improving lifecycle and removing shared resources across releases

chart/dapr-shared/templates/_daemondeployshared.yaml

@@ -32,7 +32,7 @@
           image: "{{ .Values.shared.initContainer.image.registry }}/{{ .Values.shared.initContainer.image.name }}:{{ .Values.shared.initContainer.image.tag }}"
           args:
             - init
-            - --config-map={{ .Release.Name }}-cm
+            - --config-map={{ .Release.Name }}-shared-cm
       containers:
         - name: daprd
           securityContext:
@@ -64,17 +64,17 @@
           - name: DAPR_TRUST_ANCHORS
             valueFrom:
               configMapKeyRef:
-                name: {{ .Release.Name }}-cm
+                name: {{ .Release.Name }}-shared-cm
                 key: dapr-trust-anchors
           - name: DAPR_CERT_CHAIN
             valueFrom:
               configMapKeyRef:
-                name: {{ .Release.Name }}-cm
+                name: {{ .Release.Name }}-shared-cm
                 key: dapr-cert-chain
           - name: DAPR_CERT_KEY
             valueFrom:
               configMapKeyRef:
-                name: {{ .Release.Name }}-cm
+                name: {{ .Release.Name }}-shared-cm
                 key: dapr-cert-key
           - name: DAPR_CONTROL_PLANE_NAMESPACE
             value: {{ default "dapr-system" .Values.shared.controlPlane.namespace }}

chart/dapr-shared/templates/_helpers.tpl

@@ -15,13 +15,9 @@ If release name contains chart name it will be used as a full name.
 {{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
 {{- else }}
 {{- $name := default .Chart.Name .Values.nameOverride }}
-{{- if contains $name .Release.Name }}
-{{- .Release.Name | trunc 63 | trimSuffix "-" }}
-{{- else }}
 {{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
 {{- end }}
 {{- end }}
-{{- end }}
 
 {{/*
 Create chart name and version as used by the chart label.

chart/dapr-shared/templates/helmhooks.yaml

@@ -1,22 +1,69 @@
 apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: "cm-remover-{{ .Release.Name }}"
+  namespace: {{ .Release.Namespace }}
+  annotations:
+    "helm.sh/hook-delete-policy": before-hook-creation, hook-succeeded
+    "helm.sh/hook": pre-delete
+    "helm.sh/hook-weight": "-6"
+
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: "cm-remover-{{ .Release.Name }}"
+  namespace: {{ .Release.Namespace }}
+  annotations:
+    "helm.sh/hook-delete-policy": before-hook-creation, hook-succeeded
+    "helm.sh/hook": pre-delete
+    "helm.sh/hook-weight": "-6"
+rules:
+  - apiGroups:
+      - ""
+    resources:
+      - configmaps
+    verbs:
+      - "get"
+      - "delete"
+
+---
+kind: RoleBinding
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: "cm-remover-{{ .Release.Name }}"
+  namespace: {{ .Release.Namespace }}
+  annotations:
+    "helm.sh/hook-delete-policy": before-hook-creation, hook-succeeded
+    "helm.sh/hook": pre-delete
+    "helm.sh/hook-weight": "-5"
+subjects:
+  - kind: ServiceAccount
+    name: "cm-remover-{{ .Release.Name }}"
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: "cm-remover-{{ .Release.Name }}"
+---
+apiVersion: v1
 kind: Pod
 metadata:
-  name: {{ include "dapr-shared.fullname" . }}-hook
+  name: "delete-cm-task-{{ .Release.Name }}"
   labels:
-    {{- include "dapr-shared.labels" . | nindent 4 }}
+    app.kubernetes.io/managed-by: {{ .Release.Service | quote }}
+    app.kubernetes.io/instance: {{ .Release.Name | quote }}
+    app.kubernetes.io/version: {{ .Chart.AppVersion }}
+    helm.sh/chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
   annotations:
+    # This is what defines this resource as a hook. Without this line, the
+    # job is considered part of the release.
     "helm.sh/hook": pre-delete
+    "helm.sh/hook-weight": "-4"
     "helm.sh/hook-delete-policy": hook-succeeded
 spec:
-  # This shows how to use a simple value. This will look for a passed-in value
-  # called restartPolicy. If it is not found, it will use the default value.
-  # {{default "Never" .restartPolicy}} is a slightly optimized version of the
-  # more conventional syntax: {{.restartPolicy | default "Never"}}
   restartPolicy: "Never"
-  serviceAccountName: {{ include "dapr-shared.serviceAccountName" . }}
+  serviceAccountName: "cm-remover-{{ .Release.Name }}"
   containers:
-  - name: shared-remove-hook
-    image: "{{ .Values.shared.initContainer.image.registry }}/{{ .Values.shared.initContainer.image.name }}:{{ .Values.shared.initContainer.image.tag }}"
-    args: 
-      - remove
-      - --config-map={{ .Release.Name }}-cm
+    - name: delete-cm
+      image: "rancher/kubectl:v1.22.6"
+      command: ["kubectl", "-n", "{{ .Release.Namespace }}", "delete", "cm", "{{ .Release.Name }}-shared-cm"]

chart/dapr-shared/templates/rbac.yaml

@@ -2,7 +2,7 @@
 kind: ClusterRole
 apiVersion: rbac.authorization.k8s.io/v1
 metadata:
-  name: dapr-shared-secret-reader
+  name: {{ include "dapr-shared.fullname" . }}-secret-reader
 rules:
 - apiGroups: [""]
   resources: ["secrets"]
@@ -20,13 +20,13 @@ subjects:
 roleRef:
   apiGroup: rbac.authorization.k8s.io
   kind: ClusterRole
-  name: dapr-shared-secret-reader
+  name: {{ include "dapr-shared.fullname" . }}-secret-reader
 ---
 {{- if not (lookup "rbac.authorization.k8s.io/v1" "ClusterRole" "" "dapr-shared-configmap-creator") }}
 kind: ClusterRole
 apiVersion: rbac.authorization.k8s.io/v1
 metadata:
-  name: dapr-shared-configmap-creator
+  name: {{ include "dapr-shared.fullname" . }}-configmap-creator
 rules:
 - apiGroups: [""]
   resources: ["configmaps"]
@@ -44,4 +44,4 @@ subjects:
 roleRef:
   apiGroup: rbac.authorization.k8s.io
   kind: ClusterRole
-  name: dapr-shared-configmap-creator
+  name: {{ include "dapr-shared.fullname" . }}-configmap-creator

chart/dapr-shared/values.yaml

@@ -1,4 +1,3 @@
-fullnameOverride: dapr-shared
 shared:
   # -- The default strategy to run dapr in shared mode. Possible values `daemonset`, `deployment`.
   strategy: daemonset
@@ -36,7 +35,7 @@ shared:
       # -- The dapr-shared image name.
       name: dapr-shared
       # -- The dapr-shared-init image tag.
-      tag: latest
+      tag: 0.0.10
       # -- The init container pull policy.
       pullPolicy: Always
   scheduling:

cmd/shared-init/main.go

@@ -2,7 +2,6 @@ package main
 
 import (
 	"context"
-	"fmt"
 	"log"
 	"os"
 
@@ -70,7 +69,6 @@ func NewRootCmd() *cobra.Command {
 		Use: "shared-init",
 	}
 	rootCmd.AddCommand(NewInitCmd())
-	rootCmd.AddCommand(NewRemoveCmd())
 	return rootCmd
 }
 
@@ -89,21 +87,6 @@ func NewInitCmd() *cobra.Command {
 	return initCmd
 }
 
-// NewRemoveCmd creates a new *cobra.Command for remove command.
-func NewRemoveCmd() *cobra.Command {
-	removeCmd := &cobra.Command{
-		Use: "remove",
-		Run: func(cmd *cobra.Command, args []string) {
-			RemoveHandler()
-		},
-	}
-
-	removeCmd.PersistentFlags().StringVar(&configMapName, "config-map", "dapr-shared-configmap", "--config-map=value")
-	_ = removeCmd.MarkPersistentFlagRequired("config-map")
-
-	return removeCmd
-}
-
 // InitHandler handles the init command.
 func InitHandler() {
 	ctx := context.Background()
@@ -128,21 +111,14 @@ func InitHandler() {
 
 	_, err := kubeClient.CoreV1().ConfigMaps(namespaceDefault).Get(ctx, configMapName, metav1.GetOptions{})
 	if err == nil {
-		panic(fmt.Errorf("configmap %s already exists", configMapName))
+		err := kubeClient.CoreV1().ConfigMaps(namespaceDefault).Delete(ctx, configMapName, metav1.DeleteOptions{})
+		if err != nil {
+			panic(err)
+		}
 	}
 
 	_, err = kubeClient.CoreV1().ConfigMaps(namespaceDefault).Create(ctx, configMap, metav1.CreateOptions{})
 	if err != nil {
 		panic(err)
 	}
 }
-
-// RemoveHandler handles remove command.
-func RemoveHandler() {
-	ctx := context.Background()
-	kubeClient := daprutils.GetKubeClient()
-	err := kubeClient.CoreV1().ConfigMaps(namespaceDefault).Delete(ctx, configMapName, metav1.DeleteOptions{})
-	if err != nil {
-		panic(err)
-	}
-}

docs/release_notes/v0.0.10.md

@@ -0,0 +1,3 @@
+- Using Helm Hook with appropriate service account to delete ConfigMap
+- Adding @KayWalter suggestion to delete CM before creating it
+- Using fixed version init container instead of latest, default included in values.yaml file