flux-helmrelease.yaml

---
# yaml-language-server: $schema=https://raw.githubusercontent.com/bjw-s/helm-charts/main/charts/other/app-template/schemas/helmrelease-helm-v2.schema.json
apiVersion: helm.toolkit.fluxcd.io/v2
kind: HelmRelease
metadata:
  name: &app i-see-dead-pods
spec:
  interval: 15m
  chart:
    spec:
      chart: app-template
      version: 3.4.0
      sourceRef:
        kind: HelmRepository
        name: bjw-s-charts
        namespace: flux-system
  values:
    controllers:
      i-see-dead-pods:
        type: cronjob
        cronjob:
          concurrencyPolicy: Forbid
          schedule: "* * * * *"
        pod:
          securityContext:
            runAsUser: 65534
            runAsGroup: 65534
            runAsNonRoot: true
        containers:
          cron:
            image:
              repository: bitnami/kubectl
              tag: 1.31.1@sha256:27e5f500a2de2ba249a159c4af0b075500ad8a1afaa59ba1edf09bf83c656fd4
            command:
              - /bin/sh
              - -ec
              - |
                kubectl get pods \
                  --all-namespaces \
                  -o go-template \
                  --template='{{range .items}}{{printf "%s %s %s\n" .metadata.namespace .metadata.name .status.message}}{{end}}' \
                  | grep "Pod was terminated in response to imminent node shutdown." \
                  | awk '{print $1, $2}' \
                  | xargs -r -n2 kubectl delete pod -n || true
            securityContext:
              allowPrivilegeEscalation: false
              readOnlyRootFilesystem: true
              capabilities: { drop: ["ALL"] }
            resources:
              requests:
                cpu: 10m
                memory: 10Mi
    serviceAccount:
      create: true
      name: *app