chore: bump cleanup policies to v2beta1 (#8621)

Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>
2025-03-28 02:18:15 +00:00 · 2023-10-12 14:45:33 +03:00 · 2023-10-12 14:45:33 +03:00 · e969248483
commit e969248483
parent 3d382e0e01
70 changed files with 11508 additions and 313 deletions
--- a/api/kyverno/v2alpha1/cleanup_policy_types.go
+++ b/api/kyverno/v2alpha1/cleanup_policy_types.go
@ -22,9 +22,7 @@ import (
 	"github.com/aptible/supercronic/cronexpr"
 	kyvernov1 "github.com/kyverno/kyverno/api/kyverno/v1"
 	kyvernov2beta1 "github.com/kyverno/kyverno/api/kyverno/v2beta1"
-	datautils "github.com/kyverno/kyverno/pkg/utils/data"
 	"github.com/robfig/cron"
-	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/util/sets"
 	"k8s.io/apimachinery/pkg/util/validation/field"
 )
@ -32,24 +30,14 @@ import (
 // +genclient
 // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
 // +kubebuilder:object:root=true
-// +kubebuilder:storageversion
 // +kubebuilder:resource:shortName=cleanpol,categories=kyverno
 // +kubebuilder:subresource:status
 // +kubebuilder:printcolumn:name="Schedule",type=string,JSONPath=".spec.schedule"
 // +kubebuilder:printcolumn:name="Age",type="date",JSONPath=".metadata.creationTimestamp"
+// +kubebuilder:deprecatedversion

 // CleanupPolicy defines a rule for resource cleanup.
-type CleanupPolicy struct {
-	metav1.TypeMeta   `json:",inline,omitempty"`
-	metav1.ObjectMeta `json:"metadata,omitempty"`
-
-	// Spec declares policy behaviors.
-	Spec CleanupPolicySpec `json:"spec"`
-
-	// Status contains policy runtime data.
-	// +optional
-	Status CleanupPolicyStatus `json:"status,omitempty"`
-}
+type CleanupPolicy kyvernov2beta1.CleanupPolicy

 // GetSpec returns the policy spec
 func (p *CleanupPolicy) GetSpec() *CleanupPolicySpec {
@ -108,34 +96,20 @@ func (p *CleanupPolicy) IsNamespaced() bool {
 // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object

 // CleanupPolicyList is a list of ClusterPolicy instances.
-type CleanupPolicyList struct {
-	metav1.TypeMeta `json:",inline"`
-	metav1.ListMeta `json:"metadata"`
-	Items           []CleanupPolicy `json:"items"`
-}
+type CleanupPolicyList kyvernov2beta1.CleanupPolicyList

 // +genclient
 // +genclient:nonNamespaced
 // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
 // +kubebuilder:object:root=true
-// +kubebuilder:storageversion
 // +kubebuilder:resource:scope=Cluster,shortName=ccleanpol,categories=kyverno
 // +kubebuilder:subresource:status
 // +kubebuilder:printcolumn:name="Schedule",type=string,JSONPath=".spec.schedule"
 // +kubebuilder:printcolumn:name="Age",type="date",JSONPath=".metadata.creationTimestamp"
+// +kubebuilder:deprecatedversion

 // ClusterCleanupPolicy defines rule for resource cleanup.
-type ClusterCleanupPolicy struct {
-	metav1.TypeMeta   `json:",inline,omitempty"`
-	metav1.ObjectMeta `json:"metadata,omitempty"`
-
-	// Spec declares policy behaviors.
-	Spec CleanupPolicySpec `json:"spec"`
-
-	// Status contains policy runtime data.
-	// +optional
-	Status CleanupPolicyStatus `json:"status,omitempty"`
-}
+type ClusterCleanupPolicy kyvernov2beta1.ClusterCleanupPolicy

 // GetSpec returns the policy spec
 func (p *ClusterCleanupPolicy) GetSpec() *CleanupPolicySpec {
@ -194,65 +168,14 @@ func (p *ClusterCleanupPolicy) Validate(clusterResources sets.Set[string]) (errs
 // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object

 // ClusterCleanupPolicyList is a list of ClusterCleanupPolicy instances.
-type ClusterCleanupPolicyList struct {
-	metav1.TypeMeta `json:",inline"`
-	metav1.ListMeta `json:"metadata"`
-	Items           []ClusterCleanupPolicy `json:"items"`
-}
+type ClusterCleanupPolicyList kyvernov2beta1.ClusterCleanupPolicyList

 // CleanupPolicySpec stores specifications for selecting resources that the user needs to delete
 // and schedule when the matching resources needs deleted.
-type CleanupPolicySpec struct {
-	// Context defines variables and data sources that can be used during rule execution.
-	// +optional
-	Context []kyvernov1.ContextEntry `json:"context,omitempty" yaml:"context,omitempty"`
-
-	// MatchResources defines when cleanuppolicy should be applied. The match
-	// criteria can include resource information (e.g. kind, name, namespace, labels)
-	// and admission review request information like the user name or role.
-	// At least one kind is required.
-	MatchResources kyvernov2beta1.MatchResources `json:"match,omitempty"`
-
-	// ExcludeResources defines when cleanuppolicy should not be applied. The exclude
-	// criteria can include resource information (e.g. kind, name, namespace, labels)
-	// and admission review request information like the name or role.
-	// +optional
-	ExcludeResources *kyvernov2beta1.MatchResources `json:"exclude,omitempty"`
-
-	// The schedule in Cron format
-	Schedule string `json:"schedule"`
-
-	// Conditions defines the conditions used to select the resources which will be cleaned up.
-	// +optional
-	Conditions *kyvernov2beta1.AnyAllConditions `json:"conditions,omitempty"`
-}
+type CleanupPolicySpec = kyvernov2beta1.CleanupPolicySpec

 // CleanupPolicyStatus stores the status of the policy.
-type CleanupPolicyStatus struct {
-	Conditions        []metav1.Condition `json:"conditions,omitempty" patchStrategy:"merge" patchMergeKey:"type" protobuf:"bytes,1,rep,name=conditions"`
-	LastExecutionTime metav1.Time        `json:"lastExecutionTime,omitempty"`
-}
-
-// Validate implements programmatic validation
-func (p *CleanupPolicySpec) Validate(path *field.Path, clusterResources sets.Set[string], namespaced bool) (errs field.ErrorList) {
-	// Write context validation code here by following other validations.
-	errs = append(errs, ValidateContext(path.Child("context"), p.Context)...)
-	errs = append(errs, ValidateSchedule(path.Child("schedule"), p.Schedule)...)
-	if userInfoErrs := p.MatchResources.ValidateNoUserInfo(path.Child("match")); len(userInfoErrs) != 0 {
-		errs = append(errs, userInfoErrs...)
-	} else {
-		errs = append(errs, p.MatchResources.Validate(path.Child("match"), namespaced, clusterResources)...)
-	}
-	if p.ExcludeResources != nil {
-		if userInfoErrs := p.ExcludeResources.ValidateNoUserInfo(path.Child("exclude")); len(userInfoErrs) != 0 {
-			errs = append(errs, userInfoErrs...)
-		} else {
-			errs = append(errs, p.ExcludeResources.Validate(path.Child("exclude"), namespaced, clusterResources)...)
-		}
-	}
-	errs = append(errs, p.ValidateMatchExcludeConflict(path)...)
-	return errs
-}
+type CleanupPolicyStatus = kyvernov2beta1.CleanupPolicyStatus

 func ValidateContext(path *field.Path, context []kyvernov1.ContextEntry) (errs field.ErrorList) {
 	for _, entry := range context {
@ -272,25 +195,3 @@ func ValidateSchedule(path *field.Path, schedule string) (errs field.ErrorList)
 	}
 	return errs
 }
-
-// ValidateMatchExcludeConflict checks if the resultant of match and exclude block is not an empty set
-func (spec *CleanupPolicySpec) ValidateMatchExcludeConflict(path *field.Path) (errs field.ErrorList) {
-	if spec.ExcludeResources == nil || len(spec.ExcludeResources.All) > 0 || len(spec.MatchResources.All) > 0 {
-		return errs
-	}
-	// if both have any then no resource should be common
-	if len(spec.MatchResources.Any) > 0 && len(spec.ExcludeResources.Any) > 0 {
-		for _, rmr := range spec.MatchResources.Any {
-			for _, rer := range spec.ExcludeResources.Any {
-				if datautils.DeepEqual(rmr, rer) {
-					return append(errs, field.Invalid(path, spec, "CleanupPolicy is matching an empty set"))
-				}
-			}
-		}
-		return errs
-	}
-	if datautils.DeepEqual(spec.ExcludeResources, &kyvernov2beta1.MatchResources{}) {
-		return errs
-	}
-	return append(errs, field.Invalid(path, spec, "CleanupPolicy is matching an empty set"))
-}
--- a/api/kyverno/v2alpha1/policy_exception_types.go
+++ b/api/kyverno/v2alpha1/policy_exception_types.go
@ -27,6 +27,7 @@ import (
 // +kubebuilder:object:root=true
 // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
 // +kubebuilder:resource:shortName=polex,categories=kyverno
+// +kubebuilder:deprecatedversion

 // PolicyException declares resources to be excluded from specified policies.
 type PolicyException kyvernov2beta1.PolicyException
--- a/api/kyverno/v2alpha1/zz_generated.deepcopy.go
+++ b/api/kyverno/v2alpha1/zz_generated.deepcopy.go
@ -22,9 +22,7 @@ limitations under the License.
 package v2alpha1

 import (
-	v1 "github.com/kyverno/kyverno/api/kyverno/v1"
 	v2beta1 "github.com/kyverno/kyverno/api/kyverno/v2beta1"
-	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	runtime "k8s.io/apimachinery/pkg/runtime"
 )

@ -63,7 +61,7 @@ func (in *CleanupPolicyList) DeepCopyInto(out *CleanupPolicyList) {
 	in.ListMeta.DeepCopyInto(&out.ListMeta)
 	if in.Items != nil {
 		in, out := &in.Items, &out.Items
-		*out = make([]CleanupPolicy, len(*in))
+		*out = make([]v2beta1.CleanupPolicy, len(*in))
 		for i := range *in {
 			(*in)[i].DeepCopyInto(&(*out)[i])
 		}
@ -89,64 +87,6 @@ func (in *CleanupPolicyList) DeepCopyObject() runtime.Object {
 	return nil
 }

-// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
-func (in *CleanupPolicySpec) DeepCopyInto(out *CleanupPolicySpec) {
-	*out = *in
-	if in.Context != nil {
-		in, out := &in.Context, &out.Context
-		*out = make([]v1.ContextEntry, len(*in))
-		for i := range *in {
-			(*in)[i].DeepCopyInto(&(*out)[i])
-		}
-	}
-	in.MatchResources.DeepCopyInto(&out.MatchResources)
-	if in.ExcludeResources != nil {
-		in, out := &in.ExcludeResources, &out.ExcludeResources
-		*out = new(v2beta1.MatchResources)
-		(*in).DeepCopyInto(*out)
-	}
-	if in.Conditions != nil {
-		in, out := &in.Conditions, &out.Conditions
-		*out = new(v2beta1.AnyAllConditions)
-		(*in).DeepCopyInto(*out)
-	}
-	return
-}
-
-// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CleanupPolicySpec.
-func (in *CleanupPolicySpec) DeepCopy() *CleanupPolicySpec {
-	if in == nil {
-		return nil
-	}
-	out := new(CleanupPolicySpec)
-	in.DeepCopyInto(out)
-	return out
-}
-
-// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
-func (in *CleanupPolicyStatus) DeepCopyInto(out *CleanupPolicyStatus) {
-	*out = *in
-	if in.Conditions != nil {
-		in, out := &in.Conditions, &out.Conditions
-		*out = make([]metav1.Condition, len(*in))
-		for i := range *in {
-			(*in)[i].DeepCopyInto(&(*out)[i])
-		}
-	}
-	in.LastExecutionTime.DeepCopyInto(&out.LastExecutionTime)
-	return
-}
-
-// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CleanupPolicyStatus.
-func (in *CleanupPolicyStatus) DeepCopy() *CleanupPolicyStatus {
-	if in == nil {
-		return nil
-	}
-	out := new(CleanupPolicyStatus)
-	in.DeepCopyInto(out)
-	return out
-}
-
 // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
 func (in *ClusterCleanupPolicy) DeepCopyInto(out *ClusterCleanupPolicy) {
 	*out = *in
@ -182,7 +122,7 @@ func (in *ClusterCleanupPolicyList) DeepCopyInto(out *ClusterCleanupPolicyList)
 	in.ListMeta.DeepCopyInto(&out.ListMeta)
 	if in.Items != nil {
 		in, out := &in.Items, &out.Items
-		*out = make([]ClusterCleanupPolicy, len(*in))
+		*out = make([]v2beta1.ClusterCleanupPolicy, len(*in))
 		for i := range *in {
 			(*in)[i].DeepCopyInto(&(*out)[i])
 		}
--- a/api/kyverno/v2beta1/cleanup_policy_test.go
+++ b/api/kyverno/v2beta1/cleanup_policy_test.go
@ -0,0 +1,712 @@
+package v2beta1
+
+import (
+	"encoding/json"
+	"fmt"
+	"testing"
+
+	"gotest.tools/assert"
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	"k8s.io/apimachinery/pkg/util/validation/field"
+)
+
+func Test_CleanupPolicy_Name(t *testing.T) {
+	subject := CleanupPolicy{
+		ObjectMeta: metav1.ObjectMeta{
+			Name: "this-is-a-way-too-long-policy-name-that-should-trigger-an-error-when-calling-the-policy-validation-method",
+		},
+		Spec: CleanupPolicySpec{
+			Schedule: "* * * * *",
+		},
+	}
+	errs := subject.Validate(nil)
+	assert.Assert(t, len(errs) == 1)
+	assert.Equal(t, errs[0].Field, "metadata.name")
+	assert.Equal(t, errs[0].Type, field.ErrorTypeTooLong)
+	assert.Equal(t, errs[0].Detail, "must have at most 63 bytes")
+	assert.Equal(t, errs[0].Error(), "metadata.name: Too long: must have at most 63 bytes")
+}
+
+func Test_CleanupPolicy_Schedule(t *testing.T) {
+	subject := CleanupPolicy{
+		ObjectMeta: metav1.ObjectMeta{
+			Name: "test-policy",
+		},
+		Spec: CleanupPolicySpec{
+			Schedule: "schedule-not-in-proper-cron-format",
+		},
+	}
+	errs := subject.Validate(nil)
+	assert.Assert(t, len(errs) == 1)
+	assert.Equal(t, errs[0].Field, "spec.schedule")
+	assert.Equal(t, errs[0].Type, field.ErrorTypeInvalid)
+	assert.Equal(t, errs[0].Detail, "schedule spec in the cleanupPolicy is not in proper cron format")
+	assert.Equal(t, errs[0].Error(), fmt.Sprintf(`spec.schedule: Invalid value: "%s": schedule spec in the cleanupPolicy is not in proper cron format`, subject.Spec.Schedule))
+}
+
+func Test_ClusterCleanupPolicy_Name(t *testing.T) {
+	subject := ClusterCleanupPolicy{
+		ObjectMeta: metav1.ObjectMeta{
+			Name: "this-is-a-way-too-long-policy-name-that-should-trigger-an-error-when-calling-the-policy-validation-method",
+		},
+		Spec: CleanupPolicySpec{
+			Schedule: "* * * * *",
+		},
+	}
+	errs := subject.Validate(nil)
+	assert.Assert(t, len(errs) == 1)
+	assert.Equal(t, errs[0].Field, "metadata.name")
+	assert.Equal(t, errs[0].Type, field.ErrorTypeTooLong)
+	assert.Equal(t, errs[0].Detail, "must have at most 63 bytes")
+	assert.Equal(t, errs[0].Error(), "metadata.name: Too long: must have at most 63 bytes")
+}
+
+func Test_ClusterCleanupPolicy_Schedule(t *testing.T) {
+	subject := ClusterCleanupPolicy{
+		ObjectMeta: metav1.ObjectMeta{
+			Name: "test-policy",
+		},
+		Spec: CleanupPolicySpec{
+			Schedule: "schedule-not-in-proper-cron-format",
+		},
+	}
+	errs := subject.Validate(nil)
+	assert.Assert(t, len(errs) == 1)
+	assert.Equal(t, errs[0].Field, "spec.schedule")
+	assert.Equal(t, errs[0].Type, field.ErrorTypeInvalid)
+	assert.Equal(t, errs[0].Detail, "schedule spec in the cleanupPolicy is not in proper cron format")
+	assert.Equal(t, errs[0].Error(), fmt.Sprintf(`spec.schedule: Invalid value: "%s": schedule spec in the cleanupPolicy is not in proper cron format`, subject.Spec.Schedule))
+}
+
+func Test_doesMatchExcludeConflict_cleanupPolicy(t *testing.T) {
+	path := field.NewPath("dummy")
+	testcases := []struct {
+		description string
+		policySpec  []byte
+		errors      func(r *CleanupPolicySpec) field.ErrorList
+	}{
+		{
+			description: "Same match and exclude",
+			policySpec: []byte(`
+{
+    "match": {
+		"any": [{
+			"resources": {
+				"kinds": [
+					"Pod",
+					"Namespace"
+				],
+				"name": "something",
+				"namespaces": [
+					"something",
+					"something1"
+				],
+				"selector": {
+					"matchLabels": {
+						"memory": "high"
+					},
+					"matchExpressions": [
+						{
+							"key": "tier",
+							"operator": "In",
+							"values": [
+								"database"
+							]
+						}
+					]
+				}
+			}
+		}]
+    },
+    "exclude": {
+		"any": [{
+			"resources": {
+				"kinds": [
+					"Pod",
+					"Namespace"
+				],
+				"name": "something",
+				"namespaces": [
+					"something",
+					"something1"
+				],
+				"selector": {
+					"matchLabels": {
+						"memory": "high"
+					},
+					"matchExpressions": [
+						{
+							"key": "tier",
+							"operator": "In",
+							"values": [
+								"database"
+							]
+						}
+					]
+				}
+			}
+		}]
+    },
+    "schedule": "* * * * *"
+}`),
+			errors: func(r *CleanupPolicySpec) (errs field.ErrorList) {
+				return append(errs, field.Invalid(path, r, "CleanupPolicy is matching an empty set"))
+			},
+		},
+		{
+			description: "Failed to exclude kind",
+			policySpec: []byte(`
+{
+	"match": {
+		"all": [{
+			"resources": {
+				"kinds": [
+					"Pod",
+					"Namespace"
+				],
+				"name": "something",
+				"namespaces": [
+					"something",
+					"something1"
+				],
+				"selector": {
+					"matchLabels": {
+						"memory": "high"
+					},
+					"matchExpressions": [
+						{
+							"key": "tier",
+							"operator": "In",
+							"values": [
+								"database"
+							]
+						}
+					]
+				}
+			}
+		}]
+	},
+	"exclude": {
+		"all": [{
+			"resources": {
+				"kinds": [
+					"Namespace"
+				],
+				"name": "something",
+				"namespaces": [
+					"something",
+					"something1"
+				],
+				"selector": {
+					"matchLabels": {
+						"memory": "high"
+					},
+					"matchExpressions": [
+						{
+							"key": "tier",
+							"operator": "In",
+							"values": [
+								"database"
+							]
+						}
+					]
+				}
+			}
+		}]
+	},
+	"schedule": "* * * * *"
+}`),
+		},
+		{
+			description: "Failed to exclude name",
+			policySpec: []byte(`
+{
+    "match": {
+		"all": [{
+			"resources": {
+				"kinds": [
+					"Pod",
+					"Namespace"
+				],
+				"name": "something",
+				"namespaces": [
+					"something",
+					"something1"
+				],
+				"selector": {
+					"matchLabels": {
+						"memory": "high"
+					},
+					"matchExpressions": [
+						{
+							"key": "tier",
+							"operator": "In",
+							"values": [
+								"database"
+							]
+						}
+					]
+				}
+			}
+		}]
+    },
+    "exclude": {
+		"all": [{
+			"resources": {
+				"kinds": [
+					"Pod",
+					"Namespace"
+				],
+				"name": "something-*",
+				"namespaces": [
+					"something",
+					"something1"
+				],
+				"selector": {
+					"matchLabels": {
+						"memory": "high"
+					},
+					"matchExpressions": [
+						{
+							"key": "tier",
+							"operator": "In",
+							"values": [
+								"database"
+							]
+						}
+					]
+				}
+			}
+		}]
+    },
+    "schedule": "* * * * *"
+}`),
+		},
+		{
+			description: "Failed to exclude namespace",
+			policySpec: []byte(`
+{
+    "match": {
+		"all": [{
+			"resources": {
+				"kinds": [
+					"Pod",
+					"Namespace"
+				],
+				"name": "something",
+				"namespaces": [
+					"something",
+					"something1"
+				],
+				"selector": {
+					"matchLabels": {
+						"memory": "high"
+					},
+					"matchExpressions": [
+						{
+							"key": "tier",
+							"operator": "In",
+							"values": [
+								"database"
+							]
+						}
+					]
+				}
+			}
+		}]
+    },
+    "exclude": {
+		"all": [{
+			"resources": {
+				"kinds": [
+					"Pod",
+					"Namespace"
+				],
+				"name": "something",
+				"namespaces": [
+					"something3",
+					"something1"
+				],
+				"selector": {
+					"matchLabels": {
+						"memory": "high"
+					},
+					"matchExpressions": [
+						{
+							"key": "tier",
+							"operator": "In",
+							"values": [
+								"database"
+							]
+						}
+					]
+				}
+			}
+		}]
+    },
+    "schedule": "* * * * *"
+}`),
+		},
+		{
+			description: "Failed to exclude labels",
+			policySpec: []byte(`
+{
+    "match": {
+		"all": [{
+			"resources": {
+				"kinds": [
+					"Pod",
+					"Namespace"
+				],
+				"name": "something",
+				"namespaces": [
+					"something",
+					"something1"
+				],
+				"selector": {
+					"matchLabels": {
+						"memory": "high"
+					},
+					"matchExpressions": [
+						{
+							"key": "tier",
+							"operator": "In",
+							"values": [
+								"database"
+							]
+						}
+					]
+				}
+			}
+		}]
+    },
+    "exclude": {
+		"all": [{
+			"resources": {
+				"kinds": [
+					"Pod",
+					"Namespace"
+				],
+				"name": "something",
+				"namespaces": [
+					"something",
+					"something1"
+				],
+				"selector": {
+					"matchLabels": {
+						"memory": "higha"
+					},
+					"matchExpressions": [
+						{
+							"key": "tier",
+							"operator": "In",
+							"values": [
+								"database"
+							]
+						}
+					]
+				}
+			}
+		}]
+    },
+    "schedule": "* * * * *"
+}`),
+		},
+		{
+			description: "Failed to exclude expression",
+			policySpec: []byte(`
+{
+    "match": {
+		"all": [{
+			"resources": {
+				"kinds": [
+					"Pod",
+					"Namespace"
+				],
+				"name": "something",
+				"namespaces": [
+					"something",
+					"something1"
+				],
+				"selector": {
+					"matchLabels": {
+						"memory": "high"
+					},
+					"matchExpressions": [
+						{
+							"key": "tier",
+							"operator": "In",
+							"values": [
+								"database"
+							]
+						}
+					]
+				}
+			}
+		}]
+    },
+    "exclude": {
+		"all": [{
+			"resources": {
+				"kinds": [
+					"Pod",
+					"Namespace"
+				],
+				"name": "something",
+				"namespaces": [
+					"something",
+					"something1"
+				],
+				"selector": {
+					"matchLabels": {
+						"memory": "high"
+					},
+					"matchExpressions": [
+						{
+							"key": "tier",
+							"operator": "In",
+							"values": [
+								"databases"
+							]
+						}
+					]
+				}
+			}
+		}]
+    },
+    "schedule": "* * * * *"
+}`),
+		},
+		{
+			description: "Failed to exclude subjects",
+			policySpec: []byte(`
+{
+    "match": {
+		"all": [{
+			"resources": {
+				"kinds": [
+					"Pod",
+					"Namespace"
+				],
+				"name": "something",
+				"namespaces": [
+					"something",
+					"something1"
+				],
+				"selector": {
+					"matchLabels": {
+						"memory": "high"
+					},
+					"matchExpressions": [
+						{
+							"key": "tier",
+							"operator": "In",
+							"values": [
+								"database"
+							]
+						}
+					]
+				}
+			}
+		}]
+    },
+    "exclude": {
+		"all": [{
+			"resources": {
+				"kinds": [
+					"Pod",
+					"Namespace"
+				],
+				"name": "something",
+				"namespaces": [
+					"something",
+					"something1"
+				],
+				"selector": {
+					"matchLabels": {
+						"memory": "high"
+					},
+					"matchExpressions": [
+						{
+							"key": "tier",
+							"operator": "In",
+							"values": [
+								"database"
+							]
+						}
+					]
+				}
+			}
+		}]
+    },
+    "schedule": "* * * * *"
+}`),
+		},
+		{
+			description: "Failed to exclude clusterroles",
+			policySpec: []byte(`
+{
+    "match": {
+		"all": [{
+			"resources": {
+				"kinds": [
+					"Pod",
+					"Namespace"
+				],
+				"name": "something",
+				"namespaces": [
+					"something",
+					"something1"
+				],
+				"selector": {
+					"matchLabels": {
+						"memory": "high"
+					},
+					"matchExpressions": [
+						{
+							"key": "tier",
+							"operator": "In",
+							"values": [
+								"database"
+							]
+						}
+					]
+				}
+			}
+		}]
+    },
+    "exclude": {
+		"all": [{
+			"resources": {
+				"kinds": [
+					"Pod",
+					"Namespace"
+				],
+				"name": "something",
+				"namespaces": [
+					"something",
+					"something1"
+				],
+				"selector": {
+					"matchLabels": {
+						"memory": "high"
+					},
+					"matchExpressions": [
+						{
+							"key": "tier",
+							"operator": "In",
+							"values": [
+								"database"
+							]
+						}
+					]
+				}
+			}
+		}]
+    },
+    "schedule": "* * * * *"
+}`),
+		},
+		{
+			description: "Failed to exclude roles",
+			policySpec: []byte(`
+{
+    "match": {
+		"all": [{
+			"resources": {
+				"kinds": [
+					"Pod",
+					"Namespace"
+				],
+				"name": "something",
+				"namespaces": [
+					"something",
+					"something1"
+				],
+				"selector": {
+					"matchLabels": {
+						"memory": "high"
+					},
+					"matchExpressions": [
+						{
+							"key": "tier",
+							"operator": "In",
+							"values": [
+								"database"
+							]
+						}
+					]
+				}
+			}
+		}]
+    },
+    "exclude": {
+		"all": [{
+			"resources": {
+				"kinds": [
+					"Pod",
+					"Namespace"
+				],
+				"name": "something",
+				"namespaces": [
+					"something",
+					"something1"
+				],
+				"selector": {
+					"matchLabels": {
+						"memory": "high"
+					},
+					"matchExpressions": [
+						{
+							"key": "tier",
+							"operator": "In",
+							"values": [
+								"database"
+							]
+						}
+					]
+				}
+			}
+		}]
+    },
+    "schedule": "* * * * *"
+}`),
+		},
+		{
+			description: "empty case",
+			policySpec: []byte(`
+{
+    "match": {
+		"all": [{
+			"resources": {
+				"selector": {
+					"matchLabels": {
+						"allow-deletes": "false"
+					}
+				}
+			}
+		}]
+    },
+    "exclude": {},
+    "schedule": "* * * * *"
+}`),
+		},
+	}
+	for _, testcase := range testcases {
+		t.Run(testcase.description, func(t *testing.T) {
+			var policySpec CleanupPolicySpec
+			err := json.Unmarshal(testcase.policySpec, &policySpec)
+			assert.NilError(t, err)
+			errs := policySpec.ValidateMatchExcludeConflict(path)
+			var expectedErrs field.ErrorList
+			if testcase.errors != nil {
+				expectedErrs = testcase.errors(&policySpec)
+			}
+			assert.Equal(t, len(errs), len(expectedErrs))
+			for i := range errs {
+				fmt.Println(i)
+				assert.Equal(t, errs[i].Error(), expectedErrs[i].Error())
+			}
+		})
+	}
+}
--- a/api/kyverno/v2beta1/cleanup_policy_types.go
+++ b/api/kyverno/v2beta1/cleanup_policy_types.go
@ -0,0 +1,295 @@
+/*
+Copyright 2020 The Kubernetes authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package v2beta1
+
+import (
+	"time"
+
+	"github.com/aptible/supercronic/cronexpr"
+	kyvernov1 "github.com/kyverno/kyverno/api/kyverno/v1"
+	datautils "github.com/kyverno/kyverno/pkg/utils/data"
+	"github.com/robfig/cron"
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	"k8s.io/apimachinery/pkg/util/sets"
+	"k8s.io/apimachinery/pkg/util/validation/field"
+)
+
+// +genclient
+// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
+// +kubebuilder:object:root=true
+// +kubebuilder:storageversion
+// +kubebuilder:resource:shortName=cleanpol,categories=kyverno
+// +kubebuilder:subresource:status
+// +kubebuilder:printcolumn:name="Schedule",type=string,JSONPath=".spec.schedule"
+// +kubebuilder:printcolumn:name="Age",type="date",JSONPath=".metadata.creationTimestamp"
+
+// CleanupPolicy defines a rule for resource cleanup.
+type CleanupPolicy struct {
+	metav1.TypeMeta   `json:",inline,omitempty"`
+	metav1.ObjectMeta `json:"metadata,omitempty"`
+
+	// Spec declares policy behaviors.
+	Spec CleanupPolicySpec `json:"spec"`
+
+	// Status contains policy runtime data.
+	// +optional
+	Status CleanupPolicyStatus `json:"status,omitempty"`
+}
+
+// GetSpec returns the policy spec
+func (p *CleanupPolicy) GetSpec() *CleanupPolicySpec {
+	return &p.Spec
+}
+
+// GetStatus returns the policy status
+func (p *CleanupPolicy) GetStatus() *CleanupPolicyStatus {
+	return &p.Status
+}
+
+// GetExecutionTime returns the execution time of the policy
+func (p *CleanupPolicy) GetExecutionTime() (*time.Time, error) {
+	lastExecutionTime := p.Status.LastExecutionTime.Time
+	if lastExecutionTime.IsZero() {
+		creationTime := p.GetCreationTimestamp().Time
+		return p.GetNextExecutionTime(creationTime)
+	} else {
+		return p.GetNextExecutionTime(lastExecutionTime)
+	}
+}
+
+// GetNextExecutionTime returns the next execution time of the policy
+func (p *CleanupPolicy) GetNextExecutionTime(time time.Time) (*time.Time, error) {
+	cronExpr, err := cronexpr.Parse(p.Spec.Schedule)
+	if err != nil {
+		return nil, err
+	}
+	nextExecutionTime := cronExpr.Next(time)
+	return &nextExecutionTime, nil
+}
+
+// Validate implements programmatic validation
+func (p *CleanupPolicy) Validate(clusterResources sets.Set[string]) (errs field.ErrorList) {
+	errs = append(errs, kyvernov1.ValidatePolicyName(field.NewPath("metadata").Child("name"), p.Name)...)
+	errs = append(errs, p.Spec.Validate(field.NewPath("spec"), clusterResources, true)...)
+	return errs
+}
+
+// GetKind returns the resource kind
+func (p *CleanupPolicy) GetKind() string {
+	return "CleanupPolicy"
+}
+
+// GetAPIVersion returns the resource kind
+func (p *CleanupPolicy) GetAPIVersion() string {
+	return p.APIVersion
+}
+
+// IsNamespaced indicates if the policy is namespace scoped
+func (p *CleanupPolicy) IsNamespaced() bool {
+	return true
+}
+
+// +kubebuilder:object:root=true
+// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
+
+// CleanupPolicyList is a list of ClusterPolicy instances.
+type CleanupPolicyList struct {
+	metav1.TypeMeta `json:",inline"`
+	metav1.ListMeta `json:"metadata"`
+	Items           []CleanupPolicy `json:"items"`
+}
+
+// +genclient
+// +genclient:nonNamespaced
+// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
+// +kubebuilder:object:root=true
+// +kubebuilder:storageversion
+// +kubebuilder:resource:scope=Cluster,shortName=ccleanpol,categories=kyverno
+// +kubebuilder:subresource:status
+// +kubebuilder:printcolumn:name="Schedule",type=string,JSONPath=".spec.schedule"
+// +kubebuilder:printcolumn:name="Age",type="date",JSONPath=".metadata.creationTimestamp"
+
+// ClusterCleanupPolicy defines rule for resource cleanup.
+type ClusterCleanupPolicy struct {
+	metav1.TypeMeta   `json:",inline,omitempty"`
+	metav1.ObjectMeta `json:"metadata,omitempty"`
+
+	// Spec declares policy behaviors.
+	Spec CleanupPolicySpec `json:"spec"`
+
+	// Status contains policy runtime data.
+	// +optional
+	Status CleanupPolicyStatus `json:"status,omitempty"`
+}
+
+// GetSpec returns the policy spec
+func (p *ClusterCleanupPolicy) GetSpec() *CleanupPolicySpec {
+	return &p.Spec
+}
+
+// GetStatus returns the policy status
+func (p *ClusterCleanupPolicy) GetStatus() *CleanupPolicyStatus {
+	return &p.Status
+}
+
+// GetExecutionTime returns the execution time of the policy
+func (p *ClusterCleanupPolicy) GetExecutionTime() (*time.Time, error) {
+	lastExecutionTime := p.Status.LastExecutionTime.Time
+	if lastExecutionTime.IsZero() {
+		creationTime := p.GetCreationTimestamp().Time
+		return p.GetNextExecutionTime(creationTime)
+	} else {
+		return p.GetNextExecutionTime(lastExecutionTime)
+	}
+}
+
+// GetNextExecutionTime returns the next execution time of the policy
+func (p *ClusterCleanupPolicy) GetNextExecutionTime(time time.Time) (*time.Time, error) {
+	cronExpr, err := cronexpr.Parse(p.Spec.Schedule)
+	if err != nil {
+		return nil, err
+	}
+	nextExecutionTime := cronExpr.Next(time)
+	return &nextExecutionTime, nil
+}
+
+// GetKind returns the resource kind
+func (p *ClusterCleanupPolicy) GetKind() string {
+	return "ClusterCleanupPolicy"
+}
+
+// GetAPIVersion returns the resource kind
+func (p *ClusterCleanupPolicy) GetAPIVersion() string {
+	return p.APIVersion
+}
+
+// IsNamespaced indicates if the policy is namespace scoped
+func (p *ClusterCleanupPolicy) IsNamespaced() bool {
+	return false
+}
+
+// Validate implements programmatic validation
+func (p *ClusterCleanupPolicy) Validate(clusterResources sets.Set[string]) (errs field.ErrorList) {
+	errs = append(errs, kyvernov1.ValidatePolicyName(field.NewPath("metadata").Child("name"), p.Name)...)
+	errs = append(errs, p.Spec.Validate(field.NewPath("spec"), clusterResources, false)...)
+	return errs
+}
+
+// +kubebuilder:object:root=true
+// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
+
+// ClusterCleanupPolicyList is a list of ClusterCleanupPolicy instances.
+type ClusterCleanupPolicyList struct {
+	metav1.TypeMeta `json:",inline"`
+	metav1.ListMeta `json:"metadata"`
+	Items           []ClusterCleanupPolicy `json:"items"`
+}
+
+// CleanupPolicySpec stores specifications for selecting resources that the user needs to delete
+// and schedule when the matching resources needs deleted.
+type CleanupPolicySpec struct {
+	// Context defines variables and data sources that can be used during rule execution.
+	// +optional
+	Context []kyvernov1.ContextEntry `json:"context,omitempty" yaml:"context,omitempty"`
+
+	// MatchResources defines when cleanuppolicy should be applied. The match
+	// criteria can include resource information (e.g. kind, name, namespace, labels)
+	// and admission review request information like the user name or role.
+	// At least one kind is required.
+	MatchResources MatchResources `json:"match,omitempty"`
+
+	// ExcludeResources defines when cleanuppolicy should not be applied. The exclude
+	// criteria can include resource information (e.g. kind, name, namespace, labels)
+	// and admission review request information like the name or role.
+	// +optional
+	ExcludeResources *MatchResources `json:"exclude,omitempty"`
+
+	// The schedule in Cron format
+	Schedule string `json:"schedule"`
+
+	// Conditions defines the conditions used to select the resources which will be cleaned up.
+	// +optional
+	Conditions *AnyAllConditions `json:"conditions,omitempty"`
+}
+
+// CleanupPolicyStatus stores the status of the policy.
+type CleanupPolicyStatus struct {
+	Conditions        []metav1.Condition `json:"conditions,omitempty" patchStrategy:"merge" patchMergeKey:"type" protobuf:"bytes,1,rep,name=conditions"`
+	LastExecutionTime metav1.Time        `json:"lastExecutionTime,omitempty"`
+}
+
+// Validate implements programmatic validation
+func (p *CleanupPolicySpec) Validate(path *field.Path, clusterResources sets.Set[string], namespaced bool) (errs field.ErrorList) {
+	// Write context validation code here by following other validations.
+	errs = append(errs, ValidateContext(path.Child("context"), p.Context)...)
+	errs = append(errs, ValidateSchedule(path.Child("schedule"), p.Schedule)...)
+	if userInfoErrs := p.MatchResources.ValidateNoUserInfo(path.Child("match")); len(userInfoErrs) != 0 {
+		errs = append(errs, userInfoErrs...)
+	} else {
+		errs = append(errs, p.MatchResources.Validate(path.Child("match"), namespaced, clusterResources)...)
+	}
+	if p.ExcludeResources != nil {
+		if userInfoErrs := p.ExcludeResources.ValidateNoUserInfo(path.Child("exclude")); len(userInfoErrs) != 0 {
+			errs = append(errs, userInfoErrs...)
+		} else {
+			errs = append(errs, p.ExcludeResources.Validate(path.Child("exclude"), namespaced, clusterResources)...)
+		}
+	}
+	errs = append(errs, p.ValidateMatchExcludeConflict(path)...)
+	return errs
+}
+
+func ValidateContext(path *field.Path, context []kyvernov1.ContextEntry) (errs field.ErrorList) {
+	for _, entry := range context {
+		if entry.ImageRegistry != nil {
+			errs = append(errs, field.Invalid(path, context, "ImageRegistry is not allowed in CleanUp Policy"))
+		} else if entry.ConfigMap != nil {
+			errs = append(errs, field.Invalid(path, context, "ConfigMap is not allowed in CleanUp Policy"))
+		}
+	}
+	return errs
+}
+
+// ValidateSchedule validates whether the schedule specified is in proper cron format or not.
+func ValidateSchedule(path *field.Path, schedule string) (errs field.ErrorList) {
+	if _, err := cron.ParseStandard(schedule); err != nil {
+		errs = append(errs, field.Invalid(path, schedule, "schedule spec in the cleanupPolicy is not in proper cron format"))
+	}
+	return errs
+}
+
+// ValidateMatchExcludeConflict checks if the resultant of match and exclude block is not an empty set
+func (spec *CleanupPolicySpec) ValidateMatchExcludeConflict(path *field.Path) (errs field.ErrorList) {
+	if spec.ExcludeResources == nil || len(spec.ExcludeResources.All) > 0 || len(spec.MatchResources.All) > 0 {
+		return errs
+	}
+	// if both have any then no resource should be common
+	if len(spec.MatchResources.Any) > 0 && len(spec.ExcludeResources.Any) > 0 {
+		for _, rmr := range spec.MatchResources.Any {
+			for _, rer := range spec.ExcludeResources.Any {
+				if datautils.DeepEqual(rmr, rer) {
+					return append(errs, field.Invalid(path, spec, "CleanupPolicy is matching an empty set"))
+				}
+			}
+		}
+		return errs
+	}
+	if datautils.DeepEqual(spec.ExcludeResources, &MatchResources{}) {
+		return errs
+	}
+	return append(errs, field.Invalid(path, spec, "CleanupPolicy is matching an empty set"))
+}
--- a/api/kyverno/v2beta1/zz_generated.deepcopy.go
+++ b/api/kyverno/v2beta1/zz_generated.deepcopy.go
@ -22,9 +22,9 @@ limitations under the License.
 package v2beta1

 import (
-	kyvernov1 "github.com/kyverno/kyverno/api/kyverno/v1"
+	v1 "github.com/kyverno/kyverno/api/kyverno/v1"
 	admissionregistrationv1 "k8s.io/api/admissionregistration/v1"
-	v1 "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1"
+	apiextensionsv1 "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	runtime "k8s.io/apimachinery/pkg/runtime"
 )
@ -59,6 +59,186 @@ func (in *AnyAllConditions) DeepCopy() *AnyAllConditions {
 	return out
 }

+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *CleanupPolicy) DeepCopyInto(out *CleanupPolicy) {
+	*out = *in
+	out.TypeMeta = in.TypeMeta
+	in.ObjectMeta.DeepCopyInto(&out.ObjectMeta)
+	in.Spec.DeepCopyInto(&out.Spec)
+	in.Status.DeepCopyInto(&out.Status)
+	return
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CleanupPolicy.
+func (in *CleanupPolicy) DeepCopy() *CleanupPolicy {
+	if in == nil {
+		return nil
+	}
+	out := new(CleanupPolicy)
+	in.DeepCopyInto(out)
+	return out
+}
+
+// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
+func (in *CleanupPolicy) DeepCopyObject() runtime.Object {
+	if c := in.DeepCopy(); c != nil {
+		return c
+	}
+	return nil
+}
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *CleanupPolicyList) DeepCopyInto(out *CleanupPolicyList) {
+	*out = *in
+	out.TypeMeta = in.TypeMeta
+	in.ListMeta.DeepCopyInto(&out.ListMeta)
+	if in.Items != nil {
+		in, out := &in.Items, &out.Items
+		*out = make([]CleanupPolicy, len(*in))
+		for i := range *in {
+			(*in)[i].DeepCopyInto(&(*out)[i])
+		}
+	}
+	return
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CleanupPolicyList.
+func (in *CleanupPolicyList) DeepCopy() *CleanupPolicyList {
+	if in == nil {
+		return nil
+	}
+	out := new(CleanupPolicyList)
+	in.DeepCopyInto(out)
+	return out
+}
+
+// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
+func (in *CleanupPolicyList) DeepCopyObject() runtime.Object {
+	if c := in.DeepCopy(); c != nil {
+		return c
+	}
+	return nil
+}
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *CleanupPolicySpec) DeepCopyInto(out *CleanupPolicySpec) {
+	*out = *in
+	if in.Context != nil {
+		in, out := &in.Context, &out.Context
+		*out = make([]v1.ContextEntry, len(*in))
+		for i := range *in {
+			(*in)[i].DeepCopyInto(&(*out)[i])
+		}
+	}
+	in.MatchResources.DeepCopyInto(&out.MatchResources)
+	if in.ExcludeResources != nil {
+		in, out := &in.ExcludeResources, &out.ExcludeResources
+		*out = new(MatchResources)
+		(*in).DeepCopyInto(*out)
+	}
+	if in.Conditions != nil {
+		in, out := &in.Conditions, &out.Conditions
+		*out = new(AnyAllConditions)
+		(*in).DeepCopyInto(*out)
+	}
+	return
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CleanupPolicySpec.
+func (in *CleanupPolicySpec) DeepCopy() *CleanupPolicySpec {
+	if in == nil {
+		return nil
+	}
+	out := new(CleanupPolicySpec)
+	in.DeepCopyInto(out)
+	return out
+}
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *CleanupPolicyStatus) DeepCopyInto(out *CleanupPolicyStatus) {
+	*out = *in
+	if in.Conditions != nil {
+		in, out := &in.Conditions, &out.Conditions
+		*out = make([]metav1.Condition, len(*in))
+		for i := range *in {
+			(*in)[i].DeepCopyInto(&(*out)[i])
+		}
+	}
+	in.LastExecutionTime.DeepCopyInto(&out.LastExecutionTime)
+	return
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CleanupPolicyStatus.
+func (in *CleanupPolicyStatus) DeepCopy() *CleanupPolicyStatus {
+	if in == nil {
+		return nil
+	}
+	out := new(CleanupPolicyStatus)
+	in.DeepCopyInto(out)
+	return out
+}
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *ClusterCleanupPolicy) DeepCopyInto(out *ClusterCleanupPolicy) {
+	*out = *in
+	out.TypeMeta = in.TypeMeta
+	in.ObjectMeta.DeepCopyInto(&out.ObjectMeta)
+	in.Spec.DeepCopyInto(&out.Spec)
+	in.Status.DeepCopyInto(&out.Status)
+	return
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClusterCleanupPolicy.
+func (in *ClusterCleanupPolicy) DeepCopy() *ClusterCleanupPolicy {
+	if in == nil {
+		return nil
+	}
+	out := new(ClusterCleanupPolicy)
+	in.DeepCopyInto(out)
+	return out
+}
+
+// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
+func (in *ClusterCleanupPolicy) DeepCopyObject() runtime.Object {
+	if c := in.DeepCopy(); c != nil {
+		return c
+	}
+	return nil
+}
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *ClusterCleanupPolicyList) DeepCopyInto(out *ClusterCleanupPolicyList) {
+	*out = *in
+	out.TypeMeta = in.TypeMeta
+	in.ListMeta.DeepCopyInto(&out.ListMeta)
+	if in.Items != nil {
+		in, out := &in.Items, &out.Items
+		*out = make([]ClusterCleanupPolicy, len(*in))
+		for i := range *in {
+			(*in)[i].DeepCopyInto(&(*out)[i])
+		}
+	}
+	return
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClusterCleanupPolicyList.
+func (in *ClusterCleanupPolicyList) DeepCopy() *ClusterCleanupPolicyList {
+	if in == nil {
+		return nil
+	}
+	out := new(ClusterCleanupPolicyList)
+	in.DeepCopyInto(out)
+	return out
+}
+
+// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
+func (in *ClusterCleanupPolicyList) DeepCopyObject() runtime.Object {
+	if c := in.DeepCopy(); c != nil {
+		return c
+	}
+	return nil
+}
+
 // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
 func (in *ClusterPolicy) DeepCopyInto(out *ClusterPolicy) {
 	*out = *in
@ -125,12 +305,12 @@ func (in *Condition) DeepCopyInto(out *Condition) {
 	*out = *in
 	if in.RawKey != nil {
 		in, out := &in.RawKey, &out.RawKey
-		*out = new(v1.JSON)
+		*out = new(apiextensionsv1.JSON)
 		(*in).DeepCopyInto(*out)
 	}
 	if in.RawValue != nil {
 		in, out := &in.RawValue, &out.RawValue
-		*out = new(v1.JSON)
+		*out = new(apiextensionsv1.JSON)
 		(*in).DeepCopyInto(*out)
 	}
 	return
@ -198,21 +378,21 @@ func (in *ImageVerification) DeepCopyInto(out *ImageVerification) {
 	}
 	if in.Attestors != nil {
 		in, out := &in.Attestors, &out.Attestors
-		*out = make([]kyvernov1.AttestorSet, len(*in))
+		*out = make([]v1.AttestorSet, len(*in))
 		for i := range *in {
 			(*in)[i].DeepCopyInto(&(*out)[i])
 		}
 	}
 	if in.Attestations != nil {
 		in, out := &in.Attestations, &out.Attestations
-		*out = make([]kyvernov1.Attestation, len(*in))
+		*out = make([]v1.Attestation, len(*in))
 		for i := range *in {
 			(*in)[i].DeepCopyInto(&(*out)[i])
 		}
 	}
 	if in.ImageRegistryCredentials != nil {
 		in, out := &in.ImageRegistryCredentials, &out.ImageRegistryCredentials
-		*out = new(kyvernov1.ImageRegistryCredentials)
+		*out = new(v1.ImageRegistryCredentials)
 		(*in).DeepCopyInto(*out)
 	}
 	return
@ -233,14 +413,14 @@ func (in *MatchResources) DeepCopyInto(out *MatchResources) {
 	*out = *in
 	if in.Any != nil {
 		in, out := &in.Any, &out.Any
-		*out = make(kyvernov1.ResourceFilters, len(*in))
+		*out = make(v1.ResourceFilters, len(*in))
 		for i := range *in {
 			(*in)[i].DeepCopyInto(&(*out)[i])
 		}
 	}
 	if in.All != nil {
 		in, out := &in.All, &out.All
-		*out = make(kyvernov1.ResourceFilters, len(*in))
+		*out = make(v1.ResourceFilters, len(*in))
 		for i := range *in {
 			(*in)[i].DeepCopyInto(&(*out)[i])
 		}
@ -445,7 +625,7 @@ func (in *ResourceDescription) DeepCopyInto(out *ResourceDescription) {
 	}
 	if in.Operations != nil {
 		in, out := &in.Operations, &out.Operations
-		*out = make([]kyvernov1.AdmissionOperation, len(*in))
+		*out = make([]v1.AdmissionOperation, len(*in))
 		copy(*out, *in)
 	}
 	return
@ -506,7 +686,7 @@ func (in *Rule) DeepCopyInto(out *Rule) {
 	*out = *in
 	if in.Context != nil {
 		in, out := &in.Context, &out.Context
-		*out = make([]kyvernov1.ContextEntry, len(*in))
+		*out = make([]v1.ContextEntry, len(*in))
 		for i := range *in {
 			(*in)[i].DeepCopyInto(&(*out)[i])
 		}
@ -515,14 +695,14 @@ func (in *Rule) DeepCopyInto(out *Rule) {
 	in.ExcludeResources.DeepCopyInto(&out.ExcludeResources)
 	if in.ImageExtractors != nil {
 		in, out := &in.ImageExtractors, &out.ImageExtractors
-		*out = make(kyvernov1.ImageExtractorConfigs, len(*in))
+		*out = make(v1.ImageExtractorConfigs, len(*in))
 		for key, val := range *in {
-			var outVal []kyvernov1.ImageExtractorConfig
+			var outVal []v1.ImageExtractorConfig
 			if val == nil {
 				(*out)[key] = nil
 			} else {
 				in, out := &val, &outVal
-				*out = make([]kyvernov1.ImageExtractorConfig, len(*in))
+				*out = make([]v1.ImageExtractorConfig, len(*in))
 				copy(*out, *in)
 			}
 			(*out)[key] = outVal
@ -573,17 +753,17 @@ func (in *Spec) DeepCopyInto(out *Spec) {
 	}
 	if in.ApplyRules != nil {
 		in, out := &in.ApplyRules, &out.ApplyRules
-		*out = new(kyvernov1.ApplyRulesType)
+		*out = new(v1.ApplyRulesType)
 		**out = **in
 	}
 	if in.FailurePolicy != nil {
 		in, out := &in.FailurePolicy, &out.FailurePolicy
-		*out = new(kyvernov1.FailurePolicyType)
+		*out = new(v1.FailurePolicyType)
 		**out = **in
 	}
 	if in.ValidationFailureActionOverrides != nil {
 		in, out := &in.ValidationFailureActionOverrides, &out.ValidationFailureActionOverrides
-		*out = make([]kyvernov1.ValidationFailureActionOverride, len(*in))
+		*out = make([]v1.ValidationFailureActionOverride, len(*in))
 		for i := range *in {
 			(*in)[i].DeepCopyInto(&(*out)[i])
 		}
@ -631,24 +811,24 @@ func (in *Validation) DeepCopyInto(out *Validation) {
 	*out = *in
 	if in.Manifests != nil {
 		in, out := &in.Manifests, &out.Manifests
-		*out = new(kyvernov1.Manifests)
+		*out = new(v1.Manifests)
 		(*in).DeepCopyInto(*out)
 	}
 	if in.ForEachValidation != nil {
 		in, out := &in.ForEachValidation, &out.ForEachValidation
-		*out = make([]kyvernov1.ForEachValidation, len(*in))
+		*out = make([]v1.ForEachValidation, len(*in))
 		for i := range *in {
 			(*in)[i].DeepCopyInto(&(*out)[i])
 		}
 	}
 	if in.RawPattern != nil {
 		in, out := &in.RawPattern, &out.RawPattern
-		*out = new(v1.JSON)
+		*out = new(apiextensionsv1.JSON)
 		(*in).DeepCopyInto(*out)
 	}
 	if in.RawAnyPattern != nil {
 		in, out := &in.RawAnyPattern, &out.RawAnyPattern
-		*out = new(v1.JSON)
+		*out = new(apiextensionsv1.JSON)
 		(*in).DeepCopyInto(*out)
 	}
 	if in.Deny != nil {
@ -658,12 +838,12 @@ func (in *Validation) DeepCopyInto(out *Validation) {
 	}
 	if in.PodSecurity != nil {
 		in, out := &in.PodSecurity, &out.PodSecurity
-		*out = new(kyvernov1.PodSecurity)
+		*out = new(v1.PodSecurity)
 		(*in).DeepCopyInto(*out)
 	}
 	if in.CEL != nil {
 		in, out := &in.CEL, &out.CEL
-		*out = new(kyvernov1.CEL)
+		*out = new(v1.CEL)
 		(*in).DeepCopyInto(*out)
 	}
 	return
--- a/api/kyverno/v2beta1/zz_generated.register.go
+++ b/api/kyverno/v2beta1/zz_generated.register.go
@ -58,6 +58,10 @@ func init() {
 // Adds the list of known types to Scheme.
 func addKnownTypes(scheme *runtime.Scheme) error {
 	scheme.AddKnownTypes(SchemeGroupVersion,
+		&CleanupPolicy{},
+		&CleanupPolicyList{},
+		&ClusterCleanupPolicy{},
+		&ClusterCleanupPolicyList{},
 		&ClusterPolicy{},
 		&ClusterPolicyList{},
 		&Policy{},
--- a/charts/kyverno/charts/crds/templates/crds.yaml
+++ b/charts/kyverno/charts/crds/templates/crds.yaml
--- a/cmd/cleanup-controller/main.go
+++ b/cmd/cleanup-controller/main.go
@ -119,19 +119,19 @@ func main() {
 	genericloggingcontroller.NewController(
 		setup.Logger.WithName("cleanup-policy"),
 		"CleanupPolicy",
-		kyvernoInformer.Kyverno().V2alpha1().CleanupPolicies(),
+		kyvernoInformer.Kyverno().V2beta1().CleanupPolicies(),
 		genericloggingcontroller.CheckGeneration,
 	)
 	genericloggingcontroller.NewController(
 		setup.Logger.WithName("cluster-cleanup-policy"),
 		"ClusterCleanupPolicy",
-		kyvernoInformer.Kyverno().V2alpha1().ClusterCleanupPolicies(),
+		kyvernoInformer.Kyverno().V2beta1().ClusterCleanupPolicies(),
 		genericloggingcontroller.CheckGeneration,
 	)
 	eventGenerator := event.NewEventCleanupGenerator(
 		setup.KyvernoDynamicClient,
-		kyvernoInformer.Kyverno().V2alpha1().ClusterCleanupPolicies(),
-		kyvernoInformer.Kyverno().V2alpha1().CleanupPolicies(),
+		kyvernoInformer.Kyverno().V2beta1().ClusterCleanupPolicies(),
+		kyvernoInformer.Kyverno().V2beta1().CleanupPolicies(),
 		maxQueuedEvents,
 		logging.WithName("EventGenerator"),
 	)
@ -262,8 +262,8 @@ func main() {
 				cleanup.NewController(
 					setup.KyvernoDynamicClient,
 					setup.KyvernoClient,
-					kyvernoInformer.Kyverno().V2alpha1().ClusterCleanupPolicies(),
-					kyvernoInformer.Kyverno().V2alpha1().CleanupPolicies(),
+					kyvernoInformer.Kyverno().V2beta1().ClusterCleanupPolicies(),
+					kyvernoInformer.Kyverno().V2beta1().CleanupPolicies(),
 					nsLister,
 					setup.Configuration,
 					cmResolver,
--- a/cmd/cli/kubectl-kyverno/data/crds/kyverno.io_policyexceptions.yaml
+++ b/cmd/cli/kubectl-kyverno/data/crds/kyverno.io_policyexceptions.yaml
@ -18,7 +18,8 @@ spec:
    singular: policyexception
  scope: Namespaced
  versions:
-  - name: v2alpha1
+  - deprecated: true
+    name: v2alpha1
    schema:
      openAPIV3Schema:
        description: PolicyException declares resources to be excluded from specified
--- a/config/crds/kyverno.io_cleanuppolicies.yaml
+++ b/config/crds/kyverno.io_cleanuppolicies.yaml
--- a/config/crds/kyverno.io_clustercleanuppolicies.yaml
+++ b/config/crds/kyverno.io_clustercleanuppolicies.yaml
--- a/config/crds/kyverno.io_policyexceptions.yaml
+++ b/config/crds/kyverno.io_policyexceptions.yaml
@ -18,7 +18,8 @@ spec:
    singular: policyexception
  scope: Namespaced
  versions:
-  - name: v2alpha1
+  - deprecated: true
+    name: v2alpha1
    schema:
      openAPIV3Schema:
        description: PolicyException declares resources to be excluded from specified
--- a/config/install-latest-testing.yaml
+++ b/config/install-latest-testing.yaml
--- a/docs/user/crd/index.html
+++ b/docs/user/crd/index.html
@ -1373,7 +1373,7 @@ string
 <a href="#kyverno.io/v1.ForEachValidation">ForEachValidation</a>, 
 <a href="#kyverno.io/v1.Rule">Rule</a>, 
 <a href="#kyverno.io/v1.TargetResourceSpec">TargetResourceSpec</a>, 
-<a href="#kyverno.io/v2alpha1.CleanupPolicySpec">CleanupPolicySpec</a>, 
+<a href="#kyverno.io/v2beta1.CleanupPolicySpec">CleanupPolicySpec</a>, 
 <a href="#kyverno.io/v2beta1.Rule">Rule</a>)
 </p>
 <p>
@ -5459,7 +5459,7 @@ Refer to the Kubernetes API documentation for the fields of the
 <td>
 <code>spec</code><br/>
 <em>
-<a href="#kyverno.io/v2alpha1.CleanupPolicySpec">
+<a href="#kyverno.io/v2beta1.CleanupPolicySpec">
 CleanupPolicySpec
 </a>
 </em>
@ -5547,7 +5547,7 @@ AnyAllConditions
 <td>
 <code>status</code><br/>
 <em>
-<a href="#kyverno.io/v2alpha1.CleanupPolicyStatus">
+<a href="#kyverno.io/v2beta1.CleanupPolicyStatus">
 CleanupPolicyStatus
 </a>
 </em>
@ -5608,7 +5608,7 @@ Refer to the Kubernetes API documentation for the fields of the
 <td>
 <code>spec</code><br/>
 <em>
-<a href="#kyverno.io/v2alpha1.CleanupPolicySpec">
+<a href="#kyverno.io/v2beta1.CleanupPolicySpec">
 CleanupPolicySpec
 </a>
 </em>
@ -5696,7 +5696,7 @@ AnyAllConditions
 <td>
 <code>status</code><br/>
 <em>
-<a href="#kyverno.io/v2alpha1.CleanupPolicyStatus">
+<a href="#kyverno.io/v2beta1.CleanupPolicyStatus">
 CleanupPolicyStatus
 </a>
 </em>
@ -5817,16 +5817,24 @@ MatchResources
 <p>
 <p>CleanupPolicyInterface abstracts the concrete policy type (CleanupPolicy vs ClusterCleanupPolicy)</p>
 </p>
-<h3 id="kyverno.io/v2alpha1.CleanupPolicySpec">CleanupPolicySpec
+<h2 id="kyverno.io/v2beta1">kyverno.io/v2beta1</h2>
+Resource Types:
+<ul><li>
+<a href="#kyverno.io/v2beta1.CleanupPolicy">CleanupPolicy</a>
+</li><li>
+<a href="#kyverno.io/v2beta1.ClusterCleanupPolicy">ClusterCleanupPolicy</a>
+</li><li>
+<a href="#kyverno.io/v2beta1.ClusterPolicy">ClusterPolicy</a>
+</li><li>
+<a href="#kyverno.io/v2beta1.Policy">Policy</a>
+</li><li>
+<a href="#kyverno.io/v2beta1.PolicyException">PolicyException</a>
+</li></ul>
+<hr />
+<h3 id="kyverno.io/v2beta1.CleanupPolicy">CleanupPolicy
 </h3>
 <p>
-(<em>Appears on:</em>
-<a href="#kyverno.io/v2alpha1.CleanupPolicy">CleanupPolicy</a>, 
-<a href="#kyverno.io/v2alpha1.ClusterCleanupPolicy">ClusterCleanupPolicy</a>)
-</p>
-<p>
-<p>CleanupPolicySpec stores specifications for selecting resources that the user needs to delete
-and schedule when the matching resources needs deleted.</p>
+<p>CleanupPolicy defines a rule for resource cleanup.</p>
 </p>
 <table class="table table-striped">
 <thead class="thead-dark">
@ -5838,6 +5846,51 @@ and schedule when the matching resources needs deleted.</p>
 <tbody>
 <tr>
 <td>
+<code>apiVersion</code><br/>
+string</td>
+<td>
+<code>
+kyverno.io/v2beta1
+</code>
+</td>
+</tr>
+<tr>
+<td>
+<code>kind</code><br/>
+string
+</td>
+<td><code>CleanupPolicy</code></td>
+</tr>
+<tr>
+<td>
+<code>metadata</code><br/>
+<em>
+<a href="https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.23/#objectmeta-v1-meta">
+Kubernetes meta/v1.ObjectMeta
+</a>
+</em>
+</td>
+<td>
+Refer to the Kubernetes API documentation for the fields of the
+<code>metadata</code> field.
+</td>
+</tr>
+<tr>
+<td>
+<code>spec</code><br/>
+<em>
+<a href="#kyverno.io/v2beta1.CleanupPolicySpec">
+CleanupPolicySpec
+</a>
+</em>
+</td>
+<td>
+<p>Spec declares policy behaviors.</p>
+<br/>
+<br/>
+<table class="table table-striped">
+<tr>
+<td>
 <code>context</code><br/>
 <em>
 <a href="#kyverno.io/v1.ContextEntry">
@ -5907,18 +5960,30 @@ AnyAllConditions
 <p>Conditions defines the conditions used to select the resources which will be cleaned up.</p>
 </td>
 </tr>
+</table>
+</td>
+</tr>
+<tr>
+<td>
+<code>status</code><br/>
+<em>
+<a href="#kyverno.io/v2beta1.CleanupPolicyStatus">
+CleanupPolicyStatus
+</a>
+</em>
+</td>
+<td>
+<em>(Optional)</em>
+<p>Status contains policy runtime data.</p>
+</td>
+</tr>
 </tbody>
 </table>
 <hr />
-<h3 id="kyverno.io/v2alpha1.CleanupPolicyStatus">CleanupPolicyStatus
+<h3 id="kyverno.io/v2beta1.ClusterCleanupPolicy">ClusterCleanupPolicy
 </h3>
 <p>
-(<em>Appears on:</em>
-<a href="#kyverno.io/v2alpha1.CleanupPolicy">CleanupPolicy</a>, 
-<a href="#kyverno.io/v2alpha1.ClusterCleanupPolicy">ClusterCleanupPolicy</a>)
-</p>
-<p>
-<p>CleanupPolicyStatus stores the status of the policy.</p>
+<p>ClusterCleanupPolicy defines rule for resource cleanup.</p>
 </p>
 <table class="table table-striped">
 <thead class="thead-dark">
@ -5930,41 +5995,140 @@ AnyAllConditions
 <tbody>
 <tr>
 <td>
-<code>conditions</code><br/>
-<em>
-<a href="https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.23/#condition-v1-meta">
-[]Kubernetes meta/v1.Condition
-</a>
-</em>
-</td>
+<code>apiVersion</code><br/>
+string</td>
 <td>
+<code>
+kyverno.io/v2beta1
+</code>
 </td>
 </tr>
 <tr>
 <td>
-<code>lastExecutionTime</code><br/>
+<code>kind</code><br/>
+string
+</td>
+<td><code>ClusterCleanupPolicy</code></td>
+</tr>
+<tr>
+<td>
+<code>metadata</code><br/>
 <em>
-<a href="https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.23/#time-v1-meta">
-Kubernetes meta/v1.Time
+<a href="https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.23/#objectmeta-v1-meta">
+Kubernetes meta/v1.ObjectMeta
 </a>
 </em>
 </td>
 <td>
+Refer to the Kubernetes API documentation for the fields of the
+<code>metadata</code> field.
+</td>
+</tr>
+<tr>
+<td>
+<code>spec</code><br/>
+<em>
+<a href="#kyverno.io/v2beta1.CleanupPolicySpec">
+CleanupPolicySpec
+</a>
+</em>
+</td>
+<td>
+<p>Spec declares policy behaviors.</p>
+<br/>
+<br/>
+<table class="table table-striped">
+<tr>
+<td>
+<code>context</code><br/>
+<em>
+<a href="#kyverno.io/v1.ContextEntry">
+[]ContextEntry
+</a>
+</em>
+</td>
+<td>
+<em>(Optional)</em>
+<p>Context defines variables and data sources that can be used during rule execution.</p>
+</td>
+</tr>
+<tr>
+<td>
+<code>match</code><br/>
+<em>
+<a href="#kyverno.io/v2beta1.MatchResources">
+MatchResources
+</a>
+</em>
+</td>
+<td>
+<p>MatchResources defines when cleanuppolicy should be applied. The match
+criteria can include resource information (e.g. kind, name, namespace, labels)
+and admission review request information like the user name or role.
+At least one kind is required.</p>
+</td>
+</tr>
+<tr>
+<td>
+<code>exclude</code><br/>
+<em>
+<a href="#kyverno.io/v2beta1.MatchResources">
+MatchResources
+</a>
+</em>
+</td>
+<td>
+<em>(Optional)</em>
+<p>ExcludeResources defines when cleanuppolicy should not be applied. The exclude
+criteria can include resource information (e.g. kind, name, namespace, labels)
+and admission review request information like the name or role.</p>
+</td>
+</tr>
+<tr>
+<td>
+<code>schedule</code><br/>
+<em>
+string
+</em>
+</td>
+<td>
+<p>The schedule in Cron format</p>
+</td>
+</tr>
+<tr>
+<td>
+<code>conditions</code><br/>
+<em>
+<a href="#kyverno.io/v2beta1.AnyAllConditions">
+AnyAllConditions
+</a>
+</em>
+</td>
+<td>
+<em>(Optional)</em>
+<p>Conditions defines the conditions used to select the resources which will be cleaned up.</p>
+</td>
+</tr>
+</table>
+</td>
+</tr>
+<tr>
+<td>
+<code>status</code><br/>
+<em>
+<a href="#kyverno.io/v2beta1.CleanupPolicyStatus">
+CleanupPolicyStatus
+</a>
+</em>
+</td>
+<td>
+<em>(Optional)</em>
+<p>Status contains policy runtime data.</p>
 </td>
 </tr>
 </tbody>
 </table>
 <hr />
-<h2 id="kyverno.io/v2beta1">kyverno.io/v2beta1</h2>
-Resource Types:
-<ul><li>
-<a href="#kyverno.io/v2beta1.ClusterPolicy">ClusterPolicy</a>
-</li><li>
-<a href="#kyverno.io/v2beta1.Policy">Policy</a>
-</li><li>
-<a href="#kyverno.io/v2beta1.PolicyException">PolicyException</a>
-</li></ul>
-<hr />
 <h3 id="kyverno.io/v2beta1.ClusterPolicy">ClusterPolicy
 </h3>
 <p>
@ -6599,7 +6763,7 @@ MatchResources
 </h3>
 <p>
 (<em>Appears on:</em>
-<a href="#kyverno.io/v2alpha1.CleanupPolicySpec">CleanupPolicySpec</a>, 
+<a href="#kyverno.io/v2beta1.CleanupPolicySpec">CleanupPolicySpec</a>, 
 <a href="#kyverno.io/v2beta1.Deny">Deny</a>, 
 <a href="#kyverno.io/v2beta1.Rule">Rule</a>)
 </p>
@ -6650,6 +6814,148 @@ Here, all of the conditions need to pass.</p>
 </tbody>
 </table>
 <hr />
+<h3 id="kyverno.io/v2beta1.CleanupPolicySpec">CleanupPolicySpec
+</h3>
+<p>
+(<em>Appears on:</em>
+<a href="#kyverno.io/v2alpha1.CleanupPolicy">CleanupPolicy</a>, 
+<a href="#kyverno.io/v2alpha1.ClusterCleanupPolicy">ClusterCleanupPolicy</a>, 
+<a href="#kyverno.io/v2beta1.CleanupPolicy">CleanupPolicy</a>, 
+<a href="#kyverno.io/v2beta1.ClusterCleanupPolicy">ClusterCleanupPolicy</a>)
+</p>
+<p>
+<p>CleanupPolicySpec stores specifications for selecting resources that the user needs to delete
+and schedule when the matching resources needs deleted.</p>
+</p>
+<table class="table table-striped">
+<thead class="thead-dark">
+<tr>
+<th>Field</th>
+<th>Description</th>
+</tr>
+</thead>
+<tbody>
+<tr>
+<td>
+<code>context</code><br/>
+<em>
+<a href="#kyverno.io/v1.ContextEntry">
+[]ContextEntry
+</a>
+</em>
+</td>
+<td>
+<em>(Optional)</em>
+<p>Context defines variables and data sources that can be used during rule execution.</p>
+</td>
+</tr>
+<tr>
+<td>
+<code>match</code><br/>
+<em>
+<a href="#kyverno.io/v2beta1.MatchResources">
+MatchResources
+</a>
+</em>
+</td>
+<td>
+<p>MatchResources defines when cleanuppolicy should be applied. The match
+criteria can include resource information (e.g. kind, name, namespace, labels)
+and admission review request information like the user name or role.
+At least one kind is required.</p>
+</td>
+</tr>
+<tr>
+<td>
+<code>exclude</code><br/>
+<em>
+<a href="#kyverno.io/v2beta1.MatchResources">
+MatchResources
+</a>
+</em>
+</td>
+<td>
+<em>(Optional)</em>
+<p>ExcludeResources defines when cleanuppolicy should not be applied. The exclude
+criteria can include resource information (e.g. kind, name, namespace, labels)
+and admission review request information like the name or role.</p>
+</td>
+</tr>
+<tr>
+<td>
+<code>schedule</code><br/>
+<em>
+string
+</em>
+</td>
+<td>
+<p>The schedule in Cron format</p>
+</td>
+</tr>
+<tr>
+<td>
+<code>conditions</code><br/>
+<em>
+<a href="#kyverno.io/v2beta1.AnyAllConditions">
+AnyAllConditions
+</a>
+</em>
+</td>
+<td>
+<em>(Optional)</em>
+<p>Conditions defines the conditions used to select the resources which will be cleaned up.</p>
+</td>
+</tr>
+</tbody>
+</table>
+<hr />
+<h3 id="kyverno.io/v2beta1.CleanupPolicyStatus">CleanupPolicyStatus
+</h3>
+<p>
+(<em>Appears on:</em>
+<a href="#kyverno.io/v2alpha1.CleanupPolicy">CleanupPolicy</a>, 
+<a href="#kyverno.io/v2alpha1.ClusterCleanupPolicy">ClusterCleanupPolicy</a>, 
+<a href="#kyverno.io/v2beta1.CleanupPolicy">CleanupPolicy</a>, 
+<a href="#kyverno.io/v2beta1.ClusterCleanupPolicy">ClusterCleanupPolicy</a>)
+</p>
+<p>
+<p>CleanupPolicyStatus stores the status of the policy.</p>
+</p>
+<table class="table table-striped">
+<thead class="thead-dark">
+<tr>
+<th>Field</th>
+<th>Description</th>
+</tr>
+</thead>
+<tbody>
+<tr>
+<td>
+<code>conditions</code><br/>
+<em>
+<a href="https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.23/#condition-v1-meta">
+[]Kubernetes meta/v1.Condition
+</a>
+</em>
+</td>
+<td>
+</td>
+</tr>
+<tr>
+<td>
+<code>lastExecutionTime</code><br/>
+<em>
+<a href="https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.23/#time-v1-meta">
+Kubernetes meta/v1.Time
+</a>
+</em>
+</td>
+<td>
+</td>
+</tr>
+</tbody>
+</table>
+<hr />
 <h3 id="kyverno.io/v2beta1.Condition">Condition
 </h3>
 <p>
@ -6964,7 +7270,7 @@ bool
 </h3>
 <p>
 (<em>Appears on:</em>
-<a href="#kyverno.io/v2alpha1.CleanupPolicySpec">CleanupPolicySpec</a>, 
+<a href="#kyverno.io/v2beta1.CleanupPolicySpec">CleanupPolicySpec</a>, 
 <a href="#kyverno.io/v2beta1.PolicyExceptionSpec">PolicyExceptionSpec</a>, 
 <a href="#kyverno.io/v2beta1.Rule">Rule</a>)
 </p>
--- a/pkg/client/applyconfigurations/kyverno/v2alpha1/cleanuppolicy.go
+++ b/pkg/client/applyconfigurations/kyverno/v2alpha1/cleanuppolicy.go
@ -19,6 +19,7 @@ limitations under the License.
 package v2alpha1

 import (
+	v2beta1 "github.com/kyverno/kyverno/pkg/client/applyconfigurations/kyverno/v2beta1"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	types "k8s.io/apimachinery/pkg/types"
 	v1 "k8s.io/client-go/applyconfigurations/meta/v1"
@ -29,8 +30,8 @@ import (
 type CleanupPolicyApplyConfiguration struct {
 	v1.TypeMetaApplyConfiguration    `json:",omitempty,inline"`
 	*v1.ObjectMetaApplyConfiguration `json:"metadata,omitempty"`
-	Spec                             *CleanupPolicySpecApplyConfiguration   `json:"spec,omitempty"`
-	Status                           *CleanupPolicyStatusApplyConfiguration `json:"status,omitempty"`
+	Spec                             *v2beta1.CleanupPolicySpecApplyConfiguration   `json:"spec,omitempty"`
+	Status                           *v2beta1.CleanupPolicyStatusApplyConfiguration `json:"status,omitempty"`
 }

 // CleanupPolicy constructs an declarative configuration of the CleanupPolicy type for use with
@ -205,7 +206,7 @@ func (b *CleanupPolicyApplyConfiguration) ensureObjectMetaApplyConfigurationExis
 // WithSpec sets the Spec field in the declarative configuration to the given value
 // and returns the receiver, so that objects can be built by chaining "With" function invocations.
 // If called multiple times, the Spec field is set to the value of the last call.
-func (b *CleanupPolicyApplyConfiguration) WithSpec(value *CleanupPolicySpecApplyConfiguration) *CleanupPolicyApplyConfiguration {
+func (b *CleanupPolicyApplyConfiguration) WithSpec(value *v2beta1.CleanupPolicySpecApplyConfiguration) *CleanupPolicyApplyConfiguration {
 	b.Spec = value
 	return b
 }
@ -213,7 +214,7 @@ func (b *CleanupPolicyApplyConfiguration) WithSpec(value *CleanupPolicySpecApply
 // WithStatus sets the Status field in the declarative configuration to the given value
 // and returns the receiver, so that objects can be built by chaining "With" function invocations.
 // If called multiple times, the Status field is set to the value of the last call.
-func (b *CleanupPolicyApplyConfiguration) WithStatus(value *CleanupPolicyStatusApplyConfiguration) *CleanupPolicyApplyConfiguration {
+func (b *CleanupPolicyApplyConfiguration) WithStatus(value *v2beta1.CleanupPolicyStatusApplyConfiguration) *CleanupPolicyApplyConfiguration {
 	b.Status = value
 	return b
 }
--- a/pkg/client/applyconfigurations/kyverno/v2alpha1/clustercleanuppolicy.go
+++ b/pkg/client/applyconfigurations/kyverno/v2alpha1/clustercleanuppolicy.go
@ -19,6 +19,7 @@ limitations under the License.
 package v2alpha1

 import (
+	v2beta1 "github.com/kyverno/kyverno/pkg/client/applyconfigurations/kyverno/v2beta1"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	types "k8s.io/apimachinery/pkg/types"
 	v1 "k8s.io/client-go/applyconfigurations/meta/v1"
@ -29,8 +30,8 @@ import (
 type ClusterCleanupPolicyApplyConfiguration struct {
 	v1.TypeMetaApplyConfiguration    `json:",omitempty,inline"`
 	*v1.ObjectMetaApplyConfiguration `json:"metadata,omitempty"`
-	Spec                             *CleanupPolicySpecApplyConfiguration   `json:"spec,omitempty"`
-	Status                           *CleanupPolicyStatusApplyConfiguration `json:"status,omitempty"`
+	Spec                             *v2beta1.CleanupPolicySpecApplyConfiguration   `json:"spec,omitempty"`
+	Status                           *v2beta1.CleanupPolicyStatusApplyConfiguration `json:"status,omitempty"`
 }

 // ClusterCleanupPolicy constructs an declarative configuration of the ClusterCleanupPolicy type for use with
@ -204,7 +205,7 @@ func (b *ClusterCleanupPolicyApplyConfiguration) ensureObjectMetaApplyConfigurat
 // WithSpec sets the Spec field in the declarative configuration to the given value
 // and returns the receiver, so that objects can be built by chaining "With" function invocations.
 // If called multiple times, the Spec field is set to the value of the last call.
-func (b *ClusterCleanupPolicyApplyConfiguration) WithSpec(value *CleanupPolicySpecApplyConfiguration) *ClusterCleanupPolicyApplyConfiguration {
+func (b *ClusterCleanupPolicyApplyConfiguration) WithSpec(value *v2beta1.CleanupPolicySpecApplyConfiguration) *ClusterCleanupPolicyApplyConfiguration {
 	b.Spec = value
 	return b
 }
@ -212,7 +213,7 @@ func (b *ClusterCleanupPolicyApplyConfiguration) WithSpec(value *CleanupPolicySp
 // WithStatus sets the Status field in the declarative configuration to the given value
 // and returns the receiver, so that objects can be built by chaining "With" function invocations.
 // If called multiple times, the Status field is set to the value of the last call.
-func (b *ClusterCleanupPolicyApplyConfiguration) WithStatus(value *CleanupPolicyStatusApplyConfiguration) *ClusterCleanupPolicyApplyConfiguration {
+func (b *ClusterCleanupPolicyApplyConfiguration) WithStatus(value *v2beta1.CleanupPolicyStatusApplyConfiguration) *ClusterCleanupPolicyApplyConfiguration {
 	b.Status = value
 	return b
 }
--- a/pkg/client/applyconfigurations/kyverno/v2beta1/cleanuppolicy.go
+++ b/pkg/client/applyconfigurations/kyverno/v2beta1/cleanuppolicy.go
@ -0,0 +1,219 @@
+/*
+Copyright The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+// Code generated by applyconfiguration-gen. DO NOT EDIT.
+
+package v2beta1
+
+import (
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	types "k8s.io/apimachinery/pkg/types"
+	v1 "k8s.io/client-go/applyconfigurations/meta/v1"
+)
+
+// CleanupPolicyApplyConfiguration represents an declarative configuration of the CleanupPolicy type for use
+// with apply.
+type CleanupPolicyApplyConfiguration struct {
+	v1.TypeMetaApplyConfiguration    `json:",omitempty,inline"`
+	*v1.ObjectMetaApplyConfiguration `json:"metadata,omitempty"`
+	Spec                             *CleanupPolicySpecApplyConfiguration   `json:"spec,omitempty"`
+	Status                           *CleanupPolicyStatusApplyConfiguration `json:"status,omitempty"`
+}
+
+// CleanupPolicy constructs an declarative configuration of the CleanupPolicy type for use with
+// apply.
+func CleanupPolicy(name, namespace string) *CleanupPolicyApplyConfiguration {
+	b := &CleanupPolicyApplyConfiguration{}
+	b.WithName(name)
+	b.WithNamespace(namespace)
+	b.WithKind("CleanupPolicy")
+	b.WithAPIVersion("kyverno.io/v2beta1")
+	return b
+}
+
+// WithKind sets the Kind field in the declarative configuration to the given value
+// and returns the receiver, so that objects can be built by chaining "With" function invocations.
+// If called multiple times, the Kind field is set to the value of the last call.
+func (b *CleanupPolicyApplyConfiguration) WithKind(value string) *CleanupPolicyApplyConfiguration {
+	b.Kind = &value
+	return b
+}
+
+// WithAPIVersion sets the APIVersion field in the declarative configuration to the given value
+// and returns the receiver, so that objects can be built by chaining "With" function invocations.
+// If called multiple times, the APIVersion field is set to the value of the last call.
+func (b *CleanupPolicyApplyConfiguration) WithAPIVersion(value string) *CleanupPolicyApplyConfiguration {
+	b.APIVersion = &value
+	return b
+}
+
+// WithName sets the Name field in the declarative configuration to the given value
+// and returns the receiver, so that objects can be built by chaining "With" function invocations.
+// If called multiple times, the Name field is set to the value of the last call.
+func (b *CleanupPolicyApplyConfiguration) WithName(value string) *CleanupPolicyApplyConfiguration {
+	b.ensureObjectMetaApplyConfigurationExists()
+	b.Name = &value
+	return b
+}
+
+// WithGenerateName sets the GenerateName field in the declarative configuration to the given value
+// and returns the receiver, so that objects can be built by chaining "With" function invocations.
+// If called multiple times, the GenerateName field is set to the value of the last call.
+func (b *CleanupPolicyApplyConfiguration) WithGenerateName(value string) *CleanupPolicyApplyConfiguration {
+	b.ensureObjectMetaApplyConfigurationExists()
+	b.GenerateName = &value
+	return b
+}
+
+// WithNamespace sets the Namespace field in the declarative configuration to the given value
+// and returns the receiver, so that objects can be built by chaining "With" function invocations.
+// If called multiple times, the Namespace field is set to the value of the last call.
+func (b *CleanupPolicyApplyConfiguration) WithNamespace(value string) *CleanupPolicyApplyConfiguration {
+	b.ensureObjectMetaApplyConfigurationExists()
+	b.Namespace = &value
+	return b
+}
+
+// WithUID sets the UID field in the declarative configuration to the given value
+// and returns the receiver, so that objects can be built by chaining "With" function invocations.
+// If called multiple times, the UID field is set to the value of the last call.
+func (b *CleanupPolicyApplyConfiguration) WithUID(value types.UID) *CleanupPolicyApplyConfiguration {
+	b.ensureObjectMetaApplyConfigurationExists()
+	b.UID = &value
+	return b
+}
+
+// WithResourceVersion sets the ResourceVersion field in the declarative configuration to the given value
+// and returns the receiver, so that objects can be built by chaining "With" function invocations.
+// If called multiple times, the ResourceVersion field is set to the value of the last call.
+func (b *CleanupPolicyApplyConfiguration) WithResourceVersion(value string) *CleanupPolicyApplyConfiguration {
+	b.ensureObjectMetaApplyConfigurationExists()
+	b.ResourceVersion = &value
+	return b
+}
+
+// WithGeneration sets the Generation field in the declarative configuration to the given value
+// and returns the receiver, so that objects can be built by chaining "With" function invocations.
+// If called multiple times, the Generation field is set to the value of the last call.
+func (b *CleanupPolicyApplyConfiguration) WithGeneration(value int64) *CleanupPolicyApplyConfiguration {
+	b.ensureObjectMetaApplyConfigurationExists()
+	b.Generation = &value
+	return b
+}
+
+// WithCreationTimestamp sets the CreationTimestamp field in the declarative configuration to the given value
+// and returns the receiver, so that objects can be built by chaining "With" function invocations.
+// If called multiple times, the CreationTimestamp field is set to the value of the last call.
+func (b *CleanupPolicyApplyConfiguration) WithCreationTimestamp(value metav1.Time) *CleanupPolicyApplyConfiguration {
+	b.ensureObjectMetaApplyConfigurationExists()
+	b.CreationTimestamp = &value
+	return b
+}
+
+// WithDeletionTimestamp sets the DeletionTimestamp field in the declarative configuration to the given value
+// and returns the receiver, so that objects can be built by chaining "With" function invocations.
+// If called multiple times, the DeletionTimestamp field is set to the value of the last call.
+func (b *CleanupPolicyApplyConfiguration) WithDeletionTimestamp(value metav1.Time) *CleanupPolicyApplyConfiguration {
+	b.ensureObjectMetaApplyConfigurationExists()
+	b.DeletionTimestamp = &value
+	return b
+}
+
+// WithDeletionGracePeriodSeconds sets the DeletionGracePeriodSeconds field in the declarative configuration to the given value
+// and returns the receiver, so that objects can be built by chaining "With" function invocations.
+// If called multiple times, the DeletionGracePeriodSeconds field is set to the value of the last call.
+func (b *CleanupPolicyApplyConfiguration) WithDeletionGracePeriodSeconds(value int64) *CleanupPolicyApplyConfiguration {
+	b.ensureObjectMetaApplyConfigurationExists()
+	b.DeletionGracePeriodSeconds = &value
+	return b
+}
+
+// WithLabels puts the entries into the Labels field in the declarative configuration
+// and returns the receiver, so that objects can be build by chaining "With" function invocations.
+// If called multiple times, the entries provided by each call will be put on the Labels field,
+// overwriting an existing map entries in Labels field with the same key.
+func (b *CleanupPolicyApplyConfiguration) WithLabels(entries map[string]string) *CleanupPolicyApplyConfiguration {
+	b.ensureObjectMetaApplyConfigurationExists()
+	if b.Labels == nil && len(entries) > 0 {
+		b.Labels = make(map[string]string, len(entries))
+	}
+	for k, v := range entries {
+		b.Labels[k] = v
+	}
+	return b
+}
+
+// WithAnnotations puts the entries into the Annotations field in the declarative configuration
+// and returns the receiver, so that objects can be build by chaining "With" function invocations.
+// If called multiple times, the entries provided by each call will be put on the Annotations field,
+// overwriting an existing map entries in Annotations field with the same key.
+func (b *CleanupPolicyApplyConfiguration) WithAnnotations(entries map[string]string) *CleanupPolicyApplyConfiguration {
+	b.ensureObjectMetaApplyConfigurationExists()
+	if b.Annotations == nil && len(entries) > 0 {
+		b.Annotations = make(map[string]string, len(entries))
+	}
+	for k, v := range entries {
+		b.Annotations[k] = v
+	}
+	return b
+}
+
+// WithOwnerReferences adds the given value to the OwnerReferences field in the declarative configuration
+// and returns the receiver, so that objects can be build by chaining "With" function invocations.
+// If called multiple times, values provided by each call will be appended to the OwnerReferences field.
+func (b *CleanupPolicyApplyConfiguration) WithOwnerReferences(values ...*v1.OwnerReferenceApplyConfiguration) *CleanupPolicyApplyConfiguration {
+	b.ensureObjectMetaApplyConfigurationExists()
+	for i := range values {
+		if values[i] == nil {
+			panic("nil value passed to WithOwnerReferences")
+		}
+		b.OwnerReferences = append(b.OwnerReferences, *values[i])
+	}
+	return b
+}
+
+// WithFinalizers adds the given value to the Finalizers field in the declarative configuration
+// and returns the receiver, so that objects can be build by chaining "With" function invocations.
+// If called multiple times, values provided by each call will be appended to the Finalizers field.
+func (b *CleanupPolicyApplyConfiguration) WithFinalizers(values ...string) *CleanupPolicyApplyConfiguration {
+	b.ensureObjectMetaApplyConfigurationExists()
+	for i := range values {
+		b.Finalizers = append(b.Finalizers, values[i])
+	}
+	return b
+}
+
+func (b *CleanupPolicyApplyConfiguration) ensureObjectMetaApplyConfigurationExists() {
+	if b.ObjectMetaApplyConfiguration == nil {
+		b.ObjectMetaApplyConfiguration = &v1.ObjectMetaApplyConfiguration{}
+	}
+}
+
+// WithSpec sets the Spec field in the declarative configuration to the given value
+// and returns the receiver, so that objects can be built by chaining "With" function invocations.
+// If called multiple times, the Spec field is set to the value of the last call.
+func (b *CleanupPolicyApplyConfiguration) WithSpec(value *CleanupPolicySpecApplyConfiguration) *CleanupPolicyApplyConfiguration {
+	b.Spec = value
+	return b
+}
+
+// WithStatus sets the Status field in the declarative configuration to the given value
+// and returns the receiver, so that objects can be built by chaining "With" function invocations.
+// If called multiple times, the Status field is set to the value of the last call.
+func (b *CleanupPolicyApplyConfiguration) WithStatus(value *CleanupPolicyStatusApplyConfiguration) *CleanupPolicyApplyConfiguration {
+	b.Status = value
+	return b
+}
--- a/pkg/client/applyconfigurations/kyverno/v2beta1/cleanuppolicyspec.go
+++ b/pkg/client/applyconfigurations/kyverno/v2beta1/cleanuppolicyspec.go
@ -0,0 +1,84 @@
+/*
+Copyright The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+// Code generated by applyconfiguration-gen. DO NOT EDIT.
+
+package v2beta1
+
+import (
+	v1 "github.com/kyverno/kyverno/pkg/client/applyconfigurations/kyverno/v1"
+)
+
+// CleanupPolicySpecApplyConfiguration represents an declarative configuration of the CleanupPolicySpec type for use
+// with apply.
+type CleanupPolicySpecApplyConfiguration struct {
+	Context          []v1.ContextEntryApplyConfiguration `json:"context,omitempty"`
+	MatchResources   *MatchResourcesApplyConfiguration   `json:"match,omitempty"`
+	ExcludeResources *MatchResourcesApplyConfiguration   `json:"exclude,omitempty"`
+	Schedule         *string                             `json:"schedule,omitempty"`
+	Conditions       *AnyAllConditionsApplyConfiguration `json:"conditions,omitempty"`
+}
+
+// CleanupPolicySpecApplyConfiguration constructs an declarative configuration of the CleanupPolicySpec type for use with
+// apply.
+func CleanupPolicySpec() *CleanupPolicySpecApplyConfiguration {
+	return &CleanupPolicySpecApplyConfiguration{}
+}
+
+// WithContext adds the given value to the Context field in the declarative configuration
+// and returns the receiver, so that objects can be build by chaining "With" function invocations.
+// If called multiple times, values provided by each call will be appended to the Context field.
+func (b *CleanupPolicySpecApplyConfiguration) WithContext(values ...*v1.ContextEntryApplyConfiguration) *CleanupPolicySpecApplyConfiguration {
+	for i := range values {
+		if values[i] == nil {
+			panic("nil value passed to WithContext")
+		}
+		b.Context = append(b.Context, *values[i])
+	}
+	return b
+}
+
+// WithMatchResources sets the MatchResources field in the declarative configuration to the given value
+// and returns the receiver, so that objects can be built by chaining "With" function invocations.
+// If called multiple times, the MatchResources field is set to the value of the last call.
+func (b *CleanupPolicySpecApplyConfiguration) WithMatchResources(value *MatchResourcesApplyConfiguration) *CleanupPolicySpecApplyConfiguration {
+	b.MatchResources = value
+	return b
+}
+
+// WithExcludeResources sets the ExcludeResources field in the declarative configuration to the given value
+// and returns the receiver, so that objects can be built by chaining "With" function invocations.
+// If called multiple times, the ExcludeResources field is set to the value of the last call.
+func (b *CleanupPolicySpecApplyConfiguration) WithExcludeResources(value *MatchResourcesApplyConfiguration) *CleanupPolicySpecApplyConfiguration {
+	b.ExcludeResources = value
+	return b
+}
+
+// WithSchedule sets the Schedule field in the declarative configuration to the given value
+// and returns the receiver, so that objects can be built by chaining "With" function invocations.
+// If called multiple times, the Schedule field is set to the value of the last call.
+func (b *CleanupPolicySpecApplyConfiguration) WithSchedule(value string) *CleanupPolicySpecApplyConfiguration {
+	b.Schedule = &value
+	return b
+}
+
+// WithConditions sets the Conditions field in the declarative configuration to the given value
+// and returns the receiver, so that objects can be built by chaining "With" function invocations.
+// If called multiple times, the Conditions field is set to the value of the last call.
+func (b *CleanupPolicySpecApplyConfiguration) WithConditions(value *AnyAllConditionsApplyConfiguration) *CleanupPolicySpecApplyConfiguration {
+	b.Conditions = value
+	return b
+}
--- a/pkg/client/applyconfigurations/kyverno/v2beta1/cleanuppolicystatus.go
+++ b/pkg/client/applyconfigurations/kyverno/v2beta1/cleanuppolicystatus.go
@ -0,0 +1,54 @@
+/*
+Copyright The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+// Code generated by applyconfiguration-gen. DO NOT EDIT.
+
+package v2beta1
+
+import (
+	v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+)
+
+// CleanupPolicyStatusApplyConfiguration represents an declarative configuration of the CleanupPolicyStatus type for use
+// with apply.
+type CleanupPolicyStatusApplyConfiguration struct {
+	Conditions        []v1.Condition `json:"conditions,omitempty"`
+	LastExecutionTime *v1.Time       `json:"lastExecutionTime,omitempty"`
+}
+
+// CleanupPolicyStatusApplyConfiguration constructs an declarative configuration of the CleanupPolicyStatus type for use with
+// apply.
+func CleanupPolicyStatus() *CleanupPolicyStatusApplyConfiguration {
+	return &CleanupPolicyStatusApplyConfiguration{}
+}
+
+// WithConditions adds the given value to the Conditions field in the declarative configuration
+// and returns the receiver, so that objects can be build by chaining "With" function invocations.
+// If called multiple times, values provided by each call will be appended to the Conditions field.
+func (b *CleanupPolicyStatusApplyConfiguration) WithConditions(values ...v1.Condition) *CleanupPolicyStatusApplyConfiguration {
+	for i := range values {
+		b.Conditions = append(b.Conditions, values[i])
+	}
+	return b
+}
+
+// WithLastExecutionTime sets the LastExecutionTime field in the declarative configuration to the given value
+// and returns the receiver, so that objects can be built by chaining "With" function invocations.
+// If called multiple times, the LastExecutionTime field is set to the value of the last call.
+func (b *CleanupPolicyStatusApplyConfiguration) WithLastExecutionTime(value v1.Time) *CleanupPolicyStatusApplyConfiguration {
+	b.LastExecutionTime = &value
+	return b
+}
--- a/pkg/client/applyconfigurations/kyverno/v2beta1/clustercleanuppolicy.go
+++ b/pkg/client/applyconfigurations/kyverno/v2beta1/clustercleanuppolicy.go
@ -0,0 +1,218 @@
+/*
+Copyright The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+// Code generated by applyconfiguration-gen. DO NOT EDIT.
+
+package v2beta1
+
+import (
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	types "k8s.io/apimachinery/pkg/types"
+	v1 "k8s.io/client-go/applyconfigurations/meta/v1"
+)
+
+// ClusterCleanupPolicyApplyConfiguration represents an declarative configuration of the ClusterCleanupPolicy type for use
+// with apply.
+type ClusterCleanupPolicyApplyConfiguration struct {
+	v1.TypeMetaApplyConfiguration    `json:",omitempty,inline"`
+	*v1.ObjectMetaApplyConfiguration `json:"metadata,omitempty"`
+	Spec                             *CleanupPolicySpecApplyConfiguration   `json:"spec,omitempty"`
+	Status                           *CleanupPolicyStatusApplyConfiguration `json:"status,omitempty"`
+}
+
+// ClusterCleanupPolicy constructs an declarative configuration of the ClusterCleanupPolicy type for use with
+// apply.
+func ClusterCleanupPolicy(name string) *ClusterCleanupPolicyApplyConfiguration {
+	b := &ClusterCleanupPolicyApplyConfiguration{}
+	b.WithName(name)
+	b.WithKind("ClusterCleanupPolicy")
+	b.WithAPIVersion("kyverno.io/v2beta1")
+	return b
+}
+
+// WithKind sets the Kind field in the declarative configuration to the given value
+// and returns the receiver, so that objects can be built by chaining "With" function invocations.
+// If called multiple times, the Kind field is set to the value of the last call.
+func (b *ClusterCleanupPolicyApplyConfiguration) WithKind(value string) *ClusterCleanupPolicyApplyConfiguration {
+	b.Kind = &value
+	return b
+}
+
+// WithAPIVersion sets the APIVersion field in the declarative configuration to the given value
+// and returns the receiver, so that objects can be built by chaining "With" function invocations.
+// If called multiple times, the APIVersion field is set to the value of the last call.
+func (b *ClusterCleanupPolicyApplyConfiguration) WithAPIVersion(value string) *ClusterCleanupPolicyApplyConfiguration {
+	b.APIVersion = &value
+	return b
+}
+
+// WithName sets the Name field in the declarative configuration to the given value
+// and returns the receiver, so that objects can be built by chaining "With" function invocations.
+// If called multiple times, the Name field is set to the value of the last call.
+func (b *ClusterCleanupPolicyApplyConfiguration) WithName(value string) *ClusterCleanupPolicyApplyConfiguration {
+	b.ensureObjectMetaApplyConfigurationExists()
+	b.Name = &value
+	return b
+}
+
+// WithGenerateName sets the GenerateName field in the declarative configuration to the given value
+// and returns the receiver, so that objects can be built by chaining "With" function invocations.
+// If called multiple times, the GenerateName field is set to the value of the last call.
+func (b *ClusterCleanupPolicyApplyConfiguration) WithGenerateName(value string) *ClusterCleanupPolicyApplyConfiguration {
+	b.ensureObjectMetaApplyConfigurationExists()
+	b.GenerateName = &value
+	return b
+}
+
+// WithNamespace sets the Namespace field in the declarative configuration to the given value
+// and returns the receiver, so that objects can be built by chaining "With" function invocations.
+// If called multiple times, the Namespace field is set to the value of the last call.
+func (b *ClusterCleanupPolicyApplyConfiguration) WithNamespace(value string) *ClusterCleanupPolicyApplyConfiguration {
+	b.ensureObjectMetaApplyConfigurationExists()
+	b.Namespace = &value
+	return b
+}
+
+// WithUID sets the UID field in the declarative configuration to the given value
+// and returns the receiver, so that objects can be built by chaining "With" function invocations.
+// If called multiple times, the UID field is set to the value of the last call.
+func (b *ClusterCleanupPolicyApplyConfiguration) WithUID(value types.UID) *ClusterCleanupPolicyApplyConfiguration {
+	b.ensureObjectMetaApplyConfigurationExists()
+	b.UID = &value
+	return b
+}
+
+// WithResourceVersion sets the ResourceVersion field in the declarative configuration to the given value
+// and returns the receiver, so that objects can be built by chaining "With" function invocations.
+// If called multiple times, the ResourceVersion field is set to the value of the last call.
+func (b *ClusterCleanupPolicyApplyConfiguration) WithResourceVersion(value string) *ClusterCleanupPolicyApplyConfiguration {
+	b.ensureObjectMetaApplyConfigurationExists()
+	b.ResourceVersion = &value
+	return b
+}
+
+// WithGeneration sets the Generation field in the declarative configuration to the given value
+// and returns the receiver, so that objects can be built by chaining "With" function invocations.
+// If called multiple times, the Generation field is set to the value of the last call.
+func (b *ClusterCleanupPolicyApplyConfiguration) WithGeneration(value int64) *ClusterCleanupPolicyApplyConfiguration {
+	b.ensureObjectMetaApplyConfigurationExists()
+	b.Generation = &value
+	return b
+}
+
+// WithCreationTimestamp sets the CreationTimestamp field in the declarative configuration to the given value
+// and returns the receiver, so that objects can be built by chaining "With" function invocations.
+// If called multiple times, the CreationTimestamp field is set to the value of the last call.
+func (b *ClusterCleanupPolicyApplyConfiguration) WithCreationTimestamp(value metav1.Time) *ClusterCleanupPolicyApplyConfiguration {
+	b.ensureObjectMetaApplyConfigurationExists()
+	b.CreationTimestamp = &value
+	return b
+}
+
+// WithDeletionTimestamp sets the DeletionTimestamp field in the declarative configuration to the given value
+// and returns the receiver, so that objects can be built by chaining "With" function invocations.
+// If called multiple times, the DeletionTimestamp field is set to the value of the last call.
+func (b *ClusterCleanupPolicyApplyConfiguration) WithDeletionTimestamp(value metav1.Time) *ClusterCleanupPolicyApplyConfiguration {
+	b.ensureObjectMetaApplyConfigurationExists()
+	b.DeletionTimestamp = &value
+	return b
+}
+
+// WithDeletionGracePeriodSeconds sets the DeletionGracePeriodSeconds field in the declarative configuration to the given value
+// and returns the receiver, so that objects can be built by chaining "With" function invocations.
+// If called multiple times, the DeletionGracePeriodSeconds field is set to the value of the last call.
+func (b *ClusterCleanupPolicyApplyConfiguration) WithDeletionGracePeriodSeconds(value int64) *ClusterCleanupPolicyApplyConfiguration {
+	b.ensureObjectMetaApplyConfigurationExists()
+	b.DeletionGracePeriodSeconds = &value
+	return b
+}
+
+// WithLabels puts the entries into the Labels field in the declarative configuration
+// and returns the receiver, so that objects can be build by chaining "With" function invocations.
+// If called multiple times, the entries provided by each call will be put on the Labels field,
+// overwriting an existing map entries in Labels field with the same key.
+func (b *ClusterCleanupPolicyApplyConfiguration) WithLabels(entries map[string]string) *ClusterCleanupPolicyApplyConfiguration {
+	b.ensureObjectMetaApplyConfigurationExists()
+	if b.Labels == nil && len(entries) > 0 {
+		b.Labels = make(map[string]string, len(entries))
+	}
+	for k, v := range entries {
+		b.Labels[k] = v
+	}
+	return b
+}
+
+// WithAnnotations puts the entries into the Annotations field in the declarative configuration
+// and returns the receiver, so that objects can be build by chaining "With" function invocations.
+// If called multiple times, the entries provided by each call will be put on the Annotations field,
+// overwriting an existing map entries in Annotations field with the same key.
+func (b *ClusterCleanupPolicyApplyConfiguration) WithAnnotations(entries map[string]string) *ClusterCleanupPolicyApplyConfiguration {
+	b.ensureObjectMetaApplyConfigurationExists()
+	if b.Annotations == nil && len(entries) > 0 {
+		b.Annotations = make(map[string]string, len(entries))
+	}
+	for k, v := range entries {
+		b.Annotations[k] = v
+	}
+	return b
+}
+
+// WithOwnerReferences adds the given value to the OwnerReferences field in the declarative configuration
+// and returns the receiver, so that objects can be build by chaining "With" function invocations.
+// If called multiple times, values provided by each call will be appended to the OwnerReferences field.
+func (b *ClusterCleanupPolicyApplyConfiguration) WithOwnerReferences(values ...*v1.OwnerReferenceApplyConfiguration) *ClusterCleanupPolicyApplyConfiguration {
+	b.ensureObjectMetaApplyConfigurationExists()
+	for i := range values {
+		if values[i] == nil {
+			panic("nil value passed to WithOwnerReferences")
+		}
+		b.OwnerReferences = append(b.OwnerReferences, *values[i])
+	}
+	return b
+}
+
+// WithFinalizers adds the given value to the Finalizers field in the declarative configuration
+// and returns the receiver, so that objects can be build by chaining "With" function invocations.
+// If called multiple times, values provided by each call will be appended to the Finalizers field.
+func (b *ClusterCleanupPolicyApplyConfiguration) WithFinalizers(values ...string) *ClusterCleanupPolicyApplyConfiguration {
+	b.ensureObjectMetaApplyConfigurationExists()
+	for i := range values {
+		b.Finalizers = append(b.Finalizers, values[i])
+	}
+	return b
+}
+
+func (b *ClusterCleanupPolicyApplyConfiguration) ensureObjectMetaApplyConfigurationExists() {
+	if b.ObjectMetaApplyConfiguration == nil {
+		b.ObjectMetaApplyConfiguration = &v1.ObjectMetaApplyConfiguration{}
+	}
+}
+
+// WithSpec sets the Spec field in the declarative configuration to the given value
+// and returns the receiver, so that objects can be built by chaining "With" function invocations.
+// If called multiple times, the Spec field is set to the value of the last call.
+func (b *ClusterCleanupPolicyApplyConfiguration) WithSpec(value *CleanupPolicySpecApplyConfiguration) *ClusterCleanupPolicyApplyConfiguration {
+	b.Spec = value
+	return b
+}
+
+// WithStatus sets the Status field in the declarative configuration to the given value
+// and returns the receiver, so that objects can be built by chaining "With" function invocations.
+// If called multiple times, the Status field is set to the value of the last call.
+func (b *ClusterCleanupPolicyApplyConfiguration) WithStatus(value *CleanupPolicyStatusApplyConfiguration) *ClusterCleanupPolicyApplyConfiguration {
+	b.Status = value
+	return b
+}
--- a/pkg/client/applyconfigurations/utils.go
+++ b/pkg/client/applyconfigurations/utils.go
@ -171,10 +171,6 @@ func ForKind(kind schema.GroupVersionKind) interface{} {
 		// Group=kyverno.io, Version=v2alpha1
 	case v2alpha1.SchemeGroupVersion.WithKind("CleanupPolicy"):
 		return &kyvernov2alpha1.CleanupPolicyApplyConfiguration{}
-	case v2alpha1.SchemeGroupVersion.WithKind("CleanupPolicySpec"):
-		return &kyvernov2alpha1.CleanupPolicySpecApplyConfiguration{}
-	case v2alpha1.SchemeGroupVersion.WithKind("CleanupPolicyStatus"):
-		return &kyvernov2alpha1.CleanupPolicyStatusApplyConfiguration{}
 	case v2alpha1.SchemeGroupVersion.WithKind("ClusterCleanupPolicy"):
 		return &kyvernov2alpha1.ClusterCleanupPolicyApplyConfiguration{}
 	case v2alpha1.SchemeGroupVersion.WithKind("PolicyException"):
@ -183,6 +179,14 @@ func ForKind(kind schema.GroupVersionKind) interface{} {
 		// Group=kyverno.io, Version=v2beta1
 	case v2beta1.SchemeGroupVersion.WithKind("AnyAllConditions"):
 		return &kyvernov2beta1.AnyAllConditionsApplyConfiguration{}
+	case v2beta1.SchemeGroupVersion.WithKind("CleanupPolicy"):
+		return &kyvernov2beta1.CleanupPolicyApplyConfiguration{}
+	case v2beta1.SchemeGroupVersion.WithKind("CleanupPolicySpec"):
+		return &kyvernov2beta1.CleanupPolicySpecApplyConfiguration{}
+	case v2beta1.SchemeGroupVersion.WithKind("CleanupPolicyStatus"):
+		return &kyvernov2beta1.CleanupPolicyStatusApplyConfiguration{}
+	case v2beta1.SchemeGroupVersion.WithKind("ClusterCleanupPolicy"):
+		return &kyvernov2beta1.ClusterCleanupPolicyApplyConfiguration{}
 	case v2beta1.SchemeGroupVersion.WithKind("ClusterPolicy"):
 		return &kyvernov2beta1.ClusterPolicyApplyConfiguration{}
 	case v2beta1.SchemeGroupVersion.WithKind("Condition"):
--- a/pkg/client/clientset/versioned/typed/kyverno/v2beta1/cleanuppolicy.go
+++ b/pkg/client/clientset/versioned/typed/kyverno/v2beta1/cleanuppolicy.go
@ -0,0 +1,195 @@
+/*
+Copyright The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+// Code generated by client-gen. DO NOT EDIT.
+
+package v2beta1
+
+import (
+	"context"
+	"time"
+
+	v2beta1 "github.com/kyverno/kyverno/api/kyverno/v2beta1"
+	scheme "github.com/kyverno/kyverno/pkg/client/clientset/versioned/scheme"
+	v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	types "k8s.io/apimachinery/pkg/types"
+	watch "k8s.io/apimachinery/pkg/watch"
+	rest "k8s.io/client-go/rest"
+)
+
+// CleanupPoliciesGetter has a method to return a CleanupPolicyInterface.
+// A group's client should implement this interface.
+type CleanupPoliciesGetter interface {
+	CleanupPolicies(namespace string) CleanupPolicyInterface
+}
+
+// CleanupPolicyInterface has methods to work with CleanupPolicy resources.
+type CleanupPolicyInterface interface {
+	Create(ctx context.Context, cleanupPolicy *v2beta1.CleanupPolicy, opts v1.CreateOptions) (*v2beta1.CleanupPolicy, error)
+	Update(ctx context.Context, cleanupPolicy *v2beta1.CleanupPolicy, opts v1.UpdateOptions) (*v2beta1.CleanupPolicy, error)
+	UpdateStatus(ctx context.Context, cleanupPolicy *v2beta1.CleanupPolicy, opts v1.UpdateOptions) (*v2beta1.CleanupPolicy, error)
+	Delete(ctx context.Context, name string, opts v1.DeleteOptions) error
+	DeleteCollection(ctx context.Context, opts v1.DeleteOptions, listOpts v1.ListOptions) error
+	Get(ctx context.Context, name string, opts v1.GetOptions) (*v2beta1.CleanupPolicy, error)
+	List(ctx context.Context, opts v1.ListOptions) (*v2beta1.CleanupPolicyList, error)
+	Watch(ctx context.Context, opts v1.ListOptions) (watch.Interface, error)
+	Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts v1.PatchOptions, subresources ...string) (result *v2beta1.CleanupPolicy, err error)
+	CleanupPolicyExpansion
+}
+
+// cleanupPolicies implements CleanupPolicyInterface
+type cleanupPolicies struct {
+	client rest.Interface
+	ns     string
+}
+
+// newCleanupPolicies returns a CleanupPolicies
+func newCleanupPolicies(c *KyvernoV2beta1Client, namespace string) *cleanupPolicies {
+	return &cleanupPolicies{
+		client: c.RESTClient(),
+		ns:     namespace,
+	}
+}
+
+// Get takes name of the cleanupPolicy, and returns the corresponding cleanupPolicy object, and an error if there is any.
+func (c *cleanupPolicies) Get(ctx context.Context, name string, options v1.GetOptions) (result *v2beta1.CleanupPolicy, err error) {
+	result = &v2beta1.CleanupPolicy{}
+	err = c.client.Get().
+		Namespace(c.ns).
+		Resource("cleanuppolicies").
+		Name(name).
+		VersionedParams(&options, scheme.ParameterCodec).
+		Do(ctx).
+		Into(result)
+	return
+}
+
+// List takes label and field selectors, and returns the list of CleanupPolicies that match those selectors.
+func (c *cleanupPolicies) List(ctx context.Context, opts v1.ListOptions) (result *v2beta1.CleanupPolicyList, err error) {
+	var timeout time.Duration
+	if opts.TimeoutSeconds != nil {
+		timeout = time.Duration(*opts.TimeoutSeconds) * time.Second
+	}
+	result = &v2beta1.CleanupPolicyList{}
+	err = c.client.Get().
+		Namespace(c.ns).
+		Resource("cleanuppolicies").
+		VersionedParams(&opts, scheme.ParameterCodec).
+		Timeout(timeout).
+		Do(ctx).
+		Into(result)
+	return
+}
+
+// Watch returns a watch.Interface that watches the requested cleanupPolicies.
+func (c *cleanupPolicies) Watch(ctx context.Context, opts v1.ListOptions) (watch.Interface, error) {
+	var timeout time.Duration
+	if opts.TimeoutSeconds != nil {
+		timeout = time.Duration(*opts.TimeoutSeconds) * time.Second
+	}
+	opts.Watch = true
+	return c.client.Get().
+		Namespace(c.ns).
+		Resource("cleanuppolicies").
+		VersionedParams(&opts, scheme.ParameterCodec).
+		Timeout(timeout).
+		Watch(ctx)
+}
+
+// Create takes the representation of a cleanupPolicy and creates it.  Returns the server's representation of the cleanupPolicy, and an error, if there is any.
+func (c *cleanupPolicies) Create(ctx context.Context, cleanupPolicy *v2beta1.CleanupPolicy, opts v1.CreateOptions) (result *v2beta1.CleanupPolicy, err error) {
+	result = &v2beta1.CleanupPolicy{}
+	err = c.client.Post().
+		Namespace(c.ns).
+		Resource("cleanuppolicies").
+		VersionedParams(&opts, scheme.ParameterCodec).
+		Body(cleanupPolicy).
+		Do(ctx).
+		Into(result)
+	return
+}
+
+// Update takes the representation of a cleanupPolicy and updates it. Returns the server's representation of the cleanupPolicy, and an error, if there is any.
+func (c *cleanupPolicies) Update(ctx context.Context, cleanupPolicy *v2beta1.CleanupPolicy, opts v1.UpdateOptions) (result *v2beta1.CleanupPolicy, err error) {
+	result = &v2beta1.CleanupPolicy{}
+	err = c.client.Put().
+		Namespace(c.ns).
+		Resource("cleanuppolicies").
+		Name(cleanupPolicy.Name).
+		VersionedParams(&opts, scheme.ParameterCodec).
+		Body(cleanupPolicy).
+		Do(ctx).
+		Into(result)
+	return
+}
+
+// UpdateStatus was generated because the type contains a Status member.
+// Add a +genclient:noStatus comment above the type to avoid generating UpdateStatus().
+func (c *cleanupPolicies) UpdateStatus(ctx context.Context, cleanupPolicy *v2beta1.CleanupPolicy, opts v1.UpdateOptions) (result *v2beta1.CleanupPolicy, err error) {
+	result = &v2beta1.CleanupPolicy{}
+	err = c.client.Put().
+		Namespace(c.ns).
+		Resource("cleanuppolicies").
+		Name(cleanupPolicy.Name).
+		SubResource("status").
+		VersionedParams(&opts, scheme.ParameterCodec).
+		Body(cleanupPolicy).
+		Do(ctx).
+		Into(result)
+	return
+}
+
+// Delete takes name of the cleanupPolicy and deletes it. Returns an error if one occurs.
+func (c *cleanupPolicies) Delete(ctx context.Context, name string, opts v1.DeleteOptions) error {
+	return c.client.Delete().
+		Namespace(c.ns).
+		Resource("cleanuppolicies").
+		Name(name).
+		Body(&opts).
+		Do(ctx).
+		Error()
+}
+
+// DeleteCollection deletes a collection of objects.
+func (c *cleanupPolicies) DeleteCollection(ctx context.Context, opts v1.DeleteOptions, listOpts v1.ListOptions) error {
+	var timeout time.Duration
+	if listOpts.TimeoutSeconds != nil {
+		timeout = time.Duration(*listOpts.TimeoutSeconds) * time.Second
+	}
+	return c.client.Delete().
+		Namespace(c.ns).
+		Resource("cleanuppolicies").
+		VersionedParams(&listOpts, scheme.ParameterCodec).
+		Timeout(timeout).
+		Body(&opts).
+		Do(ctx).
+		Error()
+}
+
+// Patch applies the patch and returns the patched cleanupPolicy.
+func (c *cleanupPolicies) Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts v1.PatchOptions, subresources ...string) (result *v2beta1.CleanupPolicy, err error) {
+	result = &v2beta1.CleanupPolicy{}
+	err = c.client.Patch(pt).
+		Namespace(c.ns).
+		Resource("cleanuppolicies").
+		Name(name).
+		SubResource(subresources...).
+		VersionedParams(&opts, scheme.ParameterCodec).
+		Body(data).
+		Do(ctx).
+		Into(result)
+	return
+}
--- a/pkg/client/clientset/versioned/typed/kyverno/v2beta1/clustercleanuppolicy.go
+++ b/pkg/client/clientset/versioned/typed/kyverno/v2beta1/clustercleanuppolicy.go
@ -0,0 +1,184 @@
+/*
+Copyright The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+// Code generated by client-gen. DO NOT EDIT.
+
+package v2beta1
+
+import (
+	"context"
+	"time"
+
+	v2beta1 "github.com/kyverno/kyverno/api/kyverno/v2beta1"
+	scheme "github.com/kyverno/kyverno/pkg/client/clientset/versioned/scheme"
+	v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	types "k8s.io/apimachinery/pkg/types"
+	watch "k8s.io/apimachinery/pkg/watch"
+	rest "k8s.io/client-go/rest"
+)
+
+// ClusterCleanupPoliciesGetter has a method to return a ClusterCleanupPolicyInterface.
+// A group's client should implement this interface.
+type ClusterCleanupPoliciesGetter interface {
+	ClusterCleanupPolicies() ClusterCleanupPolicyInterface
+}
+
+// ClusterCleanupPolicyInterface has methods to work with ClusterCleanupPolicy resources.
+type ClusterCleanupPolicyInterface interface {
+	Create(ctx context.Context, clusterCleanupPolicy *v2beta1.ClusterCleanupPolicy, opts v1.CreateOptions) (*v2beta1.ClusterCleanupPolicy, error)
+	Update(ctx context.Context, clusterCleanupPolicy *v2beta1.ClusterCleanupPolicy, opts v1.UpdateOptions) (*v2beta1.ClusterCleanupPolicy, error)
+	UpdateStatus(ctx context.Context, clusterCleanupPolicy *v2beta1.ClusterCleanupPolicy, opts v1.UpdateOptions) (*v2beta1.ClusterCleanupPolicy, error)
+	Delete(ctx context.Context, name string, opts v1.DeleteOptions) error
+	DeleteCollection(ctx context.Context, opts v1.DeleteOptions, listOpts v1.ListOptions) error
+	Get(ctx context.Context, name string, opts v1.GetOptions) (*v2beta1.ClusterCleanupPolicy, error)
+	List(ctx context.Context, opts v1.ListOptions) (*v2beta1.ClusterCleanupPolicyList, error)
+	Watch(ctx context.Context, opts v1.ListOptions) (watch.Interface, error)
+	Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts v1.PatchOptions, subresources ...string) (result *v2beta1.ClusterCleanupPolicy, err error)
+	ClusterCleanupPolicyExpansion
+}
+
+// clusterCleanupPolicies implements ClusterCleanupPolicyInterface
+type clusterCleanupPolicies struct {
+	client rest.Interface
+}
+
+// newClusterCleanupPolicies returns a ClusterCleanupPolicies
+func newClusterCleanupPolicies(c *KyvernoV2beta1Client) *clusterCleanupPolicies {
+	return &clusterCleanupPolicies{
+		client: c.RESTClient(),
+	}
+}
+
+// Get takes name of the clusterCleanupPolicy, and returns the corresponding clusterCleanupPolicy object, and an error if there is any.
+func (c *clusterCleanupPolicies) Get(ctx context.Context, name string, options v1.GetOptions) (result *v2beta1.ClusterCleanupPolicy, err error) {
+	result = &v2beta1.ClusterCleanupPolicy{}
+	err = c.client.Get().
+		Resource("clustercleanuppolicies").
+		Name(name).
+		VersionedParams(&options, scheme.ParameterCodec).
+		Do(ctx).
+		Into(result)
+	return
+}
+
+// List takes label and field selectors, and returns the list of ClusterCleanupPolicies that match those selectors.
+func (c *clusterCleanupPolicies) List(ctx context.Context, opts v1.ListOptions) (result *v2beta1.ClusterCleanupPolicyList, err error) {
+	var timeout time.Duration
+	if opts.TimeoutSeconds != nil {
+		timeout = time.Duration(*opts.TimeoutSeconds) * time.Second
+	}
+	result = &v2beta1.ClusterCleanupPolicyList{}
+	err = c.client.Get().
+		Resource("clustercleanuppolicies").
+		VersionedParams(&opts, scheme.ParameterCodec).
+		Timeout(timeout).
+		Do(ctx).
+		Into(result)
+	return
+}
+
+// Watch returns a watch.Interface that watches the requested clusterCleanupPolicies.
+func (c *clusterCleanupPolicies) Watch(ctx context.Context, opts v1.ListOptions) (watch.Interface, error) {
+	var timeout time.Duration
+	if opts.TimeoutSeconds != nil {
+		timeout = time.Duration(*opts.TimeoutSeconds) * time.Second
+	}
+	opts.Watch = true
+	return c.client.Get().
+		Resource("clustercleanuppolicies").
+		VersionedParams(&opts, scheme.ParameterCodec).
+		Timeout(timeout).
+		Watch(ctx)
+}
+
+// Create takes the representation of a clusterCleanupPolicy and creates it.  Returns the server's representation of the clusterCleanupPolicy, and an error, if there is any.
+func (c *clusterCleanupPolicies) Create(ctx context.Context, clusterCleanupPolicy *v2beta1.ClusterCleanupPolicy, opts v1.CreateOptions) (result *v2beta1.ClusterCleanupPolicy, err error) {
+	result = &v2beta1.ClusterCleanupPolicy{}
+	err = c.client.Post().
+		Resource("clustercleanuppolicies").
+		VersionedParams(&opts, scheme.ParameterCodec).
+		Body(clusterCleanupPolicy).
+		Do(ctx).
+		Into(result)
+	return
+}
+
+// Update takes the representation of a clusterCleanupPolicy and updates it. Returns the server's representation of the clusterCleanupPolicy, and an error, if there is any.
+func (c *clusterCleanupPolicies) Update(ctx context.Context, clusterCleanupPolicy *v2beta1.ClusterCleanupPolicy, opts v1.UpdateOptions) (result *v2beta1.ClusterCleanupPolicy, err error) {
+	result = &v2beta1.ClusterCleanupPolicy{}
+	err = c.client.Put().
+		Resource("clustercleanuppolicies").
+		Name(clusterCleanupPolicy.Name).
+		VersionedParams(&opts, scheme.ParameterCodec).
+		Body(clusterCleanupPolicy).
+		Do(ctx).
+		Into(result)
+	return
+}
+
+// UpdateStatus was generated because the type contains a Status member.
+// Add a +genclient:noStatus comment above the type to avoid generating UpdateStatus().
+func (c *clusterCleanupPolicies) UpdateStatus(ctx context.Context, clusterCleanupPolicy *v2beta1.ClusterCleanupPolicy, opts v1.UpdateOptions) (result *v2beta1.ClusterCleanupPolicy, err error) {
+	result = &v2beta1.ClusterCleanupPolicy{}
+	err = c.client.Put().
+		Resource("clustercleanuppolicies").
+		Name(clusterCleanupPolicy.Name).
+		SubResource("status").
+		VersionedParams(&opts, scheme.ParameterCodec).
+		Body(clusterCleanupPolicy).
+		Do(ctx).
+		Into(result)
+	return
+}
+
+// Delete takes name of the clusterCleanupPolicy and deletes it. Returns an error if one occurs.
+func (c *clusterCleanupPolicies) Delete(ctx context.Context, name string, opts v1.DeleteOptions) error {
+	return c.client.Delete().
+		Resource("clustercleanuppolicies").
+		Name(name).
+		Body(&opts).
+		Do(ctx).
+		Error()
+}
+
+// DeleteCollection deletes a collection of objects.
+func (c *clusterCleanupPolicies) DeleteCollection(ctx context.Context, opts v1.DeleteOptions, listOpts v1.ListOptions) error {
+	var timeout time.Duration
+	if listOpts.TimeoutSeconds != nil {
+		timeout = time.Duration(*listOpts.TimeoutSeconds) * time.Second
+	}
+	return c.client.Delete().
+		Resource("clustercleanuppolicies").
+		VersionedParams(&listOpts, scheme.ParameterCodec).
+		Timeout(timeout).
+		Body(&opts).
+		Do(ctx).
+		Error()
+}
+
+// Patch applies the patch and returns the patched clusterCleanupPolicy.
+func (c *clusterCleanupPolicies) Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts v1.PatchOptions, subresources ...string) (result *v2beta1.ClusterCleanupPolicy, err error) {
+	result = &v2beta1.ClusterCleanupPolicy{}
+	err = c.client.Patch(pt).
+		Resource("clustercleanuppolicies").
+		Name(name).
+		SubResource(subresources...).
+		VersionedParams(&opts, scheme.ParameterCodec).
+		Body(data).
+		Do(ctx).
+		Into(result)
+	return
+}
--- a/pkg/client/clientset/versioned/typed/kyverno/v2beta1/fake/fake_cleanuppolicy.go
+++ b/pkg/client/clientset/versioned/typed/kyverno/v2beta1/fake/fake_cleanuppolicy.go
@ -0,0 +1,141 @@
+/*
+Copyright The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+// Code generated by client-gen. DO NOT EDIT.
+
+package fake
+
+import (
+	"context"
+
+	v2beta1 "github.com/kyverno/kyverno/api/kyverno/v2beta1"
+	v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	labels "k8s.io/apimachinery/pkg/labels"
+	types "k8s.io/apimachinery/pkg/types"
+	watch "k8s.io/apimachinery/pkg/watch"
+	testing "k8s.io/client-go/testing"
+)
+
+// FakeCleanupPolicies implements CleanupPolicyInterface
+type FakeCleanupPolicies struct {
+	Fake *FakeKyvernoV2beta1
+	ns   string
+}
+
+var cleanuppoliciesResource = v2beta1.SchemeGroupVersion.WithResource("cleanuppolicies")
+
+var cleanuppoliciesKind = v2beta1.SchemeGroupVersion.WithKind("CleanupPolicy")
+
+// Get takes name of the cleanupPolicy, and returns the corresponding cleanupPolicy object, and an error if there is any.
+func (c *FakeCleanupPolicies) Get(ctx context.Context, name string, options v1.GetOptions) (result *v2beta1.CleanupPolicy, err error) {
+	obj, err := c.Fake.
+		Invokes(testing.NewGetAction(cleanuppoliciesResource, c.ns, name), &v2beta1.CleanupPolicy{})
+
+	if obj == nil {
+		return nil, err
+	}
+	return obj.(*v2beta1.CleanupPolicy), err
+}
+
+// List takes label and field selectors, and returns the list of CleanupPolicies that match those selectors.
+func (c *FakeCleanupPolicies) List(ctx context.Context, opts v1.ListOptions) (result *v2beta1.CleanupPolicyList, err error) {
+	obj, err := c.Fake.
+		Invokes(testing.NewListAction(cleanuppoliciesResource, cleanuppoliciesKind, c.ns, opts), &v2beta1.CleanupPolicyList{})
+
+	if obj == nil {
+		return nil, err
+	}
+
+	label, _, _ := testing.ExtractFromListOptions(opts)
+	if label == nil {
+		label = labels.Everything()
+	}
+	list := &v2beta1.CleanupPolicyList{ListMeta: obj.(*v2beta1.CleanupPolicyList).ListMeta}
+	for _, item := range obj.(*v2beta1.CleanupPolicyList).Items {
+		if label.Matches(labels.Set(item.Labels)) {
+			list.Items = append(list.Items, item)
+		}
+	}
+	return list, err
+}
+
+// Watch returns a watch.Interface that watches the requested cleanupPolicies.
+func (c *FakeCleanupPolicies) Watch(ctx context.Context, opts v1.ListOptions) (watch.Interface, error) {
+	return c.Fake.
+		InvokesWatch(testing.NewWatchAction(cleanuppoliciesResource, c.ns, opts))
+
+}
+
+// Create takes the representation of a cleanupPolicy and creates it.  Returns the server's representation of the cleanupPolicy, and an error, if there is any.
+func (c *FakeCleanupPolicies) Create(ctx context.Context, cleanupPolicy *v2beta1.CleanupPolicy, opts v1.CreateOptions) (result *v2beta1.CleanupPolicy, err error) {
+	obj, err := c.Fake.
+		Invokes(testing.NewCreateAction(cleanuppoliciesResource, c.ns, cleanupPolicy), &v2beta1.CleanupPolicy{})
+
+	if obj == nil {
+		return nil, err
+	}
+	return obj.(*v2beta1.CleanupPolicy), err
+}
+
+// Update takes the representation of a cleanupPolicy and updates it. Returns the server's representation of the cleanupPolicy, and an error, if there is any.
+func (c *FakeCleanupPolicies) Update(ctx context.Context, cleanupPolicy *v2beta1.CleanupPolicy, opts v1.UpdateOptions) (result *v2beta1.CleanupPolicy, err error) {
+	obj, err := c.Fake.
+		Invokes(testing.NewUpdateAction(cleanuppoliciesResource, c.ns, cleanupPolicy), &v2beta1.CleanupPolicy{})
+
+	if obj == nil {
+		return nil, err
+	}
+	return obj.(*v2beta1.CleanupPolicy), err
+}
+
+// UpdateStatus was generated because the type contains a Status member.
+// Add a +genclient:noStatus comment above the type to avoid generating UpdateStatus().
+func (c *FakeCleanupPolicies) UpdateStatus(ctx context.Context, cleanupPolicy *v2beta1.CleanupPolicy, opts v1.UpdateOptions) (*v2beta1.CleanupPolicy, error) {
+	obj, err := c.Fake.
+		Invokes(testing.NewUpdateSubresourceAction(cleanuppoliciesResource, "status", c.ns, cleanupPolicy), &v2beta1.CleanupPolicy{})
+
+	if obj == nil {
+		return nil, err
+	}
+	return obj.(*v2beta1.CleanupPolicy), err
+}
+
+// Delete takes name of the cleanupPolicy and deletes it. Returns an error if one occurs.
+func (c *FakeCleanupPolicies) Delete(ctx context.Context, name string, opts v1.DeleteOptions) error {
+	_, err := c.Fake.
+		Invokes(testing.NewDeleteActionWithOptions(cleanuppoliciesResource, c.ns, name, opts), &v2beta1.CleanupPolicy{})
+
+	return err
+}
+
+// DeleteCollection deletes a collection of objects.
+func (c *FakeCleanupPolicies) DeleteCollection(ctx context.Context, opts v1.DeleteOptions, listOpts v1.ListOptions) error {
+	action := testing.NewDeleteCollectionAction(cleanuppoliciesResource, c.ns, listOpts)
+
+	_, err := c.Fake.Invokes(action, &v2beta1.CleanupPolicyList{})
+	return err
+}
+
+// Patch applies the patch and returns the patched cleanupPolicy.
+func (c *FakeCleanupPolicies) Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts v1.PatchOptions, subresources ...string) (result *v2beta1.CleanupPolicy, err error) {
+	obj, err := c.Fake.
+		Invokes(testing.NewPatchSubresourceAction(cleanuppoliciesResource, c.ns, name, pt, data, subresources...), &v2beta1.CleanupPolicy{})
+
+	if obj == nil {
+		return nil, err
+	}
+	return obj.(*v2beta1.CleanupPolicy), err
+}
--- a/pkg/client/clientset/versioned/typed/kyverno/v2beta1/fake/fake_clustercleanuppolicy.go
+++ b/pkg/client/clientset/versioned/typed/kyverno/v2beta1/fake/fake_clustercleanuppolicy.go
@ -0,0 +1,132 @@
+/*
+Copyright The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+// Code generated by client-gen. DO NOT EDIT.
+
+package fake
+
+import (
+	"context"
+
+	v2beta1 "github.com/kyverno/kyverno/api/kyverno/v2beta1"
+	v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	labels "k8s.io/apimachinery/pkg/labels"
+	types "k8s.io/apimachinery/pkg/types"
+	watch "k8s.io/apimachinery/pkg/watch"
+	testing "k8s.io/client-go/testing"
+)
+
+// FakeClusterCleanupPolicies implements ClusterCleanupPolicyInterface
+type FakeClusterCleanupPolicies struct {
+	Fake *FakeKyvernoV2beta1
+}
+
+var clustercleanuppoliciesResource = v2beta1.SchemeGroupVersion.WithResource("clustercleanuppolicies")
+
+var clustercleanuppoliciesKind = v2beta1.SchemeGroupVersion.WithKind("ClusterCleanupPolicy")
+
+// Get takes name of the clusterCleanupPolicy, and returns the corresponding clusterCleanupPolicy object, and an error if there is any.
+func (c *FakeClusterCleanupPolicies) Get(ctx context.Context, name string, options v1.GetOptions) (result *v2beta1.ClusterCleanupPolicy, err error) {
+	obj, err := c.Fake.
+		Invokes(testing.NewRootGetAction(clustercleanuppoliciesResource, name), &v2beta1.ClusterCleanupPolicy{})
+	if obj == nil {
+		return nil, err
+	}
+	return obj.(*v2beta1.ClusterCleanupPolicy), err
+}
+
+// List takes label and field selectors, and returns the list of ClusterCleanupPolicies that match those selectors.
+func (c *FakeClusterCleanupPolicies) List(ctx context.Context, opts v1.ListOptions) (result *v2beta1.ClusterCleanupPolicyList, err error) {
+	obj, err := c.Fake.
+		Invokes(testing.NewRootListAction(clustercleanuppoliciesResource, clustercleanuppoliciesKind, opts), &v2beta1.ClusterCleanupPolicyList{})
+	if obj == nil {
+		return nil, err
+	}
+
+	label, _, _ := testing.ExtractFromListOptions(opts)
+	if label == nil {
+		label = labels.Everything()
+	}
+	list := &v2beta1.ClusterCleanupPolicyList{ListMeta: obj.(*v2beta1.ClusterCleanupPolicyList).ListMeta}
+	for _, item := range obj.(*v2beta1.ClusterCleanupPolicyList).Items {
+		if label.Matches(labels.Set(item.Labels)) {
+			list.Items = append(list.Items, item)
+		}
+	}
+	return list, err
+}
+
+// Watch returns a watch.Interface that watches the requested clusterCleanupPolicies.
+func (c *FakeClusterCleanupPolicies) Watch(ctx context.Context, opts v1.ListOptions) (watch.Interface, error) {
+	return c.Fake.
+		InvokesWatch(testing.NewRootWatchAction(clustercleanuppoliciesResource, opts))
+}
+
+// Create takes the representation of a clusterCleanupPolicy and creates it.  Returns the server's representation of the clusterCleanupPolicy, and an error, if there is any.
+func (c *FakeClusterCleanupPolicies) Create(ctx context.Context, clusterCleanupPolicy *v2beta1.ClusterCleanupPolicy, opts v1.CreateOptions) (result *v2beta1.ClusterCleanupPolicy, err error) {
+	obj, err := c.Fake.
+		Invokes(testing.NewRootCreateAction(clustercleanuppoliciesResource, clusterCleanupPolicy), &v2beta1.ClusterCleanupPolicy{})
+	if obj == nil {
+		return nil, err
+	}
+	return obj.(*v2beta1.ClusterCleanupPolicy), err
+}
+
+// Update takes the representation of a clusterCleanupPolicy and updates it. Returns the server's representation of the clusterCleanupPolicy, and an error, if there is any.
+func (c *FakeClusterCleanupPolicies) Update(ctx context.Context, clusterCleanupPolicy *v2beta1.ClusterCleanupPolicy, opts v1.UpdateOptions) (result *v2beta1.ClusterCleanupPolicy, err error) {
+	obj, err := c.Fake.
+		Invokes(testing.NewRootUpdateAction(clustercleanuppoliciesResource, clusterCleanupPolicy), &v2beta1.ClusterCleanupPolicy{})
+	if obj == nil {
+		return nil, err
+	}
+	return obj.(*v2beta1.ClusterCleanupPolicy), err
+}
+
+// UpdateStatus was generated because the type contains a Status member.
+// Add a +genclient:noStatus comment above the type to avoid generating UpdateStatus().
+func (c *FakeClusterCleanupPolicies) UpdateStatus(ctx context.Context, clusterCleanupPolicy *v2beta1.ClusterCleanupPolicy, opts v1.UpdateOptions) (*v2beta1.ClusterCleanupPolicy, error) {
+	obj, err := c.Fake.
+		Invokes(testing.NewRootUpdateSubresourceAction(clustercleanuppoliciesResource, "status", clusterCleanupPolicy), &v2beta1.ClusterCleanupPolicy{})
+	if obj == nil {
+		return nil, err
+	}
+	return obj.(*v2beta1.ClusterCleanupPolicy), err
+}
+
+// Delete takes name of the clusterCleanupPolicy and deletes it. Returns an error if one occurs.
+func (c *FakeClusterCleanupPolicies) Delete(ctx context.Context, name string, opts v1.DeleteOptions) error {
+	_, err := c.Fake.
+		Invokes(testing.NewRootDeleteActionWithOptions(clustercleanuppoliciesResource, name, opts), &v2beta1.ClusterCleanupPolicy{})
+	return err
+}
+
+// DeleteCollection deletes a collection of objects.
+func (c *FakeClusterCleanupPolicies) DeleteCollection(ctx context.Context, opts v1.DeleteOptions, listOpts v1.ListOptions) error {
+	action := testing.NewRootDeleteCollectionAction(clustercleanuppoliciesResource, listOpts)
+
+	_, err := c.Fake.Invokes(action, &v2beta1.ClusterCleanupPolicyList{})
+	return err
+}
+
+// Patch applies the patch and returns the patched clusterCleanupPolicy.
+func (c *FakeClusterCleanupPolicies) Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts v1.PatchOptions, subresources ...string) (result *v2beta1.ClusterCleanupPolicy, err error) {
+	obj, err := c.Fake.
+		Invokes(testing.NewRootPatchSubresourceAction(clustercleanuppoliciesResource, name, pt, data, subresources...), &v2beta1.ClusterCleanupPolicy{})
+	if obj == nil {
+		return nil, err
+	}
+	return obj.(*v2beta1.ClusterCleanupPolicy), err
+}
--- a/pkg/client/clientset/versioned/typed/kyverno/v2beta1/fake/fake_kyverno_client.go
+++ b/pkg/client/clientset/versioned/typed/kyverno/v2beta1/fake/fake_kyverno_client.go
@ -28,6 +28,14 @@ type FakeKyvernoV2beta1 struct {
 	*testing.Fake
 }

+func (c *FakeKyvernoV2beta1) CleanupPolicies(namespace string) v2beta1.CleanupPolicyInterface {
+	return &FakeCleanupPolicies{c, namespace}
+}
+
+func (c *FakeKyvernoV2beta1) ClusterCleanupPolicies() v2beta1.ClusterCleanupPolicyInterface {
+	return &FakeClusterCleanupPolicies{c}
+}
+
 func (c *FakeKyvernoV2beta1) ClusterPolicies() v2beta1.ClusterPolicyInterface {
 	return &FakeClusterPolicies{c}
 }
--- a/pkg/client/clientset/versioned/typed/kyverno/v2beta1/generated_expansion.go
+++ b/pkg/client/clientset/versioned/typed/kyverno/v2beta1/generated_expansion.go
@ -18,6 +18,10 @@ limitations under the License.

 package v2beta1

+type CleanupPolicyExpansion interface{}
+
+type ClusterCleanupPolicyExpansion interface{}
+
 type ClusterPolicyExpansion interface{}

 type PolicyExpansion interface{}
--- a/pkg/client/clientset/versioned/typed/kyverno/v2beta1/kyverno_client.go
+++ b/pkg/client/clientset/versioned/typed/kyverno/v2beta1/kyverno_client.go
@ -28,6 +28,8 @@ import (

 type KyvernoV2beta1Interface interface {
 	RESTClient() rest.Interface
+	CleanupPoliciesGetter
+	ClusterCleanupPoliciesGetter
 	ClusterPoliciesGetter
 	PoliciesGetter
 	PolicyExceptionsGetter
@ -38,6 +40,14 @@ type KyvernoV2beta1Client struct {
 	restClient rest.Interface
 }

+func (c *KyvernoV2beta1Client) CleanupPolicies(namespace string) CleanupPolicyInterface {
+	return newCleanupPolicies(c, namespace)
+}
+
+func (c *KyvernoV2beta1Client) ClusterCleanupPolicies() ClusterCleanupPolicyInterface {
+	return newClusterCleanupPolicies(c)
+}
+
 func (c *KyvernoV2beta1Client) ClusterPolicies() ClusterPolicyInterface {
 	return newClusterPolicies(c)
 }
--- a/pkg/client/informers/externalversions/generic.go
+++ b/pkg/client/informers/externalversions/generic.go
@ -86,6 +86,10 @@ func (f *sharedInformerFactory) ForResource(resource schema.GroupVersionResource
 		return &genericInformer{resource: resource.GroupResource(), informer: f.Kyverno().V2alpha1().PolicyExceptions().Informer()}, nil

 		// Group=kyverno.io, Version=v2beta1
+	case v2beta1.SchemeGroupVersion.WithResource("cleanuppolicies"):
+		return &genericInformer{resource: resource.GroupResource(), informer: f.Kyverno().V2beta1().CleanupPolicies().Informer()}, nil
+	case v2beta1.SchemeGroupVersion.WithResource("clustercleanuppolicies"):
+		return &genericInformer{resource: resource.GroupResource(), informer: f.Kyverno().V2beta1().ClusterCleanupPolicies().Informer()}, nil
 	case v2beta1.SchemeGroupVersion.WithResource("clusterpolicies"):
 		return &genericInformer{resource: resource.GroupResource(), informer: f.Kyverno().V2beta1().ClusterPolicies().Informer()}, nil
 	case v2beta1.SchemeGroupVersion.WithResource("policies"):
--- a/pkg/client/informers/externalversions/kyverno/v2beta1/cleanuppolicy.go
+++ b/pkg/client/informers/externalversions/kyverno/v2beta1/cleanuppolicy.go
@ -0,0 +1,90 @@
+/*
+Copyright The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+// Code generated by informer-gen. DO NOT EDIT.
+
+package v2beta1
+
+import (
+	"context"
+	time "time"
+
+	kyvernov2beta1 "github.com/kyverno/kyverno/api/kyverno/v2beta1"
+	versioned "github.com/kyverno/kyverno/pkg/client/clientset/versioned"
+	internalinterfaces "github.com/kyverno/kyverno/pkg/client/informers/externalversions/internalinterfaces"
+	v2beta1 "github.com/kyverno/kyverno/pkg/client/listers/kyverno/v2beta1"
+	v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	runtime "k8s.io/apimachinery/pkg/runtime"
+	watch "k8s.io/apimachinery/pkg/watch"
+	cache "k8s.io/client-go/tools/cache"
+)
+
+// CleanupPolicyInformer provides access to a shared informer and lister for
+// CleanupPolicies.
+type CleanupPolicyInformer interface {
+	Informer() cache.SharedIndexInformer
+	Lister() v2beta1.CleanupPolicyLister
+}
+
+type cleanupPolicyInformer struct {
+	factory          internalinterfaces.SharedInformerFactory
+	tweakListOptions internalinterfaces.TweakListOptionsFunc
+	namespace        string
+}
+
+// NewCleanupPolicyInformer constructs a new informer for CleanupPolicy type.
+// Always prefer using an informer factory to get a shared informer instead of getting an independent
+// one. This reduces memory footprint and number of connections to the server.
+func NewCleanupPolicyInformer(client versioned.Interface, namespace string, resyncPeriod time.Duration, indexers cache.Indexers) cache.SharedIndexInformer {
+	return NewFilteredCleanupPolicyInformer(client, namespace, resyncPeriod, indexers, nil)
+}
+
+// NewFilteredCleanupPolicyInformer constructs a new informer for CleanupPolicy type.
+// Always prefer using an informer factory to get a shared informer instead of getting an independent
+// one. This reduces memory footprint and number of connections to the server.
+func NewFilteredCleanupPolicyInformer(client versioned.Interface, namespace string, resyncPeriod time.Duration, indexers cache.Indexers, tweakListOptions internalinterfaces.TweakListOptionsFunc) cache.SharedIndexInformer {
+	return cache.NewSharedIndexInformer(
+		&cache.ListWatch{
+			ListFunc: func(options v1.ListOptions) (runtime.Object, error) {
+				if tweakListOptions != nil {
+					tweakListOptions(&options)
+				}
+				return client.KyvernoV2beta1().CleanupPolicies(namespace).List(context.TODO(), options)
+			},
+			WatchFunc: func(options v1.ListOptions) (watch.Interface, error) {
+				if tweakListOptions != nil {
+					tweakListOptions(&options)
+				}
+				return client.KyvernoV2beta1().CleanupPolicies(namespace).Watch(context.TODO(), options)
+			},
+		},
+		&kyvernov2beta1.CleanupPolicy{},
+		resyncPeriod,
+		indexers,
+	)
+}
+
+func (f *cleanupPolicyInformer) defaultInformer(client versioned.Interface, resyncPeriod time.Duration) cache.SharedIndexInformer {
+	return NewFilteredCleanupPolicyInformer(client, f.namespace, resyncPeriod, cache.Indexers{cache.NamespaceIndex: cache.MetaNamespaceIndexFunc}, f.tweakListOptions)
+}
+
+func (f *cleanupPolicyInformer) Informer() cache.SharedIndexInformer {
+	return f.factory.InformerFor(&kyvernov2beta1.CleanupPolicy{}, f.defaultInformer)
+}
+
+func (f *cleanupPolicyInformer) Lister() v2beta1.CleanupPolicyLister {
+	return v2beta1.NewCleanupPolicyLister(f.Informer().GetIndexer())
+}
--- a/pkg/client/informers/externalversions/kyverno/v2beta1/clustercleanuppolicy.go
+++ b/pkg/client/informers/externalversions/kyverno/v2beta1/clustercleanuppolicy.go
@ -0,0 +1,89 @@
+/*
+Copyright The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+// Code generated by informer-gen. DO NOT EDIT.
+
+package v2beta1
+
+import (
+	"context"
+	time "time"
+
+	kyvernov2beta1 "github.com/kyverno/kyverno/api/kyverno/v2beta1"
+	versioned "github.com/kyverno/kyverno/pkg/client/clientset/versioned"
+	internalinterfaces "github.com/kyverno/kyverno/pkg/client/informers/externalversions/internalinterfaces"
+	v2beta1 "github.com/kyverno/kyverno/pkg/client/listers/kyverno/v2beta1"
+	v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	runtime "k8s.io/apimachinery/pkg/runtime"
+	watch "k8s.io/apimachinery/pkg/watch"
+	cache "k8s.io/client-go/tools/cache"
+)
+
+// ClusterCleanupPolicyInformer provides access to a shared informer and lister for
+// ClusterCleanupPolicies.
+type ClusterCleanupPolicyInformer interface {
+	Informer() cache.SharedIndexInformer
+	Lister() v2beta1.ClusterCleanupPolicyLister
+}
+
+type clusterCleanupPolicyInformer struct {
+	factory          internalinterfaces.SharedInformerFactory
+	tweakListOptions internalinterfaces.TweakListOptionsFunc
+}
+
+// NewClusterCleanupPolicyInformer constructs a new informer for ClusterCleanupPolicy type.
+// Always prefer using an informer factory to get a shared informer instead of getting an independent
+// one. This reduces memory footprint and number of connections to the server.
+func NewClusterCleanupPolicyInformer(client versioned.Interface, resyncPeriod time.Duration, indexers cache.Indexers) cache.SharedIndexInformer {
+	return NewFilteredClusterCleanupPolicyInformer(client, resyncPeriod, indexers, nil)
+}
+
+// NewFilteredClusterCleanupPolicyInformer constructs a new informer for ClusterCleanupPolicy type.
+// Always prefer using an informer factory to get a shared informer instead of getting an independent
+// one. This reduces memory footprint and number of connections to the server.
+func NewFilteredClusterCleanupPolicyInformer(client versioned.Interface, resyncPeriod time.Duration, indexers cache.Indexers, tweakListOptions internalinterfaces.TweakListOptionsFunc) cache.SharedIndexInformer {
+	return cache.NewSharedIndexInformer(
+		&cache.ListWatch{
+			ListFunc: func(options v1.ListOptions) (runtime.Object, error) {
+				if tweakListOptions != nil {
+					tweakListOptions(&options)
+				}
+				return client.KyvernoV2beta1().ClusterCleanupPolicies().List(context.TODO(), options)
+			},
+			WatchFunc: func(options v1.ListOptions) (watch.Interface, error) {
+				if tweakListOptions != nil {
+					tweakListOptions(&options)
+				}
+				return client.KyvernoV2beta1().ClusterCleanupPolicies().Watch(context.TODO(), options)
+			},
+		},
+		&kyvernov2beta1.ClusterCleanupPolicy{},
+		resyncPeriod,
+		indexers,
+	)
+}
+
+func (f *clusterCleanupPolicyInformer) defaultInformer(client versioned.Interface, resyncPeriod time.Duration) cache.SharedIndexInformer {
+	return NewFilteredClusterCleanupPolicyInformer(client, resyncPeriod, cache.Indexers{cache.NamespaceIndex: cache.MetaNamespaceIndexFunc}, f.tweakListOptions)
+}
+
+func (f *clusterCleanupPolicyInformer) Informer() cache.SharedIndexInformer {
+	return f.factory.InformerFor(&kyvernov2beta1.ClusterCleanupPolicy{}, f.defaultInformer)
+}
+
+func (f *clusterCleanupPolicyInformer) Lister() v2beta1.ClusterCleanupPolicyLister {
+	return v2beta1.NewClusterCleanupPolicyLister(f.Informer().GetIndexer())
+}
--- a/pkg/client/informers/externalversions/kyverno/v2beta1/interface.go
+++ b/pkg/client/informers/externalversions/kyverno/v2beta1/interface.go
@ -24,6 +24,10 @@ import (

 // Interface provides access to all the informers in this group version.
 type Interface interface {
+	// CleanupPolicies returns a CleanupPolicyInformer.
+	CleanupPolicies() CleanupPolicyInformer
+	// ClusterCleanupPolicies returns a ClusterCleanupPolicyInformer.
+	ClusterCleanupPolicies() ClusterCleanupPolicyInformer
 	// ClusterPolicies returns a ClusterPolicyInformer.
 	ClusterPolicies() ClusterPolicyInformer
 	// Policies returns a PolicyInformer.
@ -43,6 +47,16 @@ func New(f internalinterfaces.SharedInformerFactory, namespace string, tweakList
 	return &version{factory: f, namespace: namespace, tweakListOptions: tweakListOptions}
 }

+// CleanupPolicies returns a CleanupPolicyInformer.
+func (v *version) CleanupPolicies() CleanupPolicyInformer {
+	return &cleanupPolicyInformer{factory: v.factory, namespace: v.namespace, tweakListOptions: v.tweakListOptions}
+}
+
+// ClusterCleanupPolicies returns a ClusterCleanupPolicyInformer.
+func (v *version) ClusterCleanupPolicies() ClusterCleanupPolicyInformer {
+	return &clusterCleanupPolicyInformer{factory: v.factory, tweakListOptions: v.tweakListOptions}
+}
+
 // ClusterPolicies returns a ClusterPolicyInformer.
 func (v *version) ClusterPolicies() ClusterPolicyInformer {
 	return &clusterPolicyInformer{factory: v.factory, tweakListOptions: v.tweakListOptions}
--- a/pkg/client/listers/kyverno/v2beta1/cleanuppolicy.go
+++ b/pkg/client/listers/kyverno/v2beta1/cleanuppolicy.go
@ -0,0 +1,99 @@
+/*
+Copyright The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+// Code generated by lister-gen. DO NOT EDIT.
+
+package v2beta1
+
+import (
+	v2beta1 "github.com/kyverno/kyverno/api/kyverno/v2beta1"
+	"k8s.io/apimachinery/pkg/api/errors"
+	"k8s.io/apimachinery/pkg/labels"
+	"k8s.io/client-go/tools/cache"
+)
+
+// CleanupPolicyLister helps list CleanupPolicies.
+// All objects returned here must be treated as read-only.
+type CleanupPolicyLister interface {
+	// List lists all CleanupPolicies in the indexer.
+	// Objects returned here must be treated as read-only.
+	List(selector labels.Selector) (ret []*v2beta1.CleanupPolicy, err error)
+	// CleanupPolicies returns an object that can list and get CleanupPolicies.
+	CleanupPolicies(namespace string) CleanupPolicyNamespaceLister
+	CleanupPolicyListerExpansion
+}
+
+// cleanupPolicyLister implements the CleanupPolicyLister interface.
+type cleanupPolicyLister struct {
+	indexer cache.Indexer
+}
+
+// NewCleanupPolicyLister returns a new CleanupPolicyLister.
+func NewCleanupPolicyLister(indexer cache.Indexer) CleanupPolicyLister {
+	return &cleanupPolicyLister{indexer: indexer}
+}
+
+// List lists all CleanupPolicies in the indexer.
+func (s *cleanupPolicyLister) List(selector labels.Selector) (ret []*v2beta1.CleanupPolicy, err error) {
+	err = cache.ListAll(s.indexer, selector, func(m interface{}) {
+		ret = append(ret, m.(*v2beta1.CleanupPolicy))
+	})
+	return ret, err
+}
+
+// CleanupPolicies returns an object that can list and get CleanupPolicies.
+func (s *cleanupPolicyLister) CleanupPolicies(namespace string) CleanupPolicyNamespaceLister {
+	return cleanupPolicyNamespaceLister{indexer: s.indexer, namespace: namespace}
+}
+
+// CleanupPolicyNamespaceLister helps list and get CleanupPolicies.
+// All objects returned here must be treated as read-only.
+type CleanupPolicyNamespaceLister interface {
+	// List lists all CleanupPolicies in the indexer for a given namespace.
+	// Objects returned here must be treated as read-only.
+	List(selector labels.Selector) (ret []*v2beta1.CleanupPolicy, err error)
+	// Get retrieves the CleanupPolicy from the indexer for a given namespace and name.
+	// Objects returned here must be treated as read-only.
+	Get(name string) (*v2beta1.CleanupPolicy, error)
+	CleanupPolicyNamespaceListerExpansion
+}
+
+// cleanupPolicyNamespaceLister implements the CleanupPolicyNamespaceLister
+// interface.
+type cleanupPolicyNamespaceLister struct {
+	indexer   cache.Indexer
+	namespace string
+}
+
+// List lists all CleanupPolicies in the indexer for a given namespace.
+func (s cleanupPolicyNamespaceLister) List(selector labels.Selector) (ret []*v2beta1.CleanupPolicy, err error) {
+	err = cache.ListAllByNamespace(s.indexer, s.namespace, selector, func(m interface{}) {
+		ret = append(ret, m.(*v2beta1.CleanupPolicy))
+	})
+	return ret, err
+}
+
+// Get retrieves the CleanupPolicy from the indexer for a given namespace and name.
+func (s cleanupPolicyNamespaceLister) Get(name string) (*v2beta1.CleanupPolicy, error) {
+	obj, exists, err := s.indexer.GetByKey(s.namespace + "/" + name)
+	if err != nil {
+		return nil, err
+	}
+	if !exists {
+		return nil, errors.NewNotFound(v2beta1.Resource("cleanuppolicy"), name)
+	}
+	return obj.(*v2beta1.CleanupPolicy), nil
+}
--- a/pkg/client/listers/kyverno/v2beta1/clustercleanuppolicy.go
+++ b/pkg/client/listers/kyverno/v2beta1/clustercleanuppolicy.go
@ -0,0 +1,68 @@
+/*
+Copyright The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+// Code generated by lister-gen. DO NOT EDIT.
+
+package v2beta1
+
+import (
+	v2beta1 "github.com/kyverno/kyverno/api/kyverno/v2beta1"
+	"k8s.io/apimachinery/pkg/api/errors"
+	"k8s.io/apimachinery/pkg/labels"
+	"k8s.io/client-go/tools/cache"
+)
+
+// ClusterCleanupPolicyLister helps list ClusterCleanupPolicies.
+// All objects returned here must be treated as read-only.
+type ClusterCleanupPolicyLister interface {
+	// List lists all ClusterCleanupPolicies in the indexer.
+	// Objects returned here must be treated as read-only.
+	List(selector labels.Selector) (ret []*v2beta1.ClusterCleanupPolicy, err error)
+	// Get retrieves the ClusterCleanupPolicy from the index for a given name.
+	// Objects returned here must be treated as read-only.
+	Get(name string) (*v2beta1.ClusterCleanupPolicy, error)
+	ClusterCleanupPolicyListerExpansion
+}
+
+// clusterCleanupPolicyLister implements the ClusterCleanupPolicyLister interface.
+type clusterCleanupPolicyLister struct {
+	indexer cache.Indexer
+}
+
+// NewClusterCleanupPolicyLister returns a new ClusterCleanupPolicyLister.
+func NewClusterCleanupPolicyLister(indexer cache.Indexer) ClusterCleanupPolicyLister {
+	return &clusterCleanupPolicyLister{indexer: indexer}
+}
+
+// List lists all ClusterCleanupPolicies in the indexer.
+func (s *clusterCleanupPolicyLister) List(selector labels.Selector) (ret []*v2beta1.ClusterCleanupPolicy, err error) {
+	err = cache.ListAll(s.indexer, selector, func(m interface{}) {
+		ret = append(ret, m.(*v2beta1.ClusterCleanupPolicy))
+	})
+	return ret, err
+}
+
+// Get retrieves the ClusterCleanupPolicy from the index for a given name.
+func (s *clusterCleanupPolicyLister) Get(name string) (*v2beta1.ClusterCleanupPolicy, error) {
+	obj, exists, err := s.indexer.GetByKey(name)
+	if err != nil {
+		return nil, err
+	}
+	if !exists {
+		return nil, errors.NewNotFound(v2beta1.Resource("clustercleanuppolicy"), name)
+	}
+	return obj.(*v2beta1.ClusterCleanupPolicy), nil
+}
--- a/pkg/client/listers/kyverno/v2beta1/expansion_generated.go
+++ b/pkg/client/listers/kyverno/v2beta1/expansion_generated.go
@ -18,6 +18,18 @@ limitations under the License.

 package v2beta1

+// CleanupPolicyListerExpansion allows custom methods to be added to
+// CleanupPolicyLister.
+type CleanupPolicyListerExpansion interface{}
+
+// CleanupPolicyNamespaceListerExpansion allows custom methods to be added to
+// CleanupPolicyNamespaceLister.
+type CleanupPolicyNamespaceListerExpansion interface{}
+
+// ClusterCleanupPolicyListerExpansion allows custom methods to be added to
+// ClusterCleanupPolicyLister.
+type ClusterCleanupPolicyListerExpansion interface{}
+
 // ClusterPolicyListerExpansion allows custom methods to be added to
 // ClusterPolicyLister.
 type ClusterPolicyListerExpansion interface{}
--- a/pkg/clients/kyverno/kyvernov2beta1/cleanuppolicies/resource.generated.go
+++ b/pkg/clients/kyverno/kyvernov2beta1/cleanuppolicies/resource.generated.go
@ -0,0 +1,373 @@
+package resource
+
+import (
+	context "context"
+	"fmt"
+	"time"
+
+	"github.com/go-logr/logr"
+	github_com_kyverno_kyverno_api_kyverno_v2beta1 "github.com/kyverno/kyverno/api/kyverno/v2beta1"
+	github_com_kyverno_kyverno_pkg_client_clientset_versioned_typed_kyverno_v2beta1 "github.com/kyverno/kyverno/pkg/client/clientset/versioned/typed/kyverno/v2beta1"
+	"github.com/kyverno/kyverno/pkg/metrics"
+	"github.com/kyverno/kyverno/pkg/tracing"
+	"go.opentelemetry.io/otel/trace"
+	"go.uber.org/multierr"
+	k8s_io_apimachinery_pkg_apis_meta_v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	k8s_io_apimachinery_pkg_types "k8s.io/apimachinery/pkg/types"
+	k8s_io_apimachinery_pkg_watch "k8s.io/apimachinery/pkg/watch"
+)
+
+func WithLogging(inner github_com_kyverno_kyverno_pkg_client_clientset_versioned_typed_kyverno_v2beta1.CleanupPolicyInterface, logger logr.Logger) github_com_kyverno_kyverno_pkg_client_clientset_versioned_typed_kyverno_v2beta1.CleanupPolicyInterface {
+	return &withLogging{inner, logger}
+}
+
+func WithMetrics(inner github_com_kyverno_kyverno_pkg_client_clientset_versioned_typed_kyverno_v2beta1.CleanupPolicyInterface, recorder metrics.Recorder) github_com_kyverno_kyverno_pkg_client_clientset_versioned_typed_kyverno_v2beta1.CleanupPolicyInterface {
+	return &withMetrics{inner, recorder}
+}
+
+func WithTracing(inner github_com_kyverno_kyverno_pkg_client_clientset_versioned_typed_kyverno_v2beta1.CleanupPolicyInterface, client, kind string) github_com_kyverno_kyverno_pkg_client_clientset_versioned_typed_kyverno_v2beta1.CleanupPolicyInterface {
+	return &withTracing{inner, client, kind}
+}
+
+type withLogging struct {
+	inner  github_com_kyverno_kyverno_pkg_client_clientset_versioned_typed_kyverno_v2beta1.CleanupPolicyInterface
+	logger logr.Logger
+}
+
+func (c *withLogging) Create(arg0 context.Context, arg1 *github_com_kyverno_kyverno_api_kyverno_v2beta1.CleanupPolicy, arg2 k8s_io_apimachinery_pkg_apis_meta_v1.CreateOptions) (*github_com_kyverno_kyverno_api_kyverno_v2beta1.CleanupPolicy, error) {
+	start := time.Now()
+	logger := c.logger.WithValues("operation", "Create")
+	ret0, ret1 := c.inner.Create(arg0, arg1, arg2)
+	if err := multierr.Combine(ret1); err != nil {
+		logger.Error(err, "Create failed", "duration", time.Since(start))
+	} else {
+		logger.Info("Create done", "duration", time.Since(start))
+	}
+	return ret0, ret1
+}
+func (c *withLogging) Delete(arg0 context.Context, arg1 string, arg2 k8s_io_apimachinery_pkg_apis_meta_v1.DeleteOptions) error {
+	start := time.Now()
+	logger := c.logger.WithValues("operation", "Delete")
+	ret0 := c.inner.Delete(arg0, arg1, arg2)
+	if err := multierr.Combine(ret0); err != nil {
+		logger.Error(err, "Delete failed", "duration", time.Since(start))
+	} else {
+		logger.Info("Delete done", "duration", time.Since(start))
+	}
+	return ret0
+}
+func (c *withLogging) DeleteCollection(arg0 context.Context, arg1 k8s_io_apimachinery_pkg_apis_meta_v1.DeleteOptions, arg2 k8s_io_apimachinery_pkg_apis_meta_v1.ListOptions) error {
+	start := time.Now()
+	logger := c.logger.WithValues("operation", "DeleteCollection")
+	ret0 := c.inner.DeleteCollection(arg0, arg1, arg2)
+	if err := multierr.Combine(ret0); err != nil {
+		logger.Error(err, "DeleteCollection failed", "duration", time.Since(start))
+	} else {
+		logger.Info("DeleteCollection done", "duration", time.Since(start))
+	}
+	return ret0
+}
+func (c *withLogging) Get(arg0 context.Context, arg1 string, arg2 k8s_io_apimachinery_pkg_apis_meta_v1.GetOptions) (*github_com_kyverno_kyverno_api_kyverno_v2beta1.CleanupPolicy, error) {
+	start := time.Now()
+	logger := c.logger.WithValues("operation", "Get")
+	ret0, ret1 := c.inner.Get(arg0, arg1, arg2)
+	if err := multierr.Combine(ret1); err != nil {
+		logger.Error(err, "Get failed", "duration", time.Since(start))
+	} else {
+		logger.Info("Get done", "duration", time.Since(start))
+	}
+	return ret0, ret1
+}
+func (c *withLogging) List(arg0 context.Context, arg1 k8s_io_apimachinery_pkg_apis_meta_v1.ListOptions) (*github_com_kyverno_kyverno_api_kyverno_v2beta1.CleanupPolicyList, error) {
+	start := time.Now()
+	logger := c.logger.WithValues("operation", "List")
+	ret0, ret1 := c.inner.List(arg0, arg1)
+	if err := multierr.Combine(ret1); err != nil {
+		logger.Error(err, "List failed", "duration", time.Since(start))
+	} else {
+		logger.Info("List done", "duration", time.Since(start))
+	}
+	return ret0, ret1
+}
+func (c *withLogging) Patch(arg0 context.Context, arg1 string, arg2 k8s_io_apimachinery_pkg_types.PatchType, arg3 []uint8, arg4 k8s_io_apimachinery_pkg_apis_meta_v1.PatchOptions, arg5 ...string) (*github_com_kyverno_kyverno_api_kyverno_v2beta1.CleanupPolicy, error) {
+	start := time.Now()
+	logger := c.logger.WithValues("operation", "Patch")
+	ret0, ret1 := c.inner.Patch(arg0, arg1, arg2, arg3, arg4, arg5...)
+	if err := multierr.Combine(ret1); err != nil {
+		logger.Error(err, "Patch failed", "duration", time.Since(start))
+	} else {
+		logger.Info("Patch done", "duration", time.Since(start))
+	}
+	return ret0, ret1
+}
+func (c *withLogging) Update(arg0 context.Context, arg1 *github_com_kyverno_kyverno_api_kyverno_v2beta1.CleanupPolicy, arg2 k8s_io_apimachinery_pkg_apis_meta_v1.UpdateOptions) (*github_com_kyverno_kyverno_api_kyverno_v2beta1.CleanupPolicy, error) {
+	start := time.Now()
+	logger := c.logger.WithValues("operation", "Update")
+	ret0, ret1 := c.inner.Update(arg0, arg1, arg2)
+	if err := multierr.Combine(ret1); err != nil {
+		logger.Error(err, "Update failed", "duration", time.Since(start))
+	} else {
+		logger.Info("Update done", "duration", time.Since(start))
+	}
+	return ret0, ret1
+}
+func (c *withLogging) UpdateStatus(arg0 context.Context, arg1 *github_com_kyverno_kyverno_api_kyverno_v2beta1.CleanupPolicy, arg2 k8s_io_apimachinery_pkg_apis_meta_v1.UpdateOptions) (*github_com_kyverno_kyverno_api_kyverno_v2beta1.CleanupPolicy, error) {
+	start := time.Now()
+	logger := c.logger.WithValues("operation", "UpdateStatus")
+	ret0, ret1 := c.inner.UpdateStatus(arg0, arg1, arg2)
+	if err := multierr.Combine(ret1); err != nil {
+		logger.Error(err, "UpdateStatus failed", "duration", time.Since(start))
+	} else {
+		logger.Info("UpdateStatus done", "duration", time.Since(start))
+	}
+	return ret0, ret1
+}
+func (c *withLogging) Watch(arg0 context.Context, arg1 k8s_io_apimachinery_pkg_apis_meta_v1.ListOptions) (k8s_io_apimachinery_pkg_watch.Interface, error) {
+	start := time.Now()
+	logger := c.logger.WithValues("operation", "Watch")
+	ret0, ret1 := c.inner.Watch(arg0, arg1)
+	if err := multierr.Combine(ret1); err != nil {
+		logger.Error(err, "Watch failed", "duration", time.Since(start))
+	} else {
+		logger.Info("Watch done", "duration", time.Since(start))
+	}
+	return ret0, ret1
+}
+
+type withMetrics struct {
+	inner    github_com_kyverno_kyverno_pkg_client_clientset_versioned_typed_kyverno_v2beta1.CleanupPolicyInterface
+	recorder metrics.Recorder
+}
+
+func (c *withMetrics) Create(arg0 context.Context, arg1 *github_com_kyverno_kyverno_api_kyverno_v2beta1.CleanupPolicy, arg2 k8s_io_apimachinery_pkg_apis_meta_v1.CreateOptions) (*github_com_kyverno_kyverno_api_kyverno_v2beta1.CleanupPolicy, error) {
+	defer c.recorder.RecordWithContext(arg0, "create")
+	return c.inner.Create(arg0, arg1, arg2)
+}
+func (c *withMetrics) Delete(arg0 context.Context, arg1 string, arg2 k8s_io_apimachinery_pkg_apis_meta_v1.DeleteOptions) error {
+	defer c.recorder.RecordWithContext(arg0, "delete")
+	return c.inner.Delete(arg0, arg1, arg2)
+}
+func (c *withMetrics) DeleteCollection(arg0 context.Context, arg1 k8s_io_apimachinery_pkg_apis_meta_v1.DeleteOptions, arg2 k8s_io_apimachinery_pkg_apis_meta_v1.ListOptions) error {
+	defer c.recorder.RecordWithContext(arg0, "delete_collection")
+	return c.inner.DeleteCollection(arg0, arg1, arg2)
+}
+func (c *withMetrics) Get(arg0 context.Context, arg1 string, arg2 k8s_io_apimachinery_pkg_apis_meta_v1.GetOptions) (*github_com_kyverno_kyverno_api_kyverno_v2beta1.CleanupPolicy, error) {
+	defer c.recorder.RecordWithContext(arg0, "get")
+	return c.inner.Get(arg0, arg1, arg2)
+}
+func (c *withMetrics) List(arg0 context.Context, arg1 k8s_io_apimachinery_pkg_apis_meta_v1.ListOptions) (*github_com_kyverno_kyverno_api_kyverno_v2beta1.CleanupPolicyList, error) {
+	defer c.recorder.RecordWithContext(arg0, "list")
+	return c.inner.List(arg0, arg1)
+}
+func (c *withMetrics) Patch(arg0 context.Context, arg1 string, arg2 k8s_io_apimachinery_pkg_types.PatchType, arg3 []uint8, arg4 k8s_io_apimachinery_pkg_apis_meta_v1.PatchOptions, arg5 ...string) (*github_com_kyverno_kyverno_api_kyverno_v2beta1.CleanupPolicy, error) {
+	defer c.recorder.RecordWithContext(arg0, "patch")
+	return c.inner.Patch(arg0, arg1, arg2, arg3, arg4, arg5...)
+}
+func (c *withMetrics) Update(arg0 context.Context, arg1 *github_com_kyverno_kyverno_api_kyverno_v2beta1.CleanupPolicy, arg2 k8s_io_apimachinery_pkg_apis_meta_v1.UpdateOptions) (*github_com_kyverno_kyverno_api_kyverno_v2beta1.CleanupPolicy, error) {
+	defer c.recorder.RecordWithContext(arg0, "update")
+	return c.inner.Update(arg0, arg1, arg2)
+}
+func (c *withMetrics) UpdateStatus(arg0 context.Context, arg1 *github_com_kyverno_kyverno_api_kyverno_v2beta1.CleanupPolicy, arg2 k8s_io_apimachinery_pkg_apis_meta_v1.UpdateOptions) (*github_com_kyverno_kyverno_api_kyverno_v2beta1.CleanupPolicy, error) {
+	defer c.recorder.RecordWithContext(arg0, "update_status")
+	return c.inner.UpdateStatus(arg0, arg1, arg2)
+}
+func (c *withMetrics) Watch(arg0 context.Context, arg1 k8s_io_apimachinery_pkg_apis_meta_v1.ListOptions) (k8s_io_apimachinery_pkg_watch.Interface, error) {
+	defer c.recorder.RecordWithContext(arg0, "watch")
+	return c.inner.Watch(arg0, arg1)
+}
+
+type withTracing struct {
+	inner  github_com_kyverno_kyverno_pkg_client_clientset_versioned_typed_kyverno_v2beta1.CleanupPolicyInterface
+	client string
+	kind   string
+}
+
+func (c *withTracing) Create(arg0 context.Context, arg1 *github_com_kyverno_kyverno_api_kyverno_v2beta1.CleanupPolicy, arg2 k8s_io_apimachinery_pkg_apis_meta_v1.CreateOptions) (*github_com_kyverno_kyverno_api_kyverno_v2beta1.CleanupPolicy, error) {
+	var span trace.Span
+	if tracing.IsInSpan(arg0) {
+		arg0, span = tracing.StartChildSpan(
+			arg0,
+			"",
+			fmt.Sprintf("KUBE %s/%s/%s", c.client, c.kind, "Create"),
+			trace.WithAttributes(
+				tracing.KubeClientGroupKey.String(c.client),
+				tracing.KubeClientKindKey.String(c.kind),
+				tracing.KubeClientOperationKey.String("Create"),
+			),
+		)
+		defer span.End()
+	}
+	ret0, ret1 := c.inner.Create(arg0, arg1, arg2)
+	if span != nil {
+		tracing.SetSpanStatus(span, ret1)
+	}
+	return ret0, ret1
+}
+func (c *withTracing) Delete(arg0 context.Context, arg1 string, arg2 k8s_io_apimachinery_pkg_apis_meta_v1.DeleteOptions) error {
+	var span trace.Span
+	if tracing.IsInSpan(arg0) {
+		arg0, span = tracing.StartChildSpan(
+			arg0,
+			"",
+			fmt.Sprintf("KUBE %s/%s/%s", c.client, c.kind, "Delete"),
+			trace.WithAttributes(
+				tracing.KubeClientGroupKey.String(c.client),
+				tracing.KubeClientKindKey.String(c.kind),
+				tracing.KubeClientOperationKey.String("Delete"),
+			),
+		)
+		defer span.End()
+	}
+	ret0 := c.inner.Delete(arg0, arg1, arg2)
+	if span != nil {
+		tracing.SetSpanStatus(span, ret0)
+	}
+	return ret0
+}
+func (c *withTracing) DeleteCollection(arg0 context.Context, arg1 k8s_io_apimachinery_pkg_apis_meta_v1.DeleteOptions, arg2 k8s_io_apimachinery_pkg_apis_meta_v1.ListOptions) error {
+	var span trace.Span
+	if tracing.IsInSpan(arg0) {
+		arg0, span = tracing.StartChildSpan(
+			arg0,
+			"",
+			fmt.Sprintf("KUBE %s/%s/%s", c.client, c.kind, "DeleteCollection"),
+			trace.WithAttributes(
+				tracing.KubeClientGroupKey.String(c.client),
+				tracing.KubeClientKindKey.String(c.kind),
+				tracing.KubeClientOperationKey.String("DeleteCollection"),
+			),
+		)
+		defer span.End()
+	}
+	ret0 := c.inner.DeleteCollection(arg0, arg1, arg2)
+	if span != nil {
+		tracing.SetSpanStatus(span, ret0)
+	}
+	return ret0
+}
+func (c *withTracing) Get(arg0 context.Context, arg1 string, arg2 k8s_io_apimachinery_pkg_apis_meta_v1.GetOptions) (*github_com_kyverno_kyverno_api_kyverno_v2beta1.CleanupPolicy, error) {
+	var span trace.Span
+	if tracing.IsInSpan(arg0) {
+		arg0, span = tracing.StartChildSpan(
+			arg0,
+			"",
+			fmt.Sprintf("KUBE %s/%s/%s", c.client, c.kind, "Get"),
+			trace.WithAttributes(
+				tracing.KubeClientGroupKey.String(c.client),
+				tracing.KubeClientKindKey.String(c.kind),
+				tracing.KubeClientOperationKey.String("Get"),
+			),
+		)
+		defer span.End()
+	}
+	ret0, ret1 := c.inner.Get(arg0, arg1, arg2)
+	if span != nil {
+		tracing.SetSpanStatus(span, ret1)
+	}
+	return ret0, ret1
+}
+func (c *withTracing) List(arg0 context.Context, arg1 k8s_io_apimachinery_pkg_apis_meta_v1.ListOptions) (*github_com_kyverno_kyverno_api_kyverno_v2beta1.CleanupPolicyList, error) {
+	var span trace.Span
+	if tracing.IsInSpan(arg0) {
+		arg0, span = tracing.StartChildSpan(
+			arg0,
+			"",
+			fmt.Sprintf("KUBE %s/%s/%s", c.client, c.kind, "List"),
+			trace.WithAttributes(
+				tracing.KubeClientGroupKey.String(c.client),
+				tracing.KubeClientKindKey.String(c.kind),
+				tracing.KubeClientOperationKey.String("List"),
+			),
+		)
+		defer span.End()
+	}
+	ret0, ret1 := c.inner.List(arg0, arg1)
+	if span != nil {
+		tracing.SetSpanStatus(span, ret1)
+	}
+	return ret0, ret1
+}
+func (c *withTracing) Patch(arg0 context.Context, arg1 string, arg2 k8s_io_apimachinery_pkg_types.PatchType, arg3 []uint8, arg4 k8s_io_apimachinery_pkg_apis_meta_v1.PatchOptions, arg5 ...string) (*github_com_kyverno_kyverno_api_kyverno_v2beta1.CleanupPolicy, error) {
+	var span trace.Span
+	if tracing.IsInSpan(arg0) {
+		arg0, span = tracing.StartChildSpan(
+			arg0,
+			"",
+			fmt.Sprintf("KUBE %s/%s/%s", c.client, c.kind, "Patch"),
+			trace.WithAttributes(
+				tracing.KubeClientGroupKey.String(c.client),
+				tracing.KubeClientKindKey.String(c.kind),
+				tracing.KubeClientOperationKey.String("Patch"),
+			),
+		)
+		defer span.End()
+	}
+	ret0, ret1 := c.inner.Patch(arg0, arg1, arg2, arg3, arg4, arg5...)
+	if span != nil {
+		tracing.SetSpanStatus(span, ret1)
+	}
+	return ret0, ret1
+}
+func (c *withTracing) Update(arg0 context.Context, arg1 *github_com_kyverno_kyverno_api_kyverno_v2beta1.CleanupPolicy, arg2 k8s_io_apimachinery_pkg_apis_meta_v1.UpdateOptions) (*github_com_kyverno_kyverno_api_kyverno_v2beta1.CleanupPolicy, error) {
+	var span trace.Span
+	if tracing.IsInSpan(arg0) {
+		arg0, span = tracing.StartChildSpan(
+			arg0,
+			"",
+			fmt.Sprintf("KUBE %s/%s/%s", c.client, c.kind, "Update"),
+			trace.WithAttributes(
+				tracing.KubeClientGroupKey.String(c.client),
+				tracing.KubeClientKindKey.String(c.kind),
+				tracing.KubeClientOperationKey.String("Update"),
+			),
+		)
+		defer span.End()
+	}
+	ret0, ret1 := c.inner.Update(arg0, arg1, arg2)
+	if span != nil {
+		tracing.SetSpanStatus(span, ret1)
+	}
+	return ret0, ret1
+}
+func (c *withTracing) UpdateStatus(arg0 context.Context, arg1 *github_com_kyverno_kyverno_api_kyverno_v2beta1.CleanupPolicy, arg2 k8s_io_apimachinery_pkg_apis_meta_v1.UpdateOptions) (*github_com_kyverno_kyverno_api_kyverno_v2beta1.CleanupPolicy, error) {
+	var span trace.Span
+	if tracing.IsInSpan(arg0) {
+		arg0, span = tracing.StartChildSpan(
+			arg0,
+			"",
+			fmt.Sprintf("KUBE %s/%s/%s", c.client, c.kind, "UpdateStatus"),
+			trace.WithAttributes(
+				tracing.KubeClientGroupKey.String(c.client),
+				tracing.KubeClientKindKey.String(c.kind),
+				tracing.KubeClientOperationKey.String("UpdateStatus"),
+			),
+		)
+		defer span.End()
+	}
+	ret0, ret1 := c.inner.UpdateStatus(arg0, arg1, arg2)
+	if span != nil {
+		tracing.SetSpanStatus(span, ret1)
+	}
+	return ret0, ret1
+}
+func (c *withTracing) Watch(arg0 context.Context, arg1 k8s_io_apimachinery_pkg_apis_meta_v1.ListOptions) (k8s_io_apimachinery_pkg_watch.Interface, error) {
+	var span trace.Span
+	if tracing.IsInSpan(arg0) {
+		arg0, span = tracing.StartChildSpan(
+			arg0,
+			"",
+			fmt.Sprintf("KUBE %s/%s/%s", c.client, c.kind, "Watch"),
+			trace.WithAttributes(
+				tracing.KubeClientGroupKey.String(c.client),
+				tracing.KubeClientKindKey.String(c.kind),
+				tracing.KubeClientOperationKey.String("Watch"),
+			),
+		)
+		defer span.End()
+	}
+	ret0, ret1 := c.inner.Watch(arg0, arg1)
+	if span != nil {
+		tracing.SetSpanStatus(span, ret1)
+	}
+	return ret0, ret1
+}
--- a/pkg/clients/kyverno/kyvernov2beta1/client.generated.go
+++ b/pkg/clients/kyverno/kyvernov2beta1/client.generated.go
@ -3,6 +3,8 @@ package client
 import (
 	"github.com/go-logr/logr"
 	github_com_kyverno_kyverno_pkg_client_clientset_versioned_typed_kyverno_v2beta1 "github.com/kyverno/kyverno/pkg/client/clientset/versioned/typed/kyverno/v2beta1"
+	cleanuppolicies "github.com/kyverno/kyverno/pkg/clients/kyverno/kyvernov2beta1/cleanuppolicies"
+	clustercleanuppolicies "github.com/kyverno/kyverno/pkg/clients/kyverno/kyvernov2beta1/clustercleanuppolicies"
 	clusterpolicies "github.com/kyverno/kyverno/pkg/clients/kyverno/kyvernov2beta1/clusterpolicies"
 	policies "github.com/kyverno/kyverno/pkg/clients/kyverno/kyvernov2beta1/policies"
 	policyexceptions "github.com/kyverno/kyverno/pkg/clients/kyverno/kyvernov2beta1/policyexceptions"
@ -31,6 +33,14 @@ type withMetrics struct {
 func (c *withMetrics) RESTClient() rest.Interface {
 	return c.inner.RESTClient()
 }
+func (c *withMetrics) CleanupPolicies(namespace string) github_com_kyverno_kyverno_pkg_client_clientset_versioned_typed_kyverno_v2beta1.CleanupPolicyInterface {
+	recorder := metrics.NamespacedClientQueryRecorder(c.metrics, namespace, "CleanupPolicy", c.clientType)
+	return cleanuppolicies.WithMetrics(c.inner.CleanupPolicies(namespace), recorder)
+}
+func (c *withMetrics) ClusterCleanupPolicies() github_com_kyverno_kyverno_pkg_client_clientset_versioned_typed_kyverno_v2beta1.ClusterCleanupPolicyInterface {
+	recorder := metrics.ClusteredClientQueryRecorder(c.metrics, "ClusterCleanupPolicy", c.clientType)
+	return clustercleanuppolicies.WithMetrics(c.inner.ClusterCleanupPolicies(), recorder)
+}
 func (c *withMetrics) ClusterPolicies() github_com_kyverno_kyverno_pkg_client_clientset_versioned_typed_kyverno_v2beta1.ClusterPolicyInterface {
 	recorder := metrics.ClusteredClientQueryRecorder(c.metrics, "ClusterPolicy", c.clientType)
 	return clusterpolicies.WithMetrics(c.inner.ClusterPolicies(), recorder)
@ -52,6 +62,12 @@ type withTracing struct {
 func (c *withTracing) RESTClient() rest.Interface {
 	return c.inner.RESTClient()
 }
+func (c *withTracing) CleanupPolicies(namespace string) github_com_kyverno_kyverno_pkg_client_clientset_versioned_typed_kyverno_v2beta1.CleanupPolicyInterface {
+	return cleanuppolicies.WithTracing(c.inner.CleanupPolicies(namespace), c.client, "CleanupPolicy")
+}
+func (c *withTracing) ClusterCleanupPolicies() github_com_kyverno_kyverno_pkg_client_clientset_versioned_typed_kyverno_v2beta1.ClusterCleanupPolicyInterface {
+	return clustercleanuppolicies.WithTracing(c.inner.ClusterCleanupPolicies(), c.client, "ClusterCleanupPolicy")
+}
 func (c *withTracing) ClusterPolicies() github_com_kyverno_kyverno_pkg_client_clientset_versioned_typed_kyverno_v2beta1.ClusterPolicyInterface {
 	return clusterpolicies.WithTracing(c.inner.ClusterPolicies(), c.client, "ClusterPolicy")
 }
@ -70,6 +86,12 @@ type withLogging struct {
 func (c *withLogging) RESTClient() rest.Interface {
 	return c.inner.RESTClient()
 }
+func (c *withLogging) CleanupPolicies(namespace string) github_com_kyverno_kyverno_pkg_client_clientset_versioned_typed_kyverno_v2beta1.CleanupPolicyInterface {
+	return cleanuppolicies.WithLogging(c.inner.CleanupPolicies(namespace), c.logger.WithValues("resource", "CleanupPolicies").WithValues("namespace", namespace))
+}
+func (c *withLogging) ClusterCleanupPolicies() github_com_kyverno_kyverno_pkg_client_clientset_versioned_typed_kyverno_v2beta1.ClusterCleanupPolicyInterface {
+	return clustercleanuppolicies.WithLogging(c.inner.ClusterCleanupPolicies(), c.logger.WithValues("resource", "ClusterCleanupPolicies"))
+}
 func (c *withLogging) ClusterPolicies() github_com_kyverno_kyverno_pkg_client_clientset_versioned_typed_kyverno_v2beta1.ClusterPolicyInterface {
 	return clusterpolicies.WithLogging(c.inner.ClusterPolicies(), c.logger.WithValues("resource", "ClusterPolicies"))
 }
--- a/pkg/clients/kyverno/kyvernov2beta1/clustercleanuppolicies/resource.generated.go
+++ b/pkg/clients/kyverno/kyvernov2beta1/clustercleanuppolicies/resource.generated.go
@ -0,0 +1,373 @@
+package resource
+
+import (
+	context "context"
+	"fmt"
+	"time"
+
+	"github.com/go-logr/logr"
+	github_com_kyverno_kyverno_api_kyverno_v2beta1 "github.com/kyverno/kyverno/api/kyverno/v2beta1"
+	github_com_kyverno_kyverno_pkg_client_clientset_versioned_typed_kyverno_v2beta1 "github.com/kyverno/kyverno/pkg/client/clientset/versioned/typed/kyverno/v2beta1"
+	"github.com/kyverno/kyverno/pkg/metrics"
+	"github.com/kyverno/kyverno/pkg/tracing"
+	"go.opentelemetry.io/otel/trace"
+	"go.uber.org/multierr"
+	k8s_io_apimachinery_pkg_apis_meta_v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	k8s_io_apimachinery_pkg_types "k8s.io/apimachinery/pkg/types"
+	k8s_io_apimachinery_pkg_watch "k8s.io/apimachinery/pkg/watch"
+)
+
+func WithLogging(inner github_com_kyverno_kyverno_pkg_client_clientset_versioned_typed_kyverno_v2beta1.ClusterCleanupPolicyInterface, logger logr.Logger) github_com_kyverno_kyverno_pkg_client_clientset_versioned_typed_kyverno_v2beta1.ClusterCleanupPolicyInterface {
+	return &withLogging{inner, logger}
+}
+
+func WithMetrics(inner github_com_kyverno_kyverno_pkg_client_clientset_versioned_typed_kyverno_v2beta1.ClusterCleanupPolicyInterface, recorder metrics.Recorder) github_com_kyverno_kyverno_pkg_client_clientset_versioned_typed_kyverno_v2beta1.ClusterCleanupPolicyInterface {
+	return &withMetrics{inner, recorder}
+}
+
+func WithTracing(inner github_com_kyverno_kyverno_pkg_client_clientset_versioned_typed_kyverno_v2beta1.ClusterCleanupPolicyInterface, client, kind string) github_com_kyverno_kyverno_pkg_client_clientset_versioned_typed_kyverno_v2beta1.ClusterCleanupPolicyInterface {
+	return &withTracing{inner, client, kind}
+}
+
+type withLogging struct {
+	inner  github_com_kyverno_kyverno_pkg_client_clientset_versioned_typed_kyverno_v2beta1.ClusterCleanupPolicyInterface
+	logger logr.Logger
+}
+
+func (c *withLogging) Create(arg0 context.Context, arg1 *github_com_kyverno_kyverno_api_kyverno_v2beta1.ClusterCleanupPolicy, arg2 k8s_io_apimachinery_pkg_apis_meta_v1.CreateOptions) (*github_com_kyverno_kyverno_api_kyverno_v2beta1.ClusterCleanupPolicy, error) {
+	start := time.Now()
+	logger := c.logger.WithValues("operation", "Create")
+	ret0, ret1 := c.inner.Create(arg0, arg1, arg2)
+	if err := multierr.Combine(ret1); err != nil {
+		logger.Error(err, "Create failed", "duration", time.Since(start))
+	} else {
+		logger.Info("Create done", "duration", time.Since(start))
+	}
+	return ret0, ret1
+}
+func (c *withLogging) Delete(arg0 context.Context, arg1 string, arg2 k8s_io_apimachinery_pkg_apis_meta_v1.DeleteOptions) error {
+	start := time.Now()
+	logger := c.logger.WithValues("operation", "Delete")
+	ret0 := c.inner.Delete(arg0, arg1, arg2)
+	if err := multierr.Combine(ret0); err != nil {
+		logger.Error(err, "Delete failed", "duration", time.Since(start))
+	} else {
+		logger.Info("Delete done", "duration", time.Since(start))
+	}
+	return ret0
+}
+func (c *withLogging) DeleteCollection(arg0 context.Context, arg1 k8s_io_apimachinery_pkg_apis_meta_v1.DeleteOptions, arg2 k8s_io_apimachinery_pkg_apis_meta_v1.ListOptions) error {
+	start := time.Now()
+	logger := c.logger.WithValues("operation", "DeleteCollection")
+	ret0 := c.inner.DeleteCollection(arg0, arg1, arg2)
+	if err := multierr.Combine(ret0); err != nil {
+		logger.Error(err, "DeleteCollection failed", "duration", time.Since(start))
+	} else {
+		logger.Info("DeleteCollection done", "duration", time.Since(start))
+	}
+	return ret0
+}
+func (c *withLogging) Get(arg0 context.Context, arg1 string, arg2 k8s_io_apimachinery_pkg_apis_meta_v1.GetOptions) (*github_com_kyverno_kyverno_api_kyverno_v2beta1.ClusterCleanupPolicy, error) {
+	start := time.Now()
+	logger := c.logger.WithValues("operation", "Get")
+	ret0, ret1 := c.inner.Get(arg0, arg1, arg2)
+	if err := multierr.Combine(ret1); err != nil {
+		logger.Error(err, "Get failed", "duration", time.Since(start))
+	} else {
+		logger.Info("Get done", "duration", time.Since(start))
+	}
+	return ret0, ret1
+}
+func (c *withLogging) List(arg0 context.Context, arg1 k8s_io_apimachinery_pkg_apis_meta_v1.ListOptions) (*github_com_kyverno_kyverno_api_kyverno_v2beta1.ClusterCleanupPolicyList, error) {
+	start := time.Now()
+	logger := c.logger.WithValues("operation", "List")
+	ret0, ret1 := c.inner.List(arg0, arg1)
+	if err := multierr.Combine(ret1); err != nil {
+		logger.Error(err, "List failed", "duration", time.Since(start))
+	} else {
+		logger.Info("List done", "duration", time.Since(start))
+	}
+	return ret0, ret1
+}
+func (c *withLogging) Patch(arg0 context.Context, arg1 string, arg2 k8s_io_apimachinery_pkg_types.PatchType, arg3 []uint8, arg4 k8s_io_apimachinery_pkg_apis_meta_v1.PatchOptions, arg5 ...string) (*github_com_kyverno_kyverno_api_kyverno_v2beta1.ClusterCleanupPolicy, error) {
+	start := time.Now()
+	logger := c.logger.WithValues("operation", "Patch")
+	ret0, ret1 := c.inner.Patch(arg0, arg1, arg2, arg3, arg4, arg5...)
+	if err := multierr.Combine(ret1); err != nil {
+		logger.Error(err, "Patch failed", "duration", time.Since(start))
+	} else {
+		logger.Info("Patch done", "duration", time.Since(start))
+	}
+	return ret0, ret1
+}
+func (c *withLogging) Update(arg0 context.Context, arg1 *github_com_kyverno_kyverno_api_kyverno_v2beta1.ClusterCleanupPolicy, arg2 k8s_io_apimachinery_pkg_apis_meta_v1.UpdateOptions) (*github_com_kyverno_kyverno_api_kyverno_v2beta1.ClusterCleanupPolicy, error) {
+	start := time.Now()
+	logger := c.logger.WithValues("operation", "Update")
+	ret0, ret1 := c.inner.Update(arg0, arg1, arg2)
+	if err := multierr.Combine(ret1); err != nil {
+		logger.Error(err, "Update failed", "duration", time.Since(start))
+	} else {
+		logger.Info("Update done", "duration", time.Since(start))
+	}
+	return ret0, ret1
+}
+func (c *withLogging) UpdateStatus(arg0 context.Context, arg1 *github_com_kyverno_kyverno_api_kyverno_v2beta1.ClusterCleanupPolicy, arg2 k8s_io_apimachinery_pkg_apis_meta_v1.UpdateOptions) (*github_com_kyverno_kyverno_api_kyverno_v2beta1.ClusterCleanupPolicy, error) {
+	start := time.Now()
+	logger := c.logger.WithValues("operation", "UpdateStatus")
+	ret0, ret1 := c.inner.UpdateStatus(arg0, arg1, arg2)
+	if err := multierr.Combine(ret1); err != nil {
+		logger.Error(err, "UpdateStatus failed", "duration", time.Since(start))
+	} else {
+		logger.Info("UpdateStatus done", "duration", time.Since(start))
+	}
+	return ret0, ret1
+}
+func (c *withLogging) Watch(arg0 context.Context, arg1 k8s_io_apimachinery_pkg_apis_meta_v1.ListOptions) (k8s_io_apimachinery_pkg_watch.Interface, error) {
+	start := time.Now()
+	logger := c.logger.WithValues("operation", "Watch")
+	ret0, ret1 := c.inner.Watch(arg0, arg1)
+	if err := multierr.Combine(ret1); err != nil {
+		logger.Error(err, "Watch failed", "duration", time.Since(start))
+	} else {
+		logger.Info("Watch done", "duration", time.Since(start))
+	}
+	return ret0, ret1
+}
+
+type withMetrics struct {
+	inner    github_com_kyverno_kyverno_pkg_client_clientset_versioned_typed_kyverno_v2beta1.ClusterCleanupPolicyInterface
+	recorder metrics.Recorder
+}
+
+func (c *withMetrics) Create(arg0 context.Context, arg1 *github_com_kyverno_kyverno_api_kyverno_v2beta1.ClusterCleanupPolicy, arg2 k8s_io_apimachinery_pkg_apis_meta_v1.CreateOptions) (*github_com_kyverno_kyverno_api_kyverno_v2beta1.ClusterCleanupPolicy, error) {
+	defer c.recorder.RecordWithContext(arg0, "create")
+	return c.inner.Create(arg0, arg1, arg2)
+}
+func (c *withMetrics) Delete(arg0 context.Context, arg1 string, arg2 k8s_io_apimachinery_pkg_apis_meta_v1.DeleteOptions) error {
+	defer c.recorder.RecordWithContext(arg0, "delete")
+	return c.inner.Delete(arg0, arg1, arg2)
+}
+func (c *withMetrics) DeleteCollection(arg0 context.Context, arg1 k8s_io_apimachinery_pkg_apis_meta_v1.DeleteOptions, arg2 k8s_io_apimachinery_pkg_apis_meta_v1.ListOptions) error {
+	defer c.recorder.RecordWithContext(arg0, "delete_collection")
+	return c.inner.DeleteCollection(arg0, arg1, arg2)
+}
+func (c *withMetrics) Get(arg0 context.Context, arg1 string, arg2 k8s_io_apimachinery_pkg_apis_meta_v1.GetOptions) (*github_com_kyverno_kyverno_api_kyverno_v2beta1.ClusterCleanupPolicy, error) {
+	defer c.recorder.RecordWithContext(arg0, "get")
+	return c.inner.Get(arg0, arg1, arg2)
+}
+func (c *withMetrics) List(arg0 context.Context, arg1 k8s_io_apimachinery_pkg_apis_meta_v1.ListOptions) (*github_com_kyverno_kyverno_api_kyverno_v2beta1.ClusterCleanupPolicyList, error) {
+	defer c.recorder.RecordWithContext(arg0, "list")
+	return c.inner.List(arg0, arg1)
+}
+func (c *withMetrics) Patch(arg0 context.Context, arg1 string, arg2 k8s_io_apimachinery_pkg_types.PatchType, arg3 []uint8, arg4 k8s_io_apimachinery_pkg_apis_meta_v1.PatchOptions, arg5 ...string) (*github_com_kyverno_kyverno_api_kyverno_v2beta1.ClusterCleanupPolicy, error) {
+	defer c.recorder.RecordWithContext(arg0, "patch")
+	return c.inner.Patch(arg0, arg1, arg2, arg3, arg4, arg5...)
+}
+func (c *withMetrics) Update(arg0 context.Context, arg1 *github_com_kyverno_kyverno_api_kyverno_v2beta1.ClusterCleanupPolicy, arg2 k8s_io_apimachinery_pkg_apis_meta_v1.UpdateOptions) (*github_com_kyverno_kyverno_api_kyverno_v2beta1.ClusterCleanupPolicy, error) {
+	defer c.recorder.RecordWithContext(arg0, "update")
+	return c.inner.Update(arg0, arg1, arg2)
+}
+func (c *withMetrics) UpdateStatus(arg0 context.Context, arg1 *github_com_kyverno_kyverno_api_kyverno_v2beta1.ClusterCleanupPolicy, arg2 k8s_io_apimachinery_pkg_apis_meta_v1.UpdateOptions) (*github_com_kyverno_kyverno_api_kyverno_v2beta1.ClusterCleanupPolicy, error) {
+	defer c.recorder.RecordWithContext(arg0, "update_status")
+	return c.inner.UpdateStatus(arg0, arg1, arg2)
+}
+func (c *withMetrics) Watch(arg0 context.Context, arg1 k8s_io_apimachinery_pkg_apis_meta_v1.ListOptions) (k8s_io_apimachinery_pkg_watch.Interface, error) {
+	defer c.recorder.RecordWithContext(arg0, "watch")
+	return c.inner.Watch(arg0, arg1)
+}
+
+type withTracing struct {
+	inner  github_com_kyverno_kyverno_pkg_client_clientset_versioned_typed_kyverno_v2beta1.ClusterCleanupPolicyInterface
+	client string
+	kind   string
+}
+
+func (c *withTracing) Create(arg0 context.Context, arg1 *github_com_kyverno_kyverno_api_kyverno_v2beta1.ClusterCleanupPolicy, arg2 k8s_io_apimachinery_pkg_apis_meta_v1.CreateOptions) (*github_com_kyverno_kyverno_api_kyverno_v2beta1.ClusterCleanupPolicy, error) {
+	var span trace.Span
+	if tracing.IsInSpan(arg0) {
+		arg0, span = tracing.StartChildSpan(
+			arg0,
+			"",
+			fmt.Sprintf("KUBE %s/%s/%s", c.client, c.kind, "Create"),
+			trace.WithAttributes(
+				tracing.KubeClientGroupKey.String(c.client),
+				tracing.KubeClientKindKey.String(c.kind),
+				tracing.KubeClientOperationKey.String("Create"),
+			),
+		)
+		defer span.End()
+	}
+	ret0, ret1 := c.inner.Create(arg0, arg1, arg2)
+	if span != nil {
+		tracing.SetSpanStatus(span, ret1)
+	}
+	return ret0, ret1
+}
+func (c *withTracing) Delete(arg0 context.Context, arg1 string, arg2 k8s_io_apimachinery_pkg_apis_meta_v1.DeleteOptions) error {
+	var span trace.Span
+	if tracing.IsInSpan(arg0) {
+		arg0, span = tracing.StartChildSpan(
+			arg0,
+			"",
+			fmt.Sprintf("KUBE %s/%s/%s", c.client, c.kind, "Delete"),
+			trace.WithAttributes(
+				tracing.KubeClientGroupKey.String(c.client),
+				tracing.KubeClientKindKey.String(c.kind),
+				tracing.KubeClientOperationKey.String("Delete"),
+			),
+		)
+		defer span.End()
+	}
+	ret0 := c.inner.Delete(arg0, arg1, arg2)
+	if span != nil {
+		tracing.SetSpanStatus(span, ret0)
+	}
+	return ret0
+}
+func (c *withTracing) DeleteCollection(arg0 context.Context, arg1 k8s_io_apimachinery_pkg_apis_meta_v1.DeleteOptions, arg2 k8s_io_apimachinery_pkg_apis_meta_v1.ListOptions) error {
+	var span trace.Span
+	if tracing.IsInSpan(arg0) {
+		arg0, span = tracing.StartChildSpan(
+			arg0,
+			"",
+			fmt.Sprintf("KUBE %s/%s/%s", c.client, c.kind, "DeleteCollection"),
+			trace.WithAttributes(
+				tracing.KubeClientGroupKey.String(c.client),
+				tracing.KubeClientKindKey.String(c.kind),
+				tracing.KubeClientOperationKey.String("DeleteCollection"),
+			),
+		)
+		defer span.End()
+	}
+	ret0 := c.inner.DeleteCollection(arg0, arg1, arg2)
+	if span != nil {
+		tracing.SetSpanStatus(span, ret0)
+	}
+	return ret0
+}
+func (c *withTracing) Get(arg0 context.Context, arg1 string, arg2 k8s_io_apimachinery_pkg_apis_meta_v1.GetOptions) (*github_com_kyverno_kyverno_api_kyverno_v2beta1.ClusterCleanupPolicy, error) {
+	var span trace.Span
+	if tracing.IsInSpan(arg0) {
+		arg0, span = tracing.StartChildSpan(
+			arg0,
+			"",
+			fmt.Sprintf("KUBE %s/%s/%s", c.client, c.kind, "Get"),
+			trace.WithAttributes(
+				tracing.KubeClientGroupKey.String(c.client),
+				tracing.KubeClientKindKey.String(c.kind),
+				tracing.KubeClientOperationKey.String("Get"),
+			),
+		)
+		defer span.End()
+	}
+	ret0, ret1 := c.inner.Get(arg0, arg1, arg2)
+	if span != nil {
+		tracing.SetSpanStatus(span, ret1)
+	}
+	return ret0, ret1
+}
+func (c *withTracing) List(arg0 context.Context, arg1 k8s_io_apimachinery_pkg_apis_meta_v1.ListOptions) (*github_com_kyverno_kyverno_api_kyverno_v2beta1.ClusterCleanupPolicyList, error) {
+	var span trace.Span
+	if tracing.IsInSpan(arg0) {
+		arg0, span = tracing.StartChildSpan(
+			arg0,
+			"",
+			fmt.Sprintf("KUBE %s/%s/%s", c.client, c.kind, "List"),
+			trace.WithAttributes(
+				tracing.KubeClientGroupKey.String(c.client),
+				tracing.KubeClientKindKey.String(c.kind),
+				tracing.KubeClientOperationKey.String("List"),
+			),
+		)
+		defer span.End()
+	}
+	ret0, ret1 := c.inner.List(arg0, arg1)
+	if span != nil {
+		tracing.SetSpanStatus(span, ret1)
+	}
+	return ret0, ret1
+}
+func (c *withTracing) Patch(arg0 context.Context, arg1 string, arg2 k8s_io_apimachinery_pkg_types.PatchType, arg3 []uint8, arg4 k8s_io_apimachinery_pkg_apis_meta_v1.PatchOptions, arg5 ...string) (*github_com_kyverno_kyverno_api_kyverno_v2beta1.ClusterCleanupPolicy, error) {
+	var span trace.Span
+	if tracing.IsInSpan(arg0) {
+		arg0, span = tracing.StartChildSpan(
+			arg0,
+			"",
+			fmt.Sprintf("KUBE %s/%s/%s", c.client, c.kind, "Patch"),
+			trace.WithAttributes(
+				tracing.KubeClientGroupKey.String(c.client),
+				tracing.KubeClientKindKey.String(c.kind),
+				tracing.KubeClientOperationKey.String("Patch"),
+			),
+		)
+		defer span.End()
+	}
+	ret0, ret1 := c.inner.Patch(arg0, arg1, arg2, arg3, arg4, arg5...)
+	if span != nil {
+		tracing.SetSpanStatus(span, ret1)
+	}
+	return ret0, ret1
+}
+func (c *withTracing) Update(arg0 context.Context, arg1 *github_com_kyverno_kyverno_api_kyverno_v2beta1.ClusterCleanupPolicy, arg2 k8s_io_apimachinery_pkg_apis_meta_v1.UpdateOptions) (*github_com_kyverno_kyverno_api_kyverno_v2beta1.ClusterCleanupPolicy, error) {
+	var span trace.Span
+	if tracing.IsInSpan(arg0) {
+		arg0, span = tracing.StartChildSpan(
+			arg0,
+			"",
+			fmt.Sprintf("KUBE %s/%s/%s", c.client, c.kind, "Update"),
+			trace.WithAttributes(
+				tracing.KubeClientGroupKey.String(c.client),
+				tracing.KubeClientKindKey.String(c.kind),
+				tracing.KubeClientOperationKey.String("Update"),
+			),
+		)
+		defer span.End()
+	}
+	ret0, ret1 := c.inner.Update(arg0, arg1, arg2)
+	if span != nil {
+		tracing.SetSpanStatus(span, ret1)
+	}
+	return ret0, ret1
+}
+func (c *withTracing) UpdateStatus(arg0 context.Context, arg1 *github_com_kyverno_kyverno_api_kyverno_v2beta1.ClusterCleanupPolicy, arg2 k8s_io_apimachinery_pkg_apis_meta_v1.UpdateOptions) (*github_com_kyverno_kyverno_api_kyverno_v2beta1.ClusterCleanupPolicy, error) {
+	var span trace.Span
+	if tracing.IsInSpan(arg0) {
+		arg0, span = tracing.StartChildSpan(
+			arg0,
+			"",
+			fmt.Sprintf("KUBE %s/%s/%s", c.client, c.kind, "UpdateStatus"),
+			trace.WithAttributes(
+				tracing.KubeClientGroupKey.String(c.client),
+				tracing.KubeClientKindKey.String(c.kind),
+				tracing.KubeClientOperationKey.String("UpdateStatus"),
+			),
+		)
+		defer span.End()
+	}
+	ret0, ret1 := c.inner.UpdateStatus(arg0, arg1, arg2)
+	if span != nil {
+		tracing.SetSpanStatus(span, ret1)
+	}
+	return ret0, ret1
+}
+func (c *withTracing) Watch(arg0 context.Context, arg1 k8s_io_apimachinery_pkg_apis_meta_v1.ListOptions) (k8s_io_apimachinery_pkg_watch.Interface, error) {
+	var span trace.Span
+	if tracing.IsInSpan(arg0) {
+		arg0, span = tracing.StartChildSpan(
+			arg0,
+			"",
+			fmt.Sprintf("KUBE %s/%s/%s", c.client, c.kind, "Watch"),
+			trace.WithAttributes(
+				tracing.KubeClientGroupKey.String(c.client),
+				tracing.KubeClientKindKey.String(c.kind),
+				tracing.KubeClientOperationKey.String("Watch"),
+			),
+		)
+		defer span.End()
+	}
+	ret0, ret1 := c.inner.Watch(arg0, arg1)
+	if span != nil {
+		tracing.SetSpanStatus(span, ret1)
+	}
+	return ret0, ret1
+}
--- a/pkg/controllers/cleanup/controller.go
+++ b/pkg/controllers/cleanup/controller.go
@ -8,9 +8,10 @@ import (
 	kyvernov1 "github.com/kyverno/kyverno/api/kyverno/v1"
 	kyvernov1beta1 "github.com/kyverno/kyverno/api/kyverno/v1beta1"
 	kyvernov2alpha1 "github.com/kyverno/kyverno/api/kyverno/v2alpha1"
+	kyvernov2beta1 "github.com/kyverno/kyverno/api/kyverno/v2beta1"
 	"github.com/kyverno/kyverno/pkg/client/clientset/versioned"
-	kyvernov2alpha1informers "github.com/kyverno/kyverno/pkg/client/informers/externalversions/kyverno/v2alpha1"
-	kyvernov2alpha1listers "github.com/kyverno/kyverno/pkg/client/listers/kyverno/v2alpha1"
+	kyvernov2beta1informers "github.com/kyverno/kyverno/pkg/client/informers/externalversions/kyverno/v2beta1"
+	kyvernov2beta1listers "github.com/kyverno/kyverno/pkg/client/listers/kyverno/v2beta1"
 	"github.com/kyverno/kyverno/pkg/clients/dclient"
 	"github.com/kyverno/kyverno/pkg/config"
 	"github.com/kyverno/kyverno/pkg/controllers"
@ -40,8 +41,8 @@ type controller struct {
 	kyvernoClient versioned.Interface

 	// listers
-	cpolLister kyvernov2alpha1listers.ClusterCleanupPolicyLister
-	polLister  kyvernov2alpha1listers.CleanupPolicyLister
+	cpolLister kyvernov2beta1listers.ClusterCleanupPolicyLister
+	polLister  kyvernov2beta1listers.CleanupPolicyLister
 	nsLister   corev1listers.NamespaceLister

 	// queue
@ -70,8 +71,8 @@ const (
 func NewController(
 	client dclient.Interface,
 	kyvernoClient versioned.Interface,
-	cpolInformer kyvernov2alpha1informers.ClusterCleanupPolicyInformer,
-	polInformer kyvernov2alpha1informers.CleanupPolicyInformer,
+	cpolInformer kyvernov2beta1informers.ClusterCleanupPolicyInformer,
+	polInformer kyvernov2beta1informers.CleanupPolicyInformer,
 	nsLister corev1listers.NamespaceLister,
 	configuration config.Configuration,
 	cmResolver engineapi.ConfigmapResolver,
@ -358,17 +359,17 @@ func (c *controller) reconcile(ctx context.Context, logger logr.Logger, key, nam

 func (c *controller) updateCleanupPolicyStatus(ctx context.Context, policy kyvernov2alpha1.CleanupPolicyInterface, namespace string, time time.Time) {
 	switch obj := policy.(type) {
-	case *kyvernov2alpha1.ClusterCleanupPolicy:
+	case *kyvernov2beta1.ClusterCleanupPolicy:
 		latest := obj.DeepCopy()
 		latest.Status.LastExecutionTime.Time = time

-		new, _ := c.kyvernoClient.KyvernoV2alpha1().ClusterCleanupPolicies().UpdateStatus(ctx, latest, metav1.UpdateOptions{})
+		new, _ := c.kyvernoClient.KyvernoV2beta1().ClusterCleanupPolicies().UpdateStatus(ctx, latest, metav1.UpdateOptions{})
 		logging.V(3).Info("updated cluster cleanup policy status", "name", policy.GetName(), "status", new.Status)
-	case *kyvernov2alpha1.CleanupPolicy:
+	case *kyvernov2beta1.CleanupPolicy:
 		latest := obj.DeepCopy()
 		latest.Status.LastExecutionTime.Time = time

-		new, _ := c.kyvernoClient.KyvernoV2alpha1().CleanupPolicies(namespace).UpdateStatus(ctx, latest, metav1.UpdateOptions{})
+		new, _ := c.kyvernoClient.KyvernoV2beta1().CleanupPolicies(namespace).UpdateStatus(ctx, latest, metav1.UpdateOptions{})
 		logging.V(3).Info("updated cleanup policy status", "name", policy.GetName(), "namespace", policy.GetNamespace(), "status", new.Status)
 	}
 }
--- a/pkg/event/controller.go
+++ b/pkg/event/controller.go
@ -7,9 +7,9 @@ import (

 	"github.com/go-logr/logr"
 	kyvernov1informers "github.com/kyverno/kyverno/pkg/client/informers/externalversions/kyverno/v1"
-	kyvernov2alpha1informers "github.com/kyverno/kyverno/pkg/client/informers/externalversions/kyverno/v2alpha1"
+	kyvernov2beta1informers "github.com/kyverno/kyverno/pkg/client/informers/externalversions/kyverno/v2beta1"
 	kyvernov1listers "github.com/kyverno/kyverno/pkg/client/listers/kyverno/v1"
-	kyvernov2alpha1listers "github.com/kyverno/kyverno/pkg/client/listers/kyverno/v2alpha1"
+	kyvernov2beta1listers "github.com/kyverno/kyverno/pkg/client/listers/kyverno/v2beta1"
 	"github.com/kyverno/kyverno/pkg/clients/dclient"
 	kubeutils "github.com/kyverno/kyverno/pkg/utils/kube"
 	corev1 "k8s.io/api/core/v1"
@ -34,9 +34,9 @@ type generator struct {
 	// list/get policy
 	pLister kyvernov1listers.PolicyLister
 	// list/get cluster cleanup policy
-	clustercleanuppolLister kyvernov2alpha1listers.ClusterCleanupPolicyLister
+	clustercleanuppolLister kyvernov2beta1listers.ClusterCleanupPolicyLister
 	// list/get cleanup policy
-	cleanuppolLister kyvernov2alpha1listers.CleanupPolicyLister
+	cleanuppolLister kyvernov2beta1listers.CleanupPolicyLister
 	// queue to store event generation requests
 	queue workqueue.RateLimitingInterface
 	// events generated at policy controller
@ -98,8 +98,8 @@ func NewEventGenerator(
 func NewEventCleanupGenerator(
 	// source Source,
 	client dclient.Interface,
-	clustercleanuppolInformer kyvernov2alpha1informers.ClusterCleanupPolicyInformer,
-	cleanuppolInformer kyvernov2alpha1informers.CleanupPolicyInformer,
+	clustercleanuppolInformer kyvernov2beta1informers.ClusterCleanupPolicyInformer,
+	cleanuppolInformer kyvernov2beta1informers.CleanupPolicyInformer,
 	maxQueuedEvents int,
 	log logr.Logger,
 ) Controller {
--- a/pkg/utils/admission/exception.go
+++ b/pkg/utils/admission/exception.go
@ -3,20 +3,20 @@ package admission
 import (
 	"encoding/json"

-	kyvernov2alpha1 "github.com/kyverno/kyverno/api/kyverno/v2alpha1"
+	kyvernov2beta1 "github.com/kyverno/kyverno/api/kyverno/v2beta1"
 	admissionv1 "k8s.io/api/admission/v1"
 )

-func UnmarshalPolicyException(raw []byte) (*kyvernov2alpha1.PolicyException, error) {
-	var exception *kyvernov2alpha1.PolicyException
+func UnmarshalPolicyException(raw []byte) (*kyvernov2beta1.PolicyException, error) {
+	var exception *kyvernov2beta1.PolicyException
 	if err := json.Unmarshal(raw, &exception); err != nil {
 		return nil, err
 	}
 	return exception, nil
 }

-func GetPolicyExceptions(request admissionv1.AdmissionRequest) (*kyvernov2alpha1.PolicyException, *kyvernov2alpha1.PolicyException, error) {
-	var empty *kyvernov2alpha1.PolicyException
+func GetPolicyExceptions(request admissionv1.AdmissionRequest) (*kyvernov2beta1.PolicyException, *kyvernov2beta1.PolicyException, error) {
+	var empty *kyvernov2beta1.PolicyException
 	exception, err := UnmarshalPolicyException(request.Object.Raw)
 	if err != nil {
 		return exception, empty, err
--- a/pkg/validation/exception/validate.go
+++ b/pkg/validation/exception/validate.go
@ -4,7 +4,7 @@ import (
 	"context"

 	"github.com/go-logr/logr"
-	kyvernov2alpha1 "github.com/kyverno/kyverno/api/kyverno/v2alpha1"
+	kyvernov2beta1 "github.com/kyverno/kyverno/api/kyverno/v2beta1"
 )

 const (
@ -18,7 +18,7 @@ type ValidationOptions struct {
 }

 // Validate checks policy exception is valid
-func Validate(ctx context.Context, logger logr.Logger, polex *kyvernov2alpha1.PolicyException, opts ValidationOptions) ([]string, error) {
+func Validate(ctx context.Context, logger logr.Logger, polex *kyvernov2beta1.PolicyException, opts ValidationOptions) ([]string, error) {
 	var warnings []string
 	if !opts.Enabled {
 		warnings = append(warnings, disabledPolex)
--- a/pkg/validation/exception/validate_test.go
+++ b/pkg/validation/exception/validate_test.go
@ -4,7 +4,7 @@ import (
 	"context"
 	"testing"

-	"github.com/kyverno/kyverno/api/kyverno/v2alpha1"
+	"github.com/kyverno/kyverno/api/kyverno/v2beta1"
 	"github.com/kyverno/kyverno/pkg/logging"
 	admissionutils "github.com/kyverno/kyverno/pkg/utils/admission"
 	"gotest.tools/assert"
@ -27,7 +27,7 @@ func Test_Validate(t *testing.T) {
 					Enabled:   false,
 					Namespace: "kyverno",
 				},
-				resource: []byte(`{"apiVersion":"kyverno.io/v2alpha1","kind":"PolicyException","metadata":{"name":"enforce-label-exception","namespace":"delta"},"spec":{"exceptions":[{"policyName":"enforce-label","ruleNames":["enforce-label"]}],"match":{"any":[{"resources":{"kinds":["Pod"]}}]}}}`),
+				resource: []byte(`{"apiVersion":"kyverno.io/v2beta1","kind":"PolicyException","metadata":{"name":"enforce-label-exception","namespace":"delta"},"spec":{"exceptions":[{"policyName":"enforce-label","ruleNames":["enforce-label"]}],"match":{"any":[{"resources":{"kinds":["Pod"]}}]}}}`),
 			},
 			want: 1,
 		},
@ -38,7 +38,7 @@ func Test_Validate(t *testing.T) {
 					Enabled:   true,
 					Namespace: "kyverno",
 				},
-				resource: []byte(`{"apiVersion":"kyverno.io/v2alpha1","kind":"PolicyException","metadata":{"name":"enforce-label-exception","namespace":"delta"},"spec":{"exceptions":[{"policyName":"enforce-label","ruleNames":["enforce-label"]}],"match":{"any":[{"resources":{"kinds":["Pod"]}}]}}}`),
+				resource: []byte(`{"apiVersion":"kyverno.io/v2beta1","kind":"PolicyException","metadata":{"name":"enforce-label-exception","namespace":"delta"},"spec":{"exceptions":[{"policyName":"enforce-label","ruleNames":["enforce-label"]}],"match":{"any":[{"resources":{"kinds":["Pod"]}}]}}}`),
 			},
 			want: 1,
 		},
@ -49,7 +49,7 @@ func Test_Validate(t *testing.T) {
 					Enabled:   true,
 					Namespace: "kyverno",
 				},
-				resource: []byte(`{"apiVersion":"kyverno.io/v2alpha1","kind":"PolicyException","metadata":{"name":"enforce-label-exception","namespace":"kyverno"},"spec":{"exceptions":[{"policyName":"enforce-label","ruleNames":["enforce-label"]}],"match":{"any":[{"resources":{"kinds":["Pod"]}}]}}}`),
+				resource: []byte(`{"apiVersion":"kyverno.io/v2beta1","kind":"PolicyException","metadata":{"name":"enforce-label-exception","namespace":"kyverno"},"spec":{"exceptions":[{"policyName":"enforce-label","ruleNames":["enforce-label"]}],"match":{"any":[{"resources":{"kinds":["Pod"]}}]}}}`),
 			},
 			want: 0,
 		},
@ -60,7 +60,7 @@ func Test_Validate(t *testing.T) {
 					Enabled:   true,
 					Namespace: "",
 				},
-				resource: []byte(`{"apiVersion":"kyverno.io/v2alpha1","kind":"PolicyException","metadata":{"name":"enforce-label-exception","namespace":"kyverno"},"spec":{"exceptions":[{"policyName":"enforce-label","ruleNames":["enforce-label"]}],"match":{"any":[{"resources":{"kinds":["Pod"]}}]}}}`),
+				resource: []byte(`{"apiVersion":"kyverno.io/v2beta1","kind":"PolicyException","metadata":{"name":"enforce-label-exception","namespace":"kyverno"},"spec":{"exceptions":[{"policyName":"enforce-label","ruleNames":["enforce-label"]}],"match":{"any":[{"resources":{"kinds":["Pod"]}}]}}}`),
 			},
 			want: 0,
 		},
@ -84,12 +84,12 @@ func Test_ValidateVariables(t *testing.T) {
 	}{
 		{
 			name:     "Variable used.",
-			resource: []byte(`{"apiVersion":"kyverno.io/v2alpha1","kind":"PolicyException","metadata":{"name":"enforce-label-polex"},"spec":{"background":true,"exceptions":[{"policyName":"enforce-label","ruleNames":["enforce-label"]}],"match":{"any":[{"resources":{"kinds":["Pod"],"namespaces":["{{request.object.name}}"],"names":["{{request.userInfo.username}}"]}}]}}}`),
+			resource: []byte(`{"apiVersion":"kyverno.io/v2beta1","kind":"PolicyException","metadata":{"name":"enforce-label-polex"},"spec":{"background":true,"exceptions":[{"policyName":"enforce-label","ruleNames":["enforce-label"]}],"match":{"any":[{"resources":{"kinds":["Pod"],"namespaces":["{{request.object.name}}"],"names":["{{request.userInfo.username}}"]}}]}}}`),
 			error:    true,
 		},
 		{
 			name:     "Variable not used.",
-			resource: []byte(`{"apiVersion":"kyverno.io/v2alpha1","kind":"PolicyException","metadata":{"name":"enforce-label-polex"},"spec":{"background":true,"exceptions":[{"policyName":"enforce-label","ruleNames":["enforce-label"]}],"match":{"any":[{"resources":{"kinds":["Pod"]}}]}}}`),
+			resource: []byte(`{"apiVersion":"kyverno.io/v2beta1","kind":"PolicyException","metadata":{"name":"enforce-label-polex"},"spec":{"background":true,"exceptions":[{"policyName":"enforce-label","ruleNames":["enforce-label"]}],"match":{"any":[{"resources":{"kinds":["Pod"]}}]}}}`),
 			error:    false,
 		},
 	}
@ -97,7 +97,7 @@ func Test_ValidateVariables(t *testing.T) {
 		t.Run(c.name, func(t *testing.T) {
 			polex, err := admissionutils.UnmarshalPolicyException(c.resource)
 			assert.NilError(t, err)
-			err = v2alpha1.ValidateVariables(polex)
+			err = v2beta1.ValidateVariables(polex)
 			if c.error {
 				assert.Assert(t, err != nil)
 			} else {
--- a/test/conformance/kuttl/cleanup/clusterpolicy/cleanup-pod/policy.yaml
+++ b/test/conformance/kuttl/cleanup/clusterpolicy/cleanup-pod/policy.yaml
@ -1,4 +1,4 @@
-apiVersion: kyverno.io/v2alpha1
+apiVersion: kyverno.io/v2beta1
 kind: ClusterCleanupPolicy
 metadata:
  name: cleanup-pod
--- a/test/conformance/kuttl/cleanup/clusterpolicy/context-cleanup-pod/policy.yaml
+++ b/test/conformance/kuttl/cleanup/clusterpolicy/context-cleanup-pod/policy.yaml
@ -1,4 +1,4 @@
-apiVersion: kyverno.io/v2alpha1
+apiVersion: kyverno.io/v2beta1
 kind: ClusterCleanupPolicy
 metadata:
  name: cleanup-pod
--- a/test/conformance/kuttl/cleanup/policy/cleanup-pod/policy.yaml
+++ b/test/conformance/kuttl/cleanup/policy/cleanup-pod/policy.yaml
@ -1,4 +1,4 @@
-apiVersion: kyverno.io/v2alpha1
+apiVersion: kyverno.io/v2beta1
 kind: CleanupPolicy
 metadata:
  name: cleanup-pod
--- a/test/conformance/kuttl/cleanup/validation/cron-format/clusterpolicy.yaml
+++ b/test/conformance/kuttl/cleanup/validation/cron-format/clusterpolicy.yaml
@ -1,4 +1,4 @@
-apiVersion: kyverno.io/v2alpha1
+apiVersion: kyverno.io/v2beta1
 kind: ClusterCleanupPolicy
 metadata:
  name: cleanuppolicy
--- a/test/conformance/kuttl/cleanup/validation/cron-format/invalidpolicy.yaml
+++ b/test/conformance/kuttl/cleanup/validation/cron-format/invalidpolicy.yaml
@ -1,4 +1,4 @@
-apiVersion: kyverno.io/v2alpha1
+apiVersion: kyverno.io/v2beta1
 kind: CleanupPolicy
 metadata:
  name: cleanuppolicy
--- a/test/conformance/kuttl/cleanup/validation/cron-format/policy.yaml
+++ b/test/conformance/kuttl/cleanup/validation/cron-format/policy.yaml
@ -1,4 +1,4 @@
-apiVersion: kyverno.io/v2alpha1
+apiVersion: kyverno.io/v2beta1
 kind: CleanupPolicy
 metadata:
  name: cleanuppolicy
--- a/test/conformance/kuttl/cleanup/validation/no-user-info-in-match/cleanuppolicy-with-clusterroles.yaml
+++ b/test/conformance/kuttl/cleanup/validation/no-user-info-in-match/cleanuppolicy-with-clusterroles.yaml
@ -1,4 +1,4 @@
-apiVersion: kyverno.io/v2alpha1
+apiVersion: kyverno.io/v2beta1
 kind: ClusterCleanupPolicy
 metadata:
  name: cleanuppolicy
--- a/test/conformance/kuttl/cleanup/validation/no-user-info-in-match/cleanuppolicy-with-roles.yaml
+++ b/test/conformance/kuttl/cleanup/validation/no-user-info-in-match/cleanuppolicy-with-roles.yaml
@ -1,4 +1,4 @@
-apiVersion: kyverno.io/v2alpha1
+apiVersion: kyverno.io/v2beta1
 kind: ClusterCleanupPolicy
 metadata:
  name: cleanuppolicy
--- a/test/conformance/kuttl/cleanup/validation/no-user-info-in-match/cleanuppolicy-with-subjects.yaml
+++ b/test/conformance/kuttl/cleanup/validation/no-user-info-in-match/cleanuppolicy-with-subjects.yaml
@ -1,4 +1,4 @@
-apiVersion: kyverno.io/v2alpha1
+apiVersion: kyverno.io/v2beta1
 kind: ClusterCleanupPolicy
 metadata:
  name: cleanuppolicy
--- a/test/conformance/kuttl/cleanup/validation/not-supported-attributes-in-context/cleanuppolicy-with-configmap.yaml
+++ b/test/conformance/kuttl/cleanup/validation/not-supported-attributes-in-context/cleanuppolicy-with-configmap.yaml
@ -1,4 +1,4 @@
-apiVersion: kyverno.io/v2alpha1
+apiVersion: kyverno.io/v2beta1
 kind: ClusterCleanupPolicy
 metadata:
  name: cleanup-pod
--- a/test/conformance/kuttl/cleanup/validation/not-supported-attributes-in-context/cleanuppolicy-with-image-registry.yaml
+++ b/test/conformance/kuttl/cleanup/validation/not-supported-attributes-in-context/cleanuppolicy-with-image-registry.yaml
@ -1,4 +1,4 @@
-apiVersion: kyverno.io/v2alpha1
+apiVersion: kyverno.io/v2beta1
 kind: ClusterCleanupPolicy
 metadata:
  name: cleanup-pod
--- a/test/conformance/kuttl/exceptions/allows-rejects-creation/exception.yaml
+++ b/test/conformance/kuttl/exceptions/allows-rejects-creation/exception.yaml
@ -1,4 +1,4 @@
-apiVersion: kyverno.io/v2alpha1
+apiVersion: kyverno.io/v2beta1
 kind: PolicyException
 metadata:
  name: mynewpolex
--- a/test/conformance/kuttl/exceptions/applies-to-delete/exception.yaml
+++ b/test/conformance/kuttl/exceptions/applies-to-delete/exception.yaml
@ -1,4 +1,4 @@
-apiVersion: kyverno.io/v2alpha1
+apiVersion: kyverno.io/v2beta1
 kind: PolicyException
 metadata:
  name: delta-exception
--- a/test/conformance/kuttl/exceptions/background-mode/standard/exception-allowed.yaml
+++ b/test/conformance/kuttl/exceptions/background-mode/standard/exception-allowed.yaml
@ -1,4 +1,4 @@
-apiVersion: kyverno.io/v2alpha1
+apiVersion: kyverno.io/v2beta1
 kind: PolicyException
 metadata:
  name: polex-right
--- a/test/conformance/kuttl/exceptions/background-mode/standard/exception-rejected.yaml
+++ b/test/conformance/kuttl/exceptions/background-mode/standard/exception-rejected.yaml
@ -1,4 +1,4 @@
-apiVersion: kyverno.io/v2alpha1
+apiVersion: kyverno.io/v2beta1
 kind: PolicyException
 metadata:
  name: polex-wrong
--- a/test/conformance/kuttl/exceptions/check-variables/standard/exception-allowed.yaml
+++ b/test/conformance/kuttl/exceptions/check-variables/standard/exception-allowed.yaml
@ -1,4 +1,4 @@
-apiVersion: kyverno.io/v2alpha1
+apiVersion: kyverno.io/v2beta1
 kind: PolicyException
 metadata:
  name: polex-right
--- a/test/conformance/kuttl/exceptions/check-variables/standard/exception-rejected.yaml
+++ b/test/conformance/kuttl/exceptions/check-variables/standard/exception-rejected.yaml
@ -1,4 +1,4 @@
-apiVersion: kyverno.io/v2alpha1
+apiVersion: kyverno.io/v2beta1
 kind: PolicyException
 metadata:
  name: polex-wrong
--- a/test/conformance/kuttl/exceptions/events-creation/02-exception.yaml
+++ b/test/conformance/kuttl/exceptions/events-creation/02-exception.yaml
@ -3,7 +3,7 @@ kind: Namespace
 metadata:
  name: policy-exception-events-creation-polex-ns
 ---
-apiVersion: kyverno.io/v2alpha1
+apiVersion: kyverno.io/v2beta1
 kind: PolicyException
 metadata:
  name: policy-exception-allow-latest
--- a/test/conformance/kuttl/exceptions/only-for-specific-user/exception.yaml
+++ b/test/conformance/kuttl/exceptions/only-for-specific-user/exception.yaml
@ -1,4 +1,4 @@
-apiVersion: kyverno.io/v2alpha1
+apiVersion: kyverno.io/v2beta1
 kind: PolicyException
 metadata:
  name: mynewpolex
--- a/test/conformance/kuttl/exceptions/with-wildcard/exception.yaml
+++ b/test/conformance/kuttl/exceptions/with-wildcard/exception.yaml
@ -1,4 +1,4 @@
-apiVersion: kyverno.io/v2alpha1
+apiVersion: kyverno.io/v2beta1
 kind: PolicyException
 metadata:
  name: mynewpolex
--- a/test/conformance/kuttl/generate/validation/clusterpolicy/target-namespace-scope/policy-pass-3.yaml
+++ b/test/conformance/kuttl/generate/validation/clusterpolicy/target-namespace-scope/policy-pass-3.yaml
@ -27,7 +27,7 @@ spec:
          kinds:
          - PolicyException
    generate:
-      apiVersion: kyverno.io/v2alpha1
+      apiVersion: kyverno.io/v2beta1
      kind: ClusterCleanupPolicy
      name: polex-{{ request.namespace }}-{{ request.object.metadata.name }}-{{ random('[0-9a-z]{8}') }}
      synchronize: false
--- a/test/conformance/kuttl/policy-validation/cluster-policy/policy-exceptions-disabled/policy_exception.yaml
+++ b/test/conformance/kuttl/policy-validation/cluster-policy/policy-exceptions-disabled/policy_exception.yaml
@ -1,4 +1,4 @@
-apiVersion: kyverno.io/v2alpha1
+apiVersion: kyverno.io/v2beta1
 kind: PolicyException
 metadata:
  name: label-exception
--- a/test/conformance/kuttl/reports/admission/exception/exception.yaml
+++ b/test/conformance/kuttl/reports/admission/exception/exception.yaml
@ -1,4 +1,4 @@
-apiVersion: kyverno.io/v2alpha1
+apiVersion: kyverno.io/v2beta1
 kind: PolicyException
 metadata:
  name: mynewpolex
--- a/test/conformance/kuttl/reports/background/exception/exception.yaml
+++ b/test/conformance/kuttl/reports/background/exception/exception.yaml
@ -1,4 +1,4 @@
-apiVersion: kyverno.io/v2alpha1
+apiVersion: kyverno.io/v2beta1
 kind: PolicyException
 metadata:
  name: mynewpolex
--- a/test/conformance/kuttl/validate/clusterpolicy/standard/enforce/bypass-with-policy-exception/01-assert.yaml
+++ b/test/conformance/kuttl/validate/clusterpolicy/standard/enforce/bypass-with-policy-exception/01-assert.yaml
@ -18,7 +18,7 @@ metadata:
 status:
  replicas: 2
 ---
-apiVersion: kyverno.io/v2alpha1
+apiVersion: kyverno.io/v2beta1
 kind: PolicyException
 metadata:
  name: allow-scaling-nginx-test
--- a/test/conformance/kuttl/validate/clusterpolicy/standard/enforce/bypass-with-policy-exception/01-manifests.yaml
+++ b/test/conformance/kuttl/validate/clusterpolicy/standard/enforce/bypass-with-policy-exception/01-manifests.yaml
@ -48,7 +48,7 @@ spec:
        - image: nginx
          name: nginx
 ---
-apiVersion: kyverno.io/v2alpha1
+apiVersion: kyverno.io/v2beta1
 kind: PolicyException
 metadata:
  name: allow-scaling-nginx-test