change cluster role labels (#2776)

* change cluster role labels * change cluster role label value * fix cluster role label issue * fix comment
2025-03-31 03:45:17 +00:00 · 2021-12-02 15:52:34 +05:30 · 2021-12-02 15:52:34 +05:30 · b7767d79d3
commit b7767d79d3
parent 962f4de8d8
6 changed files with 9 additions and 8 deletions
--- a/charts/kyverno/templates/clusterrole.yaml
+++ b/charts/kyverno/templates/clusterrole.yaml
@ -22,7 +22,6 @@ kind: ClusterRole
 metadata:
  name: {{ template "kyverno.fullname" . }}:webhook
  labels: {{ include "kyverno.labels" . | nindent 4 }}
-    app.kubernetes.io/ownerreference: "true"
    app: kyverno
 rules:
 # Dynamic creation of webhooks, events & certs
--- a/config/install.yaml
+++ b/config/install.yaml
@ -7360,7 +7360,6 @@ metadata:
    app.kubernetes.io/name: kyverno
    app.kubernetes.io/part-of: kyverno
    app.kubernetes.io/version: latest
-    app.kubernetes.io/ownerreference: "true"
  name: kyverno:webhook
 rules:
 - apiGroups:
--- a/config/install_debug.yaml
+++ b/config/install_debug.yaml
@ -7245,7 +7245,6 @@ kind: ClusterRole
 metadata:
  labels:
    app: kyverno
-    app.kubernetes.io/ownerreference: "true"
  name: kyverno:webhook
 rules:
 - apiGroups:
--- a/config/k8s-resource/clusterroles.yaml
+++ b/config/k8s-resource/clusterroles.yaml
@ -22,7 +22,6 @@ kind: ClusterRole
 metadata:
  labels:
    app: kyverno
-    app.kubernetes.io/ownerreference: "true"
  name: kyverno:webhook
 rules:
 # Dynamic creation of webhooks, events & certs
--- a/config/release/install.yaml
+++ b/config/release/install.yaml
@ -7278,7 +7278,6 @@ metadata:
    app.kubernetes.io/name: kyverno
    app.kubernetes.io/part-of: kyverno
    app.kubernetes.io/version: latest
-    app.kubernetes.io/ownerreference: "true"
  name: kyverno:webhook
 rules:
 - apiGroups:
--- a/pkg/webhookconfig/common.go
+++ b/pkg/webhookconfig/common.go
@ -1,9 +1,11 @@
 package webhookconfig

 import (
+	"errors"
 	"io/ioutil"
 	"path/filepath"
 	"reflect"
+	"strings"

 	"github.com/kyverno/kyverno/pkg/config"
 	"github.com/kyverno/kyverno/pkg/tls"
@ -75,12 +77,16 @@ func (wrc *Register) constructOwner() v1.OwnerReference {
 }

 func (wrc *Register) GetKubePolicyClusterRoleName() (*unstructured.Unstructured, error) {
-	clusterRole, err := wrc.client.ListResource(config.ClusterRoleAPIVersion, config.ClusterRoleKind, "", &v1.LabelSelector{MatchLabels: map[string]string{"app.kubernetes.io/ownerreference": "true"}})
+	clusterRoles, err := wrc.client.ListResource(config.ClusterRoleAPIVersion, config.ClusterRoleKind, "", &v1.LabelSelector{MatchLabels: map[string]string{"app": "kyverno"}})
 	if err != nil {
 		return nil, err
 	}
-
-	return &clusterRole.Items[0], nil
+	for _, cr := range clusterRoles.Items {
+		if strings.HasSuffix(cr.GetName(), "webhook") {
+			return &cr, nil
+		}
+	}
+	return nil, errors.New("failed to get cluster role with suffix webhook")
 }

 // GetKubePolicyDeployment gets Kyverno deployment using the resource cache