From d001572546d34b614391b3ce6f5ac7e32e12441e Mon Sep 17 00:00:00 2001 From: Jesus Carrillo Date: Fri, 23 Jun 2023 12:17:14 -0700 Subject: [PATCH] helm chart: Add extra labels and annotations to pods and k8s resources Allow users to specify extra labels and annotations to pods and other k8s resources. --- charts/nebraska/Chart.yaml | 2 +- charts/nebraska/README.md | 4 ++++ charts/nebraska/templates/deployment.yaml | 11 ++++++++++- charts/nebraska/templates/ingress.yaml | 6 ++++++ charts/nebraska/templates/pvc.yaml | 9 +++++++++ charts/nebraska/templates/secrets.yaml | 7 +++++++ charts/nebraska/templates/service.yaml | 7 +++++++ charts/nebraska/templates/serviceaccount.yaml | 6 ++++++ charts/nebraska/templates/update-ingress.yaml | 7 +++++++ charts/nebraska/values.yaml | 9 +++++++++ 10 files changed, 66 insertions(+), 2 deletions(-) diff --git a/charts/nebraska/Chart.yaml b/charts/nebraska/Chart.yaml index af4b6c3fa..eabd40b3a 100644 --- a/charts/nebraska/Chart.yaml +++ b/charts/nebraska/Chart.yaml @@ -19,7 +19,7 @@ sources: maintainers: - name: kinvolk url: https://kinvolk.io/ -version: 1.0.0 +version: 1.0.1 appVersion: "2.8.0" dependencies: diff --git a/charts/nebraska/README.md b/charts/nebraska/README.md index 8910a2f86..d050391b6 100644 --- a/charts/nebraska/README.md +++ b/charts/nebraska/README.md @@ -36,6 +36,9 @@ $ helm install my-nebraska nebraska/nebraska | `strategy.rollingUpdate.maxSurge` | The maximum number of pods that can be scheduled above the desired number of pods (Only applies when `strategy.type` is `RollingUpdate`) | `nil` | | `strategy.rollingUpdate.maxUnavailable` | The maximum number of pods that can be unavailable during the update (Only applies when `strategy.type` is `RollingUpdate`) | `nil` | | `podAnnotations` | Annotations for pods | `nil` | +| `podLabels` | Labels for pods | `nil` | +| `extraAnnotations` | Extra annotations added to all k8s resources | `nil` | +| `extraLabels` | Extra labels added to all k8s resources | `nil` | | `podSecurityContext` | Holds pod-level security attributes and common container settings | Check `values.yaml` file | | `securityContext` | Security options the container should run with | `nil` | | `service.type` | Kubernetes Service type | `ClusterIP` | @@ -102,6 +105,7 @@ $ helm install my-nebraska nebraska/nebraska | `config.database.username` | PostgreSQL user | `{{ .Values.postgresql.postgresqlUsername }}` (evaluated as a template) | | `config.database.password` | PostgreSQL user password | `""` (evaluated as a template) | | `config.database.passwordExistingSecret.enabled` | Enables setting PostgreSQL user password via an existing secret | `true` | +| `config.database.sslMode | Use SSL for database connection | `disable` | | `config.database.passwordExistingSecret.name` | Name of the existing secret | `{{ .Release.Name }}-postgresql` (evaluated as a template) | | `config.database.passwordExistingSecret.key` | Key inside the existing secret containing the PostgreSQL user password | `postgres-password` | | `extraArgs` | Extra arguments to pass to Nebraska binary | `[]` | diff --git a/charts/nebraska/templates/deployment.yaml b/charts/nebraska/templates/deployment.yaml index a3c31b202..669f0ce37 100644 --- a/charts/nebraska/templates/deployment.yaml +++ b/charts/nebraska/templates/deployment.yaml @@ -2,12 +2,20 @@ {{- $host := .Values.config.database.host | default (include "nebraska.postgresql.fullname" .) }} {{- $port := .Values.config.database.port | toString }} {{- $user := ( tpl .Values.config.database.username . ) }} +{{- $sslMode := ( tpl .Values.config.database.sslMode . ) }} apiVersion: apps/v1 kind: Deployment metadata: name: {{ include "nebraska.fullname" . }} labels: {{- include "nebraska.labels" . | nindent 4 }} + {{- with .Values.extraLabels }} + {{- toYaml . | nindent 4 }} + {{- end }} + {{- with.Values.extraAnnotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} spec: replicas: {{ .Values.replicaCount }} revisionHistoryLimit: {{ .Values.revisionHistoryLimit }} @@ -24,6 +32,7 @@ spec: {{- end }} labels: {{- include "nebraska.selectorLabels" . | nindent 8 }} + {{ toYaml .Values.podLabels | nindent 8 }} spec: {{- with .Values.image.pullSecrets }} imagePullSecrets: @@ -137,7 +146,7 @@ spec: key: dbPassword {{- end }} - name: NEBRASKA_DB_URL - value: {{ printf "postgres://%s:$(DB_PASSWORD)@%s:%s/%s?sslmode=disable&connect_timeout=10" $user $host $port $db | quote }} + value: {{ printf "postgres://%s:$(DB_PASSWORD)@%s:%s/%s?sslmode=%s&connect_timeout=10" $user $host $port $db $sslMode | quote }} {{- if eq .Values.config.auth.mode "github" }} - name: "NEBRASKA_GITHUB_OAUTH_CLIENT_ID" value: "{{ .Values.config.auth.github.clientID }}" diff --git a/charts/nebraska/templates/ingress.yaml b/charts/nebraska/templates/ingress.yaml index 529e82764..b9ed77561 100644 --- a/charts/nebraska/templates/ingress.yaml +++ b/charts/nebraska/templates/ingress.yaml @@ -7,10 +7,16 @@ metadata: name: {{ $fullName }} labels: {{- include "nebraska.labels" . | nindent 4 }} + {{- with .Values.extraLabels }} + {{- toYaml . | nindent 4 }} + {{- end }} {{- with .Values.ingress.annotations }} annotations: {{- toYaml . | nindent 4 }} {{- end }} + {{- with.Values.extraAnnotations }} + {{- toYaml . | nindent 4 }} + {{- end }} spec: {{- if eq (include "nebraska.ingress.apiVersion" $) "networking.k8s.io/v1" }} {{- with .Values.ingress.ingressClassName }} diff --git a/charts/nebraska/templates/pvc.yaml b/charts/nebraska/templates/pvc.yaml index 9c00098d6..446b8ec1c 100644 --- a/charts/nebraska/templates/pvc.yaml +++ b/charts/nebraska/templates/pvc.yaml @@ -5,6 +5,15 @@ metadata: name: {{ include "nebraska.fullname" . }}-packages labels: {{- include "nebraska.labels" . | nindent 4 }} + {{ toYaml .Values.config.hostFlatcarPackages.persistence.labels | nindent 4 }} + {{- with .Values.extraLabels }} + {{- toYaml . | nindent 4 }} + {{- end }} + annotations: + {{ toYaml .Values.config.hostFlatcarPackages.persistence.annotations | nindent 4 }} + {{- with.Values.extraAnnotations }} + {{- toYaml . | nindent 4 }} + {{- end }} spec: accessModes: {{ .Values.config.hostFlatcarPackages.persistence.accessModes }} resources: diff --git a/charts/nebraska/templates/secrets.yaml b/charts/nebraska/templates/secrets.yaml index d00e3be6c..f04b3254d 100644 --- a/charts/nebraska/templates/secrets.yaml +++ b/charts/nebraska/templates/secrets.yaml @@ -8,6 +8,13 @@ metadata: name: {{ include "nebraska.fullname" . }} labels: {{- include "nebraska.labels" . | nindent 4 }} + {{- with .Values.extraLabels }} + {{- toYaml . | nindent 4 }} + {{- end }} + {{- with.Values.extraAnnotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} type: Opaque data: {{- if $useDbPassword }} diff --git a/charts/nebraska/templates/service.yaml b/charts/nebraska/templates/service.yaml index d5a3bb238..a8e061d98 100644 --- a/charts/nebraska/templates/service.yaml +++ b/charts/nebraska/templates/service.yaml @@ -4,6 +4,13 @@ metadata: name: {{ include "nebraska.fullname" . }} labels: {{- include "nebraska.labels" . | nindent 4 }} + {{- with .Values.extraLabels }} + {{- toYaml . | nindent 4 }} + {{- end }} + annotations: + {{- with.Values.extraAnnotations }} + {{- toYaml . | nindent 4 }} + {{- end }} spec: type: {{ .Values.service.type }} ports: diff --git a/charts/nebraska/templates/serviceaccount.yaml b/charts/nebraska/templates/serviceaccount.yaml index 8272e3bbc..b7b1a2f03 100644 --- a/charts/nebraska/templates/serviceaccount.yaml +++ b/charts/nebraska/templates/serviceaccount.yaml @@ -5,8 +5,14 @@ metadata: name: {{ include "nebraska.serviceAccountName" . }} labels: {{- include "nebraska.labels" . | nindent 4 }} + {{- with .Values.extraLabels }} + {{- toYaml . | nindent 4 }} + {{- end }} {{- with .Values.serviceAccount.annotations }} annotations: {{- toYaml . | nindent 4 }} {{- end }} + {{- with.Values.extraAnnotations }} + {{- toYaml | nindent 4 }} + {{- end }} {{- end }} diff --git a/charts/nebraska/templates/update-ingress.yaml b/charts/nebraska/templates/update-ingress.yaml index 99ee94180..6d6842996 100644 --- a/charts/nebraska/templates/update-ingress.yaml +++ b/charts/nebraska/templates/update-ingress.yaml @@ -7,10 +7,17 @@ metadata: name: {{ $fullName | trunc 56 | trimSuffix "-" }}-update labels: {{- include "nebraska.labels" . | nindent 4 }} + {{- with .Values.extraLabels }} + {{- toYaml . | nindent 4 }} + {{- end }} {{- with .Values.ingress.update.annotations }} annotations: {{- toYaml . | nindent 4 }} {{- end }} + {{- with.Values.extraAnnotations }} + {{- toYaml . | nindent 4 }} + {{- end }} + {{ toYaml .Values.extraAnnotations | nindent 4 }} spec: {{- if eq (include "nebraska.ingress.apiVersion" $) "networking.k8s.io/v1" }} {{- with .Values.ingress.update.ingressClassName }} diff --git a/charts/nebraska/values.yaml b/charts/nebraska/values.yaml index 87afd1f94..cd3e5f65c 100644 --- a/charts/nebraska/values.yaml +++ b/charts/nebraska/values.yaml @@ -34,6 +34,8 @@ config: packagesPath: /mnt/packages # nebraskaURL: http://flatcar.example.com persistence: + annotations: {} + labels: {} enabled: false storageClass: accessModes: @@ -73,6 +75,7 @@ config: dbname: '{{ .Values.postgresql.auth.database }}' username: '{{ .Values.postgresql.auth.username }}' password: "" + sslMode: disable passwordExistingSecret: enabled: true name: '{{ .Release.Name }}-postgresql' @@ -119,7 +122,13 @@ strategy: # maxSurge: 25% # maxUnavailable: 25% +# Extra labels and annotations to be set to pods podAnnotations: {} +podLabels: {} + +# Extra labels and annotations to be added to ALL resources +extraLabels: {} +extraAnnotations: {} podSecurityContext: runAsUser: 65534