github.com/replicatedcom/ship@v0.50.0/integration/init/istio/expected/base/charts/security/templates/ServiceAccount-istio-cleanup-secrets-service-account.yaml

github.com/replicatedcom/ship@v0.50.0/integration/init/istio/expected/base/charts/security/templates/ServiceAccount-istio-cleanup-secrets-service-account.yaml (about)

     1  ---
     2  # Source: istio/charts/security/templates/cleanup-secrets.yaml
     3  # The reason for creating a ServiceAccount and ClusterRole specifically for this
     4  # post-delete hooked job is because the citadel ServiceAccount is being deleted
     5  # before this hook is launched. On the other hand, running this hook before the
     6  # deletion of the citadel (e.g. pre-delete) won't delete the secrets because they
     7  # will be re-created immediately by the to-be-deleted citadel.
     8  #
     9  # It's also important that the ServiceAccount, ClusterRole and ClusterRoleBinding
    10  # will be ready before running the hooked Job therefore the hook weights.
    11  
    12  apiVersion: v1
    13  kind: ServiceAccount
    14  metadata:
    15    name: istio-cleanup-secrets-service-account
    16    namespace: default
    17    annotations:
    18      "helm.sh/hook": post-delete
    19      "helm.sh/hook-delete-policy": hook-succeeded
    20      "helm.sh/hook-weight": "1"
    21    labels:
    22      app: security
    23      chart: security
    24      heritage: Tiller
    25      release: istio