Skip to content

Commit

Permalink
Merge pull request #658 from aramase/automated-cherry-pick-of-#656-up…
Browse files Browse the repository at this point in the history 
…stream-release-0.1

Automated cherry pick of #656: feat: add keep-crd upgrade hook
  • Loading branch information
@k8s-ci-robot
k8s-ci-robot authored Jul 23, 2021
2 parents 544a0f9 + 1811157 commit 1a1ddca
Show file tree
Hide file tree
Showing 3 changed files with 109 additions and 24 deletions.
53 changes: 29 additions & 24 deletions manifest_staging/charts/secrets-store-csi-driver/templates/crds-upgrade-hook.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,8 @@ metadata:
{{ include "sscd.labels" . | indent 2 }}
annotations:
helm.sh/hook: pre-install,pre-upgrade
helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded
helm.sh/hook-delete-policy: "hook-succeeded,before-hook-creation"
helm.sh/hook-weight: "1"
rules:
- apiGroups: ["apiextensions.k8s.io"]
resources: ["customresourcedefinitions"]
Expand All @@ -18,7 +19,8 @@ metadata:
{{ include "sscd.labels" . | indent 2 }}
annotations:
helm.sh/hook: pre-install,pre-upgrade
helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded
helm.sh/hook-delete-policy: "hook-succeeded,before-hook-creation"
helm.sh/hook-weight: "1"
subjects:
- kind: ServiceAccount
name: {{ template "sscd.fullname" . }}-upgrade-crds
Expand All @@ -36,31 +38,34 @@ metadata:
{{ include "sscd.labels" . | indent 2 }}
annotations:
helm.sh/hook: pre-install,pre-upgrade
helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded
helm.sh/hook-delete-policy: "hook-succeeded,before-hook-creation"
helm.sh/hook-weight: "1"
---
apiVersion: v1
kind: Pod
apiVersion: batch/v1
kind: Job
metadata:
name: {{ template "sscd.fullname" . }}-upgrade-crds
namespace: {{ .Release.Namespace }}
annotations:
helm.sh/hook: pre-install,pre-upgrade
helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded
{{ include "sscd.labels" . | indent 2 }}
annotations:
helm.sh/hook: pre-upgrade
helm.sh/hook-weight: "1"
helm.sh/hook-delete-policy: "hook-succeeded,before-hook-creation"
spec:
serviceAccountName: {{ template "sscd.fullname" . }}-upgrade-crds
restartPolicy: OnFailure
containers:
- name: crds-upgrade
image: "{{ .Values.linux.crds.image.repository }}:{{ .Values.linux.crds.image.tag }}"
args:
- apply
- -f
- crds/
imagePullPolicy: {{ .Values.linux.crds.image.pullPolicy }}
{{- if .Values.imagePullSecrets }}
imagePullSecrets:
{{ toYaml .Values.imagePullSecrets | indent 4 }}
{{- end }}
nodeSelector:
kubernetes.io/os: linux
backoffLimit: 0
template:
metadata:
name: {{ template "sscd.fullname" . }}-upgrade-crds
spec:
serviceAccountName: {{ template "sscd.fullname" . }}-upgrade-crds
restartPolicy: Never
containers:
- name: crds-upgrade
image: "{{ .Values.linux.crds.image.repository }}:{{ .Values.linux.crds.image.tag }}"
args:
- apply
- -f
- crds/
imagePullPolicy: {{ .Values.linux.crds.image.pullPolicy }}
nodeSelector:
kubernetes.io/os: linux
74 changes: 74 additions & 0 deletions manifest_staging/charts/secrets-store-csi-driver/templates/keep-crds-upgrade-hook.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,74 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: {{ template "sscd.fullname" . }}-keep-crds
{{ include "sscd.labels" . | indent 2 }}
annotations:
helm.sh/hook: pre-upgrade
helm.sh/hook-delete-policy: "hook-succeeded,before-hook-creation"
helm.sh/hook-weight: "2"
rules:
- apiGroups: ["apiextensions.k8s.io"]
resources: ["customresourcedefinitions"]
verbs: ["get", "patch"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: {{ template "sscd.fullname" . }}-keep-crds
{{ include "sscd.labels" . | indent 2 }}
annotations:
helm.sh/hook: pre-upgrade
helm.sh/hook-delete-policy: "hook-succeeded,before-hook-creation"
helm.sh/hook-weight: "2"
subjects:
- kind: ServiceAccount
name: {{ template "sscd.fullname" . }}-keep-crds
namespace: {{ .Release.Namespace }}
roleRef:
kind: ClusterRole
name: {{ template "sscd.fullname" . }}-keep-crds
apiGroup: rbac.authorization.k8s.io
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: {{ template "sscd.fullname" . }}-keep-crds
namespace: {{ .Release.Namespace }}
{{ include "sscd.labels" . | indent 2 }}
annotations:
helm.sh/hook: pre-upgrade
helm.sh/hook-delete-policy: "hook-succeeded,before-hook-creation"
helm.sh/hook-weight: "2"
---
apiVersion: batch/v1
kind: Job
metadata:
name: {{ template "sscd.fullname" . }}-keep-crds
namespace: {{ .Release.Namespace }}
{{ include "sscd.labels" . | indent 2 }}
annotations:
helm.sh/hook: pre-upgrade
helm.sh/hook-weight: "2"
helm.sh/hook-delete-policy: "hook-succeeded,before-hook-creation"
spec:
backoffLimit: 0
template:
metadata:
name: {{ template "sscd.fullname" . }}-keep-crds
spec:
serviceAccountName: {{ template "sscd.fullname" . }}-keep-crds
restartPolicy: Never
containers:
- name: crds-keep
image: "{{ .Values.linux.crds.image.repository }}:{{ .Values.linux.crds.image.tag }}"
args:
- patch
- crd
- secretproviderclasses.secrets-store.csi.x-k8s.io
- secretproviderclasspodstatuses.secrets-store.csi.x-k8s.io
- -p
- '{"metadata":{"annotations": {"helm.sh/resource-policy": "keep"}}}'
imagePullPolicy: {{ .Values.linux.crds.image.pullPolicy }}
nodeSelector:
kubernetes.io/os: linux
6 changes: 6 additions & 0 deletions test/bats/azure.bats
View file
Original file line number Diff line number Diff line change
Expand Up @@ -403,6 +403,12 @@ setup() {
run helm upgrade csi-secrets-store "${chart_dir}" --reuse-values --set filteredWatchSecret=false --wait --timeout=5m -v=5 --debug --namespace kube-system
assert_success

cmd="kubectl get crd secretproviderclasses.secrets-store.csi.x-k8s.io -o yaml | grep 'helm.sh/resource-policy: keep'"
wait_for_process $WAIT_TIME $SLEEP_TIME "$cmd"

cmd="kubectl get crd secretproviderclasspodstatuses.secrets-store.csi.x-k8s.io -o yaml | grep 'helm.sh/resource-policy: keep'"
wait_for_process $WAIT_TIME $SLEEP_TIME "$cmd"

kubectl create ns non-filtered-watch
kubectl create secret generic secrets-store-creds --from-literal clientid=${AZURE_CLIENT_ID} --from-literal clientsecret=${AZURE_CLIENT_SECRET} -n non-filtered-watch

Expand Down

0 comments on commit 1a1ddca

Please sign in to comment.