andata
/
rancher-partner-charts
mirror of https://git.rancher.io/partner-charts
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
rancher-partner-charts/charts/kongmesh/kuma/0.8.101/templates/pre-install-patch-namespace...

92 lines
2.7 KiB
YAML
Raw Blame History

{{- if .Values.patchSystemNamespace }}
{{- $serviceAccountName := printf "%s-patch-ns-job" (include "kuma.name" .) }}
apiVersion: v1
kind: ServiceAccount
metadata:
name: {{ $serviceAccountName }}
namespace: {{ .Release.Namespace }}
annotations:
"helm.sh/hook": "pre-install"
"helm.sh/hook-delete-policy": "before-hook-creation,hook-succeeded,hook-failed"
labels:
{{- include "kuma.labels" . | nindent 4 }}
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: {{ include "kuma.name" . }}-patch-ns-job
namespace: {{ .Release.Namespace }}
annotations:
"helm.sh/hook": "pre-install"
"helm.sh/hook-delete-policy": "before-hook-creation,hook-succeeded,hook-failed"
labels:
{{- include "kuma.labels" . | nindent 4 }}
rules:
- apiGroups:
- ""
resources:
- namespaces
resourceNames:
- {{ .Release.Namespace }}
verbs:
- get
- patch
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: {{ include "kuma.name" . }}-patch-ns-job
namespace: {{ .Release.Namespace }}
annotations:
"helm.sh/hook": "pre-install"
"helm.sh/hook-delete-policy": "before-hook-creation,hook-succeeded,hook-failed"
labels:
{{- include "kuma.labels" . | nindent 4 }}
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: {{ include "kuma.name" . }}-patch-ns-job
subjects:
- kind: ServiceAccount
name: {{ $serviceAccountName }}
namespace: {{ .Release.Namespace }}
---
apiVersion: batch/v1
kind: Job
metadata:
name: {{ template "kuma.name" . }}-patch-ns
namespace: {{ .Release.Namespace }}
labels:
{{ include "kuma.labels" . | nindent 4 }}
annotations:
"helm.sh/hook": "pre-install"
{{/* Ensure the job is created after the RBAC resources */}}
"helm.sh/hook-weight": "5"
"helm.sh/hook-delete-policy": "before-hook-creation,hook-succeeded,hook-failed"
spec:
template:
metadata:
name: {{ template "kuma.name" . }}-patch-ns-script
labels:
{{ include "kuma.labels" . | nindent 8 }}
spec:
serviceAccountName: {{ $serviceAccountName }}
{{- with .Values.hooks.nodeSelector }}
nodeSelector:
{{ toYaml . | nindent 8 }}
{{- end }}
restartPolicy: OnFailure
containers:
- name: pre-install-job
image: {{ include "kubectl.formatImage" (dict "image" .Values.kubectl.image "root" $) | quote }}
command:
- 'kubectl'
- 'patch'
- 'namespace'
- {{ .Release.Namespace | quote }}
- '--type'
- 'merge'
- '--patch'
- '{ "metadata": { "labels": { "kuma.io/system-namespace": "true" } } }'
{{- end }}
Reference in New Issue View Git Blame Copy Permalink