From 229988a2fe810905a89497f6f35b2393d239004b Mon Sep 17 00:00:00 2001 From: Kate Goldenring Date: Tue, 5 Nov 2024 14:36:09 -0800 Subject: [PATCH] Add Helm pre-delete hook to remove configurations before Akri chart cleanup Signed-off-by: Kate Goldenring --- deployment/helm/templates/pre-delete-job.yaml | 36 +++++++++++++++++++ deployment/helm/templates/rbac.yaml | 35 ++++++++++++++++++ deployment/helm/values.yaml | 7 ++++ 3 files changed, 78 insertions(+) create mode 100644 deployment/helm/templates/pre-delete-job.yaml diff --git a/deployment/helm/templates/pre-delete-job.yaml b/deployment/helm/templates/pre-delete-job.yaml new file mode 100644 index 000000000..28e5ea500 --- /dev/null +++ b/deployment/helm/templates/pre-delete-job.yaml @@ -0,0 +1,36 @@ +{{- if .Values.cleanupHook.enabled }} +apiVersion: batch/v1 +kind: Job +metadata: + name: "{{ .Release.Name }}" + labels: + app.kubernetes.io/managed-by: {{ .Release.Service | quote }} + app.kubernetes.io/instance: {{ .Release.Name | quote }} + app.kubernetes.io/version: {{ .Chart.AppVersion }} + helm.sh/chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" + annotations: + # This is what defines this resource as a hook. Without this line, the + # job is considered part of the release. + "helm.sh/hook": pre-delete + "helm.sh/hook-weight": "-5" + "helm.sh/hook-delete-policy": hook-succeeded +spec: + template: + metadata: + name: "{{ .Release.Name }}" + labels: + app.kubernetes.io/managed-by: {{ .Release.Service | quote }} + app.kubernetes.io/instance: {{ .Release.Name | quote }} + helm.sh/chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" + app.kubernetes.io/component: helm-hook + spec: + restartPolicy: Never + serviceAccountName: akri-helm-hook-sa + containers: + - name: delete-configurations + image: curlimages/curl:latest + command: ["/bin/sh", "-c"] + args: [ + "curl -ik -X DELETE -H \"Authorization: Bearer $(cat /var/run/secrets/kubernetes.io/serviceaccount/token)\" https://kubernetes.default.svc.cluster.local/apis/akri.sh/v0/namespaces/{{ .Release.Namespace }}/configurations" + ] +{{- end }} \ No newline at end of file diff --git a/deployment/helm/templates/rbac.yaml b/deployment/helm/templates/rbac.yaml index 80ac088a2..bb36bc2a6 100644 --- a/deployment/helm/templates/rbac.yaml +++ b/deployment/helm/templates/rbac.yaml @@ -90,4 +90,39 @@ subjects: - kind: 'ServiceAccount' name: 'akri-agent-sa' namespace: {{ .Release.Namespace }} +{{- if .Values.cleanupHook.enabled }} +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: akri-helm-hook-sa + labels: + app.kubernetes.io/component: helm-hook +--- +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: "akri-helm-hook-role" + labels: + app.kubernetes.io/component: helm-hook +rules: +- apiGroups: ["akri.sh"] + resources: ["configurations"] + verbs: ["deletecollection"] +--- +apiVersion: 'rbac.authorization.k8s.io/v1' +kind: 'ClusterRoleBinding' +metadata: + name: "akri-helm-hook-biding" + labels: + app.kubernetes.io/component: helm-hook +roleRef: + apiGroup: '' + kind: 'ClusterRole' + name: 'akri-helm-hook-role' +subjects: + - kind: 'ServiceAccount' + name: 'akri-helm-hook-sa' + namespace: {{ .Release.Namespace }} +{{- end }} {{- end }} \ No newline at end of file diff --git a/deployment/helm/values.yaml b/deployment/helm/values.yaml index f7ebb54b3..f51c14485 100644 --- a/deployment/helm/values.yaml +++ b/deployment/helm/values.yaml @@ -16,6 +16,13 @@ useDevelopmentContainers: true # This can be set from the helm command line using `--set imagePullSecrets[0].name="mysecret"` imagePullSecrets: [] +cleanupHook: + # enabled defines whether to enable the Helm pre-delete hook to cleanup + # Configurations during chart deletion. Also applies associated RBAC for the + # hook. More information on Helm hooks: + # https://helm.sh/docs/topics/charts_hooks/ + enabled: true + # generalize references to `apiGroups` and `apiVersion` values for Akri CRDs crds: group: akri.sh