From b7d5bd1c851e51d4e62f9b15f310e86a56d60d30 Mon Sep 17 00:00:00 2001 From: Pierre Bastianelli Date: Thu, 15 Feb 2024 13:37:16 -0800 Subject: [PATCH] chore: using hook weights to sequence terraform resources for pre-upgrade job --- .../templates/terraform/terraform-apply.yaml | 3 ++- .../templates/terraform/terraform-modules.yaml | 1 - .../terraform/terraform-role-binding.yaml | 8 ++++---- .../templates/terraform/terraform-role.yaml | 18 ++++++++++++++---- .../terraform/terraform-service-account.yaml | 2 +- 5 files changed, 21 insertions(+), 11 deletions(-) diff --git a/chart/cas-cif/templates/terraform/terraform-apply.yaml b/chart/cas-cif/templates/terraform/terraform-apply.yaml index 13e297c2a4..dce35d35ea 100644 --- a/chart/cas-cif/templates/terraform/terraform-apply.yaml +++ b/chart/cas-cif/templates/terraform/terraform-apply.yaml @@ -4,9 +4,10 @@ metadata: name: terraform-apply labels: component: backend - namespace: {{ .Release.Namespace }} annotations: "helm.sh/hook": pre-install, pre-upgrade + "helm.sh/hook-weight": "5" + "helm.sh/hook-delete-policy": before-hook-creation spec: backoffLimit: 0 activeDeadlineSeconds: 900 diff --git a/chart/cas-cif/templates/terraform/terraform-modules.yaml b/chart/cas-cif/templates/terraform/terraform-modules.yaml index 90346a7ad1..f343aeb44d 100644 --- a/chart/cas-cif/templates/terraform/terraform-modules.yaml +++ b/chart/cas-cif/templates/terraform/terraform-modules.yaml @@ -2,7 +2,6 @@ apiVersion: v1 kind: ConfigMap metadata: name: terraform-modules - namespace: {{ .Release.Namespace }} # Because terraform-apply.yaml is pre-install, pre-upgrade, this configmap needs to be in place before it annotations: "helm.sh/hook": pre-install, pre-upgrade diff --git a/chart/cas-cif/templates/terraform/terraform-role-binding.yaml b/chart/cas-cif/templates/terraform/terraform-role-binding.yaml index 72d7a25d64..ecd60a354e 100644 --- a/chart/cas-cif/templates/terraform/terraform-role-binding.yaml +++ b/chart/cas-cif/templates/terraform/terraform-role-binding.yaml @@ -2,14 +2,14 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: name: "terraform-kubernetes-service-account-secret-admin-binding" - namespace: {{ .Release.Namespace }} annotations: "helm.sh/hook": pre-install, pre-upgrade + "helm.sh/hook-weight": "-5" roleRef: apiGroup: rbac.authorization.k8s.io kind: Role name: "terraform-secret-admin" subjects: -- kind: ServiceAccount - name: "terraform-kubernetes-service-account" - namespace: {{ .Release.Namespace }} + - kind: ServiceAccount + name: "terraform-kubernetes-service-account" + namespace: {{ .Release.Namespace }} diff --git a/chart/cas-cif/templates/terraform/terraform-role.yaml b/chart/cas-cif/templates/terraform/terraform-role.yaml index 893ae97477..2410006e13 100644 --- a/chart/cas-cif/templates/terraform/terraform-role.yaml +++ b/chart/cas-cif/templates/terraform/terraform-role.yaml @@ -2,10 +2,20 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: name: "terraform-secret-admin" - namespace: {{ .Release.Namespace }} annotations: "helm.sh/hook": pre-install, pre-upgrade + "helm.sh/hook-weight": "-10" rules: -- apiGroups: [""] - resources: ["secrets"] - verbs: ["create", "delete", "deletecollection", "get", "list", "patch", "update", "watch"] + - apiGroups: [""] + resources: ["secrets"] + verbs: + [ + "create", + "delete", + "deletecollection", + "get", + "list", + "patch", + "update", + "watch", + ] diff --git a/chart/cas-cif/templates/terraform/terraform-service-account.yaml b/chart/cas-cif/templates/terraform/terraform-service-account.yaml index 915965401f..d7ee980faa 100644 --- a/chart/cas-cif/templates/terraform/terraform-service-account.yaml +++ b/chart/cas-cif/templates/terraform/terraform-service-account.yaml @@ -2,6 +2,6 @@ apiVersion: v1 kind: ServiceAccount metadata: name: "terraform-kubernetes-service-account" - namespace: {{ .Release.Namespace }} annotations: "helm.sh/hook": pre-install, pre-upgrade + "helm.sh/hook-weight": "-10"