From 819d9bf5409565db31aa609c2223b6435d3e980e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fran=C3=A7ois=20Blondel?= Date: Thu, 26 Sep 2024 10:23:09 +0200 Subject: [PATCH] chore: remove uneeded cleanupJobs keys from values.yaml and README (#11242) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Looks like this was mistakenly re-added in https://github.com/kyverno/kyverno/pull/9960 This had already been deleted before in https://github.com/kyverno/kyverno/pull/10760 Signed-off-by: François Blondel Co-authored-by: François Blondel --- charts/kyverno/README.md | 115 --------- charts/kyverno/README.md.gotmpl | 7 - charts/kyverno/values.yaml | 403 -------------------------------- 3 files changed, 525 deletions(-) diff --git a/charts/kyverno/README.md b/charts/kyverno/README.md index 05ff636c0cd7..526d733fd3b4 100644 --- a/charts/kyverno/README.md +++ b/charts/kyverno/README.md @@ -740,121 +740,6 @@ The chart values are organised per component. |-----|------|---------|-------------| | apiVersionOverride.podDisruptionBudget | string | `nil` | Override api version used to create `PodDisruptionBudget`` resources. When not specified the chart will check if `policy/v1/PodDisruptionBudget` is available to determine the api version automatically. | -### Cleanup jobs - -| Key | Type | Default | Description | -|-----|------|---------|-------------| -| cleanupJobs.admissionReports.enabled | bool | `true` | Enable cleanup cronjob | -| cleanupJobs.admissionReports.backoffLimit | int | `3` | Maximum number of retries before considering a Job as failed. Defaults to 3. | -| cleanupJobs.admissionReports.ttlSecondsAfterFinished | string | `""` | Time until the pod from the cronjob is deleted | -| cleanupJobs.admissionReports.image.registry | string | `nil` | Image registry | -| cleanupJobs.admissionReports.image.repository | string | `"bitnami/kubectl"` | Image repository | -| cleanupJobs.admissionReports.image.tag | string | `"1.28.5"` | Image tag Defaults to `latest` if omitted | -| cleanupJobs.admissionReports.image.pullPolicy | string | `nil` | Image pull policy Defaults to image.pullPolicy if omitted | -| cleanupJobs.admissionReports.imagePullSecrets | list | `[]` | Image pull secrets | -| cleanupJobs.admissionReports.schedule | string | `"*/10 * * * *"` | Cronjob schedule | -| cleanupJobs.admissionReports.threshold | int | `10000` | Reports threshold, if number of reports are above this value the cronjob will start deleting them | -| cleanupJobs.admissionReports.history | object | `{"failure":1,"success":1}` | Cronjob history | -| cleanupJobs.admissionReports.podSecurityContext | object | `{}` | Security context for the pod | -| cleanupJobs.admissionReports.securityContext | object | `{"allowPrivilegeEscalation":false,"capabilities":{"drop":["ALL"]},"privileged":false,"readOnlyRootFilesystem":true,"runAsNonRoot":true,"seccompProfile":{"type":"RuntimeDefault"}}` | Security context for the containers | -| cleanupJobs.admissionReports.priorityClassName | string | `""` | Pod PriorityClassName | -| cleanupJobs.admissionReports.resources | object | `{}` | Job resources | -| cleanupJobs.admissionReports.tolerations | list | `[]` | List of node taints to tolerate | -| cleanupJobs.admissionReports.nodeSelector | object | `{}` | Node labels for pod assignment | -| cleanupJobs.admissionReports.podAnnotations | object | `{}` | Pod Annotations | -| cleanupJobs.admissionReports.podLabels | object | `{}` | Pod labels | -| cleanupJobs.admissionReports.podAntiAffinity | object | `{}` | Pod anti affinity constraints. | -| cleanupJobs.admissionReports.podAffinity | object | `{}` | Pod affinity constraints. | -| cleanupJobs.admissionReports.nodeAffinity | object | `{}` | Node affinity constraints. | -| cleanupJobs.clusterAdmissionReports.enabled | bool | `true` | Enable cleanup cronjob | -| cleanupJobs.clusterAdmissionReports.backoffLimit | int | `3` | Maximum number of retries before considering a Job as failed. Defaults to 3. | -| cleanupJobs.clusterAdmissionReports.ttlSecondsAfterFinished | string | `""` | Time until the pod from the cronjob is deleted | -| cleanupJobs.clusterAdmissionReports.image.registry | string | `nil` | Image registry | -| cleanupJobs.clusterAdmissionReports.image.repository | string | `"bitnami/kubectl"` | Image repository | -| cleanupJobs.clusterAdmissionReports.image.tag | string | `"1.28.5"` | Image tag Defaults to `latest` if omitted | -| cleanupJobs.clusterAdmissionReports.image.pullPolicy | string | `nil` | Image pull policy Defaults to image.pullPolicy if omitted | -| cleanupJobs.clusterAdmissionReports.imagePullSecrets | list | `[]` | Image pull secrets | -| cleanupJobs.clusterAdmissionReports.schedule | string | `"*/10 * * * *"` | Cronjob schedule | -| cleanupJobs.clusterAdmissionReports.threshold | int | `10000` | Reports threshold, if number of reports are above this value the cronjob will start deleting them | -| cleanupJobs.clusterAdmissionReports.history | object | `{"failure":1,"success":1}` | Cronjob history | -| cleanupJobs.clusterAdmissionReports.podSecurityContext | object | `{}` | Security context for the pod | -| cleanupJobs.clusterAdmissionReports.securityContext | object | `{"allowPrivilegeEscalation":false,"capabilities":{"drop":["ALL"]},"privileged":false,"readOnlyRootFilesystem":true,"runAsNonRoot":true,"seccompProfile":{"type":"RuntimeDefault"}}` | Security context for the containers | -| cleanupJobs.clusterAdmissionReports.priorityClassName | string | `""` | Pod PriorityClassName | -| cleanupJobs.clusterAdmissionReports.resources | object | `{}` | Job resources | -| cleanupJobs.clusterAdmissionReports.tolerations | list | `[]` | List of node taints to tolerate | -| cleanupJobs.clusterAdmissionReports.nodeSelector | object | `{}` | Node labels for pod assignment | -| cleanupJobs.clusterAdmissionReports.podAnnotations | object | `{}` | Pod Annotations | -| cleanupJobs.clusterAdmissionReports.podLabels | object | `{}` | Pod Labels | -| cleanupJobs.clusterAdmissionReports.podAntiAffinity | object | `{}` | Pod anti affinity constraints. | -| cleanupJobs.clusterAdmissionReports.podAffinity | object | `{}` | Pod affinity constraints. | -| cleanupJobs.clusterAdmissionReports.nodeAffinity | object | `{}` | Node affinity constraints. | -| cleanupJobs.updateRequests.enabled | bool | `true` | Enable cleanup cronjob | -| cleanupJobs.updateRequests.backoffLimit | int | `3` | Maximum number of retries before considering a Job as failed. Defaults to 3. | -| cleanupJobs.updateRequests.ttlSecondsAfterFinished | string | `""` | Time until the pod from the cronjob is deleted | -| cleanupJobs.updateRequests.image.registry | string | `nil` | Image registry | -| cleanupJobs.updateRequests.image.repository | string | `"bitnami/kubectl"` | Image repository | -| cleanupJobs.updateRequests.image.tag | string | `"1.28.5"` | Image tag Defaults to `latest` if omitted | -| cleanupJobs.updateRequests.image.pullPolicy | string | `nil` | Image pull policy Defaults to image.pullPolicy if omitted | -| cleanupJobs.updateRequests.imagePullSecrets | list | `[]` | Image pull secrets | -| cleanupJobs.updateRequests.schedule | string | `"*/10 * * * *"` | Cronjob schedule | -| cleanupJobs.updateRequests.threshold | int | `10000` | Reports threshold, if number of updateRequests are above this value the cronjob will start deleting them | -| cleanupJobs.updateRequests.history | object | `{"failure":1,"success":1}` | Cronjob history | -| cleanupJobs.updateRequests.podSecurityContext | object | `{}` | Security context for the pod | -| cleanupJobs.updateRequests.securityContext | object | `{"allowPrivilegeEscalation":false,"capabilities":{"drop":["ALL"]},"privileged":false,"readOnlyRootFilesystem":true,"runAsNonRoot":true,"seccompProfile":{"type":"RuntimeDefault"}}` | Security context for the containers | -| cleanupJobs.updateRequests.priorityClassName | string | `""` | Pod PriorityClassName | -| cleanupJobs.updateRequests.resources | object | `{}` | Job resources | -| cleanupJobs.updateRequests.tolerations | list | `[]` | List of node taints to tolerate | -| cleanupJobs.updateRequests.nodeSelector | object | `{}` | Node labels for pod assignment | -| cleanupJobs.updateRequests.podAnnotations | object | `{}` | Pod Annotations | -| cleanupJobs.updateRequests.podLabels | object | `{}` | Pod labels | -| cleanupJobs.updateRequests.podAntiAffinity | object | `{}` | Pod anti affinity constraints. | -| cleanupJobs.updateRequests.podAffinity | object | `{}` | Pod affinity constraints. | -| cleanupJobs.updateRequests.nodeAffinity | object | `{}` | Node affinity constraints. | -| cleanupJobs.ephemeralReports.enabled | bool | `true` | Enable cleanup cronjob | -| cleanupJobs.ephemeralReports.backoffLimit | int | `3` | Maximum number of retries before considering a Job as failed. Defaults to 3. | -| cleanupJobs.ephemeralReports.ttlSecondsAfterFinished | string | `""` | Time until the pod from the cronjob is deleted | -| cleanupJobs.ephemeralReports.image.registry | string | `nil` | Image registry | -| cleanupJobs.ephemeralReports.image.repository | string | `"bitnami/kubectl"` | Image repository | -| cleanupJobs.ephemeralReports.image.tag | string | `"1.28.5"` | Image tag Defaults to `latest` if omitted | -| cleanupJobs.ephemeralReports.image.pullPolicy | string | `nil` | Image pull policy Defaults to image.pullPolicy if omitted | -| cleanupJobs.ephemeralReports.imagePullSecrets | list | `[]` | Image pull secrets | -| cleanupJobs.ephemeralReports.schedule | string | `"*/10 * * * *"` | Cronjob schedule | -| cleanupJobs.ephemeralReports.threshold | int | `10000` | Reports threshold, if number of updateRequests are above this value the cronjob will start deleting them | -| cleanupJobs.ephemeralReports.history | object | `{"failure":1,"success":1}` | Cronjob history | -| cleanupJobs.ephemeralReports.podSecurityContext | object | `{}` | Security context for the pod | -| cleanupJobs.ephemeralReports.securityContext | object | `{"allowPrivilegeEscalation":false,"capabilities":{"drop":["ALL"]},"privileged":false,"readOnlyRootFilesystem":true,"runAsNonRoot":true,"seccompProfile":{"type":"RuntimeDefault"}}` | Security context for the containers | -| cleanupJobs.ephemeralReports.priorityClassName | string | `""` | Pod PriorityClassName | -| cleanupJobs.ephemeralReports.resources | object | `{}` | Job resources | -| cleanupJobs.ephemeralReports.tolerations | list | `[]` | List of node taints to tolerate | -| cleanupJobs.ephemeralReports.nodeSelector | object | `{}` | Node labels for pod assignment | -| cleanupJobs.ephemeralReports.podAnnotations | object | `{}` | Pod Annotations | -| cleanupJobs.ephemeralReports.podLabels | object | `{}` | Pod labels | -| cleanupJobs.ephemeralReports.podAntiAffinity | object | `{}` | Pod anti affinity constraints. | -| cleanupJobs.ephemeralReports.podAffinity | object | `{}` | Pod affinity constraints. | -| cleanupJobs.ephemeralReports.nodeAffinity | object | `{}` | Node affinity constraints. | -| cleanupJobs.clusterEphemeralReports.enabled | bool | `true` | Enable cleanup cronjob | -| cleanupJobs.clusterEphemeralReports.backoffLimit | int | `3` | Maximum number of retries before considering a Job as failed. Defaults to 3. | -| cleanupJobs.clusterEphemeralReports.ttlSecondsAfterFinished | string | `""` | Time until the pod from the cronjob is deleted | -| cleanupJobs.clusterEphemeralReports.image.registry | string | `nil` | Image registry | -| cleanupJobs.clusterEphemeralReports.image.repository | string | `"bitnami/kubectl"` | Image repository | -| cleanupJobs.clusterEphemeralReports.image.tag | string | `"1.28.5"` | Image tag Defaults to `latest` if omitted | -| cleanupJobs.clusterEphemeralReports.image.pullPolicy | string | `nil` | Image pull policy Defaults to image.pullPolicy if omitted | -| cleanupJobs.clusterEphemeralReports.imagePullSecrets | list | `[]` | Image pull secrets | -| cleanupJobs.clusterEphemeralReports.schedule | string | `"*/10 * * * *"` | Cronjob schedule | -| cleanupJobs.clusterEphemeralReports.threshold | int | `10000` | Reports threshold, if number of reports are above this value the cronjob will start deleting them | -| cleanupJobs.clusterEphemeralReports.history | object | `{"failure":1,"success":1}` | Cronjob history | -| cleanupJobs.clusterEphemeralReports.podSecurityContext | object | `{}` | Security context for the pod | -| cleanupJobs.clusterEphemeralReports.securityContext | object | `{"allowPrivilegeEscalation":false,"capabilities":{"drop":["ALL"]},"privileged":false,"readOnlyRootFilesystem":true,"runAsNonRoot":true,"seccompProfile":{"type":"RuntimeDefault"}}` | Security context for the containers | -| cleanupJobs.clusterEphemeralReports.priorityClassName | string | `""` | Pod PriorityClassName | -| cleanupJobs.clusterEphemeralReports.resources | object | `{}` | Job resources | -| cleanupJobs.clusterEphemeralReports.tolerations | list | `[]` | List of node taints to tolerate | -| cleanupJobs.clusterEphemeralReports.nodeSelector | object | `{}` | Node labels for pod assignment | -| cleanupJobs.clusterEphemeralReports.podAnnotations | object | `{}` | Pod Annotations | -| cleanupJobs.clusterEphemeralReports.podLabels | object | `{}` | Pod Labels | -| cleanupJobs.clusterEphemeralReports.podAntiAffinity | object | `{}` | Pod anti affinity constraints. | -| cleanupJobs.clusterEphemeralReports.podAffinity | object | `{}` | Pod affinity constraints. | -| cleanupJobs.clusterEphemeralReports.nodeAffinity | object | `{}` | Node affinity constraints. | - ### Other | Key | Type | Default | Description | diff --git a/charts/kyverno/README.md.gotmpl b/charts/kyverno/README.md.gotmpl index 942c2c057f88..231989df20fe 100644 --- a/charts/kyverno/README.md.gotmpl +++ b/charts/kyverno/README.md.gotmpl @@ -265,7 +265,6 @@ The chart values are organised per component. {{- $test := list -}} {{- $apiVersionOverride := list -}} {{- $webhooksCleanup := list -}} -{{- $cleanupJobs := list -}} {{- range .Values -}} {{- if (hasPrefix "admissionController." .Key) -}} {{- $admissionController = append $admissionController . -}} @@ -291,8 +290,6 @@ The chart values are organised per component. {{- $test = append $test . -}} {{- else if (hasPrefix "apiVersionOverride." .Key) -}} {{- $apiVersionOverride = append $apiVersionOverride . -}} - {{- else if (hasPrefix "cleanupJobs." .Key) -}} - {{- $cleanupJobs = append $cleanupJobs . -}} {{- else -}} {{- $other = append $other . -}} {{- end -}} @@ -346,10 +343,6 @@ The chart values are organised per component. {{ template "chart.valuesTable" (dict "Values" $apiVersionOverride) }} -### Cleanup jobs - -{{ template "chart.valuesTable" (dict "Values" $cleanupJobs) }} - ### Other {{ template "chart.valuesTable" (dict "Values" $other) }} diff --git a/charts/kyverno/values.yaml b/charts/kyverno/values.yaml index 6e3b39b0c591..fd8cb70779bf 100644 --- a/charts/kyverno/values.yaml +++ b/charts/kyverno/values.yaml @@ -710,409 +710,6 @@ features: # -- (string) Tuf mirror mirror: ~ -# Cleanup cronjobs to prevent internal resources from stacking up in the cluster -cleanupJobs: - - admissionReports: - - # -- Enable cleanup cronjob - enabled: true - - # -- Maximum number of retries before considering a Job as failed. Defaults to 3. - backoffLimit: 3 - - # -- Time until the pod from the cronjob is deleted - ttlSecondsAfterFinished: "" - - image: - # -- (string) Image registry - registry: ~ - # -- Image repository - repository: bitnami/kubectl - # -- Image tag - # Defaults to `latest` if omitted - tag: '1.28.5' - # -- (string) Image pull policy - # Defaults to image.pullPolicy if omitted - pullPolicy: ~ - - # -- Image pull secrets - imagePullSecrets: [] - # - name: secretName - - # -- Cronjob schedule - schedule: '*/10 * * * *' - - # -- Reports threshold, if number of reports are above this value the cronjob will start deleting them - threshold: 10000 - - # -- Cronjob history - history: - success: 1 - failure: 1 - - # -- Security context for the pod - podSecurityContext: {} - - # -- Security context for the containers - securityContext: - runAsNonRoot: true - privileged: false - allowPrivilegeEscalation: false - readOnlyRootFilesystem: true - capabilities: - drop: - - ALL - seccompProfile: - type: RuntimeDefault - - # -- Pod PriorityClassName - priorityClassName: "" - - # -- Job resources - resources: {} - - # -- List of node taints to tolerate - tolerations: [] - - # -- Node labels for pod assignment - nodeSelector: {} - - # -- Pod Annotations - podAnnotations: {} - - # -- Pod labels - podLabels: {} - - # -- Pod anti affinity constraints. - podAntiAffinity: {} - - # -- Pod affinity constraints. - podAffinity: {} - - # -- Node affinity constraints. - nodeAffinity: {} - - clusterAdmissionReports: - - # -- Enable cleanup cronjob - enabled: true - - # -- Maximum number of retries before considering a Job as failed. Defaults to 3. - backoffLimit: 3 - - # -- Time until the pod from the cronjob is deleted - ttlSecondsAfterFinished: "" - - image: - # -- (string) Image registry - registry: ~ - # -- Image repository - repository: bitnami/kubectl - # -- Image tag - # Defaults to `latest` if omitted - tag: '1.28.5' - # -- (string) Image pull policy - # Defaults to image.pullPolicy if omitted - pullPolicy: ~ - - # -- Image pull secrets - imagePullSecrets: [] - # - name: secretName - - # -- Cronjob schedule - schedule: '*/10 * * * *' - - # -- Reports threshold, if number of reports are above this value the cronjob will start deleting them - threshold: 10000 - - # -- Cronjob history - history: - success: 1 - failure: 1 - - # -- Security context for the pod - podSecurityContext: {} - - # -- Security context for the containers - securityContext: - runAsNonRoot: true - privileged: false - allowPrivilegeEscalation: false - readOnlyRootFilesystem: true - capabilities: - drop: - - ALL - seccompProfile: - type: RuntimeDefault - - # -- Pod PriorityClassName - priorityClassName: "" - - # -- Job resources - resources: {} - - # -- List of node taints to tolerate - tolerations: [] - - # -- Node labels for pod assignment - nodeSelector: {} - - # -- Pod Annotations - podAnnotations: {} - - # -- Pod Labels - podLabels: {} - - # -- Pod anti affinity constraints. - podAntiAffinity: {} - - # -- Pod affinity constraints. - podAffinity: {} - - # -- Node affinity constraints. - nodeAffinity: {} - - updateRequests: - - # -- Enable cleanup cronjob - enabled: true - - # -- Maximum number of retries before considering a Job as failed. Defaults to 3. - backoffLimit: 3 - - # -- Time until the pod from the cronjob is deleted - ttlSecondsAfterFinished: "" - - image: - # -- (string) Image registry - registry: ~ - # -- Image repository - repository: bitnami/kubectl - # -- Image tag - # Defaults to `latest` if omitted - tag: '1.28.5' - # -- (string) Image pull policy - # Defaults to image.pullPolicy if omitted - pullPolicy: ~ - - # -- Image pull secrets - imagePullSecrets: [] - # - name: secretName - - # -- Cronjob schedule - schedule: '*/10 * * * *' - - # -- Reports threshold, if number of updateRequests are above this value the cronjob will start deleting them - threshold: 10000 - - # -- Cronjob history - history: - success: 1 - failure: 1 - - # -- Security context for the pod - podSecurityContext: {} - - # -- Security context for the containers - securityContext: - runAsNonRoot: true - privileged: false - allowPrivilegeEscalation: false - readOnlyRootFilesystem: true - capabilities: - drop: - - ALL - seccompProfile: - type: RuntimeDefault - - # -- Pod PriorityClassName - priorityClassName: "" - - # -- Job resources - resources: {} - - # -- List of node taints to tolerate - tolerations: [] - - # -- Node labels for pod assignment - nodeSelector: {} - - # -- Pod Annotations - podAnnotations: {} - - # -- Pod labels - podLabels: {} - - # -- Pod anti affinity constraints. - podAntiAffinity: {} - - # -- Pod affinity constraints. - podAffinity: {} - - # -- Node affinity constraints. - nodeAffinity: {} - - ephemeralReports: - - # -- Enable cleanup cronjob - enabled: true - - # -- Maximum number of retries before considering a Job as failed. Defaults to 3. - backoffLimit: 3 - - # -- Time until the pod from the cronjob is deleted - ttlSecondsAfterFinished: "" - - image: - # -- (string) Image registry - registry: ~ - # -- Image repository - repository: bitnami/kubectl - # -- Image tag - # Defaults to `latest` if omitted - tag: '1.28.5' - # -- (string) Image pull policy - # Defaults to image.pullPolicy if omitted - pullPolicy: ~ - - # -- Image pull secrets - imagePullSecrets: [] - # - name: secretName - - # -- Cronjob schedule - schedule: '*/10 * * * *' - - # -- Reports threshold, if number of updateRequests are above this value the cronjob will start deleting them - threshold: 10000 - - # -- Cronjob history - history: - success: 1 - failure: 1 - - # -- Security context for the pod - podSecurityContext: {} - - # -- Security context for the containers - securityContext: - runAsNonRoot: true - privileged: false - allowPrivilegeEscalation: false - readOnlyRootFilesystem: true - capabilities: - drop: - - ALL - seccompProfile: - type: RuntimeDefault - - # -- Pod PriorityClassName - priorityClassName: "" - - # -- Job resources - resources: {} - - # -- List of node taints to tolerate - tolerations: [] - - # -- Node labels for pod assignment - nodeSelector: {} - - # -- Pod Annotations - podAnnotations: {} - - # -- Pod labels - podLabels: {} - - # -- Pod anti affinity constraints. - podAntiAffinity: {} - - # -- Pod affinity constraints. - podAffinity: {} - - # -- Node affinity constraints. - nodeAffinity: {} - - clusterEphemeralReports: - - # -- Enable cleanup cronjob - enabled: true - - # -- Maximum number of retries before considering a Job as failed. Defaults to 3. - backoffLimit: 3 - - # -- Time until the pod from the cronjob is deleted - ttlSecondsAfterFinished: "" - - image: - # -- (string) Image registry - registry: ~ - # -- Image repository - repository: bitnami/kubectl - # -- Image tag - # Defaults to `latest` if omitted - tag: '1.28.5' - # -- (string) Image pull policy - # Defaults to image.pullPolicy if omitted - pullPolicy: ~ - - # -- Image pull secrets - imagePullSecrets: [] - # - name: secretName - - # -- Cronjob schedule - schedule: '*/10 * * * *' - - # -- Reports threshold, if number of reports are above this value the cronjob will start deleting them - threshold: 10000 - - # -- Cronjob history - history: - success: 1 - failure: 1 - - # -- Security context for the pod - podSecurityContext: {} - - # -- Security context for the containers - securityContext: - runAsNonRoot: true - privileged: false - allowPrivilegeEscalation: false - readOnlyRootFilesystem: true - capabilities: - drop: - - ALL - seccompProfile: - type: RuntimeDefault - - # -- Pod PriorityClassName - priorityClassName: "" - - # -- Job resources - resources: {} - - # -- List of node taints to tolerate - tolerations: [] - - # -- Node labels for pod assignment - nodeSelector: {} - - # -- Pod Annotations - podAnnotations: {} - - # -- Pod Labels - podLabels: {} - - # -- Pod anti affinity constraints. - podAntiAffinity: {} - - # -- Pod affinity constraints. - podAffinity: {} - - # -- Node affinity constraints. - nodeAffinity: {} - # Admission controller configuration admissionController: