Merge pull request #387 from wallrj/make-all-helm-ha-values-global

Make all Deployment related Helm values global
cert-manager · Feb 29, 2024 · 6e20fee · 6e20fee
2 parents 4572139 + f2034b4
commit 6e20fee
Show file tree

Hide file tree

Showing 6 changed files with 161 additions and 58 deletions.
diff --git a/deploy/charts/approver-policy/README.md b/deploy/charts/approver-policy/README.md
diff --git a/deploy/charts/approver-policy/templates/NOTES.txt b/deploy/charts/approver-policy/templates/NOTES.txt
@@ -6,6 +6,26 @@
 ⚠️  WARNING: Consider setting the Helm value `podDisruptionBudget.enabled` to true if you require high availability.
 {{- end }}
 
+{{- if .Values.app.webhook.affinity }}
+⚠️  WARNING: The Helm value `.app.webhook.affinity` is deprecated. Use `.affinity` instead.
+{{- end }}
+
+{{- if .Values.app.webhook.nodeSelector }}
+⚠️  WARNING: The Helm value `.app.webhook.nodeSelector` is deprecated. Use `.nodeSelector` instead.
+{{- end }}
+
+{{- if .Values.app.webhook.tolerations }}
+⚠️  WARNING: The Helm value `.app.webhook.tolerations` is deprecated. Use `.tolerations` instead.
+{{- end }}
+
+{{- if .Values.app.webhook.hostNetwork }}
+⚠️  WARNING: The Helm value `.app.webhook.hostNetwork` is deprecated. Use `.hostNetwork` instead.
+{{- end }}
+
+{{- if .Values.app.webhook.dnsPolicy }}
+⚠️  WARNING: The Helm value `.app.webhook.dnsPolicy` is deprecated. Use `.dnsPolicy` instead.
+{{- end }}
+
 CHART NAME: {{ .Chart.Name }}
 CHART VERSION: {{ .Chart.Version }}
 APP VERSION: {{ .Chart.AppVersion }}

diff --git a/deploy/charts/approver-policy/templates/deployment.yaml b/deploy/charts/approver-policy/templates/deployment.yaml
@@ -75,17 +75,17 @@ spec:
       {{- toYaml . | nindent 6 }}
       {{- end }}
 
-      hostNetwork: {{ .Values.app.webhook.hostNetwork }}
-      dnsPolicy: {{ .Values.app.webhook.dnsPolicy }}
-      {{- with .Values.app.webhook.nodeSelector }}
+      hostNetwork: {{ (or .Values.app.webhook.hostNetwork .Values.hostNetwork) }}
+      dnsPolicy: {{ (or .Values.app.webhook.dnsPolicy .Values.dnsPolicy) }}
+      {{- with (or .Values.app.webhook.nodeSelector .Values.nodeSelector) }}
       nodeSelector:
         {{- toYaml . | nindent 8 }}
       {{- end }}
-      {{- with .Values.app.webhook.tolerations }}
+      {{- with (or .Values.app.webhook.tolerations .Values.tolerations) }}
       tolerations:
         {{- toYaml . | nindent 8 }}
       {{- end }}
-      {{- with .Values.app.webhook.affinity }}
+      {{- with (or .Values.app.webhook.affinity .Values.affinity) }}
       affinity:
         {{- toYaml . | nindent 8 }}
       {{- end }}

diff --git a/deploy/charts/approver-policy/values.linter.exceptions b/deploy/charts/approver-policy/values.linter.exceptions
@@ -1 +1,7 @@
-value missing from values.yaml: nameOverride
+value missing from values.yaml: nameOverride
+
+# Some false postives
+# See https://github.com/cert-manager/helm-tool/issues/27
+value missing from templates: tolerations
+value missing from templates: affinity
+value missing from templates: nodeSelector
diff --git a/deploy/charts/approver-policy/values.schema.json b/deploy/charts/approver-policy/values.schema.json
@@ -3,6 +3,9 @@
     "helm-values": {
       "additionalProperties": false,
       "properties": {
+        "affinity": {
+          "$ref": "#/$defs/helm-values.affinity"
+        },
         "app": {
           "$ref": "#/$defs/helm-values.app"
         },
@@ -12,12 +15,21 @@
         "crds": {
           "$ref": "#/$defs/helm-values.crds"
         },
+        "dnsPolicy": {
+          "$ref": "#/$defs/helm-values.dnsPolicy"
+        },
+        "hostNetwork": {
+          "$ref": "#/$defs/helm-values.hostNetwork"
+        },
         "image": {
           "$ref": "#/$defs/helm-values.image"
         },
         "imagePullSecrets": {
           "$ref": "#/$defs/helm-values.imagePullSecrets"
         },
+        "nodeSelector": {
+          "$ref": "#/$defs/helm-values.nodeSelector"
+        },
         "podAnnotations": {
           "$ref": "#/$defs/helm-values.podAnnotations"
         },
@@ -30,6 +42,9 @@
         "resources": {
           "$ref": "#/$defs/helm-values.resources"
         },
+        "tolerations": {
+          "$ref": "#/$defs/helm-values.tolerations"
+        },
         "topologySpreadConstraints": {
           "$ref": "#/$defs/helm-values.topologySpreadConstraints"
         },
@@ -42,6 +57,11 @@
       },
       "type": "object"
     },
+    "helm-values.affinity": {
+      "default": {},
+      "description": "A Kubernetes Affinity, if required. For more information, see [Affinity v1 core](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#affinity-v1-core).\n\nFor example:\naffinity:\n  nodeAffinity:\n   requiredDuringSchedulingIgnoredDuringExecution:\n     nodeSelectorTerms:\n     - matchExpressions:\n       - key: foo.bar.com/role\n         operator: In\n         values:\n         - master",
+      "type": "object"
+    },
     "helm-values.app": {
       "additionalProperties": false,
       "properties": {
@@ -222,13 +242,11 @@
       "type": "object"
     },
     "helm-values.app.webhook.affinity": {
-      "default": {},
-      "description": "A Kubernetes Affinity, if required. For more information, see [Affinity v1 core](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#affinity-v1-core).\n\nFor example:\naffinity:\n  nodeAffinity:\n   requiredDuringSchedulingIgnoredDuringExecution:\n     nodeSelectorTerms:\n     - matchExpressions:\n       - key: foo.bar.com/role\n         operator: In\n         values:\n         - master",
+      "description": "Deprecated. Use .affinity instead.",
       "type": "object"
     },
     "helm-values.app.webhook.dnsPolicy": {
-      "default": "ClusterFirst",
-      "description": "This value may need to be changed if `hostNetwork: true`",
+      "description": "Deprecated. Use .dnsPolicy instead.",
       "type": "string"
     },
     "helm-values.app.webhook.host": {
@@ -237,13 +255,11 @@
       "type": "string"
     },
     "helm-values.app.webhook.hostNetwork": {
-      "default": false,
-      "description": "Boolean value, expose pod on hostNetwork.\nRequired when running a custom CNI in managed providers such as AWS EKS.\n\nFor more information, see [AWS EKS](https://cert-manager.io/docs/installation/compatibility/#aws-eks).",
+      "description": "Deprecated. Use .hostNetwork instead.",
       "type": "boolean"
     },
     "helm-values.app.webhook.nodeSelector": {
-      "default": {},
-      "description": "The nodeSelector on Pods tells Kubernetes to schedule Pods on the nodes with matching labels. For more information, see [Assigning Pods to Nodes](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/).",
+      "description": "Deprecated. Use .nodeSelector instead.",
       "type": "object"
     },
     "helm-values.app.webhook.port": {
@@ -278,8 +294,7 @@
       "type": "number"
     },
     "helm-values.app.webhook.tolerations": {
-      "default": [],
-      "description": "A list of Kubernetes Tolerations, if required. For more information, see [Toleration v1 core](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#toleration-v1-core).\n\nFor example:\ntolerations:\n- key: foo.bar.com/role\n  operator: Equal\n  value: master\n  effect: NoSchedule",
+      "description": "Deprecated. Use .tolerations instead.",
       "items": {},
       "type": "array"
     },
@@ -310,6 +325,16 @@
       "description": "This option makes it so that the \"helm.sh/resource-policy\": keep annotation is added to the CRD. This will prevent Helm from uninstalling the CRD when the Helm release is uninstalled. WARNING: when the CRDs are removed, all cert-manager custom resources\n(Certificates, Issuers, ...) will be removed too by the garbage collector.",
       "type": "boolean"
     },
+    "helm-values.dnsPolicy": {
+      "default": "ClusterFirst",
+      "description": "This value may need to be changed if `hostNetwork: true`",
+      "type": "string"
+    },
+    "helm-values.hostNetwork": {
+      "default": false,
+      "description": "Boolean value, expose pod on hostNetwork.\nRequired when running a custom CNI in managed providers such as AWS EKS.\n\nFor more information, see [AWS EKS](https://cert-manager.io/docs/installation/compatibility/#aws-eks).",
+      "type": "boolean"
+    },
     "helm-values.image": {
       "additionalProperties": false,
       "properties": {
@@ -359,6 +384,11 @@
       "items": {},
       "type": "array"
     },
+    "helm-values.nodeSelector": {
+      "default": {},
+      "description": "The nodeSelector on Pods tells Kubernetes to schedule Pods on the nodes with matching labels. For more information, see [Assigning Pods to Nodes](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/).",
+      "type": "object"
+    },
     "helm-values.podAnnotations": {
       "default": {},
       "description": "Allow custom annotations to be placed on cert-manager-approver pod - optional.",
@@ -402,6 +432,12 @@
       "description": "Kubernetes pod resources.\nFor more information, see [Resource Management for Pods and Containers](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/).\n\nFor example:\nresources:\n  limits:\n    cpu: 100m\n    memory: 128Mi\n  requests:\n    cpu: 100m\n    memory: 128Mi",
       "type": "object"
     },
+    "helm-values.tolerations": {
+      "default": [],
+      "description": "A list of Kubernetes Tolerations, if required. For more information, see [Toleration v1 core](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#toleration-v1-core).\n\nFor example:\ntolerations:\n- key: foo.bar.com/role\n  operator: Equal\n  value: master\n  effect: NoSchedule",
+      "items": {},
+      "type": "array"
+    },
     "helm-values.topologySpreadConstraints": {
       "default": [],
       "description": "List of Kubernetes TopologySpreadConstraints. For more information, see:\n[Pod Topology Spread Constraints](https://kubernetes.io/docs/concepts/scheduling-eviction/topology-spread-constraints/).\n\nFor example:\ntopologySpreadConstraints:\n- maxSkew: 2\n  topologyKey: topology.kubernetes.io/zone\n  whenUnsatisfiable: ScheduleAnyway\n  labelSelector:\n    matchLabels:\n      app.kubernetes.io/name: cert-manager-approver-policy\n      app.kubernetes.io/instance: cert-manager-approver-policy",

diff --git a/deploy/charts/approver-policy/values.yaml b/deploy/charts/approver-policy/values.yaml
@@ -105,43 +105,64 @@ app:
       # +docs:property
       # nodePort: 8080
 
-    # Boolean value, expose pod on hostNetwork.
-    # Required when running a custom CNI in managed providers such as AWS EKS.
-    #
-    # For more information, see [AWS EKS](https://cert-manager.io/docs/installation/compatibility/#aws-eks).
-    hostNetwork: false
-
-    # This value may need to be changed if `hostNetwork: true`
-    dnsPolicy: ClusterFirst
-
-    # A Kubernetes Affinity, if required. For more information, see [Affinity v1 core](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#affinity-v1-core).
-    #
-    # For example:
-    #   affinity:
-    #     nodeAffinity:
-    #      requiredDuringSchedulingIgnoredDuringExecution:
-    #        nodeSelectorTerms:
-    #        - matchExpressions:
-    #          - key: foo.bar.com/role
-    #            operator: In
-    #            values:
-    #            - master
-    affinity: {}
-
-    # The nodeSelector on Pods tells Kubernetes to schedule Pods on the nodes with
-    # matching labels.
-    # For more information, see [Assigning Pods to Nodes](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/).
-    nodeSelector: {}
-
-    # A list of Kubernetes Tolerations, if required. For more information, see [Toleration v1 core](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#toleration-v1-core).
-    #
-    # For example:
-    #   tolerations:
-    #   - key: foo.bar.com/role
-    #     operator: Equal
-    #     value: master
-    #     effect: NoSchedule
-    tolerations: []
+
+    # Deprecated. Use .hostNetwork instead.
+    # +docs:property
+    # hostNetwork: false
+
+    # Deprecated. Use .dnsPolicy instead.
+    # +docs:property
+    # dnsPolicy: ClusterFirst
+
+    # Deprecated. Use .affinity instead.
+    # +docs:property
+    # affinity: {}
+
+    # Deprecated. Use .nodeSelector instead.
+    # +docs:property
+    # nodeSelector: {}
+
+    # Deprecated. Use .tolerations instead.
+    # +docs:property
+    # tolerations: []
+
+# Boolean value, expose pod on hostNetwork.
+# Required when running a custom CNI in managed providers such as AWS EKS.
+#
+# For more information, see [AWS EKS](https://cert-manager.io/docs/installation/compatibility/#aws-eks).
+hostNetwork: false
+
+# This value may need to be changed if `hostNetwork: true`
+dnsPolicy: ClusterFirst
+
+# A Kubernetes Affinity, if required. For more information, see [Affinity v1 core](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#affinity-v1-core).
+#
+# For example:
+#   affinity:
+#     nodeAffinity:
+#      requiredDuringSchedulingIgnoredDuringExecution:
+#        nodeSelectorTerms:
+#        - matchExpressions:
+#          - key: foo.bar.com/role
+#            operator: In
+#            values:
+#            - master
+affinity: {}
+
+# The nodeSelector on Pods tells Kubernetes to schedule Pods on the nodes with
+# matching labels.
+# For more information, see [Assigning Pods to Nodes](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/).
+nodeSelector: {}
+
+# A list of Kubernetes Tolerations, if required. For more information, see [Toleration v1 core](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#toleration-v1-core).
+#
+# For example:
+#   tolerations:
+#   - key: foo.bar.com/role
+#     operator: Equal
+#     value: master
+#     effect: NoSchedule
+tolerations: []
 
 # List of Kubernetes TopologySpreadConstraints. For more information, see:
 # [Pod Topology Spread Constraints](https://kubernetes.io/docs/concepts/scheduling-eviction/topology-spread-constraints/).