From 52138d5f05a992b0fbbeb2c1df1ec80a3c0eb22f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jan-Otto=20Kr=C3=B6pke?= Date: Mon, 30 Jan 2023 16:13:31 +0100 Subject: [PATCH 1/6] Supporting custom labels/annotations on deployment/pod MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Jan-Otto Kröpke --- charts/dex/Chart.yaml | 4 ++-- charts/dex/README.md | 3 +++ ...tions-values.yaml => label-annotations-values.yaml} | 9 +++++++++ charts/dex/templates/deployment.yaml | 10 ++++++++++ charts/dex/values.yaml | 7 +++++++ 5 files changed, 31 insertions(+), 2 deletions(-) rename charts/dex/ci/{pod-annotations-values.yaml => label-annotations-values.yaml} (64%) diff --git a/charts/dex/Chart.yaml b/charts/dex/Chart.yaml index e319f2be..3d0a6c31 100644 --- a/charts/dex/Chart.yaml +++ b/charts/dex/Chart.yaml @@ -1,7 +1,7 @@ apiVersion: v2 type: application name: dex -version: 0.14.1 +version: 0.14.2 appVersion: "2.36.0" kubeVersion: ">=1.14.0-0" description: OpenID Connect (OIDC) identity and OAuth 2.0 provider with pluggable connectors. @@ -22,7 +22,7 @@ maintainers: annotations: artifacthub.io/changes: | - kind: added - description: "Supporting template evaluation in ingress hosts" + description: "Supporting custom labels/annotations on deployment/pod" artifacthub.io/images: | - name: dex image: ghcr.io/dexidp/dex:v2.36.0 diff --git a/charts/dex/README.md b/charts/dex/README.md index cb755154..c78cd40b 100644 --- a/charts/dex/README.md +++ b/charts/dex/README.md @@ -134,7 +134,10 @@ ingress: | serviceAccount.name | string | `""` | The name of the service account to use. If not set and create is true, a name is generated using the fullname template. | | rbac.create | bool | `true` | Specifies whether RBAC resources should be created. If disabled, the operator is responsible for creating the necessary resources based on the templates. | | rbac.createClusterScoped | bool | `true` | Specifies which RBAC resources should be created. If disabled, the operator is responsible for creating the necessary resources (ClusterRole and RoleBinding or CRD's) | +| annotations | object | `{}` | Annotations to be added to deployment. | +| labels | object | `{}` | Labels to be added to deployment. | | podAnnotations | object | `{}` | Annotations to be added to pods. | +| podLabels | object | `{}` | Labels to be added to pods. | | podDisruptionBudget.enabled | bool | `false` | Enable a [pod distruption budget](https://kubernetes.io/docs/tasks/run-application/configure-pdb/) to help dealing with [disruptions](https://kubernetes.io/docs/concepts/workloads/pods/disruptions/). It is **highly recommended** for webhooks as disruptions can prevent launching new pods. | | podDisruptionBudget.minAvailable | int/percentage | `nil` | Number or percentage of pods that must remain available. | | podDisruptionBudget.maxUnavailable | int/percentage | `nil` | Number or percentage of pods that can be unavailable. | diff --git a/charts/dex/ci/pod-annotations-values.yaml b/charts/dex/ci/label-annotations-values.yaml similarity index 64% rename from charts/dex/ci/pod-annotations-values.yaml rename to charts/dex/ci/label-annotations-values.yaml index d08cdb17..39065408 100644 --- a/charts/dex/ci/pod-annotations-values.yaml +++ b/charts/dex/ci/label-annotations-values.yaml @@ -6,5 +6,14 @@ config: enablePasswordDB: true +annotations: + reloader.stakater.com/auto: "true" + podAnnotations: vault.security.banzaicloud.io/vault-addr: "https://vault.vault:8200" + +labels: + hello: world + +podLabels: + hello: world diff --git a/charts/dex/templates/deployment.yaml b/charts/dex/templates/deployment.yaml index 1f3ad4b8..d39f9d30 100644 --- a/charts/dex/templates/deployment.yaml +++ b/charts/dex/templates/deployment.yaml @@ -4,6 +4,13 @@ metadata: name: {{ include "dex.fullname" . }} labels: {{- include "dex.labels" . | nindent 4 }} + {{ with .Values.labels }} + {{- . | nindent 4 }} + {{- end }} + {{ with .Values.annotations }} + annotations: + {{- . | nindent 4 }} + {{- end }} spec: {{- if not .Values.autoscaling.enabled }} replicas: {{ .Values.replicaCount }} @@ -26,6 +33,9 @@ spec: {{- end }} labels: {{- include "dex.selectorLabels" . | nindent 8 }} + {{- with .Values.podLabels }} + {{- toYaml . | nindent 8 }} + {{- end }} spec: {{- with .Values.imagePullSecrets }} imagePullSecrets: diff --git a/charts/dex/values.yaml b/charts/dex/values.yaml index 756d49ef..425db7f5 100644 --- a/charts/dex/values.yaml +++ b/charts/dex/values.yaml @@ -107,8 +107,15 @@ rbac: # If disabled, the operator is responsible for creating the necessary resources (ClusterRole and RoleBinding or CRD's) createClusterScoped: true +# -- Annotations to be added to deployment. +annotations: {} +# -- Labels to be added to deployment. +labels: {} + # -- Annotations to be added to pods. podAnnotations: {} +# -- Labels to be added to pods. +podLabels: {} podDisruptionBudget: # -- Enable a [pod distruption budget](https://kubernetes.io/docs/tasks/run-application/configure-pdb/) to help dealing with [disruptions](https://kubernetes.io/docs/concepts/workloads/pods/disruptions/). From f20211f0e9a4c1d8f54eb9567e4c439715e3da07 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jan-Otto=20Kr=C3=B6pke?= Date: Mon, 6 Feb 2023 20:22:46 +0100 Subject: [PATCH 2/6] Supporting custom labels/annotations on deployment/pod/serviceMonitor MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Jan-Otto Kröpke Signed-off-by: Jan-Otto Kröpke --- charts/dex/README.md | 6 ++++ charts/dex/templates/deployment.yaml | 4 +-- charts/dex/templates/servicemonitor.yaml | 24 ++++++++++++++++ charts/dex/values.yaml | 36 ++++++++++++++++++++++++ 4 files changed, 68 insertions(+), 2 deletions(-) diff --git a/charts/dex/README.md b/charts/dex/README.md index c78cd40b..ca7b45ae 100644 --- a/charts/dex/README.md +++ b/charts/dex/README.md @@ -163,6 +163,12 @@ ingress: | serviceMonitor.interval | duration | `nil` | Prometheus scrape interval. | | serviceMonitor.scrapeTimeout | duration | `nil` | Prometheus scrape timeout. | | serviceMonitor.labels | object | `{}` | Labels to be added to the ServiceMonitor. | +| serviceMonitor.annotations | object | `{}` | Annotations to be added to the ServiceMonitor. | +| serviceMonitor.scheme | string | `""` | HTTP scheme to use for scraping. Can be used with `tlsConfig` for example if using istio mTLS. | +| serviceMonitor.tlsConfig | object | `{}` | TLS configuration to use when scraping the endpoint. For example if using istio mTLS. | +| serviceMonitor.bearerTokenFile | string | `nil` | Prometheus scrape bearerTokenFile | +| serviceMonitor.metricRelabelings | list | `[]` | Prometheus scrape metric relabel configs to apply to samples before ingestion. | +| serviceMonitor.relabelings | list | `[]` | Relabel configs to apply to samples before ingestion. | | resources | object | No requests or limits. | Container resource [requests and limits](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/). See the [API reference](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#resources) for details. | | autoscaling | object | Disabled by default. | Autoscaling configuration (see [values.yaml](values.yaml) for details). | | nodeSelector | object | `{}` | [Node selector](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector) configuration. | diff --git a/charts/dex/templates/deployment.yaml b/charts/dex/templates/deployment.yaml index d39f9d30..4a2c1067 100644 --- a/charts/dex/templates/deployment.yaml +++ b/charts/dex/templates/deployment.yaml @@ -5,11 +5,11 @@ metadata: labels: {{- include "dex.labels" . | nindent 4 }} {{ with .Values.labels }} - {{- . | nindent 4 }} + {{- toYaml . | nindent 4 }} {{- end }} {{ with .Values.annotations }} annotations: - {{- . | nindent 4 }} + {{- toYaml . | nindent 4 }} {{- end }} spec: {{- if not .Values.autoscaling.enabled }} diff --git a/charts/dex/templates/servicemonitor.yaml b/charts/dex/templates/servicemonitor.yaml index 34e161e8..ce96e5be 100644 --- a/charts/dex/templates/servicemonitor.yaml +++ b/charts/dex/templates/servicemonitor.yaml @@ -2,6 +2,10 @@ apiVersion: monitoring.coreos.com/v1 kind: ServiceMonitor metadata: + {{- with .Values.serviceMonitor.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} name: {{ include "dex.fullname" . }} {{- with .Values.serviceMonitor.namespace }} namespace: {{ . }} @@ -17,9 +21,29 @@ spec: {{- with .Values.serviceMonitor.interval }} interval: {{ . }} {{- end }} + {{- with .Values.serviceMonitor.scheme }} + scheme: {{ . }} + {{- end }} + {{- with .Values.serviceMonitor.bearerTokenFile }} + bearerTokenFile: {{ . }} + {{- end }} + {{- with .Values.serviceMonitor.tlsConfig }} + tlsConfig: + {{- toYaml .| nindent 6 }} + {{- end }} {{- with .Values.serviceMonitor.scrapeTimeout }} scrapeTimeout: {{ . }} {{- end }} + path: {{ .Values.serviceMonitor.path }} + honorLabels: {{ .Values.serviceMonitor.honorLabels }} + {{- with .Values.serviceMonitor.metricRelabelings }} + metricRelabelings: + {{- tpl (toYaml . | nindent 6) $ }} + {{- end }} + {{- with .Values.serviceMonitor.relabelings }} + relabelings: + {{- toYaml . | nindent 6 }} + {{- end }} jobLabel: {{ include "dex.fullname" . }} selector: matchLabels: diff --git a/charts/dex/values.yaml b/charts/dex/values.yaml index 425db7f5..479d5dbf 100644 --- a/charts/dex/values.yaml +++ b/charts/dex/values.yaml @@ -221,8 +221,44 @@ serviceMonitor: scrapeTimeout: # -- Labels to be added to the ServiceMonitor. + ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#prometheusspec labels: {} + # -- Annotations to be added to the ServiceMonitor. + ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#prometheusspec + annotations: {} + + # -- HTTP scheme to use for scraping. + # Can be used with `tlsConfig` for example if using istio mTLS. + scheme: "" + + # -- TLS configuration to use when scraping the endpoint. + # For example if using istio mTLS. + ## Of type: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#tlsconfig + tlsConfig: {} + + # -- Prometheus scrape bearerTokenFile + bearerTokenFile: + + # -- Prometheus scrape metric relabel configs + # to apply to samples before ingestion. + ## [Metric Relabeling](https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs) + metricRelabelings: [] + # - action: keep + # regex: 'kube_(daemonset|deployment|pod|namespace|node|statefulset).+' + # sourceLabels: [__name__] + + # -- Relabel configs to apply + # to samples before ingestion. + ## [Relabeling](https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config) + relabelings: [] + # - sourceLabels: [__meta_kubernetes_pod_node_name] + # separator: ; + # regex: ^(.*)$ + # targetLabel: nodename + # replacement: $1 + # action: replace + # -- Container resource [requests and limits](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/). # See the [API reference](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#resources) for details. # @default -- No requests or limits. From 54077c33296f6ef9b0803ef6b10733024257c1dc Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jan-Otto=20Kr=C3=B6pke?= Date: Sat, 8 Apr 2023 10:15:26 +0200 Subject: [PATCH 3/6] docs MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Jan-Otto Kröpke Signed-off-by: Jan-Otto Kröpke --- charts/dex/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/dex/README.md b/charts/dex/README.md index ca7b45ae..2ff374da 100644 --- a/charts/dex/README.md +++ b/charts/dex/README.md @@ -1,6 +1,6 @@ # dex -![version: 0.14.1](https://img.shields.io/badge/version-0.14.1-informational?style=flat-square) ![type: application](https://img.shields.io/badge/type-application-informational?style=flat-square) ![app version: 2.36.0](https://img.shields.io/badge/app%20version-2.36.0-informational?style=flat-square) ![kube version: >=1.14.0-0](https://img.shields.io/badge/kube%20version->=1.14.0--0-informational?style=flat-square) [![artifact hub](https://img.shields.io/badge/artifact%20hub-dex-informational?style=flat-square)](https://artifacthub.io/packages/helm/dex/dex) +![version: 0.14.2](https://img.shields.io/badge/version-0.14.2-informational?style=flat-square) ![type: application](https://img.shields.io/badge/type-application-informational?style=flat-square) ![app version: 2.36.0](https://img.shields.io/badge/app%20version-2.36.0-informational?style=flat-square) ![kube version: >=1.14.0-0](https://img.shields.io/badge/kube%20version->=1.14.0--0-informational?style=flat-square) [![artifact hub](https://img.shields.io/badge/artifact%20hub-dex-informational?style=flat-square)](https://artifacthub.io/packages/helm/dex/dex) OpenID Connect (OIDC) identity and OAuth 2.0 provider with pluggable connectors. From 1e90b224ad8a3b05721e3bdddd0d001ea7a028c6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jan-Otto=20Kr=C3=B6pke?= Date: Tue, 20 Jun 2023 12:49:02 +0200 Subject: [PATCH 4/6] s/annotations/deploymentAnnotations MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Jan-Otto Kröpke --- charts/dex/README.md | 4 ++-- charts/dex/templates/deployment.yaml | 4 ++-- charts/dex/values.yaml | 4 ++-- 3 files changed, 6 insertions(+), 6 deletions(-) diff --git a/charts/dex/README.md b/charts/dex/README.md index 2ff374da..d46f7a61 100644 --- a/charts/dex/README.md +++ b/charts/dex/README.md @@ -134,8 +134,8 @@ ingress: | serviceAccount.name | string | `""` | The name of the service account to use. If not set and create is true, a name is generated using the fullname template. | | rbac.create | bool | `true` | Specifies whether RBAC resources should be created. If disabled, the operator is responsible for creating the necessary resources based on the templates. | | rbac.createClusterScoped | bool | `true` | Specifies which RBAC resources should be created. If disabled, the operator is responsible for creating the necessary resources (ClusterRole and RoleBinding or CRD's) | -| annotations | object | `{}` | Annotations to be added to deployment. | -| labels | object | `{}` | Labels to be added to deployment. | +| deploymentAnnotations | object | `{}` | Annotations to be added to deployment. | +| deploymentLabels | object | `{}` | Labels to be added to deployment. | | podAnnotations | object | `{}` | Annotations to be added to pods. | | podLabels | object | `{}` | Labels to be added to pods. | | podDisruptionBudget.enabled | bool | `false` | Enable a [pod distruption budget](https://kubernetes.io/docs/tasks/run-application/configure-pdb/) to help dealing with [disruptions](https://kubernetes.io/docs/concepts/workloads/pods/disruptions/). It is **highly recommended** for webhooks as disruptions can prevent launching new pods. | diff --git a/charts/dex/templates/deployment.yaml b/charts/dex/templates/deployment.yaml index 4a2c1067..145aa0af 100644 --- a/charts/dex/templates/deployment.yaml +++ b/charts/dex/templates/deployment.yaml @@ -4,10 +4,10 @@ metadata: name: {{ include "dex.fullname" . }} labels: {{- include "dex.labels" . | nindent 4 }} - {{ with .Values.labels }} + {{ with .Values.deploymentLabels }} {{- toYaml . | nindent 4 }} {{- end }} - {{ with .Values.annotations }} + {{ with .Values.deploymentAnnotations }} annotations: {{- toYaml . | nindent 4 }} {{- end }} diff --git a/charts/dex/values.yaml b/charts/dex/values.yaml index 479d5dbf..ea5a8d1d 100644 --- a/charts/dex/values.yaml +++ b/charts/dex/values.yaml @@ -108,9 +108,9 @@ rbac: createClusterScoped: true # -- Annotations to be added to deployment. -annotations: {} +deploymentAnnotations: {} # -- Labels to be added to deployment. -labels: {} +deploymentLabels: {} # -- Annotations to be added to pods. podAnnotations: {} From 3dd4a1d5c2611d5cd9299f05a288b30df3e2bdf0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jan-Otto=20Kr=C3=B6pke?= Date: Tue, 20 Jun 2023 13:10:16 +0200 Subject: [PATCH 5/6] Add changelog note MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Jan-Otto Kröpke --- charts/dex/Chart.yaml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/charts/dex/Chart.yaml b/charts/dex/Chart.yaml index 3d0a6c31..6f2f163f 100644 --- a/charts/dex/Chart.yaml +++ b/charts/dex/Chart.yaml @@ -23,6 +23,8 @@ annotations: artifacthub.io/changes: | - kind: added description: "Supporting custom labels/annotations on deployment/pod" + - kind: added + description: "Add metricRelabelings, scheme, tlsConfig, bearerTokenFile and relabelings to ServiceMonitor" artifacthub.io/images: | - name: dex image: ghcr.io/dexidp/dex:v2.36.0 From f7122deba5e8a43628a490556d382de4a43e7b3f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jan-Otto=20Kr=C3=B6pke?= Date: Tue, 20 Jun 2023 17:11:22 +0200 Subject: [PATCH 6/6] Apply suggestions from code review MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Co-authored-by: Márk Sági-Kazár Signed-off-by: Jan-Otto Kröpke --- charts/dex/ci/label-annotations-values.yaml | 4 ++-- charts/dex/values.yaml | 2 ++ 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/charts/dex/ci/label-annotations-values.yaml b/charts/dex/ci/label-annotations-values.yaml index 39065408..876c699f 100644 --- a/charts/dex/ci/label-annotations-values.yaml +++ b/charts/dex/ci/label-annotations-values.yaml @@ -6,13 +6,13 @@ config: enablePasswordDB: true -annotations: +deploymentAnnotations: reloader.stakater.com/auto: "true" podAnnotations: vault.security.banzaicloud.io/vault-addr: "https://vault.vault:8200" -labels: +deploymentLabels: hello: world podLabels: diff --git a/charts/dex/values.yaml b/charts/dex/values.yaml index ea5a8d1d..18127074 100644 --- a/charts/dex/values.yaml +++ b/charts/dex/values.yaml @@ -109,11 +109,13 @@ rbac: # -- Annotations to be added to deployment. deploymentAnnotations: {} + # -- Labels to be added to deployment. deploymentLabels: {} # -- Annotations to be added to pods. podAnnotations: {} + # -- Labels to be added to pods. podLabels: {}