concurrencyPolicy: Forbid
|
|
successfulJobsHistoryLimit: 3
|
|
failedJobsHistoryLimit: 3
|
|
jobTemplate:
|
|
spec:
|
|
backoffLimit: 2
|
|
template:
|
|
metadata:
|
|
# NOT app: niks3 — that label is the Service selector and would route
|
|
# cache traffic to this job. Its egress is governed by allow-gc-egress.
|
|
labels:
|
|
app: niks3-gc
|
|
spec:
|
|
restartPolicy: Never
|
|
containers:
|
|
- name: gc
|
|
image: ghcr.io/mic92/niks3:v1.6.1
|
|
# Image entrypoint is /bin/niks3-server; override with the client.
|
|
command: ["/bin/niks3", "gc"]
|
|
args:
|
|
- --server-url=http://niks3:5751
|
|
- --auth-token-path=/secrets/api-token
|
|
- --older-than=720h
|
|
volumeMounts:
|
|
- name: server
|
|
mountPath: /secrets
|
|
readOnly: true
|
|
resources:
|
|
requests:
|
|
cpu: 10m
|
|
memory: 32Mi
|
|
limits:
|
|
memory: 128Mi
|
|
volumes:
|
|
- name: server
|
|
secret:
|
|
secretName: server
|