From 203e84df7fdbd2698116d067342dfc8fe3afc5be Mon Sep 17 00:00:00 2001
From: Piotr Rygielski <114479+vikin91@users.noreply.github.com>
Date: Wed, 3 Dec 2025 15:24:53 +0100
Subject: [PATCH 1/3] Empty commit

rh-pre-commit.version: 2.3.2
rh-pre-commit.check-secrets: ENABLED

From f17ce5afe3c879586c633deff37d2269bca61197 Mon Sep 17 00:00:00 2001
From: Piotr Rygielski <114479+vikin91@users.noreply.github.com>
Date: Wed, 3 Dec 2025 15:27:53 +0100
Subject: [PATCH 2/3] Add more things to cleanup to the teardown script

rh-pre-commit.version: 2.3.2
rh-pre-commit.check-secrets: ENABLED
---
 scripts/runtime/teardown.sh | 17 +++++++++++++++++
 1 file changed, 17 insertions(+)

diff --git a/scripts/runtime/teardown.sh b/scripts/runtime/teardown.sh
index bb2333a..1819d47 100755
--- a/scripts/runtime/teardown.sh
+++ b/scripts/runtime/teardown.sh
@@ -7,6 +7,14 @@ source "$(dirname "$SCRIPT")/../../lib/common.sh"
 
 test_in_well_known_dev_context
 
+# Uninstall Helm releases first to let Helm clean up its managed resources properly.
+for release in stackrox-central-services stackrox-secured-cluster-services stackrox-monitoring; do
+  if helm status "$release" -n stackrox &>/dev/null; then
+    einfo "Uninstalling Helm release: $release"
+    helm uninstall "$release" -n stackrox --wait || true
+  fi
+done
+
 # Collect all stackrox PVs before we delete the respective PVCs.
 IFS=$'\n' read -d '' -r -a stackrox_pvs < <(
   kubectl get pv -o json | jq -r '.items[] | select(.spec.claimRef.namespace == "stackrox") | .metadata.name'
@@ -21,6 +29,15 @@ kubectl -n stackrox get cm,deploy,ds,hpa,networkpolicy,role,rolebinding,secret,s
 # Only delete cluster-wide RBAC/PSP-related resources that contain have the app.kubernetes.io/name=stackrox label.
 kubectl -n stackrox get clusterrole,clusterrolebinding,psp,validatingwebhookconfiguration -o name -l app.kubernetes.io/name=stackrox | xargs kubectl -n stackrox delete --wait
 
+# Delete the SecurityPolicy CRD which is not labeled and can cause "managedFields must be nil" errors
+# if left behind when reinstalling via Helm.
+kubectl delete crd securitypolicies.config.stackrox.io --ignore-not-found
+
+# Delete monitoring ClusterRoles/ClusterRoleBindings that are managed by the stackrox-monitoring Helm release
+# and may not have the app.kubernetes.io/name=stackrox label.
+kubectl delete clusterrole stackrox-monitoring stackrox-monitoring-kube-state-metrics --ignore-not-found
+kubectl delete clusterrolebinding stackrox-monitoring-kube-state-metrics --ignore-not-found
+
 ## DO NOT RUN THIS IN A CUSTOMER ENVIRONMENT, IT WILL DELETE ALL THEIR DATA
 ## AND THEY WILL NEVER TALK TO US AGAIN.
 [[ "${#stackrox_pvs[@]}" == 0 ]] || kubectl delete --wait pv "${stackrox_pvs[@]}"

From d4d1ad68e4802dd3685b546a6f2978f1b381c4a9 Mon Sep 17 00:00:00 2001
From: Piotr Rygielski <114479+vikin91@users.noreply.github.com>
Date: Fri, 5 Dec 2025 16:26:01 +0100
Subject: [PATCH 3/3] Add --wait and consolidate 3 waits into a single one

rh-pre-commit.version: 2.3.2
rh-pre-commit.check-secrets: ENABLED
---
 scripts/runtime/teardown.sh | 17 +++++++++--------
 1 file changed, 9 insertions(+), 8 deletions(-)

diff --git a/scripts/runtime/teardown.sh b/scripts/runtime/teardown.sh
index 1819d47..82fad21 100755
--- a/scripts/runtime/teardown.sh
+++ b/scripts/runtime/teardown.sh
@@ -29,14 +29,15 @@ kubectl -n stackrox get cm,deploy,ds,hpa,networkpolicy,role,rolebinding,secret,s
 # Only delete cluster-wide RBAC/PSP-related resources that contain have the app.kubernetes.io/name=stackrox label.
 kubectl -n stackrox get clusterrole,clusterrolebinding,psp,validatingwebhookconfiguration -o name -l app.kubernetes.io/name=stackrox | xargs kubectl -n stackrox delete --wait
 
-# Delete the SecurityPolicy CRD which is not labeled and can cause "managedFields must be nil" errors
-# if left behind when reinstalling via Helm.
-kubectl delete crd securitypolicies.config.stackrox.io --ignore-not-found
-
-# Delete monitoring ClusterRoles/ClusterRoleBindings that are managed by the stackrox-monitoring Helm release
-# and may not have the app.kubernetes.io/name=stackrox label.
-kubectl delete clusterrole stackrox-monitoring stackrox-monitoring-kube-state-metrics --ignore-not-found
-kubectl delete clusterrolebinding stackrox-monitoring-kube-state-metrics --ignore-not-found
+# Delete cluster-wide resources that are not labeled and may cause issues if left behind.
+# - SecurityPolicy CRD: can cause "managedFields must be nil" errors when reinstalling via Helm.
+# - Monitoring ClusterRoles/ClusterRoleBindings: managed by stackrox-monitoring Helm release.
+kubectl delete \
+  crd/securitypolicies.config.stackrox.io \
+  clusterrole/stackrox-monitoring \
+  clusterrole/stackrox-monitoring-kube-state-metrics \
+  clusterrolebinding/stackrox-monitoring-kube-state-metrics \
+  --ignore-not-found --wait
 
 ## DO NOT RUN THIS IN A CUSTOMER ENVIRONMENT, IT WILL DELETE ALL THEIR DATA
 ## AND THEY WILL NEVER TALK TO US AGAIN.