Skip to content

Commit

Permalink
Merge pull request #159 from datawire/nkrause/crd-cleanup
Browse files Browse the repository at this point in the history
Fix CRD cleanup hook so it actually works
  • Loading branch information
iNoahNothing authored Jan 8, 2021
2 parents 9a899bb + 102cab5 commit 02a90bf
Show file tree
Hide file tree
Showing 3 changed files with 89 additions and 12 deletions.
4 changes: 4 additions & 0 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,10 @@ numbering uses [semantic versioning](http://semver.org).

## Next Release

## v6.5.16

- Bugfix: Ambassador CRD cleanup will now execute as expected.

## v6.5.15

- Bugfix: Ambassador RBAC now includes permissions for IngressClasses.
Expand Down
4 changes: 1 addition & 3 deletions Chart.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@ appVersion: 1.10.0
ossVersion: 1.10.0
description: A Helm chart for Datawire Ambassador
name: ambassador
version: 6.5.15
version: 6.5.16
icon: https://www.getambassador.io/images/logo.png
home: https://www.getambassador.io/
sources:
Expand All @@ -23,6 +23,4 @@ maintainers:
email: [email protected]
- name: lukeshu
email: [email protected]
- name: inercia
email: [email protected]
engine: gotpl
93 changes: 84 additions & 9 deletions templates/crd-delete.yaml
Original file line number Diff line number Diff line change
@@ -1,13 +1,89 @@
{{- if and .Values.crds.enabled (not .Values.crds.keep)}}
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: {{ include "ambassador.serviceAccountName" . }}-crd-delete
namespace: {{ include "ambassador.namespace" . }}
annotations:
"helm.sh/hook": post-delete
"helm.sh/hook-delete-policy": hook-succeeded
"helm.sh/hook-weight": "1"
labels:
app.kubernetes.io/name: {{ include "ambassador.name" . }}
app.kubernetes.io/part-of: {{ .Release.Name }}
helm.sh/chart: {{ include "ambassador.chart" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
{{- if .Values.deploymentTool }}
app.kubernetes.io/managed-by: {{ .Values.deploymentTool }}
{{- else }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
{{- end }}
product: aes
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRole
metadata:
name: {{ include "ambassador.rbacName" . }}-crd-delete
namespace: {{ include "ambassador.namespace" . }}
annotations:
"helm.sh/hook": post-delete
"helm.sh/hook-delete-policy": hook-succeeded
"helm.sh/hook-weight": "1"
labels:
app.kubernetes.io/name: {{ include "ambassador.name" . }}
app.kubernetes.io/part-of: {{ .Release.Name }}
helm.sh/chart: {{ include "ambassador.chart" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
{{- if .Values.deploymentTool }}
app.kubernetes.io/managed-by: {{ .Values.deploymentTool }}
{{- else }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
{{- end }}
product: aes
rules:
- apiGroups: [ "apiextensions.k8s.io" ]
resources: [ "customresourcedefinitions" ]
verbs: ["get", "list", "watch", "delete"]
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRoleBinding
metadata:
name: {{ include "ambassador.rbacName" . }}-crd-delete
namespace: {{ include "ambassador.namespace" . }}
annotations:
"helm.sh/hook": post-delete
"helm.sh/hook-delete-policy": hook-succeeded
"helm.sh/hook-weight": "1"
labels:
app.kubernetes.io/name: {{ include "ambassador.name" . }}
app.kubernetes.io/part-of: {{ .Release.Name }}
helm.sh/chart: {{ include "ambassador.chart" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
{{- if .Values.deploymentTool }}
app.kubernetes.io/managed-by: {{ .Values.deploymentTool }}
{{- else }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
{{- end }}
product: aes
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: {{ include "ambassador.rbacName" . }}-crd-delete
subjects:
- name: {{ include "ambassador.serviceAccountName" . }}-crd-delete
namespace: {{ include "ambassador.namespace" . }}
kind: ServiceAccount
---
apiVersion: batch/v1
kind: Job
metadata:
name: {{ include "ambassador.fullname" . }}-crd-cleanup
namespace: {{ include "ambassador.namespace" . }}
annotations:
"helm.sh/hook": pre-delete
"helm.sh/hook-weight": "3"
"helm.sh/hook": post-delete
"helm.sh/hook-delete-policy": hook-succeeded
"helm.sh/hook-weight": "3"
labels:
app.kubernetes.io/name: {{ include "ambassador.name" . }}
app.kubernetes.io/part-of: {{ .Release.Name }}
Expand All @@ -34,15 +110,14 @@ spec:
{{- end }}
spec:
{{- if .Values.rbac.create }}
serviceAccountName: {{ include "ambassador.serviceAccountName" . }}
serviceAccountName: {{ include "ambassador.serviceAccountName" . }}-crd-delete
{{- end }}
containers:
- name: kubectl
image: "k8s.gcr.io/hyperkube:v1.12.1"
command:
- /bin/sh
- -c
- >
kubectl delete crds -l app.kubernetes.io/name=ambassador
image: "buoyantio/kubectl"
args:
- delete
- crds
- -l app.kubernetes.io/name=ambassador
restartPolicy: OnFailure
{{- end }}

0 comments on commit 02a90bf

Please sign in to comment.