Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: separate podlabels in controller-manager and audit deployment #3378

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

feat: separate podlabels in controller-manager and audit deployment #3378

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
6 changes: 2 additions & 4 deletions cmd/build/helmify/main.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -132,19 +132,17 @@ func (ks *kindSet) Write() error {
}

if name == "gatekeeper-controller-manager" && kind == DeploymentKind {
obj = strings.Replace(obj, " labels:", " labels:\n {{- include \"gatekeeper.podLabels\" . | nindent 8 }}\n {{- include \"controllerManager.podLabels\" . | nindent 8 }}\n {{- include \"gatekeeper.commonLabels\" . | nindent 8 }}", 1)
obj = strings.Replace(obj, " priorityClassName: system-cluster-critical", " {{- if .Values.controllerManager.priorityClassName }}\n priorityClassName: {{ .Values.controllerManager.priorityClassName }}\n {{- end }}", 1)
}

if name == "gatekeeper-audit" && kind == DeploymentKind {
obj = "{{- if not .Values.disableAudit }}\n" + obj + "{{- end }}\n"
obj = strings.Replace(obj, " labels:", " labels:\n {{- include \"gatekeeper.podLabels\" . | nindent 8 }}\n {{- include \"audit.podLabels\" . | nindent 8 }}\n {{- include \"gatekeeper.commonLabels\" . | nindent 8 }}", 1)
obj = strings.Replace(obj, " priorityClassName: system-cluster-critical", " {{- if .Values.audit.priorityClassName }}\n priorityClassName: {{ .Values.audit.priorityClassName }}\n {{- end }}", 1)
obj = strings.Replace(obj, " - emptyDir: {}", " {{- if .Values.audit.writeToRAMDisk }}\n - emptyDir:\n medium: Memory\n {{ else }}\n - emptyDir: {}\n {{- end }}", 1)
}

if kind == DeploymentKind {
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for the PR @bobertrublik! We need to ensure backward compatibilities as to not break existing things users might be using and reduce developer toil. can you pls bring back all the existing podLabels and add support for new audit and controller manager podLabels?

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Of course, I'm just a little unsure how to approach this. Are you saying that I should readd the .Values.podLabels field to ensure backward compatibility? Are the labels set there added to all pods and we can additionally set the .Values.controllerManager.podLabels and .Values.audit.podLabels to add specific ones?

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

yes, Pod can have many labels. Please restore the existing values.podLabels field to ensure backward compatibility. Then add the new labels.

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I restored .values.podLabels and kept .Values.controllerManager.podLabels and .Values.audit.podLabels. 🙂

obj = strings.Replace(obj, " labels:", " labels:\n {{- include \"gatekeeper.podLabels\" . | nindent 8 }}\n {{- include \"gatekeeper.commonLabels\" . | nindent 8 }}", 1)
}

if name == "gatekeeper-manager-role" && kind == "Role" {
obj += "{{- with .Values.controllerManager.extraRules }}\n {{- toYaml . | nindent 0 }}\n{{- end }}\n"
}
Expand Down
2 changes: 2 additions & 0 deletions cmd/build/helmify/static/README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -177,6 +177,7 @@ information._
| image.pullSecrets | Specify an array of imagePullSecrets | `[]` |
| resources | The resource request/limits for the container image | limits: 1 CPU, 512Mi, requests: 100mCPU, 256Mi |
| nodeSelector | The node selector to use for pod scheduling | `kubernetes.io/os: linux` |
| controllerManager.podLabels | The labels to add to the controller manager pod | `{}` |
| controllerManager.affinity | The node affinity to use for controller manager pod scheduling | `{}` |
| controllerManager.topologySpreadConstraints | The topology spread constraints to use for controller manager pod scheduling | `[]` |
| controllerManager.tolerations | The tolerations to use for controller manager pod scheduling | `[]` |
Expand All @@ -198,6 +199,7 @@ information._
| controllerManager.networkPolicy.enabled | Should a network policy for the controller manager be created | `false` |
| controllerManager.networkPolicy.ingress | Additional ingress rules to be added to the controller manager network policy | `{}` |
| controllerManager.strategyType | The strategy type to use for Controller Manager deployment | `RollingUpdate` |
| audit.podLabels | The labels to add to the audit pod | `{}` |
| audit.affinity | The node affinity to use for audit pod scheduling | `{}` |
| audit.topologySpreadConstraints | The topology spread constraints to use for audit pod scheduling | `[]` |
| audit.tolerations | The tolerations to use for audit pod scheduling | `[]` |
Expand Down
19 changes: 19 additions & 0 deletions cmd/build/helmify/static/templates/_helpers.tpl
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -40,6 +40,25 @@ Adds additional pod labels to the common ones
{{- end }}
{{- end -}}

{{/*
Adds additional controller-manager pod labels to the common ones
*/}}
{{- define "controllerManager.podLabels" -}}
{{- if .Values.controllerManager.podLabels }}
{{- toYaml .Values.controllerManager.podLabels }}
{{- end }}
{{- end -}}

{{/*
Adds additional audit pod labels to the common ones
*/}}
{{- define "audit.podLabels" -}}
{{- if .Values.audit.podLabels }}
{{- toYaml .Values.audit.podLabels }}
{{- end }}
{{- end -}}


{{/*
Mandatory labels
*/}}
Expand Down
2 changes: 2 additions & 0 deletions cmd/build/helmify/static/values.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -172,6 +172,7 @@ controllerManager:
tlsMinVersion: 1.3
clientCertName: ""
strategyType: RollingUpdate
podLabels: {}
affinity:
podAntiAffinity:
preferredDuringSchedulingIgnoredDuringExecution:
Expand Down Expand Up @@ -225,6 +226,7 @@ audit:
livenessTimeout: 1
priorityClassName: system-cluster-critical
disableCertRotation: false
podLabels: {}
affinity: {}
tolerations: []
nodeSelector: {kubernetes.io/os: linux}
Expand Down
2 changes: 2 additions & 0 deletions manifest_staging/charts/gatekeeper/README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -177,6 +177,7 @@ information._
| image.pullSecrets | Specify an array of imagePullSecrets | `[]` |
| resources | The resource request/limits for the container image | limits: 1 CPU, 512Mi, requests: 100mCPU, 256Mi |
| nodeSelector | The node selector to use for pod scheduling | `kubernetes.io/os: linux` |
| controllerManager.podLabels | The labels to add to the controller manager pod | `{}` |
| controllerManager.affinity | The node affinity to use for controller manager pod scheduling | `{}` |
| controllerManager.topologySpreadConstraints | The topology spread constraints to use for controller manager pod scheduling | `[]` |
| controllerManager.tolerations | The tolerations to use for controller manager pod scheduling | `[]` |
Expand All @@ -198,6 +199,7 @@ information._
| controllerManager.networkPolicy.enabled | Should a network policy for the controller manager be created | `false` |
| controllerManager.networkPolicy.ingress | Additional ingress rules to be added to the controller manager network policy | `{}` |
| controllerManager.strategyType | The strategy type to use for Controller Manager deployment | `RollingUpdate` |
| audit.podLabels | The labels to add to the audit pod | `{}` |
| audit.affinity | The node affinity to use for audit pod scheduling | `{}` |
| audit.topologySpreadConstraints | The topology spread constraints to use for audit pod scheduling | `[]` |
| audit.tolerations | The tolerations to use for audit pod scheduling | `[]` |
Expand Down
19 changes: 19 additions & 0 deletions manifest_staging/charts/gatekeeper/templates/_helpers.tpl
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -40,6 +40,25 @@ Adds additional pod labels to the common ones
{{- end }}
{{- end -}}

{{/*
Adds additional controller-manager pod labels to the common ones
*/}}
{{- define "controllerManager.podLabels" -}}
{{- if .Values.controllerManager.podLabels }}
{{- toYaml .Values.controllerManager.podLabels }}
{{- end }}
{{- end -}}

{{/*
Adds additional audit pod labels to the common ones
*/}}
{{- define "audit.podLabels" -}}
{{- if .Values.audit.podLabels }}
{{- toYaml .Values.audit.podLabels }}
{{- end }}
{{- end -}}


{{/*
Mandatory labels
*/}}
Expand Down
1 change: 1 addition & 0 deletions manifest_staging/charts/gatekeeper/templates/gatekeeper-audit-deployment.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -35,6 +35,7 @@ spec:
{{- end }}
labels:
{{- include "gatekeeper.podLabels" . | nindent 8 }}
{{- include "audit.podLabels" . | nindent 8 }}
{{- include "gatekeeper.commonLabels" . | nindent 8 }}
app: '{{ template "gatekeeper.name" . }}'
chart: '{{ template "gatekeeper.name" . }}'
Expand Down
1 change: 1 addition & 0 deletions manifest_staging/charts/gatekeeper/templates/gatekeeper-controller-manager-deployment.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -33,6 +33,7 @@ spec:
{{- end }}
labels:
{{- include "gatekeeper.podLabels" . | nindent 8 }}
{{- include "controllerManager.podLabels" . | nindent 8 }}
{{- include "gatekeeper.commonLabels" . | nindent 8 }}
app: '{{ template "gatekeeper.name" . }}'
chart: '{{ template "gatekeeper.name" . }}'
Expand Down
2 changes: 2 additions & 0 deletions manifest_staging/charts/gatekeeper/values.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -172,6 +172,7 @@ controllerManager:
tlsMinVersion: 1.3
clientCertName: ""
strategyType: RollingUpdate
podLabels: {}
affinity:
podAntiAffinity:
preferredDuringSchedulingIgnoredDuringExecution:
Expand Down Expand Up @@ -225,6 +226,7 @@ audit:
livenessTimeout: 1
priorityClassName: system-cluster-critical
disableCertRotation: false
podLabels: {}
affinity: {}
tolerations: []
nodeSelector: {kubernetes.io/os: linux}
Expand Down