feat: add tolerations and affinity in the global values (#476)

jvanz · web-flow · commit b88ba72948f4 · 2024-07-11T09:35:54.000-03:00
Signed-off-by: José Guilherme Vanz &lt;jguilhermevanz@suse.com&gt;
diff --git a/charts/kubewarden-controller/templates/audit-scanner.yaml b/charts/kubewarden-controller/templates/audit-scanner.yaml
@@ -35,6 +35,16 @@ spec:
               items:
               - key: policy-server-root-ca-pem
                 path: "policy-server-root-ca-pem"
+          {{- if .Values.global.affinity }}
+          affinity: {{ .Values.global.affinity | toYaml | nindent 14 }}
+          {{- end }}
+          {{- if .Values.global.tolerations }}
+          tolerations: {{ .Values.global.tolerations | toYaml | nindent 14 }}
+          {{- end }}
+          {{- with .Values.nodeSelector }}
+          nodeSelector:
+            {{- toYaml . | nindent 14 }}
+          {{- end }}
           containers:
           - name: audit-scanner
             image: '{{ template "system_default_registry" . }}{{ .Values.auditScanner.image.repository }}:{{ .Values.auditScanner.image.tag }}'
@@ -49,18 +59,6 @@ spec:
             securityContext:
               {{- toYaml . | nindent 14 }}
             {{- end }}
-            {{- with .Values.nodeSelector }}
-            nodeSelector:
-              {{- toYaml . | nindent 14 }}
-            {{- end }}
-            {{- with .Values.affinity }}
-            affinity:
-              {{- toYaml . | nindent 14 }}
-            {{- end }}
-            {{- with .Values.tolerations }}
-            tolerations:
-              {{- toYaml . | nindent 14 }}
-            {{- end }}
             {{- if and .Values.resources .Values.resources.auditScanner }}
             resources:
 {{ toYaml .Values.resources.auditScanner | indent 14 }}
diff --git a/charts/kubewarden-controller/templates/deployment.yaml b/charts/kubewarden-controller/templates/deployment.yaml
@@ -30,6 +30,16 @@ spec:
       {{- include "imagePullSecrets" .Values.imagePullSecrets | nindent 8 }}
       {{- end }}
       serviceAccountName: {{ include "kubewarden-controller.serviceAccountName" . }}
+      {{- if .Values.global.affinity }}
+      affinity: {{ .Values.global.affinity | toYaml | nindent 8 }}
+      {{- end }}
+      {{- if .Values.global.tolerations }}
+      tolerations: {{ .Values.global.tolerations | toYaml | nindent 8 }}
+      {{- end }}
+      {{- with .Values.nodeSelector }}
+      nodeSelector:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
       containers:
       - name: manager
         args:
@@ -93,15 +103,3 @@ spec:
 {{ toYaml .Values.podSecurityContext | indent 8 }}
       {{- end }}
       terminationGracePeriodSeconds: 10
-      {{- with .Values.nodeSelector }}
-      nodeSelector:
-        {{- toYaml . | nindent 8 }}
-      {{- end }}
-      {{- with .Values.affinity }}
-      affinity:
-        {{- toYaml . | nindent 8 }}
-      {{- end }}
-      {{- with .Values.tolerations }}
-      tolerations:
-        {{- toYaml . | nindent 8 }}
-      {{- end }}
diff --git a/charts/kubewarden-controller/values.yaml b/charts/kubewarden-controller/values.yaml
@@ -3,6 +3,61 @@
 # by more than one chart and they ideally need to match during the
 # installation of the charts consuming this values.
 global:
+  # affinity:
+  #   podAffinity:
+  #     requiredDuringSchedulingIgnoredDuringExecution:
+  #     - labelSelector:
+  #         matchExpressions:
+  #         - key: security
+  #           operator: In
+  #           values:
+  #           - S1
+  #       topologyKey: topology.kubernetes.io/zone
+  #   podAntiAffinity:
+  #     preferredDuringSchedulingIgnoredDuringExecution:
+  #     - weight: 100
+  #       podAffinityTerm:
+  #         labelSelector:
+  #           matchExpressions:
+  #           - key: security
+  #             operator: In
+  #             values:
+  #             - S2
+  #         topologyKey: topology.kubernetes.io/zone
+  #   nodeAffinity:
+  #     requiredDuringSchedulingIgnoredDuringExecution:
+  #       nodeSelectorTerms:
+  #       - matchExpressions:
+  #         - key: kubernetes.io/os
+  #           operator: In
+  #           values:
+  #           - linux
+  #     preferredDuringSchedulingIgnoredDuringExecution:
+  #     - weight: 1
+  #       preference:
+  #         matchExpressions:
+  #         - key: label-1
+  #           operator: In
+  #           values:
+  #           - key-1
+  #     - weight: 50
+  #       preference:
+  #         matchExpressions:
+  #         - key: label-2
+  #           operator: In
+  #           values:
+  #           - key-2
+  affinity: {}
+  # tolerations:
+  #   - key: "key1"
+  #     operator: "Equal"
+  #     value: "value1"
+  #     effect: "NoSchedule"
+  #   - key: "key1"
+  #     operator: "Equal"
+  #     value: "value1"
+  #     effect: "NoExecute"
+  tolerations: []
   cattle:
     systemDefaultRegistry: ghcr.io
   skipNamespaces:
@@ -111,8 +166,6 @@ preDeleteJob:
 # kubewarden-controller deployment settings:
 podAnnotations: {}
 nodeSelector: {}
-tolerations: []
-affinity: {}
 tls:
   # source options:
   # - "cert-manager-self-signed": Scaffold cert-manager integration, and create
diff --git a/charts/kubewarden-defaults/templates/_helpers.tpl b/charts/kubewarden-defaults/templates/_helpers.tpl
@@ -76,4 +76,3 @@ namespaceSelector:
 {{- printf "%s/" .Values.global.cattle.systemDefaultRegistry -}}
 {{- end -}}
 {{- end -}}
-
diff --git a/charts/kubewarden-defaults/templates/policyserver-default.yaml b/charts/kubewarden-defaults/templates/policyserver-default.yaml
@@ -20,8 +20,11 @@ spec:
   {{- if .Values.policyServer.maxUnavailable }}
   maxUnavailable: {{ .Values.policyServer.maxUnavailable  }}
   {{- end }}
-  {{- if .Values.policyServer.affinity }}
-  affinity: {{ .Values.policyServer.affinity | toYaml | nindent 4 }}
+  {{- if .Values.global.affinity }}
+  affinity: {{ .Values.global.affinity | toYaml | nindent 4 }}
+  {{- end }}
+  {{- if .Values.global.tolerations }}
+  tolerations: {{ .Values.global.tolerations | toYaml | nindent 4 }}
   {{- end }}
   {{- if .Values.policyServer.limits }}
   limits: {{ .Values.policyServer.limits | toYaml | nindent 4 }}
diff --git a/charts/kubewarden-defaults/values.yaml b/charts/kubewarden-defaults/values.yaml
@@ -3,6 +3,61 @@
 # by more than one chart and they ideally need to match during the
 # installation of the charts consuming this values.
 global:
+  # affinity:
+  #   podAffinity:
+  #     requiredDuringSchedulingIgnoredDuringExecution:
+  #     - labelSelector:
+  #         matchExpressions:
+  #         - key: security
+  #           operator: In
+  #           values:
+  #           - S1
+  #       topologyKey: topology.kubernetes.io/zone
+  #   podAntiAffinity:
+  #     preferredDuringSchedulingIgnoredDuringExecution:
+  #     - weight: 100
+  #       podAffinityTerm:
+  #         labelSelector:
+  #           matchExpressions:
+  #           - key: security
+  #             operator: In
+  #             values:
+  #             - S2
+  #         topologyKey: topology.kubernetes.io/zone
+  #   nodeAffinity:
+  #     requiredDuringSchedulingIgnoredDuringExecution:
+  #       nodeSelectorTerms:
+  #       - matchExpressions:
+  #         - key: kubernetes.io/os
+  #           operator: In
+  #           values:
+  #           - linux
+  #     preferredDuringSchedulingIgnoredDuringExecution:
+  #     - weight: 1
+  #       preference:
+  #         matchExpressions:
+  #         - key: label-1
+  #           operator: In
+  #           values:
+  #           - key-1
+  #     - weight: 50
+  #       preference:
+  #         matchExpressions:
+  #         - key: label-2
+  #           operator: In
+  #           values:
+  #           - key-2
+  affinity: {}
+  # tolerations:
+  #   - key: "key1"
+  #     operator: "Equal"
+  #     value: "value1"
+  #     effect: "NoSchedule"
+  #   - key: "key1"
+  #     operator: "Equal"
+  #     value: "value1"
+  #     effect: "NoExecute"
+  tolerations: []
   cattle:
     systemDefaultRegistry: ghcr.io
   skipNamespaces:
@@ -113,8 +168,6 @@ policyServer:
   #     certs:
   #       - "cert4"
   sourceAuthorities: {}
-  # affinity for pods of the default PolicyServer
-  affinity: {}
   # limits and requests, see https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
   limits: {}
   requests: {}
diff --git a/common-values.yaml b/common-values.yaml
@@ -2,6 +2,8 @@
 # by more than one chart and they ideally need to match during the
 # installation of the charts consuming this values.
 global:
+  affinity: {}
+  tolerations: []
   cattle:
     systemDefaultRegistry: ghcr.io
   skipNamespaces:
@@ -47,3 +49,5 @@ global:
     default:
       name: default
       enabled: true
+  affinity: {}
+  tolerations: []
