Add TTL to Jobs

Jobs which are user created can often pile up and consume excess space in the cluster. In Kubernetes 1.23, the TTL-after-finished controller is stable and will automatically clean up these Jobs if the ttlSecondsAfterFinished is specified. This policy adds the ttlSecondsAfterFinished field to an Job that does not have an ownerReference set if not already specified.

Policy Definition

/other/add-ttl-jobs/add-ttl-jobs.yaml

 1apiVersion: kyverno.io/v1
 2kind: ClusterPolicy
 3metadata:
 4  name: add-ttl-jobs
 5  annotations:
 6    policies.kyverno.io/title: Add TTL to Jobs
 7    policies.kyverno.io/category: Other
 8    policies.kyverno.io/severity: medium
 9    policies.kyverno.io/subject: Job
10    kyverno.io/kyverno-version: 1.7.1
11    policies.kyverno.io/minversion: 1.6.0
12    kyverno.io/kubernetes-version: "1.23"
13    policies.kyverno.io/description: >-
14      Jobs which are user created can often pile up and consume
15      excess space in the cluster. In Kubernetes 1.23, the TTL-after-finished controller
16      is stable and will automatically clean up these Jobs if the ttlSecondsAfterFinished
17      is specified. This policy adds the ttlSecondsAfterFinished field to an Job that does
18      not have an ownerReference set if not already specified.
19spec:
20  rules:
21    - name: add-ttlSecondsAfterFinished
22      match:
23        any:
24        - resources:
25            kinds:
26              - Job
27      preconditions:
28        any:
29          - key: "{{ request.object.metadata.ownerReferences || `[]` }}"
30            operator: Equals
31            value: []
32      mutate:
33        patchStrategicMerge:
34          spec:
35            +(ttlSecondsAfterFinished): 900

Create policy issue