Skip to content

Commit

Permalink
Add custom fields to self signer jobs (#373)
Browse files Browse the repository at this point in the history
* Add annotations, affinity, node selector and tolerations to self signer jobs

* * Fixed problem that values file has `affinity` on self signer but templates use `nodeAffinity`
* Bumped chart version

* Added custom labels to self signer jobs

* Fixed lint failure
  • Loading branch information
81887821 authored Sep 18, 2024
1 parent ca93e03 commit 7696781
Show file tree
Hide file tree
Showing 7 changed files with 65 additions and 12 deletions.
3 changes: 3 additions & 0 deletions build/templates/values.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -540,6 +540,9 @@ tls:
nodeCertExpiryWindow: 168h

selfSigner:
# Additional labels to apply to the Pod of this Job.
labels: {}

# Additional annotations to apply to the Pod of this Job.
annotations: {}

Expand Down
2 changes: 1 addition & 1 deletion cockroachdb/Chart.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@
apiVersion: v1
name: cockroachdb
home: https://www.cockroachlabs.com
version: 14.0.0
version: 14.0.2
appVersion: 24.2.0
description: CockroachDB is a scalable, survivable, strongly-consistent SQL database.
icon: https://raw.githubusercontent.com/cockroachdb/cockroach/master/docs/media/cockroach_db.png
Expand Down
16 changes: 16 additions & 0 deletions cockroachdb/templates/cronjob-ca-certSelfSigner.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -20,8 +20,24 @@ spec:
spec:
backoffLimit: 1
template:
metadata:
{{- with .Values.tls.selfSigner.labels }}
labels: {{- toYaml . | nindent 12 }}
{{- end }}
{{- with .Values.tls.selfSigner.annotations }}
annotations: {{- toYaml . | nindent 12 }}
{{- end }}
spec:
restartPolicy: Never
{{- with .Values.tls.selfSigner.affinity }}
affinity: {{- toYaml . | nindent 12 }}
{{- end }}
{{- with .Values.tls.selfSigner.nodeSelector }}
nodeSelector: {{- toYaml . | nindent 12 }}
{{- end }}
{{- with .Values.tls.selfSigner.tolerations }}
tolerations: {{- toYaml . | nindent 12 }}
{{- end }}
containers:
- name: cert-rotate-job
image: "{{ .Values.tls.selfSigner.image.registry }}/{{ .Values.tls.selfSigner.image.repository }}:{{ .Values.tls.selfSigner.image.tag }}"
Expand Down
16 changes: 16 additions & 0 deletions cockroachdb/templates/cronjob-client-node-certSelfSigner.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -19,8 +19,24 @@ spec:
spec:
backoffLimit: 1
template:
metadata:
{{- with .Values.tls.selfSigner.labels }}
labels: {{- toYaml . | nindent 12 }}
{{- end }}
{{- with .Values.tls.selfSigner.annotations }}
annotations: {{- toYaml . | nindent 12 }}
{{- end }}
spec:
restartPolicy: Never
{{- with .Values.tls.selfSigner.affinity }}
affinity: {{- toYaml . | nindent 12 }}
{{- end }}
{{- with .Values.tls.selfSigner.nodeSelector }}
nodeSelector: {{- toYaml . | nindent 12 }}
{{- end }}
{{- with .Values.tls.selfSigner.tolerations }}
tolerations: {{- toYaml . | nindent 12 }}
{{- end }}
containers:
- name: cert-rotate-job
image: "{{ .Values.tls.selfSigner.image.registry }}/{{ .Values.tls.selfSigner.image.repository }}:{{ .Values.tls.selfSigner.image.tag }}"
Expand Down
20 changes: 10 additions & 10 deletions cockroachdb/templates/job-certSelfSigner.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -24,6 +24,9 @@ spec:
app.kubernetes.io/name: {{ template "cockroachdb.name" . }}
app.kubernetes.io/instance: {{ .Release.Name | quote }}
app.kubernetes.io/managed-by: {{ .Release.Service | quote }}
{{- with .Values.tls.selfSigner.labels }}
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.tls.selfSigner.annotations }}
annotations: {{- toYaml . | nindent 8 }}
{{- end }}
Expand All @@ -38,18 +41,15 @@ spec:
runAsNonRoot: true
{{- end }}
restartPolicy: Never
{{- if or .Values.tls.selfSigner.nodeAffinity }}
affinity:
{{- with .Values.tls.selfSigner.nodeAffinity }}
nodeAffinity: {{- toYaml . | nindent 10 }}
{{- end }}
{{- with .Values.tls.selfSigner.affinity }}
affinity: {{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.tls.selfSigner.nodeSelector }}
{{- with .Values.tls.selfSigner.nodeSelector }}
nodeSelector: {{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.tls.selfSigner.tolerations }}
{{- end }}
{{- with .Values.tls.selfSigner.tolerations }}
tolerations: {{- toYaml . | nindent 8 }}
{{- end }}
{{- end }}
containers:
- name: cert-generate-job
image: "{{ .Values.tls.selfSigner.image.registry }}/{{ .Values.tls.selfSigner.image.repository }}:{{ .Values.tls.selfSigner.image.tag }}"
Expand All @@ -76,7 +76,7 @@ spec:
{{- if and .Values.tls.certs.selfSigner.securityContext.enabled }}
securityContext:
allowPrivilegeEscalation: false
capabilities:
capabilities:
drop: ["ALL"]
{{- end }}
serviceAccountName: {{ template "selfcerts.fullname" . }}
Expand Down
17 changes: 16 additions & 1 deletion cockroachdb/templates/job-cleaner.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -24,6 +24,12 @@ spec:
app.kubernetes.io/name: {{ template "cockroachdb.name" . }}
app.kubernetes.io/instance: {{ .Release.Name | quote }}
app.kubernetes.io/managed-by: {{ .Release.Service | quote }}
{{- with .Values.tls.selfSigner.labels }}
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.tls.selfSigner.annotations }}
annotations: {{- toYaml . | nindent 8 }}
{{- end }}
spec:
{{- if and .Values.tls.certs.selfSigner.securityContext.enabled }}
securityContext:
Expand All @@ -35,6 +41,15 @@ spec:
runAsNonRoot: true
{{- end }}
restartPolicy: Never
{{- with .Values.tls.selfSigner.affinity }}
affinity: {{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.tls.selfSigner.nodeSelector }}
nodeSelector: {{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.tls.selfSigner.tolerations }}
tolerations: {{- toYaml . | nindent 8 }}
{{- end }}
containers:
- name: cleaner
image: "{{ .Values.tls.selfSigner.image.registry }}/{{ .Values.tls.selfSigner.image.repository }}:{{ .Values.tls.selfSigner.image.tag }}"
Expand All @@ -48,7 +63,7 @@ spec:
{{- if and .Values.tls.certs.selfSigner.securityContext.enabled }}
securityContext:
allowPrivilegeEscalation: false
capabilities:
capabilities:
drop: ["ALL"]
{{- end }}
serviceAccountName: {{ template "rotatecerts.fullname" . }}
Expand Down
3 changes: 3 additions & 0 deletions cockroachdb/values.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -541,6 +541,9 @@ tls:
nodeCertExpiryWindow: 168h

selfSigner:
# Additional labels to apply to the Pod of this Job.
labels: {}

# Additional annotations to apply to the Pod of this Job.
annotations: {}

Expand Down

0 comments on commit 7696781

Please sign in to comment.