From bf7177dde47a56fa0fd845420a7ec339ebef1ecb Mon Sep 17 00:00:00 2001
From: ddl-ebrown <ethan.brown@dominodatalab.com>
Date: Thu, 20 Jun 2024 10:20:03 -0700
Subject: [PATCH] Flyte core webhook pod settings should be separate

 - Previously, the webhook was sharing some pod level settings in the
   core chart with flytepropeller like:

   * podAnnotations
   * podEnv
   * podLabels
   * nodeSelector

   Since the webhook runs a separate pod, it should have separate
   settings

 NOTE: no attempt is made to honor carrying over any previous settings
 from flytepropeller values to webhook values, but given these were
 recently introduced / fixed in January as part of
 https://github.com/flyteorg/flyte/pull/4756, I think they're not used
 very much

Signed-off-by: ddl-ebrown <ethan.brown@dominodatalab.com>
---
 charts/flyte-core/README.md                        |  4 ++++
 charts/flyte-core/templates/propeller/webhook.yaml | 14 +++++++-------
 charts/flyte-core/values.yaml                      |  8 ++++++++
 3 files changed, 19 insertions(+), 7 deletions(-)

diff --git a/charts/flyte-core/README.md b/charts/flyte-core/README.md
index 4662eeef66..2c4a15e33c 100644
--- a/charts/flyte-core/README.md
+++ b/charts/flyte-core/README.md
@@ -296,6 +296,10 @@ helm install gateway bitnami/contour -n flyte
 | storage.s3.secretKey | string | `""` | AWS IAM user secret access key to use for S3 bucket auth, only used if authType is set to accesskey |
 | storage.type | string | `"sandbox"` | Sets the storage type. Supported values are sandbox, s3, gcs and custom. |
 | webhook.enabled | bool | `true` | enable or disable secrets webhook |
+| webhook.nodeSelector | object | `{}` | nodeSelector for webhook deployment |
+| webhook.podAnnotations | object | `{}` | Annotations for webhook pods |
+| webhook.podEnv | object | `{}` | Additional webhook container environment variables |
+| webhook.podLabels | object | `{}` | Labels for webhook pods |
 | webhook.priorityClassName | string | `""` | Sets priorityClassName for webhook pod |
 | webhook.resources.requests.cpu | string | `"200m"` |  |
 | webhook.resources.requests.ephemeral-storage | string | `"500Mi"` |  |
diff --git a/charts/flyte-core/templates/propeller/webhook.yaml b/charts/flyte-core/templates/propeller/webhook.yaml
index 90241a69f8..fd9dfa303d 100644
--- a/charts/flyte-core/templates/propeller/webhook.yaml
+++ b/charts/flyte-core/templates/propeller/webhook.yaml
@@ -26,12 +26,12 @@ spec:
         app: {{ template "flyte-pod-webhook.name" . }}
         app.kubernetes.io/name: {{ template "flyte-pod-webhook.name" . }}
         app.kubernetes.io/version: {{ .Values.flytepropeller.image.tag }}
-        {{- with .Values.flytepropeller.podLabels }}
+        {{- with .Values.webhook.podLabels }}
         {{- toYaml . | nindent 8 }}
         {{- end }}
       annotations:
         configChecksum: {{ include (print .Template.BasePath "/propeller/configmap.yaml") . | sha256sum | trunc 63 | quote }}
-        {{- with .Values.flytepropeller.podAnnotations }}
+        {{- with .Values.webhook.podAnnotations }}
         {{- toYaml . | nindent 8 }}
         {{- end }}
     spec:
@@ -63,8 +63,8 @@ spec:
             valueFrom:
               fieldRef:
                 fieldPath: metadata.namespace
-        {{- if .Values.flytepropeller.podEnv -}}
-        {{- with .Values.flytepropeller.podEnv -}}
+        {{- if .Values.webhook.podEnv -}}
+        {{- with .Values.webhook.podEnv -}}
         {{- toYaml . | nindent 10 }}
         {{- end }}
         {{- end }}
@@ -95,8 +95,8 @@ spec:
               valueFrom:
                 fieldRef:
                   fieldPath: metadata.namespace
-        {{- if .Values.flytepropeller.podEnv -}}
-        {{- with .Values.flytepropeller.podEnv -}}
+        {{- if .Values.webhook.podEnv -}}
+        {{- with .Values.webhook.podEnv -}}
         {{- toYaml . | nindent 12 }}
         {{- end }}
         {{- end }}
@@ -123,7 +123,7 @@ spec:
         - name: webhook-certs
           secret:
             secretName: flyte-pod-webhook
-      {{- with .Values.flytepropeller.nodeSelector }}
+      {{- with .Values.webhook.nodeSelector }}
       nodeSelector: {{ tpl (toYaml .) $ | nindent 8 }}
       {{- end }}
 ---
diff --git a/charts/flyte-core/values.yaml b/charts/flyte-core/values.yaml
index b7f390a45e..d6a0cbb2e7 100755
--- a/charts/flyte-core/values.yaml
+++ b/charts/flyte-core/values.yaml
@@ -477,6 +477,14 @@ webhook:
     annotations:
       projectcontour.io/upstream-protocol.h2c: grpc
     type: ClusterIP
+  # -- Annotations for webhook pods
+  podAnnotations: {}
+  # -- Additional webhook container environment variables
+  podEnv: {}
+  # -- Labels for webhook pods
+  podLabels: {}
+  # -- nodeSelector for webhook deployment
+  nodeSelector: {}
   # -- Sets securityContext for webhook pod(s).
   securityContext:
     fsGroup: 65534