Remove cleanup cronjobs for updaterequests and ephemeralreports (#10760)

* Remove cleanup cronjobs for updaterequests and ephemeralreports Signed-off-by: justusbunsi <61625851+justusbunsi@users.noreply.github.com> * Cleanup Chart readme Signed-off-by: justusbunsi <61625851+justusbunsi@users.noreply.github.com> * Run `make codegen-manifest-all` Signed-off-by: justusbunsi <61625851+justusbunsi@users.noreply.github.com> --------- Signed-off-by: justusbunsi <61625851+justusbunsi@users.noreply.github.com> Co-authored-by: Mariam Fahmy <mariam.fahmy@nirmata.com> Co-authored-by: treydock <tdockendorf@osc.edu>
2025-03-05 15:37:19 +00:00 · 2024-08-06 09:41:04 +02:00 · 2024-08-06 09:41:04 +02:00 · 75fb7e1d1a
commit 75fb7e1d1a
parent c0cf6c5bf1
11 changed files with 0 additions and 721 deletions
--- a/charts/kyverno/README.md
+++ b/charts/kyverno/README.md
@ -728,72 +728,6 @@ The chart values are organised per component.

 | Key | Type | Default | Description |
 |-----|------|---------|-------------|
-| cleanupJobs.updateRequests.enabled | bool | `false` | Enable cleanup cronjob |
-| cleanupJobs.updateRequests.backoffLimit | int | `3` | Maximum number of retries before considering a Job as failed. Defaults to 3. |
-| cleanupJobs.updateRequests.ttlSecondsAfterFinished | string | `""` | Time until the pod from the cronjob is deleted |
-| cleanupJobs.updateRequests.image.registry | string | `nil` | Image registry |
-| cleanupJobs.updateRequests.image.repository | string | `"bitnami/kubectl"` | Image repository |
-| cleanupJobs.updateRequests.image.tag | string | `"1.30.2"` | Image tag Defaults to `latest` if omitted |
-| cleanupJobs.updateRequests.image.pullPolicy | string | `nil` | Image pull policy Defaults to image.pullPolicy if omitted |
-| cleanupJobs.updateRequests.imagePullSecrets | list | `[]` | Image pull secrets |
-| cleanupJobs.updateRequests.schedule | string | `"*/10 * * * *"` | Cronjob schedule |
-| cleanupJobs.updateRequests.threshold | int | `10000` | Reports threshold, if number of updateRequests are above this value the cronjob will start deleting them |
-| cleanupJobs.updateRequests.history | object | `{"failure":1,"success":1}` | Cronjob history |
-| cleanupJobs.updateRequests.podSecurityContext | object | `{}` | Security context for the pod |
-| cleanupJobs.updateRequests.securityContext | object | `{"allowPrivilegeEscalation":false,"capabilities":{"drop":["ALL"]},"privileged":false,"readOnlyRootFilesystem":true,"runAsNonRoot":true,"seccompProfile":{"type":"RuntimeDefault"}}` | Security context for the containers |
-| cleanupJobs.updateRequests.priorityClassName | string | `""` | Pod PriorityClassName |
-| cleanupJobs.updateRequests.resources | object | `{}` | Job resources |
-| cleanupJobs.updateRequests.tolerations | list | `[]` | List of node taints to tolerate |
-| cleanupJobs.updateRequests.nodeSelector | object | `{}` | Node labels for pod assignment |
-| cleanupJobs.updateRequests.podAnnotations | object | `{}` | Pod Annotations |
-| cleanupJobs.updateRequests.podLabels | object | `{}` | Pod labels |
-| cleanupJobs.updateRequests.podAntiAffinity | object | `{}` | Pod anti affinity constraints. |
-| cleanupJobs.updateRequests.podAffinity | object | `{}` | Pod affinity constraints. |
-| cleanupJobs.updateRequests.nodeAffinity | object | `{}` | Node affinity constraints. |
-| cleanupJobs.ephemeralReports.enabled | bool | `false` | Enable cleanup cronjob |
-| cleanupJobs.ephemeralReports.backoffLimit | int | `3` | Maximum number of retries before considering a Job as failed. Defaults to 3. |
-| cleanupJobs.ephemeralReports.ttlSecondsAfterFinished | string | `""` | Time until the pod from the cronjob is deleted |
-| cleanupJobs.ephemeralReports.image.registry | string | `nil` | Image registry |
-| cleanupJobs.ephemeralReports.image.repository | string | `"bitnami/kubectl"` | Image repository |
-| cleanupJobs.ephemeralReports.image.tag | string | `"1.30.2"` | Image tag Defaults to `latest` if omitted |
-| cleanupJobs.ephemeralReports.image.pullPolicy | string | `nil` | Image pull policy Defaults to image.pullPolicy if omitted |
-| cleanupJobs.ephemeralReports.imagePullSecrets | list | `[]` | Image pull secrets |
-| cleanupJobs.ephemeralReports.schedule | string | `"*/10 * * * *"` | Cronjob schedule |
-| cleanupJobs.ephemeralReports.threshold | int | `10000` | Reports threshold, if number of updateRequests are above this value the cronjob will start deleting them |
-| cleanupJobs.ephemeralReports.history | object | `{"failure":1,"success":1}` | Cronjob history |
-| cleanupJobs.ephemeralReports.podSecurityContext | object | `{}` | Security context for the pod |
-| cleanupJobs.ephemeralReports.securityContext | object | `{"allowPrivilegeEscalation":false,"capabilities":{"drop":["ALL"]},"privileged":false,"readOnlyRootFilesystem":true,"runAsNonRoot":true,"seccompProfile":{"type":"RuntimeDefault"}}` | Security context for the containers |
-| cleanupJobs.ephemeralReports.priorityClassName | string | `""` | Pod PriorityClassName |
-| cleanupJobs.ephemeralReports.resources | object | `{}` | Job resources |
-| cleanupJobs.ephemeralReports.tolerations | list | `[]` | List of node taints to tolerate |
-| cleanupJobs.ephemeralReports.nodeSelector | object | `{}` | Node labels for pod assignment |
-| cleanupJobs.ephemeralReports.podAnnotations | object | `{}` | Pod Annotations |
-| cleanupJobs.ephemeralReports.podLabels | object | `{}` | Pod labels |
-| cleanupJobs.ephemeralReports.podAntiAffinity | object | `{}` | Pod anti affinity constraints. |
-| cleanupJobs.ephemeralReports.podAffinity | object | `{}` | Pod affinity constraints. |
-| cleanupJobs.ephemeralReports.nodeAffinity | object | `{}` | Node affinity constraints. |
-| cleanupJobs.clusterEphemeralReports.enabled | bool | `false` | Enable cleanup cronjob |
-| cleanupJobs.clusterEphemeralReports.backoffLimit | int | `3` | Maximum number of retries before considering a Job as failed. Defaults to 3. |
-| cleanupJobs.clusterEphemeralReports.ttlSecondsAfterFinished | string | `""` | Time until the pod from the cronjob is deleted |
-| cleanupJobs.clusterEphemeralReports.image.registry | string | `nil` | Image registry |
-| cleanupJobs.clusterEphemeralReports.image.repository | string | `"bitnami/kubectl"` | Image repository |
-| cleanupJobs.clusterEphemeralReports.image.tag | string | `"1.30.2"` | Image tag Defaults to `latest` if omitted |
-| cleanupJobs.clusterEphemeralReports.image.pullPolicy | string | `nil` | Image pull policy Defaults to image.pullPolicy if omitted |
-| cleanupJobs.clusterEphemeralReports.imagePullSecrets | list | `[]` | Image pull secrets |
-| cleanupJobs.clusterEphemeralReports.schedule | string | `"*/10 * * * *"` | Cronjob schedule |
-| cleanupJobs.clusterEphemeralReports.threshold | int | `10000` | Reports threshold, if number of reports are above this value the cronjob will start deleting them |
-| cleanupJobs.clusterEphemeralReports.history | object | `{"failure":1,"success":1}` | Cronjob history |
-| cleanupJobs.clusterEphemeralReports.podSecurityContext | object | `{}` | Security context for the pod |
-| cleanupJobs.clusterEphemeralReports.securityContext | object | `{"allowPrivilegeEscalation":false,"capabilities":{"drop":["ALL"]},"privileged":false,"readOnlyRootFilesystem":true,"runAsNonRoot":true,"seccompProfile":{"type":"RuntimeDefault"}}` | Security context for the containers |
-| cleanupJobs.clusterEphemeralReports.priorityClassName | string | `""` | Pod PriorityClassName |
-| cleanupJobs.clusterEphemeralReports.resources | object | `{}` | Job resources |
-| cleanupJobs.clusterEphemeralReports.tolerations | list | `[]` | List of node taints to tolerate |
-| cleanupJobs.clusterEphemeralReports.nodeSelector | object | `{}` | Node labels for pod assignment |
-| cleanupJobs.clusterEphemeralReports.podAnnotations | object | `{}` | Pod Annotations |
-| cleanupJobs.clusterEphemeralReports.podLabels | object | `{}` | Pod Labels |
-| cleanupJobs.clusterEphemeralReports.podAntiAffinity | object | `{}` | Pod anti affinity constraints. |
-| cleanupJobs.clusterEphemeralReports.podAffinity | object | `{}` | Pod affinity constraints. |
-| cleanupJobs.clusterEphemeralReports.nodeAffinity | object | `{}` | Node affinity constraints. |

 ### Other

--- a/charts/kyverno/ci/cleanupJobs-values.yaml
+++ b/charts/kyverno/ci/cleanupJobs-values.yaml
@ -1,31 +0,0 @@
-cleanupJobs:
-  ephemeralReports:
-    enabled: true
-    nodeSelector:
-      kubernetes.io/os: linux
-    podAntiAffinity:
-      preferredDuringSchedulingIgnoredDuringExecution:
-        - weight: 1
-          podAffinityTerm:
-            labelSelector:
-              matchExpressions:
-                - key: app.kubernetes.io/component
-                  operator: In
-                  values:
-                    - cleanup
-            topologyKey: kubernetes.io/hostname
-  clusterEphemeralReports:
-    enabled: true
-    nodeSelector:
-      kubernetes.io/os: linux
-    podAntiAffinity:
-      preferredDuringSchedulingIgnoredDuringExecution:
-        - weight: 1
-          podAffinityTerm:
-            labelSelector:
-              matchExpressions:
-                - key: app.kubernetes.io/component
-                  operator: In
-                  values:
-                    - cleanup
-            topologyKey: kubernetes.io/hostname
--- a/charts/kyverno/templates/cleanup/_helpers.tpl
+++ b/charts/kyverno/templates/cleanup/_helpers.tpl
@ -1,9 +0,0 @@
-{{/* vim: set filetype=mustache: */}}
-
-{{- define "kyverno.cleanup.labels" -}}
-{{- template "kyverno.labels.merge" (list
-  (include "kyverno.labels.common" .)
-  (include "kyverno.matchLabels.common" .)
-  (include "kyverno.labels.component" "cleanup")
-) -}}
-{{- end -}}
--- a/charts/kyverno/templates/cleanup/cleanup-cluster-ephemeral-reports.yaml
+++ b/charts/kyverno/templates/cleanup/cleanup-cluster-ephemeral-reports.yaml
@ -1,91 +0,0 @@
-{{- if .Values.cleanupJobs.clusterEphemeralReports.enabled -}}
-apiVersion: batch/v1
-kind: CronJob
-metadata:
-  name: {{ template "kyverno.name" . }}-cleanup-cluster-ephemeral-reports
-  namespace: {{ template "kyverno.namespace" . }}
-  labels:
-    {{- include "kyverno.cleanup.labels" . | nindent 4 }}
-spec:
-  schedule: {{ .Values.cleanupJobs.clusterEphemeralReports.schedule | quote }}
-  concurrencyPolicy: Forbid
-  successfulJobsHistoryLimit: {{ .Values.cleanupJobs.clusterEphemeralReports.history.success }}
-  failedJobsHistoryLimit: {{ .Values.cleanupJobs.clusterEphemeralReports.history.failure }}
-  jobTemplate:
-    spec:
-      backoffLimit: {{ .Values.cleanupJobs.clusterEphemeralReports.backoffLimit }}
-      {{- if .Values.cleanupJobs.clusterEphemeralReports.ttlSecondsAfterFinished }}
-      ttlSecondsAfterFinished: {{ .Values.cleanupJobs.clusterEphemeralReports.ttlSecondsAfterFinished }}
-      {{- end }}
-      template:
-        metadata:
-          {{- with .Values.cleanupJobs.clusterEphemeralReports.podAnnotations }}
-          annotations:
-            {{- toYaml . | nindent 12 }}
-          {{- end }}
-          {{- with .Values.cleanupJobs.clusterEphemeralReports.podLabels }}
-          labels:
-            {{- toYaml . | nindent 12 }}
-          {{- end }}
-        spec:
-          serviceAccountName: {{ template "kyverno.name" . }}-cleanup-jobs
-          {{- with .Values.cleanupJobs.clusterEphemeralReports.podSecurityContext }}
-          securityContext:
-            {{- tpl (toYaml .) $ | nindent 12 }}
-          {{- end }}
-          {{- with .Values.cleanupJobs.clusterEphemeralReports.priorityClassName }}
-          priorityClassName: {{ . }}
-          {{- end }}
-          containers:
-          - name: cleanup
-            image: {{ (include "kyverno.image" (dict "globalRegistry" .Values.global.image.registry "image" .Values.cleanupJobs.clusterEphemeralReports.image)) | quote }}
-            imagePullPolicy: {{ .Values.cleanupJobs.clusterEphemeralReports.image.pullPolicy }}
-            command:
-            - /bin/bash
-            - -c
-            - |
-              set -euo pipefail
-              COUNT=$(kubectl get clusterephemeralreports.reports.kyverno.io -A | wc -l)
-              if [ "$COUNT" -gt {{ .Values.cleanupJobs.clusterEphemeralReports.threshold }} ]; then
-                echo "too many clusterephemeralreports found ($COUNT), cleaning up..."
-                kubectl delete clusterephemeralreports.reports.kyverno.io -A --all
-              else
-                echo "($COUNT) reports found, no clean up needed"
-              fi
-            {{- with .Values.cleanupJobs.clusterEphemeralReports.securityContext }}
-            securityContext:
-              {{- toYaml . | nindent 14 }}
-            {{- end }}
-            {{- with .Values.cleanupJobs.clusterEphemeralReports.resources }}
-            resources:
-              {{- toYaml . | nindent 14 }}
-            {{- end }}
-          {{- with .Values.cleanupJobs.clusterEphemeralReports.imagePullSecrets }}
-          imagePullSecrets:
-            {{- tpl (toYaml .) $ | nindent 12 }}
-          {{- end }}
-          restartPolicy: OnFailure
-          {{- with .Values.cleanupJobs.clusterEphemeralReports.tolerations | default .Values.global.tolerations}}
-          tolerations:
-            {{- tpl (toYaml .) $ | nindent 12 }}
-          {{- end }}
-          {{- with .Values.cleanupJobs.clusterEphemeralReports.nodeSelector | default .Values.global.nodeSelector }}
-          nodeSelector:
-            {{- tpl (toYaml .) $ | nindent 12 }}
-          {{- end }}
-          {{- if or .Values.cleanupJobs.clusterEphemeralReports.podAntiAffinity .Values.cleanupJobs.clusterEphemeralReports.podAffinity .Values.cleanupJobs.clusterEphemeralReports.nodeAffinity }}
-          affinity:
-            {{- with .Values.cleanupJobs.clusterEphemeralReports.podAntiAffinity }}
-            podAntiAffinity:
-              {{- tpl (toYaml .) $ | nindent 14 }}
-            {{- end }}
-            {{- with .Values.cleanupJobs.clusterEphemeralReports.podAffinity }}
-            podAffinity:
-              {{- tpl (toYaml .) $ | nindent 14 }}
-            {{- end }}
-            {{- with .Values.cleanupJobs.clusterEphemeralReports.nodeAffinity }}
-            nodeAffinity:
-              {{- tpl (toYaml .) $ | nindent 14 }}
-            {{- end }}
-          {{- end }}
-{{- end -}}
--- a/charts/kyverno/templates/cleanup/cleanup-ephemeral-reports.yaml
+++ b/charts/kyverno/templates/cleanup/cleanup-ephemeral-reports.yaml
@ -1,91 +0,0 @@
-{{- if .Values.cleanupJobs.ephemeralReports.enabled -}}
-apiVersion: batch/v1
-kind: CronJob
-metadata:
-  name: {{ template "kyverno.name" . }}-cleanup-ephemeral-reports
-  namespace: {{ template "kyverno.namespace" . }}
-  labels:
-    {{- include "kyverno.cleanup.labels" . | nindent 4 }}
-spec:
-  schedule: {{ .Values.cleanupJobs.ephemeralReports.schedule | quote }}
-  concurrencyPolicy: Forbid
-  successfulJobsHistoryLimit: {{ .Values.cleanupJobs.ephemeralReports.history.success }}
-  failedJobsHistoryLimit: {{ .Values.cleanupJobs.ephemeralReports.history.failure }}
-  jobTemplate:
-    spec:
-      backoffLimit: {{ .Values.cleanupJobs.ephemeralReports.backoffLimit }}
-      {{- if .Values.cleanupJobs.ephemeralReports.ttlSecondsAfterFinished }}
-      ttlSecondsAfterFinished: {{ .Values.cleanupJobs.ephemeralReports.ttlSecondsAfterFinished }}
-      {{- end }}
-      template:
-        metadata:
-          {{- with .Values.cleanupJobs.ephemeralReports.podAnnotations }}
-          annotations:
-            {{- toYaml . | nindent 12 }}
-          {{- end }}
-          {{- with .Values.cleanupJobs.ephemeralReports.podLabels }}
-          labels:
-            {{- toYaml . | nindent 12 }}
-          {{- end }}
-        spec:
-          serviceAccountName: {{ template "kyverno.name" . }}-cleanup-jobs
-          {{- with .Values.cleanupJobs.ephemeralReports.podSecurityContext }}
-          securityContext:
-            {{- tpl (toYaml .) $ | nindent 12 }}
-          {{- end }}
-          {{- with .Values.cleanupJobs.ephemeralReports.priorityClassName }}
-          priorityClassName: {{ . }}
-          {{- end }}
-          containers:
-          - name: cleanup
-            image: {{ (include "kyverno.image" (dict "globalRegistry" .Values.global.image.registry "image" .Values.cleanupJobs.ephemeralReports.image)) | quote }}
-            imagePullPolicy: {{ .Values.cleanupJobs.ephemeralReports.image.pullPolicy }}
-            command:
-            - /bin/bash
-            - -c
-            - |
-              set -euo pipefail
-              COUNT=$(kubectl get ephemeralreports.reports.kyverno.io -A | wc -l)
-              if [ "$COUNT" -gt {{ .Values.cleanupJobs.ephemeralReports.threshold }} ]; then
-                echo "too many ephemeralreports found ($COUNT), cleaning up..."
-                kubectl delete ephemeralreports.reports.kyverno.io -A --all
-              else
-                echo "($COUNT) reports found, no clean up needed"
-              fi
-            {{- with .Values.cleanupJobs.ephemeralReports.securityContext }}
-            securityContext:
-              {{- toYaml . | nindent 14 }}
-            {{- end }}
-            {{- with .Values.cleanupJobs.ephemeralReports.resources }}
-            resources:
-              {{- toYaml . | nindent 14 }}
-            {{- end }}
-          {{- with .Values.cleanupJobs.ephemeralReports.imagePullSecrets }}
-          imagePullSecrets:
-            {{- tpl (toYaml .) $ | nindent 12 }}
-          {{- end }}
-          restartPolicy: OnFailure
-          {{- with .Values.cleanupJobs.ephemeralReports.tolerations | default .Values.global.tolerations}}
-          tolerations:
-            {{- tpl (toYaml .) $ | nindent 12 }}
-          {{- end }}
-          {{- with .Values.cleanupJobs.ephemeralReports.nodeSelector | default .Values.global.nodeSelector }}
-          nodeSelector:
-            {{- tpl (toYaml .) $ | nindent 12 }}
-          {{- end }}
-          {{- if or .Values.cleanupJobs.ephemeralReports.podAntiAffinity .Values.cleanupJobs.ephemeralReports.podAffinity .Values.cleanupJobs.ephemeralReports.nodeAffinity }}
-          affinity:
-            {{- with .Values.cleanupJobs.ephemeralReports.podAntiAffinity }}
-            podAntiAffinity:
-              {{- tpl (toYaml .) $ | nindent 14 }}
-            {{- end }}
-            {{- with .Values.cleanupJobs.ephemeralReports.podAffinity }}
-            podAffinity:
-              {{- tpl (toYaml .) $ | nindent 14 }}
-            {{- end }}
-            {{- with .Values.cleanupJobs.ephemeralReports.nodeAffinity }}
-            nodeAffinity:
-              {{- tpl (toYaml .) $ | nindent 14 }}
-            {{- end }}
-          {{- end }}
-{{- end -}}
--- a/charts/kyverno/templates/cleanup/cleanup-update-requests.yaml
+++ b/charts/kyverno/templates/cleanup/cleanup-update-requests.yaml
@ -1,91 +0,0 @@
-{{- if .Values.cleanupJobs.updateRequests.enabled -}}
-apiVersion: batch/v1
-kind: CronJob
-metadata:
-  name: {{ template "kyverno.name" . }}-cleanup-update-requests
-  namespace: {{ template "kyverno.namespace" . }}
-  labels:
-    {{- include "kyverno.cleanup.labels" . | nindent 4 }}
-spec:
-  schedule: {{ .Values.cleanupJobs.updateRequests.schedule | quote }}
-  concurrencyPolicy: Forbid
-  successfulJobsHistoryLimit: {{ .Values.cleanupJobs.updateRequests.history.success }}
-  failedJobsHistoryLimit: {{ .Values.cleanupJobs.updateRequests.history.failure }}
-  jobTemplate:
-    spec:
-      backoffLimit: {{ .Values.cleanupJobs.updateRequests.backoffLimit }}
-      {{- if .Values.cleanupJobs.updateRequests.ttlSecondsAfterFinished }}
-      ttlSecondsAfterFinished: {{ .Values.cleanupJobs.updateRequests.ttlSecondsAfterFinished }}
-      {{- end }}
-      template:
-        metadata:
-          {{- with .Values.cleanupJobs.updateRequests.podAnnotations }}
-          annotations:
-            {{- toYaml . | nindent 12 }}
-          {{- end }}
-          {{- with .Values.cleanupJobs.updateRequests.podLabels }}
-          labels:
-            {{- toYaml . | nindent 12 }}
-          {{- end }}
-        spec:
-          serviceAccountName: {{ template "kyverno.name" . }}-cleanup-jobs
-          {{- with .Values.cleanupJobs.updateRequests.podSecurityContext }}
-          securityContext:
-            {{- tpl (toYaml .) $ | nindent 12 }}
-          {{- end }}
-          {{- with .Values.cleanupJobs.updateRequests.priorityClassName }}
-          priorityClassName: {{ . }}
-          {{- end }}
-          containers:
-          - name: cleanup
-            image: {{ (include "kyverno.image" (dict "globalRegistry" .Values.global.image.registry "image" .Values.cleanupJobs.updateRequests.image)) | quote }}
-            imagePullPolicy: {{ .Values.cleanupJobs.updateRequests.image.pullPolicy }}
-            command:
-            - /bin/bash
-            - -c
-            - |
-              set -euo pipefail
-              COUNT=$(kubectl get updaterequests.kyverno.io -A | wc -l)
-              if [ "$COUNT" -gt {{ .Values.cleanupJobs.updateRequests.threshold }} ]; then
-                echo "too many updaterequests found ($COUNT), cleaning up..."
-                kubectl delete updaterequests.kyverno.io --all -n kyverno
-              else
-                echo "($COUNT) reports found, no clean up needed"
-              fi
-            {{- with .Values.cleanupJobs.updateRequests.securityContext }}
-            securityContext:
-              {{- toYaml . | nindent 14 }}
-            {{- end }}
-            {{- with .Values.cleanupJobs.updateRequests.resources }}
-            resources:
-              {{- toYaml . | nindent 14 }}
-            {{- end }}
-          {{- with .Values.cleanupJobs.updateRequests.imagePullSecrets }}
-          imagePullSecrets:
-            {{- tpl (toYaml .) $ | nindent 12 }}
-          {{- end }}
-          restartPolicy: OnFailure
-          {{- with .Values.cleanupJobs.updateRequests.tolerations | default .Values.global.tolerations}}
-          tolerations:
-            {{- tpl (toYaml .) $ | nindent 12 }}
-          {{- end }}
-          {{- with .Values.cleanupJobs.updateRequests.nodeSelector | default .Values.global.nodeSelector }}
-          nodeSelector:
-            {{- tpl (toYaml .) $ | nindent 12 }}
-          {{- end }}
-          {{- if or .Values.cleanupJobs.updateRequests.podAntiAffinity .Values.cleanupJobs.updateRequests.podAffinity .Values.cleanupJobs.updateRequests.nodeAffinity }}
-          affinity:
-            {{- with .Values.cleanupJobs.updateRequests.podAntiAffinity }}
-            podAntiAffinity:
-              {{- tpl (toYaml .) $ | nindent 14 }}
-            {{- end }}
-            {{- with .Values.cleanupJobs.updateRequests.podAffinity }}
-            podAffinity:
-              {{- tpl (toYaml .) $ | nindent 14 }}
-            {{- end }}
-            {{- with .Values.cleanupJobs.updateRequests.nodeAffinity }}
-            nodeAffinity:
-              {{- tpl (toYaml .) $ | nindent 14 }}
-            {{- end }}
-          {{- end }}
-{{- end -}}
--- a/charts/kyverno/templates/cleanup/clusterrole.yaml
+++ b/charts/kyverno/templates/cleanup/clusterrole.yaml
@ -1,24 +0,0 @@
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRole
-metadata:
-  name: {{ template "kyverno.name" . }}:cleanup-jobs
-  labels:
-    {{- include "kyverno.labels.merge" (list (include "kyverno.labels.common" .) (include "kyverno.matchLabels.common" .)) | nindent 4 }}
-rules:
-  - apiGroups:
-      - kyverno.io
-    resources:
-      - updaterequests
-    verbs:
-      - list
-      - deletecollection
-      - delete
-  - apiGroups:
-      - reports.kyverno.io
-    resources:
-      - ephemeralreports
-      - clusterephemeralreports
-    verbs:
-      - list
-      - deletecollection
-      - delete
--- a/charts/kyverno/templates/cleanup/clusterrolebinding.yaml
+++ b/charts/kyverno/templates/cleanup/clusterrolebinding.yaml
@ -1,14 +0,0 @@
-kind: ClusterRoleBinding
-apiVersion: rbac.authorization.k8s.io/v1
-metadata:
-  name: {{ template "kyverno.name" . }}:cleanup-jobs
-  labels:
-    {{- include "kyverno.labels.merge" (list (include "kyverno.labels.common" .) (include "kyverno.matchLabels.common" .)) | nindent 4 }}
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: ClusterRole
-  name: {{ template "kyverno.name" . }}:cleanup-jobs
-subjects:
-  - kind: ServiceAccount
-    name: {{ template "kyverno.name" . }}-cleanup-jobs
-    namespace: {{ template "kyverno.namespace" . }}
--- a/charts/kyverno/templates/cleanup/serviceaccount.yaml
+++ b/charts/kyverno/templates/cleanup/serviceaccount.yaml
@ -1,7 +0,0 @@
-apiVersion: v1
-kind: ServiceAccount
-metadata:
-  name: {{ template "kyverno.name" . }}-cleanup-jobs
-  namespace: {{ template "kyverno.namespace" . }}
-  labels:
-    {{- include "kyverno.labels.merge" (list (include "kyverno.labels.common" .) (include "kyverno.matchLabels.common" .)) | nindent 4 }}
--- a/charts/kyverno/values.yaml
+++ b/charts/kyverno/values.yaml
@ -681,249 +681,6 @@ features:
    # -- (string) Tuf mirror
    mirror: ~

-# Cleanup cronjobs to prevent internal resources from stacking up in the cluster
-cleanupJobs:
-
-  updateRequests:
-
-    # -- Enable cleanup cronjob
-    enabled: false
-
-    # -- Maximum number of retries before considering a Job as failed. Defaults to 3.
-    backoffLimit: 3
-
-    # -- Time until the pod from the cronjob is deleted
-    ttlSecondsAfterFinished: ""
-
-    image:
-      # -- (string) Image registry
-      registry: ~
-      # -- Image repository
-      repository: bitnami/kubectl
-      # -- Image tag
-      # Defaults to `latest` if omitted
-      tag: '1.30.2'
-      # -- (string) Image pull policy
-      # Defaults to image.pullPolicy if omitted
-      pullPolicy: ~
-
-    # -- Image pull secrets
-    imagePullSecrets: []
-      # - name: secretName
-
-    # -- Cronjob schedule
-    schedule: '*/10 * * * *'
-
-    # -- Reports threshold, if number of updateRequests are above this value the cronjob will start deleting them
-    threshold: 10000
-
-    # -- Cronjob history
-    history:
-      success: 1
-      failure: 1
-
-    # -- Security context for the pod
-    podSecurityContext: {}
-
-    # -- Security context for the containers
-    securityContext:
-      runAsNonRoot: true
-      privileged: false
-      allowPrivilegeEscalation: false
-      readOnlyRootFilesystem: true
-      capabilities:
-        drop:
-          - ALL
-      seccompProfile:
-        type: RuntimeDefault
-
-    # -- Pod PriorityClassName
-    priorityClassName: ""
-
-    # -- Job resources
-    resources: {}
-
-    # -- List of node taints to tolerate
-    tolerations: []
-
-    # -- Node labels for pod assignment
-    nodeSelector: {}
-
-    # -- Pod Annotations
-    podAnnotations: {}
-
-    # -- Pod labels
-    podLabels: {}
-
-    # -- Pod anti affinity constraints.
-    podAntiAffinity: {}
-
-    # -- Pod affinity constraints.
-    podAffinity: {}
-
-    # -- Node affinity constraints.
-    nodeAffinity: {}
-
-  ephemeralReports:
-
-    # -- Enable cleanup cronjob
-    enabled: false
-
-    # -- Maximum number of retries before considering a Job as failed. Defaults to 3.
-    backoffLimit: 3
-
-    # -- Time until the pod from the cronjob is deleted
-    ttlSecondsAfterFinished: ""
-
-    image:
-      # -- (string) Image registry
-      registry: ~
-      # -- Image repository
-      repository: bitnami/kubectl
-      # -- Image tag
-      # Defaults to `latest` if omitted
-      tag: '1.30.2'
-      # -- (string) Image pull policy
-      # Defaults to image.pullPolicy if omitted
-      pullPolicy: ~
-
-    # -- Image pull secrets
-    imagePullSecrets: []
-      # - name: secretName
-
-    # -- Cronjob schedule
-    schedule: '*/10 * * * *'
-
-    # -- Reports threshold, if number of updateRequests are above this value the cronjob will start deleting them
-    threshold: 10000
-
-    # -- Cronjob history
-    history:
-      success: 1
-      failure: 1
-
-    # -- Security context for the pod
-    podSecurityContext: {}
-
-    # -- Security context for the containers
-    securityContext:
-      runAsNonRoot: true
-      privileged: false
-      allowPrivilegeEscalation: false
-      readOnlyRootFilesystem: true
-      capabilities:
-        drop:
-          - ALL
-      seccompProfile:
-        type: RuntimeDefault
-
-    # -- Pod PriorityClassName
-    priorityClassName: ""
-
-    # -- Job resources
-    resources: {}
-
-    # -- List of node taints to tolerate
-    tolerations: []
-
-    # -- Node labels for pod assignment
-    nodeSelector: {}
-
-    # -- Pod Annotations
-    podAnnotations: {}
-
-    # -- Pod labels
-    podLabels: {}
-
-    # -- Pod anti affinity constraints.
-    podAntiAffinity: {}
-
-    # -- Pod affinity constraints.
-    podAffinity: {}
-
-    # -- Node affinity constraints.
-    nodeAffinity: {}
-
-  clusterEphemeralReports:
-
-    # -- Enable cleanup cronjob
-    enabled: false
-
-    # -- Maximum number of retries before considering a Job as failed. Defaults to 3.
-    backoffLimit: 3
-
-    # -- Time until the pod from the cronjob is deleted
-    ttlSecondsAfterFinished: ""
-
-    image:
-      # -- (string) Image registry
-      registry: ~
-      # -- Image repository
-      repository: bitnami/kubectl
-      # -- Image tag
-      # Defaults to `latest` if omitted
-      tag: '1.30.2'
-      # -- (string) Image pull policy
-      # Defaults to image.pullPolicy if omitted
-      pullPolicy: ~
-
-    # -- Image pull secrets
-    imagePullSecrets: []
-      # - name: secretName
-
-    # -- Cronjob schedule
-    schedule: '*/10 * * * *'
-
-    # -- Reports threshold, if number of reports are above this value the cronjob will start deleting them
-    threshold: 10000
-
-    # -- Cronjob history
-    history:
-      success: 1
-      failure: 1
-
-    # -- Security context for the pod
-    podSecurityContext: {}
-
-    # -- Security context for the containers
-    securityContext:
-      runAsNonRoot: true
-      privileged: false
-      allowPrivilegeEscalation: false
-      readOnlyRootFilesystem: true
-      capabilities:
-        drop:
-          - ALL
-      seccompProfile:
-        type: RuntimeDefault
-
-    # -- Pod PriorityClassName
-    priorityClassName: ""
-
-    # -- Job resources
-    resources: {}
-
-    # -- List of node taints to tolerate
-    tolerations: []
-
-    # -- Node labels for pod assignment
-    nodeSelector: {}
-
-    # -- Pod Annotations
-    podAnnotations: {}
-
-    # -- Pod Labels
-    podLabels: {}
-
-    # -- Pod anti affinity constraints.
-    podAntiAffinity: {}
-
-    # -- Pod affinity constraints.
-    podAffinity: {}
-
-    # -- Node affinity constraints.
-    nodeAffinity: {}
-
 # Admission controller configuration
 admissionController:

--- a/config/install-latest-testing.yaml
+++ b/config/install-latest-testing.yaml
@ -43,16 +43,6 @@ metadata:
 ---
 apiVersion: v1
 kind: ServiceAccount
-metadata:
-  name: kyverno-cleanup-jobs
-  namespace: kyverno
-  labels:
-    app.kubernetes.io/instance: kyverno
-    app.kubernetes.io/part-of: kyverno
-    app.kubernetes.io/version: latest
---
-apiVersion: v1
-kind: ServiceAccount
 metadata:
  name: kyverno-reports-controller
  namespace: kyverno
@ -43996,33 +43986,6 @@ rules:
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
-metadata:
-  name: kyverno:cleanup-jobs
-  labels:
-    app.kubernetes.io/instance: kyverno
-    app.kubernetes.io/part-of: kyverno
-    app.kubernetes.io/version: latest
-rules:
-  - apiGroups:
-      - kyverno.io
-    resources:
-      - updaterequests
-    verbs:
-      - list
-      - deletecollection
-      - delete
-  - apiGroups:
-      - reports.kyverno.io
-    resources:
-      - ephemeralreports
-      - clusterephemeralreports
-    verbs:
-      - list
-      - deletecollection
-      - delete
---
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRole
 metadata:
  name: kyverno:rbac:admin:policies
  labels:
@ -44369,23 +44332,6 @@ subjects:
 ---
 kind: ClusterRoleBinding
 apiVersion: rbac.authorization.k8s.io/v1
-metadata:
-  name: kyverno:cleanup-jobs
-  labels:
-    app.kubernetes.io/instance: kyverno
-    app.kubernetes.io/part-of: kyverno
-    app.kubernetes.io/version: latest
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: ClusterRole
-  name: kyverno:cleanup-jobs
-subjects:
-  - kind: ServiceAccount
-    name: kyverno-cleanup-jobs
-    namespace: kyverno
---
-kind: ClusterRoleBinding
-apiVersion: rbac.authorization.k8s.io/v1
 metadata:
  name: kyverno:reports-controller
  labels: