coder · johnstcn · Dec 10, 2021 · Dec 10, 2021 · Dec 10, 2021
diff --git a/README.md b/README.md
@@ -25,12 +25,13 @@ View [our docs](https://coder.com/docs/setup/installation) for detailed installa
 | certs | object | Certificate that will be mounted inside Coder services. | `{"secret":{"key":"","name":""}}` |
 | certs.secret.key | string | Key pointing to a certificate in the secret. | `""` |
 | certs.secret.name | string | Name of the secret. | `""` |
-| coderd | object | Primary service responsible for all things Coder! | `{"affinity":{"podAntiAffinity":{"preferredDuringSchedulingIgnoredDuringExecution":[{"podAffinityTerm":{"labelSelector":{"matchExpressions":[{"key":"app.kubernetes.io/name","operator":"In","values":["coderd"]}]},"topologyKey":"kubernetes.io/hostname"},"weight":1}]}},"builtinProviderServiceAccount":{"annotations":{},"labels":{}},"devurlsHost":"","image":"","oidc":{"enableRefresh":false,"redirectOptions":{}},"podSecurityContext":{"runAsGroup":1000,"runAsNonRoot":true,"runAsUser":1000,"seccompProfile":{"type":"RuntimeDefault"}},"replicas":1,"resources":{"limits":{"cpu":"250m","memory":"512Mi"},"requests":{"cpu":"250m","memory":"512Mi"}},"satellite":{"accessURL":"","enable":false,"primaryURL":""},"securityContext":{"allowPrivilegeEscalation":false,"readOnlyRootFilesystem":true,"runAsGroup":1000,"runAsNonRoot":true,"runAsUser":1000,"seccompProfile":{"type":"RuntimeDefault"}},"serviceAnnotations":{},"serviceNodePorts":{"http":null,"https":null},"serviceSpec":{"externalTrafficPolicy":"Local","loadBalancerIP":"","loadBalancerSourceRanges":[],"type":"LoadBalancer"},"superAdmin":{"passwordSecret":{"key":"password","name":""}},"tls":{"devurlsHostSecretName":"","hostSecretName":""},"trustProxyIP":false}` |
+| coderd | object | Primary service responsible for all things Coder! | `{"affinity":{"podAntiAffinity":{"preferredDuringSchedulingIgnoredDuringExecution":[{"podAffinityTerm":{"labelSelector":{"matchExpressions":[{"key":"app.kubernetes.io/name","operator":"In","values":["coderd"]}]},"topologyKey":"kubernetes.io/hostname"},"weight":1}]}},"builtinProviderServiceAccount":{"annotations":{},"labels":{}},"devurlsHost":"","extraLabels":{},"image":"","oidc":{"enableRefresh":false,"redirectOptions":{}},"podSecurityContext":{"runAsGroup":1000,"runAsNonRoot":true,"runAsUser":1000,"seccompProfile":{"type":"RuntimeDefault"}},"replicas":1,"resources":{"limits":{"cpu":"250m","memory":"512Mi"},"requests":{"cpu":"250m","memory":"512Mi"}},"satellite":{"accessURL":"","enable":false,"primaryURL":""},"securityContext":{"allowPrivilegeEscalation":false,"readOnlyRootFilesystem":true,"runAsGroup":1000,"runAsNonRoot":true,"runAsUser":1000,"seccompProfile":{"type":"RuntimeDefault"}},"serviceAnnotations":{},"serviceNodePorts":{"http":null,"https":null},"serviceSpec":{"externalTrafficPolicy":"Local","loadBalancerIP":"","loadBalancerSourceRanges":[],"type":"LoadBalancer"},"superAdmin":{"passwordSecret":{"key":"password","name":""}},"tls":{"devurlsHostSecretName":"","hostSecretName":""},"trustProxyIP":false}` |
 | coderd.affinity | object | Allows specifying an affinity rule for the `coderd` deployment. The default rule prefers to schedule coderd pods on different nodes, which is only applicable if coderd.replicas is greater than 1. | `{"podAntiAffinity":{"preferredDuringSchedulingIgnoredDuringExecution":[{"podAffinityTerm":{"labelSelector":{"matchExpressions":[{"key":"app.kubernetes.io/name","operator":"In","values":["coderd"]}]},"topologyKey":"kubernetes.io/hostname"},"weight":1}]}}` |
 | coderd.builtinProviderServiceAccount | object | Customize the built-in Kubernetes provider service account. | `{"annotations":{},"labels":{}}` |
 | coderd.builtinProviderServiceAccount.annotations | object | A KV mapping of annotations. See: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ | `{}` |
 | coderd.builtinProviderServiceAccount.labels | object | Add labels to the service account used for the built-in provider. | `{}` |
 | coderd.devurlsHost | string | Wildcard hostname to allow matching against custom-created dev URLs. Leaving as an empty string results in DevURLs being disabled. | `""` |
+| coderd.extraLabels | object | Allows specifying additional labels to pods in the `coderd` deployment (.spec.template.metadata.labels). | `{}` |
 | coderd.image | string | Injected by Coder during release. | `""` |
 | coderd.podSecurityContext | object | Fields related to the pod's security context (as opposed to the container). Some fields are also present in the container security context, which will take precedence over these values. | `{"runAsGroup":1000,"runAsNonRoot":true,"runAsUser":1000,"seccompProfile":{"type":"RuntimeDefault"}}` |
 | coderd.podSecurityContext.runAsGroup | int | Sets the group id of the pod. For security reasons, we recommend using a non-root group. | `1000` |

diff --git a/templates/coderd.yaml b/templates/coderd.yaml
@@ -27,6 +27,9 @@ spec:
         app.kubernetes.io/part-of: coder
         app: {{ include "coder.serviceName" . }}
         coder.deployment: {{ include "coder.serviceName" . }}
+        {{- with .Values.coderd.extraLabels -}}
+        {{ toYaml . | nindent 8 }}
+        {{- end }}
       annotations: {{ toYaml .Values.services.annotations | nindent 8 }}
     spec:
       securityContext: {{ toYaml .Values.coderd.podSecurityContext | nindent 8 }}

diff --git a/tests/deployment_test.go b/tests/deployment_test.go
@@ -0,0 +1,38 @@
+package tests
+
+import (
+	"testing"
+
+	"github.com/stretchr/testify/require"
+)
+
+func TestDeployment(t *testing.T) {
+	t.Parallel()
+
+	t.Run("Labels", func(t *testing.T) {
+		var (
+			expectedLabels = map[string]string{
+				"app":                       "coderd",
+				"app.kubernetes.io/name":    "coderd",
+				"app.kubernetes.io/part-of": "coder",
+				"coder.deployment":          "coderd",
+			}
+			extraLabels = map[string]string{
+				"foo": "bar",
+			}
+
+			objs = LoadChart(t).MustRender(t, func(cv *CoderValues) {
+				cv.Coderd.ExtraLabels = extraLabels
+			})
+			coderd = MustFindDeployment(t, objs, "coderd")
+		)
+
+		for k, v := range extraLabels {
+			if _, found := expectedLabels[k]; !found {
+				expectedLabels[k] = v
+			}
+		}
+
+		require.EqualValues(t, expectedLabels, coderd.Spec.Template.Labels)
+	})
+}
diff --git a/tests/values.go b/tests/values.go
@@ -89,6 +89,7 @@ type CoderdValues struct {
 	OIDC                          *CoderdOIDCValues                          `json:"oidc" yaml:"oidc"`
 	SuperAdmin                    *CoderdSuperAdminValues                    `json:"superAdmin" yaml:"superAdmin"`
 	Affinity                      *corev1.Affinity                           `json:"affinity" yaml:"affinity"`
+	ExtraLabels                   map[string]string                          `json:"extraLabels" yaml:"extraLabels"`
 }
 
 // CoderdServiceNodePortsValues reflect values from

diff --git a/values.yaml b/values.yaml
@@ -165,6 +165,9 @@ coderd:
       # contains the super admin password.
       key: "password"
 
+  # coderd.extraLabels -- Allows specifying additional labels to pods in the
+  # `coderd` deployment (.spec.template.metadata.labels).
+  extraLabels: {}
   # coderd.affinity -- Allows specifying an affinity rule for the `coderd`
   # deployment. The default rule prefers to schedule coderd pods on different
   # nodes, which is only applicable if coderd.replicas is greater than 1.