add post-upgrade hook and deletion policy to readonly SA token secret

Before, the secret was not getting installed when upgrading from a
previous version of this chart without the secret. On clean install it
was working.

Now, with the addition of the post-upgrade hook this chart will install
the secret correctly when upgrading from a previous version without this
secret.

The deletion policy is required for sequential upgrades. Tiller
does not keep track of resources installed via post-{install,upgrade}
hooks, this causes an "Already exists" error when upgrading without this
hook. With this hook, the secret will be deleted before upgrading,
which will then install this resource.


Change-Id: Ia3af5af8bcf28cae3ad31f427068a025a5a4c7fd
This commit is contained in:
Dustin Specker 2019-01-25 14:17:03 -06:00
parent 1765e62acb
commit df0aec7976
1 changed files with 11 additions and 1 deletions

View File

@ -102,7 +102,17 @@ metadata:
before creating a secret token for it. By default helm deploys secrets
before ServiceAccounts which causes this secret to not exist since the
ServiceAccount is missing.
post-upgrade hook is required when upgrading from a previous version of
this chart that did not have this secret.
*/}}
"helm.sh/hook": "post-install"
"helm.sh/hook": "post-install,post-upgrade"
{{/*
before--hook-creation hook is required for sequential upgrades. Tiller
does not keep track of resources installed via post-{install,upgrade} hooks,
this causes an "Already exists" error when upgrading without this hook. With
this hook, this secret will be deleted before upgrading, which will then install
this resource.
*/}}
"helm.sh/hook-delete-policy": "before-hook-creation"
---
{{- end }}