From 210fb3ca0b4778974bd0892ef20a6b8f74423c20 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Charles-Edouard=20Br=C3=A9t=C3=A9ch=C3=A9?= Date: Sat, 3 Jun 2023 14:47:34 +0200 Subject: [PATCH] fix: missing extraEnvVars in helm chart (#7403) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Charles-Edouard Brétéché --- charts/kyverno/README.md | 3 +++ .../templates/admission-controller/deployment.yaml | 3 ++- .../templates/background-controller/deployment.yaml | 6 +++++- .../kyverno/templates/cleanup-controller/deployment.yaml | 6 +++++- .../kyverno/templates/reports-controller/deployment.yaml | 6 +++++- charts/kyverno/values.yaml | 9 +++++++++ config/install-latest-testing.yaml | 8 ++++---- 7 files changed, 33 insertions(+), 8 deletions(-) diff --git a/charts/kyverno/README.md b/charts/kyverno/README.md index fdbda8b154..11d20244b9 100644 --- a/charts/kyverno/README.md +++ b/charts/kyverno/README.md @@ -407,6 +407,7 @@ The chart values are organised per component. | backgroundController.hostNetwork | bool | `false` | Change `hostNetwork` to `true` when you want the pod to share its host's network namespace. Useful for situations like when you end up dealing with a custom CNI over Amazon EKS. Update the `dnsPolicy` accordingly as well to suit the host network mode. | | backgroundController.dnsPolicy | string | `"ClusterFirst"` | `dnsPolicy` determines the manner in which DNS resolution happens in the cluster. In case of `hostNetwork: true`, usually, the `dnsPolicy` is suitable to be `ClusterFirstWithHostNet`. For further reference: https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/#pod-s-dns-policy. | | backgroundController.extraArgs | object | `{}` | Extra arguments passed to the container on the command line | +| backgroundController.extraEnvVars | list | `[]` | Additional container environment variables. | | backgroundController.resources.limits | object | `{"memory":"128Mi"}` | Pod resource limits | | backgroundController.resources.requests | object | `{"cpu":"100m","memory":"64Mi"}` | Pod resource requests | | backgroundController.nodeSelector | object | `{}` | Node labels for pod assignment | @@ -468,6 +469,7 @@ The chart values are organised per component. | cleanupController.hostNetwork | bool | `false` | Change `hostNetwork` to `true` when you want the pod to share its host's network namespace. Useful for situations like when you end up dealing with a custom CNI over Amazon EKS. Update the `dnsPolicy` accordingly as well to suit the host network mode. | | cleanupController.dnsPolicy | string | `"ClusterFirst"` | `dnsPolicy` determines the manner in which DNS resolution happens in the cluster. In case of `hostNetwork: true`, usually, the `dnsPolicy` is suitable to be `ClusterFirstWithHostNet`. For further reference: https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/#pod-s-dns-policy. | | cleanupController.extraArgs | object | `{}` | Extra arguments passed to the container on the command line | +| cleanupController.extraEnvVars | list | `[]` | Additional container environment variables. | | cleanupController.resources.limits | object | `{"memory":"128Mi"}` | Pod resource limits | | cleanupController.resources.requests | object | `{"cpu":"100m","memory":"64Mi"}` | Pod resource requests | | cleanupController.startupProbe | object | See [values.yaml](values.yaml) | Startup probe. The block is directly forwarded into the deployment, so you can use whatever startupProbes configuration you want. ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/ | @@ -535,6 +537,7 @@ The chart values are organised per component. | reportsController.hostNetwork | bool | `false` | Change `hostNetwork` to `true` when you want the pod to share its host's network namespace. Useful for situations like when you end up dealing with a custom CNI over Amazon EKS. Update the `dnsPolicy` accordingly as well to suit the host network mode. | | reportsController.dnsPolicy | string | `"ClusterFirst"` | `dnsPolicy` determines the manner in which DNS resolution happens in the cluster. In case of `hostNetwork: true`, usually, the `dnsPolicy` is suitable to be `ClusterFirstWithHostNet`. For further reference: https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/#pod-s-dns-policy. | | reportsController.extraArgs | object | `{}` | Extra arguments passed to the container on the command line | +| reportsController.extraEnvVars | list | `[]` | Additional container environment variables. | | reportsController.resources.limits | object | `{"memory":"128Mi"}` | Pod resource limits | | reportsController.resources.requests | object | `{"cpu":"100m","memory":"64Mi"}` | Pod resource requests | | reportsController.nodeSelector | object | `{}` | Node labels for pod assignment | diff --git a/charts/kyverno/templates/admission-controller/deployment.yaml b/charts/kyverno/templates/admission-controller/deployment.yaml index a5bac8909d..be45713c91 100644 --- a/charts/kyverno/templates/admission-controller/deployment.yaml +++ b/charts/kyverno/templates/admission-controller/deployment.yaml @@ -167,7 +167,8 @@ spec: {{- end }} {{- end }} {{- with .Values.admissionController.container.resources }} - resources: {{ tpl (toYaml .) $ | nindent 12 }} + resources: + {{- tpl (toYaml .) $ | nindent 12 }} {{- end }} {{- with .Values.admissionController.container.securityContext }} securityContext: diff --git a/charts/kyverno/templates/background-controller/deployment.yaml b/charts/kyverno/templates/background-controller/deployment.yaml index 4061a90d63..4370057d22 100644 --- a/charts/kyverno/templates/background-controller/deployment.yaml +++ b/charts/kyverno/templates/background-controller/deployment.yaml @@ -131,8 +131,12 @@ spec: valueFrom: fieldRef: fieldPath: metadata.namespace + {{- with .Values.backgroundController.extraEnvVars }} + {{- toYaml . | nindent 10 }} + {{- end }} {{- with .Values.backgroundController.resources }} - resources: {{ tpl (toYaml .) $ | nindent 12 }} + resources: + {{- tpl (toYaml .) $ | nindent 12 }} {{- end }} {{- with .Values.backgroundController.securityContext }} securityContext: diff --git a/charts/kyverno/templates/cleanup-controller/deployment.yaml b/charts/kyverno/templates/cleanup-controller/deployment.yaml index 2d0b13495d..f1da4b905f 100644 --- a/charts/kyverno/templates/cleanup-controller/deployment.yaml +++ b/charts/kyverno/templates/cleanup-controller/deployment.yaml @@ -131,8 +131,12 @@ spec: fieldPath: metadata.namespace - name: KYVERNO_SVC value: {{ template "kyverno.cleanup-controller.name" . }} + {{- with .Values.cleanupController.extraEnvVars }} + {{- toYaml . | nindent 10 }} + {{- end }} {{- with .Values.cleanupController.resources }} - resources: {{ tpl (toYaml .) $ | nindent 12 }} + resources: + {{- tpl (toYaml .) $ | nindent 12 }} {{- end }} {{- with .Values.cleanupController.securityContext }} securityContext: diff --git a/charts/kyverno/templates/reports-controller/deployment.yaml b/charts/kyverno/templates/reports-controller/deployment.yaml index b9bd15bb8e..c688826918 100644 --- a/charts/kyverno/templates/reports-controller/deployment.yaml +++ b/charts/kyverno/templates/reports-controller/deployment.yaml @@ -137,8 +137,12 @@ spec: fieldPath: metadata.namespace - name: TUF_ROOT value: {{ .Values.reportsController.tufRootMountPath }} + {{- with .Values.reportsController.extraEnvVars }} + {{- toYaml . | nindent 10 }} + {{- end }} {{- with .Values.reportsController.resources }} - resources: {{ tpl (toYaml .) $ | nindent 12 }} + resources: + {{- tpl (toYaml .) $ | nindent 12 }} {{- end }} {{- with .Values.reportsController.securityContext }} securityContext: diff --git a/charts/kyverno/values.yaml b/charts/kyverno/values.yaml index f79b8031fb..96a4753c49 100644 --- a/charts/kyverno/values.yaml +++ b/charts/kyverno/values.yaml @@ -904,6 +904,9 @@ backgroundController: # -- Extra arguments passed to the container on the command line extraArgs: {} + # -- Additional container environment variables. + extraEnvVars: [] + resources: # -- Pod resource limits limits: @@ -1115,6 +1118,9 @@ cleanupController: # -- Extra arguments passed to the container on the command line extraArgs: {} + # -- Additional container environment variables. + extraEnvVars: [] + resources: # -- Pod resource limits limits: @@ -1376,6 +1382,9 @@ reportsController: # -- Extra arguments passed to the container on the command line extraArgs: {} + # -- Additional container environment variables. + extraEnvVars: [] + resources: # -- Pod resource limits limits: diff --git a/config/install-latest-testing.yaml b/config/install-latest-testing.yaml index 2508c1fd27..ffe92c6e46 100644 --- a/config/install-latest-testing.yaml +++ b/config/install-latest-testing.yaml @@ -37292,7 +37292,7 @@ spec: - --protectManagedResources=false - --allowInsecureRegistry=false - --registryCredentialHelpers=default,google,amazon,azure,github - resources: + resources: limits: memory: 384Mi requests: @@ -37446,7 +37446,7 @@ spec: valueFrom: fieldRef: fieldPath: metadata.namespace - resources: + resources: limits: memory: 128Mi requests: @@ -37542,7 +37542,7 @@ spec: fieldPath: metadata.namespace - name: KYVERNO_SVC value: kyverno-cleanup-controller - resources: + resources: limits: memory: 128Mi requests: @@ -37672,7 +37672,7 @@ spec: fieldPath: metadata.namespace - name: TUF_ROOT value: /.sigstore - resources: + resources: limits: memory: 128Mi requests: