From d9436123b527a6ba0ba5983672ee609b524c3df6 Mon Sep 17 00:00:00 2001
From: Antoine Severac <antoine@linxo.com>
Date: Wed, 29 Mar 2023 16:57:35 +0200
Subject: [PATCH 1/2] (https://github.com/hashicorp/vault-helm/issues/842) CSI
 nodeSelector, affinity

---
 CHANGELOG.md                 |  2 +-
 templates/_helpers.tpl       | 28 +++++++++++++++
 templates/csi-daemonset.yaml |  2 ++
 test/unit/csi-daemonset.bats | 68 ++++++++++++++++++++++++++++++++++++
 values.schema.json           | 14 ++++++++
 values.yaml                  | 13 +++++++
 6 files changed, 126 insertions(+), 1 deletion(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index ef4ab5a08..907495ecf 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -6,7 +6,7 @@ Changes:
 Features:
 * server: New `extraPorts` option for adding ports to the Vault server statefulset [GH-841](https://github.com/hashicorp/vault-helm/pull/841)
 * injector: Make livenessProbe and readinessProbe configurable and add configurable startupProbe [GH-852](https://github.com/hashicorp/vault-helm/pull/852)
-
+* CSI: Make `nodeSelector` and `affinity` configurable for CSI daemonset's pods [GH-862](https://github.com/hashicorp/vault-helm/pull/862)
 ## 0.23.0 (November 28th, 2022)
 
 Changes:
diff --git a/templates/_helpers.tpl b/templates/_helpers.tpl
index dcfcbb8b8..6a8cb320f 100644
--- a/templates/_helpers.tpl
+++ b/templates/_helpers.tpl
@@ -839,6 +839,34 @@ Sets the injector toleration for pod placement
   {{- end }}
 {{- end -}}
 
+{{/*
+Sets the CSI provider nodeSelector for pod placement
+*/}}
+{{- define "csi.pod.nodeselector" -}}
+  {{- if .Values.csi.pod.nodeSelector }}
+      nodeSelector:
+      {{- $tp := typeOf .Values.csi.pod.nodeSelector }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.csi.pod.nodeSelector . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.csi.pod.nodeSelector | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+{{/*
+Sets the CSI provider affinity for pod placement.
+*/}}
+{{- define "csi.pod.affinity" -}}
+  {{- if .Values.csi.pod.affinity }}
+      affinity:
+        {{ $tp := typeOf .Values.csi.pod.affinity }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.csi.pod.affinity . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.csi.pod.affinity | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
 {{/*
 Sets extra CSI provider pod annotations
 */}}
diff --git a/templates/csi-daemonset.yaml b/templates/csi-daemonset.yaml
index e38cc47d5..f3c7138aa 100644
--- a/templates/csi-daemonset.yaml
+++ b/templates/csi-daemonset.yaml
@@ -45,6 +45,8 @@ spec:
       {{- end }}
       serviceAccountName: {{ template "vault.fullname" . }}-csi-provider
       {{- template "csi.pod.tolerations" . }}
+      {{- template "csi.pod.nodeselector" . }}
+      {{- template "csi.pod.affinity" . }}
       containers:
         - name: {{ include "vault.name" . }}-csi-provider
           {{ template "csi.resources" . }}
diff --git a/test/unit/csi-daemonset.bats b/test/unit/csi-daemonset.bats
index 0da308b67..7178c5651 100644
--- a/test/unit/csi-daemonset.bats
+++ b/test/unit/csi-daemonset.bats
@@ -318,6 +318,74 @@ load _helpers
   [ "${actual}" = "true" ]
 }
 
+#--------------------------------------------------------------------
+# nodeSelector
+@test "csi/daemonset: nodeSelector not set by default" {
+  cd `chart_dir`
+  local actual=$(helm template \
+      --show-only templates/csi-daemonset.yaml  \
+      --set 'csi.enabled=true' \
+      . | tee /dev/stderr |
+      yq '.spec.template.spec | .nodeSelector? == null' | tee /dev/stderr)
+  [ "${actual}" = "true" ]
+}
+
+@test "csi/daemonset: nodeSelector can be set as string" {
+  cd `chart_dir`
+  local actual=$(helm template \
+      --show-only templates/csi-daemonset.yaml  \
+      --set 'csi.enabled=true' \
+      --set 'csi.pod.nodeSelector=foobar' \
+      . | tee /dev/stderr |
+      yq '.spec.template.spec.nodeSelector == "foobar"' | tee /dev/stderr)
+  [ "${actual}" = "true" ]
+}
+
+@test "csi/daemonset: nodeSelector can be set as YAML" {
+  cd `chart_dir`
+  local actual=$(helm template \
+      --show-only templates/csi-daemonset.yaml  \
+      --set 'csi.enabled=true' \
+      --set "csi.pod.nodeSelector[0].foo=bar,csi.pod.nodeSelector[1].baz=qux" \
+      . | tee /dev/stderr |
+      yq '.spec.template.spec.nodeSelector[0].foo == "bar" and .spec.template.spec.nodeSelector[1].baz == "qux"' | tee /dev/stderr)
+  [ "${actual}" = "true" ]
+}
+
+#--------------------------------------------------------------------
+# affinity
+@test "csi/daemonset: affinity not set by default" {
+  cd `chart_dir`
+  local actual=$(helm template \
+      --show-only templates/csi-daemonset.yaml  \
+      --set 'csi.enabled=true' \
+      . | tee /dev/stderr |
+      yq '.spec.template.spec | .affinity? == null' | tee /dev/stderr)
+  [ "${actual}" = "true" ]
+}
+
+@test "csi/daemonset: affinity can be set as string" {
+  cd `chart_dir`
+  local actual=$(helm template \
+      --show-only templates/csi-daemonset.yaml  \
+      --set 'csi.enabled=true' \
+      --set 'csi.pod.affinity=foobar' \
+      . | tee /dev/stderr |
+      yq '.spec.template.spec.affinity == "foobar"' | tee /dev/stderr)
+  [ "${actual}" = "true" ]
+}
+
+@test "csi/daemonset: affinity can be set as YAML" {
+  cd `chart_dir`
+  local actual=$(helm template \
+      --show-only templates/csi-daemonset.yaml  \
+      --set 'csi.enabled=true' \
+      --set "csi.pod.affinity.podAntiAffinity=foobar" \
+      . | tee /dev/stderr |
+      yq '.spec.template.spec.affinity.podAntiAffinity == "foobar"' | tee /dev/stderr)
+  [ "${actual}" = "true" ]
+}
+
 #--------------------------------------------------------------------
 # Extra Labels
 
diff --git a/values.schema.json b/values.schema.json
index c52c20088..d6f418ff0 100644
--- a/values.schema.json
+++ b/values.schema.json
@@ -102,6 +102,13 @@
                 "pod": {
                     "type": "object",
                     "properties": {
+                        "affinity": {
+                            "type": [
+                              "null",
+                              "array",
+                              "string"
+                            ]
+                        },
                         "annotations": {
                             "type": [
                                 "object",
@@ -111,6 +118,13 @@
                         "extraLabels": {
                             "type": "object"
                         },
+                        "nodeSelector": {
+                            "type": [
+                              "null",
+                              "array",
+                              "string"
+                            ]
+                        },
                         "tolerations": {
                             "type": [
                                 "null",
diff --git a/values.yaml b/values.yaml
index ac82a3170..9af5e5a8d 100644
--- a/values.yaml
+++ b/values.yaml
@@ -1053,6 +1053,19 @@ csi:
     # in a PodSpec.
     tolerations: []
 
+    # nodeSelector labels for csi pod assignment, formatted as a multi-line string or YAML map.
+    # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
+    # Example:
+    # nodeSelector:
+    #   beta.kubernetes.io/arch: amd64
+    nodeSelector: []
+
+    # Affinity Settings
+    # Commenting out or setting as empty the affinity variable, will allow
+    # deployment to single node services such as Minikube
+    # This should be either a multi-line string or YAML matching the PodSpec's affinity field.
+    affinity: {}
+
     # Extra labels to attach to the vault-csi-provider pod
     # This should be a YAML map of the labels to apply to the csi provider pod
     extraLabels: {}

From 40bdce51224c6dffed046151018ea8abe3c57ced Mon Sep 17 00:00:00 2001
From: Antoine Severac <antoine.severac@gmail.com>
Date: Mon, 29 May 2023 13:56:22 +0200
Subject: [PATCH 2/2] prepare for next release

---
 CHANGELOG.md | 4 +++-
 values.yaml  | 2 --
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 4e1620c80..e9a803998 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -3,6 +3,9 @@
 Changes:
 * Latest Kubernetes version tested is now 1.27
 
+Features:
+* CSI: Make `nodeSelector` and `affinity` configurable for CSI daemonset's pods [GH-862](https://github.com/hashicorp/vault-helm/pull/862)
+
 Bugs:
 * server: Set the default for `prometheusRules.rules` to an empty list [GH-886](https://github.com/hashicorp/vault-helm/pull/886)
 
@@ -23,7 +26,6 @@ Features:
 * server: New `extraPorts` option for adding ports to the Vault server statefulset [GH-841](https://github.com/hashicorp/vault-helm/pull/841)
 * server: Add configurable Port Number in readinessProbe and livenessProbe for the server-statefulset [GH-831](https://github.com/hashicorp/vault-helm/pull/831)
 * injector: Make livenessProbe and readinessProbe configurable and add configurable startupProbe [GH-852](https://github.com/hashicorp/vault-helm/pull/852)
-* CSI: Make `nodeSelector` and `affinity` configurable for CSI daemonset's pods [GH-862](https://github.com/hashicorp/vault-helm/pull/862)
 * csi: Add an Agent sidecar to Vault CSI Provider pods to provide lease caching and renewals [GH-749](https://github.com/hashicorp/vault-helm/pull/749)
 
 ## 0.23.0 (November 28th, 2022)
diff --git a/values.yaml b/values.yaml
index c9580b0bf..1dd64742a 100644
--- a/values.yaml
+++ b/values.yaml
@@ -1071,8 +1071,6 @@ csi:
     nodeSelector: []
 
     # Affinity Settings
-    # Commenting out or setting as empty the affinity variable, will allow
-    # deployment to single node services such as Minikube
     # This should be either a multi-line string or YAML matching the PodSpec's affinity field.
     affinity: {}