103 lines
4.3 KiB
YAML
103 lines
4.3 KiB
YAML
{{- if and .Values.clusterApi .Values.openstack.enabled }}
|
||
apiVersion: batch/v1
|
||
kind: Job
|
||
metadata:
|
||
name: {{ printf "%s-%s" (include "cluster-addons.fullname" .) "purge-cloud-resources" | trunc 63 | trimSuffix "-" }}
|
||
labels: {{ include "cluster-addons.labels" . | nindent 4 }}
|
||
annotations:
|
||
helm.sh/hook: pre-delete
|
||
helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded
|
||
spec:
|
||
backoffLimit: {{ .Values.jobDefaults.backoffLimit }}
|
||
activeDeadlineSeconds: {{ .Values.jobDefaults.activeDeadlineSeconds }}
|
||
template:
|
||
metadata:
|
||
labels: {{ include "cluster-addons.selectorLabels" . | nindent 8 }}
|
||
spec:
|
||
{{- with .Values.jobDefaults.imagePullSecrets }}
|
||
imagePullSecrets: {{ toYaml . | nindent 8 }}
|
||
{{- end }}
|
||
securityContext: {{ toYaml .Values.jobDefaults.podSecurityContext | nindent 8 }}
|
||
restartPolicy: OnFailure
|
||
serviceAccountName: {{ tpl .Values.serviceAccount.name . }}
|
||
{{- if .Values.kubeconfigSecret.name }}
|
||
# Use an init container to install the kubeconfig file from the specified secret if required
|
||
# We don't use a regular volume for this because we need the hook not to block in the case
|
||
# where the secret is not available
|
||
initContainers:
|
||
- name: install-kubeconfig
|
||
image: {{
|
||
printf "%s:%s"
|
||
.Values.jobDefaults.image.repository
|
||
(default .Chart.AppVersion .Values.jobDefaults.image.tag)
|
||
}}
|
||
imagePullPolicy: {{ .Values.jobDefaults.image.pullPolicy }}
|
||
securityContext: {{ toYaml .Values.jobDefaults.securityContext | nindent 12 }}
|
||
args:
|
||
- /bin/bash
|
||
- -c
|
||
- |
|
||
set -ex
|
||
get_kubeconfig() {
|
||
kubectl get secret {{ tpl .Values.kubeconfigSecret.name . }} \
|
||
-n {{ .Release.Namespace }} \
|
||
-o go-template='{{ printf "{{ index .data \"%s\" | base64decode }}" .Values.kubeconfigSecret.key }}' \
|
||
> /config/auth/kubeconfig
|
||
}
|
||
get_kubeconfig || true
|
||
resources: {{ toYaml .Values.jobDefaults.resources | nindent 12 }}
|
||
volumeMounts:
|
||
- name: kubeconfig
|
||
mountPath: /config/auth
|
||
{{- end }}
|
||
containers:
|
||
- name: purge-cloud-resources
|
||
image: {{
|
||
printf "%s:%s"
|
||
.Values.jobDefaults.image.repository
|
||
(default .Chart.AppVersion .Values.jobDefaults.image.tag)
|
||
}}
|
||
imagePullPolicy: {{ .Values.jobDefaults.image.pullPolicy }}
|
||
securityContext: {{ toYaml .Values.jobDefaults.securityContext | nindent 12 }}
|
||
# We can only make a best effort to delete the resources as we don't want the hook to block
|
||
# So we bail without an error if the kubeconfig doesn't exist, the API is not reachable or
|
||
# the deletion fails
|
||
args:
|
||
- /bin/bash
|
||
- -c
|
||
- |
|
||
set -x
|
||
{{- if .Values.kubeconfigSecret.name }}
|
||
test -f "$KUBECONFIG" || exit 0
|
||
{{- end }}
|
||
kubectl version || exit 0
|
||
for ns in $(kubectl get ns -o jsonpath='{.items[*].metadata.name}'); do
|
||
for svc in $(kubectl get svc -n "$ns" -o jsonpath='{.items[?(@.spec.type == "LoadBalancer")].metadata.name}'); do
|
||
kubectl delete svc "$svc" -n "$ns" || true
|
||
done
|
||
done
|
||
{{- if .Values.kubeconfigSecret.name }}
|
||
env:
|
||
- name: KUBECONFIG
|
||
value: /config/auth/kubeconfig
|
||
{{- end }}
|
||
resources: {{ toYaml .Values.jobDefaults.resources | nindent 12 }}
|
||
volumeMounts:
|
||
- name: kubeconfig
|
||
mountPath: /config/auth
|
||
readOnly: true
|
||
hostNetwork: {{ .Values.jobDefaults.hostNetwork }}
|
||
{{- with .Values.jobDefaults.nodeSelector }}
|
||
nodeSelector: {{ toYaml . | nindent 8 }}
|
||
{{- end }}
|
||
{{- with .Values.jobDefaults.affinity }}
|
||
affinity: {{ toYaml . | nindent 8 }}
|
||
{{- end }}
|
||
{{- with .Values.jobDefaults.tolerations }}
|
||
tolerations: {{ toYaml . | nindent 8 }}
|
||
{{- end }}
|
||
volumes:
|
||
- name: kubeconfig
|
||
emptyDir: {}
|
||
{{- end }}
|