From 0eabaec743502225348cbebc35a913ab29db3142 Mon Sep 17 00:00:00 2001
From: Inteon <42113979+inteon@users.noreply.github.com>
Date: Fri, 30 Jul 2021 16:04:55 +0200
Subject: [PATCH] change startupapicheck to helm post-install hook

Signed-off-by: Inteon <42113979+inteon@users.noreply.github.com>
---
 .../templates/startupapicheck-rbac.yaml        |  8 ++++++++
 deploy/charts/cert-manager/values.yaml         | 18 ++++++++++++++++--
 deploy/crds/BUILD.bazel                        |  2 ++
 deploy/manifests/BUILD.bazel                   |  1 +
 devel/addon/certmanager/install.sh             |  1 -
 5 files changed, 27 insertions(+), 3 deletions(-)

diff --git a/deploy/charts/cert-manager/templates/startupapicheck-rbac.yaml b/deploy/charts/cert-manager/templates/startupapicheck-rbac.yaml
index 9c6138942..0c08e49a2 100644
--- a/deploy/charts/cert-manager/templates/startupapicheck-rbac.yaml
+++ b/deploy/charts/cert-manager/templates/startupapicheck-rbac.yaml
@@ -12,6 +12,10 @@ metadata:
     app.kubernetes.io/instance: {{ .Release.Name }}
     app.kubernetes.io/component: "startupapicheck"
     {{- include "labels" . | nindent 4 }}
+  {{- if .Values.startupapicheck.rbac.annotations }}
+  annotations:
+{{ toYaml .Values.startupapicheck.rbac.annotations | indent 4 }}
+  {{- end }}
 rules:
   - apiGroups: ["cert-manager.io"]
     resources: ["certificates"]
@@ -29,6 +33,10 @@ metadata:
     app.kubernetes.io/instance: {{ .Release.Name }}
     app.kubernetes.io/component: "startupapicheck"
     {{- include "labels" . | nindent 4 }}
+  {{- if .Values.startupapicheck.rbac.annotations }}
+  annotations:
+{{ toYaml .Values.startupapicheck.rbac.annotations | indent 4 }}
+  {{- end }}
 roleRef:
   apiGroup: rbac.authorization.k8s.io
   kind: Role
diff --git a/deploy/charts/cert-manager/values.yaml b/deploy/charts/cert-manager/values.yaml
index 33a3dc500..a00e5d358 100644
--- a/deploy/charts/cert-manager/values.yaml
+++ b/deploy/charts/cert-manager/values.yaml
@@ -397,6 +397,8 @@ cainjector:
     # Automount API credentials for a Service Account.
     automountServiceAccountToken: true
 
+# This startupapicheck is a Helm post-install hook that waits for the webhook
+# endpoints to become available.
 startupapicheck:
   enabled: true
 
@@ -412,7 +414,9 @@ startupapicheck:
   backoffLimit: 4
 
   # Optional additional annotations to add to the startupapicheck Job
-  # jobAnnotations: {}
+  jobAnnotations:
+    helm.sh/hook: post-install
+    helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded
 
   # Optional additional annotations to add to the startupapicheck Pods
   # podAnnotations: {}
@@ -449,13 +453,23 @@ startupapicheck:
 
     pullPolicy: IfNotPresent
 
+  rbac:
+    annotations:
+      helm.sh/hook: post-install
+      helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded
+
   serviceAccount:
     # Specifies whether a service account should be created
     create: true
+
     # The name of the service account to use.
     # If not set and create is true, a name is generated using the fullname template
     # name: ""
+
     # Optional additional annotations to add to the Job's ServiceAccount
-    # annotations: {}
+    annotations:
+      helm.sh/hook: post-install
+      helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded
+
     # Automount API credentials for a Service Account.
     automountServiceAccountToken: true
diff --git a/deploy/crds/BUILD.bazel b/deploy/crds/BUILD.bazel
index 9d7704410..8fd495810 100644
--- a/deploy/crds/BUILD.bazel
+++ b/deploy/crds/BUILD.bazel
@@ -50,6 +50,7 @@ helm_tmpl(
         # Set creator to "static", so the Helm chart does
         # not add Helm-specific labels to the resources.
         "creator": "static",
+        "startupapicheck.enabled": "false",
     },
     visibility = ["//visibility:public"],
 )
@@ -76,6 +77,7 @@ helm_tmpl(
         # Set creator to "static", so the Helm chart does
         # not add Helm-specific labels to the resources.
         "creator": "static",
+        "startupapicheck.enabled": "false",
     },
     visibility = ["//visibility:public"],
 ) for crd in crds]
diff --git a/deploy/manifests/BUILD.bazel b/deploy/manifests/BUILD.bazel
index a44c0eb9a..0cf8f6523 100644
--- a/deploy/manifests/BUILD.bazel
+++ b/deploy/manifests/BUILD.bazel
@@ -19,6 +19,7 @@ helm_tmpl(
         # Set creator to "static", so the Helm chart does
         # not add Helm-specific labels to the resources.
         "creator": "static",
+        "startupapicheck.enabled": "false",
     },
 )
 
diff --git a/devel/addon/certmanager/install.sh b/devel/addon/certmanager/install.sh
index 99214961f..37bfbbee4 100755
--- a/devel/addon/certmanager/install.sh
+++ b/devel/addon/certmanager/install.sh
@@ -59,7 +59,6 @@ bazel build //deploy/charts/cert-manager
 helm upgrade \
     --install \
     --wait \
-    --wait-for-jobs \
     --namespace "${NAMESPACE}" \
     --set image.tag="${APP_VERSION}" \
     --set cainjector.image.tag="${APP_VERSION}" \