From 649ea19df45bcaa7f1292de3e8aa04b31ddd8cf7 Mon Sep 17 00:00:00 2001 From: Cian Johnston Date: Fri, 10 Dec 2021 16:27:36 +0000 Subject: [PATCH 1/2] feat: allow specifying extra labels on the coderd deployment --- README.md | 3 ++- templates/coderd.yaml | 3 +++ values.yaml | 3 +++ 3 files changed, 8 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index ace5100d..fc53c75d 100644 --- a/README.md +++ b/README.md @@ -25,12 +25,13 @@ View [our docs](https://coder.com/docs/setup/installation) for detailed installa | certs | object | Certificate that will be mounted inside Coder services. | `{"secret":{"key":"","name":""}}` | | certs.secret.key | string | Key pointing to a certificate in the secret. | `""` | | certs.secret.name | string | Name of the secret. | `""` | -| coderd | object | Primary service responsible for all things Coder! | `{"affinity":{"podAntiAffinity":{"preferredDuringSchedulingIgnoredDuringExecution":[{"podAffinityTerm":{"labelSelector":{"matchExpressions":[{"key":"app.kubernetes.io/name","operator":"In","values":["coderd"]}]},"topologyKey":"kubernetes.io/hostname"},"weight":1}]}},"builtinProviderServiceAccount":{"annotations":{},"labels":{}},"devurlsHost":"","image":"","oidc":{"enableRefresh":false,"redirectOptions":{}},"podSecurityContext":{"runAsGroup":1000,"runAsNonRoot":true,"runAsUser":1000,"seccompProfile":{"type":"RuntimeDefault"}},"replicas":1,"resources":{"limits":{"cpu":"250m","memory":"512Mi"},"requests":{"cpu":"250m","memory":"512Mi"}},"satellite":{"accessURL":"","enable":false,"primaryURL":""},"securityContext":{"allowPrivilegeEscalation":false,"readOnlyRootFilesystem":true,"runAsGroup":1000,"runAsNonRoot":true,"runAsUser":1000,"seccompProfile":{"type":"RuntimeDefault"}},"serviceAnnotations":{},"serviceNodePorts":{"http":null,"https":null},"serviceSpec":{"externalTrafficPolicy":"Local","loadBalancerIP":"","loadBalancerSourceRanges":[],"type":"LoadBalancer"},"superAdmin":{"passwordSecret":{"key":"password","name":""}},"tls":{"devurlsHostSecretName":"","hostSecretName":""},"trustProxyIP":false}` | +| coderd | object | Primary service responsible for all things Coder! | `{"affinity":{"podAntiAffinity":{"preferredDuringSchedulingIgnoredDuringExecution":[{"podAffinityTerm":{"labelSelector":{"matchExpressions":[{"key":"app.kubernetes.io/name","operator":"In","values":["coderd"]}]},"topologyKey":"kubernetes.io/hostname"},"weight":1}]}},"builtinProviderServiceAccount":{"annotations":{},"labels":{}},"devurlsHost":"","extraLabels":{},"image":"","oidc":{"enableRefresh":false,"redirectOptions":{}},"podSecurityContext":{"runAsGroup":1000,"runAsNonRoot":true,"runAsUser":1000,"seccompProfile":{"type":"RuntimeDefault"}},"replicas":1,"resources":{"limits":{"cpu":"250m","memory":"512Mi"},"requests":{"cpu":"250m","memory":"512Mi"}},"satellite":{"accessURL":"","enable":false,"primaryURL":""},"securityContext":{"allowPrivilegeEscalation":false,"readOnlyRootFilesystem":true,"runAsGroup":1000,"runAsNonRoot":true,"runAsUser":1000,"seccompProfile":{"type":"RuntimeDefault"}},"serviceAnnotations":{},"serviceNodePorts":{"http":null,"https":null},"serviceSpec":{"externalTrafficPolicy":"Local","loadBalancerIP":"","loadBalancerSourceRanges":[],"type":"LoadBalancer"},"superAdmin":{"passwordSecret":{"key":"password","name":""}},"tls":{"devurlsHostSecretName":"","hostSecretName":""},"trustProxyIP":false}` | | coderd.affinity | object | Allows specifying an affinity rule for the `coderd` deployment. The default rule prefers to schedule coderd pods on different nodes, which is only applicable if coderd.replicas is greater than 1. | `{"podAntiAffinity":{"preferredDuringSchedulingIgnoredDuringExecution":[{"podAffinityTerm":{"labelSelector":{"matchExpressions":[{"key":"app.kubernetes.io/name","operator":"In","values":["coderd"]}]},"topologyKey":"kubernetes.io/hostname"},"weight":1}]}}` | | coderd.builtinProviderServiceAccount | object | Customize the built-in Kubernetes provider service account. | `{"annotations":{},"labels":{}}` | | coderd.builtinProviderServiceAccount.annotations | object | A KV mapping of annotations. See: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ | `{}` | | coderd.builtinProviderServiceAccount.labels | object | Add labels to the service account used for the built-in provider. | `{}` | | coderd.devurlsHost | string | Wildcard hostname to allow matching against custom-created dev URLs. Leaving as an empty string results in DevURLs being disabled. | `""` | +| coderd.extraLabels | object | Allows specifying additional labels to pods in the `coderd` deployment (.spec.template.metadata.labels). | `{}` | | coderd.image | string | Injected by Coder during release. | `""` | | coderd.podSecurityContext | object | Fields related to the pod's security context (as opposed to the container). Some fields are also present in the container security context, which will take precedence over these values. | `{"runAsGroup":1000,"runAsNonRoot":true,"runAsUser":1000,"seccompProfile":{"type":"RuntimeDefault"}}` | | coderd.podSecurityContext.runAsGroup | int | Sets the group id of the pod. For security reasons, we recommend using a non-root group. | `1000` | diff --git a/templates/coderd.yaml b/templates/coderd.yaml index a4b9af25..fd9cb835 100644 --- a/templates/coderd.yaml +++ b/templates/coderd.yaml @@ -27,6 +27,9 @@ spec: app.kubernetes.io/part-of: coder app: {{ include "coder.serviceName" . }} coder.deployment: {{ include "coder.serviceName" . }} + {{- with .Values.coderd.extraLabels -}} + {{ toYaml . | nindent 8 }} + {{- end }} annotations: {{ toYaml .Values.services.annotations | nindent 8 }} spec: securityContext: {{ toYaml .Values.coderd.podSecurityContext | nindent 8 }} diff --git a/values.yaml b/values.yaml index e0f84583..bf99871a 100644 --- a/values.yaml +++ b/values.yaml @@ -165,6 +165,9 @@ coderd: # contains the super admin password. key: "password" + # coderd.extraLabels -- Allows specifying additional labels to pods in the + # `coderd` deployment (.spec.template.metadata.labels). + extraLabels: {} # coderd.affinity -- Allows specifying an affinity rule for the `coderd` # deployment. The default rule prefers to schedule coderd pods on different # nodes, which is only applicable if coderd.replicas is greater than 1. From 145e32ca7ab0a52febdafacf13ba9372fe827965 Mon Sep 17 00:00:00 2001 From: Cian Johnston Date: Fri, 10 Dec 2021 17:15:54 +0000 Subject: [PATCH 2/2] chore: add unit test for coderd deployment labels --- tests/deployment_test.go | 38 ++++++++++++++++++++++++++++++++++++++ tests/values.go | 1 + 2 files changed, 39 insertions(+) create mode 100644 tests/deployment_test.go diff --git a/tests/deployment_test.go b/tests/deployment_test.go new file mode 100644 index 00000000..79fb00de --- /dev/null +++ b/tests/deployment_test.go @@ -0,0 +1,38 @@ +package tests + +import ( + "testing" + + "github.com/stretchr/testify/require" +) + +func TestDeployment(t *testing.T) { + t.Parallel() + + t.Run("Labels", func(t *testing.T) { + var ( + expectedLabels = map[string]string{ + "app": "coderd", + "app.kubernetes.io/name": "coderd", + "app.kubernetes.io/part-of": "coder", + "coder.deployment": "coderd", + } + extraLabels = map[string]string{ + "foo": "bar", + } + + objs = LoadChart(t).MustRender(t, func(cv *CoderValues) { + cv.Coderd.ExtraLabels = extraLabels + }) + coderd = MustFindDeployment(t, objs, "coderd") + ) + + for k, v := range extraLabels { + if _, found := expectedLabels[k]; !found { + expectedLabels[k] = v + } + } + + require.EqualValues(t, expectedLabels, coderd.Spec.Template.Labels) + }) +} diff --git a/tests/values.go b/tests/values.go index a2858389..7c378bbf 100644 --- a/tests/values.go +++ b/tests/values.go @@ -89,6 +89,7 @@ type CoderdValues struct { OIDC *CoderdOIDCValues `json:"oidc" yaml:"oidc"` SuperAdmin *CoderdSuperAdminValues `json:"superAdmin" yaml:"superAdmin"` Affinity *corev1.Affinity `json:"affinity" yaml:"affinity"` + ExtraLabels map[string]string `json:"extraLabels" yaml:"extraLabels"` } // CoderdServiceNodePortsValues reflect values from