diff --git a/cmd/initContainer/main.go b/cmd/initContainer/main.go index a07fd570a4..e3a2fcd941 100644 --- a/cmd/initContainer/main.go +++ b/cmd/initContainer/main.go @@ -10,6 +10,7 @@ import ( "sync" "time" + "github.com/gardener/controller-manager-library/pkg/logger" "github.com/kyverno/kyverno/pkg/config" client "github.com/kyverno/kyverno/pkg/dclient" "github.com/kyverno/kyverno/pkg/signal" @@ -32,6 +33,8 @@ const ( validatingWebhookConfigKind string = "ValidatingWebhookConfiguration" policyReportKind string = "PolicyReport" clusterPolicyReportKind string = "ClusterPolicyReport" + policyViolation string = "PolicyViolation" + clusterPolicyViolation string = "ClusterPolicyViolation" ) func main() { @@ -82,6 +85,9 @@ func main() { // policy report {policyReportKind, ""}, {clusterPolicyReportKind, ""}, + // clean up policy violation + {policyViolation, ""}, + {clusterPolicyViolation, ""}, } done := make(chan struct{}) @@ -116,6 +122,8 @@ func executeRequest(client *client.Client, req request) error { return removePolicyReport(client, req.kind) case clusterPolicyReportKind: return removeClusterPolicyReport(client, req.kind) + case policyViolation, clusterPolicyViolation: + return removeViolationCRD(client) } return nil } @@ -279,3 +287,18 @@ func removePolicyReport(client *client.Client, kind string) error { return nil } + +func removeViolationCRD(client *client.Client) error { + if err := client.DeleteResource("", "CustomResourceDefinition", "", "policyviolations.kyverno.io", false); err != nil { + if !errors.IsNotFound(err) { + logger.Error(err, "failed to delete CRD policyViolation") + } + } + + if err := client.DeleteResource("", "CustomResourceDefinition", "", "clusterpolicyviolations.kyverno.io", false); err != nil { + if !errors.IsNotFound(err) { + logger.Error(err, "failed to delete CRD clusterPolicyViolation") + } + } + return nil +} diff --git a/definitions/install.yaml b/definitions/install.yaml index 7345201039..22a40ccac8 100755 --- a/definitions/install.yaml +++ b/definitions/install.yaml @@ -2118,6 +2118,12 @@ rules: - patch - update - watch +- apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions + verbs: + - delete --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole diff --git a/definitions/install_debug.yaml b/definitions/install_debug.yaml index 9a9408512c..76e9eeb72d 100755 --- a/definitions/install_debug.yaml +++ b/definitions/install_debug.yaml @@ -2118,6 +2118,12 @@ rules: - patch - update - watch +- apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions + verbs: + - delete --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole diff --git a/definitions/k8s-resource/rbac.yaml b/definitions/k8s-resource/rbac.yaml index 230bba6108..8e57956d06 100755 --- a/definitions/k8s-resource/rbac.yaml +++ b/definitions/k8s-resource/rbac.yaml @@ -198,6 +198,12 @@ rules: - patch - update - watch +- apiGroups: + - 'apiextensions.k8s.io' + resources: + - customresourcedefinitions + verbs: + - delete --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole diff --git a/go.sum b/go.sum index 5f00f9db3e..d64f1044f7 100644 --- a/go.sum +++ b/go.sum @@ -41,6 +41,7 @@ github.com/Azure/go-autorest/tracing v0.5.0/go.mod h1:r/s2XiOKccPW3HrqB+W0TQzfbt github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU= github.com/BurntSushi/xgb v0.0.0-20160522181843-27f122750802/go.mod h1:IVnqGOEym/WlBOVXweHU+Q+/VP0lqqI8lqeDx9IjBqo= github.com/DataDog/datadog-go v2.2.0+incompatible/go.mod h1:LButxg5PwREeZtORoXG3tL4fMGNddJ+vMq1mwgfaqoQ= +github.com/Masterminds/semver v1.4.2 h1:WBLTQ37jOCzSLtXNdoo8bNM8876KhNqOKvrlGITgsTc= github.com/Masterminds/semver v1.4.2/go.mod h1:MB6lktGJrhw8PrUyiEoblNEGEQ+RzHPF078ddwwvV3Y= github.com/Masterminds/sprig v2.16.0+incompatible/go.mod h1:y6hNFY5UBTIWBxnzTeuNhlNS5hqE0NB0E6fgfo2Br3o= github.com/NYTimes/gziphandler v0.0.0-20170623195520-56545f4a5d46/go.mod h1:3wb06e3pkSAbeQ52E9H9iFoQsEEwGN64994WTCIhntQ= @@ -187,6 +188,7 @@ github.com/fortytw2/leaktest v1.3.0/go.mod h1:jDsjWgpAGjm2CA7WthBh/CdZYEPF31XHqu github.com/frankban/quicktest v1.4.1/go.mod h1:36zfPVQyHxymz4cH7wlDmVwDrJuljRB60qkgn7rorfQ= github.com/fsnotify/fsnotify v1.4.7/go.mod h1:jwhsz4b93w/PPRr/qN1Yymfu8t87LnFCMoQvtojpjFo= github.com/fsnotify/fsnotify v1.4.8-0.20191012010759-4bf2d1fec783/go.mod h1:znqG4EE+3YCdAaPaxE2ZRY/06pZUdp0tY4IgpuI1SZQ= +github.com/gardener/controller-manager-library v0.2.0 h1:MyxL0k10lwBf8TXkbnuN+oEOkHwCNhp3SKj+ad2w62s= github.com/gardener/controller-manager-library v0.2.0/go.mod h1:oCK7fW2VpsMhmUh5c6cOhsN8p9Tth1OM3rRtogDF11k= github.com/ghodss/yaml v0.0.0-20150909031657-73d445a93680/go.mod h1:4dBDuWmgqj2HViK6kFavaiC9ZROes6MMH2rRYeMEF04= github.com/ghodss/yaml v1.0.0/go.mod h1:4dBDuWmgqj2HViK6kFavaiC9ZROes6MMH2rRYeMEF04= @@ -664,6 +666,7 @@ github.com/shurcooL/go v0.0.0-20180423040247-9e1955d9fb6e/go.mod h1:TDJrrUr11Vxr github.com/shurcooL/go-goon v0.0.0-20170922171312-37c2f522c041/go.mod h1:N5mDOmsrJOB+vfqUK+7DmDyjhSLIIBnXo9lvZJj3MWQ= github.com/shurcooL/sanitized_anchor_name v1.0.0/go.mod h1:1NzhyTcUVG4SuEtjjoZeVRXNmyL/1OwPU0+IJeTBvfc= github.com/sirupsen/logrus v1.2.0/go.mod h1:LxeOpSwHxABJmUn/MG1IvRgCAasNZTLOkJPxbbu5VWo= +github.com/sirupsen/logrus v1.4.2 h1:SPIRibHv4MatM3XXNO2BJeFLZwZ2LvZgfQ5+UNI2im4= github.com/sirupsen/logrus v1.4.2/go.mod h1:tLMulIdttU9McNUspp0xgXVQah82FyeX6MwdIuYE2rE= github.com/skyrings/skyring-common v0.0.0-20160929130248-d1c0bb1cbd5e/go.mod h1:d8hQseuYt4rJoOo21lFzYJdhMjmDqLY++ayArbgYjWI= github.com/smartystreets/assertions v0.0.0-20180927180507-b2de0cb4f26d/go.mod h1:OnSkiWE9lh6wB0YB77sQom3nweQdgAjqCqsofrRNTgc=