From 4be061f41becadec0e71c84d7ff7d54f0a39b3f3 Mon Sep 17 00:00:00 2001 From: Robert Bublik Date: Thu, 1 Aug 2024 16:02:58 +0200 Subject: [PATCH] feat: separate podlabels in controller-manager and audit deployment (#3378) Signed-off-by: Robert Bublik --- cmd/build/helmify/main.go | 6 ++---- cmd/build/helmify/static/README.md | 2 ++ .../helmify/static/templates/_helpers.tpl | 19 +++++++++++++++++++ cmd/build/helmify/static/values.yaml | 2 ++ manifest_staging/charts/gatekeeper/README.md | 2 ++ .../charts/gatekeeper/templates/_helpers.tpl | 19 +++++++++++++++++++ .../gatekeeper-audit-deployment.yaml | 1 + ...ekeeper-controller-manager-deployment.yaml | 1 + .../charts/gatekeeper/values.yaml | 2 ++ 9 files changed, 50 insertions(+), 4 deletions(-) diff --git a/cmd/build/helmify/main.go b/cmd/build/helmify/main.go index b0b17b8868d..bf9aefefd6e 100644 --- a/cmd/build/helmify/main.go +++ b/cmd/build/helmify/main.go @@ -133,19 +133,17 @@ func (ks *kindSet) Write() error { } if name == "gatekeeper-controller-manager" && kind == DeploymentKind { + obj = strings.Replace(obj, " labels:", " labels:\n {{- include \"gatekeeper.podLabels\" . | nindent 8 }}\n {{- include \"controllerManager.podLabels\" . | nindent 8 }}\n {{- include \"gatekeeper.commonLabels\" . | nindent 8 }}", 1) obj = strings.Replace(obj, " priorityClassName: system-cluster-critical", " {{- if .Values.controllerManager.priorityClassName }}\n priorityClassName: {{ .Values.controllerManager.priorityClassName }}\n {{- end }}", 1) } if name == "gatekeeper-audit" && kind == DeploymentKind { obj = "{{- if not .Values.disableAudit }}\n" + obj + "{{- end }}\n" + obj = strings.Replace(obj, " labels:", " labels:\n {{- include \"gatekeeper.podLabels\" . | nindent 8 }}\n {{- include \"audit.podLabels\" . | nindent 8 }}\n {{- include \"gatekeeper.commonLabels\" . | nindent 8 }}", 1) obj = strings.Replace(obj, " priorityClassName: system-cluster-critical", " {{- if .Values.audit.priorityClassName }}\n priorityClassName: {{ .Values.audit.priorityClassName }}\n {{- end }}", 1) obj = strings.Replace(obj, " - emptyDir: {}", " {{- if .Values.audit.writeToRAMDisk }}\n - emptyDir:\n medium: Memory\n {{ else }}\n - emptyDir: {}\n {{- end }}", 1) } - if kind == DeploymentKind { - obj = strings.Replace(obj, " labels:", " labels:\n {{- include \"gatekeeper.podLabels\" . | nindent 8 }}\n {{- include \"gatekeeper.commonLabels\" . | nindent 8 }}", 1) - } - if name == "gatekeeper-manager-role" && kind == "Role" { obj += "{{- with .Values.controllerManager.extraRules }}\n {{- toYaml . | nindent 0 }}\n{{- end }}\n" } diff --git a/cmd/build/helmify/static/README.md b/cmd/build/helmify/static/README.md index df5eed29c62..cc466a1b060 100644 --- a/cmd/build/helmify/static/README.md +++ b/cmd/build/helmify/static/README.md @@ -179,6 +179,7 @@ information._ | image.pullSecrets | Specify an array of imagePullSecrets | `[]` | | resources | The resource request/limits for the container image | limits: 1 CPU, 512Mi, requests: 100mCPU, 256Mi | | nodeSelector | The node selector to use for pod scheduling | `kubernetes.io/os: linux` | +| controllerManager.podLabels | The labels to add to the controller manager pod | `{}` | | controllerManager.affinity | The node affinity to use for controller manager pod scheduling | `{}` | | controllerManager.topologySpreadConstraints | The topology spread constraints to use for controller manager pod scheduling | `[]` | | controllerManager.tolerations | The tolerations to use for controller manager pod scheduling | `[]` | @@ -201,6 +202,7 @@ information._ | controllerManager.networkPolicy.ingress | Additional ingress rules to be added to the controller manager network policy | `{}` | | controllerManager.strategyType | The strategy type to use for Controller Manager deployment | `RollingUpdate` | | controllerManager.strategyRollingUpdate | [RollingUpdate](https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#rolling-update-deployment) configuration for Controller Manager deployment | `{}` | +| audit.podLabels | The labels to add to the audit pod | `{}` | | audit.affinity | The node affinity to use for audit pod scheduling | `{}` | | audit.topologySpreadConstraints | The topology spread constraints to use for audit pod scheduling | `[]` | | audit.tolerations | The tolerations to use for audit pod scheduling | `[]` | diff --git a/cmd/build/helmify/static/templates/_helpers.tpl b/cmd/build/helmify/static/templates/_helpers.tpl index 785d9912656..c8ffb260489 100644 --- a/cmd/build/helmify/static/templates/_helpers.tpl +++ b/cmd/build/helmify/static/templates/_helpers.tpl @@ -40,6 +40,25 @@ Adds additional pod labels to the common ones {{- end }} {{- end -}} +{{/* +Adds additional controller-manager pod labels to the common ones +*/}} +{{- define "controllerManager.podLabels" -}} +{{- if .Values.controllerManager.podLabels }} +{{- toYaml .Values.controllerManager.podLabels }} +{{- end }} +{{- end -}} + +{{/* +Adds additional audit pod labels to the common ones +*/}} +{{- define "audit.podLabels" -}} +{{- if .Values.audit.podLabels }} +{{- toYaml .Values.audit.podLabels }} +{{- end }} +{{- end -}} + + {{/* Mandatory labels */}} diff --git a/cmd/build/helmify/static/values.yaml b/cmd/build/helmify/static/values.yaml index ada3e5ce541..76862de9a3b 100644 --- a/cmd/build/helmify/static/values.yaml +++ b/cmd/build/helmify/static/values.yaml @@ -186,6 +186,7 @@ controllerManager: clientCertName: "" strategyType: RollingUpdate strategyRollingUpdate: {} + podLabels: {} affinity: podAntiAffinity: preferredDuringSchedulingIgnoredDuringExecution: @@ -241,6 +242,7 @@ audit: livenessTimeout: 1 priorityClassName: system-cluster-critical disableCertRotation: false + podLabels: {} affinity: {} tolerations: [] nodeSelector: {kubernetes.io/os: linux} diff --git a/manifest_staging/charts/gatekeeper/README.md b/manifest_staging/charts/gatekeeper/README.md index df5eed29c62..cc466a1b060 100644 --- a/manifest_staging/charts/gatekeeper/README.md +++ b/manifest_staging/charts/gatekeeper/README.md @@ -179,6 +179,7 @@ information._ | image.pullSecrets | Specify an array of imagePullSecrets | `[]` | | resources | The resource request/limits for the container image | limits: 1 CPU, 512Mi, requests: 100mCPU, 256Mi | | nodeSelector | The node selector to use for pod scheduling | `kubernetes.io/os: linux` | +| controllerManager.podLabels | The labels to add to the controller manager pod | `{}` | | controllerManager.affinity | The node affinity to use for controller manager pod scheduling | `{}` | | controllerManager.topologySpreadConstraints | The topology spread constraints to use for controller manager pod scheduling | `[]` | | controllerManager.tolerations | The tolerations to use for controller manager pod scheduling | `[]` | @@ -201,6 +202,7 @@ information._ | controllerManager.networkPolicy.ingress | Additional ingress rules to be added to the controller manager network policy | `{}` | | controllerManager.strategyType | The strategy type to use for Controller Manager deployment | `RollingUpdate` | | controllerManager.strategyRollingUpdate | [RollingUpdate](https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#rolling-update-deployment) configuration for Controller Manager deployment | `{}` | +| audit.podLabels | The labels to add to the audit pod | `{}` | | audit.affinity | The node affinity to use for audit pod scheduling | `{}` | | audit.topologySpreadConstraints | The topology spread constraints to use for audit pod scheduling | `[]` | | audit.tolerations | The tolerations to use for audit pod scheduling | `[]` | diff --git a/manifest_staging/charts/gatekeeper/templates/_helpers.tpl b/manifest_staging/charts/gatekeeper/templates/_helpers.tpl index 785d9912656..c8ffb260489 100644 --- a/manifest_staging/charts/gatekeeper/templates/_helpers.tpl +++ b/manifest_staging/charts/gatekeeper/templates/_helpers.tpl @@ -40,6 +40,25 @@ Adds additional pod labels to the common ones {{- end }} {{- end -}} +{{/* +Adds additional controller-manager pod labels to the common ones +*/}} +{{- define "controllerManager.podLabels" -}} +{{- if .Values.controllerManager.podLabels }} +{{- toYaml .Values.controllerManager.podLabels }} +{{- end }} +{{- end -}} + +{{/* +Adds additional audit pod labels to the common ones +*/}} +{{- define "audit.podLabels" -}} +{{- if .Values.audit.podLabels }} +{{- toYaml .Values.audit.podLabels }} +{{- end }} +{{- end -}} + + {{/* Mandatory labels */}} diff --git a/manifest_staging/charts/gatekeeper/templates/gatekeeper-audit-deployment.yaml b/manifest_staging/charts/gatekeeper/templates/gatekeeper-audit-deployment.yaml index 693bfd15aba..e3c82b851fc 100644 --- a/manifest_staging/charts/gatekeeper/templates/gatekeeper-audit-deployment.yaml +++ b/manifest_staging/charts/gatekeeper/templates/gatekeeper-audit-deployment.yaml @@ -35,6 +35,7 @@ spec: {{- end }} labels: {{- include "gatekeeper.podLabels" . | nindent 8 }} + {{- include "audit.podLabels" . | nindent 8 }} {{- include "gatekeeper.commonLabels" . | nindent 8 }} app: '{{ template "gatekeeper.name" . }}' chart: '{{ template "gatekeeper.name" . }}' diff --git a/manifest_staging/charts/gatekeeper/templates/gatekeeper-controller-manager-deployment.yaml b/manifest_staging/charts/gatekeeper/templates/gatekeeper-controller-manager-deployment.yaml index d0e1077b71d..09aff673179 100644 --- a/manifest_staging/charts/gatekeeper/templates/gatekeeper-controller-manager-deployment.yaml +++ b/manifest_staging/charts/gatekeeper/templates/gatekeeper-controller-manager-deployment.yaml @@ -37,6 +37,7 @@ spec: {{- end }} labels: {{- include "gatekeeper.podLabels" . | nindent 8 }} + {{- include "controllerManager.podLabels" . | nindent 8 }} {{- include "gatekeeper.commonLabels" . | nindent 8 }} app: '{{ template "gatekeeper.name" . }}' chart: '{{ template "gatekeeper.name" . }}' diff --git a/manifest_staging/charts/gatekeeper/values.yaml b/manifest_staging/charts/gatekeeper/values.yaml index ada3e5ce541..76862de9a3b 100644 --- a/manifest_staging/charts/gatekeeper/values.yaml +++ b/manifest_staging/charts/gatekeeper/values.yaml @@ -186,6 +186,7 @@ controllerManager: clientCertName: "" strategyType: RollingUpdate strategyRollingUpdate: {} + podLabels: {} affinity: podAntiAffinity: preferredDuringSchedulingIgnoredDuringExecution: @@ -241,6 +242,7 @@ audit: livenessTimeout: 1 priorityClassName: system-cluster-critical disableCertRotation: false + podLabels: {} affinity: {} tolerations: [] nodeSelector: {kubernetes.io/os: linux}