Musings and Mutterings through the Machines

Housekeeping - Pruning Tekton Pipeline Runs

Short walkthrough today.

Tekton release a new update to pruner. Since my pipeline runs really started to clutter up my cluster (pipeline are temporary pods that run and complete), rather than spending my time cleaning out the pipeline runs manually, I went and deployed this.

Usual disclaimers apply.

First, I applied the version 0.3.3 on the readme (not intentionally, but it gave me a chance to try the upgrade).

➜  tekton git:(master) export VERSION=0.3.3
➜  tekton git:(master) curl -L "https://infra.tekton.dev/tekton-releases/pruner/previous/v$VERSION/release.yaml" | yq 'del(.spec.template.spec.containers[].securityContext.runAsUser, .spec.template.spec.containers[].securityContext.runAsGroup)' | oc apply -f -
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100   138  100   138    0     0   1129      0 --:--:-- --:--:-- --:--:--  1131
100 26922  100 26922    0     0  83386      0 --:--:-- --:--:-- --:--:-- 83386
clusterrole.rbac.authorization.k8s.io/tekton-pruner-controller-cluster-access created
role.rbac.authorization.k8s.io/tekton-pruner-controller created
serviceaccount/tekton-pruner-controller created
clusterrolebinding.rbac.authorization.k8s.io/tekton-pruner-controller-cluster-access created
rolebinding.rbac.authorization.k8s.io/tekton-pruner-controller created
configmap/tekton-pruner-default-spec created
secret/tekton-pruner-webhook-certs created
validatingwebhookconfiguration.admissionregistration.k8s.io/validation.webhook.pruner.tekton.dev created
configmap/pruner-info created
configmap/config-logging-tekton-pruner created
configmap/config-observability-tekton-pruner created
deployment.apps/tekton-pruner-controller created
service/tekton-pruner-controller created
deployment.apps/tekton-pruner-webhook created
service/tekton-pruner-webhook created

Once again, because I am not a tekton release specific to OpenShift, I had to strip off the security context:

I verified that the pruner is running.

➜  tekton git:(master) ✗ kubectl get pods -n tekton-pipelines -l app=tekton-pruner-controller                                                                                                                                                                      
NAME                                        READY   STATUS    RESTARTS   AGE
tekton-pruner-controller-7d7869f6d6-t5czn   1/1     Running   0          49s

Saved in the example configmap:

apiVersion: v1
kind: ConfigMap
metadata:
  name: tekton-pruner-default-spec
  namespace: tekton-pipelines
  labels:
    app.kubernetes.io/part-of: tekton-pruner
    pruner.tekton.dev/config-type: global
data:
  global-config: |
    enforcedConfigLevel: global
    ttlSecondsAfterFinished: 300
    successfulHistoryLimit: 10
    failedHistoryLimit: 10

And applied it.

➜  tekton git:(master) ✗ oc apply -f pruner.yaml 
configmap/tekton-pruner-default-spec configured

And it cleaned up the pipelines - more than I expected.

➜  okd git:(master) opc  pipelinerun list -n blog | wc -l
     192
➜  okd git:(master) opc  pipelinerun list -n blog | wc -l
       1
➜  okd git:(master) ✗

Whoops.

That was not intentional. At least this is no production.

Anyway, adjusted the configuration more to my preference - basically keeping pipeline runs for at least a week unless they exceeed 13 successful runs or 17 failed runs:

apiVersion: v1
kind: ConfigMap
metadata:
  name: tekton-pruner-default-spec
  namespace: tekton-pipelines
  labels:
    app.kubernetes.io/part-of: tekton-pruner
    pruner.tekton.dev/config-type: global
data:
  global-config: |
    enforcedConfigLevel: global
    ttlSecondsAfterFinished: 604800
    successfulHistoryLimit: 13
    failedHistoryLimit: 17

And then bumped the version to the release versionm from yesterday.

➜  tekton git:(master) ✗ export VERSION=0.3.4
➜  tekton git:(master) ✗ curl -L "https://infra.tekton.dev/tekton-releases/pruner/previous/v$VERSION/release.yaml" | yq 'del(.spec.template.spec.containers[].securityContext.runAsUser, .spec.template.spec.containers[].securityContext.runAsGroup)' | oc apply -f -
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100   138  100   138    0     0   1086      0 --:--:-- --:--:-- --:--:--  1086
100 26753  100 26753    0     0  37234      0 --:--:-- --:--:-- --:--:-- 37234
clusterrole.rbac.authorization.k8s.io/tekton-pruner-controller-cluster-access configured
role.rbac.authorization.k8s.io/tekton-pruner-controller configured
serviceaccount/tekton-pruner-controller configured
clusterrolebinding.rbac.authorization.k8s.io/tekton-pruner-controller-cluster-access configured
rolebinding.rbac.authorization.k8s.io/tekton-pruner-controller configured
configmap/tekton-pruner-default-spec configured
secret/tekton-pruner-webhook-certs configured
validatingwebhookconfiguration.admissionregistration.k8s.io/validation.webhook.pruner.tekton.dev configured
configmap/pruner-info configured
configmap/config-logging-tekton-pruner configured
configmap/config-observability-tekton-pruner configured
deployment.apps/tekton-pruner-controller configured
service/tekton-pruner-controller configured
deployment.apps/tekton-pruner-webhook configured
service/tekton-pruner-webhook unchanged

I think I should good now. I'll repost if I see issues.

Other articles

Eleven Links of Note - December 24th, 2025
Published: Wed 24 December 2025
By rilindo

In Blog.

tags: hosting security analytics outages sports npm eks kubernetes

@madeline.m.zhang Oops 😂 always a rush to merge your PR asap before you coworker lol ~~~~~~~~~~~~~~~~ 💻 Follow @madeline.m.zhang for coding memes & insights ~~~~~~~~~~~~~~~~ 🏷️ #programmingjokes #programmingmemes #programmerhumor #thedevlife #girlswhocode #womenwhocode #softwareengineer #softwaredeveloper #developerlife #techmeme ♬ original sound - Maddy
- Debian’s git transition: TIL they are not exactly on git.
- The actual …
read more
Backups and Restores on OKD Using OpenShift APIs for Data Protection (OADP)

Published: Mon 22 December 2025
By Rilindo Foster

In Blog.

tags: redhat certifications learning development ex380 backups restores s3

As an infrastructure engineer, the most important responsibility you will have is maintaining backups and restores. A sound perational backup/restore system can make a difference between recovering from an outage or being down for an extended period of time, thus critically impacting your organization. Given that, I am going …
read more
Eleven Links of Note - December 22nd, 2025
Published: Mon 22 December 2025
By rilindo

In Blog.

tags: dc music networking cloud career ldap linux science entertainment

Brainiac Dc GIFfrom Brainiac GIFs
- Deichkind - Keine Party (Official Video): Big brain dancing.
- I spent a week without IPv4: I wish I can try that, but RCN support for ipv6 is spotty.
- Hybrid vs Multi‑Cloud in 2025: What Systems Engineers Actually Need to Know: Its. . . complicated.
- rendercv: If …
read more
Eleven Links of Note - December 21st, 2025
Published: Sun 21 December 2025
By rilindo

In Blog.

tags: time mail ebooks AI virtualization homelabs climatechange development databases

via GIPHY
- NIST Internet Time Servers: Yesterday, a bunch of time servers went down due to the weather (it might still be down as of this time of posting). If your infra is time sensitive, this may be useful as a reference.
- Postfix Macros and let place: Not sure if …
read more
Eleven Links of Note - December 20th, 2025
Published: Sat 20 December 2025
By rilindo

In Blog.

tags: computerscience htmx development history linux science chicago openshift

via GIPHY
- Does swearing make you stronger? Science says yes: What the-?
- Beginning January 2026, all ACM publications and related artifacts in the ACM Digital Library will be made open access: Awesome move. This is a great opportunity for people to have access to notable computer science papers
- Please Just …
read more
Eleven Links of Note - December 19th, 2025
Published: Fri 19 December 2025
By rilindo

In Blog.

tags: graphics cicd sre gundam anime cis security ai art history apple

via GIPHY
- How the Hercules Graphics Card Worked: Probably the best graphics card back in the 1980s. The detail is even better than its comtempoary color counterparts.
- Woodpecker CI: Another CICD tool. With Github Actions pricing changing (though on hold for now), investigating alternatives would be a good idea.
- The …
read more
Eleven Links of Note - December 18th, 2025
Published: Thu 18 December 2025
By rilindo

In Blog.

tags: openshift networking observability learning security entertainment. virtualization kubernetes

via GIPHY
- What's new in network observability 1.10: A sort of introduction to use network observability / monitoring on OpenShift.
- Coursera to Combine with Udemy to Empower the Global Workforce with Skills for the AI Era: it feels like the era of online learning is coming to a close.
- Yep …
read more
Eleven Links of Note - December 17th, 2025
Published: Wed 17 December 2025
By rilindo

In Blog.

tags: debian kubernetes ubuntu containers aws python development economy

@helpmeexitvi This content is extremely niche thank you, please implement API gateway by the end of the day. #gcp #kubernetes #techhumor ♬ original sound - Someone
- Ingress NGINX Controller Is Dead — Should You Move to Gateway API?: Vendor perspective on migrating to Gateway API.
- Debusine repositories now in beta: PPAs, but for …
read more
Eleven Links of Note - December 16th, 2025
Published: Tue 16 December 2025
By rilindo

In Blog.

tags: openshift politics design economics cloud hardware security development programming logging humor

Colony Gundam GIFfrom Colony GIFs
- Economics of Orbital vs Terrestrial Data Centers: TLDR; don't expect space data centers anytime soon.
- Releasing Icinga DB v1.5.1: Gesundheit.
- Your cloud. In your home.: Lovely. I think I shall call my network "Internet, but in your home".
- The Scourge of Arial …
read more

Page 1 / 6 » ⇉