---
apiVersion: v1
kind: ServiceAccount
metadata:
  name: post-upgrade-job
  namespace: '{{ .Values.rancherTurtles.namespace }}'
  annotations:
    "helm.sh/hook": post-upgrade
    "helm.sh/hook-weight": "1"
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
  name: post-upgrade-job-delete-clusters
  annotations:
    "helm.sh/hook": post-upgrade
    "helm.sh/hook-weight": "1"
rules:
- apiGroups:
  - provisioning.cattle.io
  resources:
  - clusters
  verbs:
  - list
  - delete
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: post-upgrade-job-delete-clusters
  annotations:
    "helm.sh/hook": post-upgrade
    "helm.sh/hook-weight": "1"
subjects:
  - kind: ServiceAccount
    name: post-upgrade-job
    namespace: '{{ .Values.rancherTurtles.namespace }}'
roleRef:
  kind: ClusterRole
  name: post-upgrade-job-delete-clusters
  apiGroup: rbac.authorization.k8s.io
---
apiVersion: batch/v1
kind: Job
metadata:
  name: post-upgrade-delete-clusters
  namespace: '{{ .Values.rancherTurtles.namespace }}'
  annotations:
    "helm.sh/hook": post-upgrade
    "helm.sh/hook-weight": "2"
spec:
  ttlSecondsAfterFinished: 300
  template:
    spec:
      serviceAccountName: post-upgrade-job
      containers:
        - name: post-upgrade-delete-clusters
          image: {{ index .Values "rancherTurtles" "kubectlImage" }}
          args:
          - delete
          - clusters.provisioning.cattle.io
          - --selector=cluster-api.cattle.io/owned
          - -A
          - --ignore-not-found=true
          - --wait
      restartPolicy: OnFailure