helm/korifi/kpack-image-builder/pre-delete-builderinfo.yaml
apiVersion: batch/v1
kind: Job
metadata:
annotations:
"helm.sh/hook": pre-delete
"helm.sh/hook-weight": "0"
"helm.sh/hook-delete-policy": hook-succeeded,before-hook-creation
labels:
app.kubernetes.io/managed-by: {{ .Release.Service | quote }}
app.kubernetes.io/instance: {{ .Release.Name | quote }}
app.kubernetes.io/version: {{ .Chart.AppVersion }}
helm.sh/chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
name: delete-builderinfo
namespace: {{ .Release.Namespace }}
spec:
template:
metadata:
name: delete-builderinfo
labels:
app.kubernetes.io/managed-by: {{ .Release.Service | quote }}
app.kubernetes.io/instance: {{ .Release.Name | quote }}
helm.sh/chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
spec:
serviceAccountName: delete-builderinfo-service-account
restartPolicy: Never
{{- include "korifi.podSecurityContext" . | indent 6 }}
containers:
- name: pre-delete-builderinfo
image: {{ .Values.helm.hooksImage }}
securityContext:
allowPrivilegeEscalation: false
runAsNonRoot: true
runAsUser: 1000
capabilities:
drop:
- ALL
seccompProfile:
type: RuntimeDefault
command:
- sh
- -c
- |
if kubectl get crd builderinfos.korifi.cloudfoundry.org; then
kubectl -n {{ .Values.rootNamespace }} delete builderinfo kpack-image-builder --ignore-not-found
fi
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: delete-builderinfo-service-account
namespace: {{ .Release.Namespace }}
annotations:
helm.sh/hook: pre-delete
helm.sh/hook-delete-policy: before-hook-creation
helm.sh/hook-weight: "-10"
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: delete-builderinfo-role
annotations:
helm.sh/hook: pre-delete
helm.sh/hook-delete-policy: before-hook-creation
helm.sh/hook-weight: "-10"
rules:
- apiGroups:
- "apiextensions.k8s.io"
resources:
- customresourcedefinitions
verbs:
- get
- apiGroups:
- "korifi.cloudfoundry.org"
resources:
- builderinfos
verbs:
- get
- list
- delete
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: delete-builderinfo-role-binding
annotations:
helm.sh/hook: pre-delete
helm.sh/hook-delete-policy: before-hook-creation
helm.sh/hook-weight: "-5"
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: delete-builderinfo-role
subjects:
- kind: ServiceAccount
name: delete-builderinfo-service-account
namespace: {{ .Release.Namespace }}