apiVersion: v1
kind: ConfigMap
metadata:
  namespace: {{ .Release.Namespace }}
  name: cdi-crd-manifest
  {{ template "cdi.crdUpgradeHook.annotations" (dict "hookWeight" 1) }}
data:
  crd: |-
    {{ $.Files.Get "crds/cdi.yaml" | nindent 4 }}
---
apiVersion: v1
kind: ServiceAccount
metadata:
  namespace: {{ .Release.Namespace }}
  name: {{ template "cdi.crdUpgradeHook.name" . }}
  {{ template "cdi.crdUpgradeHook.annotations" (dict "hookWeight" 2) }}
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
  name: {{ template "cdi.crdUpgradeHook.name" . }}
  {{ template "cdi.crdUpgradeHook.annotations" (dict "hookWeight" 2) }}
rules:
  - apiGroups: [ "" ]
    resources: [ "configmaps" ]
    resourceNames:
      - "cdi-crd-manifest"
    verbs: [ "get" ]
  - apiGroups: [ "apiextensions.k8s.io" ]
    resources: [ "customresourcedefinitions" ]
    resourceNames:
      - "cdis.cdi.kubevirt.io"
    verbs: [ "get", "patch" ]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: {{ template "cdi.crdUpgradeHook.name" . }}
  {{ template "cdi.crdUpgradeHook.annotations" (dict "hookWeight" 3) }}
subjects:
  - kind: ServiceAccount
    namespace: {{ .Release.Namespace }}
    name: {{ template "cdi.crdUpgradeHook.name" . }}
roleRef:
  kind: ClusterRole
  name: {{ template "cdi.crdUpgradeHook.name" . }}
  apiGroup: rbac.authorization.k8s.io
---
apiVersion: batch/v1
kind: Job
metadata:
  namespace: {{ .Release.Namespace }}
  name: {{ template "cdi.crdUpgradeHook.name" . }}
  {{ template "cdi.crdUpgradeHook.annotations" (dict "hookWeight" 4) }}
spec:
  template:
    metadata:
      name: {{ template "cdi.crdUpgradeHook.name" . }}
    spec:
      serviceAccountName: {{ template "cdi.crdUpgradeHook.name" . }}
      restartPolicy: {{ .Values.hookRestartPolicy }}
      containers:
        - name: {{ template "cdi.crdUpgradeHook.name" . }}
          image: {{ .Values.hookImage }}
          args:
            - apply
            - -f
            - /etc/manifests/crd.yaml
          securityContext:
            {{- toYaml .Values.hookSecurityContext | nindent 12 }}
          volumeMounts:
            - name: crd-volume
              mountPath: /etc/manifests
      volumes:
        - name: crd-volume
          configMap:
            name: cdi-crd-manifest
            items:
              - key: crd
                path: crd.yaml