From 1f60aee4b9d4077e8bbfecf0d1ce089f64d2738b Mon Sep 17 00:00:00 2001 From: Rahul Sawra Date: Wed, 16 Feb 2022 21:46:51 +0530 Subject: [PATCH] add helm pre-delete hook which deletes all the webhooks (#3148) * add helm pre-delete hook for graceful uninstallation of webhooks Signed-off-by: rahulii * remove white spaces Signed-off-by: rahulii Co-authored-by: shuting --- charts/kyverno/README.md | 2 ++ charts/kyverno/ci/hooks-values.yaml | 3 ++ .../templates/helm-pre-delete-hook.yaml | 29 +++++++++++++++++++ charts/kyverno/values.yaml | 4 +++ 4 files changed, 38 insertions(+) create mode 100644 charts/kyverno/ci/hooks-values.yaml create mode 100644 charts/kyverno/templates/helm-pre-delete-hook.yaml diff --git a/charts/kyverno/README.md b/charts/kyverno/README.md index ab6a9cb6d1..b4d56791c3 100644 --- a/charts/kyverno/README.md +++ b/charts/kyverno/README.md @@ -128,6 +128,8 @@ The following table lists the configurable parameters of the kyverno chart and t | `testImage.tag` | tag for chart test image | `nil` | | `tolerations` | list of node taints to tolerate | `[]` | | `topologySpreadConstraints` | node/pod topology spread constrains | `[]` | | +| `webhooksCleanup.enable` | create a helm pre-delete hook to cleanup webhooks | `false`| +| `webhooksCleanup.image` | kubectl image to run commands for deleting webhooks| `bitnami/kubectl:latest`| Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example, diff --git a/charts/kyverno/ci/hooks-values.yaml b/charts/kyverno/ci/hooks-values.yaml new file mode 100644 index 0000000000..399110f1b0 --- /dev/null +++ b/charts/kyverno/ci/hooks-values.yaml @@ -0,0 +1,3 @@ +--- +webhooksCleanup: + enable: true diff --git a/charts/kyverno/templates/helm-pre-delete-hook.yaml b/charts/kyverno/templates/helm-pre-delete-hook.yaml new file mode 100644 index 0000000000..d3004bdd79 --- /dev/null +++ b/charts/kyverno/templates/helm-pre-delete-hook.yaml @@ -0,0 +1,29 @@ +{{- if .Values.webhooksCleanup.enable }} +apiVersion: batch/v1 +kind: Job +metadata: + name: {{ template "kyverno.fullname" . }}-hook-pre-delete + labels: {{ include "kyverno.labels" . | nindent 4 }} + app: kyverno + annotations: + "helm.sh/hook": pre-delete + "helm.sh/hook-delete-policy": hook-succeeded,hook-failed +spec: + template: + spec: + serviceAccount: {{ template "kyverno.serviceAccountName" . }} + containers: + - name: kubectl + image: {{ .Values.webhooksCleanup.image }} + command: + - sh + - '-c' + - >- + kubectl delete validatingwebhookconfiguration kyverno-policy-validating-webhook-cfg; + kubectl delete validatingwebhookconfiguration kyverno-resource-validating-webhook-cfg; + kubectl delete mutatingwebhookconfiguration kyverno-policy-mutating-webhook-cfg; + kubectl delete mutatingwebhookconfiguration kyverno-resource-mutating-webhook-cfg; + kubectl delete mutatingwebhookconfiguration kyverno-verify-mutating-webhook-cfg; + restartPolicy: Never + backoffLimit: 2 +{{- end }} \ No newline at end of file diff --git a/charts/kyverno/values.yaml b/charts/kyverno/values.yaml index 47168e1a43..a85904a4ff 100644 --- a/charts/kyverno/values.yaml +++ b/charts/kyverno/values.yaml @@ -264,3 +264,7 @@ networkPolicy: enabled: false # A list of valid from selectors according to https://kubernetes.io/docs/concepts/services-networking/network-policies ingressFrom: [] + +webhooksCleanup: + enable: false + image: "bitnami/kubectl:latest"