bug fix : Kyverno policies block uninstall of Kyverno (#2659)

* bug fix uninstall kyverno  issue

* rename the methods

pkg/config/config.go

@@ -57,6 +57,15 @@ const (
 
 	// NamespaceAPIVersion define the default namespace resource apiVersion
 	NamespaceAPIVersion = "v1"
+
+	// ClusterRoleAPIVersion define the default clusterrole resource apiVersion
+	ClusterRoleAPIVersion = "rbac.authorization.k8s.io/v1"
+
+	// ClusterRoleKind define the default clusterrole resource kind
+	ClusterRoleKind = "ClusterRole"
+
+	// ClusterRoleName define the default name of clusterrole
+	ClusterRoleName = "kyverno:webhook"
 )
 
 var (

pkg/webhookconfig/common.go

@@ -60,22 +60,22 @@ func extractCA(config *rest.Config) (result []byte) {
 func (wrc *Register) constructOwner() v1.OwnerReference {
 	logger := wrc.log
 
-	kubeNamespace, err := wrc.GetKubePolicyNamespace()
+	kubeClusterRole, err := wrc.GetKubePolicyClusterRole()
 	if err != nil {
 		logger.Error(err, "failed to construct OwnerReference")
 		return v1.OwnerReference{}
 	}
 
 	return v1.OwnerReference{
-		APIVersion: config.NamespaceAPIVersion,
-		Kind:       config.NamespaceKind,
-		Name:       config.KyvernoNamespace,
-		UID:        kubeNamespace.GetUID(),
+		APIVersion: config.ClusterRoleAPIVersion,
+		Kind:       config.ClusterRoleKind,
+		Name:       config.ClusterRoleName,
+		UID:        kubeClusterRole.GetUID(),
 	}
 }
 
-func (wrc *Register) GetKubePolicyNamespace() (*unstructured.Unstructured, error) {
-	kubeNamespace, err := wrc.client.GetResource(config.NamespaceAPIVersion, config.NamespaceKind, "", config.KyvernoNamespace)
+func (wrc *Register) GetKubePolicyClusterRole() (*unstructured.Unstructured, error) {
+	kubeNamespace, err := wrc.client.GetResource(config.ClusterRoleAPIVersion, config.ClusterRoleKind, "", config.ClusterRoleName)
 	if err != nil {
 		return nil, err
 	}