Skip to content

Commit d301486

Browse files
committed
kyverno: auto-remove dataSource from new PVCs
Prevents PVCs from blocking on restore ReplicationDestinations. New PVCs bind immediately to fresh storage. DataSource should only be set when explicitly restoring from backup. Also patched 16 pending PVCs to remove dataSource and allow binding.
1 parent 1c452fc commit d301486

2 files changed

Lines changed: 24 additions & 0 deletions

File tree

infrastructure/controllers/kyverno/kustomization.yaml

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -5,6 +5,7 @@ resources:
55
- namespace.yaml
66
- rbac-patch.yaml
77
- volsync-clusterpolicy.yaml
8+
- remove-pvc-datasource.yaml
89
# - volsync-restore-mutate.yaml # TEMP DISABLED: needs fix for handling missing RD
910
helmCharts:
1011
- name: kyverno
Lines changed: 23 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,23 @@
1+
apiVersion: kyverno.io/v1
2+
kind: ClusterPolicy
3+
metadata:
4+
name: remove-pvc-datasource
5+
annotations:
6+
argocd.argoproj.io/sync-wave: "2"
7+
policies.kyverno.io/title: Remove dataSource from new PVCs
8+
policies.kyverno.io/description: >-
9+
Automatically removes spec.dataSource from new PVCs to prevent binding issues.
10+
DataSource should only be set when explicitly restoring from backup, not by default.
11+
This ensures PVCs bind immediately to fresh storage rather than waiting for restore.
12+
spec:
13+
rules:
14+
- name: remove-datasource-on-create
15+
match:
16+
any:
17+
- resources:
18+
kinds:
19+
- PersistentVolumeClaim
20+
mutate:
21+
patchStrategicMerge:
22+
spec:
23+
dataSource: null

0 commit comments

Comments
 (0)