Skip to content

Commit

Permalink
feat: add option to add additional custom pod labels (#991)
Browse files Browse the repository at this point in the history 
Signed-off-by: Patrick von Steht <[email protected]>
Co-authored-by: Patrick von Steht <[email protected]>
  • Loading branch information
@patrick-vonsteht
patrick-vonsteht and Patrick von Steht authored Mar 28, 2024
1 parent 2ea877c commit bb740ac
Show file tree
Hide file tree
Showing 20 changed files with 65 additions and 20 deletions.
1 change: 1 addition & 0 deletions api/unversioned/config/config.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -106,6 +106,7 @@ func Default() *unversioned.EraserConfig {
"eraser.sh/cleanup.filter",
},
},
AdditionalPodLabels: map[string]string{},
},
Components: unversioned.Components{
Collector: unversioned.OptionalContainerConfig{
Expand Down
19 changes: 10 additions & 9 deletions api/unversioned/eraserconfig_types.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -156,15 +156,16 @@ type ContainerConfig struct {
}

type ManagerConfig struct {
Runtime RuntimeSpec `json:"runtime,omitempty"`
OTLPEndpoint string `json:"otlpEndpoint,omitempty"`
LogLevel string `json:"logLevel,omitempty"`
Scheduling ScheduleConfig `json:"scheduling,omitempty"`
Profile ProfileConfig `json:"profile,omitempty"`
ImageJob ImageJobConfig `json:"imageJob,omitempty"`
PullSecrets []string `json:"pullSecrets,omitempty"`
NodeFilter NodeFilterConfig `json:"nodeFilter,omitempty"`
PriorityClassName string `json:"priorityClassName,omitempty"`
Runtime RuntimeSpec `json:"runtime,omitempty"`
OTLPEndpoint string `json:"otlpEndpoint,omitempty"`
LogLevel string `json:"logLevel,omitempty"`
Scheduling ScheduleConfig `json:"scheduling,omitempty"`
Profile ProfileConfig `json:"profile,omitempty"`
ImageJob ImageJobConfig `json:"imageJob,omitempty"`
PullSecrets []string `json:"pullSecrets,omitempty"`
NodeFilter NodeFilterConfig `json:"nodeFilter,omitempty"`
PriorityClassName string `json:"priorityClassName,omitempty"`
AdditionalPodLabels map[string]string `json:"additionalPodLabels,omitempty"`
}

type ScheduleConfig struct {
Expand Down
7 changes: 7 additions & 0 deletions api/unversioned/zz_generated.deepcopy.go
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

1 change: 1 addition & 0 deletions api/v1alpha1/zz_generated.conversion.go
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

1 change: 1 addition & 0 deletions api/v1alpha2/zz_generated.conversion.go
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

1 change: 1 addition & 0 deletions api/v1alpha3/config/config.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -64,6 +64,7 @@ func Default() *v1alpha3.EraserConfig {
"eraser.sh/cleanup.filter",
},
},
AdditionalPodLabels: map[string]string{},
},
Components: v1alpha3.Components{
Collector: v1alpha3.OptionalContainerConfig{
Expand Down
19 changes: 10 additions & 9 deletions api/v1alpha3/eraserconfig_types.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -156,15 +156,16 @@ type ContainerConfig struct {
}

type ManagerConfig struct {
Runtime RuntimeSpec `json:"runtime,omitempty"`
OTLPEndpoint string `json:"otlpEndpoint,omitempty"`
LogLevel string `json:"logLevel,omitempty"`
Scheduling ScheduleConfig `json:"scheduling,omitempty"`
Profile ProfileConfig `json:"profile,omitempty"`
ImageJob ImageJobConfig `json:"imageJob,omitempty"`
PullSecrets []string `json:"pullSecrets,omitempty"`
NodeFilter NodeFilterConfig `json:"nodeFilter,omitempty"`
PriorityClassName string `json:"priorityClassName,omitempty"`
Runtime RuntimeSpec `json:"runtime,omitempty"`
OTLPEndpoint string `json:"otlpEndpoint,omitempty"`
LogLevel string `json:"logLevel,omitempty"`
Scheduling ScheduleConfig `json:"scheduling,omitempty"`
Profile ProfileConfig `json:"profile,omitempty"`
ImageJob ImageJobConfig `json:"imageJob,omitempty"`
PullSecrets []string `json:"pullSecrets,omitempty"`
NodeFilter NodeFilterConfig `json:"nodeFilter,omitempty"`
PriorityClassName string `json:"priorityClassName,omitempty"`
AdditionalPodLabels map[string]string `json:"additionalPodLabels,omitempty"`
}

type ScheduleConfig struct {
Expand Down
2 changes: 2 additions & 0 deletions api/v1alpha3/zz_generated.conversion.go
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

7 changes: 7 additions & 0 deletions api/v1alpha3/zz_generated.deepcopy.go
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

1 change: 1 addition & 0 deletions config/manager/controller_manager_config.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -19,6 +19,7 @@ manager:
delayOnFailure: 24h
pullSecrets: [] # image pull secrets for collector/scanner/eraser
priorityClassName: "" # priority class name for collector/scanner/eraser
additionalPodLabels: {}
nodeFilter:
type: exclude # must be either exclude|include
selectors:
Expand Down
10 changes: 8 additions & 2 deletions controllers/imagejob/imagejob_controller.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -409,10 +409,16 @@ func (r *Reconciler) handleNewJob(ctx context.Context, imageJob *eraserv1.ImageJ
},
}

pod.Labels = map[string]string{}

for k, v := range eraserConfig.Manager.AdditionalPodLabels {
pod.Labels[k] = v
}

if containerName == removerContainer {
pod.Labels = map[string]string{imageJobTypeLabelKey: manualJobType}
pod.Labels[imageJobTypeLabelKey] = manualJobType
} else {
pod.Labels = map[string]string{imageJobTypeLabelKey: collectorJobType}
pod.Labels[imageJobTypeLabelKey] = collectorJobType
}

fitness := checkNodeFitness(pod, &nodeList[i])
Expand Down
2 changes: 2 additions & 0 deletions docs/docs/customization.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -102,6 +102,7 @@ manager:
delayOnFailure: 24h
pullSecrets: [] # image pull secrets for collector/scanner/remover
priorityClassName: "" # priority class name for collector/scanner/remover
additionalPodLabels: {}
nodeFilter:
type: exclude # must be either exclude|include
selectors:
Expand Down Expand Up @@ -207,6 +208,7 @@ timeout:
| manager.imageJob.cleanup.delayOnFailure | The amount of time to wait after a failed image job before performing cleanup. | 24h |
| manager.pullSecrets | The image pull secrets to use for collector, scanner, and remover containers. | [] |
| manager.priorityClassName | The priority class to use for collector, scanner, and remover containers. | "" |
| manager.additionalPodLabels | Additional labels for all pods that the controller creates at runtime. | `{}` |
| manager.nodeFilter.type | The type of node filter to use. Must be either "exclude" or "include". | exclude |
| manager.nodeFilter.selectors | A list of selectors used to filter nodes. | [] |
| components.collector.enabled | Whether to enable the collector component. | true |
Expand Down
2 changes: 2 additions & 0 deletions manifest_staging/charts/eraser/README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -45,6 +45,7 @@ _See [helm install](https://helm.sh/docs/helm/helm_install/) for command documen
| runtimeConfig.manager.imageJob.cleanup | Settings for image job cleanup. | `{}` |
| runtimeConfig.manager.pullSecrets | Image pull secrets for collector/scanner/eraser. | `[]` |
| runtimeConfig.manager.priorityClassName | Priority class name for collector/scanner/eraser. | `""` |
| runtimeConfig.manager.additionalPodLabels | Additional labels for all pods that the controller creates at runtime. | `{}` |
| runtimeConfig.manager.nodeFilter | Filter for nodes. | `{}` |
| runtimeConfig.components.collector | Settings for the collector component. | `{ enabled: false }` |
| runtimeConfig.components.scanner | Settings for the scanner component. | `{ enabled: false }` |
Expand All @@ -54,6 +55,7 @@ _See [helm install](https://helm.sh/docs/helm/helm_install/) for command documen
| deploy.image.tag | Overrides the default image tag. | `""` |
| deploy.additionalArgs | Additional arguments to pass to the command. | `[]` |
| deploy.priorityClassName | Priority class name. | `""` |
| deploy.additionalPodLabels | Additional labels for the controller pod. | `{}` |
| deploy.securityContext.allowPrivilegeEscalation | Whether to allow privilege escalation. | `false` |
| deploy.resources.limits.memory | Memory limit for the resources. | `30Mi` |
| deploy.resources.requests.cpu | CPU request for the resources. | `100m` |
Expand Down
1 change: 1 addition & 0 deletions manifest_staging/charts/eraser/templates/eraser-controller-manager-deployment.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -21,6 +21,7 @@ spec:
template:
metadata:
labels:
{{- if .Values.deploy.additionalPodLabels }}{{- toYaml .Values.deploy.additionalPodLabels | nindent 8 }}{{end}}
app.kubernetes.io/instance: '{{ .Release.Name }}'
app.kubernetes.io/managed-by: '{{ .Release.Service }}'
app.kubernetes.io/name: '{{ template "eraser.name" . }}'
Expand Down
2 changes: 2 additions & 0 deletions manifest_staging/charts/eraser/values.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -29,6 +29,7 @@ runtimeConfig:
# delayOnFailure: ""
pullSecrets: [] # image pull secrets for collector/scanner/eraser
priorityClassName: "" # priority class name for collector/scanner/eraser
additionalPodLabels: {}
nodeFilter:
type: exclude # must be either exclude|include
selectors:
Expand Down Expand Up @@ -97,6 +98,7 @@ deploy:
tag: "v1.4.0-beta.0"
additionalArgs: []
priorityClassName: ""
additionalPodLabels: {}

securityContext:
allowPrivilegeEscalation: false
Expand Down
1 change: 1 addition & 0 deletions manifest_staging/deploy/eraser.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -432,6 +432,7 @@ data:
delayOnFailure: 24h
pullSecrets: [] # image pull secrets for collector/scanner/eraser
priorityClassName: "" # priority class name for collector/scanner/eraser
additionalPodLabels: {}
nodeFilter:
type: exclude # must be either exclude|include
selectors:
Expand Down
3 changes: 3 additions & 0 deletions third_party/open-policy-agent/gatekeeper/helmify/kustomize-for-helm.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,9 @@ metadata:
namespace: eraser-system
spec:
template:
metadata:
labels:
HELMSUBST_DEPLOYMENT_CONTROLLER_MANAGER_ADDITIONALPODLABELS: ""
spec:
HELMSUBST_DEPLOYMENT_CONTROLLER_MANAGER_PULL_SECRETS: ""
volumes:
Expand Down
1 change: 1 addition & 0 deletions third_party/open-policy-agent/gatekeeper/helmify/replacements.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,7 @@ var replacements = map[string]string{
`HELMSUBST_DEPLOYMENT_CONTROLLER_MANAGER_AFFINITY: ""`: `{{- toYaml .Values.deploy.affinity | nindent 8 }}`,
`- HELMSUBST_DEPLOYMENT_CONTROLLER_MANAGER_ADDITIONAL_ARGS`: `{{- if .Values.deploy.additionalArgs }}{{- range .Values.deploy.additionalArgs }}{{ nindent 8 "- " }}{{ . }}{{- end -}}{{ end }}`,
`HELMSUBST_CONTROLLER_MANAGER_CONFIG_YAML`: `{{- toYaml .Values.runtimeConfig | nindent 4 }}`,
`HELMSUBST_DEPLOYMENT_CONTROLLER_MANAGER_ADDITIONALPODLABELS: ""`: `{{- if .Values.deploy.additionalPodLabels }}{{- toYaml .Values.deploy.additionalPodLabels | nindent 8 }}{{end}}`,

`HELMSUBST_DEPLOYMENT_CONTROLLER_MANAGER_PULL_SECRETS: ""`: `{{- if .Values.runtimeConfig.manager.pullSecrets }}
imagePullSecrets:
Expand Down
2 changes: 2 additions & 0 deletions third_party/open-policy-agent/gatekeeper/helmify/static/README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -45,6 +45,7 @@ _See [helm install](https://helm.sh/docs/helm/helm_install/) for command documen
| runtimeConfig.manager.imageJob.cleanup | Settings for image job cleanup. | `{}` |
| runtimeConfig.manager.pullSecrets | Image pull secrets for collector/scanner/eraser. | `[]` |
| runtimeConfig.manager.priorityClassName | Priority class name for collector/scanner/eraser. | `""` |
| runtimeConfig.manager.additionalPodLabels | Additional labels for all pods that the controller creates at runtime. | `{}` |
| runtimeConfig.manager.nodeFilter | Filter for nodes. | `{}` |
| runtimeConfig.components.collector | Settings for the collector component. | `{ enabled: false }` |
| runtimeConfig.components.scanner | Settings for the scanner component. | `{ enabled: false }` |
Expand All @@ -54,6 +55,7 @@ _See [helm install](https://helm.sh/docs/helm/helm_install/) for command documen
| deploy.image.tag | Overrides the default image tag. | `""` |
| deploy.additionalArgs | Additional arguments to pass to the command. | `[]` |
| deploy.priorityClassName | Priority class name. | `""` |
| deploy.additionalPodLabels | Additional labels for the controller pod. | `{}` |
| deploy.securityContext.allowPrivilegeEscalation | Whether to allow privilege escalation. | `false` |
| deploy.resources.limits.memory | Memory limit for the resources. | `30Mi` |
| deploy.resources.requests.cpu | CPU request for the resources. | `100m` |
Expand Down
2 changes: 2 additions & 0 deletions third_party/open-policy-agent/gatekeeper/helmify/static/values.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -29,6 +29,7 @@ runtimeConfig:
# delayOnFailure: ""
pullSecrets: [] # image pull secrets for collector/scanner/eraser
priorityClassName: "" # priority class name for collector/scanner/eraser
additionalPodLabels: {}
nodeFilter:
type: exclude # must be either exclude|include
selectors:
Expand Down Expand Up @@ -97,6 +98,7 @@ deploy:
tag: "v1.4.0-beta.0"
additionalArgs: []
priorityClassName: ""
additionalPodLabels: {}

securityContext:
allowPrivilegeEscalation: false
Expand Down

0 comments on commit bb740ac

Please sign in to comment.