helm chart: Add extra labels and annotations to pods and k8s resources

Allow users to specify extra labels and annotations to pods and other k8s resources.
flatcar · Jun 23, 2023 · 3c1bc77 · 3c1bc77
1 parent 3f95eeb
commit 3c1bc77
Show file tree

Hide file tree

Showing 9 changed files with 65 additions and 1 deletion.
diff --git a/charts/nebraska/README.md b/charts/nebraska/README.md
@@ -36,6 +36,9 @@ $ helm install my-nebraska nebraska/nebraska
 | `strategy.rollingUpdate.maxSurge` | The maximum number of pods that can be scheduled above the desired number of pods (Only applies when `strategy.type` is `RollingUpdate`) | `nil` |
 | `strategy.rollingUpdate.maxUnavailable` | The maximum number of pods that can be unavailable during the update (Only applies when `strategy.type` is `RollingUpdate`) | `nil` |
 | `podAnnotations` | Annotations for pods | `nil` |
+| `podLabels` | Labels for pods | `nil` |
+| `extraAnnotations` | Extra annotations added to all k8s resources | `nil` |
+| `extraLabels` | Extra labels added to all k8s resources | `nil` |
 | `podSecurityContext` | Holds pod-level security attributes and common container settings | Check `values.yaml` file |
 | `securityContext` | Security options the container should run with | `nil` |
 | `service.type` | Kubernetes Service type | `ClusterIP` |
@@ -102,6 +105,7 @@ $ helm install my-nebraska nebraska/nebraska
 | `config.database.username` | PostgreSQL user | `{{ .Values.postgresql.postgresqlUsername }}` (evaluated as a template) |
 | `config.database.password` | PostgreSQL user password | `""` (evaluated as a template) |
 | `config.database.passwordExistingSecret.enabled` | Enables setting PostgreSQL user password via an existing secret | `true` |
+| `config.database.sslMode | Use SSL for database connection | `disable` |
 | `config.database.passwordExistingSecret.name` | Name of the existing secret | `{{ .Release.Name }}-postgresql` (evaluated as a template) |
 | `config.database.passwordExistingSecret.key` | Key inside the existing secret containing the PostgreSQL user password | `postgres-password` |
 | `extraArgs` | Extra arguments to pass to Nebraska binary | `[]` |

diff --git a/charts/nebraska/templates/deployment.yaml b/charts/nebraska/templates/deployment.yaml
@@ -2,12 +2,20 @@
 {{- $host := .Values.config.database.host | default (include "nebraska.postgresql.fullname" .) }}
 {{- $port := .Values.config.database.port | toString }}
 {{- $user := ( tpl .Values.config.database.username . ) }}
+{{- $sslMode := ( tpl .Values.config.database.sslMode . ) }}
 apiVersion: apps/v1
 kind: Deployment
 metadata:
  name: {{ include "nebraska.fullname" . }}
  labels:
  {{- include "nebraska.labels" . | nindent 4 }}
+ {{- with .Values.extraLabels }}
+ {{- toYaml . | nindent 4 }}
+ {{- end }}
+ {{- with.Values.extraAnnotations }}
+ annotations:
+ {{- toYaml . | nindent 4 }}
+ {{- end }}
 spec:
  replicas: {{ .Values.replicaCount }}
  revisionHistoryLimit: {{ .Values.revisionHistoryLimit }}
@@ -24,6 +32,7 @@ spec:
  {{- end }}
  labels:
  {{- include "nebraska.selectorLabels" . | nindent 8 }}
+ {{ toYaml .Values.podLabels | nindent 8 }}
  spec:
  {{- with .Values.image.pullSecrets }}
  imagePullSecrets:
@@ -137,7 +146,7 @@ spec:
  key: dbPassword
  {{- end }}
  - name: NEBRASKA_DB_URL
- value: {{ printf "postgres://%s:$(DB_PASSWORD)@%s:%s/%s?sslmode=disable&connect_timeout=10" $user $host $port $db | quote }}
+ value: {{ printf "postgres://%s:$(DB_PASSWORD)@%s:%s/%s?sslmode=%s&connect_timeout=10" $user $host $port $db $sslMode | quote }}
  {{- if eq .Values.config.auth.mode "github" }}
  - name: "NEBRASKA_GITHUB_OAUTH_CLIENT_ID"
  value: "{{ .Values.config.auth.github.clientID }}"

diff --git a/charts/nebraska/templates/ingress.yaml b/charts/nebraska/templates/ingress.yaml
@@ -7,10 +7,16 @@ metadata:
  name: {{ $fullName }}
  labels:
  {{- include "nebraska.labels" . | nindent 4 }}
+ {{- with .Values.extraLabels }}
+ {{- toYaml . | nindent 4 }}
+ {{- end }}
  {{- with .Values.ingress.annotations }}
  annotations:
  {{- toYaml . | nindent 4 }}
  {{- end }}
+ {{- with.Values.extraAnnotations }}
+ {{- toYaml . | nindent 4 }}
+ {{- end }}
 spec:
  {{- if eq (include "nebraska.ingress.apiVersion" $) "networking.k8s.io/v1" }}
  {{- with .Values.ingress.ingressClassName }}

diff --git a/charts/nebraska/templates/pvc.yaml b/charts/nebraska/templates/pvc.yaml
@@ -5,6 +5,15 @@ metadata:
  name: {{ include "nebraska.fullname" . }}-packages
  labels:
  {{- include "nebraska.labels" . | nindent 4 }}
+ {{ toYaml .Values.config.hostFlatcarPackages.persistence.labels | nindent 4 }}
+ {{- with .Values.extraLabels }}
+ {{- toYaml . | nindent 4 }}
+ {{- end }}
+ annotations:
+ {{ toYaml .Values.config.hostFlatcarPackages.persistence.annotations | nindent 4 }}
+ {{- with.Values.extraAnnotations }}
+ {{- toYaml . | nindent 4 }}
+ {{- end }}
 spec:
  accessModes: {{ .Values.config.hostFlatcarPackages.persistence.accessModes }}
  resources:

diff --git a/charts/nebraska/templates/secrets.yaml b/charts/nebraska/templates/secrets.yaml
@@ -8,6 +8,13 @@ metadata:
  name: {{ include "nebraska.fullname" . }}
  labels:
  {{- include "nebraska.labels" . | nindent 4 }}
+ {{- with .Values.extraLabels }}
+ {{- toYaml . | nindent 4 }}
+ {{- end }}
+ {{- with.Values.extraAnnotations }}
+ annotations:
+ {{- toYaml . | nindent 4 }}
+ {{- end }}
 type: Opaque
 data:
  {{- if $useDbPassword }}

diff --git a/charts/nebraska/templates/service.yaml b/charts/nebraska/templates/service.yaml
@@ -4,6 +4,13 @@ metadata:
  name: {{ include "nebraska.fullname" . }}
  labels:
  {{- include "nebraska.labels" . | nindent 4 }}
+ {{- with .Values.extraLabels }}
+ {{- toYaml . | nindent 4 }}
+ {{- end }}
+ annotations:
+ {{- with.Values.extraAnnotations }}
+ {{- toYaml . | nindent 4 }}
+ {{- end }}
 spec:
  type: {{ .Values.service.type }}
  ports:

diff --git a/charts/nebraska/templates/serviceaccount.yaml b/charts/nebraska/templates/serviceaccount.yaml
@@ -5,8 +5,14 @@ metadata:
  name: {{ include "nebraska.serviceAccountName" . }}
  labels:
  {{- include "nebraska.labels" . | nindent 4 }}
+ {{- with .Values.extraLabels }}
+ {{- toYaml . | nindent 4 }}
+ {{- end }}
  {{- with .Values.serviceAccount.annotations }}
  annotations:
  {{- toYaml . | nindent 4 }}
  {{- end }}
+ {{- with.Values.extraAnnotations }}
+ {{- toYaml | nindent 4 }}
+ {{- end }}
 {{- end }}
diff --git a/charts/nebraska/templates/update-ingress.yaml b/charts/nebraska/templates/update-ingress.yaml
@@ -7,10 +7,17 @@ metadata:
  name: {{ $fullName | trunc 56 | trimSuffix "-" }}-update
  labels:
  {{- include "nebraska.labels" . | nindent 4 }}
+ {{- with .Values.extraLabels }}
+ {{- toYaml . | nindent 4 }}
+ {{- end }}
  {{- with .Values.ingress.update.annotations }}
  annotations:
  {{- toYaml . | nindent 4 }}
  {{- end }}
+ {{- with.Values.extraAnnotations }}
+ {{- toYaml . | nindent 4 }}
+ {{- end }}
+ {{ toYaml .Values.extraAnnotations | nindent 4 }}
 spec:
  {{- if eq (include "nebraska.ingress.apiVersion" $) "networking.k8s.io/v1" }}
  {{- with .Values.ingress.update.ingressClassName }}

diff --git a/charts/nebraska/values.yaml b/charts/nebraska/values.yaml
@@ -34,6 +34,8 @@ config:
  packagesPath: /mnt/packages
  # nebraskaURL: http://flatcar.example.com
  persistence:
+ annotations: {}
+ labels: {}
  enabled: false
  storageClass:
  accessModes:
@@ -73,6 +75,7 @@ config:
  dbname: '{{ .Values.postgresql.auth.database }}'
  username: '{{ .Values.postgresql.auth.username }}'
  password: ""
+ sslMode: disable
  passwordExistingSecret:
  enabled: true
  name: '{{ .Release.Name }}-postgresql'
@@ -119,7 +122,13 @@ strategy:
  # maxSurge: 25%
  # maxUnavailable: 25%
 
+# Extra labels and annotations to be set to pods
 podAnnotations: {}
+podLabels: {}
+
+# Extra labels and annotations to be added to ALL resources
+extraLabels: {}
+extraAnnotations: {}
 
 podSecurityContext:
  runAsUser: 65534