fix(operator): recommended policies deletion logic

Signed-off-by: rootxrishabh <[email protected]> Signed-off-by: Rishabh Soni <[email protected]>
kubearmor · Feb 28, 2025 · 99abefa · 99abefa
1 parent 01f6823
commit 99abefa
Showing 1 changed file with 2 additions and 1 deletion.
diff --git a/pkg/KubeArmorOperator/internal/controller/cluster.go b/pkg/KubeArmorOperator/internal/controller/cluster.go
@@ -1198,6 +1198,7 @@ func (clusterWatcher *ClusterWatcher) WatchRecommendedPolicies() error {
 				continue
 			}
 			csp.Spec.Selector.MatchExpressions = common.RecommendedPolicies.MatchExpressions
+			csp.Annotations["app.kubernetes.io/managed-by"] = "Kubearmor Operator"
 			_, err = clusterWatcher.Secv1Client.SecurityV1().KubeArmorClusterPolicies().Create(context.Background(), csp, metav1.CreateOptions{})
 			if err != nil && !metav1errors.IsAlreadyExists(err) {
 				clusterWatcher.Log.Warnf("error creating csp %s", csp.GetName())
@@ -1222,7 +1223,7 @@ func (clusterWatcher *ClusterWatcher) WatchRecommendedPolicies() error {
 				clusterWatcher.Log.Info("created csp", csp.GetName())
 			}
 		case false:
-			if !policy.IsDir() {
+			if !policy.IsDir() && csp.Annotations["app.kubernetes.io/managed-by"] == "Kubearmor Operator" {
 				err = clusterWatcher.Secv1Client.SecurityV1().KubeArmorClusterPolicies().Delete(context.Background(), csp.GetName(), metav1.DeleteOptions{})
 				if err != nil && !metav1errors.IsNotFound(err) {
 					clusterWatcher.Log.Warnf("error deleting csp %s", csp.GetName())