cherry-pick kyverno#10678

Signed-off-by: ShutingZhao <[email protected]>
realshuting · Jul 18, 2024 · 297a7bd · 297a7bd
1 parent b7fb616
commit 297a7bd
Show file tree

Hide file tree

Showing 3 changed files with 2 additions and 52 deletions.
diff --git a/charts/kyverno/README.md b/charts/kyverno/README.md
@@ -769,7 +769,7 @@ The chart values are organised per component.
 | cleanupJobs.clusterAdmissionReports.podAntiAffinity | object | `{}` | Pod anti affinity constraints. |
 | cleanupJobs.clusterAdmissionReports.podAffinity | object | `{}` | Pod affinity constraints. |
 | cleanupJobs.clusterAdmissionReports.nodeAffinity | object | `{}` | Node affinity constraints. |
-| cleanupJobs.updateRequests.enabled | bool | `true` | Enable cleanup cronjob |
+| cleanupJobs.updateRequests.enabled | bool | `false` | Enable cleanup cronjob |
 | cleanupJobs.updateRequests.backoffLimit | int | `3` | Maximum number of retries before considering a Job as failed. Defaults to 3. |
 | cleanupJobs.updateRequests.ttlSecondsAfterFinished | string | `""` | Time until the pod from the cronjob is deleted |
 | cleanupJobs.updateRequests.image.registry | string | `nil` | Image registry |

diff --git a/charts/kyverno/values.yaml b/charts/kyverno/values.yaml
@@ -855,7 +855,7 @@ cleanupJobs:
   updateRequests:
 
     # -- Enable cleanup cronjob
-    enabled: true
+    enabled: false
 
     # -- Maximum number of retries before considering a Job as failed. Defaults to 3.
     backoffLimit: 3

diff --git a/config/install-latest-testing.yaml b/config/install-latest-testing.yaml
@@ -49589,53 +49589,3 @@ spec:
               seccompProfile:
                 type: RuntimeDefault
           restartPolicy: OnFailure
----
-apiVersion: batch/v1
-kind: CronJob
-metadata:
-  name: kyverno-cleanup-update-requests
-  namespace: kyverno
-  labels:
-    app.kubernetes.io/component: cleanup
-    app.kubernetes.io/instance: kyverno
-    app.kubernetes.io/part-of: kyverno
-    app.kubernetes.io/version: latest
-spec:
-  schedule: "*/10 * * * *"
-  concurrencyPolicy: Forbid
-  successfulJobsHistoryLimit: 1
-  failedJobsHistoryLimit: 1
-  jobTemplate:
-    spec:
-      backoffLimit: 3
-      template:
-        metadata:
-        spec:
-          serviceAccountName: kyverno-cleanup-jobs
-          containers:
-          - name: cleanup
-            image: "bitnami/kubectl:1.28.5"
-            imagePullPolicy: 
-            command:
-            - /bin/bash
-            - -c
-            - |
-              set -euo pipefail
-              COUNT=$(kubectl get updaterequests.kyverno.io -A | wc -l)
-              if [ "$COUNT" -gt 10000 ]; then
-                echo "too many updaterequests found ($COUNT), cleaning up..."
-                kubectl delete updaterequests.kyverno.io --all -n kyverno
-              else
-                echo "($COUNT) reports found, no clean up needed"
-              fi
-            securityContext:
-              allowPrivilegeEscalation: false
-              capabilities:
-                drop:
-                - ALL
-              privileged: false
-              readOnlyRootFilesystem: true
-              runAsNonRoot: true
-              seccompProfile:
-                type: RuntimeDefault
-          restartPolicy: OnFailure