Merge pull request openshift#17987 from soltysh/pruner_update

Update image pruning example

Author: openshift-merge-robot

examples/pruner/README.md

@@ -1,36 +1,32 @@
 # Pruning images using CronJob
 
-This example shows an image pruning happening in an automated fashion using the Kubernetes [CronJobs](https://docs.openshift.org/latest/dev_guide/cron_jobs.html) that
-are available in OpenShift Origin starting from version 3.5.
+This example shows an image pruning happening in an automated fashion using the
+Kubernetes [CronJobs](https://docs.openshift.org/latest/dev_guide/cron_jobs.html).
 In this example, we will create a CronJob that will run image pruning every 1 hour.
 
 ## Requirements
 
-In order to execute the pruning commands successfully, it is necessary to configure the
-authorization in a way that allows the `default` service account to perform the pruning
-against entire cluster (assuming you create the CronJob in the `default` project):
+In order to execute the pruning commands successfully, it is necessary to create a
+dedicated service account `image-pruner` with necessary privileges to perform pruning
+against the entire cluster.  Make sure you run below commands with a user who has
+the power to assign cluster roles.  Also double check the namespace you are invoking
+them in, if it is the one you desire.
 
-1. `oc adm policy add-cluster-role-to-user system:image-pruner system:serviceaccount:default:default --config=admin.kubeconfig`
+1. `oc create serviceaccount image-pruner`
 
-    This command will grant the "image-pruner" role to service account in the `default`
-    namespace. That will allow the service account to list all images in the cluster and
-    perform the image pruning.
+    This command creates an `image-pruner` [service account](https://docs.openshift.org/latest/admin_guide/service_accounts.html).
+
+2. `oc adm policy add-cluster-role-to-user system:image-pruner image-pruner`
+
+    This command grants the `image-pruner` [role](https://docs.openshift.org/latest/admin_guide/manage_rbac.html) to that service account.
 
 ## Creating the CronJob
 
-2. `oc create -f examples/pruner/job.yaml -n default --config=admin.kubeconfig`
+2. `oc create -f examples/pruner/cronjob.yaml -n default --config=admin.kubeconfig`
 
     This command creates the CronJob resource that runs the pruning job every 1 hour.
 
 Make sure, that you check the `oc adm prune --help` command and optionally tweak the
 CronJob arguments by specifying how much tag revisions you want to preserve on a single
-tag or other options that might suit your environment.
-
-## Cleaning up old jobs
-
-To cleanup finished jobs, you can run this command:
-
-`oc delete jobs -l job=prune-images`
-
-Note that starting from Origin version 3.6, you will be able to specify `successfulJobsHistoryLimit` and `failedJobsHistoryLimit`
-options for the CronJob, so the cleanup command above won't be needed.
+tag or other options that might suit your environment.  Full details about pruning images
+can be found in the [official documentation](https://docs.openshift.org/latest/admin_guide/pruning_resources.html#pruning-images).

examples/pruner/job.yaml renamed to examples/pruner/cronjob.yaml

@@ -1,4 +1,4 @@
-apiVersion: batch/v2alpha1
+apiVersion: batch/v1beta1
 kind: CronJob
 metadata:
   name: prune-images
@@ -16,3 +16,4 @@ spec:
             image: openshift/origin:latest
             args: [ "admin", "prune", "images", "--confirm"]
           restartPolicy: OnFailure
+          serviceAccountName: image-pruner