Add a new "legacy pod cleaner" controller.

This controller is responsible for cleaning up kube-cert-agent pods that were deployed by previous versions. They are easily identified because they use a different `kube-cert-agent.pinniped.dev` label compared to the new agent pods (`true` vs. `v2`). Signed-off-by: Matt Moyer <moyerm@vmware.com>
2026-01-08 07:11:53 +00:00 · 2021-04-20 14:56:43 -05:00
parent 54a8297cc4
commit e532a88647
5 changed files with 281 additions and 0 deletions
--- a/deploy/concierge/rbac.yaml
+++ b/deploy/concierge/rbac.yaml
@@ -90,6 +90,10 @@ rules:
  - apiGroups: [ "" ]
    resources: [ pods/exec ]
    verbs: [ create ]
+  #! We need to be able to delete pods in our namespace so we can clean up legacy kube-cert-agent pods.
+  - apiGroups: [ "" ]
+    resources: [ pods ]
+    verbs: [ delete ]
  #! We need to be able to create and update deployments in our namespace so we can manage the kube-cert-agent Deployment.
  - apiGroups: [ apps ]
    resources: [ deployments ]