Cleanup Empty ReplicaSets

ReplicaSets are an intermediary controller to several Pod controllers such as Deployments. When a new version of a Deployment is created, it spawns a new ReplicaSet with the desired number of replicas and scale the current one to zero. This can have the effect of leaving many empty ReplicaSets in the cluster which can create clutter and false positives if policy reports are enabled. This cleanup policy removes all empty ReplicaSets across the cluster. Note that removing empty ReplicaSets may prevent rollbacks.

Policy Definition

/cleanup/cleanup-empty-replicasets/cleanup-empty-replicasets.yaml

 1apiVersion: kyverno.io/v2beta1
 2kind: ClusterCleanupPolicy
 3metadata:
 4  name: cleanup-empty-replicasets
 5  annotations:
 6    policies.kyverno.io/title: Cleanup Empty ReplicaSets
 7    policies.kyverno.io/category: Other
 8    policies.kyverno.io/severity: medium
 9    policies.kyverno.io/subject: ReplicaSet
10    kyverno.io/kyverno-version: 1.11.1
11    policies.kyverno.io/minversion: 1.9.0
12    kyverno.io/kubernetes-version: "1.27"
13    policies.kyverno.io/description: >-
14      ReplicaSets are an intermediary controller to several Pod controllers such as Deployments.
15      When a new version of a Deployment is created, it spawns a new ReplicaSet with the desired
16      number of replicas and scale the current one to zero. This can have the effect of leaving
17      many empty ReplicaSets in the cluster which can create clutter and false positives if policy
18      reports are enabled. This cleanup policy removes all empty ReplicaSets across the cluster.
19      Note that removing empty ReplicaSets may prevent rollbacks.      
20spec:
21  match:
22    any:
23    - resources:
24        kinds:
25          - ReplicaSet
26  conditions:
27    all:
28    - key: "{{ target.spec.replicas }}"
29      operator: Equals
30      value: 0
31  schedule: "*/5 * * * *"

Create policy issue