diff --git a/dist/chart/templates/certmanager/certificate.yaml b/dist/chart/templates/certmanager/certificate.yaml index 33d2f249..59139f4b 100644 --- a/dist/chart/templates/certmanager/certificate.yaml +++ b/dist/chart/templates/certmanager/certificate.yaml @@ -3,6 +3,10 @@ apiVersion: cert-manager.io/v1 kind: Issuer metadata: +{{- if .Values.resourcePolicy.keep }} + annotations: + helm.sh/resource-policy: keep +{{- end }} labels: {{- include "chart.labels" . | nindent 4 }} name: selfsigned-issuer @@ -15,10 +19,10 @@ spec: apiVersion: cert-manager.io/v1 kind: Certificate metadata: +{{- if .Values.resourcePolicy.keep }} annotations: - {{- if .Values.crd.keep }} - "helm.sh/resource-policy": keep - {{- end }} + helm.sh/resource-policy: keep +{{- end }} name: serving-cert namespace: {{ .Release.Namespace }} labels: @@ -39,10 +43,10 @@ spec: apiVersion: cert-manager.io/v1 kind: Certificate metadata: +{{- if .Values.resourcePolicy.keep }} annotations: - {{- if .Values.crd.keep }} - "helm.sh/resource-policy": keep - {{- end }} + helm.sh/resource-policy: keep +{{- end }} labels: {{- include "chart.labels" . | nindent 4 }} name: metrics-certs diff --git a/dist/chart/templates/manager/manager.yaml b/dist/chart/templates/manager/manager.yaml index 6a937c06..e25a740f 100644 --- a/dist/chart/templates/manager/manager.yaml +++ b/dist/chart/templates/manager/manager.yaml @@ -3,6 +3,10 @@ kind: Deployment metadata: name: team-operator-controller-manager namespace: {{ .Release.Namespace }} +{{- if .Values.resourcePolicy.keep }} + annotations: + helm.sh/resource-policy: keep +{{- end }} labels: {{- include "chart.labels" . | nindent 4 }} control-plane: controller-manager diff --git a/dist/chart/templates/metrics/metrics-service.yaml b/dist/chart/templates/metrics/metrics-service.yaml index 88b9d0bc..09bba95d 100644 --- a/dist/chart/templates/metrics/metrics-service.yaml +++ b/dist/chart/templates/metrics/metrics-service.yaml @@ -4,6 +4,10 @@ kind: Service metadata: name: team-operator-controller-manager-metrics-service namespace: {{ .Release.Namespace }} +{{- if .Values.resourcePolicy.keep }} + annotations: + helm.sh/resource-policy: keep +{{- end }} labels: {{- include "chart.labels" . | nindent 4 }} spec: diff --git a/dist/chart/templates/prometheus/monitor.yaml b/dist/chart/templates/prometheus/monitor.yaml index 6f305fea..b5f335d8 100644 --- a/dist/chart/templates/prometheus/monitor.yaml +++ b/dist/chart/templates/prometheus/monitor.yaml @@ -3,6 +3,10 @@ apiVersion: monitoring.coreos.com/v1 kind: ServiceMonitor metadata: +{{- if .Values.resourcePolicy.keep }} + annotations: + helm.sh/resource-policy: keep +{{- end }} labels: {{- include "chart.labels" . | nindent 4 }} name: team-operator-controller-manager-metrics-monitor diff --git a/dist/chart/templates/rbac/auth_proxy_client_clusterrole.yaml b/dist/chart/templates/rbac/auth_proxy_client_clusterrole.yaml index 846ab287..4b883b69 100755 --- a/dist/chart/templates/rbac/auth_proxy_client_clusterrole.yaml +++ b/dist/chart/templates/rbac/auth_proxy_client_clusterrole.yaml @@ -2,6 +2,10 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: +{{- if .Values.resourcePolicy.keep }} + annotations: + helm.sh/resource-policy: keep +{{- end }} labels: {{- include "chart.labels" . | nindent 4 }} name: team-operator-metrics-reader diff --git a/dist/chart/templates/rbac/auth_proxy_role.yaml b/dist/chart/templates/rbac/auth_proxy_role.yaml index 2bb72f41..10cbbd0f 100755 --- a/dist/chart/templates/rbac/auth_proxy_role.yaml +++ b/dist/chart/templates/rbac/auth_proxy_role.yaml @@ -2,6 +2,10 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: +{{- if .Values.resourcePolicy.keep }} + annotations: + helm.sh/resource-policy: keep +{{- end }} labels: {{- include "chart.labels" . | nindent 4 }} name: proxy-role diff --git a/dist/chart/templates/rbac/auth_proxy_role_binding.yaml b/dist/chart/templates/rbac/auth_proxy_role_binding.yaml index 493b38a4..8dbe7108 100755 --- a/dist/chart/templates/rbac/auth_proxy_role_binding.yaml +++ b/dist/chart/templates/rbac/auth_proxy_role_binding.yaml @@ -2,6 +2,10 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: +{{- if .Values.resourcePolicy.keep }} + annotations: + helm.sh/resource-policy: keep +{{- end }} labels: {{- include "chart.labels" . | nindent 4 }} name: proxy-rolebinding diff --git a/dist/chart/templates/rbac/chronicle_editor_role.yaml b/dist/chart/templates/rbac/chronicle_editor_role.yaml index 729633df..48183839 100755 --- a/dist/chart/templates/rbac/chronicle_editor_role.yaml +++ b/dist/chart/templates/rbac/chronicle_editor_role.yaml @@ -3,6 +3,10 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: +{{- if .Values.resourcePolicy.keep }} + annotations: + helm.sh/resource-policy: keep +{{- end }} labels: {{- include "chart.labels" . | nindent 4 }} name: chronicle-editor-role diff --git a/dist/chart/templates/rbac/chronicle_viewer_role.yaml b/dist/chart/templates/rbac/chronicle_viewer_role.yaml index 2a1c9662..3c617f1a 100755 --- a/dist/chart/templates/rbac/chronicle_viewer_role.yaml +++ b/dist/chart/templates/rbac/chronicle_viewer_role.yaml @@ -3,6 +3,10 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: +{{- if .Values.resourcePolicy.keep }} + annotations: + helm.sh/resource-policy: keep +{{- end }} labels: {{- include "chart.labels" . | nindent 4 }} name: chronicle-viewer-role diff --git a/dist/chart/templates/rbac/connect_editor_role.yaml b/dist/chart/templates/rbac/connect_editor_role.yaml index a14ed1ff..eda38524 100755 --- a/dist/chart/templates/rbac/connect_editor_role.yaml +++ b/dist/chart/templates/rbac/connect_editor_role.yaml @@ -3,6 +3,10 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: +{{- if .Values.resourcePolicy.keep }} + annotations: + helm.sh/resource-policy: keep +{{- end }} labels: {{- include "chart.labels" . | nindent 4 }} name: connect-editor-role diff --git a/dist/chart/templates/rbac/connect_viewer_role.yaml b/dist/chart/templates/rbac/connect_viewer_role.yaml index 44390838..619a6616 100755 --- a/dist/chart/templates/rbac/connect_viewer_role.yaml +++ b/dist/chart/templates/rbac/connect_viewer_role.yaml @@ -3,6 +3,10 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: +{{- if .Values.resourcePolicy.keep }} + annotations: + helm.sh/resource-policy: keep +{{- end }} labels: {{- include "chart.labels" . | nindent 4 }} name: connect-viewer-role diff --git a/dist/chart/templates/rbac/leader_election_role.yaml b/dist/chart/templates/rbac/leader_election_role.yaml index 6b780c60..6855dc57 100755 --- a/dist/chart/templates/rbac/leader_election_role.yaml +++ b/dist/chart/templates/rbac/leader_election_role.yaml @@ -3,6 +3,10 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: +{{- if .Values.resourcePolicy.keep }} + annotations: + helm.sh/resource-policy: keep +{{- end }} labels: {{- include "chart.labels" . | nindent 4 }} namespace: {{ .Release.Namespace }} diff --git a/dist/chart/templates/rbac/leader_election_role_binding.yaml b/dist/chart/templates/rbac/leader_election_role_binding.yaml index db74f972..16ce7827 100755 --- a/dist/chart/templates/rbac/leader_election_role_binding.yaml +++ b/dist/chart/templates/rbac/leader_election_role_binding.yaml @@ -2,6 +2,10 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: +{{- if .Values.resourcePolicy.keep }} + annotations: + helm.sh/resource-policy: keep +{{- end }} labels: {{- include "chart.labels" . | nindent 4 }} namespace: {{ .Release.Namespace }} diff --git a/dist/chart/templates/rbac/packagemanager_editor_role.yaml b/dist/chart/templates/rbac/packagemanager_editor_role.yaml index d0883956..5c49ade3 100755 --- a/dist/chart/templates/rbac/packagemanager_editor_role.yaml +++ b/dist/chart/templates/rbac/packagemanager_editor_role.yaml @@ -3,6 +3,10 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: +{{- if .Values.resourcePolicy.keep }} + annotations: + helm.sh/resource-policy: keep +{{- end }} labels: {{- include "chart.labels" . | nindent 4 }} name: packagemanager-editor-role diff --git a/dist/chart/templates/rbac/packagemanager_viewer_role.yaml b/dist/chart/templates/rbac/packagemanager_viewer_role.yaml index 76cabee3..5d8b9b50 100755 --- a/dist/chart/templates/rbac/packagemanager_viewer_role.yaml +++ b/dist/chart/templates/rbac/packagemanager_viewer_role.yaml @@ -3,6 +3,10 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: +{{- if .Values.resourcePolicy.keep }} + annotations: + helm.sh/resource-policy: keep +{{- end }} labels: {{- include "chart.labels" . | nindent 4 }} name: packagemanager-viewer-role diff --git a/dist/chart/templates/rbac/postgresdatabase_editor_role.yaml b/dist/chart/templates/rbac/postgresdatabase_editor_role.yaml index daba7055..23cb0624 100755 --- a/dist/chart/templates/rbac/postgresdatabase_editor_role.yaml +++ b/dist/chart/templates/rbac/postgresdatabase_editor_role.yaml @@ -3,6 +3,10 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: +{{- if .Values.resourcePolicy.keep }} + annotations: + helm.sh/resource-policy: keep +{{- end }} labels: {{- include "chart.labels" . | nindent 4 }} name: postgresdatabase-editor-role diff --git a/dist/chart/templates/rbac/postgresdatabase_viewer_role.yaml b/dist/chart/templates/rbac/postgresdatabase_viewer_role.yaml index fad88dd2..f8eada85 100755 --- a/dist/chart/templates/rbac/postgresdatabase_viewer_role.yaml +++ b/dist/chart/templates/rbac/postgresdatabase_viewer_role.yaml @@ -3,6 +3,10 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: +{{- if .Values.resourcePolicy.keep }} + annotations: + helm.sh/resource-policy: keep +{{- end }} labels: {{- include "chart.labels" . | nindent 4 }} name: postgresdatabase-viewer-role diff --git a/dist/chart/templates/rbac/role.yaml b/dist/chart/templates/rbac/role.yaml index c03a278e..46dfe436 100755 --- a/dist/chart/templates/rbac/role.yaml +++ b/dist/chart/templates/rbac/role.yaml @@ -3,6 +3,10 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: +{{- if .Values.resourcePolicy.keep }} + annotations: + helm.sh/resource-policy: keep +{{- end }} labels: {{- include "chart.labels" . | nindent 4 }} name: team-operator-manager-role @@ -23,6 +27,10 @@ rules: apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: +{{- if .Values.resourcePolicy.keep }} + annotations: + helm.sh/resource-policy: keep +{{- end }} name: team-operator-manager-role namespace: {{ .Values.watchNamespace }} rules: diff --git a/dist/chart/templates/rbac/role_binding.yaml b/dist/chart/templates/rbac/role_binding.yaml index b99f94e0..5445f72f 100755 --- a/dist/chart/templates/rbac/role_binding.yaml +++ b/dist/chart/templates/rbac/role_binding.yaml @@ -3,6 +3,10 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: +{{- if .Values.resourcePolicy.keep }} + annotations: + helm.sh/resource-policy: keep +{{- end }} labels: {{- include "chart.labels" . | nindent 4 }} name: team-operator-manager-rolebinding @@ -18,6 +22,10 @@ subjects: apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: +{{- if .Values.resourcePolicy.keep }} + annotations: + helm.sh/resource-policy: keep +{{- end }} name: team-operator-manager-rolebinding namespace: {{ .Values.watchNamespace }} labels: diff --git a/dist/chart/templates/rbac/service_account.yaml b/dist/chart/templates/rbac/service_account.yaml index 93e0a323..262a34bf 100755 --- a/dist/chart/templates/rbac/service_account.yaml +++ b/dist/chart/templates/rbac/service_account.yaml @@ -4,12 +4,17 @@ kind: ServiceAccount metadata: labels: {{- include "chart.labels" . | nindent 4 }} - {{- if and .Values.controllerManager.serviceAccount .Values.controllerManager.serviceAccount.annotations }} +{{- if or .Values.resourcePolicy.keep (and .Values.controllerManager.serviceAccount .Values.controllerManager.serviceAccount.annotations) }} annotations: + {{- if .Values.resourcePolicy.keep }} + helm.sh/resource-policy: keep + {{- end }} + {{- if and .Values.controllerManager.serviceAccount .Values.controllerManager.serviceAccount.annotations }} {{- range $key, $value := .Values.controllerManager.serviceAccount.annotations }} {{ $key }}: {{ $value }} {{- end }} - {{- end }} + {{- end }} +{{- end }} name: {{ .Values.controllerManager.serviceAccountName }} namespace: {{ .Release.Namespace }} {{- end -}} diff --git a/dist/chart/templates/rbac/site_editor_role.yaml b/dist/chart/templates/rbac/site_editor_role.yaml index bced8acc..15c7b16b 100755 --- a/dist/chart/templates/rbac/site_editor_role.yaml +++ b/dist/chart/templates/rbac/site_editor_role.yaml @@ -3,6 +3,10 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: +{{- if .Values.resourcePolicy.keep }} + annotations: + helm.sh/resource-policy: keep +{{- end }} labels: {{- include "chart.labels" . | nindent 4 }} name: site-editor-role diff --git a/dist/chart/templates/rbac/site_viewer_role.yaml b/dist/chart/templates/rbac/site_viewer_role.yaml index 1edfda7d..230f7bda 100755 --- a/dist/chart/templates/rbac/site_viewer_role.yaml +++ b/dist/chart/templates/rbac/site_viewer_role.yaml @@ -3,6 +3,10 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: +{{- if .Values.resourcePolicy.keep }} + annotations: + helm.sh/resource-policy: keep +{{- end }} labels: {{- include "chart.labels" . | nindent 4 }} name: site-viewer-role diff --git a/dist/chart/templates/rbac/workbench_editor_role.yaml b/dist/chart/templates/rbac/workbench_editor_role.yaml index 0660f901..4dac030e 100755 --- a/dist/chart/templates/rbac/workbench_editor_role.yaml +++ b/dist/chart/templates/rbac/workbench_editor_role.yaml @@ -3,6 +3,10 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: +{{- if .Values.resourcePolicy.keep }} + annotations: + helm.sh/resource-policy: keep +{{- end }} labels: {{- include "chart.labels" . | nindent 4 }} name: workbench-editor-role diff --git a/dist/chart/templates/rbac/workbench_viewer_role.yaml b/dist/chart/templates/rbac/workbench_viewer_role.yaml index 25f8a90c..181609e4 100755 --- a/dist/chart/templates/rbac/workbench_viewer_role.yaml +++ b/dist/chart/templates/rbac/workbench_viewer_role.yaml @@ -3,6 +3,10 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: +{{- if .Values.resourcePolicy.keep }} + annotations: + helm.sh/resource-policy: keep +{{- end }} labels: {{- include "chart.labels" . | nindent 4 }} name: workbench-viewer-role diff --git a/dist/chart/values.yaml b/dist/chart/values.yaml index 3b526c7d..c745ec46 100644 --- a/dist/chart/values.yaml +++ b/dist/chart/values.yaml @@ -81,6 +81,12 @@ crd: # the Helm release is uninstalled. keep: true +# Resource policy for non-CRD resources (Deployment, RBAC, Services, etc.) +# When enabled, adds helm.sh/resource-policy: keep annotation to prevent +# deletion during helm uninstall +resourcePolicy: + keep: true + # [METRICS]: Set to true to generate manifests for exporting metrics. # To disable metrics export set false, and ensure that the # ControllerManager argument "--metrics-bind-address=:8443" is removed.