Certgen Job Cleanup

[danehans]

Please describe the problem you have Should the completed pods of the certgen Job be cleaned-up? For example, the completed pods can pile-up:

$ kubectl get po -n projectcontour
NAME                       READY   STATUS        RESTARTS   AGE
contour-57688bcf46-lzr8l   1/1     Running       0          36s
contour-57688bcf46-nrlhn   1/1     Running       0          36s
contour-certgen-7qh79      0/1     Completed     0          119m
contour-certgen-9bkg2      0/1     Completed     0          18h
contour-certgen-9fjwq      0/1     Completed     0          149m
contour-certgen-b28sx      0/1     Completed     0          109m
contour-certgen-gqhcm      0/1     Completed     0          36s
contour-certgen-gwj9z      0/1     Completed     0          25m
contour-certgen-ldbw5      0/1     Completed     0          114m
envoy-x8xbs                0/2     Pending       0          36s

The pods do provide some potentially valuable history:

$ kubectl logs contour-certgen-7qh79 -n projectcontour
Writing "compact" format Secrets to namespace "projectcontour"
secret/contourcert updated
secret/envoycert updated

xref: https://github.com/projectcontour/contour-operator/issues/36 xref: https://github.com/projectcontour/contour-operator/issues/34

/cc @jpeach @Miciah

[jpeach]

IIUC, you can't check for the TTL Controller feature gate, so you would have to delete the jobs manually.

However, I think that it's better to spend the effort on getting rid of certgen from the operator than to worry about cleaning up the jobs :)