adding ownerRef with namespace (#2263)

Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com>

pkg/config/config.go

@@ -51,6 +51,12 @@ const (
 
 	// DeploymentAPIVersion define the default deployment resource apiVersion
 	DeploymentAPIVersion = "apps/v1"
+
+	// NamespaceKind define the default namespace resource kind
+	NamespaceKind = "Namespace"
+
+	// NamespaceAPIVersion define the default namespace resource apiVersion
+	NamespaceAPIVersion = "v1"
 )
 
 var (

pkg/webhookconfig/common.go

@@ -7,6 +7,7 @@ import (
 	"github.com/kyverno/kyverno/pkg/tls"
 	admregapi "k8s.io/api/admissionregistration/v1beta1"
 	apps "k8s.io/api/apps/v1"
+	v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
 	"k8s.io/apimachinery/pkg/runtime"
 	rest "k8s.io/client-go/rest"
@@ -52,6 +53,32 @@ func extractCA(config *rest.Config) (result []byte) {
 	return config.TLSClientConfig.CAData
 }
 
+func (wrc *Register) constructOwner() v1.OwnerReference {
+	logger := wrc.log
+
+	kubeNamespace, err := wrc.GetKubePolicyNamespace()
+	if err != nil {
+		logger.Error(err, "failed to construct OwnerReference")
+		return v1.OwnerReference{}
+	}
+
+	return v1.OwnerReference{
+		APIVersion: config.NamespaceAPIVersion,
+		Kind:       config.NamespaceKind,
+		Name:       config.KyvernoNamespace,
+		UID:        kubeNamespace.GetUID(),
+	}
+}
+
+func (wrc *Register) GetKubePolicyNamespace() (*unstructured.Unstructured, error) {
+	kubeNamespace, err := wrc.client.GetResource(config.NamespaceAPIVersion, config.NamespaceKind, "", config.KyvernoNamespace)
+	if err != nil {
+		return nil, err
+	}
+
+	return kubeNamespace, nil
+}
+
 // GetKubePolicyDeployment gets Kyverno deployment using the resource cache
 // it does not initialize any client call
 func (wrc *Register) GetKubePolicyDeployment() (*apps.Deployment, *unstructured.Unstructured, error) {

pkg/webhookconfig/policy.go

@@ -13,6 +13,9 @@ func (wrc *Register) contructPolicyValidatingWebhookConfig(caData []byte) *admre
 	return &admregapi.ValidatingWebhookConfiguration{
 		ObjectMeta: v1.ObjectMeta{
 			Name: config.PolicyValidatingWebhookConfigurationName,
+			OwnerReferences: []v1.OwnerReference{
+				wrc.constructOwner(),
+			},
 		},
 		Webhooks: []admregapi.ValidatingWebhook{
 			generateValidatingWebhook(
@@ -59,6 +62,9 @@ func (wrc *Register) contructPolicyMutatingWebhookConfig(caData []byte) *admrega
 	return &admregapi.MutatingWebhookConfiguration{
 		ObjectMeta: v1.ObjectMeta{
 			Name: config.PolicyMutatingWebhookConfigurationName,
+			OwnerReferences: []v1.OwnerReference{
+				wrc.constructOwner(),
+			},
 		},
 		Webhooks: []admregapi.MutatingWebhook{
 			generateMutatingWebhook(

pkg/webhookconfig/registration.go

@@ -464,6 +464,9 @@ func (wrc *Register) constructVerifyMutatingWebhookConfig(caData []byte) *admreg
 	return &admregapi.MutatingWebhookConfiguration{
 		ObjectMeta: v1.ObjectMeta{
 			Name: config.VerifyMutatingWebhookConfigurationName,
+			OwnerReferences: []v1.OwnerReference{
+				wrc.constructOwner(),
+			},
 		},
 		Webhooks: []admregapi.MutatingWebhook{
 			generateMutatingWebhook(

pkg/webhookconfig/resource.go

@@ -50,6 +50,9 @@ func (wrc *Register) constructDefaultMutatingWebhookConfig(caData []byte) *admre
 	return &admregapi.MutatingWebhookConfiguration{
 		ObjectMeta: v1.ObjectMeta{
 			Name: config.MutatingWebhookConfigurationName,
+			OwnerReferences: []v1.OwnerReference{
+				wrc.constructOwner(),
+			},
 		},
 		Webhooks: []admregapi.MutatingWebhook{webhookCfg},
 	}
@@ -118,6 +121,9 @@ func (wrc *Register) constructDefaultValidatingWebhookConfig(caData []byte) *adm
 	return &admregapi.ValidatingWebhookConfiguration{
 		ObjectMeta: v1.ObjectMeta{
 			Name: config.ValidatingWebhookConfigurationName,
+			OwnerReferences: []v1.OwnerReference{
+				wrc.constructOwner(),
+			},
 		},
 		Webhooks: []admregapi.ValidatingWebhook{
 			generateValidatingWebhook(