-
Notifications
You must be signed in to change notification settings - Fork 1.7k
/
hook.yaml
106 lines (106 loc) · 3.05 KB
/
hook.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
{{- $deployment := (lookup "apps/v1" "Deployment" .Release.Namespace .Release.Name ) -}}
{{- if $deployment }}
apiVersion: v1
kind: ServiceAccount
metadata:
name: {{ .Release.Name }}-hook
namespace: {{ .Release.Namespace }}
annotations:
"helm.sh/hook": post-upgrade
"helm.sh/hook-weight": "-4"
"helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: {{ .Release.Name }}-hook
namespace: {{ .Release.Namespace }}
annotations:
"helm.sh/hook": post-upgrade
"helm.sh/hook-weight": "-3"
"helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
rules:
- apiGroups: ["apps"]
resources: ["statefulsets"]
resourceNames: ["{{ .Release.Name }}"]
verbs: ["get", "watch", "list"]
- apiGroups: [""]
resources: ["pods",]
verbs: ["get", "watch"]
- apiGroups: ["apps"]
resources: ["deployments",]
resourceNames: ["{{ .Release.Name }}"]
verbs: ["get", "delete", "list"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: {{ .Release.Name }}-hook
namespace: {{ .Release.Namespace }}
annotations:
"helm.sh/hook": post-upgrade
"helm.sh/hook-weight": "-2"
"helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: {{ .Release.Name }}-hook
subjects:
- kind: ServiceAccount
name: {{ .Release.Name }}-hook
namespace: {{ .Release.Namespace }}
---
apiVersion: batch/v1
kind: Job
metadata:
name: {{ .Release.Name }}-hook
namespace: {{ .Release.Namespace }}
annotations:
"helm.sh/hook": post-upgrade
"helm.sh/hook-weight": "-1"
"helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
spec:
template:
metadata:
name: {{ .Release.Name }}-hook
{{- if .Values.annotations.pod }}
annotations:
{{- toYaml .Values.annotations.pod | nindent 8 }}
{{- end }}
labels:
app: {{ .Release.Name }}
{{- if .Values.extraLabels.pod }}
{{- toYaml .Values.extraLabels.pod | nindent 8 }}
{{- end }}
spec:
{{- if .Values.priorityClassName }}
priorityClassName: {{ .Values.priorityClassName }}
{{- end }}
{{- if .Values.tolerations }}
tolerations:
{{- toYaml .Values.tolerations | nindent 6 }}
{{- end }}
serviceAccountName: {{ .Release.Name }}-hook
restartPolicy: OnFailure
{{- if .Values.nodeSelector }}
nodeSelector:
{{- toYaml .Values.nodeSelector | nindent 8 }}
{{- end }}
containers:
- name: post-install-job
image: alpine/k8s:1.26.0
command:
- sh
- "-c"
- |
/bin/sh <<'EOF'
set -eu -o pipefail
# wait until statefulset is ready
kubectl rollout status --watch --timeout=600s statefulset/{{ .Release.Name }}
# delete deployment
kubectl delete deployment/{{ .Release.Name }}
EOF
{{- if .Values.securityContext }}
securityContext: {{- toYaml .Values.securityContext | nindent 10 }}
{{- end }}
{{- end}}