85 lines
2.3 KiB
YAML
85 lines
2.3 KiB
YAML
apiVersion: v1
|
|
kind: ServiceAccount
|
|
metadata:
|
|
name: pre-delete
|
|
labels:
|
|
app.kubernetes.io/part-of: nginx-service-mesh
|
|
annotations:
|
|
"helm.sh/hook": pre-delete
|
|
"helm.sh/hook-delete-policy": hook-succeeded,hook-failed
|
|
"helm.sh/hook-weight": "-5"
|
|
imagePullSecrets:
|
|
- name: {{ include "registry-key-name" . }}
|
|
---
|
|
apiVersion: rbac.authorization.k8s.io/v1
|
|
kind: Role
|
|
metadata:
|
|
name: pre-delete
|
|
labels:
|
|
app.kubernetes.io/part-of: nginx-service-mesh
|
|
annotations:
|
|
"helm.sh/hook": pre-delete
|
|
"helm.sh/hook-delete-policy": hook-succeeded,hook-failed
|
|
"helm.sh/hook-weight": "-5"
|
|
rules:
|
|
- apiGroups: [""]
|
|
resources: ["configmaps"]
|
|
resourceNames: ["meshconfig"]
|
|
verbs: ["get", "patch"]
|
|
- apiGroups: ["nsm.nginx.com"]
|
|
resources: ["meshconfigs"]
|
|
resourceNames: ["nginx-mesh-config"]
|
|
verbs: ["get", "list"]
|
|
---
|
|
apiVersion: rbac.authorization.k8s.io/v1
|
|
kind: RoleBinding
|
|
metadata:
|
|
name: pre-delete
|
|
labels:
|
|
app.kubernetes.io/part-of: nginx-service-mesh
|
|
annotations:
|
|
"helm.sh/hook": pre-delete
|
|
"helm.sh/hook-delete-policy": hook-succeeded,hook-failed
|
|
"helm.sh/hook-weight": "-5"
|
|
roleRef:
|
|
apiGroup: rbac.authorization.k8s.io
|
|
kind: Role
|
|
name: pre-delete
|
|
subjects:
|
|
- kind: ServiceAccount
|
|
name: pre-delete
|
|
namespace: {{ .Release.Namespace }}
|
|
---
|
|
apiVersion: batch/v1
|
|
kind: Job
|
|
metadata:
|
|
name: turn-proxies-transparent
|
|
labels:
|
|
app.kubernetes.io/part-of: nginx-service-mesh
|
|
annotations:
|
|
"helm.sh/hook": pre-delete
|
|
"helm.sh/hook-delete-policy": hook-succeeded,hook-failed
|
|
"helm.sh/hook-weight": "0"
|
|
spec:
|
|
template:
|
|
metadata:
|
|
name: turn-proxies-transparent
|
|
spec:
|
|
restartPolicy: Never
|
|
serviceAccountName: pre-delete
|
|
containers:
|
|
- name: turn-proxies-transparent
|
|
image: {{ include "hook.image-server" . }}/kubectl
|
|
imagePullPolicy: {{ .Values.registry.imagePullPolicy }}
|
|
securityContext:
|
|
allowPrivilegeEscalation: false
|
|
privileged: false
|
|
runAsUser: 101 #nginx
|
|
command:
|
|
- /bin/sh
|
|
- -c
|
|
- |
|
|
kubectl -n {{ .Release.Namespace }} patch configmap/meshconfig --type merge -p '{"data":{"transparent": "true"}}'
|
|
kubectl -n {{ .Release.Namespace }} wait --timeout 15s --for=jsonpath='{.status.transparent}'=true meshconfigs/nginx-mesh-config
|
|
exit 0
|