neon-vortex/build-job-cleanup.yaml

---
apiVersion: v1
kind: ServiceAccount
metadata:
  name: job-cleanup-sa
  namespace: flux-builds
---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
  name: job-cleanup-role
  namespace: flux-builds
rules:
- apiGroups: ["batch"]
  resources: ["jobs"]
  verbs: ["list", "delete", "deletecollection"]
- apiGroups: [""]
  resources: ["pods"]
  verbs: ["list", "delete"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
  name: job-cleanup-binding
  namespace: flux-builds
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: Role
  name: job-cleanup-role
subjects:
- kind: ServiceAccount
  name: job-cleanup-sa
  namespace: flux-builds
---
apiVersion: batch/v1
kind: CronJob
metadata:
  name: cleanup-old-build-jobs
  namespace: flux-builds
spec:
  schedule: "*/30 * * * *"  # Run every 30 minutes
  concurrencyPolicy: Forbid
  successfulJobsHistoryLimit: 1
  failedJobsHistoryLimit: 1
  jobTemplate:
    spec:
      template:
        spec:
          serviceAccountName: job-cleanup-sa
          restartPolicy: Never
          containers:
          - name: cleanup
            image: bitnami/kubectl:latest
            command:
            - /bin/bash
            - -c
            - |
              set -e
              echo "===== Cleaning up old build jobs ====="
              date

              # Keep only the last 10 successful jobs
              echo "Finding old successful jobs..."
              SUCCESSFUL_JOBS=$(kubectl get jobs -n flux-builds \
                -l app=neonvortex \
                --sort-by=.metadata.creationTimestamp \
                --field-selector status.successful=1 \
                -o jsonpath='{range .items[*]}{.metadata.name}{"\n"}{end}' | head -n -10)

              if [ -n "$SUCCESSFUL_JOBS" ]; then
                echo "Deleting old successful jobs:"
                echo "$SUCCESSFUL_JOBS"
                echo "$SUCCESSFUL_JOBS" | xargs -r kubectl delete job -n flux-builds
              else
                echo "No old successful jobs to delete"
              fi

              # Delete failed jobs older than 1 hour
              echo ""
              echo "Finding old failed jobs..."
              CUTOFF_TIME=$(date -u -d '1 hour ago' '+%Y-%m-%dT%H:%M:%SZ' 2>/dev/null || date -u -v-1H '+%Y-%m-%dT%H:%M:%SZ')

              FAILED_JOBS=$(kubectl get jobs -n flux-builds \
                -l app=neonvortex \
                --field-selector status.successful=0 \
                -o json | \
                jq -r --arg cutoff "$CUTOFF_TIME" \
                '.items[] | select(.status.completionTime < $cutoff or .status.startTime < $cutoff) | .metadata.name')

              if [ -n "$FAILED_JOBS" ]; then
                echo "Deleting old failed jobs:"
                echo "$FAILED_JOBS"
                echo "$FAILED_JOBS" | xargs -r kubectl delete job -n flux-builds
              else
                echo "No old failed jobs to delete"
              fi

              # Delete jobs older than 24 hours regardless of status
              echo ""
              echo "Finding jobs older than 24 hours..."
              CUTOFF_24H=$(date -u -d '24 hours ago' '+%Y-%m-%dT%H:%M:%SZ' 2>/dev/null || date -u -v-24H '+%Y-%m-%dT%H:%M:%SZ')

              OLD_JOBS=$(kubectl get jobs -n flux-builds \
                -l app=neonvortex \
                -o json | \
                jq -r --arg cutoff "$CUTOFF_24H" \
                '.items[] | select(.metadata.creationTimestamp < $cutoff) | .metadata.name')

              if [ -n "$OLD_JOBS" ]; then
                echo "Deleting jobs older than 24 hours:"
                echo "$OLD_JOBS"
                echo "$OLD_JOBS" | xargs -r kubectl delete job -n flux-builds
              else
                echo "No jobs older than 24 hours"
              fi

              echo ""
              echo "===== Cleanup complete ====="
              kubectl get jobs -n flux-builds -l app=neonvortex
Reorganize to dedicated namespaces with automatic cleanup Namespace Structure: - neonvortex: Application deployment and webhook listener - flux-builds: Build jobs with automatic cleanup - flux-system: Flux CD control plane (unchanged) Automatic Cleanup: - Build jobs: 30-minute TTL after completion - Cleanup CronJob: Runs every 30 minutes - Keeps last 10 successful builds - Deletes failed jobs older than 1 hour - Removes all jobs older than 24 hours Changes: - Moved HelmRelease from default to neonvortex namespace - Moved build jobs from default to flux-builds namespace - Updated webhook listener to create jobs in flux-builds - Updated Flux alerts to monitor new namespace - Cleaned up all resources from default namespace - Added dedicated ServiceAccounts and RBAC per namespace Benefits: - Clean namespace separation for better organization - Automatic job cleanup prevents resource accumulation - Build history maintained (last 10 successful builds) - Improved monitoring and troubleshooting - Default namespace is now clean Comprehensive migration guide in NAMESPACE_MIGRATION_GUIDE.md 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com> 2025-11-22 23:27:32 -05:00			`---`
			`apiVersion: v1`
			`kind: ServiceAccount`
			`metadata:`
			`name: job-cleanup-sa`
			`namespace: flux-builds`
			`---`
			`apiVersion: rbac.authorization.k8s.io/v1`
			`kind: Role`
			`metadata:`
			`name: job-cleanup-role`
			`namespace: flux-builds`
			`rules:`
			`- apiGroups: ["batch"]`
			`resources: ["jobs"]`
			`verbs: ["list", "delete", "deletecollection"]`
			`- apiGroups: [""]`
			`resources: ["pods"]`
			`verbs: ["list", "delete"]`
			`---`
			`apiVersion: rbac.authorization.k8s.io/v1`
			`kind: RoleBinding`
			`metadata:`
			`name: job-cleanup-binding`
			`namespace: flux-builds`
			`roleRef:`
			`apiGroup: rbac.authorization.k8s.io`
			`kind: Role`
			`name: job-cleanup-role`
			`subjects:`
			`- kind: ServiceAccount`
			`name: job-cleanup-sa`
			`namespace: flux-builds`
			`---`
			`apiVersion: batch/v1`
			`kind: CronJob`
			`metadata:`
			`name: cleanup-old-build-jobs`
			`namespace: flux-builds`
			`spec:`
			`schedule: "/30 * * *" # Run every 30 minutes`
			`concurrencyPolicy: Forbid`
			`successfulJobsHistoryLimit: 1`
			`failedJobsHistoryLimit: 1`
			`jobTemplate:`
			`spec:`
			`template:`
			`spec:`
			`serviceAccountName: job-cleanup-sa`
			`restartPolicy: Never`
			`containers:`
			`- name: cleanup`
			`image: bitnami/kubectl:latest`
			`command:`
			`- /bin/bash`
			`- -c`
			`- \|`
			`set -e`
			`echo "===== Cleaning up old build jobs ====="`
			`date`

			`# Keep only the last 10 successful jobs`
			`echo "Finding old successful jobs..."`
			`SUCCESSFUL_JOBS=$(kubectl get jobs -n flux-builds \`
			`-l app=neonvortex \`
			`--sort-by=.metadata.creationTimestamp \`
			`--field-selector status.successful=1 \`
			`-o jsonpath='{range .items[*]}{.metadata.name}{"\n"}{end}' \| head -n -10)`

			`if [ -n "$SUCCESSFUL_JOBS" ]; then`
			`echo "Deleting old successful jobs:"`
			`echo "$SUCCESSFUL_JOBS"`
			`echo "$SUCCESSFUL_JOBS" \| xargs -r kubectl delete job -n flux-builds`
			`else`
			`echo "No old successful jobs to delete"`
			`fi`

			`# Delete failed jobs older than 1 hour`
			`echo ""`
			`echo "Finding old failed jobs..."`
			`CUTOFF_TIME=$(date -u -d '1 hour ago' '+%Y-%m-%dT%H:%M:%SZ' 2>/dev/null \|\| date -u -v-1H '+%Y-%m-%dT%H:%M:%SZ')`

			`FAILED_JOBS=$(kubectl get jobs -n flux-builds \`
			`-l app=neonvortex \`
			`--field-selector status.successful=0 \`
			`-o json \| \`
			`jq -r --arg cutoff "$CUTOFF_TIME" \`
			`'.items[] \| select(.status.completionTime < $cutoff or .status.startTime < $cutoff) \| .metadata.name')`

			`if [ -n "$FAILED_JOBS" ]; then`
			`echo "Deleting old failed jobs:"`
			`echo "$FAILED_JOBS"`
			`echo "$FAILED_JOBS" \| xargs -r kubectl delete job -n flux-builds`
			`else`
			`echo "No old failed jobs to delete"`
			`fi`

			`# Delete jobs older than 24 hours regardless of status`
			`echo ""`
			`echo "Finding jobs older than 24 hours..."`
			`CUTOFF_24H=$(date -u -d '24 hours ago' '+%Y-%m-%dT%H:%M:%SZ' 2>/dev/null \|\| date -u -v-24H '+%Y-%m-%dT%H:%M:%SZ')`

			`OLD_JOBS=$(kubectl get jobs -n flux-builds \`
			`-l app=neonvortex \`
			`-o json \| \`
			`jq -r --arg cutoff "$CUTOFF_24H" \`
			`'.items[] \| select(.metadata.creationTimestamp < $cutoff) \| .metadata.name')`

			`if [ -n "$OLD_JOBS" ]; then`
			`echo "Deleting jobs older than 24 hours:"`
			`echo "$OLD_JOBS"`
			`echo "$OLD_JOBS" \| xargs -r kubectl delete job -n flux-builds`
			`else`
			`echo "No jobs older than 24 hours"`
			`fi`

			`echo ""`
			`echo "===== Cleanup complete ====="`
			`kubectl get jobs -n flux-builds -l app=neonvortex`