diff --git a/charts/kubewarden-controller/templates/audit-scanner.yaml b/charts/kubewarden-controller/templates/audit-scanner.yaml index aec271d3..0c8e2821 100644 --- a/charts/kubewarden-controller/templates/audit-scanner.yaml +++ b/charts/kubewarden-controller/templates/audit-scanner.yaml @@ -35,6 +35,16 @@ spec: items: - key: policy-server-root-ca-pem path: "policy-server-root-ca-pem" + {{- if .Values.global.affinity }} + affinity: {{ .Values.global.affinity | toYaml | nindent 14 }} + {{- end }} + {{- if .Values.global.tolerations }} + tolerations: {{ .Values.global.tolerations | toYaml | nindent 14 }} + {{- end }} + {{- with .Values.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 14 }} + {{- end }} containers: - name: audit-scanner image: '{{ template "system_default_registry" . }}{{ .Values.auditScanner.image.repository }}:{{ .Values.auditScanner.image.tag }}' @@ -49,18 +59,6 @@ spec: securityContext: {{- toYaml . | nindent 14 }} {{- end }} - {{- with .Values.nodeSelector }} - nodeSelector: - {{- toYaml . | nindent 14 }} - {{- end }} - {{- with .Values.affinity }} - affinity: - {{- toYaml . | nindent 14 }} - {{- end }} - {{- with .Values.tolerations }} - tolerations: - {{- toYaml . | nindent 14 }} - {{- end }} {{- if and .Values.resources .Values.resources.auditScanner }} resources: {{ toYaml .Values.resources.auditScanner | indent 14 }} diff --git a/charts/kubewarden-controller/templates/deployment.yaml b/charts/kubewarden-controller/templates/deployment.yaml index 68067b6d..e5ad930a 100644 --- a/charts/kubewarden-controller/templates/deployment.yaml +++ b/charts/kubewarden-controller/templates/deployment.yaml @@ -30,6 +30,16 @@ spec: {{- include "imagePullSecrets" .Values.imagePullSecrets | nindent 8 }} {{- end }} serviceAccountName: {{ include "kubewarden-controller.serviceAccountName" . }} + {{- if .Values.global.affinity }} + affinity: {{ .Values.global.affinity | toYaml | nindent 8 }} + {{- end }} + {{- if .Values.global.tolerations }} + tolerations: {{ .Values.global.tolerations | toYaml | nindent 8 }} + {{- end }} + {{- with .Values.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} containers: - name: manager args: @@ -93,15 +103,3 @@ spec: {{ toYaml .Values.podSecurityContext | indent 8 }} {{- end }} terminationGracePeriodSeconds: 10 - {{- with .Values.nodeSelector }} - nodeSelector: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.affinity }} - affinity: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.tolerations }} - tolerations: - {{- toYaml . | nindent 8 }} - {{- end }} diff --git a/charts/kubewarden-controller/values.yaml b/charts/kubewarden-controller/values.yaml index 00a49f0b..6bf5467a 100644 --- a/charts/kubewarden-controller/values.yaml +++ b/charts/kubewarden-controller/values.yaml @@ -3,6 +3,61 @@ # by more than one chart and they ideally need to match during the # installation of the charts consuming this values. global: + # affinity: + # podAffinity: + # requiredDuringSchedulingIgnoredDuringExecution: + # - labelSelector: + # matchExpressions: + # - key: security + # operator: In + # values: + # - S1 + # topologyKey: topology.kubernetes.io/zone + # podAntiAffinity: + # preferredDuringSchedulingIgnoredDuringExecution: + # - weight: 100 + # podAffinityTerm: + # labelSelector: + # matchExpressions: + # - key: security + # operator: In + # values: + # - S2 + # topologyKey: topology.kubernetes.io/zone + # nodeAffinity: + # requiredDuringSchedulingIgnoredDuringExecution: + # nodeSelectorTerms: + # - matchExpressions: + # - key: kubernetes.io/os + # operator: In + # values: + # - linux + # preferredDuringSchedulingIgnoredDuringExecution: + # - weight: 1 + # preference: + # matchExpressions: + # - key: label-1 + # operator: In + # values: + # - key-1 + # - weight: 50 + # preference: + # matchExpressions: + # - key: label-2 + # operator: In + # values: + # - key-2 + affinity: {} + # tolerations: + # - key: "key1" + # operator: "Equal" + # value: "value1" + # effect: "NoSchedule" + # - key: "key1" + # operator: "Equal" + # value: "value1" + # effect: "NoExecute" + tolerations: [] cattle: systemDefaultRegistry: ghcr.io skipNamespaces: @@ -111,8 +166,6 @@ preDeleteJob: # kubewarden-controller deployment settings: podAnnotations: {} nodeSelector: {} -tolerations: [] -affinity: {} tls: # source options: # - "cert-manager-self-signed": Scaffold cert-manager integration, and create diff --git a/charts/kubewarden-defaults/templates/_helpers.tpl b/charts/kubewarden-defaults/templates/_helpers.tpl index ab4b5543..197fb4e7 100644 --- a/charts/kubewarden-defaults/templates/_helpers.tpl +++ b/charts/kubewarden-defaults/templates/_helpers.tpl @@ -76,4 +76,3 @@ namespaceSelector: {{- printf "%s/" .Values.global.cattle.systemDefaultRegistry -}} {{- end -}} {{- end -}} - diff --git a/charts/kubewarden-defaults/templates/policyserver-default.yaml b/charts/kubewarden-defaults/templates/policyserver-default.yaml index e351d7c4..7d761397 100644 --- a/charts/kubewarden-defaults/templates/policyserver-default.yaml +++ b/charts/kubewarden-defaults/templates/policyserver-default.yaml @@ -20,8 +20,11 @@ spec: {{- if .Values.policyServer.maxUnavailable }} maxUnavailable: {{ .Values.policyServer.maxUnavailable }} {{- end }} - {{- if .Values.policyServer.affinity }} - affinity: {{ .Values.policyServer.affinity | toYaml | nindent 4 }} + {{- if .Values.global.affinity }} + affinity: {{ .Values.global.affinity | toYaml | nindent 4 }} + {{- end }} + {{- if .Values.global.tolerations }} + tolerations: {{ .Values.global.tolerations | toYaml | nindent 4 }} {{- end }} {{- if .Values.policyServer.limits }} limits: {{ .Values.policyServer.limits | toYaml | nindent 4 }} diff --git a/charts/kubewarden-defaults/values.yaml b/charts/kubewarden-defaults/values.yaml index 437ea18e..e1a5596b 100644 --- a/charts/kubewarden-defaults/values.yaml +++ b/charts/kubewarden-defaults/values.yaml @@ -3,6 +3,61 @@ # by more than one chart and they ideally need to match during the # installation of the charts consuming this values. global: + # affinity: + # podAffinity: + # requiredDuringSchedulingIgnoredDuringExecution: + # - labelSelector: + # matchExpressions: + # - key: security + # operator: In + # values: + # - S1 + # topologyKey: topology.kubernetes.io/zone + # podAntiAffinity: + # preferredDuringSchedulingIgnoredDuringExecution: + # - weight: 100 + # podAffinityTerm: + # labelSelector: + # matchExpressions: + # - key: security + # operator: In + # values: + # - S2 + # topologyKey: topology.kubernetes.io/zone + # nodeAffinity: + # requiredDuringSchedulingIgnoredDuringExecution: + # nodeSelectorTerms: + # - matchExpressions: + # - key: kubernetes.io/os + # operator: In + # values: + # - linux + # preferredDuringSchedulingIgnoredDuringExecution: + # - weight: 1 + # preference: + # matchExpressions: + # - key: label-1 + # operator: In + # values: + # - key-1 + # - weight: 50 + # preference: + # matchExpressions: + # - key: label-2 + # operator: In + # values: + # - key-2 + affinity: {} + # tolerations: + # - key: "key1" + # operator: "Equal" + # value: "value1" + # effect: "NoSchedule" + # - key: "key1" + # operator: "Equal" + # value: "value1" + # effect: "NoExecute" + tolerations: [] cattle: systemDefaultRegistry: ghcr.io skipNamespaces: @@ -113,8 +168,6 @@ policyServer: # certs: # - "cert4" sourceAuthorities: {} - # affinity for pods of the default PolicyServer - affinity: {} # limits and requests, see https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ limits: {} requests: {} diff --git a/common-values.yaml b/common-values.yaml index 1a6efd02..a235d2fb 100644 --- a/common-values.yaml +++ b/common-values.yaml @@ -2,6 +2,8 @@ # by more than one chart and they ideally need to match during the # installation of the charts consuming this values. global: + affinity: {} + tolerations: [] cattle: systemDefaultRegistry: ghcr.io skipNamespaces: @@ -47,3 +49,5 @@ global: default: name: default enabled: true + affinity: {} + tolerations: []