diff --git a/apis/installer/v1alpha1/kubedb_crd_manager_types.go b/apis/installer/v1alpha1/kubedb_crd_manager_types.go
index 86e03b4cd..c6d7c4702 100644
--- a/apis/installer/v1alpha1/kubedb_crd_manager_types.go
+++ b/apis/installer/v1alpha1/kubedb_crd_manager_types.go
@@ -51,6 +51,7 @@ type KubedbCrdManagerSpec struct {
//+optional
RegistryFQDN string `json:"registryFQDN"`
Image ImageRef `json:"image"`
+ Cleaner ImageRef `json:"cleaner"`
ImagePullPolicy string `json:"imagePullPolicy"`
//+optional
ImagePullSecrets []string `json:"imagePullSecrets"`
@@ -71,9 +72,10 @@ type KubedbCrdManagerSpec struct {
Tolerations []core.Toleration `json:"tolerations"`
// If specified, the pod's scheduling constraints
// +optional
- Affinity *core.Affinity `json:"affinity"`
- ServiceAccount ServiceAccountSpec `json:"serviceAccount"`
- FeatureGates map[string]bool `json:"featureGates"`
+ Affinity *core.Affinity `json:"affinity"`
+ ServiceAccount ServiceAccountSpec `json:"serviceAccount"`
+ FeatureGates map[string]bool `json:"featureGates"`
+ RemoveUnusedCRDs bool `json:"removeUnusedCRDs"`
}
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
diff --git a/apis/installer/v1alpha1/zz_generated.deepcopy.go b/apis/installer/v1alpha1/zz_generated.deepcopy.go
index a05fa494f..244979b52 100644
--- a/apis/installer/v1alpha1/zz_generated.deepcopy.go
+++ b/apis/installer/v1alpha1/zz_generated.deepcopy.go
@@ -648,6 +648,7 @@ func (in *KubedbCrdManagerList) DeepCopyObject() runtime.Object {
func (in *KubedbCrdManagerSpec) DeepCopyInto(out *KubedbCrdManagerSpec) {
*out = *in
out.Image = in.Image
+ out.Cleaner = in.Cleaner
if in.ImagePullSecrets != nil {
in, out := &in.ImagePullSecrets, &out.ImagePullSecrets
*out = make([]string, len(*in))
diff --git a/charts/kubedb-crd-manager/README.md b/charts/kubedb-crd-manager/README.md
index 8705473d1..e901aa71f 100644
--- a/charts/kubedb-crd-manager/README.md
+++ b/charts/kubedb-crd-manager/README.md
@@ -51,6 +51,9 @@ The following table lists the configurable parameters of the `kubedb-crd-manager
| image.registry | Docker registry used to pull app container image | kubedb |
| image.repository | App container image | kubedb-crd-manager |
| image.tag | Overrides the image tag whose default is the chart appVersion. | "" |
+| cleaner.registry | Docker registry used to pull Webhook cleaner image | appscode |
+| cleaner.repository | Webhook cleaner container image | kubectl-nonroot |
+| cleaner.tag | Webhook cleaner container image tag | v1.25 |
| imagePullSecrets | Specify an array of imagePullSecrets. Secrets must be manually created in the namespace.
Example:
`helm template charts/kubedb-ops-manager \`
`--set imagePullSecrets[0].name=sec0 \`
`--set imagePullSecrets[1].name=sec1` | [] |
| imagePullPolicy | Container image pull policy | IfNotPresent |
| nameOverride | | "" |
@@ -84,6 +87,7 @@ The following table lists the configurable parameters of the `kubedb-crd-manager
| featureGates.Singlestore | | false |
| featureGates.Solr | | false |
| featureGates.ZooKeeper | | false |
+| removeUnusedCRDs | | false |
Specify each parameter using the `--set key=value[,key=value]` argument to `helm upgrade -i`. For example:
diff --git a/charts/kubedb-crd-manager/templates/_helpers.tpl b/charts/kubedb-crd-manager/templates/_helpers.tpl
index c57241380..9ec706683 100644
--- a/charts/kubedb-crd-manager/templates/_helpers.tpl
+++ b/charts/kubedb-crd-manager/templates/_helpers.tpl
@@ -87,6 +87,13 @@ Returns the registry used for image docker image
{{- list .Values.registryFQDN .Values.image.registry | compact | join "/" }}
{{- end }}
+{{/*
+Returns the registry used for cleaner docker image
+*/}}
+{{- define "cleaner.registry" -}}
+{{- list .Values.registryFQDN .Values.cleaner.registry | compact | join "/" }}
+{{- end }}
+
{{- define "docker.imagePullSecrets" -}}
{{- with .Values.imagePullSecrets -}}
imagePullSecrets:
diff --git a/charts/kubedb-crd-manager/templates/cluster-role-binding.yaml b/charts/kubedb-crd-manager/templates/cluster-role-binding.yaml
index f20420ff3..64bd5aba9 100644
--- a/charts/kubedb-crd-manager/templates/cluster-role-binding.yaml
+++ b/charts/kubedb-crd-manager/templates/cluster-role-binding.yaml
@@ -4,6 +4,10 @@ metadata:
name: {{ include "kubedb-crd-manager.fullname" . }}
labels:
{{- include "kubedb-crd-manager.labels" . | nindent 4 }}
+ annotations:
+ "helm.sh/hook-weight": "2"
+ "helm.sh/hook": pre-install,pre-upgrade,pre-rollback
+ "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded,hook-failed
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
diff --git a/charts/kubedb-crd-manager/templates/cluster-role.yaml b/charts/kubedb-crd-manager/templates/cluster-role.yaml
index f838c9a27..15e072226 100644
--- a/charts/kubedb-crd-manager/templates/cluster-role.yaml
+++ b/charts/kubedb-crd-manager/templates/cluster-role.yaml
@@ -4,6 +4,10 @@ metadata:
name: {{ include "kubedb-crd-manager.fullname" . }}
labels:
{{- include "kubedb-crd-manager.labels" . | nindent 4 }}
+ annotations:
+ "helm.sh/hook-weight": "1"
+ "helm.sh/hook": pre-install,pre-upgrade,pre-rollback
+ "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded,hook-failed
rules:
- apiGroups:
- apiextensions.k8s.io
diff --git a/charts/kubedb-crd-manager/templates/job.yaml b/charts/kubedb-crd-manager/templates/job.yaml
index 0ab522e77..4b5763197 100644
--- a/charts/kubedb-crd-manager/templates/job.yaml
+++ b/charts/kubedb-crd-manager/templates/job.yaml
@@ -10,6 +10,10 @@ metadata:
namespace: {{ .Release.Namespace }}
labels:
{{- include "kubedb-crd-manager.labels" . | nindent 4 }}
+ annotations:
+ "helm.sh/hook-weight": "3"
+ "helm.sh/hook": pre-install,pre-upgrade,pre-rollback
+ "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded,hook-failed
spec:
backoffLimit: 3
ttlSecondsAfterFinished: 300
@@ -24,7 +28,7 @@ spec:
securityContext:
{{- toYaml .Values.podSecurityContext | nindent 8 }}
serviceAccountName: {{ include "kubedb-crd-manager.serviceAccountName" . }}
- containers:
+ initContainers:
- name: {{ .Chart.Name }}
securityContext:
{{- toYaml .Values.securityContext | nindent 12 }}
@@ -38,6 +42,21 @@ spec:
{{- end }}
resources:
{{- toYaml .Values.resources | nindent 12 }}
+ containers:
+ - name: checker
+ securityContext:
+ {{- toYaml .Values.securityContext | nindent 12 }}
+ image: "{{ include "cleaner.registry" . }}/{{ .Values.cleaner.repository }}:{{ .Values.cleaner.tag }}"
+ imagePullPolicy: {{ .Values.imagePullPolicy }}
+ args:
+ - sh
+ - -c
+ - |
+ sleep 2; \
+ kubectl wait --for=condition=Established crds -l app.kubernetes.io/name=kubedb --timeout=5m; \
+ kubectl wait --for=condition=NamesAccepted crds -l app.kubernetes.io/name=kubedb --timeout=5m
+ resources:
+ {{- toYaml .Values.resources | nindent 12 }}
{{- with .Values.nodeSelector }}
nodeSelector:
{{- toYaml . | nindent 8 }}
diff --git a/charts/kubedb-crd-manager/templates/serviceaccount.yaml b/charts/kubedb-crd-manager/templates/serviceaccount.yaml
index 97e57066f..5ff1b3f5c 100644
--- a/charts/kubedb-crd-manager/templates/serviceaccount.yaml
+++ b/charts/kubedb-crd-manager/templates/serviceaccount.yaml
@@ -5,8 +5,11 @@ metadata:
name: {{ include "kubedb-crd-manager.serviceAccountName" . }}
labels:
{{- include "kubedb-crd-manager.labels" . | nindent 4 }}
- {{- with .Values.serviceAccount.annotations }}
annotations:
+ "helm.sh/hook-weight": "0"
+ "helm.sh/hook": pre-install,pre-upgrade,pre-rollback
+ "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded,hook-failed
+ {{- with .Values.serviceAccount.annotations }}
{{- toYaml . | nindent 4 }}
{{- end }}
automountServiceAccountToken: {{ .Values.serviceAccount.automount }}
diff --git a/charts/kubedb-crd-manager/values.openapiv3_schema.yaml b/charts/kubedb-crd-manager/values.openapiv3_schema.yaml
index 9e885e670..99a7fa9e2 100644
--- a/charts/kubedb-crd-manager/values.openapiv3_schema.yaml
+++ b/charts/kubedb-crd-manager/values.openapiv3_schema.yaml
@@ -884,6 +884,19 @@ properties:
type: array
type: object
type: object
+ cleaner:
+ properties:
+ registry:
+ type: string
+ repository:
+ type: string
+ tag:
+ type: string
+ required:
+ - registry
+ - repository
+ - tag
+ type: object
featureGates:
additionalProperties:
type: boolean
@@ -1072,6 +1085,8 @@ properties:
type: object
registryFQDN:
type: string
+ removeUnusedCRDs:
+ type: boolean
resources:
description: ResourceRequirements describes the compute resource requirements.
properties:
@@ -1312,8 +1327,10 @@ properties:
type: object
type: array
required:
+- cleaner
- featureGates
- image
- imagePullPolicy
+- removeUnusedCRDs
- serviceAccount
type: object
diff --git a/charts/kubedb-crd-manager/values.yaml b/charts/kubedb-crd-manager/values.yaml
index a50964b73..713177e25 100644
--- a/charts/kubedb-crd-manager/values.yaml
+++ b/charts/kubedb-crd-manager/values.yaml
@@ -10,6 +10,13 @@ image:
repository: kubedb-crd-manager
# Overrides the image tag whose default is the chart appVersion.
tag: ""
+cleaner:
+ # Docker registry used to pull Webhook cleaner image
+ registry: appscode
+ # Webhook cleaner container image
+ repository: kubectl-nonroot
+ # Webhook cleaner container image tag
+ tag: v1.25
# Specify an array of imagePullSecrets.
# Secrets must be manually created in the namespace.
@@ -88,3 +95,5 @@ featureGates:
Singlestore: false
Solr: false
ZooKeeper: false
+
+removeUnusedCRDs: false
diff --git a/charts/kubedb/templates/_helpers.tpl b/charts/kubedb/templates/_helpers.tpl
index 316edc6ac..15913a557 100644
--- a/charts/kubedb/templates/_helpers.tpl
+++ b/charts/kubedb/templates/_helpers.tpl
@@ -95,6 +95,13 @@ Returns the registry used for webhook server docker image
{{- list (default .Values.registryFQDN .Values.global.registryFQDN) (default .Values.server.registry .Values.global.registry) | compact | join "/" }}
{{- end }}
+{{/*
+Returns the registry used for cleaner docker image
+*/}}
+{{- define "cleaner.registry" -}}
+{{- list (default .Values.registryFQDN .Values.global.registryFQDN) (default .Values.cleaner.registry .Values.global.registry) | compact | join "/" }}
+{{- end }}
+
{{/*
Returns the appscode image pull secrets
*/}}
diff --git a/charts/kubedb/values.openapiv3_schema.yaml b/charts/kubedb/values.openapiv3_schema.yaml
index 02ffb5063..e967baf1c 100644
--- a/charts/kubedb/values.openapiv3_schema.yaml
+++ b/charts/kubedb/values.openapiv3_schema.yaml
@@ -2584,6 +2584,19 @@ properties:
type: array
type: object
type: object
+ cleaner:
+ properties:
+ registry:
+ type: string
+ repository:
+ type: string
+ tag:
+ type: string
+ required:
+ - registry
+ - repository
+ - tag
+ type: object
enabled:
type: boolean
featureGates:
@@ -2779,6 +2792,8 @@ properties:
type: object
registryFQDN:
type: string
+ removeUnusedCRDs:
+ type: boolean
resources:
description: ResourceRequirements describes the compute resource requirements.
properties:
@@ -3025,10 +3040,12 @@ properties:
type: object
type: array
required:
+ - cleaner
- enabled
- featureGates
- image
- imagePullPolicy
+ - removeUnusedCRDs
- serviceAccount
type: object
kubedb-kubestash-catalog: