haarchri/cleanup-clusteradmissionreports.yaml

## cleanup-clusteradmissionreports.yaml
apiVersion: v1
kind: ServiceAccount
metadata:
  name: cleanup-clusteradmissionreports
  namespace: kyverno
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
  name: cleanup-clusteradmissionreports
  namespace: kyverno
rules:
- apiGroups: ["kyverno.io"]
  resources: ["clusteradmissionreports"]
  verbs: ["*"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: cleanup-clusteradmissionreports
  namespace: kyverno
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: cleanup-clusteradmissionreports
subjects:
- kind: ServiceAccount
  name: cleanup-clusteradmissionreports
  namespace: kyverno
---
apiVersion: v1
kind: Pod
metadata:
  name: cleanup-clusteradmissionreports
  namespace: kyverno
  annotations:
    karpenter.sh/do-not-evict: "true"
spec:
  serviceAccountName: cleanup-clusteradmissionreports
  containers:
  - name: cleanup-clusteradmissionreports
    image: bitnami/kubectl
    command:
    - sh
    args:
    - -c
    - |
      for i in {1..10}
      do
        kubectl get --raw "/apis/kyverno.io/v1alpha2/clusteradmissionreports?limit=10000" | jq -r '.items | .[].metadata.name' | xargs -n 1 -P 400 kubectl delete clusteradmissionreports 2>/dev/null
      done
    resources:
      requests:
        cpu: 4
        memory: 8Gi
      limits:
        cpu: 8
        memory: 16Gi
    securityContext:
      allowPrivilegeEscalation: false
      runAsUser: 0
	apiVersion: v1
	kind: ServiceAccount
	metadata:
	name: cleanup-clusteradmissionreports
	namespace: kyverno
	---
	apiVersion: rbac.authorization.k8s.io/v1
	kind: ClusterRole
	metadata:
	name: cleanup-clusteradmissionreports
	namespace: kyverno
	rules:
	- apiGroups: ["kyverno.io"]
	resources: ["clusteradmissionreports"]
	verbs: ["*"]
	---
	apiVersion: rbac.authorization.k8s.io/v1
	kind: ClusterRoleBinding
	metadata:
	name: cleanup-clusteradmissionreports
	namespace: kyverno
	roleRef:
	apiGroup: rbac.authorization.k8s.io
	kind: ClusterRole
	name: cleanup-clusteradmissionreports
	subjects:
	- kind: ServiceAccount
	name: cleanup-clusteradmissionreports
	namespace: kyverno
	---
	apiVersion: v1
	kind: Pod
	metadata:
	name: cleanup-clusteradmissionreports
	namespace: kyverno
	annotations:
	karpenter.sh/do-not-evict: "true"
	spec:
	serviceAccountName: cleanup-clusteradmissionreports
	containers:
	- name: cleanup-clusteradmissionreports
	image: bitnami/kubectl
	command:
	- sh
	args:
	- -c
	- \|
	for i in {1..10}
	do
	kubectl get --raw "/apis/kyverno.io/v1alpha2/clusteradmissionreports?limit=10000" \| jq -r '.items \| .[].metadata.name' \| xargs -n 1 -P 400 kubectl delete clusteradmissionreports 2>/dev/null
	done
	resources:
	requests:
	cpu: 4
	memory: 8Gi
	limits:
	cpu: 8
	memory: 16Gi
	securityContext:
	allowPrivilegeEscalation: false
	runAsUser: 0