From 0952f3d660b4db5e32e82ef1af17699e735f5041 Mon Sep 17 00:00:00 2001 From: "Federico M. Facca" Date: Wed, 18 Oct 2023 14:01:20 +0200 Subject: [PATCH 1/4] support annotations for certgen resources * support annotations for certgen resources * support configuration for certgen job ttlSecondsAfterFinished Signed-off-by: Federico M. Facca --- charts/gateway-helm/templates/certgen-rbac.yaml | 15 +++++++++++++++ charts/gateway-helm/templates/certgen.yaml | 9 ++++++++- charts/gateway-helm/values.tmpl.yaml | 6 ++++++ 3 files changed, 29 insertions(+), 1 deletion(-) diff --git a/charts/gateway-helm/templates/certgen-rbac.yaml b/charts/gateway-helm/templates/certgen-rbac.yaml index ff805dad3db..2c34a9cadca 100644 --- a/charts/gateway-helm/templates/certgen-rbac.yaml +++ b/charts/gateway-helm/templates/certgen-rbac.yaml @@ -5,8 +5,13 @@ metadata: namespace: '{{ .Release.Namespace }}' labels: {{- include "eg.labels" . | nindent 4 }} + {{- if .Values.certgen.annotations.rbac }} + annotations: + {{- toYaml .Values.certgen.annotations.rbac | nindent 4 -}} + {{ else }} annotations: "helm.sh/hook": pre-install + {{- end }} --- apiVersion: rbac.authorization.k8s.io/v1 kind: Role @@ -15,8 +20,13 @@ metadata: namespace: '{{ .Release.Namespace }}' labels: {{- include "eg.labels" . | nindent 4 }} + {{- if .Values.certgen.annotations.rbac }} + annotations: + {{- toYaml .Values.certgen.annotations.rbac | nindent 4 -}} + {{ else }} annotations: "helm.sh/hook": pre-install + {{- end }} rules: - apiGroups: - "" @@ -34,8 +44,13 @@ metadata: namespace: '{{ .Release.Namespace }}' labels: {{- include "eg.labels" . | nindent 4 }} + {{- if .Values.certgen.annotations.rbac }} + annotations: + {{- toYaml .Values.certgen.annotations.rbac | nindent 4 -}} + {{ else }} annotations: "helm.sh/hook": pre-install + {{- end }} roleRef: apiGroup: rbac.authorization.k8s.io kind: Role diff --git a/charts/gateway-helm/templates/certgen.yaml b/charts/gateway-helm/templates/certgen.yaml index c1e9b16fd6d..987a3698476 100644 --- a/charts/gateway-helm/templates/certgen.yaml +++ b/charts/gateway-helm/templates/certgen.yaml @@ -5,8 +5,13 @@ metadata: namespace: '{{ .Release.Namespace }}' labels: {{- include "eg.labels" . | nindent 4 }} + {{- if .Values.certgen.annotations.job }} + annotations: + {{- toYaml .Values.certgen.annotations.job | nindent 4 -}} + {{ else }} annotations: "helm.sh/hook": pre-install + {{- end }} spec: backoffLimit: 1 completions: 1 @@ -37,4 +42,6 @@ spec: runAsNonRoot: true runAsUser: 65534 serviceAccountName: {{ include "eg.fullname" . }}-certgen - ttlSecondsAfterFinished: 0 + {{- if not ( kindIs "invalid" .Values.certgen.ttlSecondsAfterFinished) }} + ttlSecondsAfterFinished: {{ .Values.certgen.ttlSecondsAfterFinished }} + {{- end }} diff --git a/charts/gateway-helm/values.tmpl.yaml b/charts/gateway-helm/values.tmpl.yaml index 5dc0e579af0..d00a324dff6 100644 --- a/charts/gateway-helm/values.tmpl.yaml +++ b/charts/gateway-helm/values.tmpl.yaml @@ -55,3 +55,9 @@ envoyGatewayMetricsService: createNamespace: false kubernetesClusterDomain: cluster.local + +certgen: + ttlSecondsAfterFinished: 0 + annotations: + job: [] + rbac: [] From 5459e7e37aa5c1ad8a2f44a9c509dd50a6051d54 Mon Sep 17 00:00:00 2001 From: "Federico M. Facca" Date: Wed, 18 Oct 2023 17:00:12 +0200 Subject: [PATCH 2/4] apply review Signed-off-by: Federico M. Facca --- .../gateway-helm/templates/certgen-rbac.yaml | 24 ++++++++++++------- charts/gateway-helm/templates/certgen.yaml | 9 ++++--- charts/gateway-helm/values.tmpl.yaml | 10 ++++---- 3 files changed, 25 insertions(+), 18 deletions(-) diff --git a/charts/gateway-helm/templates/certgen-rbac.yaml b/charts/gateway-helm/templates/certgen-rbac.yaml index 2c34a9cadca..c29436edb92 100644 --- a/charts/gateway-helm/templates/certgen-rbac.yaml +++ b/charts/gateway-helm/templates/certgen-rbac.yaml @@ -5,11 +5,13 @@ metadata: namespace: '{{ .Release.Namespace }}' labels: {{- include "eg.labels" . | nindent 4 }} - {{- if .Values.certgen.annotations.rbac }} + {{- if .Values.certgen.rbac.labels }} + {{- toYaml .Values.certgen.rbac.labels | nindent 4 }} + {{- end }} annotations: - {{- toYaml .Values.certgen.annotations.rbac | nindent 4 -}} + {{- if .Values.certgen.rbac.annotations }} + {{- toYaml .Values.certgen.rbac.annotations | nindent 4 -}} {{ else }} - annotations: "helm.sh/hook": pre-install {{- end }} --- @@ -20,11 +22,13 @@ metadata: namespace: '{{ .Release.Namespace }}' labels: {{- include "eg.labels" . | nindent 4 }} - {{- if .Values.certgen.annotations.rbac }} + {{- if .Values.certgen.rbac.labels }} + {{- toYaml .Values.certgen.rbac.labels | nindent 4 }} + {{- end }} annotations: - {{- toYaml .Values.certgen.annotations.rbac | nindent 4 -}} + {{- if .Values.certgen.rbac.annotations }} + {{- toYaml .Values.certgen.rbac.annotations | nindent 4 -}} {{ else }} - annotations: "helm.sh/hook": pre-install {{- end }} rules: @@ -44,11 +48,13 @@ metadata: namespace: '{{ .Release.Namespace }}' labels: {{- include "eg.labels" . | nindent 4 }} - {{- if .Values.certgen.annotations.rbac }} + {{- if .Values.certgen.rbac.labels }} + {{- toYaml .Values.certgen.rbac.labels | nindent 4 }} + {{- end }} annotations: - {{- toYaml .Values.certgen.annotations.rbac | nindent 4 -}} + {{- if .Values.certgen.rbac.annotations }} + {{- toYaml .Values.certgen.rbac.annotations | nindent 4 -}} {{ else }} - annotations: "helm.sh/hook": pre-install {{- end }} roleRef: diff --git a/charts/gateway-helm/templates/certgen.yaml b/charts/gateway-helm/templates/certgen.yaml index 987a3698476..3350bc5698a 100644 --- a/charts/gateway-helm/templates/certgen.yaml +++ b/charts/gateway-helm/templates/certgen.yaml @@ -5,11 +5,10 @@ metadata: namespace: '{{ .Release.Namespace }}' labels: {{- include "eg.labels" . | nindent 4 }} - {{- if .Values.certgen.annotations.job }} annotations: - {{- toYaml .Values.certgen.annotations.job | nindent 4 -}} + {{- if .Values.certgen.job.annotations }} + {{- toYaml .Values.certgen.job.annotations | nindent 4 -}} {{ else }} - annotations: "helm.sh/hook": pre-install {{- end }} spec: @@ -42,6 +41,6 @@ spec: runAsNonRoot: true runAsUser: 65534 serviceAccountName: {{ include "eg.fullname" . }}-certgen - {{- if not ( kindIs "invalid" .Values.certgen.ttlSecondsAfterFinished) }} - ttlSecondsAfterFinished: {{ .Values.certgen.ttlSecondsAfterFinished }} + {{- if not ( kindIs "invalid" .Values.certgen.job.ttlSecondsAfterFinished) }} + ttlSecondsAfterFinished: {{ .Values.certgen.job.ttlSecondsAfterFinished }} {{- end }} diff --git a/charts/gateway-helm/values.tmpl.yaml b/charts/gateway-helm/values.tmpl.yaml index d00a324dff6..d4836f96c79 100644 --- a/charts/gateway-helm/values.tmpl.yaml +++ b/charts/gateway-helm/values.tmpl.yaml @@ -57,7 +57,9 @@ createNamespace: false kubernetesClusterDomain: cluster.local certgen: - ttlSecondsAfterFinished: 0 - annotations: - job: [] - rbac: [] + job: + annotations: {} + ttlSecondsAfterFinished: 0 + rbac: + annotations: {} + labels: {} From 4a101c3f0b9f50c8935da9365808d1566fac2c10 Mon Sep 17 00:00:00 2001 From: "Federico M. Facca" Date: Wed, 18 Oct 2023 17:11:10 +0200 Subject: [PATCH 3/4] update helm chart docs Signed-off-by: Federico M. Facca --- site/content/en/latest/install/api.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/site/content/en/latest/install/api.md b/site/content/en/latest/install/api.md index 857a0081735..d1a2b660189 100644 --- a/site/content/en/latest/install/api.md +++ b/site/content/en/latest/install/api.md @@ -24,6 +24,10 @@ The Helm chart for Envoy Gateway | Key | Type | Default | Description | |-----|------|---------|-------------| +| certgen.job.annotations | object | `{}` | | +| certgen.job.ttlSecondsAfterFinished | int | `0` | | +| certgen.rbac.annotations | object | `{}` | | +| certgen.rbac.labels | object | `{}` | | | config.envoyGateway.gateway.controllerName | string | `"gateway.envoyproxy.io/gatewayclass-controller"` | | | config.envoyGateway.logging.level.default | string | `"info"` | | | config.envoyGateway.provider.type | string | `"Kubernetes"` | | From 753b4660852dfe36fedc81f91f3f31a6fbc35a6c Mon Sep 17 00:00:00 2001 From: "Federico M. Facca" Date: Wed, 18 Oct 2023 19:06:20 +0200 Subject: [PATCH 4/4] apply comments Signed-off-by: Federico M. Facca --- charts/gateway-helm/templates/certgen-rbac.yaml | 9 +++------ charts/gateway-helm/templates/certgen.yaml | 3 +-- 2 files changed, 4 insertions(+), 8 deletions(-) diff --git a/charts/gateway-helm/templates/certgen-rbac.yaml b/charts/gateway-helm/templates/certgen-rbac.yaml index c29436edb92..81bf1a820b8 100644 --- a/charts/gateway-helm/templates/certgen-rbac.yaml +++ b/charts/gateway-helm/templates/certgen-rbac.yaml @@ -9,10 +9,9 @@ metadata: {{- toYaml .Values.certgen.rbac.labels | nindent 4 }} {{- end }} annotations: + "helm.sh/hook": pre-install {{- if .Values.certgen.rbac.annotations }} {{- toYaml .Values.certgen.rbac.annotations | nindent 4 -}} - {{ else }} - "helm.sh/hook": pre-install {{- end }} --- apiVersion: rbac.authorization.k8s.io/v1 @@ -26,10 +25,9 @@ metadata: {{- toYaml .Values.certgen.rbac.labels | nindent 4 }} {{- end }} annotations: + "helm.sh/hook": pre-install {{- if .Values.certgen.rbac.annotations }} {{- toYaml .Values.certgen.rbac.annotations | nindent 4 -}} - {{ else }} - "helm.sh/hook": pre-install {{- end }} rules: - apiGroups: @@ -52,10 +50,9 @@ metadata: {{- toYaml .Values.certgen.rbac.labels | nindent 4 }} {{- end }} annotations: + "helm.sh/hook": pre-install {{- if .Values.certgen.rbac.annotations }} {{- toYaml .Values.certgen.rbac.annotations | nindent 4 -}} - {{ else }} - "helm.sh/hook": pre-install {{- end }} roleRef: apiGroup: rbac.authorization.k8s.io diff --git a/charts/gateway-helm/templates/certgen.yaml b/charts/gateway-helm/templates/certgen.yaml index 3350bc5698a..4d49597fec0 100644 --- a/charts/gateway-helm/templates/certgen.yaml +++ b/charts/gateway-helm/templates/certgen.yaml @@ -6,10 +6,9 @@ metadata: labels: {{- include "eg.labels" . | nindent 4 }} annotations: + "helm.sh/hook": pre-install {{- if .Values.certgen.job.annotations }} {{- toYaml .Values.certgen.job.annotations | nindent 4 -}} - {{ else }} - "helm.sh/hook": pre-install {{- end }} spec: backoffLimit: 1