1
0
Fork 0
mirror of https://github.com/kyverno/kyverno.git synced 2024-12-14 11:57:48 +00:00

fix: add tolerations and affinity to the post-upgrate hook (#9156) (#9164)

Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>
This commit is contained in:
Mariam Fahmy 2023-12-15 16:00:51 +02:00 committed by GitHub
parent d3d0eb354f
commit c073f7c2ba
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
4 changed files with 37 additions and 0 deletions

View file

@ -77,6 +77,8 @@ annotations:
description: added TUF flags for custom sigstore deployments
- kind: fixed
description: Fix Helm chart to not error when replicas defined
- kind: added
description: allow tolerations and affinity settings for reportsCleanup
dependencies:
- name: grafana
version: "0.0.0"

View file

@ -722,6 +722,10 @@ The chart values are organised per component.
| policyReportsCleanup.image.pullPolicy | string | `nil` | Image pull policy Defaults to image.pullPolicy if omitted |
| policyReportsCleanup.podSecurityContext | object | `{}` | Security context for the pod |
| policyReportsCleanup.nodeSelector | object | `{}` | Node labels for pod assignment |
| policyReportsCleanup.tolerations | list | `[]` | List of node taints to tolerate |
| policyReportsCleanup.podAntiAffinity | object | `{}` | Pod anti affinity constraints. |
| policyReportsCleanup.podAffinity | object | `{}` | Pod affinity constraints. |
| policyReportsCleanup.nodeAffinity | object | `{}` | Node affinity constraints. |
| policyReportsCleanup.securityContext | object | `{"allowPrivilegeEscalation":false,"capabilities":{"drop":["ALL"]},"privileged":false,"readOnlyRootFilesystem":true,"runAsGroup":65534,"runAsNonRoot":true,"runAsUser":65534,"seccompProfile":{"type":"RuntimeDefault"}}` | Security context for the hook containers |
## TLS Configuration

View file

@ -54,9 +54,28 @@ spec:
securityContext:
{{- toYaml . | nindent 12 }}
{{- end }}
{{- with .Values.policyReportsCleanup.tolerations }}
tolerations:
{{- tpl (toYaml .) $ | nindent 8 }}
{{- end }}
{{- with .Values.policyReportsCleanup.nodeSelector }}
nodeSelector:
{{- tpl (toYaml .) $ | nindent 8 }}
{{- end }}
{{- if or .Values.policyReportsCleanup.podAntiAffinity .Values.policyReportsCleanup.podAffinity .Values.policyReportsCleanup.nodeAffinity }}
affinity:
{{- with .Values.policyReportsCleanup.podAntiAffinity }}
podAntiAffinity:
{{- tpl (toYaml .) $ | nindent 10 }}
{{- end }}
{{- with .Values.policyReportsCleanup.podAffinity }}
podAffinity:
{{- tpl (toYaml .) $ | nindent 10 }}
{{- end }}
{{- with .Values.policyReportsCleanup.nodeAffinity }}
nodeAffinity:
{{- tpl (toYaml .) $ | nindent 10 }}
{{- end }}
{{- end }}
{{- end -}}
{{- end -}}

View file

@ -397,6 +397,18 @@ policyReportsCleanup:
# -- Node labels for pod assignment
nodeSelector: {}
# -- List of node taints to tolerate
tolerations: []
# -- Pod anti affinity constraints.
podAntiAffinity: {}
# -- Pod affinity constraints.
podAffinity: {}
# -- Node affinity constraints.
nodeAffinity: {}
# -- Security context for the hook containers
securityContext:
runAsUser: 65534