expose allowed container names in Helm chart values (#15)

danfromtitan · Aug 24, 2022 · 8fc258a · 8fc258a
1 parent afad8e3
commit 8fc258a
Show file tree

Hide file tree

Showing 5 changed files with 16 additions and 14 deletions.
diff --git a/.github/workflows/build-image.yml b/.github/workflows/build-image.yml
@@ -166,7 +166,8 @@ jobs:
       run: |
         IMAGE_TAG=latest
         [[ "${{contains(needs.build.result, 'success') }}" == "true" ]] && IMAGE_TAG=${{ needs.build.outputs.image-tag }}
-        helm install -n $NAMESPACE --create-namespace envars-webhook envars-webhook/envars-webhook --set image.tag="$IMAGE_TAG"
+        helm install -n $NAMESPACE --create-namespace envars-webhook envars-webhook/envars-webhook --set image.tag="$IMAGE_TAG" \
+          --set webhook.containersAllowed.ingester=true,webhook.containersAllowed.prober=true,webhook.containersAllowed.store-gateway=true
         until kubectl get pods -n $NAMESPACE | grep "Running" > /dev/null; do
           kubectl get pods -n $NAMESPACE | tail -n +2
           sleep 1

diff --git a/charts/envars-webhook/Chart.yaml b/charts/envars-webhook/Chart.yaml
@@ -3,4 +3,4 @@ name: envars-webhook
 description: Generate TLS cert and deploy the webhook
 type: application
 appVersion: "0.1.0"
-version: 0.1.4
+version: 0.1.5
diff --git a/charts/envars-webhook/README.md b/charts/envars-webhook/README.md
@@ -21,19 +21,15 @@ helm upgrade --install \
   --namespace $NAMESPACE \
   --create-namespace \
   envars-webhook envars-webhook/envars-webhook \
-  -f values.yaml
+  --set webhook.namespaceSelector=samples \
+  --set webhook.verboseLogs=true \
+  --set webhook.containersAllowed.ingester=true,webhook.containersAllowed.prober=true,webhook.containersAllowed.store-gateway=true
 ```
 
 
 ### Verification
 
-```bash
-NAMESPACE=webtest
-kubectl get secret -n $NAMESPACE envars-webhook-tls -o 'go-template={{index .data "tls.crt"}}' | base64 -d | openssl x509 -text -noout
-kubectl get pods -n $NAMESPACE
-kubectl logs -f -n $NAMESPACE pod-name
-kubectl get mutatingwebhookconfigurations envars-webhook -o yaml
-```
+Follow the notes in Helm deployment output to verify the deployment.
 
 
 ### Uninstall

diff --git a/charts/envars-webhook/templates/configmap.yaml b/charts/envars-webhook/templates/configmap.yaml
@@ -8,8 +8,8 @@ metadata:
 data:
   config.yml: |
     verboseLogs: {{ .Values.webhook.verboseLogs | default "false" }}
+    {{- with .Values.webhook.containersAllowed }}
     containersAllowed:
-      compactor: false
-      ingester: true
-      prober: true
-      store-gateway: true
+      {{- toYaml . | nindent 6 }}
+    {{- end }}
+      
diff --git a/charts/envars-webhook/values.yaml b/charts/envars-webhook/values.yaml
@@ -68,3 +68,8 @@ webhook:
   namespaceSelector: samples
   # Show the JSON body for requests and responses in webhook logs
   verboseLogs: false
+  # Map of container names allowed to receive node labels. False value or missing container name means node labels are not exposed.
+  containersAllowed:
+    ingester: false
+    prober: false
+    store-gateway: false