-
Notifications
You must be signed in to change notification settings - Fork 135
Feat: Add Cloud-Custodian policies to clean-up Jenkins-BKPR staled resources #907
Conversation
…sources Signed-off-by: David Barranco <dbarranco@vmware.com>
Signed-off-by: David Barranco <dbarranco@vmware.com>
Signed-off-by: David Barranco <dbarranco@vmware.com>
Signed-off-by: David Barranco <dbarranco@vmware.com>
jenkins/cloud-custodian/Jenkinsfile
Outdated
sh "docker pull gcr.io/bitnami-images/sre-cloud-custodian:${env.CUSTODIAN_VERSION}" | ||
} | ||
} | ||
stage("Download the Custodian policy files") { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Can't we make these files available "locally" in the same (Jenkins) workspace?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
changed, thxx
jenkins/cloud-custodian/azure.yaml
Outdated
- type: value | ||
key: name | ||
op: regex | ||
value: '^(pr-|trying-|staging-)' |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Maybe also add .*bkpr
? to narrow this, obviously in case these match.
jenkins/cloud-custodian/google.yaml
Outdated
- type: value | ||
key: name | ||
op: regex | ||
value: '^(pr-|trying-|staging-)' |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
ditto narrowing regex
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM w/comments, we can further loop and improve this if needed.
Signed-off-by: David Barranco <dbarranco@vmware.com>
Signed-off-by: David Barranco <dbarranco@vmware.com>
Signed-off-by: David Barranco <dbarranco@vmware.com>
Signed-off-by: David Barranco <dbarranco@vmware.com>
This is ready. I will move the improvements in the locking system to a different PR (after the CloudCustodian gets updated). |
This Pull Request adds a Jenkinsfile that will execute the Cloud-Custodian to enforce hygiene policies in the different accounts/projects/subscriptions used by Jenkins-BKPR for its continuous integration tests.
At this moment, the following cloud resources are covered:
AWS
Google
Azure
In this first iteration of the Cloud Custodian Jenkins pipeline, GCP won't be added to the periodic clean-ups as the delete operations have not been coded yet. I will sign the CLA and contribute to this project with these operations (they seem to be trivial).
Same case for some AWS resources.
Pipeline details
Next action items
Signed-off-by: David Barranco dbarranco@vmware.com