186 lines
5.7 KiB
YAML
186 lines
5.7 KiB
YAML
{{- if .Values.preflight.enabled -}}
|
|
{{- template "k8s-triliovault-operator.preFlightValidation" . }}
|
|
---
|
|
apiVersion: rbac.authorization.k8s.io/v1
|
|
kind: ClusterRole
|
|
metadata:
|
|
name: {{template "k8s-triliovault-operator.name" .}}-{{.Release.Namespace}}-preflight-role
|
|
labels:
|
|
{{- include "k8s-triliovault-operator.labels" . | nindent 4 }}
|
|
app.kubernetes.io/instance: {{template "k8s-triliovault-operator.appName" .}}-preflight-role
|
|
annotations:
|
|
"helm.sh/hook": "pre-install"
|
|
"helm.sh/hook-delete-policy": hook-failed, hook-succeeded
|
|
"helm.sh/hook-weight": "1"
|
|
rules:
|
|
- apiGroups:
|
|
- '*'
|
|
resources:
|
|
- '*'
|
|
verbs:
|
|
- get
|
|
- list
|
|
- apiGroups:
|
|
- apiextensions.k8s.io
|
|
resources:
|
|
- customresourcedefinitions
|
|
verbs:
|
|
- create
|
|
- update
|
|
- delete
|
|
- patch
|
|
- apiGroups:
|
|
- ""
|
|
resources:
|
|
- serviceaccounts
|
|
- pods
|
|
- persistentvolumeclaims
|
|
- pods/exec
|
|
verbs:
|
|
- create
|
|
- update
|
|
- delete
|
|
- patch
|
|
- apiGroups:
|
|
- rbac.authorization.k8s.io
|
|
resources:
|
|
- clusterroles
|
|
- clusterrolebindings
|
|
verbs:
|
|
- create
|
|
- update
|
|
- delete
|
|
- patch
|
|
- apiGroups:
|
|
- ""
|
|
resources:
|
|
- namespaces
|
|
verbs:
|
|
- get
|
|
- list
|
|
- apiGroups:
|
|
- batch
|
|
resources:
|
|
- jobs
|
|
verbs:
|
|
- create
|
|
- delete
|
|
- apiGroups:
|
|
- storage.k8s.io
|
|
resources:
|
|
- storageclasses
|
|
verbs:
|
|
- get
|
|
- list
|
|
- apiGroups:
|
|
- snapshot.storage.k8s.io
|
|
resources:
|
|
- volumesnapshots
|
|
- volumesnapshotclasses
|
|
verbs:
|
|
- get
|
|
- list
|
|
- create
|
|
- update
|
|
- delete
|
|
- patch
|
|
|
|
---
|
|
{{- if eq .Values.svcAccountName "" }}
|
|
apiVersion: v1
|
|
kind: ServiceAccount
|
|
metadata:
|
|
name: {{ template "k8s-triliovault-operator.preflightServiceAccountName" . }}
|
|
namespace: {{ .Release.Namespace }}
|
|
labels:
|
|
{{- include "k8s-triliovault-operator.labels" . | nindent 4 }}
|
|
app.kubernetes.io/instance: {{ template "k8s-triliovault-operator.appName" . }}-preflight-service-account
|
|
annotations:
|
|
"helm.sh/hook": "pre-install"
|
|
"helm.sh/hook-delete-policy": hook-failed, hook-succeeded
|
|
"helm.sh/hook-weight": "2"
|
|
{{- end }}
|
|
---
|
|
apiVersion: rbac.authorization.k8s.io/v1
|
|
kind: ClusterRoleBinding
|
|
metadata:
|
|
name: {{ template "k8s-triliovault-operator.name" . }}-{{ .Release.Namespace }}-preflight-rolebinding
|
|
labels:
|
|
{{- include "k8s-triliovault-operator.labels" . | nindent 4 }}
|
|
app.kubernetes.io/instance: {{ template "k8s-triliovault-operator.appName" . }}-preflight-rolebinding
|
|
annotations:
|
|
"helm.sh/hook": "pre-install"
|
|
"helm.sh/hook-delete-policy": hook-failed, hook-succeeded
|
|
"helm.sh/hook-weight": "3"
|
|
roleRef:
|
|
apiGroup: rbac.authorization.k8s.io
|
|
kind: ClusterRole
|
|
name: {{ template "k8s-triliovault-operator.name" . }}-{{ .Release.Namespace }}-preflight-role
|
|
subjects:
|
|
- kind: ServiceAccount
|
|
name: {{ template "k8s-triliovault-operator.preflightServiceAccountName" . }}
|
|
namespace: {{ .Release.Namespace }}
|
|
|
|
---
|
|
apiVersion: batch/v1
|
|
kind: Job
|
|
metadata:
|
|
name: {{ template "k8s-triliovault-operator.name" . }}-preflight-job-preinstall-hook-{{ randAlphaNum 4 | lower }}
|
|
namespace: {{ .Release.Namespace }}
|
|
labels:
|
|
app: {{ template "k8s-triliovault-operator.fullname" . }}
|
|
release: "{{ .Release.Name }}"
|
|
{{- include "k8s-triliovault-operator.labels" . | nindent 4 }}
|
|
app.kubernetes.io/instance: {{ template "k8s-triliovault-operator.appName" . }}-preflight-job-preinstall-hook
|
|
annotations:
|
|
"helm.sh/hook": "pre-install"
|
|
"helm.sh/hook-delete-policy": hook-succeeded
|
|
"helm.sh/hook-weight": "4"
|
|
spec:
|
|
backoffLimit: 0
|
|
ttlSecondsAfterFinished: 3600
|
|
template:
|
|
spec:
|
|
containers:
|
|
- name: preflight
|
|
image: {{ index .Values "registry" }}/{{ index .Values "preflight" "repository" }}:{{ index .Values "preflight" "imageTag" }}
|
|
imagePullPolicy: {{ .Values.image.pullPolicy | quote }}
|
|
command:
|
|
- /bin/sh
|
|
- -c
|
|
- >-
|
|
/opt/tvk-plugins/preflight run --in-cluster
|
|
--log-level={{ .Values.preflight.logLevel }}
|
|
--namespace={{ .Release.Namespace }}
|
|
{{- if .Values.preflight.cleanupOnFailure }}
|
|
--cleanup-on-failure
|
|
{{- end }}
|
|
{{- if .Values.preflight.imagePullSecret }}
|
|
--image-pull-secret={{ .Values.preflight.imagePullSecret }}
|
|
{{- end }}
|
|
{{- if .Values.preflight.limits }}
|
|
--limits={{ .Values.preflight.limits }}
|
|
{{- end }}
|
|
{{- if .Values.preflight.localRegistry }}
|
|
--local-registry={{ .Values.preflight.localRegistry }}
|
|
{{- end }}
|
|
{{- if .Values.preflight.nodeSelector }}
|
|
--node-selector={{ .Values.preflight.nodeSelector }}
|
|
{{- end }}
|
|
{{- if .Values.preflight.pvcStorageRequest }}
|
|
--pvc-storage-request={{ .Values.preflight.pvcStorageRequest }}
|
|
{{- end }}
|
|
{{- if .Values.preflight.requests }}
|
|
--requests={{ .Values.preflight.requests }}
|
|
{{- end }}
|
|
{{- if .Values.preflight.storageClass }}
|
|
--storage-class={{ .Values.preflight.storageClass }}
|
|
{{- end }}
|
|
{{- if .Values.preflight.volumeSnapshotClass }}
|
|
--volume-snapshot-class={{ .Values.preflight.volumeSnapshotClass }}
|
|
{{- end }}
|
|
restartPolicy: Never
|
|
terminationGracePeriodSeconds: 0
|
|
serviceAccountName: {{ template "k8s-triliovault-operator.preflightServiceAccountName" . }}
|
|
{{- end }}
|