enable webhook clean up (#7633)

Signed-off-by: ShutingZhao <shuting@nirmata.com>
2025-03-30 19:35:06 +00:00 · 2023-06-22 17:14:41 +08:00 · 2023-06-22 17:14:41 +08:00 · 2264d21cd2
commit 2264d21cd2
parent 2ff2f055f1
5 changed files with 10 additions and 2 deletions
--- a/charts/kyverno/Chart.yaml
+++ b/charts/kyverno/Chart.yaml
@ -44,3 +44,5 @@ annotations:
      description: support `excludeRoles` and `excludeClusterRoles` in config
    - kind: added
      description: define resources for cleanupJobs
+    - kind: changed
+      description: change to enable webhook cleanup hook by default
--- a/charts/kyverno/README.md
+++ b/charts/kyverno/README.md
@ -601,7 +601,7 @@ The chart values are organised per component.

 | Key | Type | Default | Description |
 |-----|------|---------|-------------|
-| webhooksCleanup.enabled | bool | `false` | Create a helm pre-delete hook to cleanup webhooks. |
+| webhooksCleanup.enabled | bool | `true` | Create a helm pre-delete hook to cleanup webhooks. |
 | webhooksCleanup.image | string | `"bitnami/kubectl:latest"` | `kubectl` image to run commands for deleting webhooks. |
 | webhooksCleanup.imagePullSecrets | list | `[]` | Image pull secrets |

--- a/charts/kyverno/templates/admission-controller/role.yaml
+++ b/charts/kyverno/templates/admission-controller/role.yaml
@ -45,14 +45,18 @@ rules:
    resources:
      - deployments
      {{- if .Values.webhooksCleanup.enabled }}
+      {{- if not .Values.templating.enabled -}}
      - deployments/scale
      {{- end }}
+      {{- end }}
    verbs:
      - get
      - list
      - watch
      {{- if .Values.webhooksCleanup.enabled }}
+      {{- if not .Values.templating.enabled -}}
      - patch
      - update
      {{- end }}
+      {{- end }}
 {{- end -}}
--- a/charts/kyverno/templates/hooks/pre-delete.yaml
+++ b/charts/kyverno/templates/hooks/pre-delete.yaml
@ -1,4 +1,5 @@
 {{- if .Values.webhooksCleanup.enabled -}}
+  {{- if not .Values.templating.enabled -}}
 apiVersion: batch/v1
 kind: Job
 metadata:
@ -30,4 +31,5 @@ spec:
              sleep 30
              kubectl delete validatingwebhookconfiguration -l webhook.kyverno.io/managed-by=kyverno
              kubectl delete mutatingwebhookconfiguration -l webhook.kyverno.io/managed-by=kyverno
+  {{- end -}}
 {{- end -}}
--- a/charts/kyverno/values.yaml
+++ b/charts/kyverno/values.yaml
@ -302,7 +302,7 @@ customLabels: {}

 webhooksCleanup:
  # -- Create a helm pre-delete hook to cleanup webhooks.
-  enabled: false
+  enabled: true
  # -- `kubectl` image to run commands for deleting webhooks.
  image: bitnami/kubectl:latest
  # -- Image pull secrets