{{- if and (or (not .Values.disableValidatingWebhook) (not .Values.disableMutation)) .Values.preUninstall.deleteWebhookConfigurations.enabled }} apiVersion: batch/v1 kind: Job metadata: name: gatekeeper-delete-webhook-configs labels: app: '{{ template "gatekeeper.name" . }}' chart: '{{ template "gatekeeper.name" . }}' gatekeeper.sh/system: "yes" heritage: '{{ .Release.Service }}' release: '{{ .Release.Name }}' annotations: "helm.sh/hook": pre-delete "helm.sh/hook-weight": "-5" "helm.sh/hook-delete-policy": hook-succeeded,before-hook-creation spec: template: metadata: annotations: {{- toYaml .Values.podAnnotations | trim | nindent 8 }} labels: app: '{{ template "gatekeeper.name" . }}' release: '{{ .Release.Name }}' spec: restartPolicy: OnFailure {{- if .Values.preUninstall.deleteWebhookConfigurations.image.pullSecrets }} imagePullSecrets: {{- .Values.preUninstall.deleteWebhookConfigurations.image.pullSecrets | toYaml | nindent 12 }} {{- end }} serviceAccount: gatekeeper-delete-webhook-configs nodeSelector: {{ include "linux-node-selector" . | nindent 8 }} tolerations: {{ include "linux-node-tolerations" . | nindent 8 }} containers: - name: kubectl-delete image: '{{ template "system_default_registry" . }}{{ .Values.preUninstall.deleteWebhookConfigurations.image.repository }}:{{ .Values.preUninstall.deleteWebhookConfigurations.image.tag }}' imagePullPolicy: {{ .Values.preUninstall.deleteWebhookConfigurations.image.pullPolicy }} args: - delete {{- if not .Values.disableValidatingWebhook }} - validatingwebhookconfiguration/gatekeeper-validating-webhook-configuration {{- end }} {{- if not .Values.disableMutation }} - mutatingwebhookconfiguration/gatekeeper-mutating-webhook-configuration {{- end }} securityContext: {{- toYaml .Values.preUninstall.securityContext | nindent 10 }} --- apiVersion: v1 kind: ServiceAccount metadata: name: gatekeeper-delete-webhook-configs labels: release: {{ .Release.Name }} heritage: {{ .Release.Service }} annotations: "helm.sh/hook": pre-delete "helm.sh/hook-weight": "-5" "helm.sh/hook-delete-policy": hook-succeeded,before-hook-creation --- {{- if .Values.rbac.create }} apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: name: gatekeeper-delete-webhook-configs labels: release: {{ .Release.Name }} heritage: {{ .Release.Service }} annotations: "helm.sh/hook": pre-delete "helm.sh/hook-weight": "-5" "helm.sh/hook-delete-policy": hook-succeeded,before-hook-creation rules: {{- if not .Values.disableValidatingWebhook }} - apiGroups: - admissionregistration.k8s.io resources: - validatingwebhookconfigurations resourceNames: - gatekeeper-validating-webhook-configuration verbs: - delete {{- end }} {{- if not .Values.disableMutation }} - apiGroups: - admissionregistration.k8s.io resources: - mutatingwebhookconfigurations resourceNames: - gatekeeper-mutating-webhook-configuration verbs: - delete {{- end }} {{- with .Values.preUninstall.deleteWebhookConfigurations.extraRules }} {{- toYaml . | nindent 2 }} {{- end }} {{- end }} --- {{- if .Values.rbac.create }} apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: name: gatekeeper-delete-webhook-configs labels: release: {{ .Release.Name }} heritage: {{ .Release.Service }} annotations: "helm.sh/hook": pre-delete "helm.sh/hook-weight": "-5" "helm.sh/hook-delete-policy": hook-succeeded,before-hook-creation roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: gatekeeper-delete-webhook-configs subjects: - kind: ServiceAccount name: gatekeeper-delete-webhook-configs namespace: {{ .Release.Namespace | quote }} {{- end }} {{- end }}