Add cleanup steps to remove webook configurations #118
Conversation
Signed-off-by: Shuting Zhao <shutting06@gmail.com>
|
Per this comment kyverno/kyverno#1726 (comment), I'll have to verify if reordering resources' manifests solve the problem. If so, we do not need this doc. |
Signed-off-by: Shuting Zhao <shutting06@gmail.com>
This doesn't work due to kyverno/kyverno#1726 (comment). |
Signed-off-by: Shuting Zhao <shutting06@gmail.com>
|
|
||
| ### Clean up Webhook Configurations | ||
|
|
||
| Kyverno by default will clean up all its webhook configurations during termination. While removing the entire manifests could result in failure of the cleanup process as it loses the permissions to delete the webhook configurations. |
There was a problem hiding this comment.
I don't understand the second sentence: "While removing the entire manifests..."
What manifests? I'm not clear under what circumstances a user may need to run the below commands you provide.
There was a problem hiding this comment.
When users run kubectl delete -f https://raw.githubusercontent.com/kyverno/kyverno/main/definitions/release/install.yaml, it removes all resources including clusterRoles. Thus Kyverno cannot clean up webhook configurations due to lack of permissions, as I described in this issue. That's why I added these commands to remove them manually.
There was a problem hiding this comment.
So if a user installs Kyverno using the install.yaml manifest, the only way to completely uninstall Kyverno is a two-step process: 1. Do a kubectl delete -f install.yaml and then 2. manually remove the webhooks? Is that correct? This means that if Kyverno is installed with Helm, then this process is not needed? Is that part correct as well?
There was a problem hiding this comment.
- Do a kubectl delete -f install.yaml and then 2. manually remove the webhooks?
Yes, correct.
if Kyverno is installed with Helm, then this process is not needed?
No, the process is needed for both uninstall options. The user can use option 1 or 2 to remove Kyverno manifests, and then remove webhooks.
Maybe I can update the outlines to:
Uninstalling Kyverno
Remove Kyverno manifests
To uninstall Kyverno, use either the raw YAML manifest or Helm. The Kyverno deployment, RBAC resources, and all CRDs will be removed, including any reports.
Option 1 - Uninstall Kyverno with YAML manifest
Option 2 - Uninstall Kyverno with Helm
Clean up Webhook Configurations
There was a problem hiding this comment.
Yeah, but it'll still be very helpful to write a sentence or two saying something like, "regardless which uninstallation method is chosen, webhooks will need to be manually removed as the final step. Use the below commands to delete those webhooks."
Signed-off-by: Shuting Zhao <shutting06@gmail.com>
Signed-off-by: Shuting Zhao <shutting06@gmail.com>
Signed-off-by: Shuting Zhao shutting06@gmail.com
Fixes kyverno/kyverno#1726.