-
Notifications
You must be signed in to change notification settings - Fork 131
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add cleanup steps to remove webook configurations #118
Conversation
Signed-off-by: Shuting Zhao <shutting06@gmail.com>
Per this comment kyverno/kyverno#1726 (comment), I'll have to verify if reordering resources' manifests solve the problem. If so, we do not need this doc. |
Signed-off-by: Shuting Zhao <shutting06@gmail.com>
This doesn't work due to kyverno/kyverno#1726 (comment). |
Signed-off-by: Shuting Zhao <shutting06@gmail.com>
|
||
### Clean up Webhook Configurations | ||
|
||
Kyverno by default will clean up all its webhook configurations during termination. While removing the entire manifests could result in failure of the cleanup process as it loses the permissions to delete the webhook configurations. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I don't understand the second sentence: "While removing the entire manifests..."
What manifests? I'm not clear under what circumstances a user may need to run the below commands you provide.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
When users run kubectl delete -f https://raw.githubusercontent.com/kyverno/kyverno/main/definitions/release/install.yaml
, it removes all resources including clusterRoles. Thus Kyverno cannot clean up webhook configurations due to lack of permissions, as I described in this issue. That's why I added these commands to remove them manually.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
So if a user installs Kyverno using the install.yaml
manifest, the only way to completely uninstall Kyverno is a two-step process: 1. Do a kubectl delete -f install.yaml
and then 2. manually remove the webhooks? Is that correct? This means that if Kyverno is installed with Helm, then this process is not needed? Is that part correct as well?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
- Do a kubectl delete -f install.yaml and then 2. manually remove the webhooks?
Yes, correct.
if Kyverno is installed with Helm, then this process is not needed?
No, the process is needed for both uninstall options. The user can use option 1 or 2 to remove Kyverno manifests, and then remove webhooks.
Maybe I can update the outlines to:
Uninstalling Kyverno
Remove Kyverno manifests
To uninstall Kyverno, use either the raw YAML manifest or Helm. The Kyverno deployment, RBAC resources, and all CRDs will be removed, including any reports.
Option 1 - Uninstall Kyverno with YAML manifest
Option 2 - Uninstall Kyverno with Helm
Clean up Webhook Configurations
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yeah, but it'll still be very helpful to write a sentence or two saying something like, "regardless which uninstallation method is chosen, webhooks will need to be manually removed as the final step. Use the below commands to delete those webhooks."
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Updated!
Signed-off-by: Shuting Zhao <shutting06@gmail.com>
Signed-off-by: Shuting Zhao <shutting06@gmail.com>
Signed-off-by: Shuting Zhao shutting06@gmail.com
Fixes kyverno/kyverno#1726.