diff --git a/crd-docs/cr/kiali.io_v1alpha1_kiali.yaml b/crd-docs/cr/kiali.io_v1alpha1_kiali.yaml index 1603ccc4..ea9f5f3f 100644 --- a/crd-docs/cr/kiali.io_v1alpha1_kiali.yaml +++ b/crd-docs/cr/kiali.io_v1alpha1_kiali.yaml @@ -62,6 +62,7 @@ spec: deployment: # default: accessible_namespaces is undefined accessible_namespaces: [ "my-mesh.*" ] + additional_pod_containers_yaml: {} # default: additional_service_yaml is empty additional_service_yaml: externalName: "kiali.example.com" diff --git a/crd-docs/crd/kiali.io_kialis.yaml b/crd-docs/crd/kiali.io_kialis.yaml index 839c2729..7b916b20 100644 --- a/crd-docs/crd/kiali.io_kialis.yaml +++ b/crd-docs/crd/kiali.io_kialis.yaml @@ -236,6 +236,10 @@ spec: type: array items: type: string + additional_pod_containers_yaml: + description: "Additional containers to add to the list of pod containers. Use this to add sidecar(s) to the Kiali pod. Use with care since sidecars may cause the Kiali container itself to operate incorrectly. It is up to the user who added the additional containers to ensure it works properly inside the Kiali pod; Kiali makes no guarantee additional containers will work. You can utilize container environment variables to pass data to the containers via mounted custom secrets (see spec.deployment.custom_secrets)." + type: object + x-kubernetes-preserve-unknown-fields: true additional_service_yaml: description: "Additional custom yaml to add to the service definition. This is used mainly to customize the service type. For example, if the `deployment.service_type` is set to 'LoadBalancer' and you want to set the loadBalancerIP, you can do so here with: `additional_service_yaml: { 'loadBalancerIP': '78.11.24.19' }`. Another example would be if the `deployment.service_type` is set to 'ExternalName' you will need to configure the name via: `additional_service_yaml: { 'externalName': 'my.kiali.example.com' }`. A final example would be if external IPs need to be set: `additional_service_yaml: { 'externalIPs': ['80.11.12.10'] }`" type: object diff --git a/manifests/kiali-ossm/manifests/kiali.clusterserviceversion.yaml b/manifests/kiali-ossm/manifests/kiali.clusterserviceversion.yaml index 88b1fe19..a8185671 100644 --- a/manifests/kiali-ossm/manifests/kiali.clusterserviceversion.yaml +++ b/manifests/kiali-ossm/manifests/kiali.clusterserviceversion.yaml @@ -237,6 +237,8 @@ spec: value: "false" - name: ALLOW_AD_HOC_KIALI_IMAGE value: "false" + - name: ALLOW_AD_HOC_CONTAINERS + value: "false" - name: ALLOW_SECURITY_CONTEXT_OVERRIDE value: "false" - name: ALLOW_ALL_ACCESSIBLE_NAMESPACES diff --git a/roles/default/kiali-deploy/defaults/main.yml b/roles/default/kiali-deploy/defaults/main.yml index 1bfa1b17..e928bc24 100644 --- a/roles/default/kiali-deploy/defaults/main.yml +++ b/roles/default/kiali-deploy/defaults/main.yml @@ -57,6 +57,7 @@ kiali_defaults: deployment: accessible_namespaces: ["**"] + additional_pod_containers_yaml: {} #additional_service_yaml: affinity: node: {} diff --git a/roles/default/kiali-deploy/tasks/main.yml b/roles/default/kiali-deploy/tasks/main.yml index 9141ae48..ed874d1a 100644 --- a/roles/default/kiali-deploy/tasks/main.yml +++ b/roles/default/kiali-deploy/tasks/main.yml @@ -156,6 +156,13 @@ # restrict to 40 chars, not 63, because instance_name is a prefix and we need to prepend additional chars for some resource names (like "-service-account") - kiali_vars.deployment.instance_name is not regex('^(?![0-9]+$)(?!-)[a-z0-9-]{,40}(? 0 + - lookup('env', 'ALLOW_AD_HOC_CONTAINERS') | default('false', True) != "true" + - name: "Determine environment to store in status" set_fact: status_environment: "{{ status_environment | default({}) | combine({item.0: item.1}) }}" diff --git a/roles/default/kiali-deploy/tasks/snake_camel_case.yaml b/roles/default/kiali-deploy/tasks/snake_camel_case.yaml index 4b82d4c9..0f9bde49 100644 --- a/roles/default/kiali-deploy/tasks/snake_camel_case.yaml +++ b/roles/default/kiali-deploy/tasks/snake_camel_case.yaml @@ -119,4 +119,9 @@ {% set kiali_vars=kiali_vars | combine({'deployment': {'security_context': current_cr.spec.deployment.security_context}}, recursive=True) %} {% endif %} {# #} - {{ kiali_vars }} \ No newline at end of file + {# deployment.additional_pod_containers_yaml #} + {% if kiali_vars.deployment.additional_pod_containers_yaml is defined and kiali_vars.deployment.additional_pod_containers_yaml | length > 0 %} + {% set _=kiali_vars['deployment'].pop('additional_pod_containers_yaml') %} + {% set kiali_vars=kiali_vars | combine({'deployment': {'additional_pod_containers_yaml': current_cr.spec.deployment.additional_pod_containers_yaml }}, recursive=True) %} + {% endif %} + {{ kiali_vars }} diff --git a/roles/default/kiali-deploy/templates/kubernetes/deployment.yaml b/roles/default/kiali-deploy/templates/kubernetes/deployment.yaml index f63b88f3..22a1ca22 100644 --- a/roles/default/kiali-deploy/templates/kubernetes/deployment.yaml +++ b/roles/default/kiali-deploy/templates/kubernetes/deployment.yaml @@ -128,6 +128,9 @@ spec: {{ kiali_vars.deployment.resources | to_nice_yaml(indent=0) | trim | indent(10) }} {% else %} resources: null +{% endif %} +{% if kiali_vars.deployment.additional_pod_containers_yaml|length > 0 %} + {{ kiali_vars.deployment.additional_pod_containers_yaml | to_nice_yaml(indent=0) | trim | indent(6) }} {% endif %} volumes: - name: kiali-configuration diff --git a/roles/default/kiali-deploy/templates/openshift/deployment.yaml b/roles/default/kiali-deploy/templates/openshift/deployment.yaml index 909ab6a9..9bffebce 100644 --- a/roles/default/kiali-deploy/templates/openshift/deployment.yaml +++ b/roles/default/kiali-deploy/templates/openshift/deployment.yaml @@ -132,6 +132,9 @@ spec: {{ kiali_vars.deployment.resources | to_nice_yaml(indent=0) | trim | indent(10) }} {% else %} resources: null +{% endif %} +{% if kiali_vars.deployment.additional_pod_containers_yaml|length > 0 %} + {{ kiali_vars.deployment.additional_pod_containers_yaml | to_nice_yaml(indent=0) | trim | indent(6) }} {% endif %} volumes: - name: kiali-configuration