admin/neon-vortex
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Reorganize to dedicated namespaces with automatic cleanup
Some checks failed
Build and Push to Harbor / build-and-push (push) Has been cancelled
Details

Browse Source 
**Namespace Structure:**
- neonvortex: Application deployment and webhook listener
- flux-builds: Build jobs with automatic cleanup
- flux-system: Flux CD control plane (unchanged)

**Automatic Cleanup:**
- Build jobs: 30-minute TTL after completion
- Cleanup CronJob: Runs every 30 minutes
  - Keeps last 10 successful builds
  - Deletes failed jobs older than 1 hour
  - Removes all jobs older than 24 hours

**Changes:**
- Moved HelmRelease from default to neonvortex namespace
- Moved build jobs from default to flux-builds namespace
- Updated webhook listener to create jobs in flux-builds
- Updated Flux alerts to monitor new namespace
- Cleaned up all resources from default namespace
- Added dedicated ServiceAccounts and RBAC per namespace

**Benefits:**
- Clean namespace separation for better organization
- Automatic job cleanup prevents resource accumulation
- Build history maintained (last 10 successful builds)
- Improved monitoring and troubleshooting
- Default namespace is now clean

Comprehensive migration guide in NAMESPACE_MIGRATION_GUIDE.md

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
This commit is contained in:
Neon Vortex
2025-11-22 23:27:32 -05:00
parent 066d6cae67
commit d7bc188ee5
6 changed files with 627 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

119
build-job-cleanup.yaml Normal file
View File

@@ -0,0 +1,119 @@
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: job-cleanup-sa
namespace: flux-builds
---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: job-cleanup-role
namespace: flux-builds
rules:
- apiGroups: ["batch"]
resources: ["jobs"]
verbs: ["list", "delete", "deletecollection"]
- apiGroups: [""]
resources: ["pods"]
verbs: ["list", "delete"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: job-cleanup-binding
namespace: flux-builds
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: job-cleanup-role
subjects:
- kind: ServiceAccount
name: job-cleanup-sa
namespace: flux-builds
---
apiVersion: batch/v1
kind: CronJob
metadata:
name: cleanup-old-build-jobs
namespace: flux-builds
spec:
schedule: "*/30 * * * *" # Run every 30 minutes
concurrencyPolicy: Forbid
successfulJobsHistoryLimit: 1
failedJobsHistoryLimit: 1
jobTemplate:
spec:
template:
spec:
serviceAccountName: job-cleanup-sa
restartPolicy: Never
containers:
- name: cleanup
image: bitnami/kubectl:latest
command:
- /bin/bash
- -c
- |
set -e
echo "===== Cleaning up old build jobs ====="
date
# Keep only the last 10 successful jobs
echo "Finding old successful jobs..."
SUCCESSFUL_JOBS=$(kubectl get jobs -n flux-builds \
-l app=neonvortex \
--sort-by=.metadata.creationTimestamp \
--field-selector status.successful=1 \
-o jsonpath='{range .items[*]}{.metadata.name}{"\n"}{end}' | head -n -10)
if [ -n "$SUCCESSFUL_JOBS" ]; then
echo "Deleting old successful jobs:"
echo "$SUCCESSFUL_JOBS"
echo "$SUCCESSFUL_JOBS" | xargs -r kubectl delete job -n flux-builds
else
echo "No old successful jobs to delete"
fi
# Delete failed jobs older than 1 hour
echo ""
echo "Finding old failed jobs..."
CUTOFF_TIME=$(date -u -d '1 hour ago' '+%Y-%m-%dT%H:%M:%SZ' 2>/dev/null || date -u -v-1H '+%Y-%m-%dT%H:%M:%SZ')
FAILED_JOBS=$(kubectl get jobs -n flux-builds \
-l app=neonvortex \
--field-selector status.successful=0 \
-o json | \
jq -r --arg cutoff "$CUTOFF_TIME" \
'.items[] | select(.status.completionTime < $cutoff or .status.startTime < $cutoff) | .metadata.name')
if [ -n "$FAILED_JOBS" ]; then
echo "Deleting old failed jobs:"
echo "$FAILED_JOBS"
echo "$FAILED_JOBS" | xargs -r kubectl delete job -n flux-builds
else
echo "No old failed jobs to delete"
fi
# Delete jobs older than 24 hours regardless of status
echo ""
echo "Finding jobs older than 24 hours..."
CUTOFF_24H=$(date -u -d '24 hours ago' '+%Y-%m-%dT%H:%M:%SZ' 2>/dev/null || date -u -v-24H '+%Y-%m-%dT%H:%M:%SZ')
OLD_JOBS=$(kubectl get jobs -n flux-builds \
-l app=neonvortex \
-o json | \
jq -r --arg cutoff "$CUTOFF_24H" \
'.items[] | select(.metadata.creationTimestamp < $cutoff) | .metadata.name')
if [ -n "$OLD_JOBS" ]; then
echo "Deleting jobs older than 24 hours:"
echo "$OLD_JOBS"
echo "$OLD_JOBS" | xargs -r kubectl delete job -n flux-builds
else
echo "No jobs older than 24 hours"
fi
echo ""
echo "===== Cleanup complete ====="
kubectl get jobs -n flux-builds -l app=neonvortex

192
build-trigger-cronjob-neonvortex.yaml Normal file
View File

@@ -0,0 +1,192 @@
---
apiVersion: v1
kind: ConfigMap
metadata:
name: build-trigger-script
namespace: neonvortex
data:
trigger-build.sh: |
#!/bin/bash
set -e
# Configuration
GIT_URL="http://192.168.1.49:13001/admin/neon-vortex.git"
REPO_DIR="/tmp/repo"
LAST_COMMIT_FILE="/data/last_commit"
echo "Checking for new commits..."
# Clone or update repository
if [ ! -d "$REPO_DIR" ]; then
git clone "$GIT_URL" "$REPO_DIR"
else
cd "$REPO_DIR"
git fetch origin main
git reset --hard origin/main
fi
cd "$REPO_DIR"
CURRENT_COMMIT=$(git rev-parse HEAD)
SHORT_COMMIT=$(git rev-parse --short HEAD)
echo "Current commit: $CURRENT_COMMIT"
# Read last processed commit
LAST_COMMIT=""
if [ -f "$LAST_COMMIT_FILE" ]; then
LAST_COMMIT=$(cat "$LAST_COMMIT_FILE")
echo "Last processed commit: $LAST_COMMIT"
fi
# Check if there are new commits
if [ "$CURRENT_COMMIT" != "$LAST_COMMIT" ]; then
echo "New commit detected! Triggering build..."
# Create a new build job with unique name
TIMESTAMP=$(date +%s)
JOB_NAME="build-cron-$SHORT_COMMIT-$TIMESTAMP"
# Generate build job YAML
cat <<EOF | kubectl apply -f -
apiVersion: batch/v1
kind: Job
metadata:
name: $JOB_NAME
namespace: flux-builds
labels:
app: neonvortex
build-trigger: cronjob
git-commit: "$SHORT_COMMIT"
spec:
ttlSecondsAfterFinished: 1800
template:
spec:
restartPolicy: Never
initContainers:
- name: git-clone
image: alpine/git:latest
command:
- sh
- -c
- |
git clone $GIT_URL /workspace
cd /workspace
git checkout $CURRENT_COMMIT
volumeMounts:
- name: workspace
mountPath: /workspace
containers:
- name: kaniko
image: gcr.io/kaniko-project/executor:latest
args:
- "--dockerfile=/workspace/htlm/Dockerfile"
- "--context=/workspace/htlm"
- "--destination=images.caffeinetux.com/apps/neon-vortex:latest"
- "--destination=images.caffeinetux.com/apps/neon-vortex:$SHORT_COMMIT"
- "--cache=true"
- "--cache-repo=images.caffeinetux.com/apps/neon-vortex/cache"
volumeMounts:
- name: workspace
mountPath: /workspace
- name: docker-config
mountPath: /kaniko/.docker
volumes:
- name: workspace
emptyDir: {}
- name: docker-config
secret:
secretName: harbor-registry
items:
- key: .dockerconfigjson
path: config.json
EOF
echo "Build job created: $JOB_NAME"
# Update last commit
echo "$CURRENT_COMMIT" > "$LAST_COMMIT_FILE"
echo "Updated last commit reference"
else
echo "No new commits. Skipping build."
fi
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: build-trigger-data
namespace: neonvortex
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 100Mi
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: build-trigger-cron-sa
namespace: neonvortex
---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: build-trigger-cron-role
namespace: flux-builds
rules:
- apiGroups: ["batch"]
resources: ["jobs"]
verbs: ["create", "get", "list", "watch"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: build-trigger-cron-binding
namespace: flux-builds
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: build-trigger-cron-role
subjects:
- kind: ServiceAccount
name: build-trigger-cron-sa
namespace: neonvortex
---
apiVersion: batch/v1
kind: CronJob
metadata:
name: neon-vortex-build-trigger
namespace: neonvortex
spec:
schedule: "*/5 * * * *" # Check every 5 minutes (backup to webhooks)
concurrencyPolicy: Forbid
successfulJobsHistoryLimit: 1
failedJobsHistoryLimit: 1
jobTemplate:
spec:
template:
spec:
serviceAccountName: build-trigger-cron-sa
restartPolicy: Never
containers:
- name: trigger
image: alpine/k8s:1.28.13
command: ["/bin/bash"]
args:
- -c
- |
apk add --no-cache git bash curl
/scripts/trigger-build.sh
volumeMounts:
- name: script
mountPath: /scripts
- name: data
mountPath: /data
volumes:
- name: script
configMap:
name: build-trigger-script
defaultMode: 0755
- name: data
persistentVolumeClaim:
claimName: build-trigger-data

35
flux-alerts-neonvortex.yaml Normal file
View File

@@ -0,0 +1,35 @@
---
apiVersion: notification.toolkit.fluxcd.io/v1beta3
kind: Alert
metadata:
name: neon-vortex-git
namespace: flux-system
spec:
summary: "Neon Vortex Git Updates"
providerRef:
name: neon-vortex-notify
eventSeverity: info
eventSources:
- kind: GitRepository
name: neon-vortex
namespace: flux-system
exclusionList:
- ".*health check.*"
---
apiVersion: notification.toolkit.fluxcd.io/v1beta3
kind: Alert
metadata:
name: neon-vortex-deploy
namespace: flux-system
spec:
summary: "Neon Vortex Deployment Status"
providerRef:
name: neon-vortex-notify
eventSeverity: info
eventSources:
- kind: HelmRelease
name: neon-vortex
namespace: neonvortex
exclusionList:
- ".*health check.*"
- ".*reconciliation in progress.*"

21
flux-helmrelease-neonvortex.yaml Normal file
View File

@@ -0,0 +1,21 @@
apiVersion: helm.toolkit.fluxcd.io/v2
kind: HelmRelease
metadata:
name: neon-vortex
namespace: neonvortex
spec:
interval: 5m
chart:
spec:
chart: ./neon-vortex-chart
sourceRef:
kind: GitRepository
name: neon-vortex
namespace: flux-system
interval: 1m
values:
image:
registry: images.caffeinetux.com
repository: apps/neon-vortex
tag: latest
pullPolicy: Always

16
namespaces.yaml Normal file
View File

@@ -0,0 +1,16 @@
---
apiVersion: v1
kind: Namespace
metadata:
name: neonvortex
labels:
app: neonvortex
toolkit.fluxcd.io/tenant: neonvortex
---
apiVersion: v1
kind: Namespace
metadata:
name: flux-builds
labels:
app: flux-builds
toolkit.fluxcd.io/tenant: neonvortex

244
webhook-build-trigger-neonvortex.yaml Normal file
View File

@@ -0,0 +1,244 @@
---
apiVersion: v1
kind: ConfigMap
metadata:
name: webhook-build-script
namespace: neonvortex
data:
trigger-build.sh: |
#!/bin/bash
set -e
echo "===== Git Push Detected - Triggering Build ====="
date
# Clone the repository
echo "Cloning repository..."
git clone http://192.168.1.49:13001/admin/neon-vortex.git /tmp/repo
cd /tmp/repo
# Get commit info
GIT_COMMIT=$(git rev-parse HEAD)
GIT_SHORT=$(git rev-parse --short HEAD)
GIT_MSG=$(git log -1 --pretty=%B | head -1)
GIT_AUTHOR=$(git log -1 --pretty=%an)
echo "Commit: $GIT_SHORT ($GIT_COMMIT)"
echo "Author: $GIT_AUTHOR"
echo "Message: $GIT_MSG"
# Generate unique job name
TIMESTAMP=$(date +%s)
JOB_NAME="build-${GIT_SHORT}-${TIMESTAMP}"
echo "Creating build job: $JOB_NAME"
# Send start notification
curl -s -X POST "https://notify.caffeinetux.com/message?token=APMvTuncQJmm6vd" \
-F "title=🔨 Neon Vortex Build Started" \
-F "message=Commit: ${GIT_SHORT} by ${GIT_AUTHOR} - ${GIT_MSG}" \
-F "priority=5" || echo "Notification failed"
# Create the build job in flux-builds namespace
kubectl apply -f - <<EOF
apiVersion: batch/v1
kind: Job
metadata:
name: $JOB_NAME
namespace: flux-builds
labels:
app: neonvortex
build-trigger: webhook
git-commit: "$GIT_SHORT"
annotations:
git-commit-full: "$GIT_COMMIT"
git-message: "$GIT_MSG"
git-author: "$GIT_AUTHOR"
spec:
ttlSecondsAfterFinished: 1800
backoffLimit: 0
template:
metadata:
labels:
app: neonvortex
build-job: "true"
spec:
restartPolicy: Never
initContainers:
- name: git-clone
image: alpine/git:latest
command:
- sh
- -c
- |
set -e
echo "Cloning and checking out $GIT_COMMIT..."
git clone http://192.168.1.49:13001/admin/neon-vortex.git /workspace
cd /workspace
git checkout $GIT_COMMIT
echo "Repository ready for build"
env:
- name: GIT_COMMIT
value: "$GIT_COMMIT"
volumeMounts:
- name: workspace
mountPath: /workspace
containers:
- name: kaniko
image: gcr.io/kaniko-project/executor:latest
args:
- "--dockerfile=/workspace/htlm/Dockerfile"
- "--context=/workspace/htlm"
- "--destination=images.caffeinetux.com/apps/neon-vortex:latest"
- "--destination=images.caffeinetux.com/apps/neon-vortex:$GIT_SHORT"
- "--cache=true"
- "--cache-repo=images.caffeinetux.com/apps/neon-vortex/cache"
- "--label=git.commit=$GIT_COMMIT"
- "--label=git.short=$GIT_SHORT"
- "--label=git.message=$GIT_MSG"
- "--label=git.author=$GIT_AUTHOR"
volumeMounts:
- name: workspace
mountPath: /workspace
- name: docker-config
mountPath: /kaniko/.docker
- name: notify-completion
image: alpine:latest
command:
- sh
- -c
- |
set -e
apk add --no-cache curl
echo "Waiting for Kaniko to complete..."
sleep 10
# Send completion notification
curl -s -X POST "https://notify.caffeinetux.com/message?token=APMvTuncQJmm6vd" \
-F "title=✅ Neon Vortex Build Complete" \
-F "message=Image built successfully for commit ${GIT_SHORT}. Deployment will update automatically." \
-F "priority=5"
echo "Completion notification sent"
env:
- name: GIT_SHORT
value: "$GIT_SHORT"
volumes:
- name: workspace
emptyDir: {}
- name: docker-config
secret:
secretName: harbor-registry
items:
- key: .dockerconfigjson
path: config.json
EOF
if [ $? -eq 0 ]; then
echo "✅ Build job $JOB_NAME created successfully"
else
echo "❌ Failed to create build job"
curl -s -X POST "https://notify.caffeinetux.com/message?token=APMvTuncQJmm6vd" \
-F "title=❌ Neon Vortex Build Failed" \
-F "message=Failed to create build job for commit ${GIT_SHORT}" \
-F "priority=8"
exit 1
fi
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: build-trigger-sa
namespace: neonvortex
---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: build-trigger-role
namespace: flux-builds
rules:
- apiGroups: ["batch"]
resources: ["jobs"]
verbs: ["create", "get", "list", "watch", "delete"]
- apiGroups: [""]
resources: ["pods", "pods/log"]
verbs: ["get", "list", "watch"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: build-trigger-binding
namespace: flux-builds
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: build-trigger-role
subjects:
- kind: ServiceAccount
name: build-trigger-sa
namespace: neonvortex
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: webhook-build-listener
namespace: neonvortex
spec:
replicas: 1
selector:
matchLabels:
app: webhook-build-listener
template:
metadata:
labels:
app: webhook-build-listener
spec:
serviceAccountName: build-trigger-sa
containers:
- name: listener
image: alpine/k8s:1.28.13
command:
- sh
- -c
- |
apk add --no-cache socat bash git curl
echo "Starting webhook listener on port 8080..."
while true; do
echo "Waiting for webhook trigger..."
echo -e "HTTP/1.1 200 OK\r\nContent-Length: 2\r\n\r\nOK" | \
socat TCP-LISTEN:8080,reuseaddr,fork STDIO | \
while read line; do
if echo "$line" | grep -q "POST /webhook"; then
echo "Webhook received! Triggering build..."
bash /scripts/trigger-build.sh &
break
fi
done
sleep 2
done
volumeMounts:
- name: script
mountPath: /scripts
volumes:
- name: script
configMap:
name: webhook-build-script
defaultMode: 0755
---
apiVersion: v1
kind: Service
metadata:
name: webhook-build-listener
namespace: neonvortex
spec:
type: NodePort
selector:
app: webhook-build-listener
ports:
- port: 8080
targetPort: 8080
nodePort: 30091
name: webhook