rancher-charts/charts/rancher-gatekeeper/101.0.0+up3.9.0/templates/namespace-post-upgrade.yaml

109 lines
3.4 KiB
YAML

{{- if .Values.postUpgrade.labelNamespace.enabled }}
apiVersion: batch/v1
kind: Job
metadata:
name: gatekeeper-update-namespace-label-post-upgrade
labels:
app: '{{ template "gatekeeper.name" . }}'
chart: '{{ template "gatekeeper.name" . }}'
gatekeeper.sh/system: "yes"
heritage: '{{ .Release.Service }}'
release: '{{ .Release.Name }}'
annotations:
"helm.sh/hook": post-upgrade
"helm.sh/hook-weight": "-5"
"helm.sh/hook-delete-policy": hook-succeeded,before-hook-creation
spec:
template:
metadata:
labels:
app: '{{ template "gatekeeper.name" . }}'
release: '{{ .Release.Name }}'
spec:
restartPolicy: OnFailure
{{- if .Values.postUpgrade.labelNamespace.image.pullSecrets }}
imagePullSecrets:
{{- .Values.postUpgrade.labelNamespace.image.pullSecrets | toYaml | nindent 12 }}
{{- end }}
serviceAccount: gatekeeper-update-namespace-label-post-upgrade
nodeSelector: {{ include "linux-node-selector" . | nindent 8 }}
tolerations: {{ include "linux-node-tolerations" . | nindent 8 }}
containers:
- name: kubectl-label
image: '{{ template "system_default_registry" . }}{{ .Values.postUpgrade.labelNamespace.image.repository }}:{{ .Values.postUpgrade.labelNamespace.image.tag }}'
imagePullPolicy: {{ .Values.postUpgrade.labelNamespace.image.pullPolicy }}
args:
- label
- ns
- {{ .Release.Namespace }}
{{- range .Values.postUpgrade.labelNamespace.extraNamespaces }}
- {{ . }}
{{- end }}
- admission.gatekeeper.sh/ignore=no-self-managing
- --overwrite
securityContext:
{{- toYaml .Values.postUpgrade.securityContext | nindent 12 }}
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: gatekeeper-update-namespace-label-post-upgrade
labels:
release: {{ .Release.Name }}
heritage: {{ .Release.Service }}
annotations:
"helm.sh/hook": post-upgrade
"helm.sh/hook-weight": "-5"
"helm.sh/hook-delete-policy": hook-succeeded,before-hook-creation
---
{{- if .Values.rbac.create }}
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: gatekeeper-update-namespace-label-post-upgrade
labels:
release: {{ .Release.Name }}
heritage: {{ .Release.Service }}
annotations:
"helm.sh/hook": post-upgrade
"helm.sh/hook-weight": "-5"
"helm.sh/hook-delete-policy": hook-succeeded,before-hook-creation
rules:
- apiGroups:
- ""
resources:
- namespaces
verbs:
- get
- update
- patch
resourceNames:
- {{ .Release.Namespace }}
{{- range .Values.postUpgrade.labelNamespace.extraNamespaces }}
- {{ . }}
{{- end }}
{{- end }}
---
{{- if .Values.rbac.create }}
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: gatekeeper-update-namespace-label-post-upgrade
labels:
release: {{ .Release.Name }}
heritage: {{ .Release.Service }}
annotations:
"helm.sh/hook": post-upgrade
"helm.sh/hook-weight": "-5"
"helm.sh/hook-delete-policy": hook-succeeded,before-hook-creation
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: gatekeeper-update-namespace-label-post-upgrade
subjects:
- kind: ServiceAccount
name: gatekeeper-update-namespace-label-post-upgrade
namespace: {{ .Release.Namespace | quote }}
{{- end }}
{{- end }}