feat(common): add improved handling of CRD updates (#250)

* feat(common): add improved handling of CRD updates

* actaullyadd the code

* fix
This commit is contained in:
Kjeld Schouten-Lebbing
2022-10-10 17:59:08 +02:00
committed by GitHub
parent 5ddbbbc030
commit f41b562cee
4 changed files with 96 additions and 2 deletions

View File

@@ -15,4 +15,4 @@ maintainers:
name: common
sources: null
type: library
version: 10.6.12
version: 10.7.0

View File

@@ -0,0 +1,86 @@
{{- define "tc.common.lib.util.crd.update" -}}
{{- $fullName := include "tc.common.names.fullname" . -}}
{{- if .Values.updateCRD }}
---
apiVersion: v1
kind: ConfigMap
metadata:
namespace: {{ .Release.Namespace }}
name: {{ $fullName }}-crds
annotations:
"helm.sh/hook": pre-install, pre-upgrade
"helm.sh/hook-weight": "-5"
"helm.sh/hook-delete-policy": hook-succeeded,before-hook-creation
data:
{{- range $path, $bytes := .Files.Glob "crds/*.yaml" }}
{{ $path | trimPrefix "crds/" }}: {{ $.Files.Get $path | quote }}
{{- end }}
---
apiVersion: batch/v1
kind: Job
metadata:
namespace: {{ .Release.Namespace }}
name: {{ $fullName }}-crds
annotations:
"helm.sh/hook": pre-install, pre-upgrade
"helm.sh/hook-weight": "-4"
"helm.sh/hook-delete-policy": hook-succeeded,before-hook-creation
spec:
template:
spec:
serviceAccountName: {{ $fullName }}-crds
containers:
- name: {{ $fullName }}-crds
image: {{ .Values.kubectlImage }}
volumeMounts:
- name: crds
mountPath: /etc/crds
readOnly: true
command: ["kubectl", "apply", "-f", "/etc/crds"]
volumes:
- name: {{ $fullName }}-crds
configMap:
name: {{ $fullName }}-crds
restartPolicy: OnFailure
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: {{ $fullName }}-crds
annotations:
"helm.sh/hook": pre-install, pre-upgrade
"helm.sh/hook-weight": "-5"
"helm.sh/hook-delete-policy": hook-succeeded,before-hook-creation
rules:
- apiGroups: ["apiextensions.k8s.io"]
resources: ["customresourcedefinitions"]
verbs: ["create", "get", "list", "watch", "patch"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: {{ $fullName }}-crds
annotations:
"helm.sh/hook": pre-install, pre-upgrade
"helm.sh/hook-weight": "-5"
"helm.sh/hook-delete-policy": hook-succeeded,before-hook-creation
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: {{ $fullName }}-crds
subjects:
- kind: ServiceAccount
name: {{ $fullName }}-crds
namespace: {{ .Release.Namespace }}
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: {{ $fullName }}-crds
namespace: {{ .Release.Namespace }}
annotations:
"helm.sh/hook": pre-install, pre-upgrade
"helm.sh/hook-weight": "-5"
"helm.sh/hook-delete-policy": hook-succeeded,before-hook-creation
{{- end }}
{{- end -}}

View File

@@ -59,4 +59,6 @@ Secondary entrypoint and primary loader for the common chart
{{ include "tc.common.scale.portal" . | nindent 0 }}
{{ include "tc.common.spawner.networkpolicy" . | nindent 0 }}
{{ include "tc.common.lib.util.crd.update" . | nindent 0 }}
{{- end -}}

View File

@@ -132,7 +132,6 @@ image:
# -- Image Selector allows for easy picking a different image dict, important for the SCALE GUI
imageSelector: "image"
# -- Override the command(s) for the default container
command: []
@@ -143,6 +142,13 @@ args: []
# Primarily for the SCALE GUI
extraArgs: []
# -- update the CRD's on helm update
# This does NOT include CRD's of dependencies.
# enabled by default for optimal performance on TrueNAS SCALE
# DEVNOTE: Also slightly alteres the install logic in a non breaking way
# DEVNOTE 2: Disabled for now so we can test on a limited number of charts initially
updateCRD: false
# -- Set Container Timezone
TZ: UTC