From cca994eb1a76d90c8ee267f82fd0360334aeb1e7 Mon Sep 17 00:00:00 2001
From: Niels de Vos <ndevos@ibm.com>
Date: Mon, 20 Mar 2023 13:36:17 +0100
Subject: [PATCH] ci: run registry garbage collection every week

In the old OpenShift cluster the registry consumer 800+ GB of data. Once
running the garbage collection manually, the consumption reduced to a
little over 8GB. Let's be nice users of the infrastructure and run
garbage collection weekly.

Signed-off-by: Niels de Vos <ndevos@ibm.com>
---
 deploy/docker-gc.yaml | 44 +++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 44 insertions(+)
 create mode 100644 deploy/docker-gc.yaml

diff --git a/deploy/docker-gc.yaml b/deploy/docker-gc.yaml
new file mode 100644
index 000000000..28b33a702
--- /dev/null
+++ b/deploy/docker-gc.yaml
@@ -0,0 +1,44 @@
+---
+apiVersion: batch/v1
+kind: CronJob
+metadata:
+  name: docker-gc
+  labels:
+    app: docker-gc
+spec:
+  schedule: '@weekly'
+  jobTemplate:
+    spec:
+      template:
+        metadata:
+          labels:
+            app: docker-gc
+        spec:
+          containers:
+            - name: docker-gc
+              image: docker.io/library/registry:2
+              args:
+                - registry
+                - garbage-collect
+                - /config/config.yml
+                - --delete-untagged
+              volumeMounts:
+                - name: container-images
+                  mountPath: /var/lib/registry
+                - name: config
+                  mountPath: /config
+              securityContext:
+                allowPrivilegeEscalation: false
+                runAsNonRoot: true
+                capabilities:
+                  drop: ["ALL"]
+                seccompProfile:
+                  type: RuntimeDefault
+          volumes:
+            - name: container-images
+              persistentVolumeClaim:
+                claimName: ceph-csi-image-registry
+            - name: config
+              secret:
+                secretName: container-registry-config
+          restartPolicy: OnFailure