Add ttlSecondsAfterFinished into LDAP sync cron job

Upstream Kubernetes documentation is here: https://kubernetes.io/docs/concepts/workloads/controllers/ttlafterfinished/ What this change does - it makes sure that failed jobs do not linger but are cleaned up by OpenShift. In LDAP sync case the customer should only care about last sync success or failure. This should help with alert fatigue from KubeJobFailed when there is a glitch with LDAP sync. Similar (unrelated) change in CNO: https://github.com/openshift/cluster-network-operator/pull/1318 This is available since OpenShift 4.8
2026-02-05 21:46:22 +01:00 · 2022-06-24 16:40:35 +02:00
parent 0c32ce67ae
commit 6c8ec5f089
1 changed files with 8 additions and 6 deletions
--- a/modules/ldap-auto-syncing.adoc
+++ b/modules/ldap-auto-syncing.adoc
@@ -175,6 +175,7 @@ spec:
  jobTemplate:
    spec:
      backoffLimit: 0
+      ttlSecondsAfterFinished: 1800                                                  <3>
      template:
        spec:
          containers:
@@ -183,7 +184,7 @@ spec:
              command:
                - "/bin/bash"
                - "-c"
-                - "oc adm groups sync --sync-config=/etc/config/sync.yaml --confirm" <3>
+                - "oc adm groups sync --sync-config=/etc/config/sync.yaml --confirm" <4>
              volumeMounts:
                - mountPath: "/etc/config"
                  name: "ldap-sync-volume"
@@ -197,10 +198,10 @@ spec:
                name: "ldap-group-syncer"
            - name: "ldap-bind-password"
              secret:
-                secretName: "ldap-secret"                                            <4>
+                secretName: "ldap-secret"                                            <5>
            - name: "ldap-ca"
              configMap:
-                name: "ca-config-map"                                                <5>
+                name: "ca-config-map"                                                <6>
          restartPolicy: "Never"
          terminationGracePeriodSeconds: 30
          activeDeadlineSeconds: 500
@@ -209,9 +210,10 @@ spec:
 ----
 <1> Configure the settings for the cron job. See "Creating cron jobs" for more information on cron job settings.
 <2> The schedule for the job specified in link:https://en.wikipedia.org/wiki/Cron[cron format]. This example cron job runs every 30 minutes. Adjust the frequency as necessary, making sure to take into account how long the sync takes to run.
-<3> The LDAP sync command for the cron job to run. Passes in the sync configuration file that was defined in the config map.
-<4> This secret was created when the LDAP IDP was configured.
-<5> This config map was created when the LDAP IDP was configured.
+<3> How long, in seconds, to keep finished jobs. This should match the period of the job schedule in order to clean old failed jobs and prevent unnecessary alerts. For more information, see link:https://kubernetes.io/docs/concepts/workloads/controllers/ttlafterfinished[TTL-after-finished Controller] in the Kubernetes documentation.
+<4> The LDAP sync command for the cron job to run. Passes in the sync configuration file that was defined in the config map.
+<5> This secret was created when the LDAP IDP was configured.
+<6> This config map was created when the LDAP IDP was configured.

 . Create the cron job:
 +