From e68b41ed0a758905267b0353c5e917a7d4410651 Mon Sep 17 00:00:00 2001 From: Bernd Schorgers Date: Thu, 26 Dec 2024 11:29:00 +0100 Subject: [PATCH] feat(common): Release common library 3.6.0 (#364) Signed-off-by: solidDoWant Co-authored-by: solidDoWant --- .../tests/pod/field_hostUsers_test.yaml | 58 +++++++++++++++ .../tests/pod/metadata_annotations_test.yaml | 66 +++++++++++++++++ .../tests/pod/metadata_labels_test.yaml | 70 +++++++++++++++++++ charts/library/common/Chart.yaml | 7 +- charts/library/common/README.md | 4 +- charts/library/common/schemas/pod.json | 4 ++ .../common/templates/lib/pod/_spec.tpl | 3 + .../lib/pod/metadata/_annotations.tpl | 12 +++- .../templates/lib/pod/metadata/_labels.tpl | 8 +++ charts/library/common/values.schema.json | 12 ++-- charts/library/common/values.yaml | 5 ++ 11 files changed, 240 insertions(+), 9 deletions(-) create mode 100644 charts/library/common-test/tests/pod/field_hostUsers_test.yaml create mode 100644 charts/library/common-test/tests/pod/metadata_annotations_test.yaml create mode 100644 charts/library/common-test/tests/pod/metadata_labels_test.yaml diff --git a/charts/library/common-test/tests/pod/field_hostUsers_test.yaml b/charts/library/common-test/tests/pod/field_hostUsers_test.yaml new file mode 100644 index 000000000..0d36f5afe --- /dev/null +++ b/charts/library/common-test/tests/pod/field_hostUsers_test.yaml @@ -0,0 +1,58 @@ +--- +# yaml-language-server: $schema=https://raw.githubusercontent.com/helm-unittest/helm-unittest/main/schema/helm-testsuite.json +suite: pod security +templates: + - common.yaml +values: + - ../_values/controllers_main_default_container.yaml +capabilities: + majorVersion: 1 + minorVersion: 29 +tests: + - it: default should pass for kubernetes < 1.28 + capabilities: + majorVersion: 1 + minorVersion: 28 + asserts: + - documentIndex: 0 + isKind: + of: Deployment + - documentIndex: 0 + notExists: + path: spec.template.spec.hostUsers + + - it: default should pass for kubernetes >= 1.29 + asserts: + - documentIndex: 0 + isKind: + of: Deployment + - documentIndex: 0 + equal: + path: spec.template.spec.hostUsers + value: true + + - it: hostUsers disabled should pass + set: + defaultPodOptions: + hostUsers: false + asserts: + - documentIndex: 0 + isKind: + of: Deployment + - documentIndex: 0 + equal: + path: spec.template.spec.hostUsers + value: false + + - it: hostUsers enabled should pass + set: + defaultPodOptions: + hostUsers: true + asserts: + - documentIndex: 0 + isKind: + of: Deployment + - documentIndex: 0 + equal: + path: spec.template.spec.hostUsers + value: true diff --git a/charts/library/common-test/tests/pod/metadata_annotations_test.yaml b/charts/library/common-test/tests/pod/metadata_annotations_test.yaml new file mode 100644 index 000000000..92eb2ad6e --- /dev/null +++ b/charts/library/common-test/tests/pod/metadata_annotations_test.yaml @@ -0,0 +1,66 @@ +--- +# yaml-language-server: $schema=https://raw.githubusercontent.com/helm-unittest/helm-unittest/main/schema/helm-testsuite.json +suite: "pod metadata: annotations" +templates: + - common.yaml +values: + - ../_values/controllers_main_default_container.yaml +tests: + - it: default pod annotations + documentSelector: &DeploymentSelector + path: $[?(@.kind == "Deployment")].metadata.name + value: RELEASE-NAME + asserts: + - notExists: + path: spec.template.metadata.annotations + + - it: pod annotations from defaultPodOptions should be included + set: + defaultPodOptions: + annotations: + defaultPodOptionsAnnotation: test + documentSelector: *DeploymentSelector + asserts: + - isSubset: + path: spec.template.metadata.annotations + content: + defaultPodOptionsAnnotation: test + + - it: pod annotations from pod options should be included + set: + controllers: + main: + pod: + annotations: + podOptionsAnnotation: test + documentSelector: *DeploymentSelector + asserts: + - isSubset: + path: spec.template.metadata.annotations + content: + podOptionsAnnotation: test + + - it: pod annotations from global annotations should not be included by default + set: + global: + annotations: + globalAnnotation: test + documentSelector: *DeploymentSelector + asserts: + - isNotSubset: + path: spec.template.metadata.annotations + content: + globalAnnotation: test + + - it: pod annotations from global annotations should be included when requested + set: + global: + propagateGlobalMetadataToPods: true + annotations: + globalAnnotation: test + documentSelector: *DeploymentSelector + asserts: + - isSubset: + path: spec.template.metadata.annotations + content: + globalAnnotation: test diff --git a/charts/library/common-test/tests/pod/metadata_labels_test.yaml b/charts/library/common-test/tests/pod/metadata_labels_test.yaml new file mode 100644 index 000000000..4dd47aa54 --- /dev/null +++ b/charts/library/common-test/tests/pod/metadata_labels_test.yaml @@ -0,0 +1,70 @@ +--- +# yaml-language-server: $schema=https://raw.githubusercontent.com/helm-unittest/helm-unittest/main/schema/helm-testsuite.json +suite: "pod metadata: labels" +templates: + - common.yaml +values: + - ../_values/controllers_main_default_container.yaml +tests: + - it: default pod labels + documentSelector: &DeploymentSelector + path: $[?(@.kind == "Deployment")].metadata.name + value: RELEASE-NAME + asserts: + - equal: + path: spec.template.metadata.labels + value: + app.kubernetes.io/component: main + app.kubernetes.io/instance: RELEASE-NAME + app.kubernetes.io/name: RELEASE-NAME + + - it: pod labels from defaultPodOptions should be included + set: + defaultPodOptions: + labels: + defaultPodOptionsLabel: test + documentSelector: *DeploymentSelector + asserts: + - isSubset: + path: spec.template.metadata.labels + content: + defaultPodOptionsLabel: test + + - it: pod labels from pod options should be included + set: + controllers: + main: + pod: + labels: + podOptionsLabel: test + documentSelector: *DeploymentSelector + asserts: + - isSubset: + path: spec.template.metadata.labels + content: + podOptionsLabel: test + + - it: pod labels from global labels should not be included by default + set: + global: + labels: + globalLabel: test + documentSelector: *DeploymentSelector + asserts: + - isNotSubset: + path: spec.template.metadata.labels + content: + globalLabel: test + + - it: pod labels from global labels should be included when requested + set: + global: + propagateGlobalMetadataToPods: true + labels: + globalLabel: test + documentSelector: *DeploymentSelector + asserts: + - isSubset: + path: spec.template.metadata.labels + content: + globalLabel: test diff --git a/charts/library/common/Chart.yaml b/charts/library/common/Chart.yaml index 6c03c2565..e0504b75b 100644 --- a/charts/library/common/Chart.yaml +++ b/charts/library/common/Chart.yaml @@ -3,7 +3,7 @@ apiVersion: v2 name: common description: Function library for Helm charts type: library -version: 3.5.1 +version: 3.6.0 kubeVersion: ">=1.22.0-0" keywords: - common @@ -16,4 +16,7 @@ annotations: artifacthub.io/changes: |- - kind: added description: |- - Add feature flag to override enforcing the creation of a default ServiceAccount + Add hostUsers field to pod spec for k8s clusters >= 1.29 + - kind: added + description: |- + Allow propagating global labels and annotations to Pod metadata diff --git a/charts/library/common/README.md b/charts/library/common/README.md index fb5273610..3696b86cd 100644 --- a/charts/library/common/README.md +++ b/charts/library/common/README.md @@ -1,6 +1,6 @@ # common -![Version: 3.5.1](https://img.shields.io/badge/Version-3.5.1-informational?style=flat-square) ![Type: library](https://img.shields.io/badge/Type-library-informational?style=flat-square) +![Version: 3.6.0](https://img.shields.io/badge/Version-3.6.0-informational?style=flat-square) ![Type: library](https://img.shields.io/badge/Type-library-informational?style=flat-square) Function library for Helm charts @@ -27,7 +27,7 @@ Include this chart as a dependency in your `Chart.yaml` e.g. # Chart.yaml dependencies: - name: common - version: 3.5.1 + version: 3.6.0 repository: https://bjw-s.github.io/helm-charts/ ``` diff --git a/charts/library/common/schemas/pod.json b/charts/library/common/schemas/pod.json index fc1f298b2..6f58ce01c 100644 --- a/charts/library/common/schemas/pod.json +++ b/charts/library/common/schemas/pod.json @@ -43,6 +43,10 @@ "type": "boolean", "default": false }, + "hostUsers": { + "type": "boolean", + "default": false + }, "hostname": { "type": "string" }, diff --git a/charts/library/common/templates/lib/pod/_spec.tpl b/charts/library/common/templates/lib/pod/_spec.tpl index a38b3dd93..e6ecbc4b4 100644 --- a/charts/library/common/templates/lib/pod/_spec.tpl +++ b/charts/library/common/templates/lib/pod/_spec.tpl @@ -27,6 +27,9 @@ hostname: {{ . | trim }} hostIPC: {{ include "bjw-s.common.lib.pod.getOption" (dict "ctx" $ctx "option" "hostIPC" "default" false) }} hostNetwork: {{ include "bjw-s.common.lib.pod.getOption" (dict "ctx" $ctx "option" "hostNetwork" "default" false) }} hostPID: {{ include "bjw-s.common.lib.pod.getOption" (dict "ctx" $ctx "option" "hostPID" "default" false) }} + {{- if ge ($rootContext.Capabilities.KubeVersion.Minor | int) 29 }} +hostUsers: {{ include "bjw-s.common.lib.pod.getOption" (dict "ctx" $ctx "option" "hostUsers" "default" true) }} + {{- end }} dnsPolicy: {{ include "bjw-s.common.lib.pod.field.dnsPolicy" (dict "ctx" $ctx) | trim }} {{- with (include "bjw-s.common.lib.pod.getOption" (dict "ctx" $ctx "option" "dnsConfig")) }} dnsConfig: {{ . | nindent 2 }} diff --git a/charts/library/common/templates/lib/pod/metadata/_annotations.tpl b/charts/library/common/templates/lib/pod/metadata/_annotations.tpl index 1f0a8def6..d799115ac 100644 --- a/charts/library/common/templates/lib/pod/metadata/_annotations.tpl +++ b/charts/library/common/templates/lib/pod/metadata/_annotations.tpl @@ -6,7 +6,17 @@ Returns the value for annotations {{- $controllerObject := .controllerObject -}} {{- /* Default annotations */ -}} - {{- $annotations := dict -}} + {{- $annotations := merge + (dict) + -}} + + {{- /* Include global annotations if specified */ -}} + {{- if $rootContext.Values.global.propagateGlobalMetadataToPods -}} + {{- $annotations = merge + (include "bjw-s.common.lib.metadata.globalAnnotations" $rootContext | fromYaml) + $annotations + -}} + {{- end -}} {{- /* Set to the default if it is set */ -}} {{- $defaultOption := get (default dict $rootContext.Values.defaultPodOptions) "annotations" -}} diff --git a/charts/library/common/templates/lib/pod/metadata/_labels.tpl b/charts/library/common/templates/lib/pod/metadata/_labels.tpl index 837ffa29e..c6e43d390 100644 --- a/charts/library/common/templates/lib/pod/metadata/_labels.tpl +++ b/charts/library/common/templates/lib/pod/metadata/_labels.tpl @@ -10,6 +10,14 @@ Returns the value for labels (dict "app.kubernetes.io/component" $controllerObject.identifier) -}} + {{- /* Include global labels if specified */ -}} + {{- if $rootContext.Values.global.propagateGlobalMetadataToPods -}} + {{- $labels = merge + (include "bjw-s.common.lib.metadata.globalLabels" $rootContext | fromYaml) + $labels + -}} + {{- end -}} + {{- /* Fetch the Pod selectorLabels */ -}} {{- $selectorLabels := include "bjw-s.common.lib.metadata.selectorLabels" $rootContext | fromYaml -}} {{- if not (empty $selectorLabels) -}} diff --git a/charts/library/common/values.schema.json b/charts/library/common/values.schema.json index 13003ee35..90097c8bb 100644 --- a/charts/library/common/values.schema.json +++ b/charts/library/common/values.schema.json @@ -1,14 +1,11 @@ { "$schema": "http://json-schema.org/draft-07/schema", - "$id": "https://raw.githubusercontent.com/bjw-s/helm-charts/common-3.5.1/charts/library/common/values.schema.json", + "$id": "https://raw.githubusercontent.com/bjw-s/helm-charts/common-3.6.0/charts/library/common/values.schema.json", "type": "object", "properties": { "global": { "type": "object", "properties": { - "annotations": { - "$ref": "schemas/definitions.json#/annotations" - }, "nameOverride": { "type": [ "string", @@ -21,8 +18,15 @@ "null" ] }, + "propagateGlobalMetadataToPods": { + "type": "boolean", + "default": false + }, "labels": { "$ref": "schemas/definitions.json#/labels" + }, + "annotations": { + "$ref": "schemas/definitions.json#/annotations" } } }, diff --git a/charts/library/common/values.yaml b/charts/library/common/values.yaml index cc27b320c..0dcb9afb0 100644 --- a/charts/library/common/values.yaml +++ b/charts/library/common/values.yaml @@ -4,6 +4,8 @@ global: nameOverride: # -- Set the entire name definition fullnameOverride: + # -- Propagate global metadata to Pod labels. + propagateGlobalMetadataToPods: false # -- Set additional global labels. Helm templates can be used. labels: {} # -- Set additional global annotations. Helm templates can be used. @@ -48,6 +50,9 @@ defaultPodOptions: # -- Use the host's pid namespace hostPID: false + # -- Use the host's user namespace (requires 1.29 or newer) + hostUsers: true + # -- Set image pull secrets imagePullSecrets: []