From 82054bbacb309dde29b004afef8bbe260dc4f0f4 Mon Sep 17 00:00:00 2001
From: Dan Jurgensmeyer <day4skiing@gmail.com>
Date: Thu, 4 Jan 2018 17:16:44 -0500
Subject: [PATCH 1/4] Bash Script for pruning projects

---
 .../include/prune-ocp-projects.bash           | 41 +++++++++++++++++++
 1 file changed, 41 insertions(+)
 create mode 100755 images/prune-ocp-projects/include/prune-ocp-projects.bash

diff --git a/images/prune-ocp-projects/include/prune-ocp-projects.bash b/images/prune-ocp-projects/include/prune-ocp-projects.bash
new file mode 100755
index 0000000..ff9ef8f
--- /dev/null
+++ b/images/prune-ocp-projects/include/prune-ocp-projects.bash
@@ -0,0 +1,41 @@
+#!/bin/bash
+declare -a sys_exclude=("cluster-ops"  "kube-public" "logging")
+declare -a user_exclude=("infographic-delivery" "dantest")
+declare -A projects
+for project in `oc get project -o=custom-columns=NAME:.metadata.name --no-headers` ;
+do
+#  echo "found: ${project}"
+  projects[${project}]="found"
+done
+
+# delete the excluded
+for sys in "${sys_exclude[@]}" 
+do
+  unset projects[${sys}]
+#  echo "unset sys ${sys}"
+done
+
+for user in "${user_exclude[@]}" 
+do
+  unset projects[${user}]
+#  echo "unset user ${user}"
+done
+
+# capture time for each project
+for prj in "${!projects[@]}" 
+do
+# need variable for time
+  purgetime=`date -d "12" +%s`
+  temp=`oc get project ${prj} -o=custom-columns=time:.metadata.creationTimestamp --no-headers`
+  projects[${prj}]=`date -d "${temp}" +%s`
+
+  echo "del: ${purgetime}: creationTimeEpocSec: ${prj}: ${projects[${prj}]}"
+  if [ $purgetime -gt ${projects[${prj}]} ]; then
+     echo "oc delete"
+  else
+     echo "No delete keep"
+  fi
+done
+
+
+

From 00b299f9135f1cf13f5b4c97ac7f2d420e756d2c Mon Sep 17 00:00:00 2001
From: Dan Jurgensmeyer <day4skiing@gmail.com>
Date: Thu, 4 Jan 2018 17:20:17 -0500
Subject: [PATCH 2/4] rename .bash to .sh

---
 .../include/{prune-ocp-projects.bash => prune-ocp-projects.sh}    | 0
 1 file changed, 0 insertions(+), 0 deletions(-)
 rename images/prune-ocp-projects/include/{prune-ocp-projects.bash => prune-ocp-projects.sh} (100%)

diff --git a/images/prune-ocp-projects/include/prune-ocp-projects.bash b/images/prune-ocp-projects/include/prune-ocp-projects.sh
similarity index 100%
rename from images/prune-ocp-projects/include/prune-ocp-projects.bash
rename to images/prune-ocp-projects/include/prune-ocp-projects.sh

From b93e3abf65a8efac6a197b3c4c9e3db70448ed21 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=C3=98ystein=20Bedin?= <bedin@redhat.com>
Date: Fri, 5 Jan 2018 04:16:37 +0000
Subject: [PATCH 3/4] Cronjob for Pruning Projects

---
 images/prune-ocp-projects/Dockerfile          |  13 ++
 .../include/prune-ocp-projects.sh             |  64 ++++----
 jobs/cronjob-prune-projects.yaml              | 146 ++++++++++++++++++
 3 files changed, 196 insertions(+), 27 deletions(-)
 create mode 100644 images/prune-ocp-projects/Dockerfile
 create mode 100644 jobs/cronjob-prune-projects.yaml

diff --git a/images/prune-ocp-projects/Dockerfile b/images/prune-ocp-projects/Dockerfile
new file mode 100644
index 0000000..cc43f62
--- /dev/null
+++ b/images/prune-ocp-projects/Dockerfile
@@ -0,0 +1,13 @@
+FROM centos:7
+
+LABEL io.k8s.description="OCP Project Pruner" \
+      io.k8s.display-name="OCP Project Pruner"
+
+ENV PATH=$PATH:/usr/local/bin
+
+ADD include/prune-ocp-projects.sh /usr/local/bin/
+
+RUN curl https://mirror.openshift.com/pub/openshift-v3/clients/3.7.18/linux/oc.tar.gz | tar -C /usr/local/bin/ -xzf -
+RUN chmod +x /usr/local/bin/prune-ocp-projects.sh
+
+CMD [ "/usr/local/bin/prune-ocp-projects.sh" ]
diff --git a/images/prune-ocp-projects/include/prune-ocp-projects.sh b/images/prune-ocp-projects/include/prune-ocp-projects.sh
index ff9ef8f..594eac6 100755
--- a/images/prune-ocp-projects/include/prune-ocp-projects.sh
+++ b/images/prune-ocp-projects/include/prune-ocp-projects.sh
@@ -1,41 +1,51 @@
 #!/bin/bash
-declare -a sys_exclude=("cluster-ops"  "kube-public" "logging")
-declare -a user_exclude=("infographic-delivery" "dantest")
+
+# Make sure to declare these two environment variables to prevent projects to be deleted
+# The values should be set as a quoted list of projects - i.e:
+# 'default openshift openshift-infra'
+#PROJECT_EXCLUDE_SYSTEM
+#PROJECT_EXCLUDE_USER
+
+# Use an indexed array to keep track of existing projects
 declare -A projects
-for project in `oc get project -o=custom-columns=NAME:.metadata.name --no-headers` ;
-do
-#  echo "found: ${project}"
-  projects[${project}]="found"
-done
 
-# delete the excluded
-for sys in "${sys_exclude[@]}" 
+for project in `oc get project -o=custom-columns=NAME:.metadata.name --no-headers`;
 do
-  unset projects[${sys}]
-#  echo "unset sys ${sys}"
+  projects["${project}"]="found"
 done
 
-for user in "${user_exclude[@]}" 
-do
-  unset projects[${user}]
-#  echo "unset user ${user}"
-done
+# Eliminate the "System projects"
+if [ -n "${PROJECT_EXCLUDE_SYSTEM}" ];
+then
+  for project in ${PROJECT_EXCLUDE_SYSTEM};
+  do
+    unset projects["${project}"]
+  done
+fi
+
+# Eliminate the "User projects"
+if [ -n "${PROJECT_EXCLUDE_USER}" ];
+then
+  for project in ${PROJECT_EXCLUDE_USER};
+  do
+    unset projects["${project}"]
+  done
+fi
 
-# capture time for each project
-for prj in "${!projects[@]}" 
+# Capture the timestamp for each project and only delete projects older
+# than the set number of hours
+for project in "${!projects[@]}";
 do
-# need variable for time
-  purgetime=`date -d "12" +%s`
-  temp=`oc get project ${prj} -o=custom-columns=time:.metadata.creationTimestamp --no-headers`
-  projects[${prj}]=`date -d "${temp}" +%s`
+  # need variable for time
+  purgetime=`date -d "${TIMESTAMP_HOURS_AGO}" +%s`
+  temp=`oc get project ${project} -o=custom-columns=time:.metadata.creationTimestamp --no-headers`
+  projects[${project}]=`date -d "${temp}" +%s`
 
-  echo "del: ${purgetime}: creationTimeEpocSec: ${prj}: ${projects[${prj}]}"
-  if [ $purgetime -gt ${projects[${prj}]} ]; then
+  echo "del: ${purgetime}: creationTimeEpocSec: ${project}: ${projects[${project}]}"
+  if [ ${purgetime} -gt ${projects[${project}]} ];
+  then
      echo "oc delete"
   else
      echo "No delete keep"
   fi
 done
-
-
-
diff --git a/jobs/cronjob-prune-projects.yaml b/jobs/cronjob-prune-projects.yaml
new file mode 100644
index 0000000..caf2dc6
--- /dev/null
+++ b/jobs/cronjob-prune-projects.yaml
@@ -0,0 +1,146 @@
+---
+apiVersion: v1
+kind: Template
+metadata:
+  name: cronjob-prune-projects
+objects:
+- apiVersion: v1
+  kind: ImageStream
+  metadata:
+    annotations:
+      description: Keeps track of changes in the application image
+    name: ${NAME}
+    labels:
+      template: cronjob-prune-projects
+- apiVersion: v1
+  kind: BuildConfig
+  metadata:
+    annotations:
+      description: Defines how to build the application
+    name: ${NAME}
+    labels:
+      template: cronjob-prune-projects
+  spec:
+    completionDeadlineSeconds: "1800"
+    output:
+      to:
+        kind: ImageStreamTag
+        name: ${NAME}:latest
+    runPolicy: Serial
+    source:
+      git:
+        uri: https://github.com/oybed/openshift-management.git
+        ref: prune
+      contextDir: /images/prune-ocp-projects
+    strategy:
+      dockerStrategy:
+        from:
+          kind: DockerImage
+          name: centos:7
+      type: Docker
+    triggers:
+    - type: ConfigChange
+- apiVersion: batch/v2alpha1
+  kind: CronJob
+  metadata:
+    name: "${JOB_NAME}"
+    labels:
+      template: cronjob-prune-projects
+  spec:
+    schedule: "${SCHEDULE}"
+    concurrencyPolicy: Forbid
+    successfulJobsHistoryLimit: "${SUCCESS_JOBS_HISTORY_LIMIT}"
+    failedJobsHistoryLimit: "${FAILED_JOBS_HISTORY_LIMIT}"
+    jobTemplate:
+      spec:
+        template:
+          spec:
+            containers:
+            - name: "${JOB_NAME}"
+              image: docker-registry.default.svc:5000/${NAMESPACE}/${NAME}:latest
+              command:
+                - "/bin/bash"
+                - "-c"
+                - "/usr/local/bin/prune-ocp-projects.sh"
+              env:
+              - name: PROJECT_EXCLUDE_USER
+                value: "${PROJECT_EXCLUDE_USER}"
+              - name: PROJECT_EXCLUDE_SYSTEM
+                value: "${PROJECT_EXCLUDE_SYSTEM}"
+              - name: TIMESTAMP_HOURS_AGO
+                value: "${TIMESTAMP_HOURS_AGO}"
+            restartPolicy: Never
+            terminationGracePeriodSeconds: 30
+            activeDeadlineSeconds: 500
+            dnsPolicy: ClusterFirst
+            serviceAccountName: "${JOB_SERVICE_ACCOUNT}"
+            serviceAccount: "${JOB_SERVICE_ACCOUNT}"
+- apiVersion: v1
+  kind: ClusterRoleBinding
+  metadata:
+    name: system:project-pruners
+    labels:
+      template: cronjob-prune-projects
+  roleRef:
+    name: cluster-admin
+  subjects:
+  - kind: ServiceAccount
+    name: ${JOB_SERVICE_ACCOUNT}
+  userNames:
+  - system:serviceaccount:${NAMESPACE}:${JOB_SERVICE_ACCOUNT}
+- apiVersion: v1
+  kind: ServiceAccount
+  metadata:
+    name: ${JOB_SERVICE_ACCOUNT}
+    labels:
+      template: cronjob-prune-projects
+parameters:
+- description: The name assigned to all of the frontend objects defined in this template.
+  displayName: Name
+  name: NAME
+  required: true
+  value: prune-ocp-projects
+- name: JOB_NAME
+  displayName: Job Name
+  description: Name of the Scheduled Job to Create.
+  value: cronjob-prune-projects
+  required: true
+- name: SCHEDULE
+  displayName: Cron Schedule
+  description: Cron Schedule to Execute the Job
+  value: "@hourly"
+  required: true
+- name: SUCCESS_JOBS_HISTORY_LIMIT
+  displayName: Successful Job History Limit
+  description: The number of successful jobs that will be retained
+  value: '5'
+  required: true
+- name: FAILED_JOBS_HISTORY_LIMIT
+  displayName: Failed Job History Limit
+  description: The number of failed jobs that will be retained
+  value: '5'
+  required: true
+- name: NAMESPACE
+  displayName: "Namespace where this is deployed"
+  description: "Namespace where this is deployed."
+  value: "cluster-maintenance"
+  required: true
+- name: PROJECT_EXCLUDE_SYSTEM
+  displayName: System projects to exclude from the Prune Job
+  description: System projects that should not be deleted
+  value: default kube-public kube-service-catalog kube-system logging management-infra openshift openshift-ansible-service-broker openshift-infra openshift-node openshift-template-service-broker
+  required: true
+- name: PROJECT_EXCLUDE_USER
+  displayName: User defined projects to exclude from the Prune Job
+  description: User projects that should not be deleted
+  required: true
+- name: TIMESTAMP_HOURS_AGO
+  displayName: Prune projects older than X hours
+  description: The number of hours "old" the project needs to be - i.e. '-2hours'
+  value: '-12hours'
+  required: true
+- name: JOB_SERVICE_ACCOUNT
+  displayName: "Service Account Name"
+  description: "Name of the Service Account To Execute the Job As."
+  value: "pruner"
+  required: true

From fee769fdb6260f9f96f4b0e6f3eac27cb41f0cc7 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=C3=98ystein=20Bedin?= <bedin@redhat.com>
Date: Fri, 5 Jan 2018 06:28:55 +0000
Subject: [PATCH 4/4] Cronjob for Pruning Projects

---
 images/prune-ocp-projects/include/prune-ocp-projects.sh | 6 ++----
 1 file changed, 2 insertions(+), 4 deletions(-)

diff --git a/images/prune-ocp-projects/include/prune-ocp-projects.sh b/images/prune-ocp-projects/include/prune-ocp-projects.sh
index 594eac6..ab0d695 100755
--- a/images/prune-ocp-projects/include/prune-ocp-projects.sh
+++ b/images/prune-ocp-projects/include/prune-ocp-projects.sh
@@ -41,11 +41,9 @@ do
   temp=`oc get project ${project} -o=custom-columns=time:.metadata.creationTimestamp --no-headers`
   projects[${project}]=`date -d "${temp}" +%s`
 
-  echo "del: ${purgetime}: creationTimeEpocSec: ${project}: ${projects[${project}]}"
   if [ ${purgetime} -gt ${projects[${project}]} ];
   then
-     echo "oc delete"
-  else
-     echo "No delete keep"
+     echo "Deleting project ${project}"
+     oc delete project ${project}
   fi
 done