kyverno: [Bug] Cleanup based on policy can be broken
Kyverno Version
1.11.0-beta.4
Kubernetes Version
1.26.x
Kubernetes Platform
K3d
Kyverno Rule Type
Cleanup
Description
It seems after migrating the internal reconciliation method away from CronJobs, cleanup based on policy can be broken by assigning or removing the cleanup.kyverno.io/ttl label on a matching resource. As a result, resources which match the policy are not cleaned up and there are no logs printed (even at level 4) which explain why or that an attempt was even made.
Steps to reproduce
Exact steps are not known at this time, but it seems to involve labeling or unlabeling a resource with the cleanup.kyverno.io/ttl label after a cleanup policy has been installed. Tests that were performed involved labeling a resource with an invalid label for the TTL controller.
Expected behavior
Matching resources are cleaned up according to the schedule defined in the policy. If the controller is ignoring resources which contain the label cleanup.kyverno.io/ttl then this is problematic. A resource could have an invalid value in which case cleanup is circumvented by both types of cleanup controllers.
Screenshots
No response
Kyverno logs
No response
Slack discussion
https://kubernetes.slack.com/archives/C032MM2CH7X/p1696771146669009
Troubleshooting
- I have read and followed the documentation AND the troubleshooting guide.
- I have searched other issues in this repository and mine is not recorded.
About this issue
- Original URL
- State: closed
- Created 9 months ago
- Comments: 36 (22 by maintainers)
I have beat this up every way I know how and in addition to the logged messages being under control, I cannot reproduce the original problem. Closing. Thank you for your efforts, Mariam!
Ok I see. I think the right approach for that is to figure out why they aren’t being shown at
3and not to move them down to the default level which will increase the noisiness of logs.I will try again from
main.