Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat: add option to add additional custom pod labels #991

Merged
merged 5 commits into from
Mar 28, 2024
+65 −20
Merged

feat: add option to add additional custom pod labels #991

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
5 commits
Select commit Hold shift + click to select a range
e0509e3
feat: add option to add additional custom pod labels
Feb 23, 2024
8932e8d
Remove changes from api/v1alpha1 and api/v1alpha2 and add changes to …
Feb 26, 2024
7a54d6c
Correctly handle case that additionalPodLabels parameter is not prese…
Feb 26, 2024
f5eddc9
Add labels to ImageJob PodTemplateSpec
Mar 25, 2024
5208553
Remove labels from ImageJob PodTemplateSpec
Mar 27, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions api/unversioned/config/config.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -106,6 +106,7 @@ func Default() *unversioned.EraserConfig {
"eraser.sh/cleanup.filter",
},
},
AdditionalPodLabels: map[string]string{},
},
Components: unversioned.Components{
Collector: unversioned.OptionalContainerConfig{
Expand Down
19 changes: 10 additions & 9 deletions api/unversioned/eraserconfig_types.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -156,15 +156,16 @@ type ContainerConfig struct {
}

type ManagerConfig struct {
Runtime RuntimeSpec `json:"runtime,omitempty"`
OTLPEndpoint string `json:"otlpEndpoint,omitempty"`
LogLevel string `json:"logLevel,omitempty"`
Scheduling ScheduleConfig `json:"scheduling,omitempty"`
Profile ProfileConfig `json:"profile,omitempty"`
ImageJob ImageJobConfig `json:"imageJob,omitempty"`
PullSecrets []string `json:"pullSecrets,omitempty"`
NodeFilter NodeFilterConfig `json:"nodeFilter,omitempty"`
PriorityClassName string `json:"priorityClassName,omitempty"`
Runtime RuntimeSpec `json:"runtime,omitempty"`
OTLPEndpoint string `json:"otlpEndpoint,omitempty"`
LogLevel string `json:"logLevel,omitempty"`
Scheduling ScheduleConfig `json:"scheduling,omitempty"`
Profile ProfileConfig `json:"profile,omitempty"`
ImageJob ImageJobConfig `json:"imageJob,omitempty"`
PullSecrets []string `json:"pullSecrets,omitempty"`
NodeFilter NodeFilterConfig `json:"nodeFilter,omitempty"`
PriorityClassName string `json:"priorityClassName,omitempty"`
AdditionalPodLabels map[string]string `json:"additionalPodLabels,omitempty"`
}

type ScheduleConfig struct {
Expand Down
7 changes: 7 additions & 0 deletions api/unversioned/zz_generated.deepcopy.go
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

1 change: 1 addition & 0 deletions api/v1alpha1/zz_generated.conversion.go
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

1 change: 1 addition & 0 deletions api/v1alpha2/zz_generated.conversion.go
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

1 change: 1 addition & 0 deletions api/v1alpha3/config/config.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -64,6 +64,7 @@ func Default() *v1alpha3.EraserConfig {
"eraser.sh/cleanup.filter",
},
},
AdditionalPodLabels: map[string]string{},
},
Components: v1alpha3.Components{
Collector: v1alpha3.OptionalContainerConfig{
Expand Down
19 changes: 10 additions & 9 deletions api/v1alpha3/eraserconfig_types.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -156,15 +156,16 @@ type ContainerConfig struct {
}

type ManagerConfig struct {
Runtime RuntimeSpec `json:"runtime,omitempty"`
OTLPEndpoint string `json:"otlpEndpoint,omitempty"`
LogLevel string `json:"logLevel,omitempty"`
Scheduling ScheduleConfig `json:"scheduling,omitempty"`
Profile ProfileConfig `json:"profile,omitempty"`
ImageJob ImageJobConfig `json:"imageJob,omitempty"`
PullSecrets []string `json:"pullSecrets,omitempty"`
NodeFilter NodeFilterConfig `json:"nodeFilter,omitempty"`
PriorityClassName string `json:"priorityClassName,omitempty"`
Runtime RuntimeSpec `json:"runtime,omitempty"`
OTLPEndpoint string `json:"otlpEndpoint,omitempty"`
LogLevel string `json:"logLevel,omitempty"`
Scheduling ScheduleConfig `json:"scheduling,omitempty"`
Profile ProfileConfig `json:"profile,omitempty"`
ImageJob ImageJobConfig `json:"imageJob,omitempty"`
PullSecrets []string `json:"pullSecrets,omitempty"`
NodeFilter NodeFilterConfig `json:"nodeFilter,omitempty"`
PriorityClassName string `json:"priorityClassName,omitempty"`
AdditionalPodLabels map[string]string `json:"additionalPodLabels,omitempty"`
}

type ScheduleConfig struct {
Expand Down
2 changes: 2 additions & 0 deletions api/v1alpha3/zz_generated.conversion.go
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

7 changes: 7 additions & 0 deletions api/v1alpha3/zz_generated.deepcopy.go
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

1 change: 1 addition & 0 deletions config/manager/controller_manager_config.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -19,6 +19,7 @@ manager:
delayOnFailure: 24h
pullSecrets: [] # image pull secrets for collector/scanner/eraser
priorityClassName: "" # priority class name for collector/scanner/eraser
additionalPodLabels: {}
nodeFilter:
type: exclude # must be either exclude|include
selectors:
Expand Down
10 changes: 8 additions & 2 deletions controllers/imagejob/imagejob_controller.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -409,10 +409,16 @@ func (r *Reconciler) handleNewJob(ctx context.Context, imageJob *eraserv1.ImageJ
},
}

pod.Labels = map[string]string{}

for k, v := range eraserConfig.Manager.AdditionalPodLabels {
pod.Labels[k] = v
}

if containerName == removerContainer {
pod.Labels = map[string]string{imageJobTypeLabelKey: manualJobType}
pod.Labels[imageJobTypeLabelKey] = manualJobType
} else {
pod.Labels = map[string]string{imageJobTypeLabelKey: collectorJobType}
pod.Labels[imageJobTypeLabelKey] = collectorJobType
}

fitness := checkNodeFitness(pod, &nodeList[i])
Expand Down
2 changes: 2 additions & 0 deletions docs/docs/customization.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -102,6 +102,7 @@ manager:
delayOnFailure: 24h
pullSecrets: [] # image pull secrets for collector/scanner/remover
priorityClassName: "" # priority class name for collector/scanner/remover
additionalPodLabels: {}
nodeFilter:
type: exclude # must be either exclude|include
selectors:
Expand Down Expand Up @@ -207,6 +208,7 @@ timeout:
| manager.imageJob.cleanup.delayOnFailure | The amount of time to wait after a failed image job before performing cleanup. | 24h |
| manager.pullSecrets | The image pull secrets to use for collector, scanner, and remover containers. | [] |
| manager.priorityClassName | The priority class to use for collector, scanner, and remover containers. | "" |
| manager.additionalPodLabels | Additional labels for all pods that the controller creates at runtime. | `{}` |
| manager.nodeFilter.type | The type of node filter to use. Must be either "exclude" or "include". | exclude |
| manager.nodeFilter.selectors | A list of selectors used to filter nodes. | [] |
| components.collector.enabled | Whether to enable the collector component. | true |
Expand Down
2 changes: 2 additions & 0 deletions manifest_staging/charts/eraser/README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -45,6 +45,7 @@ _See [helm install](https://helm.sh/docs/helm/helm_install/) for command documen
| runtimeConfig.manager.imageJob.cleanup | Settings for image job cleanup. | `{}` |
| runtimeConfig.manager.pullSecrets | Image pull secrets for collector/scanner/eraser. | `[]` |
| runtimeConfig.manager.priorityClassName | Priority class name for collector/scanner/eraser. | `""` |
| runtimeConfig.manager.additionalPodLabels | Additional labels for all pods that the controller creates at runtime. | `{}` |
| runtimeConfig.manager.nodeFilter | Filter for nodes. | `{}` |
| runtimeConfig.components.collector | Settings for the collector component. | `{ enabled: false }` |
| runtimeConfig.components.scanner | Settings for the scanner component. | `{ enabled: false }` |
Expand All @@ -54,6 +55,7 @@ _See [helm install](https://helm.sh/docs/helm/helm_install/) for command documen
| deploy.image.tag | Overrides the default image tag. | `""` |
| deploy.additionalArgs | Additional arguments to pass to the command. | `[]` |
| deploy.priorityClassName | Priority class name. | `""` |
| deploy.additionalPodLabels | Additional labels for the controller pod. | `{}` |
| deploy.securityContext.allowPrivilegeEscalation | Whether to allow privilege escalation. | `false` |
| deploy.resources.limits.memory | Memory limit for the resources. | `30Mi` |
| deploy.resources.requests.cpu | CPU request for the resources. | `100m` |
Expand Down
1 change: 1 addition & 0 deletions manifest_staging/charts/eraser/templates/eraser-controller-manager-deployment.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -21,6 +21,7 @@ spec:
template:
metadata:
labels:
{{- if .Values.deploy.additionalPodLabels }}{{- toYaml .Values.deploy.additionalPodLabels | nindent 8 }}{{end}}
app.kubernetes.io/instance: '{{ .Release.Name }}'
app.kubernetes.io/managed-by: '{{ .Release.Service }}'
app.kubernetes.io/name: '{{ template "eraser.name" . }}'
Expand Down
2 changes: 2 additions & 0 deletions manifest_staging/charts/eraser/values.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -29,6 +29,7 @@ runtimeConfig:
# delayOnFailure: ""
pullSecrets: [] # image pull secrets for collector/scanner/eraser
priorityClassName: "" # priority class name for collector/scanner/eraser
additionalPodLabels: {}
nodeFilter:
type: exclude # must be either exclude|include
selectors:
Expand Down Expand Up @@ -97,6 +98,7 @@ deploy:
tag: "v1.4.0-beta.0"
additionalArgs: []
priorityClassName: ""
additionalPodLabels: {}
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

why do we need additionalPodLabels here?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The goal is to be able to set additionalPodLabels on every pod. So we have to handle two parts:
1.) The pod labels for the eraser-controller-manager pod. We define these in deploy.additionalPodLabels, because they are used during the deployment of the controller.
2.) The pod labels for the pods that the controller creates at runtime. We define these in runtimeConfig.manager.additionalPodLabels, because they are used during runtime of the controller.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

got it, thanks for clarifying!


securityContext:
allowPrivilegeEscalation: false
Expand Down
1 change: 1 addition & 0 deletions manifest_staging/deploy/eraser.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -432,6 +432,7 @@ data:
delayOnFailure: 24h
pullSecrets: [] # image pull secrets for collector/scanner/eraser
priorityClassName: "" # priority class name for collector/scanner/eraser
additionalPodLabels: {}
nodeFilter:
type: exclude # must be either exclude|include
selectors:
Expand Down
3 changes: 3 additions & 0 deletions third_party/open-policy-agent/gatekeeper/helmify/kustomize-for-helm.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,9 @@ metadata:
namespace: eraser-system
spec:
template:
metadata:
labels:
HELMSUBST_DEPLOYMENT_CONTROLLER_MANAGER_ADDITIONALPODLABELS: ""
spec:
HELMSUBST_DEPLOYMENT_CONTROLLER_MANAGER_PULL_SECRETS: ""
volumes:
Expand Down
1 change: 1 addition & 0 deletions third_party/open-policy-agent/gatekeeper/helmify/replacements.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,7 @@ var replacements = map[string]string{
`HELMSUBST_DEPLOYMENT_CONTROLLER_MANAGER_AFFINITY: ""`: `{{- toYaml .Values.deploy.affinity | nindent 8 }}`,
`- HELMSUBST_DEPLOYMENT_CONTROLLER_MANAGER_ADDITIONAL_ARGS`: `{{- if .Values.deploy.additionalArgs }}{{- range .Values.deploy.additionalArgs }}{{ nindent 8 "- " }}{{ . }}{{- end -}}{{ end }}`,
`HELMSUBST_CONTROLLER_MANAGER_CONFIG_YAML`: `{{- toYaml .Values.runtimeConfig | nindent 4 }}`,
`HELMSUBST_DEPLOYMENT_CONTROLLER_MANAGER_ADDITIONALPODLABELS: ""`: `{{- if .Values.deploy.additionalPodLabels }}{{- toYaml .Values.deploy.additionalPodLabels | nindent 8 }}{{end}}`,

`HELMSUBST_DEPLOYMENT_CONTROLLER_MANAGER_PULL_SECRETS: ""`: `{{- if .Values.runtimeConfig.manager.pullSecrets }}
imagePullSecrets:
Expand Down
2 changes: 2 additions & 0 deletions third_party/open-policy-agent/gatekeeper/helmify/static/README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -45,6 +45,7 @@ _See [helm install](https://helm.sh/docs/helm/helm_install/) for command documen
| runtimeConfig.manager.imageJob.cleanup | Settings for image job cleanup. | `{}` |
| runtimeConfig.manager.pullSecrets | Image pull secrets for collector/scanner/eraser. | `[]` |
| runtimeConfig.manager.priorityClassName | Priority class name for collector/scanner/eraser. | `""` |
| runtimeConfig.manager.additionalPodLabels | Additional labels for all pods that the controller creates at runtime. | `{}` |
| runtimeConfig.manager.nodeFilter | Filter for nodes. | `{}` |
| runtimeConfig.components.collector | Settings for the collector component. | `{ enabled: false }` |
| runtimeConfig.components.scanner | Settings for the scanner component. | `{ enabled: false }` |
Expand All @@ -54,6 +55,7 @@ _See [helm install](https://helm.sh/docs/helm/helm_install/) for command documen
| deploy.image.tag | Overrides the default image tag. | `""` |
| deploy.additionalArgs | Additional arguments to pass to the command. | `[]` |
| deploy.priorityClassName | Priority class name. | `""` |
| deploy.additionalPodLabels | Additional labels for the controller pod. | `{}` |
| deploy.securityContext.allowPrivilegeEscalation | Whether to allow privilege escalation. | `false` |
| deploy.resources.limits.memory | Memory limit for the resources. | `30Mi` |
| deploy.resources.requests.cpu | CPU request for the resources. | `100m` |
Expand Down
2 changes: 2 additions & 0 deletions third_party/open-policy-agent/gatekeeper/helmify/static/values.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -29,6 +29,7 @@ runtimeConfig:
# delayOnFailure: ""
pullSecrets: [] # image pull secrets for collector/scanner/eraser
priorityClassName: "" # priority class name for collector/scanner/eraser
additionalPodLabels: {}
nodeFilter:
type: exclude # must be either exclude|include
selectors:
Expand Down Expand Up @@ -97,6 +98,7 @@ deploy:
tag: "v1.4.0-beta.0"
additionalArgs: []
priorityClassName: ""
additionalPodLabels: {}

securityContext:
allowPrivilegeEscalation: false
Expand Down
Loading