helm/korifi/kpack-image-builder/pre-delete-builderinfo.yaml from cloudfoundry/cf-k8s-controllers

helm/korifi/kpack-image-builder/pre-delete-builderinfo.yaml
Summary

Maintainability

Test Coverage

Issues
apiVersion: batch/v1
kind: Job
metadata:
  annotations:
    "helm.sh/hook": pre-delete
    "helm.sh/hook-weight": "0"
    "helm.sh/hook-delete-policy": hook-succeeded,before-hook-creation
  labels:
    app.kubernetes.io/managed-by: {{ .Release.Service | quote }}
    app.kubernetes.io/instance: {{ .Release.Name | quote }}
    app.kubernetes.io/version: {{ .Chart.AppVersion }}
    helm.sh/chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
  name: delete-builderinfo
  namespace: {{ .Release.Namespace }}
spec:
  template:
    metadata:
      name: delete-builderinfo
      labels:
        app.kubernetes.io/managed-by: {{ .Release.Service | quote }}
        app.kubernetes.io/instance: {{ .Release.Name | quote }}
        helm.sh/chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
    spec:
      serviceAccountName: delete-builderinfo-service-account
      restartPolicy: Never
      {{- include "korifi.podSecurityContext" . | indent 6 }}
      containers:
      - name: pre-delete-builderinfo
        image: {{ .Values.helm.hooksImage }}
        securityContext:
          allowPrivilegeEscalation: false
          runAsNonRoot: true
          runAsUser: 1000
          capabilities:
            drop:
            - ALL
          seccompProfile:
            type: RuntimeDefault
        command:
        - sh
        - -c
        - |
          if kubectl get crd builderinfos.korifi.cloudfoundry.org; then
            kubectl -n {{ .Values.rootNamespace }} delete builderinfo kpack-image-builder --ignore-not-found
          fi

---
apiVersion: v1
kind: ServiceAccount
metadata:
  name: delete-builderinfo-service-account
  namespace: {{ .Release.Namespace }}
  annotations:
    helm.sh/hook: pre-delete
    helm.sh/hook-delete-policy: before-hook-creation
    helm.sh/hook-weight: "-10"

---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
  name: delete-builderinfo-role
  annotations:
    helm.sh/hook: pre-delete
    helm.sh/hook-delete-policy: before-hook-creation
    helm.sh/hook-weight: "-10"
rules:
- apiGroups:
  - "apiextensions.k8s.io"
  resources:
  - customresourcedefinitions
  verbs:
  - get
- apiGroups:
  - "korifi.cloudfoundry.org"
  resources:
  - builderinfos
  verbs:
  - get
  - list
  - delete

---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: delete-builderinfo-role-binding
  annotations:
    helm.sh/hook: pre-delete
    helm.sh/hook-delete-policy: before-hook-creation
    helm.sh/hook-weight: "-5"
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: delete-builderinfo-role
subjects:
- kind: ServiceAccount
  name: delete-builderinfo-service-account
  namespace: {{ .Release.Namespace }}