fix(migrations/policy): delete objects before crds #336
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Summary 💡
When switching policy type from
kyverno
tonone
, delete first the objects using the APIs of the CRDs and then the CRDs. Otherwise we could sometimes end up in a race condition where the objects cannot be deleted because the APIs are not available anymore.Closes #335
Description 📝
Instead of building the whole kustomize base for Kyverno and piping it to the kubectl delete, the command that deletes Kyverno resources has been split into 2 commands that are applied separately, one after the other:
policies
andcore
, respectively.See the issue #335 for more details on the reasoning behind this PR.
Breaking Changes 💔
None
Tests performed 🧪
installDefaultPolicies
set tofalse
Future work 🔧
None, notice that now that we switched to kapp, the migration could be dropped entirely and let kapp handle the deletion.