Browse Source

Merge "add post-upgrade hook and deletion policy to readonly SA token secret"

Zuul 2 months ago
parent
commit
64bf5981a1
1 changed files with 11 additions and 1 deletions
  1. 11
    1
      sonobuoy/templates/serviceaccount-readonly.yaml

+ 11
- 1
sonobuoy/templates/serviceaccount-readonly.yaml View File

@@ -102,7 +102,17 @@ metadata:
102 102
     before creating a secret token for it. By default helm deploys secrets
103 103
     before ServiceAccounts which causes this secret to not exist since the
104 104
     ServiceAccount is missing.
105
+    post-upgrade hook is required when upgrading from a previous version of
106
+    this chart that did not have this secret.
105 107
     */}}
106
-    "helm.sh/hook": "post-install"
108
+    "helm.sh/hook": "post-install,post-upgrade"
109
+    {{/*
110
+    before--hook-creation hook is required for sequential upgrades. Tiller
111
+    does not keep track of resources installed via post-{install,upgrade} hooks,
112
+    this causes an "Already exists" error when upgrading without this hook. With
113
+    this hook, this secret will be deleted before upgrading, which will then install
114
+    this resource.
115
+    */}}
116
+    "helm.sh/hook-delete-policy": "before-hook-creation"
107 117
 ---
108 118
 {{- end }}

Loading…
Cancel
Save