From 6d308a970ee44948ecfd33fa33431dca7d64963e Mon Sep 17 00:00:00 2001 From: Ronaldo Saheki Date: Thu, 17 Jul 2025 15:19:44 +0100 Subject: [PATCH 1/3] Improve helmchart template Add template for nodeSelector, affinity, topologySpreadConstraints, additional annotations, volumes and imagePullSecrets. Signed-off-by: Ronaldo Saheki --- .../templates/config/manager/config.go | 36 +++++++++++++++++-- .../chart-templates/manager/manager.go | 29 +++++++++++++++ .../scaffolds/internal/templates/values.go | 19 ++++++++++ 3 files changed, 82 insertions(+), 2 deletions(-) diff --git a/pkg/plugins/common/kustomize/v2/scaffolds/internal/templates/config/manager/config.go b/pkg/plugins/common/kustomize/v2/scaffolds/internal/templates/config/manager/config.go index de91d28a6ea..d21583ef544 100644 --- a/pkg/plugins/common/kustomize/v2/scaffolds/internal/templates/config/manager/config.go +++ b/pkg/plugins/common/kustomize/v2/scaffolds/internal/templates/config/manager/config.go @@ -76,6 +76,12 @@ spec: control-plane: controller-manager app.kubernetes.io/name: {{ .ProjectName }} spec: + # Annotations for the manager pod + # annotations: + # example-annotation: "value" + # Node selector for scheduling the manager pod + # nodeSelector: + # disktype: ssd # TODO(user): Uncomment the following code to configure the nodeAffinity expression # according to the platforms which are supported by your solution. # It is considered best practice to support multiple architectures. You can @@ -90,12 +96,27 @@ spec: # values: # - amd64 # - arm64 - # - ppc64le - # - s390x # - key: kubernetes.io/os # operator: In # values: # - linux + # Tolerations for the manager pod + # tolerations: + # - key: "key1" + # operator: "Equal" + # value: "value1" + # effect: "NoSchedule" + # Topology spread constraints for the manager pod + # topologySpreadConstraints: + # - maxSkew: 1 + # topologyKey: "topology.kubernetes.io/zone" + # whenUnsatisfiable: "ScheduleAnyway" + # labelSelector: + # matchLabels: + # app: controller-manager + # imagePullSecrets for pulling images from private registries + # imagePullSecrets: + # - name: myregistrykey securityContext: # Projects are configured by default to adhere to the "restricted" Pod Security Standards. # This ensures that deployments meet the highest security requirements for Kubernetes. @@ -111,6 +132,8 @@ spec: - --health-probe-bind-address=:8081 image: {{ .Image }} name: manager + # imagePullPolicy for the manager container (e.g., Always, IfNotPresent, Never) + # imagePullPolicy: IfNotPresent ports: [] securityContext: readOnlyRootFilesystem: true @@ -139,7 +162,16 @@ spec: requests: cpu: 10m memory: 64Mi + # Extra volumeMounts for the manager container + # volumeMounts: + # - name: extra-config + # mountPath: /etc/extra volumeMounts: [] + # Extra volumes for the manager pod + # volumes: + # - name: extra-config + # configMap: + # name: extra-config volumes: [] serviceAccountName: controller-manager terminationGracePeriodSeconds: 10 diff --git a/pkg/plugins/optional/helm/v1alpha/scaffolds/internal/templates/chart-templates/manager/manager.go b/pkg/plugins/optional/helm/v1alpha/scaffolds/internal/templates/chart-templates/manager/manager.go index e6b2cdf36ba..d02b5515e18 100644 --- a/pkg/plugins/optional/helm/v1alpha/scaffolds/internal/templates/chart-templates/manager/manager.go +++ b/pkg/plugins/optional/helm/v1alpha/scaffolds/internal/templates/chart-templates/manager/manager.go @@ -73,6 +73,9 @@ spec: metadata: annotations: kubectl.kubernetes.io/default-container: manager + {{ "{{- with .Values.controllerManager.pod.annotations }}" }} + {{ "{{- toYaml . | nindent 8 }}" }} + {{ "{{- end }}" }} labels: {{ "{{- include \"chart.labels\" . | nindent 8 }}" }} control-plane: controller-manager @@ -132,11 +135,34 @@ spec: mountPath: /tmp/k8s-metrics-server/metrics-certs readOnly: true {{ "{{- end }}" }} + {{ "{{- with .Values.controllerManager.pod.extraVolumeMounts }}" }} + {{ "{{- toYaml . | nindent 12 }}" }} + {{ "{{- end }}" }} {{ "{{- end }}" }} securityContext: {{ "{{- toYaml .Values.controllerManager.securityContext | nindent 8 }}" }} serviceAccountName: {{ "{{ .Values.controllerManager.serviceAccountName }}" }} terminationGracePeriodSeconds: {{ "{{ .Values.controllerManager.terminationGracePeriodSeconds }}" }} + {{ "{{- with .Values.controllerManager.pod.imagePullSecrets }}" }} + imagePullSecrets: + {{ "{{- toYaml . | nindent 8 }}" }} + {{ "{{- end }}" }} + {{ "{{- with .Values.controllerManager.pod.nodeSelector }}" }} + nodeSelector: + {{ "{{- toYaml . | nindent 8 }}" }} + {{ "{{- end }}" }} + {{ "{{- with .Values.controllerManager.pod.affinity }}" }} + affinity: + {{ "{{- toYaml . | nindent 8 }}" }} + {{ "{{- end }}" }} + {{ "{{- with .Values.controllerManager.pod.tolerations }}" }} + tolerations: + {{ "{{- toYaml . | nindent 8 }}" }} + {{ "{{- end }}" }} + {{ "{{- with .Values.controllerManager.pod.topologySpreadConstraints }}" }} + topologySpreadConstraints: + {{ "{{- toYaml . | nindent 8 }}" }} + {{ "{{- end }}" }} {{- if .HasWebhooks }} {{ "{{- if and .Values.certmanager.enable (or .Values.webhook.enable .Values.metrics.enable) }}" }} {{- else }} @@ -155,5 +181,8 @@ spec: secret: secretName: metrics-server-cert {{ "{{- end }}" }} + {{ "{{- with .Values.controllerManager.pod.extraVolumes }}" }} + {{ "{{- toYaml . | nindent 8 }}" }} + {{ "{{- end }}" }} {{ "{{- end }}" }} ` diff --git a/pkg/plugins/optional/helm/v1alpha/scaffolds/internal/templates/values.go b/pkg/plugins/optional/helm/v1alpha/scaffolds/internal/templates/values.go index 86942894636..19453a5584a 100644 --- a/pkg/plugins/optional/helm/v1alpha/scaffolds/internal/templates/values.go +++ b/pkg/plugins/optional/helm/v1alpha/scaffolds/internal/templates/values.go @@ -55,10 +55,29 @@ func (f *HelmValues) SetTemplateDefaults() error { const helmValuesTemplate = `# [MANAGER]: Manager Deployment Configurations controllerManager: replicas: 1 + pod: + # imagePullSecrets for pulling images from private registries + imagePullSecrets: [] + # nodeSelector for scheduling the manager pod + nodeSelector: {} + # affinity rules for the manager pod + affinity: {} + # tolerations for the manager pod + tolerations: [] + # topologySpreadConstraints for the manager pod + topologySpreadConstraints: [] + # extraVolumeMounts for additional volumeMounts in the manager container + extraVolumeMounts: [] + # extraVolumes for additional volumes in the manager pod + extraVolumes: [] + # annotations for the manager pod + annotations: {} container: image: repository: controller tag: latest + # imagePullPolicy for the manager container (e.g., Always, IfNotPresent, Never) + imagePullPolicy: IfNotPresent args: - "--leader-elect" - "--metrics-bind-address=:8443" From c01573f0b960cd93767c91ed9e5cd5d7921e6a39 Mon Sep 17 00:00:00 2001 From: Ronaldo Saheki Date: Fri, 18 Jul 2025 16:00:00 +0100 Subject: [PATCH 2/3] Update commited testdata Signed-off-by: Ronaldo Saheki --- .../templates/config/manager/config.go | 16 +++++--- .../config/manager/manager.yaml | 40 ++++++++++++++++++- .../config/manager/manager.yaml | 40 ++++++++++++++++++- .../dist/chart/templates/manager/manager.yaml | 29 ++++++++++++++ .../dist/chart/values.yaml | 19 +++++++++ .../project-v4/config/manager/manager.yaml | 40 ++++++++++++++++++- 6 files changed, 172 insertions(+), 12 deletions(-) diff --git a/pkg/plugins/common/kustomize/v2/scaffolds/internal/templates/config/manager/config.go b/pkg/plugins/common/kustomize/v2/scaffolds/internal/templates/config/manager/config.go index d21583ef544..c9b4cc97ec5 100644 --- a/pkg/plugins/common/kustomize/v2/scaffolds/internal/templates/config/manager/config.go +++ b/pkg/plugins/common/kustomize/v2/scaffolds/internal/templates/config/manager/config.go @@ -76,12 +76,6 @@ spec: control-plane: controller-manager app.kubernetes.io/name: {{ .ProjectName }} spec: - # Annotations for the manager pod - # annotations: - # example-annotation: "value" - # Node selector for scheduling the manager pod - # nodeSelector: - # disktype: ssd # TODO(user): Uncomment the following code to configure the nodeAffinity expression # according to the platforms which are supported by your solution. # It is considered best practice to support multiple architectures. You can @@ -100,6 +94,16 @@ spec: # operator: In # values: # - linux + # TODO(user): Uncomment the following code to configure the nodeSelector expression + # annotations, nodeSelector, tolerations, topologySpreadConstraints. + # nodeSelector: + # disktype: ssd + # Annotations for the manager pod + # annotations: + # example-annotation: "value" + # Node selector for scheduling the manager pod + # nodeSelector: + # disktype: ssd # Tolerations for the manager pod # tolerations: # - key: "key1" diff --git a/testdata/project-v4-multigroup/config/manager/manager.yaml b/testdata/project-v4-multigroup/config/manager/manager.yaml index 6595f5d2236..66d142c6852 100644 --- a/testdata/project-v4-multigroup/config/manager/manager.yaml +++ b/testdata/project-v4-multigroup/config/manager/manager.yaml @@ -44,12 +44,37 @@ spec: # values: # - amd64 # - arm64 - # - ppc64le - # - s390x # - key: kubernetes.io/os # operator: In # values: # - linux + # TODO(user): Uncomment the following code to configure the nodeSelector expression + # annotations, nodeSelector, tolerations, topologySpreadConstraints. + # nodeSelector: + # disktype: ssd + # Annotations for the manager pod + # annotations: + # example-annotation: "value" + # Node selector for scheduling the manager pod + # nodeSelector: + # disktype: ssd + # Tolerations for the manager pod + # tolerations: + # - key: "key1" + # operator: "Equal" + # value: "value1" + # effect: "NoSchedule" + # Topology spread constraints for the manager pod + # topologySpreadConstraints: + # - maxSkew: 1 + # topologyKey: "topology.kubernetes.io/zone" + # whenUnsatisfiable: "ScheduleAnyway" + # labelSelector: + # matchLabels: + # app: controller-manager + # imagePullSecrets for pulling images from private registries + # imagePullSecrets: + # - name: myregistrykey securityContext: # Projects are configured by default to adhere to the "restricted" Pod Security Standards. # This ensures that deployments meet the highest security requirements for Kubernetes. @@ -70,6 +95,8 @@ spec: value: busybox:1.36.1 - name: MEMCACHED_IMAGE value: memcached:1.6.26-alpine3.19 + # imagePullPolicy for the manager container (e.g., Always, IfNotPresent, Never) + # imagePullPolicy: IfNotPresent ports: [] securityContext: readOnlyRootFilesystem: true @@ -98,7 +125,16 @@ spec: requests: cpu: 10m memory: 64Mi + # Extra volumeMounts for the manager container + # volumeMounts: + # - name: extra-config + # mountPath: /etc/extra volumeMounts: [] + # Extra volumes for the manager pod + # volumes: + # - name: extra-config + # configMap: + # name: extra-config volumes: [] serviceAccountName: controller-manager terminationGracePeriodSeconds: 10 diff --git a/testdata/project-v4-with-plugins/config/manager/manager.yaml b/testdata/project-v4-with-plugins/config/manager/manager.yaml index 82c7dbc38c3..1236e9ac578 100644 --- a/testdata/project-v4-with-plugins/config/manager/manager.yaml +++ b/testdata/project-v4-with-plugins/config/manager/manager.yaml @@ -44,12 +44,37 @@ spec: # values: # - amd64 # - arm64 - # - ppc64le - # - s390x # - key: kubernetes.io/os # operator: In # values: # - linux + # TODO(user): Uncomment the following code to configure the nodeSelector expression + # annotations, nodeSelector, tolerations, topologySpreadConstraints. + # nodeSelector: + # disktype: ssd + # Annotations for the manager pod + # annotations: + # example-annotation: "value" + # Node selector for scheduling the manager pod + # nodeSelector: + # disktype: ssd + # Tolerations for the manager pod + # tolerations: + # - key: "key1" + # operator: "Equal" + # value: "value1" + # effect: "NoSchedule" + # Topology spread constraints for the manager pod + # topologySpreadConstraints: + # - maxSkew: 1 + # topologyKey: "topology.kubernetes.io/zone" + # whenUnsatisfiable: "ScheduleAnyway" + # labelSelector: + # matchLabels: + # app: controller-manager + # imagePullSecrets for pulling images from private registries + # imagePullSecrets: + # - name: myregistrykey securityContext: # Projects are configured by default to adhere to the "restricted" Pod Security Standards. # This ensures that deployments meet the highest security requirements for Kubernetes. @@ -70,6 +95,8 @@ spec: value: busybox:1.36.1 - name: MEMCACHED_IMAGE value: memcached:1.6.26-alpine3.19 + # imagePullPolicy for the manager container (e.g., Always, IfNotPresent, Never) + # imagePullPolicy: IfNotPresent ports: [] securityContext: readOnlyRootFilesystem: true @@ -98,7 +125,16 @@ spec: requests: cpu: 10m memory: 64Mi + # Extra volumeMounts for the manager container + # volumeMounts: + # - name: extra-config + # mountPath: /etc/extra volumeMounts: [] + # Extra volumes for the manager pod + # volumes: + # - name: extra-config + # configMap: + # name: extra-config volumes: [] serviceAccountName: controller-manager terminationGracePeriodSeconds: 10 diff --git a/testdata/project-v4-with-plugins/dist/chart/templates/manager/manager.yaml b/testdata/project-v4-with-plugins/dist/chart/templates/manager/manager.yaml index f37cfc16711..f72c83d60af 100644 --- a/testdata/project-v4-with-plugins/dist/chart/templates/manager/manager.yaml +++ b/testdata/project-v4-with-plugins/dist/chart/templates/manager/manager.yaml @@ -16,6 +16,9 @@ spec: metadata: annotations: kubectl.kubernetes.io/default-container: manager + {{- with .Values.controllerManager.pod.annotations }} + {{- toYaml . | nindent 8 }} + {{- end }} labels: {{- include "chart.labels" . | nindent 8 }} control-plane: controller-manager @@ -67,11 +70,34 @@ spec: mountPath: /tmp/k8s-metrics-server/metrics-certs readOnly: true {{- end }} + {{- with .Values.controllerManager.pod.extraVolumeMounts }} + {{- toYaml . | nindent 12 }} + {{- end }} {{- end }} securityContext: {{- toYaml .Values.controllerManager.securityContext | nindent 8 }} serviceAccountName: {{ .Values.controllerManager.serviceAccountName }} terminationGracePeriodSeconds: {{ .Values.controllerManager.terminationGracePeriodSeconds }} + {{- with .Values.controllerManager.pod.imagePullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.controllerManager.pod.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.controllerManager.pod.affinity }} + affinity: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.controllerManager.pod.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.controllerManager.pod.topologySpreadConstraints }} + topologySpreadConstraints: + {{- toYaml . | nindent 8 }} + {{- end }} {{- if and .Values.certmanager.enable (or .Values.webhook.enable .Values.metrics.enable) }} volumes: {{- if and .Values.webhook.enable .Values.certmanager.enable }} @@ -84,4 +110,7 @@ spec: secret: secretName: metrics-server-cert {{- end }} + {{- with .Values.controllerManager.pod.extraVolumes }} + {{- toYaml . | nindent 8 }} + {{- end }} {{- end }} diff --git a/testdata/project-v4-with-plugins/dist/chart/values.yaml b/testdata/project-v4-with-plugins/dist/chart/values.yaml index 89757cd37f7..b9eebc9cb6c 100644 --- a/testdata/project-v4-with-plugins/dist/chart/values.yaml +++ b/testdata/project-v4-with-plugins/dist/chart/values.yaml @@ -1,10 +1,29 @@ # [MANAGER]: Manager Deployment Configurations controllerManager: replicas: 1 + pod: + # imagePullSecrets for pulling images from private registries + imagePullSecrets: [] + # nodeSelector for scheduling the manager pod + nodeSelector: {} + # affinity rules for the manager pod + affinity: {} + # tolerations for the manager pod + tolerations: [] + # topologySpreadConstraints for the manager pod + topologySpreadConstraints: [] + # extraVolumeMounts for additional volumeMounts in the manager container + extraVolumeMounts: [] + # extraVolumes for additional volumes in the manager pod + extraVolumes: [] + # annotations for the manager pod + annotations: {} container: image: repository: controller tag: latest + # imagePullPolicy for the manager container (e.g., Always, IfNotPresent, Never) + imagePullPolicy: IfNotPresent args: - "--leader-elect" - "--metrics-bind-address=:8443" diff --git a/testdata/project-v4/config/manager/manager.yaml b/testdata/project-v4/config/manager/manager.yaml index 90cbcc10c8f..41612cd217d 100644 --- a/testdata/project-v4/config/manager/manager.yaml +++ b/testdata/project-v4/config/manager/manager.yaml @@ -44,12 +44,37 @@ spec: # values: # - amd64 # - arm64 - # - ppc64le - # - s390x # - key: kubernetes.io/os # operator: In # values: # - linux + # TODO(user): Uncomment the following code to configure the nodeSelector expression + # annotations, nodeSelector, tolerations, topologySpreadConstraints. + # nodeSelector: + # disktype: ssd + # Annotations for the manager pod + # annotations: + # example-annotation: "value" + # Node selector for scheduling the manager pod + # nodeSelector: + # disktype: ssd + # Tolerations for the manager pod + # tolerations: + # - key: "key1" + # operator: "Equal" + # value: "value1" + # effect: "NoSchedule" + # Topology spread constraints for the manager pod + # topologySpreadConstraints: + # - maxSkew: 1 + # topologyKey: "topology.kubernetes.io/zone" + # whenUnsatisfiable: "ScheduleAnyway" + # labelSelector: + # matchLabels: + # app: controller-manager + # imagePullSecrets for pulling images from private registries + # imagePullSecrets: + # - name: myregistrykey securityContext: # Projects are configured by default to adhere to the "restricted" Pod Security Standards. # This ensures that deployments meet the highest security requirements for Kubernetes. @@ -65,6 +90,8 @@ spec: - --health-probe-bind-address=:8081 image: controller:latest name: manager + # imagePullPolicy for the manager container (e.g., Always, IfNotPresent, Never) + # imagePullPolicy: IfNotPresent ports: [] securityContext: readOnlyRootFilesystem: true @@ -93,7 +120,16 @@ spec: requests: cpu: 10m memory: 64Mi + # Extra volumeMounts for the manager container + # volumeMounts: + # - name: extra-config + # mountPath: /etc/extra volumeMounts: [] + # Extra volumes for the manager pod + # volumes: + # - name: extra-config + # configMap: + # name: extra-config volumes: [] serviceAccountName: controller-manager terminationGracePeriodSeconds: 10 From 7f55bfd41fde832b9bdfabf2c026d40e9e18acfd Mon Sep 17 00:00:00 2001 From: Ronaldo Saheki Date: Mon, 21 Jul 2025 09:42:34 +0100 Subject: [PATCH 3/3] Regenerated docs after helm and kustomize changes Signed-off-by: Ronaldo Saheki --- .../project/config/manager/manager.yaml | 40 ++++++++++++++++++- .../dist/chart/templates/manager/manager.yaml | 29 ++++++++++++++ .../testdata/project/dist/chart/values.yaml | 19 +++++++++ .../project/config/manager/manager.yaml | 40 ++++++++++++++++++- .../dist/chart/templates/manager/manager.yaml | 29 ++++++++++++++ .../testdata/project/dist/chart/values.yaml | 19 +++++++++ .../project/config/manager/manager.yaml | 40 ++++++++++++++++++- .../dist/chart/templates/manager/manager.yaml | 29 ++++++++++++++ .../testdata/project/dist/chart/values.yaml | 19 +++++++++ 9 files changed, 258 insertions(+), 6 deletions(-) diff --git a/docs/book/src/cronjob-tutorial/testdata/project/config/manager/manager.yaml b/docs/book/src/cronjob-tutorial/testdata/project/config/manager/manager.yaml index 8fb2249a918..02ff9ed6e2f 100644 --- a/docs/book/src/cronjob-tutorial/testdata/project/config/manager/manager.yaml +++ b/docs/book/src/cronjob-tutorial/testdata/project/config/manager/manager.yaml @@ -44,12 +44,37 @@ spec: # values: # - amd64 # - arm64 - # - ppc64le - # - s390x # - key: kubernetes.io/os # operator: In # values: # - linux + # TODO(user): Uncomment the following code to configure the nodeSelector expression + # annotations, nodeSelector, tolerations, topologySpreadConstraints. + # nodeSelector: + # disktype: ssd + # Annotations for the manager pod + # annotations: + # example-annotation: "value" + # Node selector for scheduling the manager pod + # nodeSelector: + # disktype: ssd + # Tolerations for the manager pod + # tolerations: + # - key: "key1" + # operator: "Equal" + # value: "value1" + # effect: "NoSchedule" + # Topology spread constraints for the manager pod + # topologySpreadConstraints: + # - maxSkew: 1 + # topologyKey: "topology.kubernetes.io/zone" + # whenUnsatisfiable: "ScheduleAnyway" + # labelSelector: + # matchLabels: + # app: controller-manager + # imagePullSecrets for pulling images from private registries + # imagePullSecrets: + # - name: myregistrykey securityContext: # Projects are configured by default to adhere to the "restricted" Pod Security Standards. # This ensures that deployments meet the highest security requirements for Kubernetes. @@ -65,6 +90,8 @@ spec: - --health-probe-bind-address=:8081 image: controller:latest name: manager + # imagePullPolicy for the manager container (e.g., Always, IfNotPresent, Never) + # imagePullPolicy: IfNotPresent ports: [] securityContext: readOnlyRootFilesystem: true @@ -93,7 +120,16 @@ spec: requests: cpu: 10m memory: 64Mi + # Extra volumeMounts for the manager container + # volumeMounts: + # - name: extra-config + # mountPath: /etc/extra volumeMounts: [] + # Extra volumes for the manager pod + # volumes: + # - name: extra-config + # configMap: + # name: extra-config volumes: [] serviceAccountName: controller-manager terminationGracePeriodSeconds: 10 diff --git a/docs/book/src/cronjob-tutorial/testdata/project/dist/chart/templates/manager/manager.yaml b/docs/book/src/cronjob-tutorial/testdata/project/dist/chart/templates/manager/manager.yaml index d21ba52a883..ed8133bff65 100644 --- a/docs/book/src/cronjob-tutorial/testdata/project/dist/chart/templates/manager/manager.yaml +++ b/docs/book/src/cronjob-tutorial/testdata/project/dist/chart/templates/manager/manager.yaml @@ -16,6 +16,9 @@ spec: metadata: annotations: kubectl.kubernetes.io/default-container: manager + {{- with .Values.controllerManager.pod.annotations }} + {{- toYaml . | nindent 8 }} + {{- end }} labels: {{- include "chart.labels" . | nindent 8 }} control-plane: controller-manager @@ -67,11 +70,34 @@ spec: mountPath: /tmp/k8s-metrics-server/metrics-certs readOnly: true {{- end }} + {{- with .Values.controllerManager.pod.extraVolumeMounts }} + {{- toYaml . | nindent 12 }} + {{- end }} {{- end }} securityContext: {{- toYaml .Values.controllerManager.securityContext | nindent 8 }} serviceAccountName: {{ .Values.controllerManager.serviceAccountName }} terminationGracePeriodSeconds: {{ .Values.controllerManager.terminationGracePeriodSeconds }} + {{- with .Values.controllerManager.pod.imagePullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.controllerManager.pod.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.controllerManager.pod.affinity }} + affinity: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.controllerManager.pod.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.controllerManager.pod.topologySpreadConstraints }} + topologySpreadConstraints: + {{- toYaml . | nindent 8 }} + {{- end }} {{- if and .Values.certmanager.enable (or .Values.webhook.enable .Values.metrics.enable) }} volumes: {{- if and .Values.webhook.enable .Values.certmanager.enable }} @@ -84,4 +110,7 @@ spec: secret: secretName: metrics-server-cert {{- end }} + {{- with .Values.controllerManager.pod.extraVolumes }} + {{- toYaml . | nindent 8 }} + {{- end }} {{- end }} diff --git a/docs/book/src/cronjob-tutorial/testdata/project/dist/chart/values.yaml b/docs/book/src/cronjob-tutorial/testdata/project/dist/chart/values.yaml index 6f6e23f083c..8e758be2f47 100644 --- a/docs/book/src/cronjob-tutorial/testdata/project/dist/chart/values.yaml +++ b/docs/book/src/cronjob-tutorial/testdata/project/dist/chart/values.yaml @@ -1,10 +1,29 @@ # [MANAGER]: Manager Deployment Configurations controllerManager: replicas: 1 + pod: + # imagePullSecrets for pulling images from private registries + imagePullSecrets: [] + # nodeSelector for scheduling the manager pod + nodeSelector: {} + # affinity rules for the manager pod + affinity: {} + # tolerations for the manager pod + tolerations: [] + # topologySpreadConstraints for the manager pod + topologySpreadConstraints: [] + # extraVolumeMounts for additional volumeMounts in the manager container + extraVolumeMounts: [] + # extraVolumes for additional volumes in the manager pod + extraVolumes: [] + # annotations for the manager pod + annotations: {} container: image: repository: controller tag: latest + # imagePullPolicy for the manager container (e.g., Always, IfNotPresent, Never) + imagePullPolicy: IfNotPresent args: - "--leader-elect" - "--metrics-bind-address=:8443" diff --git a/docs/book/src/getting-started/testdata/project/config/manager/manager.yaml b/docs/book/src/getting-started/testdata/project/config/manager/manager.yaml index 8fb2249a918..02ff9ed6e2f 100644 --- a/docs/book/src/getting-started/testdata/project/config/manager/manager.yaml +++ b/docs/book/src/getting-started/testdata/project/config/manager/manager.yaml @@ -44,12 +44,37 @@ spec: # values: # - amd64 # - arm64 - # - ppc64le - # - s390x # - key: kubernetes.io/os # operator: In # values: # - linux + # TODO(user): Uncomment the following code to configure the nodeSelector expression + # annotations, nodeSelector, tolerations, topologySpreadConstraints. + # nodeSelector: + # disktype: ssd + # Annotations for the manager pod + # annotations: + # example-annotation: "value" + # Node selector for scheduling the manager pod + # nodeSelector: + # disktype: ssd + # Tolerations for the manager pod + # tolerations: + # - key: "key1" + # operator: "Equal" + # value: "value1" + # effect: "NoSchedule" + # Topology spread constraints for the manager pod + # topologySpreadConstraints: + # - maxSkew: 1 + # topologyKey: "topology.kubernetes.io/zone" + # whenUnsatisfiable: "ScheduleAnyway" + # labelSelector: + # matchLabels: + # app: controller-manager + # imagePullSecrets for pulling images from private registries + # imagePullSecrets: + # - name: myregistrykey securityContext: # Projects are configured by default to adhere to the "restricted" Pod Security Standards. # This ensures that deployments meet the highest security requirements for Kubernetes. @@ -65,6 +90,8 @@ spec: - --health-probe-bind-address=:8081 image: controller:latest name: manager + # imagePullPolicy for the manager container (e.g., Always, IfNotPresent, Never) + # imagePullPolicy: IfNotPresent ports: [] securityContext: readOnlyRootFilesystem: true @@ -93,7 +120,16 @@ spec: requests: cpu: 10m memory: 64Mi + # Extra volumeMounts for the manager container + # volumeMounts: + # - name: extra-config + # mountPath: /etc/extra volumeMounts: [] + # Extra volumes for the manager pod + # volumes: + # - name: extra-config + # configMap: + # name: extra-config volumes: [] serviceAccountName: controller-manager terminationGracePeriodSeconds: 10 diff --git a/docs/book/src/getting-started/testdata/project/dist/chart/templates/manager/manager.yaml b/docs/book/src/getting-started/testdata/project/dist/chart/templates/manager/manager.yaml index 2fecf33314f..3b0247f8f8a 100644 --- a/docs/book/src/getting-started/testdata/project/dist/chart/templates/manager/manager.yaml +++ b/docs/book/src/getting-started/testdata/project/dist/chart/templates/manager/manager.yaml @@ -16,6 +16,9 @@ spec: metadata: annotations: kubectl.kubernetes.io/default-container: manager + {{- with .Values.controllerManager.pod.annotations }} + {{- toYaml . | nindent 8 }} + {{- end }} labels: {{- include "chart.labels" . | nindent 8 }} control-plane: controller-manager @@ -56,11 +59,34 @@ spec: mountPath: /tmp/k8s-metrics-server/metrics-certs readOnly: true {{- end }} + {{- with .Values.controllerManager.pod.extraVolumeMounts }} + {{- toYaml . | nindent 12 }} + {{- end }} {{- end }} securityContext: {{- toYaml .Values.controllerManager.securityContext | nindent 8 }} serviceAccountName: {{ .Values.controllerManager.serviceAccountName }} terminationGracePeriodSeconds: {{ .Values.controllerManager.terminationGracePeriodSeconds }} + {{- with .Values.controllerManager.pod.imagePullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.controllerManager.pod.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.controllerManager.pod.affinity }} + affinity: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.controllerManager.pod.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.controllerManager.pod.topologySpreadConstraints }} + topologySpreadConstraints: + {{- toYaml . | nindent 8 }} + {{- end }} {{- if and .Values.certmanager.enable .Values.metrics.enable }} volumes: {{- if and .Values.metrics.enable .Values.certmanager.enable }} @@ -68,4 +94,7 @@ spec: secret: secretName: metrics-server-cert {{- end }} + {{- with .Values.controllerManager.pod.extraVolumes }} + {{- toYaml . | nindent 8 }} + {{- end }} {{- end }} diff --git a/docs/book/src/getting-started/testdata/project/dist/chart/values.yaml b/docs/book/src/getting-started/testdata/project/dist/chart/values.yaml index f1817cdd495..f348810de5c 100644 --- a/docs/book/src/getting-started/testdata/project/dist/chart/values.yaml +++ b/docs/book/src/getting-started/testdata/project/dist/chart/values.yaml @@ -1,10 +1,29 @@ # [MANAGER]: Manager Deployment Configurations controllerManager: replicas: 1 + pod: + # imagePullSecrets for pulling images from private registries + imagePullSecrets: [] + # nodeSelector for scheduling the manager pod + nodeSelector: {} + # affinity rules for the manager pod + affinity: {} + # tolerations for the manager pod + tolerations: [] + # topologySpreadConstraints for the manager pod + topologySpreadConstraints: [] + # extraVolumeMounts for additional volumeMounts in the manager container + extraVolumeMounts: [] + # extraVolumes for additional volumes in the manager pod + extraVolumes: [] + # annotations for the manager pod + annotations: {} container: image: repository: controller tag: latest + # imagePullPolicy for the manager container (e.g., Always, IfNotPresent, Never) + imagePullPolicy: IfNotPresent args: - "--leader-elect" - "--metrics-bind-address=:8443" diff --git a/docs/book/src/multiversion-tutorial/testdata/project/config/manager/manager.yaml b/docs/book/src/multiversion-tutorial/testdata/project/config/manager/manager.yaml index 8fb2249a918..02ff9ed6e2f 100644 --- a/docs/book/src/multiversion-tutorial/testdata/project/config/manager/manager.yaml +++ b/docs/book/src/multiversion-tutorial/testdata/project/config/manager/manager.yaml @@ -44,12 +44,37 @@ spec: # values: # - amd64 # - arm64 - # - ppc64le - # - s390x # - key: kubernetes.io/os # operator: In # values: # - linux + # TODO(user): Uncomment the following code to configure the nodeSelector expression + # annotations, nodeSelector, tolerations, topologySpreadConstraints. + # nodeSelector: + # disktype: ssd + # Annotations for the manager pod + # annotations: + # example-annotation: "value" + # Node selector for scheduling the manager pod + # nodeSelector: + # disktype: ssd + # Tolerations for the manager pod + # tolerations: + # - key: "key1" + # operator: "Equal" + # value: "value1" + # effect: "NoSchedule" + # Topology spread constraints for the manager pod + # topologySpreadConstraints: + # - maxSkew: 1 + # topologyKey: "topology.kubernetes.io/zone" + # whenUnsatisfiable: "ScheduleAnyway" + # labelSelector: + # matchLabels: + # app: controller-manager + # imagePullSecrets for pulling images from private registries + # imagePullSecrets: + # - name: myregistrykey securityContext: # Projects are configured by default to adhere to the "restricted" Pod Security Standards. # This ensures that deployments meet the highest security requirements for Kubernetes. @@ -65,6 +90,8 @@ spec: - --health-probe-bind-address=:8081 image: controller:latest name: manager + # imagePullPolicy for the manager container (e.g., Always, IfNotPresent, Never) + # imagePullPolicy: IfNotPresent ports: [] securityContext: readOnlyRootFilesystem: true @@ -93,7 +120,16 @@ spec: requests: cpu: 10m memory: 64Mi + # Extra volumeMounts for the manager container + # volumeMounts: + # - name: extra-config + # mountPath: /etc/extra volumeMounts: [] + # Extra volumes for the manager pod + # volumes: + # - name: extra-config + # configMap: + # name: extra-config volumes: [] serviceAccountName: controller-manager terminationGracePeriodSeconds: 10 diff --git a/docs/book/src/multiversion-tutorial/testdata/project/dist/chart/templates/manager/manager.yaml b/docs/book/src/multiversion-tutorial/testdata/project/dist/chart/templates/manager/manager.yaml index d21ba52a883..ed8133bff65 100644 --- a/docs/book/src/multiversion-tutorial/testdata/project/dist/chart/templates/manager/manager.yaml +++ b/docs/book/src/multiversion-tutorial/testdata/project/dist/chart/templates/manager/manager.yaml @@ -16,6 +16,9 @@ spec: metadata: annotations: kubectl.kubernetes.io/default-container: manager + {{- with .Values.controllerManager.pod.annotations }} + {{- toYaml . | nindent 8 }} + {{- end }} labels: {{- include "chart.labels" . | nindent 8 }} control-plane: controller-manager @@ -67,11 +70,34 @@ spec: mountPath: /tmp/k8s-metrics-server/metrics-certs readOnly: true {{- end }} + {{- with .Values.controllerManager.pod.extraVolumeMounts }} + {{- toYaml . | nindent 12 }} + {{- end }} {{- end }} securityContext: {{- toYaml .Values.controllerManager.securityContext | nindent 8 }} serviceAccountName: {{ .Values.controllerManager.serviceAccountName }} terminationGracePeriodSeconds: {{ .Values.controllerManager.terminationGracePeriodSeconds }} + {{- with .Values.controllerManager.pod.imagePullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.controllerManager.pod.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.controllerManager.pod.affinity }} + affinity: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.controllerManager.pod.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.controllerManager.pod.topologySpreadConstraints }} + topologySpreadConstraints: + {{- toYaml . | nindent 8 }} + {{- end }} {{- if and .Values.certmanager.enable (or .Values.webhook.enable .Values.metrics.enable) }} volumes: {{- if and .Values.webhook.enable .Values.certmanager.enable }} @@ -84,4 +110,7 @@ spec: secret: secretName: metrics-server-cert {{- end }} + {{- with .Values.controllerManager.pod.extraVolumes }} + {{- toYaml . | nindent 8 }} + {{- end }} {{- end }} diff --git a/docs/book/src/multiversion-tutorial/testdata/project/dist/chart/values.yaml b/docs/book/src/multiversion-tutorial/testdata/project/dist/chart/values.yaml index 6f6e23f083c..8e758be2f47 100644 --- a/docs/book/src/multiversion-tutorial/testdata/project/dist/chart/values.yaml +++ b/docs/book/src/multiversion-tutorial/testdata/project/dist/chart/values.yaml @@ -1,10 +1,29 @@ # [MANAGER]: Manager Deployment Configurations controllerManager: replicas: 1 + pod: + # imagePullSecrets for pulling images from private registries + imagePullSecrets: [] + # nodeSelector for scheduling the manager pod + nodeSelector: {} + # affinity rules for the manager pod + affinity: {} + # tolerations for the manager pod + tolerations: [] + # topologySpreadConstraints for the manager pod + topologySpreadConstraints: [] + # extraVolumeMounts for additional volumeMounts in the manager container + extraVolumeMounts: [] + # extraVolumes for additional volumes in the manager pod + extraVolumes: [] + # annotations for the manager pod + annotations: {} container: image: repository: controller tag: latest + # imagePullPolicy for the manager container (e.g., Always, IfNotPresent, Never) + imagePullPolicy: IfNotPresent args: - "--leader-elect" - "--metrics-bind-address=:8443"