feat: Add delete-pre-1.11-policyreports-job to postinstall hook

kubewarden / helm-charts

Helm charts for the Kubewarden project

Apache License 2.0

25 stars 16 forks source link

feat: Add delete-pre-1.11-policyreports-job to postinstall hook #410

Closed viccuad closed 5 months ago

viccuad commented 5 months ago

Description

Part of https://github.com/kubewarden/helm-charts/issues/408 Depends on audit-scanner 1.11.0-rc6 shipping https://github.com/kubewarden/audit-scanner/pull/231.

This job deletes all pre 1.11 (Cluster)PolicyReports, by matching and deleting those reports that lack the label kubewarden.io/policyreport-version.

Test

Tested locally by running the kubectl command, helm hook untested.

Additional Information

Tradeoff

Potential improvement

viccuad commented 5 months ago

Fixed namespace selector, and changed ServiceAccount to the default of the audit-scanner. Also, changed job name to be compliant.

Tested succesfully by: deployed cluster with fake workload and policies targetting it, installed 1.10 to create old reports, installed 1.11.0-rc6 with audit-scanner 1.11.0-rc6 to create newly labeled reports, installed this PR and verified the hook deletes all unlabeled reports.