From 262a3da88efdf047bc6ed1c1daaf19efb9fd5cc1 Mon Sep 17 00:00:00 2001
From: Pascal Iske <info@pascaliske.dev>
Date: Wed, 17 Jan 2024 13:27:55 +0100
Subject: [PATCH] feat(gitlab): automate registry garbage collection via cron
 job

---
 charts/gitlab/Chart.yaml                      |  6 +--
 charts/gitlab/README.md                       | 12 +++++-
 charts/gitlab/templates/_helpers.tpl          | 11 +++++
 .../{cronjob.yaml => cronjob-backup.yaml}     |  0
 charts/gitlab/templates/cronjob-garbage.yaml  | 42 +++++++++++++++++++
 charts/gitlab/values.yaml                     | 19 +++++++++
 6 files changed, 84 insertions(+), 6 deletions(-)
 rename charts/gitlab/templates/{cronjob.yaml => cronjob-backup.yaml} (100%)
 create mode 100644 charts/gitlab/templates/cronjob-garbage.yaml

diff --git a/charts/gitlab/Chart.yaml b/charts/gitlab/Chart.yaml
index 51371481..27e0d2ab 100644
--- a/charts/gitlab/Chart.yaml
+++ b/charts/gitlab/Chart.yaml
@@ -3,7 +3,7 @@ apiVersion: v2
 type: application
 name: gitlab
 description: A Helm chart for GitLab Omnibus
-version: 3.0.0
+version: 3.1.0
 # renovate: image=gitlab/gitlab-ce
 appVersion: "16.7.3-ce.0"
 
@@ -25,7 +25,5 @@ dependencies:
 
 annotations:
   artifacthub.io/changes: |
-    - kind: removed
-      description: 'Remove support for CRDs from "traefik.containo.us".'
     - kind: added
-      description: 'Add support for CRDs from "traefik.io".'
+      description: 'Automate registry garbage collection via cron job.'
diff --git a/charts/gitlab/README.md b/charts/gitlab/README.md
index cd157ab9..80218d65 100644
--- a/charts/gitlab/README.md
+++ b/charts/gitlab/README.md
@@ -2,7 +2,7 @@
 
 > A Helm chart for GitLab Omnibus
 
-[![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ](https://charts.pascaliske.dev/charts/gitlab/)[![Version: 3.0.0](https://img.shields.io/badge/Version-3.0.0-informational?style=flat-square) ](https://charts.pascaliske.dev/charts/gitlab/)[![AppVersion: 16.5.0-ce.0](https://img.shields.io/badge/AppVersion-16.5.0--ce.0-informational?style=flat-square) ](https://charts.pascaliske.dev/charts/gitlab/)
+[![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ](https://charts.pascaliske.dev/charts/gitlab/)[![Version: 3.1.0](https://img.shields.io/badge/Version-3.1.0-informational?style=flat-square) ](https://charts.pascaliske.dev/charts/gitlab/)[![AppVersion: 16.7.3-ce.0](https://img.shields.io/badge/AppVersion-16.7.3--ce.0-informational?style=flat-square) ](https://charts.pascaliske.dev/charts/gitlab/)
 
 * <https://github.com/pascaliske/helm-charts>
 * <https://docs.gitlab.com>
@@ -111,6 +111,14 @@ The following values can be used to adjust the helm chart.
 | rbac.annotations | object | `{}` | Additional annotations for the role and role binding objects. |
 | rbac.create | bool | `true` | Create `Role` and `RoleBinding` objects. |
 | rbac.labels | object | `{}` | Additional labels for the role and role binding objects. |
+| registryGarbageCollection.cronJob.annotations | object | `{}` | Additional annotations for the cronjob object. |
+| registryGarbageCollection.cronJob.enabled | bool | `false` | Create a `CronJob` object for automated garbage collection. |
+| registryGarbageCollection.cronJob.failedJobsHistoryLimit | int | `1` | The number of failed finished jobs to retain. |
+| registryGarbageCollection.cronJob.labels | object | `{}` | Additional labels for the cronjob object. |
+| registryGarbageCollection.cronJob.removeUntaggedManifests | bool | `false` | Include untagged manifests and unreferenced layers if set to true. |
+| registryGarbageCollection.cronJob.schedule | string | `"0 3 * * 1"` | Schedule for automated garbage collections. |
+| registryGarbageCollection.cronJob.successfulJobsHistoryLimit | int | `3` | The number of successful finished jobs to retain. |
+| registryGarbageCollection.cronJob.suspend | bool | `false` | Enable/disable the cron job schedule quickly. |
 | resources | object | `{}` | Compute resources used by the container. More info [here](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/). |
 | securityContext | object | `{}` | Pod-level security attributes. More info [here](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#security-context). |
 | service.annotations | object | `{}` | Additional annotations for the service object. |
@@ -128,4 +136,4 @@ The following values can be used to adjust the helm chart.
 
 ## License
 
-[MIT](../LICENSE.md) – © 2023 [Pascal Iske](https://pascaliske.dev)
+[MIT](../LICENSE.md) – © 2024 [Pascal Iske](https://pascaliske.dev)
diff --git a/charts/gitlab/templates/_helpers.tpl b/charts/gitlab/templates/_helpers.tpl
index 8908bac4..1032f065 100644
--- a/charts/gitlab/templates/_helpers.tpl
+++ b/charts/gitlab/templates/_helpers.tpl
@@ -101,6 +101,17 @@ Backups command
 {{ printf "kubectl exec -it -n %s deploy/%s -- gitlab-backup create" .Release.Namespace (include "gitlab.fullname" . ) }}
 {{- end }}
 
+{{/*
+Registry garbage collection command
+*/}}
+{{- define "gitlab.registryGarbageCollection.command" -}}
+{{- if .Values.registryGarbageCollection.cronJob.removeUntaggedManifests }}
+{{- printf "kubectl exec -it -n %s deploy/%s -- gitlab-ctl registry-garbage-collect -m" .Release.Namespace (include "gitlab.fullname" . ) }}
+{{- else }}
+{{- printf "kubectl exec -it -n %s deploy/%s -- gitlab-ctl registry-garbage-collect" .Release.Namespace (include "gitlab.fullname" . ) }}
+{{- end }}
+{{- end }}
+
 {{/*
 Certificate name
 */}}
diff --git a/charts/gitlab/templates/cronjob.yaml b/charts/gitlab/templates/cronjob-backup.yaml
similarity index 100%
rename from charts/gitlab/templates/cronjob.yaml
rename to charts/gitlab/templates/cronjob-backup.yaml
diff --git a/charts/gitlab/templates/cronjob-garbage.yaml b/charts/gitlab/templates/cronjob-garbage.yaml
new file mode 100644
index 00000000..545232fa
--- /dev/null
+++ b/charts/gitlab/templates/cronjob-garbage.yaml
@@ -0,0 +1,42 @@
+{{- if and .Values.registryGarbageCollection.cronJob.enabled .Values.registryGarbageCollection.cronJob.schedule -}}
+apiVersion: batch/v1
+kind: CronJob
+metadata:
+  name: {{ printf "%s-registry-gc" (include "gitlab.fullname" . ) }}
+  labels:
+    {{- include "gitlab.labels" . | nindent 4 }}
+    {{- with .Values.registryGarbageCollection.cronJob.labels }}
+    {{ toYaml . | indent 4 }}
+    {{- end }}
+  {{- with .Values.registryGarbageCollection.cronJob.annotations }}
+  annotations:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+spec:
+  schedule: {{ .Values.registryGarbageCollection.cronJob.schedule }}
+  suspend: {{ .Values.registryGarbageCollection.cronJob.suspend }}
+  concurrencyPolicy: Forbid
+  successfulJobsHistoryLimit: {{ .Values.registryGarbageCollection.cronJob.successfulJobsHistoryLimit }}
+  failedJobsHistoryLimit: {{ .Values.registryGarbageCollection.cronJob.failedJobsHistoryLimit }}
+  jobTemplate:
+    {{- with .Values.registryGarbageCollection.cronJob.annotations }}
+    metadata:
+      annotations:
+        {{- toYaml . | nindent 8 }}
+    {{- end }}
+    spec:
+      template:
+        spec:
+          serviceAccountName: {{ include "gitlab.serviceAccountName" . }}
+          restartPolicy: Never
+          containers:
+            - name: {{ printf "%s-registry-gc" (include "gitlab.fullname" . ) }}
+              image: ghcr.io/pascaliske/alpine-kubectl:latest
+              imagePullPolicy: Always
+              command: ["/bin/sh"]
+              args: ["-c", "{{ include "gitlab.registryGarbageCollection.command" . }}"]
+              resources: {{ if not .Values.resources -}}{}{{- end }}
+                {{- if .Values.resources }}
+                {{- toYaml .Values.resources | nindent 16 }}
+                {{- end }}
+{{- end }}
diff --git a/charts/gitlab/values.yaml b/charts/gitlab/values.yaml
index a30526e6..f51630a9 100644
--- a/charts/gitlab/values.yaml
+++ b/charts/gitlab/values.yaml
@@ -175,6 +175,25 @@ backups:
     # -- Additional labels for the cronjob object.
     labels: {}
 
+registryGarbageCollection:
+  cronJob:
+    # -- Create a `CronJob` object for automated garbage collection.
+    enabled: false
+    # -- Schedule for automated garbage collections.
+    schedule: '0 3 * * 1'
+    # -- Enable/disable the cron job schedule quickly.
+    suspend: false
+    # -- Include untagged manifests and unreferenced layers if set to true.
+    removeUntaggedManifests: false
+    # -- The number of successful finished jobs to retain.
+    successfulJobsHistoryLimit: 3
+    # -- The number of failed finished jobs to retain.
+    failedJobsHistoryLimit: 1
+    # -- Additional annotations for the cronjob object.
+    annotations: {}
+    # -- Additional labels for the cronjob object.
+    labels: {}
+
 serviceAccount:
   # -- Specify the service account used for the controller.
   name: ''