在执行流水线中，会产生很多的Taskrun与Pipelinerun，他们会保留Success的Pod存在，方便查看清单与日志，但是很多时候构建信息并不会被查阅，而且因为Pod的存在会拖慢集群运行的效率，也让Tekton Dashboard变得异常地卡顿，所以我们需要去自动清理这些Success Pods。

这些Pods由PipelineRun控制，只需要删除PipelineRun后，Pods就会被自动清理，所以我们只需要删除无用的PipelineRun即可，Tekton本身并没有提供自动清理的方法，目前最好的自动化方式就是使用Kubernetes CronJob来完成。

将以下CronJob部署执行后即可自动清理。

---
apiVersion: v1
kind: ServiceAccount
metadata:
  name: cleaner
---
kind: Role
apiVersion: rbac.authorization.k8s.io/v1
metadata:
  name: cleaner
rules:
  - apiGroups: ["tekton.dev"]
    resources: ["pipelineruns"]
    verbs: ["delete", "get", "watch", "list"]
---
kind: RoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
  name: cleaner-to-cleaner
roleRef:
  kind: Role
  name: cleaner
  apiGroup: rbac.authorization.k8s.io
subjects:
  - kind: ServiceAccount
    name: cleaner
---
apiVersion: batch/v1beta1
kind: CronJob
metadata:
  name: cleanup-pipelineruns
spec:
  # 每15分钟运行一次
  schedule: "*/15 * * * *"
  concurrencyPolicy: Forbid
  jobTemplate:
    spec:
      template:
        spec:
          restartPolicy: OnFailure
          serviceAccount: cleaner
          containers:
            - name: kubectl
              image: ghcr.io/ctron/kubectl:latest
              env:
                - name: NUM_TO_KEEP
                  # 保留最近的100条PipelinRun
                  value: "100"
                - name: TEKTON_NAMESPACE
                  # 设定在pipelines namespace执行操作
                  value: "pipelines"
              command:
                - /bin/bash
                - -c
                - |
                    TO_DELETE="$(kubectl get pipelinerun -n ${TEKTON_NAMESPACE} -o jsonpath='{range .items[?(@.status.completionTime)]}{.status.completionTime}{" "}{.metadata.name}{"\\n"}{end}' | sort | head -n -${NUM_TO_KEEP} | awk '{ print $2}')"
                    test -n "$TO_DELETE" && kubectl delete pipelinerun -n ${TEKTON_NAMESPACE} ${TO_DELETE} || true