From f203fe51dbcc2b6da3d3d5ea8a1715aad0eb1a1e Mon Sep 17 00:00:00 2001 From: "Federico M. Facca" Date: Thu, 19 Oct 2023 08:45:45 +0200 Subject: [PATCH] feat(helm): support annotations for certgen resources (#1996) * support annotations for certgen resources * support annotations for certgen resources * support configuration for certgen job ttlSecondsAfterFinished Signed-off-by: Federico M. Facca * apply review Signed-off-by: Federico M. Facca * update helm chart docs Signed-off-by: Federico M. Facca * apply comments Signed-off-by: Federico M. Facca --------- Signed-off-by: Federico M. Facca --- .../gateway-helm/templates/certgen-rbac.yaml | 18 ++++++++++++++++++ charts/gateway-helm/templates/certgen.yaml | 7 ++++++- charts/gateway-helm/values.tmpl.yaml | 8 ++++++++ site/content/en/latest/install/api.md | 4 ++++ 4 files changed, 36 insertions(+), 1 deletion(-) diff --git a/charts/gateway-helm/templates/certgen-rbac.yaml b/charts/gateway-helm/templates/certgen-rbac.yaml index ff805dad3db..81bf1a820b8 100644 --- a/charts/gateway-helm/templates/certgen-rbac.yaml +++ b/charts/gateway-helm/templates/certgen-rbac.yaml @@ -5,8 +5,14 @@ metadata: namespace: '{{ .Release.Namespace }}' labels: {{- include "eg.labels" . | nindent 4 }} + {{- if .Values.certgen.rbac.labels }} + {{- toYaml .Values.certgen.rbac.labels | nindent 4 }} + {{- end }} annotations: "helm.sh/hook": pre-install + {{- if .Values.certgen.rbac.annotations }} + {{- toYaml .Values.certgen.rbac.annotations | nindent 4 -}} + {{- end }} --- apiVersion: rbac.authorization.k8s.io/v1 kind: Role @@ -15,8 +21,14 @@ metadata: namespace: '{{ .Release.Namespace }}' labels: {{- include "eg.labels" . | nindent 4 }} + {{- if .Values.certgen.rbac.labels }} + {{- toYaml .Values.certgen.rbac.labels | nindent 4 }} + {{- end }} annotations: "helm.sh/hook": pre-install + {{- if .Values.certgen.rbac.annotations }} + {{- toYaml .Values.certgen.rbac.annotations | nindent 4 -}} + {{- end }} rules: - apiGroups: - "" @@ -34,8 +46,14 @@ metadata: namespace: '{{ .Release.Namespace }}' labels: {{- include "eg.labels" . | nindent 4 }} + {{- if .Values.certgen.rbac.labels }} + {{- toYaml .Values.certgen.rbac.labels | nindent 4 }} + {{- end }} annotations: "helm.sh/hook": pre-install + {{- if .Values.certgen.rbac.annotations }} + {{- toYaml .Values.certgen.rbac.annotations | nindent 4 -}} + {{- end }} roleRef: apiGroup: rbac.authorization.k8s.io kind: Role diff --git a/charts/gateway-helm/templates/certgen.yaml b/charts/gateway-helm/templates/certgen.yaml index c1e9b16fd6d..4d49597fec0 100644 --- a/charts/gateway-helm/templates/certgen.yaml +++ b/charts/gateway-helm/templates/certgen.yaml @@ -7,6 +7,9 @@ metadata: {{- include "eg.labels" . | nindent 4 }} annotations: "helm.sh/hook": pre-install + {{- if .Values.certgen.job.annotations }} + {{- toYaml .Values.certgen.job.annotations | nindent 4 -}} + {{- end }} spec: backoffLimit: 1 completions: 1 @@ -37,4 +40,6 @@ spec: runAsNonRoot: true runAsUser: 65534 serviceAccountName: {{ include "eg.fullname" . }}-certgen - ttlSecondsAfterFinished: 0 + {{- if not ( kindIs "invalid" .Values.certgen.job.ttlSecondsAfterFinished) }} + ttlSecondsAfterFinished: {{ .Values.certgen.job.ttlSecondsAfterFinished }} + {{- end }} diff --git a/charts/gateway-helm/values.tmpl.yaml b/charts/gateway-helm/values.tmpl.yaml index 5dc0e579af0..d4836f96c79 100644 --- a/charts/gateway-helm/values.tmpl.yaml +++ b/charts/gateway-helm/values.tmpl.yaml @@ -55,3 +55,11 @@ envoyGatewayMetricsService: createNamespace: false kubernetesClusterDomain: cluster.local + +certgen: + job: + annotations: {} + ttlSecondsAfterFinished: 0 + rbac: + annotations: {} + labels: {} diff --git a/site/content/en/latest/install/api.md b/site/content/en/latest/install/api.md index 857a0081735..d1a2b660189 100644 --- a/site/content/en/latest/install/api.md +++ b/site/content/en/latest/install/api.md @@ -24,6 +24,10 @@ The Helm chart for Envoy Gateway | Key | Type | Default | Description | |-----|------|---------|-------------| +| certgen.job.annotations | object | `{}` | | +| certgen.job.ttlSecondsAfterFinished | int | `0` | | +| certgen.rbac.annotations | object | `{}` | | +| certgen.rbac.labels | object | `{}` | | | config.envoyGateway.gateway.controllerName | string | `"gateway.envoyproxy.io/gatewayclass-controller"` | | | config.envoyGateway.logging.level.default | string | `"info"` | | | config.envoyGateway.provider.type | string | `"Kubernetes"` | |