Zarf package remove fails ungracefully

runyontr commented 1 year ago

Lots of issue uninstalling and having hanging resources/namespaces/etc

MxNxPx commented 1 year ago

my first experience with it failing was disabling a BB component when packaging/deploying, and the remove failed because it tried to delete the HelmRelease for said component.

MxNxPx commented 1 year ago

The use of --ignore-not-found has fixed the remove from failing.

Assuming this is not desired, but there are still some orphaned components that remain after remove. Namely:

bigbang helm release
kyverno webhooks
configmaps (flux-grafana-dashboards & istio stuff)
secrets with helm values (istio, kyverno, monitoring, etc)
networkpolicy for flux
crds

Click for Details

```sh # kubectl get-all NAME NAMESPACE AGE componentstatus/controller-manager componentstatus/scheduler configmap/extension-apiserver-authentication kube-system 24m configmap/cluster-dns kube-system 24m configmap/local-path-config kube-system 24m configmap/chart-content-traefik kube-system 24m configmap/chart-values-traefik kube-system 24m configmap/chart-content-traefik-crd kube-system 24m configmap/chart-values-traefik-crd kube-system 24m configmap/kube-root-ca.crt default 24m configmap/kube-root-ca.crt kube-system 24m configmap/kube-root-ca.crt kube-public 24m configmap/kube-root-ca.crt kube-node-lease 24m configmap/coredns kube-system 24m configmap/kube-root-ca.crt zarf 24m configmap/rust-binary zarf 24m configmap/zarf-payload-000 zarf 24m configmap/zarf-payload-001 zarf 24m configmap/zarf-payload-002 zarf 24m configmap/zarf-payload-003 zarf 24m configmap/zarf-payload-004 zarf 24m configmap/zarf-payload-005 zarf 24m configmap/zarf-payload-006 zarf 24m configmap/zarf-payload-007 zarf 24m configmap/zarf-payload-008 zarf 24m configmap/zarf-payload-009 zarf 24m configmap/zarf-payload-010 zarf 24m configmap/zarf-payload-011 zarf 24m configmap/local-registry-hosting kube-public 23m configmap/kube-root-ca.crt flux-system 19m configmap/kube-root-ca.crt bigbang 19m configmap/kube-root-ca.crt tempo 19m configmap/kube-root-ca.crt kyverno 19m configmap/kube-root-ca.crt istio-operator 19m configmap/kube-root-ca.crt kiali 19m configmap/kube-root-ca.crt monitoring 19m configmap/kube-root-ca.crt istio-system 19m configmap/flux-grafana-dashboards monitoring 19m configmap/istio-ca-root-cert tempo 16m configmap/istio-ca-root-cert kyverno 16m configmap/istio-ca-root-cert istio-operator 16m configmap/istio-ca-root-cert istio-system 16m configmap/istio-ca-root-cert kiali 16m configmap/istio-ca-root-cert default 16m configmap/istio-ca-root-cert flux-system 16m configmap/istio-ca-root-cert bigbang 16m configmap/istio-ca-root-cert monitoring 16m configmap/istio-ca-root-cert zarf 16m configmap/istio-namespace-controller-election istio-system 16m configmap/istio-leader istio-system 16m configmap/istio-gateway-deployment-leader istio-system 16m configmap/istio-gateway-status-leader istio-system 16m endpoints/kubernetes default 24m endpoints/kube-dns kube-system 24m endpoints/metrics-server kube-system 24m endpoints/traefik kube-system 24m endpoints/agent-hook zarf 23m endpoints/zarf-gitea-http zarf 23m endpoints/zarf-gitea-ssh zarf 23m endpoints/monitoring-monitoring-kube-kubelet kube-system 15m endpoints/zarf-docker-registry zarf 24m namespace/default 24m namespace/kube-system 24m namespace/kube-public 24m namespace/kube-node-lease 24m namespace/zarf 24m namespace/flux-system 19m namespace/bigbang 19m namespace/tempo 19m namespace/kyverno 19m namespace/istio-operator 19m namespace/kiali 19m namespace/monitoring 19m namespace/istio-system 19m node/k3d-k3s-default-server-0 24m persistentvolumeclaim/zarf-docker-registry zarf 24m persistentvolumeclaim/data-zarf-gitea-0 zarf 23m persistentvolumeclaim/storage-tempo-tempo-0 tempo 14m persistentvolume/pvc-9ac858b9-7a02-4c68-abfc-9f4502f53c26 23m persistentvolume/pvc-e24e5d40-33a4-4861-b029-ba8aa2bbcf31 23m persistentvolume/pvc-b6cd65b5-09cb-469a-92d1-a5499035c2b0 14m pod/local-path-provisioner-7b7dc8d6f5-qzv4d kube-system 24m pod/coredns-b96499967-vc2j2 kube-system 24m pod/helm-install-traefik-crd-tcl4g kube-system 24m pod/svclb-traefik-5e53e87e-gcc9m kube-system 24m pod/helm-install-traefik-mlw79 kube-system 24m pod/metrics-server-668d979685-bzvv9 kube-system 24m pod/traefik-7cd4fcff68-lc4rq kube-system 24m pod/agent-hook-77d47bf978-b2tsb zarf 23m pod/agent-hook-77d47bf978-wc2hm zarf 23m pod/zarf-gitea-0 zarf 23m pod/zarf-docker-registry-5cd8966696-xwscs zarf 23m secret/k3s-serving kube-system 24m secret/k3d-k3s-default-server-0.node-password.k3s kube-system 24m secret/sh.helm.release.v1.traefik-crd.v1 kube-system 24m secret/sh.helm.release.v1.traefik.v1 kube-system 24m secret/zarf-state zarf 24m secret/private-registry zarf 24m secret/private-git-server zarf 24m secret/zarf-docker-registry-secret zarf 24m secret/sh.helm.release.v1.zarf-docker-registry.v1 zarf 24m secret/sh.helm.release.v1.zarf-docker-registry.v2 zarf 23m secret/sh.helm.release.v1.zarf-a0e2de5862bbc49ea7f205abbb4da84041fe9c74.v1 zarf 23m secret/private-registry kube-public 23m secret/private-git-server kube-public 23m secret/sh.helm.release.v1.zarf-6fd4933a3193a9565e76c479531ec18fbae1b512.v1 zarf 23m secret/agent-hook-tls zarf 23m secret/sh.helm.release.v1.zarf-d2db14ef40305397791454e883b26fc94ad9615d.v1 zarf 23m secret/zarf-gitea-init zarf 23m secret/zarf-gitea-inline-config zarf 23m secret/zarf-gitea zarf 23m secret/sh.helm.release.v1.zarf-gitea.v1 zarf 23m secret/sh.helm.release.v1.zarf-a71d4c4f4fdc7323c7a41c33f341227ee08e96cd.v1 zarf 23m secret/zarf-package-init zarf 23m secret/private-registry flux-system 19m secret/private-git-server flux-system 19m secret/private-registry bigbang 19m secret/private-git-server bigbang 19m secret/bigbang-istio-values bigbang 19m secret/bigbang-istio-operator-values bigbang 19m secret/private-registry kyverno 19m secret/private-registry monitoring 19m secret/private-registry tempo 19m secret/bigbang-kyverno-values bigbang 19m secret/private-registry kiali 19m secret/bigbang-monitoring-values bigbang 19m secret/bigbang-kiali-values bigbang 19m secret/private-registry istio-operator 19m secret/bigbang-tempo-values bigbang 19m secret/grafana-flux-auth monitoring 19m secret/private-registry istio-system 19m secret/bigbang-kyvernopolicies-values bigbang 19m secret/grafana-auth kiali 19m secret/sh.helm.release.v1.bigbang.v1 bigbang 19m secret/kyverno-kyverno-svc.kyverno.svc.kyverno-tls-ca kyverno 18m secret/kyverno-kyverno-svc.kyverno.svc.kyverno-tls-pair kyverno 18m secret/istio-ca-secret istio-system 16m secret/monitoring-monitoring-kube-admission monitoring 16m serviceaccount/generic-garbage-collector kube-system 24m serviceaccount/deployment-controller kube-system 24m serviceaccount/daemon-set-controller kube-system 24m serviceaccount/certificate-controller kube-system 24m serviceaccount/node-controller kube-system 24m serviceaccount/coredns kube-system 24m serviceaccount/local-path-provisioner-service-account kube-system 24m serviceaccount/metrics-server kube-system 24m serviceaccount/helm-traefik kube-system 24m serviceaccount/helm-traefik-crd kube-system 24m serviceaccount/root-ca-cert-publisher kube-system 24m serviceaccount/attachdetach-controller kube-system 24m serviceaccount/pvc-protection-controller kube-system 24m serviceaccount/endpointslice-controller kube-system 24m serviceaccount/replication-controller kube-system 24m serviceaccount/service-account-controller kube-system 24m serviceaccount/resourcequota-controller kube-system 24m serviceaccount/clusterrole-aggregation-controller kube-system 24m serviceaccount/pv-protection-controller kube-system 24m serviceaccount/job-controller kube-system 24m serviceaccount/horizontal-pod-autoscaler kube-system 24m serviceaccount/disruption-controller kube-system 24m serviceaccount/cronjob-controller kube-system 24m serviceaccount/ttl-controller kube-system 24m serviceaccount/expand-controller kube-system 24m serviceaccount/endpoint-controller kube-system 24m serviceaccount/persistent-volume-binder kube-system 24m serviceaccount/ttl-after-finished-controller kube-system 24m serviceaccount/pod-garbage-collector kube-system 24m serviceaccount/namespace-controller kube-system 24m serviceaccount/ephemeral-volume-controller kube-system 24m serviceaccount/endpointslicemirroring-controller kube-system 24m serviceaccount/replicaset-controller kube-system 24m serviceaccount/statefulset-controller kube-system 24m serviceaccount/default default 24m serviceaccount/default kube-system 24m serviceaccount/default kube-public 24m serviceaccount/default kube-node-lease 24m serviceaccount/traefik kube-system 24m serviceaccount/default zarf 24m serviceaccount/default flux-system 19m serviceaccount/default bigbang 19m serviceaccount/default tempo 19m serviceaccount/default kyverno 19m serviceaccount/default istio-operator 19m serviceaccount/default kiali 19m serviceaccount/default monitoring 19m serviceaccount/default istio-system 19m service/kubernetes default 24m service/kube-dns kube-system 24m service/metrics-server kube-system 24m service/traefik kube-system 24m service/zarf-docker-registry zarf 24m service/zarf-connect-registry zarf 23m service/agent-hook zarf 23m service/zarf-gitea-ssh zarf 23m service/zarf-gitea-http zarf 23m service/zarf-connect-git zarf 23m service/monitoring-monitoring-kube-kubelet kube-system 15m mutatingwebhookconfiguration.admissionregistration.k8s.io/zarf 23m mutatingwebhookconfiguration.admissionregistration.k8s.io/kyverno-policy-mutating-webhook-cfg 4m15s mutatingwebhookconfiguration.admissionregistration.k8s.io/kyverno-resource-mutating-webhook-cfg 4m15s mutatingwebhookconfiguration.admissionregistration.k8s.io/kyverno-verify-mutating-webhook-cfg 4m15s validatingwebhookconfiguration.admissionregistration.k8s.io/kyverno-policy-validating-webhook-cfg 4m15s validatingwebhookconfiguration.admissionregistration.k8s.io/kyverno-resource-validating-webhook-cfg 4m15s customresourcedefinition.apiextensions.k8s.io/addons.k3s.cattle.io 24m customresourcedefinition.apiextensions.k8s.io/helmcharts.helm.cattle.io 24m customresourcedefinition.apiextensions.k8s.io/helmchartconfigs.helm.cattle.io 24m customresourcedefinition.apiextensions.k8s.io/middlewaretcps.traefik.containo.us 24m customresourcedefinition.apiextensions.k8s.io/tlsoptions.traefik.containo.us 24m customresourcedefinition.apiextensions.k8s.io/ingressroutetcps.traefik.containo.us 24m customresourcedefinition.apiextensions.k8s.io/tlsstores.traefik.containo.us 24m customresourcedefinition.apiextensions.k8s.io/middlewares.traefik.containo.us 24m customresourcedefinition.apiextensions.k8s.io/serverstransports.traefik.containo.us 24m customresourcedefinition.apiextensions.k8s.io/traefikservices.traefik.containo.us 24m customresourcedefinition.apiextensions.k8s.io/ingressrouteudps.traefik.containo.us 24m customresourcedefinition.apiextensions.k8s.io/ingressroutes.traefik.containo.us 24m customresourcedefinition.apiextensions.k8s.io/authorizationpolicies.security.istio.io 17m customresourcedefinition.apiextensions.k8s.io/destinationrules.networking.istio.io 17m customresourcedefinition.apiextensions.k8s.io/envoyfilters.networking.istio.io 17m customresourcedefinition.apiextensions.k8s.io/gateways.networking.istio.io 17m customresourcedefinition.apiextensions.k8s.io/istiooperators.install.istio.io 17m customresourcedefinition.apiextensions.k8s.io/peerauthentications.security.istio.io 17m customresourcedefinition.apiextensions.k8s.io/proxyconfigs.networking.istio.io 17m customresourcedefinition.apiextensions.k8s.io/requestauthentications.security.istio.io 17m customresourcedefinition.apiextensions.k8s.io/serviceentries.networking.istio.io 17m customresourcedefinition.apiextensions.k8s.io/sidecars.networking.istio.io 17m customresourcedefinition.apiextensions.k8s.io/telemetries.telemetry.istio.io 17m customresourcedefinition.apiextensions.k8s.io/virtualservices.networking.istio.io 17m customresourcedefinition.apiextensions.k8s.io/wasmplugins.extensions.istio.io 17m customresourcedefinition.apiextensions.k8s.io/workloadentries.networking.istio.io 17m customresourcedefinition.apiextensions.k8s.io/workloadgroups.networking.istio.io 17m customresourcedefinition.apiextensions.k8s.io/alertmanagerconfigs.monitoring.coreos.com 16m customresourcedefinition.apiextensions.k8s.io/alertmanagers.monitoring.coreos.com 16m customresourcedefinition.apiextensions.k8s.io/servicemonitors.monitoring.coreos.com 19m customresourcedefinition.apiextensions.k8s.io/podmonitors.monitoring.coreos.com 16m customresourcedefinition.apiextensions.k8s.io/probes.monitoring.coreos.com 16m customresourcedefinition.apiextensions.k8s.io/prometheuses.monitoring.coreos.com 16m customresourcedefinition.apiextensions.k8s.io/prometheusrules.monitoring.coreos.com 16m customresourcedefinition.apiextensions.k8s.io/thanosrulers.monitoring.coreos.com 16m customresourcedefinition.apiextensions.k8s.io/kialis.kiali.io 14m apiservice.apiregistration.k8s.io/v1.apiextensions.k8s.io 24m apiservice.apiregistration.k8s.io/v1.admissionregistration.k8s.io 24m apiservice.apiregistration.k8s.io/v1. 24m apiservice.apiregistration.k8s.io/v1.authentication.k8s.io 24m apiservice.apiregistration.k8s.io/v1.apps 24m apiservice.apiregistration.k8s.io/v1.authorization.k8s.io 24m apiservice.apiregistration.k8s.io/v1.autoscaling 24m apiservice.apiregistration.k8s.io/v2beta2.autoscaling 24m apiservice.apiregistration.k8s.io/v2beta1.autoscaling 24m apiservice.apiregistration.k8s.io/v1.batch 24m apiservice.apiregistration.k8s.io/v1beta1.batch 24m apiservice.apiregistration.k8s.io/v2.autoscaling 24m apiservice.apiregistration.k8s.io/v1.certificates.k8s.io 24m apiservice.apiregistration.k8s.io/v1.coordination.k8s.io 24m apiservice.apiregistration.k8s.io/v1.discovery.k8s.io 24m apiservice.apiregistration.k8s.io/v1beta1.discovery.k8s.io 24m apiservice.apiregistration.k8s.io/v1.events.k8s.io 24m apiservice.apiregistration.k8s.io/v1beta1.flowcontrol.apiserver.k8s.io 24m apiservice.apiregistration.k8s.io/v1beta2.flowcontrol.apiserver.k8s.io 24m apiservice.apiregistration.k8s.io/v1.networking.k8s.io 24m apiservice.apiregistration.k8s.io/v1beta1.events.k8s.io 24m apiservice.apiregistration.k8s.io/v1.node.k8s.io 24m apiservice.apiregistration.k8s.io/v1beta1.node.k8s.io 24m apiservice.apiregistration.k8s.io/v1.policy 24m apiservice.apiregistration.k8s.io/v1beta1.policy 24m apiservice.apiregistration.k8s.io/v1.rbac.authorization.k8s.io 24m apiservice.apiregistration.k8s.io/v1.storage.k8s.io 24m apiservice.apiregistration.k8s.io/v1beta1.storage.k8s.io 24m apiservice.apiregistration.k8s.io/v1.scheduling.k8s.io 24m apiservice.apiregistration.k8s.io/v1.k3s.cattle.io 24m apiservice.apiregistration.k8s.io/v1.helm.cattle.io 24m apiservice.apiregistration.k8s.io/v1alpha1.traefik.containo.us 24m apiservice.apiregistration.k8s.io/v1.monitoring.coreos.com 19m apiservice.apiregistration.k8s.io/v1alpha1.install.istio.io 17m apiservice.apiregistration.k8s.io/v1alpha1.extensions.istio.io 17m apiservice.apiregistration.k8s.io/v1beta1.networking.istio.io 17m apiservice.apiregistration.k8s.io/v1alpha3.networking.istio.io 17m apiservice.apiregistration.k8s.io/v1beta1.security.istio.io 17m apiservice.apiregistration.k8s.io/v1alpha1.telemetry.istio.io 17m apiservice.apiregistration.k8s.io/v1alpha1.monitoring.coreos.com 16m apiservice.apiregistration.k8s.io/v1alpha1.kiali.io 14m controllerrevision.apps/svclb-traefik-5e53e87e-788cbf95d6 kube-system 24m controllerrevision.apps/zarf-gitea-5f5bcdc557 zarf 23m daemonset.apps/svclb-traefik-5e53e87e kube-system 24m deployment.apps/local-path-provisioner kube-system 24m deployment.apps/coredns kube-system 24m deployment.apps/metrics-server kube-system 24m deployment.apps/traefik kube-system 24m deployment.apps/agent-hook zarf 23m deployment.apps/zarf-docker-registry zarf 24m replicaset.apps/local-path-provisioner-7b7dc8d6f5 kube-system 24m replicaset.apps/coredns-b96499967 kube-system 24m replicaset.apps/metrics-server-668d979685 kube-system 24m replicaset.apps/traefik-7cd4fcff68 kube-system 24m replicaset.apps/zarf-docker-registry-f4d8b9cc7 zarf 24m replicaset.apps/agent-hook-77d47bf978 zarf 23m replicaset.apps/zarf-docker-registry-5cd8966696 zarf 23m statefulset.apps/zarf-gitea zarf 23m horizontalpodautoscaler.autoscaling/zarf-docker-registry zarf 24m job.batch/helm-install-traefik-crd kube-system 24m job.batch/helm-install-traefik kube-system 24m lease.coordination.k8s.io/kyvernopre-lock kyverno 18m lease.coordination.k8s.io/kyvernopre kyverno 18m lease.coordination.k8s.io/istio-operator-lock istio-operator 17m lease.coordination.k8s.io/kyverno-health kyverno 18m lease.coordination.k8s.io/kyverno kyverno 18m lease.coordination.k8s.io/helm-controller-leader-election flux-system 19m lease.coordination.k8s.io/notification-controller-leader-election flux-system 19m lease.coordination.k8s.io/source-controller-leader-election flux-system 19m lease.coordination.k8s.io/kustomize-controller-leader-election flux-system 19m lease.coordination.k8s.io/k3d-k3s-default-server-0 kube-node-lease 24m endpointslice.discovery.k8s.io/kubernetes default 24m endpointslice.discovery.k8s.io/kube-dns-mx5l5 kube-system 24m endpointslice.discovery.k8s.io/metrics-server-5nsps kube-system 24m endpointslice.discovery.k8s.io/traefik-xxpx8 kube-system 24m endpointslice.discovery.k8s.io/agent-hook-gr97q zarf 23m endpointslice.discovery.k8s.io/zarf-gitea-ssh-nbg5z zarf 23m endpointslice.discovery.k8s.io/zarf-gitea-http-p4n7x zarf 23m endpointslice.discovery.k8s.io/monitoring-monitoring-kube-kubelet-kwz6g kube-system 15m endpointslice.discovery.k8s.io/zarf-docker-registry-69fvn zarf 24m flowschema.flowcontrol.apiserver.k8s.io/system-nodes 24m flowschema.flowcontrol.apiserver.k8s.io/system-node-high 24m flowschema.flowcontrol.apiserver.k8s.io/system-leader-election 24m flowschema.flowcontrol.apiserver.k8s.io/workload-leader-election 24m flowschema.flowcontrol.apiserver.k8s.io/endpoint-controller 24m flowschema.flowcontrol.apiserver.k8s.io/kube-controller-manager 24m flowschema.flowcontrol.apiserver.k8s.io/kube-scheduler 24m flowschema.flowcontrol.apiserver.k8s.io/service-accounts 24m flowschema.flowcontrol.apiserver.k8s.io/catch-all 24m flowschema.flowcontrol.apiserver.k8s.io/kube-system-service-accounts 24m flowschema.flowcontrol.apiserver.k8s.io/global-default 24m flowschema.flowcontrol.apiserver.k8s.io/exempt 24m flowschema.flowcontrol.apiserver.k8s.io/probes 24m prioritylevelconfiguration.flowcontrol.apiserver.k8s.io/system 24m prioritylevelconfiguration.flowcontrol.apiserver.k8s.io/node-high 24m prioritylevelconfiguration.flowcontrol.apiserver.k8s.io/leader-election 24m prioritylevelconfiguration.flowcontrol.apiserver.k8s.io/workload-high 24m prioritylevelconfiguration.flowcontrol.apiserver.k8s.io/workload-low 24m prioritylevelconfiguration.flowcontrol.apiserver.k8s.io/global-default 24m prioritylevelconfiguration.flowcontrol.apiserver.k8s.io/catch-all 24m prioritylevelconfiguration.flowcontrol.apiserver.k8s.io/exempt 24m helmchart.helm.cattle.io/traefik-crd kube-system 24m helmchart.helm.cattle.io/traefik kube-system 24m addon.k3s.cattle.io/ccm kube-system 24m addon.k3s.cattle.io/local-storage kube-system 24m addon.k3s.cattle.io/aggregated-metrics-reader kube-system 24m addon.k3s.cattle.io/auth-delegator kube-system 24m addon.k3s.cattle.io/auth-reader kube-system 24m addon.k3s.cattle.io/metrics-apiservice kube-system 24m addon.k3s.cattle.io/metrics-server-deployment kube-system 24m addon.k3s.cattle.io/metrics-server-service kube-system 24m addon.k3s.cattle.io/resource-reader kube-system 24m addon.k3s.cattle.io/rolebindings kube-system 24m addon.k3s.cattle.io/traefik kube-system 24m addon.k3s.cattle.io/coredns kube-system 24m networkpolicy.networking.k8s.io/allow-from-flux monitoring 19m poddisruptionbudget.policy/zarf-docker-registry zarf 24m clusterrolebinding.rbac.authorization.k8s.io/cluster-admin 24m clusterrolebinding.rbac.authorization.k8s.io/system:monitoring 24m clusterrolebinding.rbac.authorization.k8s.io/system:discovery 24m clusterrolebinding.rbac.authorization.k8s.io/system:basic-user 24m clusterrolebinding.rbac.authorization.k8s.io/system:public-info-viewer 24m clusterrolebinding.rbac.authorization.k8s.io/system:node-proxier 24m clusterrolebinding.rbac.authorization.k8s.io/system:kube-controller-manager 24m clusterrolebinding.rbac.authorization.k8s.io/system:kube-dns 24m clusterrolebinding.rbac.authorization.k8s.io/system:kube-scheduler 24m clusterrolebinding.rbac.authorization.k8s.io/system:volume-scheduler 24m clusterrolebinding.rbac.authorization.k8s.io/system:node 24m clusterrolebinding.rbac.authorization.k8s.io/system:service-account-issuer-discovery 24m clusterrolebinding.rbac.authorization.k8s.io/system:controller:attachdetach-controller 24m clusterrolebinding.rbac.authorization.k8s.io/system:controller:clusterrole-aggregation-controller 24m clusterrolebinding.rbac.authorization.k8s.io/system:controller:cronjob-controller 24m clusterrolebinding.rbac.authorization.k8s.io/system:controller:daemon-set-controller 24m clusterrolebinding.rbac.authorization.k8s.io/system:controller:deployment-controller 24m clusterrolebinding.rbac.authorization.k8s.io/system:controller:disruption-controller 24m clusterrolebinding.rbac.authorization.k8s.io/system:controller:endpoint-controller 24m clusterrolebinding.rbac.authorization.k8s.io/system:controller:endpointslice-controller 24m clusterrolebinding.rbac.authorization.k8s.io/system:controller:endpointslicemirroring-controller 24m clusterrolebinding.rbac.authorization.k8s.io/system:controller:expand-controller 24m clusterrolebinding.rbac.authorization.k8s.io/system:controller:ephemeral-volume-controller 24m clusterrolebinding.rbac.authorization.k8s.io/system:controller:generic-garbage-collector 24m clusterrolebinding.rbac.authorization.k8s.io/system:controller:horizontal-pod-autoscaler 24m clusterrolebinding.rbac.authorization.k8s.io/system:controller:job-controller 24m clusterrolebinding.rbac.authorization.k8s.io/system:controller:namespace-controller 24m clusterrolebinding.rbac.authorization.k8s.io/system:controller:node-controller 24m clusterrolebinding.rbac.authorization.k8s.io/system:controller:persistent-volume-binder 24m clusterrolebinding.rbac.authorization.k8s.io/system:controller:pod-garbage-collector 24m clusterrolebinding.rbac.authorization.k8s.io/system:controller:replicaset-controller 24m clusterrolebinding.rbac.authorization.k8s.io/system:controller:replication-controller 24m clusterrolebinding.rbac.authorization.k8s.io/system:controller:resourcequota-controller 24m clusterrolebinding.rbac.authorization.k8s.io/system:controller:route-controller 24m clusterrolebinding.rbac.authorization.k8s.io/system:controller:service-account-controller 24m clusterrolebinding.rbac.authorization.k8s.io/system:controller:service-controller 24m clusterrolebinding.rbac.authorization.k8s.io/system:controller:statefulset-controller 24m clusterrolebinding.rbac.authorization.k8s.io/system:controller:ttl-controller 24m clusterrolebinding.rbac.authorization.k8s.io/system:controller:certificate-controller 24m clusterrolebinding.rbac.authorization.k8s.io/system:controller:pvc-protection-controller 24m clusterrolebinding.rbac.authorization.k8s.io/system:controller:pv-protection-controller 24m clusterrolebinding.rbac.authorization.k8s.io/system:controller:ttl-after-finished-controller 24m clusterrolebinding.rbac.authorization.k8s.io/system:controller:root-ca-cert-publisher 24m clusterrolebinding.rbac.authorization.k8s.io/k3s-cloud-controller-manager 24m clusterrolebinding.rbac.authorization.k8s.io/k3s-cloud-controller-manager-auth-delegator 24m clusterrolebinding.rbac.authorization.k8s.io/system:coredns 24m clusterrolebinding.rbac.authorization.k8s.io/local-path-provisioner-bind 24m clusterrolebinding.rbac.authorization.k8s.io/metrics-server:system:auth-delegator 24m clusterrolebinding.rbac.authorization.k8s.io/system:metrics-server 24m clusterrolebinding.rbac.authorization.k8s.io/kube-apiserver-kubelet-admin 24m clusterrolebinding.rbac.authorization.k8s.io/system:k3s-controller 24m clusterrolebinding.rbac.authorization.k8s.io/helm-kube-system-traefik 24m clusterrolebinding.rbac.authorization.k8s.io/helm-kube-system-traefik-crd 24m clusterrolebinding.rbac.authorization.k8s.io/traefik 24m clusterrole.rbac.authorization.k8s.io/cluster-admin 24m clusterrole.rbac.authorization.k8s.io/system:discovery 24m clusterrole.rbac.authorization.k8s.io/system:monitoring 24m clusterrole.rbac.authorization.k8s.io/system:basic-user 24m clusterrole.rbac.authorization.k8s.io/system:public-info-viewer 24m clusterrole.rbac.authorization.k8s.io/system:aggregate-to-admin 24m clusterrole.rbac.authorization.k8s.io/system:aggregate-to-edit 24m clusterrole.rbac.authorization.k8s.io/system:aggregate-to-view 24m clusterrole.rbac.authorization.k8s.io/system:heapster 24m clusterrole.rbac.authorization.k8s.io/system:node 24m clusterrole.rbac.authorization.k8s.io/system:node-problem-detector 24m clusterrole.rbac.authorization.k8s.io/system:kubelet-api-admin 24m clusterrole.rbac.authorization.k8s.io/system:node-bootstrapper 24m clusterrole.rbac.authorization.k8s.io/system:auth-delegator 24m clusterrole.rbac.authorization.k8s.io/system:kube-aggregator 24m clusterrole.rbac.authorization.k8s.io/system:kube-controller-manager 24m clusterrole.rbac.authorization.k8s.io/system:kube-dns 24m clusterrole.rbac.authorization.k8s.io/system:persistent-volume-provisioner 24m clusterrole.rbac.authorization.k8s.io/system:certificates.k8s.io:certificatesigningrequests:nodeclient 24m clusterrole.rbac.authorization.k8s.io/system:certificates.k8s.io:certificatesigningrequests:selfnodeclient 24m clusterrole.rbac.authorization.k8s.io/system:volume-scheduler 24m clusterrole.rbac.authorization.k8s.io/system:certificates.k8s.io:legacy-unknown-approver 24m clusterrole.rbac.authorization.k8s.io/system:certificates.k8s.io:kubelet-serving-approver 24m clusterrole.rbac.authorization.k8s.io/system:certificates.k8s.io:kube-apiserver-client-approver 24m clusterrole.rbac.authorization.k8s.io/system:certificates.k8s.io:kube-apiserver-client-kubelet-approver 24m clusterrole.rbac.authorization.k8s.io/system:service-account-issuer-discovery 24m clusterrole.rbac.authorization.k8s.io/system:node-proxier 24m clusterrole.rbac.authorization.k8s.io/system:kube-scheduler 24m clusterrole.rbac.authorization.k8s.io/system:controller:attachdetach-controller 24m clusterrole.rbac.authorization.k8s.io/system:controller:clusterrole-aggregation-controller 24m clusterrole.rbac.authorization.k8s.io/system:controller:cronjob-controller 24m clusterrole.rbac.authorization.k8s.io/system:controller:daemon-set-controller 24m clusterrole.rbac.authorization.k8s.io/system:controller:deployment-controller 24m clusterrole.rbac.authorization.k8s.io/system:controller:disruption-controller 24m clusterrole.rbac.authorization.k8s.io/system:controller:endpoint-controller 24m clusterrole.rbac.authorization.k8s.io/system:controller:endpointslice-controller 24m clusterrole.rbac.authorization.k8s.io/system:controller:endpointslicemirroring-controller 24m clusterrole.rbac.authorization.k8s.io/system:controller:expand-controller 24m clusterrole.rbac.authorization.k8s.io/system:controller:ephemeral-volume-controller 24m clusterrole.rbac.authorization.k8s.io/system:controller:generic-garbage-collector 24m clusterrole.rbac.authorization.k8s.io/system:controller:horizontal-pod-autoscaler 24m clusterrole.rbac.authorization.k8s.io/system:controller:job-controller 24m clusterrole.rbac.authorization.k8s.io/system:controller:namespace-controller 24m clusterrole.rbac.authorization.k8s.io/system:controller:node-controller 24m clusterrole.rbac.authorization.k8s.io/system:controller:persistent-volume-binder 24m clusterrole.rbac.authorization.k8s.io/system:controller:pod-garbage-collector 24m clusterrole.rbac.authorization.k8s.io/system:controller:replicaset-controller 24m clusterrole.rbac.authorization.k8s.io/system:controller:replication-controller 24m clusterrole.rbac.authorization.k8s.io/system:controller:resourcequota-controller 24m clusterrole.rbac.authorization.k8s.io/system:controller:route-controller 24m clusterrole.rbac.authorization.k8s.io/system:controller:service-account-controller 24m clusterrole.rbac.authorization.k8s.io/system:controller:service-controller 24m clusterrole.rbac.authorization.k8s.io/system:controller:statefulset-controller 24m clusterrole.rbac.authorization.k8s.io/system:controller:ttl-controller 24m clusterrole.rbac.authorization.k8s.io/system:controller:certificate-controller 24m clusterrole.rbac.authorization.k8s.io/system:controller:pvc-protection-controller 24m clusterrole.rbac.authorization.k8s.io/system:controller:pv-protection-controller 24m clusterrole.rbac.authorization.k8s.io/system:controller:ttl-after-finished-controller 24m clusterrole.rbac.authorization.k8s.io/system:controller:root-ca-cert-publisher 24m clusterrole.rbac.authorization.k8s.io/k3s-cloud-controller-manager 24m clusterrole.rbac.authorization.k8s.io/system:coredns 24m clusterrole.rbac.authorization.k8s.io/local-path-provisioner-role 24m clusterrole.rbac.authorization.k8s.io/system:aggregated-metrics-reader 24m clusterrole.rbac.authorization.k8s.io/system:metrics-server 24m clusterrole.rbac.authorization.k8s.io/system:k3s-controller 24m clusterrole.rbac.authorization.k8s.io/view 24m clusterrole.rbac.authorization.k8s.io/edit 24m clusterrole.rbac.authorization.k8s.io/traefik 24m clusterrole.rbac.authorization.k8s.io/admin 24m rolebinding.rbac.authorization.k8s.io/system::extension-apiserver-authentication-reader kube-system 24m rolebinding.rbac.authorization.k8s.io/system::leader-locking-kube-controller-manager kube-system 24m rolebinding.rbac.authorization.k8s.io/system::leader-locking-kube-scheduler kube-system 24m rolebinding.rbac.authorization.k8s.io/system:controller:bootstrap-signer kube-system 24m rolebinding.rbac.authorization.k8s.io/system:controller:cloud-provider kube-system 24m rolebinding.rbac.authorization.k8s.io/system:controller:token-cleaner kube-system 24m rolebinding.rbac.authorization.k8s.io/system:controller:bootstrap-signer kube-public 24m rolebinding.rbac.authorization.k8s.io/k3s-cloud-controller-manager-authentication-reader kube-system 24m rolebinding.rbac.authorization.k8s.io/metrics-server-auth-reader kube-system 24m rolebinding.rbac.authorization.k8s.io/kiali-controlplane istio-system 13m role.rbac.authorization.k8s.io/extension-apiserver-authentication-reader kube-system 24m role.rbac.authorization.k8s.io/system:controller:bootstrap-signer kube-system 24m role.rbac.authorization.k8s.io/system:controller:cloud-provider kube-system 24m role.rbac.authorization.k8s.io/system:controller:token-cleaner kube-system 24m role.rbac.authorization.k8s.io/system::leader-locking-kube-controller-manager kube-system 24m role.rbac.authorization.k8s.io/system::leader-locking-kube-scheduler kube-system 24m role.rbac.authorization.k8s.io/system:controller:bootstrap-signer kube-public 24m role.rbac.authorization.k8s.io/kiali-controlplane istio-system 13m priorityclass.scheduling.k8s.io/system-node-critical 24m priorityclass.scheduling.k8s.io/system-cluster-critical 24m csinode.storage.k8s.io/k3d-k3s-default-server-0 24m storageclass.storage.k8s.io/local-path 24m ingressroute.traefik.containo.us/traefik-dashboard kube-system 24m ```

MxNxPx commented 1 year ago

@runyontr - what would you think about rearranging the zarf.yaml actions.onRemove.before so the kyverno HR delete is before the kyverno webhook cleanups?

          - cmd: ./zarf tools kubectl delete helmrelease -n bigbang kyvernopolicies --ignore-not-found
            description: Delete kyvernopolicies
          - cmd: ./zarf tools kubectl delete helmrelease -n bigbang kyverno --ignore-not-found
            description: Delete kyverno
          - cmd: ./zarf tools kubectl delete validatingwebhookconfigurations.admissionregistration.k8s.io kyverno-policy-validating-webhook-cfg kyverno-resource-validating-webhook-cfg  --ignore-not-found
            description: Cleanup validating webhoooks from kyverno
          - cmd: ./zarf tools kubectl delete mutatingwebhookconfigurations.admissionregistration.k8s.io kyverno-policy-mutating-webhook-cfg kyverno-resource-mutating-webhook-cfg kyverno-verify-mutating-webhook-cfg  --ignore-not-found
            description: Cleanup mutating webhooks from kyverno

in my testing, this removed the kyverno components without the lingering webhooks remaining on zarf package remove.

runyontr commented 1 year ago

Sounds great to me!

runyontr commented 1 year ago

@MxNxPx do you want to make this contribution?

defenseunicorns / uds-package-dubbd

Zarf package remove fails ungracefully #12