From b950af4ccd7c1c88e0d7c1157c0ea388bd4edc22 Mon Sep 17 00:00:00 2001
From: Amanuel Engeda <aengeda@amazon.com>
Date: Wed, 21 Aug 2024 12:29:48 -0700
Subject: [PATCH] Remove post install hook

---
 .../karpenter/templates/clusterrole-core.yaml | 16 +-------
 .../templates/post-install-hook.yaml          | 41 -------------------
 charts/karpenter/values.yaml                  |  8 ----
 3 files changed, 2 insertions(+), 63 deletions(-)
 delete mode 100644 charts/karpenter/templates/post-install-hook.yaml

diff --git a/charts/karpenter/templates/clusterrole-core.yaml b/charts/karpenter/templates/clusterrole-core.yaml
index bf39ed0c0f62..e69155352ee0 100644
--- a/charts/karpenter/templates/clusterrole-core.yaml
+++ b/charts/karpenter/templates/clusterrole-core.yaml
@@ -41,15 +41,9 @@ rules:
   - apiGroups: ["apps"]
     resources: ["daemonsets", "deployments", "replicasets", "statefulsets"]
     verbs: ["list", "watch"]
-  {{- if .Values.webhook.enabled }}
   - apiGroups: ["apiextensions.k8s.io"]
     resources: ["customresourcedefinitions"]
-    verbs: ["get", "watch", "list"]
-  {{- else }}
-  - apiGroups: ["apiextensions.k8s.io"]
-    resources: ["customresourcedefinitions"]
-    verbs: ["get"]
-  {{- end }}
+    verbs: ["watch", "list"]
   - apiGroups: ["policy"]
     resources: ["poddisruptionbudgets"]
     verbs: ["get", "list", "watch"]
@@ -72,15 +66,9 @@ rules:
   - apiGroups: [""]
     resources: ["pods"]
     verbs: ["delete"]
-  {{- if .Values.webhook.enabled }}
   - apiGroups: ["apiextensions.k8s.io"]
     resources: ["customresourcedefinitions"]
-    verbs: ["update", "patch"]
-  {{- else }}
-  - apiGroups: ["apiextensions.k8s.io"]
-    resources: ["customresourcedefinitions"]
-    verbs: ["patch"]
-  {{- end }}
+    verbs: ["update"]
   {{- with .Values.additionalClusterRoleRules -}}
   {{ toYaml . | nindent 2 }}
   {{- end -}}
diff --git a/charts/karpenter/templates/post-install-hook.yaml b/charts/karpenter/templates/post-install-hook.yaml
deleted file mode 100644
index b2fd22824b8d..000000000000
--- a/charts/karpenter/templates/post-install-hook.yaml
+++ /dev/null
@@ -1,41 +0,0 @@
-apiVersion: batch/v1
-kind: Job
-metadata:
-  name: {{ .Release.Name }}-post-install-hook
-  namespace: {{ .Release.Namespace }}
-  labels:
-    {{- include "karpenter.labels" . | nindent 4 }}
-  annotations:
-    "helm.sh/hook": post-install,post-upgrade,post-rollback
-    "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded,hook-failed   
-    {{- with .Values.additionalAnnotations }}
-      {{- toYaml . | nindent 4 }}
-    {{- end }}
-spec:
-  ttlSecondsAfterFinished: 0
-  template:
-    spec:
-      serviceAccountName: {{ include "karpenter.serviceAccountName" . }}
-      restartPolicy: OnFailure
-      {{- with .Values.tolerations }}
-      tolerations:
-        {{- toYaml . | nindent 8 }}
-      {{- end }}
-      containers:
-      - name: post-install-job
-        image: {{ include "karpenter.postInstallHook.image" . }}
-        command:
-        - /bin/sh
-        - -c
-        - |
-          {{- if .Values.webhook.enabled }}
-            kubectl patch customresourcedefinitions nodepools.karpenter.sh  --type='merge' -p '{"spec":{"conversion":{"strategy": "Webhook", "webhook":{"conversionReviewVersions": ["v1beta1", "v1"], "clientConfig":{"service":{"name":"{{ include "karpenter.fullname" . }}", "port": {{ .Values.webhook.port }} ,"namespace": "{{ .Release.Namespace }}"}}}}}}'
-            kubectl patch customresourcedefinitions nodeclaims.karpenter.sh  --type='merge' -p '{"spec":{"conversion":{"strategy": "Webhook", "webhook":{"conversionReviewVersions": ["v1beta1", "v1"], "clientConfig":{"service":{"name":"{{ include "karpenter.fullname" . }}", "port": {{ .Values.webhook.port }} ,"namespace": "{{ .Release.Namespace }}"}}}}}}'
-            kubectl patch customresourcedefinitions ec2nodeclasses.karpenter.k8s.aws  --type='merge' -p '{"spec":{"conversion":{"strategy": "Webhook", "webhook":{"conversionReviewVersions": ["v1beta1", "v1"], "clientConfig":{"service":{"name":"{{ include "karpenter.fullname" . }}", "port": {{ .Values.webhook.port }} ,"namespace": "{{ .Release.Namespace }}"}}}}}}'
-          {{- else }}
-            echo "disabled webhooks"
-            kubectl patch customresourcedefinitions nodepools.karpenter.sh  --type='json' -p '[{'op': 'remove', 'path': '/spec/conversion'}]'
-            kubectl patch customresourcedefinitions nodeclaims.karpenter.sh  --type='json' -p '[{'op': 'remove', 'path': '/spec/conversion'}]'
-            kubectl patch customresourcedefinitions ec2nodeclasses.karpenter.k8s.aws  --type='json' -p '[{'op': 'remove', 'path': '/spec/conversion'}]'
-          {{- end }}
-
diff --git a/charts/karpenter/values.yaml b/charts/karpenter/values.yaml
index 67dce4b0b265..df5cc1151737 100644
--- a/charts/karpenter/values.yaml
+++ b/charts/karpenter/values.yaml
@@ -137,14 +137,6 @@ controller:
   healthProbe:
     # -- The container port to use for http health probe.
     port: 8081
-postInstallHook:
-  image:
-    # -- Repository path to the post-install hook. This minimally needs to have `kubectl` installed
-    repository: public.ecr.aws/bitnami/kubectl
-    # -- Tag of the post-install hook image.
-    tag: "1.30"
-    # -- SHA256 digest of the post-install hook image.
-    digest: sha256:13a2ad1bd37ce42ee2a6f1ab0d30595f42eb7fe4a90d6ec848550524104a1ed6
 webhook:
   # -- Whether to enable the webhooks and webhook permissions.
   enabled: true