chore: using hook weights to sequence terraform resources for pre-upg…

…rade job
bcgov · Feb 15, 2024 · b7d5bd1 · b7d5bd1
1 parent cbdfee4
commit b7d5bd1
Show file tree

Hide file tree

Showing 5 changed files with 21 additions and 11 deletions.
diff --git a/chart/cas-cif/templates/terraform/terraform-apply.yaml b/chart/cas-cif/templates/terraform/terraform-apply.yaml
@@ -4,9 +4,10 @@ metadata:
   name: terraform-apply
   labels:
     component: backend
-  namespace: {{ .Release.Namespace }}
   annotations:
     "helm.sh/hook": pre-install, pre-upgrade
+    "helm.sh/hook-weight": "5"
+    "helm.sh/hook-delete-policy": before-hook-creation
 spec:
   backoffLimit: 0
   activeDeadlineSeconds: 900

diff --git a/chart/cas-cif/templates/terraform/terraform-modules.yaml b/chart/cas-cif/templates/terraform/terraform-modules.yaml
@@ -2,7 +2,6 @@ apiVersion: v1
 kind: ConfigMap
 metadata:
   name: terraform-modules
-  namespace: {{ .Release.Namespace }}
   # Because terraform-apply.yaml is pre-install, pre-upgrade, this configmap needs to be in place before it
   annotations:
     "helm.sh/hook": pre-install, pre-upgrade

diff --git a/chart/cas-cif/templates/terraform/terraform-role-binding.yaml b/chart/cas-cif/templates/terraform/terraform-role-binding.yaml
@@ -2,14 +2,14 @@ apiVersion: rbac.authorization.k8s.io/v1
 kind: RoleBinding
 metadata:
   name: "terraform-kubernetes-service-account-secret-admin-binding"
-  namespace: {{ .Release.Namespace }}
   annotations:
     "helm.sh/hook": pre-install, pre-upgrade
+    "helm.sh/hook-weight": "-5"
 roleRef:
   apiGroup: rbac.authorization.k8s.io
   kind: Role
   name: "terraform-secret-admin"
 subjects:
-- kind: ServiceAccount
-  name: "terraform-kubernetes-service-account"
-  namespace: {{ .Release.Namespace }}
+  - kind: ServiceAccount
+    name: "terraform-kubernetes-service-account"
+    namespace: {{ .Release.Namespace }}
diff --git a/chart/cas-cif/templates/terraform/terraform-role.yaml b/chart/cas-cif/templates/terraform/terraform-role.yaml
@@ -2,10 +2,20 @@ apiVersion: rbac.authorization.k8s.io/v1
 kind: Role
 metadata:
   name: "terraform-secret-admin"
-  namespace: {{ .Release.Namespace }}
   annotations:
     "helm.sh/hook": pre-install, pre-upgrade
+    "helm.sh/hook-weight": "-10"
 rules:
-- apiGroups: [""]
-  resources: ["secrets"]
-  verbs: ["create", "delete", "deletecollection", "get", "list", "patch", "update", "watch"]
+  - apiGroups: [""]
+    resources: ["secrets"]
+    verbs:
+      [
+        "create",
+        "delete",
+        "deletecollection",
+        "get",
+        "list",
+        "patch",
+        "update",
+        "watch",
+      ]
diff --git a/chart/cas-cif/templates/terraform/terraform-service-account.yaml b/chart/cas-cif/templates/terraform/terraform-service-account.yaml
@@ -2,6 +2,6 @@ apiVersion: v1
 kind: ServiceAccount
 metadata:
   name: "terraform-kubernetes-service-account"
-  namespace: {{ .Release.Namespace }}
   annotations:
     "helm.sh/hook": pre-install, pre-upgrade
+    "helm.sh/hook-weight": "-10"