apiVersion: v1
kind: ServiceAccount
metadata:
  name: {{ template "px.hookServiceAccount" . }}
  namespace: kube-system
  annotations:
    "helm.sh/hook-delete-policy": before-hook-creation
    "helm.sh/hook": "post-install,pre-delete,post-delete"
  labels:
    heritage: {{ .Release.Service }}
    release: {{ .Release.Name }}
    app.kubernetes.io/managed-by: {{.Release.Service | quote }}
    app.kubernetes.io/instance: {{.Release.Name | quote }}
    chart: "{{.Chart.Name}}-{{.Chart.Version}}"
---
kind: ClusterRole
apiVersion: {{ template "rbac.apiVersion" . }}
metadata:
  annotations:
    "helm.sh/hook-delete-policy": before-hook-creation
    "helm.sh/hook": "post-install,pre-delete,post-delete"
  name: {{ template "px.hookClusterRole" . }}
rules:
- apiGroups: [""]
  resources: ["nodes"]
  verbs: ["patch", "get", "update", "list"]
---
kind: ClusterRoleBinding
apiVersion: {{ template "rbac.apiVersion" . }}
metadata:
  annotations:
    "helm.sh/hook-delete-policy": before-hook-creation
    "helm.sh/hook": "post-install,pre-delete,post-delete"
  name: {{ template "px.hookClusterRoleBinding" . }}
subjects:
- kind: ServiceAccount
  name: {{ template "px.hookServiceAccount" . }}
  namespace: kube-system
roleRef:
  kind: ClusterRole
  name: {{ template "px.hookClusterRole" . }}
  apiGroup: rbac.authorization.k8s.io