diff --git a/charts/kubezero-kiam/Chart.yaml b/charts/kubezero-kiam/Chart.yaml index 4381f275..53135922 100644 --- a/charts/kubezero-kiam/Chart.yaml +++ b/charts/kubezero-kiam/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 name: kubezero-kiam description: KubeZero Umbrella Chart for Kiam type: application -version: 0.2.0 +version: 0.2.1 home: https://kubezero.com icon: https://cdn.zero-downtime.net/assets/logo_small.png keywords: diff --git a/charts/kubezero-kiam/templates/postsync-ns.yaml b/charts/kubezero-kiam/templates/postsync-ns.yaml new file mode 100644 index 00000000..a8dbdcbf --- /dev/null +++ b/charts/kubezero-kiam/templates/postsync-ns.yaml @@ -0,0 +1,26 @@ +apiVersion: batch/v1 +kind: Job +metadata: + name: kiam-kube-system-ns-annotation + namespace: kube-system + annotations: + argocd.argoproj.io/hook: PostSync + argocd.argoproj.io/hook-delete-policy: HookSucceeded + labels: + app.kubernetes.io/name: {{ .name }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/part-of: kubezero +spec: + template: + spec: + serviceAccountName: default + containers: + - name: kubectl + image: "bitnami/kubectl:latest" + imagePullPolicy: "IfNotPresent" + command: + - /bin/sh + - -c + - kubectl annotate --overwrite namespace kube-system 'iam.amazonaws.com/permitted=.*' + restartPolicy: Never