feat: add dex-controller pre-upgrade hook (#1467)

* feat: add dex-controller pre-upgrade hook

* Update stable/dex/templates/job-pre-upgrade.yaml

Co-authored-by: Martin Hrabovcin <[email protected]>

* feat: bump dex-controller to v0.13.0

* Update stable/dex/templates/job-pre-upgrade.yaml

Co-authored-by: Mikołaj Baranowski <[email protected]>

---------

Co-authored-by: Martin Hrabovcin <[email protected]>
Co-authored-by: Mikołaj Baranowski <[email protected]>

stable/dex/Chart.yaml

@@ -1,6 +1,6 @@
 apiVersion: v1
 name: dex
-version: 2.13.5
+version: 2.13.6
 appVersion: 2.37.0
 description: Dex
 keywords:

stable/dex/requirements.lock

@@ -1,6 +1,6 @@
 dependencies:
 - name: dex-controller
   repository: https://mesosphere.github.io/dex-controller/charts
-  version: v0.12.3
-digest: sha256:094d107b7ea95a5bb5b2c8a29f8406f0cd834c0af2a0fc1e1f1fa52a96a7d70f
-generated: "2023-10-30T10:27:51.405551486+01:00"
+  version: v0.13.0
+digest: sha256:7a5dec7ccf4527e625f308e630ea0636b817c175e5a127dbd06285e2528cfa97
+generated: "2023-11-03T10:48:43.000043146+01:00"

stable/dex/requirements.yaml

@@ -1,5 +1,5 @@
 dependencies:
   - name: dex-controller
-    version: v0.12.3
+    version: v0.13.0
     repository: https://mesosphere.github.io/dex-controller/charts
     condition: dex-controller.enabled, global.dex-controller.enabled

stable/dex/templates/job-pre-upgrade.yaml

@@ -0,0 +1,72 @@
+apiVersion: batch/v1
+kind: Job
+metadata:
+  name: pre-upgrade-job
+  annotations:
+    # This is what defines this resource as a hook. Without this line, the
+    # job is considered part of the release.
+    "helm.sh/hook": pre-upgrade
+    "helm.sh/hook-weight": "-5"
+    "helm.sh/hook-delete-policy": hook-succeeded
+spec:
+  template:
+    spec:
+      restartPolicy: OnFailure
+      {{- if .Values.priorityClassName }}
+      priorityClassName: "{{ .Values.priorityClassName }}"
+      {{- end }}
+      serviceAccountName: {{ .Release.Name }}-dex-pre-upgrade-hook
+      containers:
+        - name: disable-dex-controller
+          image: "{{ .Values.kubectlImage }}"
+          command: [ "/bin/sh" ]
+          args:
+            - -c
+            - |
+              kubectl scale deploy {{ .Release.Name }}-dex-controller -n {{ .Release.Namespace }} --replicas=0
+              kubectl wait pod --for=delete -n {{ .Release.Namespace }} -l control-plane={{ .Release.Name }}-dex-controller
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: dex-pre-upgrade-hook
+  namespace: {{ .Release.Namespace }}
+  annotations:
+    "helm.sh/hook": pre-upgrade
+    "helm.sh/hook-weight": "-5"
+    "helm.sh/hook-delete-policy": hook-succeeded
+rules:
+  - apiGroups: [""]
+    resources: ["pods"]
+    verbs: ["get", "list", "watch"]
+  - apiGroups: ["apps"]
+    resources: ["deployments", "deployments/scale"]
+    verbs: ["get", "list", "watch", "update", "patch"]
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: dex-pre-upgrade-hook
+  namespace: {{ .Release.Namespace }}
+  annotations:
+    "helm.sh/hook": pre-upgrade
+    "helm.sh/hook-weight": "-5"
+    "helm.sh/hook-delete-policy": hook-succeeded
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: dex-pre-upgrade-hook
+subjects:
+  - kind: ServiceAccount
+    name: {{ .Release.Name }}-dex-pre-upgrade-hook
+    namespace: {{ .Release.Namespace }}
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ .Release.Name }}-dex-pre-upgrade-hook
+  namespace: {{ .Release.Namespace }}
+  annotations:
+    "helm.sh/hook": pre-upgrade
+    "helm.sh/hook-weight": "-5"
+    "helm.sh/hook-delete-policy": hook-succeeded