mirror of https://git.rancher.io/charts
145 lines
4.9 KiB
YAML
145 lines
4.9 KiB
YAML
{{- if and (or (not .Values.disableValidatingWebhook) (not .Values.disableMutation)) .Values.preUninstall.deleteWebhookConfigurations.enabled }}
|
|
apiVersion: batch/v1
|
|
kind: Job
|
|
metadata:
|
|
name: gatekeeper-delete-webhook-configs
|
|
namespace: {{ .Release.Namespace | quote }}
|
|
labels:
|
|
app: '{{ template "gatekeeper.name" . }}'
|
|
chart: '{{ template "gatekeeper.name" . }}'
|
|
gatekeeper.sh/system: "yes"
|
|
heritage: '{{ .Release.Service }}'
|
|
release: '{{ .Release.Name }}'
|
|
annotations:
|
|
"helm.sh/hook": pre-delete
|
|
"helm.sh/hook-weight": "-5"
|
|
"helm.sh/hook-delete-policy": hook-succeeded,before-hook-creation
|
|
spec:
|
|
template:
|
|
metadata:
|
|
annotations:
|
|
{{- toYaml .Values.podAnnotations | trim | nindent 8 }}
|
|
labels:
|
|
{{- include "gatekeeper.podLabels" . }}
|
|
app: '{{ template "gatekeeper.name" . }}'
|
|
chart: '{{ template "gatekeeper.name" . }}'
|
|
gatekeeper.sh/system: "yes"
|
|
heritage: '{{ .Release.Service }}'
|
|
release: '{{ .Release.Name }}'
|
|
spec:
|
|
restartPolicy: OnFailure
|
|
{{- if .Values.preUninstall.deleteWebhookConfigurations.image.pullSecrets }}
|
|
imagePullSecrets:
|
|
{{- .Values.preUninstall.deleteWebhookConfigurations.image.pullSecrets | toYaml | nindent 12 }}
|
|
{{- end }}
|
|
serviceAccount: gatekeeper-delete-webhook-configs
|
|
{{- if .Values.preUninstall.deleteWebhookConfigurations.priorityClassName }}
|
|
priorityClassName: {{ .Values.preUninstall.deleteWebhookConfigurations.priorityClassName }}
|
|
{{- end }}
|
|
containers:
|
|
- name: kubectl-delete
|
|
image: '{{ template "system_default_registry" . }}{{ .Values.preUninstall.deleteWebhookConfigurations.image.repository }}:{{ .Values.preUninstall.deleteWebhookConfigurations.image.tag }}'
|
|
imagePullPolicy: {{ .Values.preUninstall.deleteWebhookConfigurations.image.pullPolicy }}
|
|
args:
|
|
- delete
|
|
{{- if not .Values.disableValidatingWebhook }}
|
|
- validatingwebhookconfiguration/{{ .Values.validatingWebhookName }}
|
|
{{- end }}
|
|
{{- if not .Values.disableMutation }}
|
|
- mutatingwebhookconfiguration/{{ .Values.mutatingWebhookName }}
|
|
{{- end }}
|
|
resources:
|
|
{{- toYaml .Values.preUninstall.resources | nindent 12 }}
|
|
securityContext:
|
|
{{- if .Values.enableRuntimeDefaultSeccompProfile }}
|
|
seccompProfile:
|
|
type: RuntimeDefault
|
|
{{- end }}
|
|
{{- toYaml .Values.preUninstall.securityContext | nindent 12 }}
|
|
{{- with .Values.preUninstall }}
|
|
nodeSelector: {{ include "linux-node-selector" . | nindent 8 }}
|
|
{{- if .nodeSelector }}
|
|
{{ toYaml .nodeSelector | indent 8 }}
|
|
{{- end }}
|
|
tolerations: {{ include "linux-node-tolerations" . | nindent 8 }}
|
|
{{- if .tolerations }}
|
|
{{ toYaml .tolerations | indent 8 }}
|
|
{{- end }}
|
|
affinity:
|
|
{{- toYaml .affinity | nindent 8 }}
|
|
{{- end }}
|
|
---
|
|
apiVersion: v1
|
|
kind: ServiceAccount
|
|
metadata:
|
|
name: gatekeeper-delete-webhook-configs
|
|
namespace: {{ .Release.Namespace | quote }}
|
|
labels:
|
|
release: {{ .Release.Name }}
|
|
heritage: {{ .Release.Service }}
|
|
annotations:
|
|
"helm.sh/hook": pre-delete
|
|
"helm.sh/hook-weight": "-5"
|
|
"helm.sh/hook-delete-policy": hook-succeeded,before-hook-creation
|
|
---
|
|
{{- if .Values.rbac.create }}
|
|
apiVersion: rbac.authorization.k8s.io/v1
|
|
kind: ClusterRole
|
|
metadata:
|
|
name: gatekeeper-delete-webhook-configs
|
|
labels:
|
|
release: {{ .Release.Name }}
|
|
heritage: {{ .Release.Service }}
|
|
annotations:
|
|
"helm.sh/hook": pre-delete
|
|
"helm.sh/hook-weight": "-5"
|
|
"helm.sh/hook-delete-policy": hook-succeeded,before-hook-creation
|
|
rules:
|
|
{{- if not .Values.disableValidatingWebhook }}
|
|
- apiGroups:
|
|
- admissionregistration.k8s.io
|
|
resources:
|
|
- validatingwebhookconfigurations
|
|
resourceNames:
|
|
- {{ .Values.validatingWebhookName }}
|
|
verbs:
|
|
- delete
|
|
{{- end }}
|
|
{{- if not .Values.disableMutation }}
|
|
- apiGroups:
|
|
- admissionregistration.k8s.io
|
|
resources:
|
|
- mutatingwebhookconfigurations
|
|
resourceNames:
|
|
- {{ .Values.mutatingWebhookName }}
|
|
verbs:
|
|
- delete
|
|
{{- end }}
|
|
{{- with .Values.preUninstall.deleteWebhookConfigurations.extraRules }}
|
|
{{- toYaml . | nindent 2 }}
|
|
{{- end }}
|
|
{{- end }}
|
|
---
|
|
{{- if .Values.rbac.create }}
|
|
apiVersion: rbac.authorization.k8s.io/v1
|
|
kind: ClusterRoleBinding
|
|
metadata:
|
|
name: gatekeeper-delete-webhook-configs
|
|
labels:
|
|
release: {{ .Release.Name }}
|
|
heritage: {{ .Release.Service }}
|
|
annotations:
|
|
"helm.sh/hook": pre-delete
|
|
"helm.sh/hook-weight": "-5"
|
|
"helm.sh/hook-delete-policy": hook-succeeded,before-hook-creation
|
|
roleRef:
|
|
apiGroup: rbac.authorization.k8s.io
|
|
kind: ClusterRole
|
|
name: gatekeeper-delete-webhook-configs
|
|
subjects:
|
|
- kind: ServiceAccount
|
|
name: gatekeeper-delete-webhook-configs
|
|
namespace: {{ .Release.Namespace | quote }}
|
|
{{- end }}
|
|
{{- end }}
|