jkleinlercher
commented
5 days ago webhooks prevent others to get deleted, so we need to do manual https://kyverno.io/docs/installation/uninstallation/#clean-up-webhooks
and also the clusterpolicies don't get deleted automatically, which prevents the app from getting deleted. We need to remove finalizers on the clusterpolicy resources manually to delete the app.
The webhooks should get cleaned up by helm hooks, but probably only when the application gets deleted: https://github.com/kyverno/kyverno/blob/main/charts/kyverno/templates/hooks/pre-delete-scale-to-zero.yaml
Since the clusterpolicies didn't get deleted, the app didn't get deleted and so also the webhooks are still there.
ClusterPolicy deletion results in a admissioncontroller webhook call to kyverno, which is already stopped. So the defined ClusterPolicies need to get deleted before the kyverno webhook server.
btw: although we exclude kyverno namespace for webhook call, clusterpolicies are cluster scoped, not in kyverno ns https://kyverno.io/docs/installation/customization/#namespace-selectors
webhooks prevent others to get deleted, so we need to do manual https://kyverno.io/docs/installation/uninstallation/#clean-up-webhooks
and also the clusterpolicies don't get deleted automatically, which prevents the app from getting deleted. We need to remove finalizers on the clusterpolicy resources manually to delete the app.
The webhooks should get cleaned up by helm hooks, but probably only when the application gets deleted: https://github.com/kyverno/kyverno/blob/main/charts/kyverno/templates/hooks/pre-delete-scale-to-zero.yaml
Since the clusterpolicies didn't get deleted, the app didn't get deleted and so also the webhooks are still there.