From 718440d155629476ecb5160b8d1456c9922a1e5a Mon Sep 17 00:00:00 2001
From: Stefan Reimer <stefan@zero-downtime.net>
Date: Mon, 18 May 2020 16:24:57 +0100
Subject: [PATCH] First trial of sync hook to annotate system ns

---
 charts/kubezero-kiam/Chart.yaml               |  2 +-
 .../kubezero-kiam/templates/postsync-ns.yaml  | 26 +++++++++++++++++++
 2 files changed, 27 insertions(+), 1 deletion(-)
 create mode 100644 charts/kubezero-kiam/templates/postsync-ns.yaml

diff --git a/charts/kubezero-kiam/Chart.yaml b/charts/kubezero-kiam/Chart.yaml
index 4381f27..5313592 100644
--- a/charts/kubezero-kiam/Chart.yaml
+++ b/charts/kubezero-kiam/Chart.yaml
@@ -2,7 +2,7 @@ apiVersion: v2
 name: kubezero-kiam
 description: KubeZero Umbrella Chart for Kiam
 type: application
-version: 0.2.0
+version: 0.2.1
 home: https://kubezero.com
 icon: https://cdn.zero-downtime.net/assets/logo_small.png
 keywords:
diff --git a/charts/kubezero-kiam/templates/postsync-ns.yaml b/charts/kubezero-kiam/templates/postsync-ns.yaml
new file mode 100644
index 0000000..a8dbdcb
--- /dev/null
+++ b/charts/kubezero-kiam/templates/postsync-ns.yaml
@@ -0,0 +1,26 @@
+apiVersion: batch/v1
+kind: Job
+metadata:
+  name: kiam-kube-system-ns-annotation
+  namespace: kube-system
+  annotations:
+    argocd.argoproj.io/hook: PostSync
+    argocd.argoproj.io/hook-delete-policy: HookSucceeded
+  labels:
+    app.kubernetes.io/name: {{ .name }}
+    helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    app.kubernetes.io/part-of: kubezero
+spec:
+  template:
+    spec:
+      serviceAccountName: default
+      containers:
+        - name: kubectl
+          image: "bitnami/kubectl:latest"
+          imagePullPolicy: "IfNotPresent"
+          command:
+          - /bin/sh
+          - -c
+          - kubectl annotate --overwrite namespace kube-system 'iam.amazonaws.com/permitted=.*'
+      restartPolicy: Never