Uninstall designate-certmanager-webhook helm release issue

[fmohacsi]

By default the uninstall process (https://github.com/syseleven/designate-certmanager-webhook/blob/master/helm/designate-certmanager-webhook/templates/uninstall.yaml) creates a serviceaccount, a clusterrole, a clusterrolebinding and a job. The serviceaccount name is the same as a created by a deployment (serviceAccountName: {{ include "designate-certmanager-webhook.fullname" . }}) , so it would caused a conflict if both would be created to a cert-manager's namespace. I think that is why the uninstall process creates a job and a serviceaccount to the default namespace. The namespace is hardcoded in the uninstall template within the helm chart, so it cannot be overwritten/customized from outside. It would be nice, if the uninstall related k8s components could be created to the application's namespace.
Besides that there is no way to provide imagepullsecret for the uninstall job, so kubectl image must be came from a public registry.

We have modified the file (https://github.com/syseleven/designate-certmanager-webhook/blob/master/helm/designate-certmanager-webhook/templates/uninstall.yaml) and fixed those issue-s using the below code (changes highlighted):

`
apiVersion: batch/v1
kind: Job
metadata:
name: uninstall-{{ include "designate-certmanager-webhook.fullname" . }}
labels:
app: {{ include "designate-certmanager-webhook.name" . }}
chart: {{ include "designate-certmanager-webhook.chart" . }}
release: {{ .Release.Name }}
heritage: {{ .Release.Service }}
namespace: {{ .Release.Namespace }}
annotations:
"helm.sh/hook": pre-delete
"helm.sh/hook-delete-policy": hook-succeeded
spec:
template:
spec:
{{- with .Values.imagePullSecrets }}
imagePullSecrets:
{{- toYaml . | nindent 8 }}
{{- end }}
restartPolicy: Never
serviceAccountName: {{ include "designate-certmanager-webhook.fullname" . }}-uninstall
containers:
- name: remove-apiservice
image: "{{ .Values.kubectl.image.repository }}:{{ .Values.kubectl.image.tag }}"
imagePullPolicy: {{ .Values.image.pullPolicy }}
command:
- kubectl
args:
- delete
- --ignore-not-found
- apiservice
- v1alpha1.acme.syseleven.de

apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: {{ include "designate-certmanager-webhook.fullname" . }}:uninstall
labels:
app: {{ include "designate-certmanager-webhook.name" . }}
chart: {{ include "designate-certmanager-webhook.chart" . }}
release: {{ .Release.Name }}
heritage: {{ .Release.Service }}
annotations:
"helm.sh/hook": pre-delete
"helm.sh/hook-delete-policy": hook-succeeded
rules:

• apiGroups:
  • acme.syseleven.de
    resources:
  • '*'
    verbs:
  • 'create'
• apiGroups:
  • apiregistration.k8s.io
    resources:
  • apiservices
    verbs:
  • '*'

apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: {{ include "designate-certmanager-webhook.fullname" . }}:uninstall
labels:
app: {{ include "designate-certmanager-webhook.name" . }}
chart: {{ include "designate-certmanager-webhook.chart" . }}
release: {{ .Release.Name }}
heritage: {{ .Release.Service }}
annotations:
"helm.sh/hook": pre-delete
"helm.sh/hook-delete-policy": hook-succeeded
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: {{ include "designate-certmanager-webhook.fullname" . }}:uninstall
subjects:

• apiGroup: ""
  kind: ServiceAccount
  name: {{ include "designate-certmanager-webhook.fullname" . }}-uninstall
  namespace: {{ .Release.Namespace }}

apiVersion: v1
kind: ServiceAccount
metadata:
name: {{ include "designate-certmanager-webhook.fullname" . }}-uninstall
labels:
app: {{ include "designate-certmanager-webhook.name" . }}
chart: {{ include "designate-certmanager-webhook.chart" . }}
release: {{ .Release.Name }}
heritage: {{ .Release.Service }}
annotations:
"helm.sh/hook": pre-delete
"helm.sh/hook-delete-policy": hook-succeeded
namespace: {{ .Release.Namespace }}

`