Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: Add Recommended Helm/K8s labels #2788

Merged
merged 13 commits into from Aug 1, 2023
Merged

feat: Add Recommended Helm/K8s labels #2788

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
13 commits
Select commit Hold shift + click to select a range
3114249
feat: Sync annotation unmarshaling in gator (#2734)
anlandu May 20, 2023
21b7a31
updating helm templates and helper to use recommended labelling
May 22, 2023
590496b
updating helmify templates
May 23, 2023
aa9b083
updating manifest teplates to include common labels
May 23, 2023
79266e3
reverting changes to charts directory
May 25, 2023
eb0a350
Revert "reverting changes to charts directory"
May 25, 2023
22643f6
docs: add docs about stats (#2776)
acpana May 23, 2023
f66e48c
reverting changes to charts directory
May 25, 2023
f93bd8c
update templates files with bug fixes on mandatory labels
May 31, 2023
c1dd667
Merge branch 'master' into add_common_labels
sozercan Jun 2, 2023
1ab3618
Merge branch 'master' into add_common_labels
ritazh Aug 1, 2023
8b0fe61
Merge branch 'master' into add_common_labels
sozercan Aug 1, 2023
25bdfe6
Merge branch 'master' into add_common_labels
sozercan Aug 1, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
36 changes: 35 additions & 1 deletion cmd/build/helmify/static/templates/_helpers.tpl
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -36,10 +36,44 @@ Adds additional pod labels to the common ones
*/}}
{{- define "gatekeeper.podLabels" -}}
{{- if .Values.podLabels }}
{{- toYaml .Values.podLabels | nindent 8 }}
{{- toYaml .Values.podLabels }}
{{- end }}
{{- end -}}

{{/*
Mandatory labels
*/}}
{{- define "gatekeeper.mandatoryLabels" -}}
app: {{ include "gatekeeper.name" . }}
chart: {{ include "gatekeeper.name" . }}
gatekeeper.sh/system: "yes"
heritage: {{ .Release.Service }}
release: {{ .Release.Name }}
{{- end }}

{{/*
Common labels
*/}}
{{- define "gatekeeper.commonLabels" -}}
helm.sh/chart: {{ include "gatekeeper.chart" . }}
{{ include "gatekeeper.selectorLabels" . }}
{{- if .Chart.Version }}
app.kubernetes.io/version: {{ .Chart.Version | quote }}
{{- end }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
{{- if .Values.commonLabels }}
{{ toYaml .Values.commonLabels }}
{{- end }}
{{- end }}

{{/*
Selector labels
*/}}
{{- define "gatekeeper.selectorLabels" -}}
app.kubernetes.io/name: {{ include "gatekeeper.name" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
{{- end }}

{{/*
Output post install webhook probe container entry
*/}}
Expand Down
7 changes: 2 additions & 5 deletions cmd/build/helmify/static/templates/gatekeeper-admin-podsecuritypolicy.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5,11 +5,8 @@ metadata:
annotations:
seccomp.security.alpha.kubernetes.io/allowedProfileNames: '*'
labels:
app: '{{ template "gatekeeper.name" . }}'
chart: '{{ template "gatekeeper.name" . }}'
gatekeeper.sh/system: "yes"
heritage: '{{ .Release.Service }}'
release: '{{ .Release.Name }}'
{{- include "gatekeeper.mandatoryLabels" . | nindent 4 }}
{{- include "gatekeeper.commonLabels" . | nindent 4 }}
name: gatekeeper-admin
spec:
allowPrivilegeEscalation: false
Expand Down
14 changes: 5 additions & 9 deletions cmd/build/helmify/static/templates/gatekeeper-controller-manager-network-policy.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3,28 +3,24 @@ kind: NetworkPolicy
apiVersion: networking.k8s.io/v1
metadata:
labels:
app: '{{ template "gatekeeper.name" . }}'
chart: '{{ template "gatekeeper.name" . }}'
heritage: '{{ .Release.Service }}'
release: '{{ .Release.Name }}'
{{- include "gatekeeper.mandatoryLabels" . | nindent 4 }}
{{- include "gatekeeper.commonLabels" . | nindent 4 }}
name: gatekeeper-controller-manager
spec:
ingress:
- from:
- podSelector:
matchLabels:
{{- include "gatekeeper.commonLabels" . | nindent 14 }}
app: '{{ template "gatekeeper.name" . }}'
release: '{{ .Release.Name }}'
{{- with .Values.controllerManager.networkPolicy.ingress }}
{{- toYaml . | nindent 4 }}
{{- end }}
podSelector:
matchLabels:
app: '{{ template "gatekeeper.name" . }}'
chart: '{{ template "gatekeeper.name" . }}'
{{- include "gatekeeper.mandatoryLabels" . | nindent 6 }}
{{- include "gatekeeper.commonLabels" . | nindent 6 }}
control-plane: controller-manager
gatekeeper.sh/operation: webhook
gatekeeper.sh/system: "yes"
heritage: '{{ .Release.Service }}'
release: '{{ .Release.Name }}'
{{- end -}}
19 changes: 8 additions & 11 deletions cmd/build/helmify/static/templates/namespace-post-install.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5,11 +5,8 @@ metadata:
name: gatekeeper-update-namespace-label
namespace: {{ .Release.Namespace | quote }}
labels:
app: '{{ template "gatekeeper.name" . }}'
chart: '{{ template "gatekeeper.name" . }}'
gatekeeper.sh/system: "yes"
heritage: '{{ .Release.Service }}'
release: '{{ .Release.Name }}'
{{- include "gatekeeper.mandatoryLabels" . | nindent 4 }}
{{- include "gatekeeper.commonLabels" . | nindent 4 }}
annotations:
"helm.sh/hook": post-install
"helm.sh/hook-weight": "-5"
Expand All @@ -23,12 +20,9 @@ spec:
annotations:
{{- toYaml .Values.podAnnotations | trim | nindent 8 }}
labels:
{{- include "gatekeeper.podLabels" . }}
app: '{{ template "gatekeeper.name" . }}'
chart: '{{ template "gatekeeper.name" . }}'
gatekeeper.sh/system: "yes"
heritage: '{{ .Release.Service }}'
release: '{{ .Release.Name }}'
{{- include "gatekeeper.podLabels" . | nindent 8 }}
{{- include "gatekeeper.mandatoryLabels" . | nindent 8 }}
{{- include "gatekeeper.commonLabels" . | nindent 8 }}
spec:
restartPolicy: OnFailure
{{- if .Values.postInstall.labelNamespace.priorityClassName }}
Expand Down Expand Up @@ -102,6 +96,7 @@ metadata:
name: gatekeeper-update-namespace-label
namespace: {{ .Release.Namespace | quote }}
labels:
{{- include "gatekeeper.commonLabels" . | nindent 4 }}
release: {{ .Release.Name }}
heritage: {{ .Release.Service }}
annotations:
Expand All @@ -115,6 +110,7 @@ kind: ClusterRole
metadata:
name: gatekeeper-update-namespace-label
labels:
{{- include "gatekeeper.commonLabels" . | nindent 4 }}
release: {{ .Release.Name }}
heritage: {{ .Release.Service }}
annotations:
Expand Down Expand Up @@ -146,6 +142,7 @@ kind: ClusterRoleBinding
metadata:
name: gatekeeper-update-namespace-label
labels:
{{- include "gatekeeper.commonLabels" . | nindent 4 }}
release: {{ .Release.Name }}
heritage: {{ .Release.Service }}
annotations:
Expand Down
19 changes: 8 additions & 11 deletions cmd/build/helmify/static/templates/namespace-post-upgrade.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5,11 +5,8 @@ metadata:
name: gatekeeper-update-namespace-label-post-upgrade
namespace: {{ .Release.Namespace | quote }}
labels:
app: '{{ template "gatekeeper.name" . }}'
chart: '{{ template "gatekeeper.name" . }}'
gatekeeper.sh/system: "yes"
heritage: '{{ .Release.Service }}'
release: '{{ .Release.Name }}'
{{- include "gatekeeper.mandatoryLabels" . | nindent 4 }}
{{- include "gatekeeper.commonLabels" . | nindent 4 }}
annotations:
"helm.sh/hook": post-upgrade
"helm.sh/hook-weight": "-5"
Expand All @@ -21,12 +18,9 @@ spec:
template:
metadata:
labels:
{{- include "gatekeeper.podLabels" . }}
app: '{{ template "gatekeeper.name" . }}'
chart: '{{ template "gatekeeper.name" . }}'
gatekeeper.sh/system: "yes"
heritage: '{{ .Release.Service }}'
release: '{{ .Release.Name }}'
{{- include "gatekeeper.podLabels" . | nindent 8 }}
{{- include "gatekeeper.mandatoryLabels" . | nindent 8 }}
{{- include "gatekeeper.commonLabels" . | nindent 8 }}
spec:
restartPolicy: OnFailure
{{- if .Values.postUpgrade.labelNamespace.image.pullSecrets }}
Expand Down Expand Up @@ -93,6 +87,7 @@ kind: ServiceAccount
metadata:
name: gatekeeper-update-namespace-label-post-upgrade
labels:
{{- include "gatekeeper.commonLabels" . | nindent 4 }}
release: {{ .Release.Name }}
heritage: {{ .Release.Service }}
annotations:
Expand All @@ -106,6 +101,7 @@ kind: ClusterRole
metadata:
name: gatekeeper-update-namespace-label-post-upgrade
labels:
{{- include "gatekeeper.commonLabels" . | nindent 4 }}
release: {{ .Release.Name }}
heritage: {{ .Release.Service }}
annotations:
Expand Down Expand Up @@ -134,6 +130,7 @@ kind: ClusterRoleBinding
metadata:
name: gatekeeper-update-namespace-label-post-upgrade
labels:
{{- include "gatekeeper.commonLabels" . | nindent 4 }}
release: {{ .Release.Name }}
heritage: {{ .Release.Service }}
annotations:
Expand Down
16 changes: 5 additions & 11 deletions cmd/build/helmify/static/templates/probe-webhook-post-install.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5,11 +5,8 @@ kind: Job
metadata:
name: gatekeeper-probe-webhook-post-install
labels:
app: '{{ template "gatekeeper.name" . }}'
chart: '{{ template "gatekeeper.name" . }}'
gatekeeper.sh/system: "yes"
heritage: '{{ .Release.Service }}'
release: '{{ .Release.Name }}'
{{- include "gatekeeper.mandatoryLabels" . | nindent 4 }}
{{- include "gatekeeper.commonLabels" . | nindent 4 }}
annotations:
"helm.sh/hook": post-install
"helm.sh/hook-weight": "-5"
Expand All @@ -20,12 +17,9 @@ spec:
annotations:
{{- toYaml .Values.podAnnotations | trim | nindent 8 }}
labels:
{{- include "gatekeeper.podLabels" . }}
app: '{{ template "gatekeeper.name" . }}'
chart: '{{ template "gatekeeper.name" . }}'
gatekeeper.sh/system: "yes"
heritage: '{{ .Release.Service }}'
release: '{{ .Release.Name }}'
{{- include "gatekeeper.podLabels" . | nindent 8 }}
{{- include "gatekeeper.mandatoryLabels" . | nindent 8 }}
{{- include "gatekeeper.commonLabels" . | nindent 8 }}
spec:
restartPolicy: Never
{{- if .Values.postInstall.probeWebhook.priorityClassName }}
Expand Down
19 changes: 8 additions & 11 deletions cmd/build/helmify/static/templates/upgrade-crds-hook.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,7 @@ kind: ClusterRole
metadata:
name: gatekeeper-admin-upgrade-crds
labels:
{{- include "gatekeeper.commonLabels" . | nindent 4 }}
release: {{ .Release.Name }}
heritage: {{ .Release.Service }}
annotations:
Expand All @@ -26,6 +27,7 @@ kind: ClusterRoleBinding
metadata:
name: gatekeeper-admin-upgrade-crds
labels:
{{- include "gatekeeper.commonLabels" . | nindent 4 }}
release: {{ .Release.Name }}
heritage: {{ .Release.Service }}
annotations:
Expand All @@ -46,6 +48,7 @@ apiVersion: v1
kind: ServiceAccount
metadata:
labels:
{{- include "gatekeeper.commonLabels" . | nindent 4 }}
release: {{ .Release.Name }}
heritage: {{ .Release.Service }}
name: gatekeeper-admin-upgrade-crds
Expand All @@ -61,11 +64,8 @@ metadata:
name: gatekeeper-update-crds-hook
namespace: {{ .Release.Namespace }}
labels:
app: {{ template "gatekeeper.name" . }}
chart: {{ template "gatekeeper.name" . }}
gatekeeper.sh/system: "yes"
heritage: {{ .Release.Service }}
release: {{ .Release.Name }}
{{- include "gatekeeper.mandatoryLabels" . | nindent 4 }}
{{- include "gatekeeper.commonLabels" . | nindent 4 }}
annotations:
helm.sh/hook: pre-install,pre-upgrade
helm.sh/hook-weight: "1"
Expand All @@ -78,12 +78,9 @@ spec:
annotations:
{{- toYaml .Values.podAnnotations | trim | nindent 8 }}
labels:
{{- include "gatekeeper.podLabels" . }}
app: '{{ template "gatekeeper.name" . }}'
chart: '{{ template "gatekeeper.name" . }}'
gatekeeper.sh/system: "yes"
heritage: '{{ .Release.Service }}'
release: '{{ .Release.Name }}'
{{- include "gatekeeper.podLabels" . | nindent 8 }}
{{- include "gatekeeper.mandatoryLabels" . | nindent 8 }}
{{- include "gatekeeper.commonLabels" . | nindent 8 }}
spec:
serviceAccountName: gatekeeper-admin-upgrade-crds
restartPolicy: Never
Expand Down
19 changes: 8 additions & 11 deletions cmd/build/helmify/static/templates/webhook-configs-pre-delete.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5,11 +5,8 @@ metadata:
name: gatekeeper-delete-webhook-configs
namespace: {{ .Release.Namespace | quote }}
labels:
app: '{{ template "gatekeeper.name" . }}'
chart: '{{ template "gatekeeper.name" . }}'
gatekeeper.sh/system: "yes"
heritage: '{{ .Release.Service }}'
release: '{{ .Release.Name }}'
{{- include "gatekeeper.mandatoryLabels" . | nindent 4 }}
{{- include "gatekeeper.commonLabels" . | nindent 4 }}
annotations:
"helm.sh/hook": pre-delete
"helm.sh/hook-weight": "-5"
Expand All @@ -20,12 +17,9 @@ spec:
annotations:
{{- toYaml .Values.podAnnotations | trim | nindent 8 }}
labels:
{{- include "gatekeeper.podLabels" . }}
app: '{{ template "gatekeeper.name" . }}'
chart: '{{ template "gatekeeper.name" . }}'
gatekeeper.sh/system: "yes"
heritage: '{{ .Release.Service }}'
release: '{{ .Release.Name }}'
{{- include "gatekeeper.podLabels" . | nindent 8 }}
{{- include "gatekeeper.mandatoryLabels" . | nindent 8 }}
{{- include "gatekeeper.commonLabels" . | nindent 8 }}
spec:
restartPolicy: OnFailure
{{- if .Values.preUninstall.deleteWebhookConfigurations.image.pullSecrets }}
Expand Down Expand Up @@ -71,6 +65,7 @@ metadata:
name: gatekeeper-delete-webhook-configs
namespace: {{ .Release.Namespace | quote }}
labels:
{{- include "gatekeeper.commonLabels" . | nindent 4 }}
release: {{ .Release.Name }}
heritage: {{ .Release.Service }}
annotations:
Expand All @@ -84,6 +79,7 @@ kind: ClusterRole
metadata:
name: gatekeeper-delete-webhook-configs
labels:
{{- include "gatekeeper.commonLabels" . | nindent 4 }}
release: {{ .Release.Name }}
heritage: {{ .Release.Service }}
annotations:
Expand Down Expand Up @@ -122,6 +118,7 @@ kind: ClusterRoleBinding
metadata:
name: gatekeeper-delete-webhook-configs
labels:
{{- include "gatekeeper.commonLabels" . | nindent 4 }}
release: {{ .Release.Name }}
heritage: {{ .Release.Service }}
annotations:
Expand Down
36 changes: 35 additions & 1 deletion manifest_staging/charts/gatekeeper/templates/_helpers.tpl
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -36,10 +36,44 @@ Adds additional pod labels to the common ones
*/}}
{{- define "gatekeeper.podLabels" -}}
{{- if .Values.podLabels }}
{{- toYaml .Values.podLabels | nindent 8 }}
{{- toYaml .Values.podLabels }}
{{- end }}
{{- end -}}

{{/*
Mandatory labels
*/}}
{{- define "gatekeeper.mandatoryLabels" -}}
app: {{ include "gatekeeper.name" . }}
chart: {{ include "gatekeeper.name" . }}
gatekeeper.sh/system: "yes"
heritage: {{ .Release.Service }}
release: {{ .Release.Name }}
{{- end }}

{{/*
Common labels
*/}}
{{- define "gatekeeper.commonLabels" -}}
helm.sh/chart: {{ include "gatekeeper.chart" . }}
{{ include "gatekeeper.selectorLabels" . }}
{{- if .Chart.Version }}
app.kubernetes.io/version: {{ .Chart.Version | quote }}
{{- end }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
{{- if .Values.commonLabels }}
{{ toYaml .Values.commonLabels }}
{{- end }}
{{- end }}

{{/*
Selector labels
*/}}
{{- define "gatekeeper.selectorLabels" -}}
app.kubernetes.io/name: {{ include "gatekeeper.name" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
{{- end }}

{{/*
Output post install webhook probe container entry
*/}}
Expand Down
7 changes: 2 additions & 5 deletions manifest_staging/charts/gatekeeper/templates/gatekeeper-admin-podsecuritypolicy.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5,11 +5,8 @@ metadata:
annotations:
seccomp.security.alpha.kubernetes.io/allowedProfileNames: '*'
labels:
app: '{{ template "gatekeeper.name" . }}'
chart: '{{ template "gatekeeper.name" . }}'
gatekeeper.sh/system: "yes"
heritage: '{{ .Release.Service }}'
release: '{{ .Release.Name }}'
{{- include "gatekeeper.mandatoryLabels" . | nindent 4 }}
{{- include "gatekeeper.commonLabels" . | nindent 4 }}
name: gatekeeper-admin
spec:
allowPrivilegeEscalation: false
Expand Down
Loading
Loading