clean up policy violation CRD

2025-03-29 02:45:06 +00:00 · 2020-11-02 16:59:16 -08:00 · 2020-11-02 16:59:16 -08:00 · 85c6c3d36f
commit 85c6c3d36f
parent f8c659ffa5
5 changed files with 44 additions and 0 deletions
--- a/cmd/initContainer/main.go
+++ b/cmd/initContainer/main.go
@ -10,6 +10,7 @@ import (
 	"sync"
 	"time"

+	"github.com/gardener/controller-manager-library/pkg/logger"
 	"github.com/kyverno/kyverno/pkg/config"
 	client "github.com/kyverno/kyverno/pkg/dclient"
 	"github.com/kyverno/kyverno/pkg/signal"
@ -32,6 +33,8 @@ const (
 	validatingWebhookConfigKind string = "ValidatingWebhookConfiguration"
 	policyReportKind            string = "PolicyReport"
 	clusterPolicyReportKind     string = "ClusterPolicyReport"
+	policyViolation             string = "PolicyViolation"
+	clusterPolicyViolation      string = "ClusterPolicyViolation"
 )

 func main() {
@ -82,6 +85,9 @@ func main() {
 		// policy report
 		{policyReportKind, ""},
 		{clusterPolicyReportKind, ""},
+		// clean up policy violation
+		{policyViolation, ""},
+		{clusterPolicyViolation, ""},
 	}

 	done := make(chan struct{})
@ -116,6 +122,8 @@ func executeRequest(client *client.Client, req request) error {
 		return removePolicyReport(client, req.kind)
 	case clusterPolicyReportKind:
 		return removeClusterPolicyReport(client, req.kind)
+	case policyViolation, clusterPolicyViolation:
+		return removeViolationCRD(client)
 	}
 	return nil
 }
@ -279,3 +287,18 @@ func removePolicyReport(client *client.Client, kind string) error {

 	return nil
 }
+
+func removeViolationCRD(client *client.Client) error {
+	if err := client.DeleteResource("", "CustomResourceDefinition", "", "policyviolations.kyverno.io", false); err != nil {
+		if !errors.IsNotFound(err) {
+			logger.Error(err, "failed to delete CRD policyViolation")
+		}
+	}
+
+	if err := client.DeleteResource("", "CustomResourceDefinition", "", "clusterpolicyviolations.kyverno.io", false); err != nil {
+		if !errors.IsNotFound(err) {
+			logger.Error(err, "failed to delete CRD clusterPolicyViolation")
+		}
+	}
+	return nil
+}
--- a/definitions/install.yaml
+++ b/definitions/install.yaml
@ -2118,6 +2118,12 @@ rules:
  - patch
  - update
  - watch
+- apiGroups:
+  - apiextensions.k8s.io
+  resources:
+  - customresourcedefinitions
+  verbs:
+  - delete
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
--- a/definitions/install_debug.yaml
+++ b/definitions/install_debug.yaml
@ -2118,6 +2118,12 @@ rules:
  - patch
  - update
  - watch
+- apiGroups:
+  - apiextensions.k8s.io
+  resources:
+  - customresourcedefinitions
+  verbs:
+  - delete
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
--- a/definitions/k8s-resource/rbac.yaml
+++ b/definitions/k8s-resource/rbac.yaml
@ -198,6 +198,12 @@ rules:
  - patch
  - update
  - watch
+- apiGroups:
+  - 'apiextensions.k8s.io'
+  resources:
+  - customresourcedefinitions
+  verbs:
+  - delete
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
--- a/go.sum
+++ b/go.sum
@ -41,6 +41,7 @@ github.com/Azure/go-autorest/tracing v0.5.0/go.mod h1:r/s2XiOKccPW3HrqB+W0TQzfbt
 github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU=
 github.com/BurntSushi/xgb v0.0.0-20160522181843-27f122750802/go.mod h1:IVnqGOEym/WlBOVXweHU+Q+/VP0lqqI8lqeDx9IjBqo=
 github.com/DataDog/datadog-go v2.2.0+incompatible/go.mod h1:LButxg5PwREeZtORoXG3tL4fMGNddJ+vMq1mwgfaqoQ=
+github.com/Masterminds/semver v1.4.2 h1:WBLTQ37jOCzSLtXNdoo8bNM8876KhNqOKvrlGITgsTc=
 github.com/Masterminds/semver v1.4.2/go.mod h1:MB6lktGJrhw8PrUyiEoblNEGEQ+RzHPF078ddwwvV3Y=
 github.com/Masterminds/sprig v2.16.0+incompatible/go.mod h1:y6hNFY5UBTIWBxnzTeuNhlNS5hqE0NB0E6fgfo2Br3o=
 github.com/NYTimes/gziphandler v0.0.0-20170623195520-56545f4a5d46/go.mod h1:3wb06e3pkSAbeQ52E9H9iFoQsEEwGN64994WTCIhntQ=
@ -187,6 +188,7 @@ github.com/fortytw2/leaktest v1.3.0/go.mod h1:jDsjWgpAGjm2CA7WthBh/CdZYEPF31XHqu
 github.com/frankban/quicktest v1.4.1/go.mod h1:36zfPVQyHxymz4cH7wlDmVwDrJuljRB60qkgn7rorfQ=
 github.com/fsnotify/fsnotify v1.4.7/go.mod h1:jwhsz4b93w/PPRr/qN1Yymfu8t87LnFCMoQvtojpjFo=
 github.com/fsnotify/fsnotify v1.4.8-0.20191012010759-4bf2d1fec783/go.mod h1:znqG4EE+3YCdAaPaxE2ZRY/06pZUdp0tY4IgpuI1SZQ=
+github.com/gardener/controller-manager-library v0.2.0 h1:MyxL0k10lwBf8TXkbnuN+oEOkHwCNhp3SKj+ad2w62s=
 github.com/gardener/controller-manager-library v0.2.0/go.mod h1:oCK7fW2VpsMhmUh5c6cOhsN8p9Tth1OM3rRtogDF11k=
 github.com/ghodss/yaml v0.0.0-20150909031657-73d445a93680/go.mod h1:4dBDuWmgqj2HViK6kFavaiC9ZROes6MMH2rRYeMEF04=
 github.com/ghodss/yaml v1.0.0/go.mod h1:4dBDuWmgqj2HViK6kFavaiC9ZROes6MMH2rRYeMEF04=
@ -664,6 +666,7 @@ github.com/shurcooL/go v0.0.0-20180423040247-9e1955d9fb6e/go.mod h1:TDJrrUr11Vxr
 github.com/shurcooL/go-goon v0.0.0-20170922171312-37c2f522c041/go.mod h1:N5mDOmsrJOB+vfqUK+7DmDyjhSLIIBnXo9lvZJj3MWQ=
 github.com/shurcooL/sanitized_anchor_name v1.0.0/go.mod h1:1NzhyTcUVG4SuEtjjoZeVRXNmyL/1OwPU0+IJeTBvfc=
 github.com/sirupsen/logrus v1.2.0/go.mod h1:LxeOpSwHxABJmUn/MG1IvRgCAasNZTLOkJPxbbu5VWo=
+github.com/sirupsen/logrus v1.4.2 h1:SPIRibHv4MatM3XXNO2BJeFLZwZ2LvZgfQ5+UNI2im4=
 github.com/sirupsen/logrus v1.4.2/go.mod h1:tLMulIdttU9McNUspp0xgXVQah82FyeX6MwdIuYE2rE=
 github.com/skyrings/skyring-common v0.0.0-20160929130248-d1c0bb1cbd5e/go.mod h1:d8hQseuYt4rJoOo21lFzYJdhMjmDqLY++ayArbgYjWI=
 github.com/smartystreets/assertions v0.0.0-20180927180507-b2de0cb4f26d/go.mod h1:OnSkiWE9lh6wB0YB77sQom3nweQdgAjqCqsofrRNTgc=