diff --git a/cmd/build/helmify/main.go b/cmd/build/helmify/main.go index b64858f876b..1785387cb09 100644 --- a/cmd/build/helmify/main.go +++ b/cmd/build/helmify/main.go @@ -132,19 +132,17 @@ func (ks *kindSet) Write() error { } if name == "gatekeeper-controller-manager" && kind == DeploymentKind { + obj = strings.Replace(obj, " labels:", " labels:\n {{- include \"gatekeeper.podLabels\" . | nindent 8 }}\n {{- include \"controllerManager.podLabels\" . | nindent 8 }}\n {{- include \"gatekeeper.commonLabels\" . | nindent 8 }}", 1) obj = strings.Replace(obj, " priorityClassName: system-cluster-critical", " {{- if .Values.controllerManager.priorityClassName }}\n priorityClassName: {{ .Values.controllerManager.priorityClassName }}\n {{- end }}", 1) } if name == "gatekeeper-audit" && kind == DeploymentKind { obj = "{{- if not .Values.disableAudit }}\n" + obj + "{{- end }}\n" + obj = strings.Replace(obj, " labels:", " labels:\n {{- include \"gatekeeper.podLabels\" . | nindent 8 }}\n {{- include \"audit.podLabels\" . | nindent 8 }}\n {{- include \"gatekeeper.commonLabels\" . | nindent 8 }}", 1) obj = strings.Replace(obj, " priorityClassName: system-cluster-critical", " {{- if .Values.audit.priorityClassName }}\n priorityClassName: {{ .Values.audit.priorityClassName }}\n {{- end }}", 1) obj = strings.Replace(obj, " - emptyDir: {}", " {{- if .Values.audit.writeToRAMDisk }}\n - emptyDir:\n medium: Memory\n {{ else }}\n - emptyDir: {}\n {{- end }}", 1) } - if kind == DeploymentKind { - obj = strings.Replace(obj, " labels:", " labels:\n {{- include \"gatekeeper.podLabels\" . | nindent 8 }}\n {{- include \"gatekeeper.commonLabels\" . | nindent 8 }}", 1) - } - if name == "gatekeeper-manager-role" && kind == "Role" { obj += "{{- with .Values.controllerManager.extraRules }}\n {{- toYaml . | nindent 0 }}\n{{- end }}\n" } diff --git a/cmd/build/helmify/static/README.md b/cmd/build/helmify/static/README.md index 0a69ba9e758..bcf60ba5d0d 100644 --- a/cmd/build/helmify/static/README.md +++ b/cmd/build/helmify/static/README.md @@ -177,6 +177,7 @@ information._ | image.pullSecrets | Specify an array of imagePullSecrets | `[]` | | resources | The resource request/limits for the container image | limits: 1 CPU, 512Mi, requests: 100mCPU, 256Mi | | nodeSelector | The node selector to use for pod scheduling | `kubernetes.io/os: linux` | +| controllerManager.podLabels | The labels to add to the controller manager pod | `{}` | | controllerManager.affinity | The node affinity to use for controller manager pod scheduling | `{}` | | controllerManager.topologySpreadConstraints | The topology spread constraints to use for controller manager pod scheduling | `[]` | | controllerManager.tolerations | The tolerations to use for controller manager pod scheduling | `[]` | @@ -198,6 +199,7 @@ information._ | controllerManager.networkPolicy.enabled | Should a network policy for the controller manager be created | `false` | | controllerManager.networkPolicy.ingress | Additional ingress rules to be added to the controller manager network policy | `{}` | | controllerManager.strategyType | The strategy type to use for Controller Manager deployment | `RollingUpdate` | +| audit.podLabels | The labels to add to the audit pod | `{}` | | audit.affinity | The node affinity to use for audit pod scheduling | `{}` | | audit.topologySpreadConstraints | The topology spread constraints to use for audit pod scheduling | `[]` | | audit.tolerations | The tolerations to use for audit pod scheduling | `[]` | diff --git a/cmd/build/helmify/static/templates/_helpers.tpl b/cmd/build/helmify/static/templates/_helpers.tpl index 785d9912656..c8ffb260489 100644 --- a/cmd/build/helmify/static/templates/_helpers.tpl +++ b/cmd/build/helmify/static/templates/_helpers.tpl @@ -40,6 +40,25 @@ Adds additional pod labels to the common ones {{- end }} {{- end -}} +{{/* +Adds additional controller-manager pod labels to the common ones +*/}} +{{- define "controllerManager.podLabels" -}} +{{- if .Values.controllerManager.podLabels }} +{{- toYaml .Values.controllerManager.podLabels }} +{{- end }} +{{- end -}} + +{{/* +Adds additional audit pod labels to the common ones +*/}} +{{- define "audit.podLabels" -}} +{{- if .Values.audit.podLabels }} +{{- toYaml .Values.audit.podLabels }} +{{- end }} +{{- end -}} + + {{/* Mandatory labels */}} diff --git a/cmd/build/helmify/static/values.yaml b/cmd/build/helmify/static/values.yaml index ac84eabf1b4..5a735d57610 100644 --- a/cmd/build/helmify/static/values.yaml +++ b/cmd/build/helmify/static/values.yaml @@ -172,6 +172,7 @@ controllerManager: tlsMinVersion: 1.3 clientCertName: "" strategyType: RollingUpdate + podLabels: {} affinity: podAntiAffinity: preferredDuringSchedulingIgnoredDuringExecution: @@ -225,6 +226,7 @@ audit: livenessTimeout: 1 priorityClassName: system-cluster-critical disableCertRotation: false + podLabels: {} affinity: {} tolerations: [] nodeSelector: {kubernetes.io/os: linux} diff --git a/manifest_staging/charts/gatekeeper/README.md b/manifest_staging/charts/gatekeeper/README.md index 0a69ba9e758..bcf60ba5d0d 100644 --- a/manifest_staging/charts/gatekeeper/README.md +++ b/manifest_staging/charts/gatekeeper/README.md @@ -177,6 +177,7 @@ information._ | image.pullSecrets | Specify an array of imagePullSecrets | `[]` | | resources | The resource request/limits for the container image | limits: 1 CPU, 512Mi, requests: 100mCPU, 256Mi | | nodeSelector | The node selector to use for pod scheduling | `kubernetes.io/os: linux` | +| controllerManager.podLabels | The labels to add to the controller manager pod | `{}` | | controllerManager.affinity | The node affinity to use for controller manager pod scheduling | `{}` | | controllerManager.topologySpreadConstraints | The topology spread constraints to use for controller manager pod scheduling | `[]` | | controllerManager.tolerations | The tolerations to use for controller manager pod scheduling | `[]` | @@ -198,6 +199,7 @@ information._ | controllerManager.networkPolicy.enabled | Should a network policy for the controller manager be created | `false` | | controllerManager.networkPolicy.ingress | Additional ingress rules to be added to the controller manager network policy | `{}` | | controllerManager.strategyType | The strategy type to use for Controller Manager deployment | `RollingUpdate` | +| audit.podLabels | The labels to add to the audit pod | `{}` | | audit.affinity | The node affinity to use for audit pod scheduling | `{}` | | audit.topologySpreadConstraints | The topology spread constraints to use for audit pod scheduling | `[]` | | audit.tolerations | The tolerations to use for audit pod scheduling | `[]` | diff --git a/manifest_staging/charts/gatekeeper/templates/_helpers.tpl b/manifest_staging/charts/gatekeeper/templates/_helpers.tpl index 785d9912656..c8ffb260489 100644 --- a/manifest_staging/charts/gatekeeper/templates/_helpers.tpl +++ b/manifest_staging/charts/gatekeeper/templates/_helpers.tpl @@ -40,6 +40,25 @@ Adds additional pod labels to the common ones {{- end }} {{- end -}} +{{/* +Adds additional controller-manager pod labels to the common ones +*/}} +{{- define "controllerManager.podLabels" -}} +{{- if .Values.controllerManager.podLabels }} +{{- toYaml .Values.controllerManager.podLabels }} +{{- end }} +{{- end -}} + +{{/* +Adds additional audit pod labels to the common ones +*/}} +{{- define "audit.podLabels" -}} +{{- if .Values.audit.podLabels }} +{{- toYaml .Values.audit.podLabels }} +{{- end }} +{{- end -}} + + {{/* Mandatory labels */}} diff --git a/manifest_staging/charts/gatekeeper/templates/gatekeeper-audit-deployment.yaml b/manifest_staging/charts/gatekeeper/templates/gatekeeper-audit-deployment.yaml index 77da1a4531a..582f5c6a3b7 100644 --- a/manifest_staging/charts/gatekeeper/templates/gatekeeper-audit-deployment.yaml +++ b/manifest_staging/charts/gatekeeper/templates/gatekeeper-audit-deployment.yaml @@ -35,6 +35,7 @@ spec: {{- end }} labels: {{- include "gatekeeper.podLabels" . | nindent 8 }} + {{- include "audit.podLabels" . | nindent 8 }} {{- include "gatekeeper.commonLabels" . | nindent 8 }} app: '{{ template "gatekeeper.name" . }}' chart: '{{ template "gatekeeper.name" . }}' diff --git a/manifest_staging/charts/gatekeeper/templates/gatekeeper-controller-manager-deployment.yaml b/manifest_staging/charts/gatekeeper/templates/gatekeeper-controller-manager-deployment.yaml index df9807a6d96..9fb04c72bba 100644 --- a/manifest_staging/charts/gatekeeper/templates/gatekeeper-controller-manager-deployment.yaml +++ b/manifest_staging/charts/gatekeeper/templates/gatekeeper-controller-manager-deployment.yaml @@ -33,6 +33,7 @@ spec: {{- end }} labels: {{- include "gatekeeper.podLabels" . | nindent 8 }} + {{- include "controllerManager.podLabels" . | nindent 8 }} {{- include "gatekeeper.commonLabels" . | nindent 8 }} app: '{{ template "gatekeeper.name" . }}' chart: '{{ template "gatekeeper.name" . }}' diff --git a/manifest_staging/charts/gatekeeper/values.yaml b/manifest_staging/charts/gatekeeper/values.yaml index ac84eabf1b4..5a735d57610 100644 --- a/manifest_staging/charts/gatekeeper/values.yaml +++ b/manifest_staging/charts/gatekeeper/values.yaml @@ -172,6 +172,7 @@ controllerManager: tlsMinVersion: 1.3 clientCertName: "" strategyType: RollingUpdate + podLabels: {} affinity: podAntiAffinity: preferredDuringSchedulingIgnoredDuringExecution: @@ -225,6 +226,7 @@ audit: livenessTimeout: 1 priorityClassName: system-cluster-critical disableCertRotation: false + podLabels: {} affinity: {} tolerations: [] nodeSelector: {kubernetes.io/os: linux}