andata
/
rancher-charts
mirror of https://git.rancher.io/charts
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Add node selectors and tolerations for windows

pull/1872/head
Eliyam Levy 2022-04-26 16:01:45 -04:00
parent 7fbdc4e0bd
commit daa518a32d
10 changed files with 123 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
packages/rancher-gatekeeper/generated-changes/patch/Chart.yaml.patch
View File

@ -1,6 +1,6 @@
--- charts-original/Chart.yaml
+++ charts/Chart.yaml
@@ -1,10 +1,25 @@
@@ -1,10 +1,26 @@
+annotations:
+ catalog.cattle.io/auto-install: rancher-gatekeeper-crd=match
+ catalog.cattle.io/certified: rancher
@ -8,6 +8,7 @@
+ catalog.cattle.io/kube-version: '>= 1.16.0-0'
+ catalog.cattle.io/namespace: cattle-gatekeeper-system
+ catalog.cattle.io/os: linux
+ catalog.cattle.io/permits-os: linux,windows
+ catalog.cattle.io/provides-gvr: config.gatekeeper.sh.config/v1alpha1
+ catalog.cattle.io/rancher-version: '>= 2.6.0-0 <= 2.6.100-0'
+ catalog.cattle.io/release-name: rancher-gatekeeper

20
packages/rancher-gatekeeper/generated-changes/patch/templates/_helpers.tpl.patch
View File

@ -1,11 +1,9 @@
--- charts-original/templates/_helpers.tpl
+++ charts/templates/_helpers.tpl
@@ -38,4 +38,12 @@
@@ -38,4 +38,27 @@
{{- if .Values.podLabels }}
{{- toYaml .Values.podLabels | nindent 8 }}
{{- end }}
-{{- end -}}
\ No newline at end of file
+{{- end -}}
+
+{{- define "system_default_registry" -}}
@ -15,3 +13,19 @@
+{{- "" -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Windows cluster will add default taint for linux nodes,
+add below linux tolerations to workloads could be scheduled to those linux nodes
+*/}}
+{{- define "linux-node-tolerations" -}}
+- key: "cattle.io/os"
+ value: "linux"
+ effect: "NoSchedule"
+ operator: "Equal"
+{{- end -}}
+
+{{- define "linux-node-selector" -}}
+kubernetes.io/os: linux
{{- end -}}
\ No newline at end of file

26
packages/rancher-gatekeeper/generated-changes/patch/templates/gatekeeper-audit-deployment.yaml.patch
View File

@ -11,12 +11,30 @@
livenessProbe:
httpGet:
path: /healthz
@@ -102,7 +102,7 @@
@@ -102,16 +102,20 @@
dnsPolicy: {{ .Values.audit.dnsPolicy }}
hostNetwork: {{ .Values.audit.hostNetwork }}
imagePullSecrets:
- {{- toYaml .Values.image.pullSecrets | nindent 8 }}
- nodeSelector:
- {{- toYaml .Values.audit.nodeSelector | nindent 8 }}
- {{- if .Values.audit.priorityClassName }}
+ {{- toYaml .Values.images.pullSecrets | nindent 8 }}
nodeSelector:
{{- toYaml .Values.audit.nodeSelector | nindent 8 }}
{{- if .Values.audit.priorityClassName }}
+ nodeSelector: {{ include "linux-node-selector" . | nindent 8 }}
+{{- if .Values.audit.nodeSelector }}
+{{ toYaml .Values.audit.nodeSelector | indent 8 }}
+{{- end }}
+ {{- if .Values.audit.priorityClassName }}
priorityClassName: {{ .Values.audit.priorityClassName }}
{{- end }}
serviceAccountName: gatekeeper-admin
terminationGracePeriodSeconds: 60
- tolerations:
- {{- toYaml .Values.audit.tolerations | nindent 8 }}
+ tolerations: {{ include "linux-node-tolerations" . | nindent 8 }}
+{{- if .Values.audit.tolerations }}
+{{ toYaml .Values.audit.tolerations | indent 8 }}
+{{- end }}
volumes:
{{- if .Values.audit.writeToRAMDisk }}
- emptyDir:

27
packages/rancher-gatekeeper/generated-changes/patch/templates/gatekeeper-controller-manager-deployment.yaml.patch
View File

@ -11,12 +11,33 @@
livenessProbe:
httpGet:
path: /healthz
@@ -115,7 +115,7 @@
@@ -115,18 +115,22 @@
dnsPolicy: {{ .Values.controllerManager.dnsPolicy }}
hostNetwork: {{ .Values.controllerManager.hostNetwork }}
imagePullSecrets:
- {{- toYaml .Values.image.pullSecrets | nindent 8 }}
- nodeSelector:
- {{- toYaml .Values.controllerManager.nodeSelector | nindent 8 }}
+ {{- toYaml .Values.images.pullSecrets | nindent 8 }}
nodeSelector:
{{- toYaml .Values.controllerManager.nodeSelector | nindent 8 }}
+ nodeSelector: {{ include "linux-node-selector" . | nindent 8 }}
+{{- if .Values.controllerManager.nodeSelector }}
+{{ toYaml .Values.controllerManager.nodeSelector | indent 8 }}
+{{- end }}
{{- if .Values.controllerManager.priorityClassName }}
priorityClassName: {{ .Values.controllerManager.priorityClassName }}
{{- end }}
serviceAccountName: gatekeeper-admin
terminationGracePeriodSeconds: 60
- tolerations:
- {{- toYaml .Values.controllerManager.tolerations | nindent 8 }}
+ tolerations: {{ include "linux-node-tolerations" . | nindent 8 }}
+{{- if .Values.controllerManager.tolerations }}
+{{ toYaml .Values.controllerManager.tolerations | indent 8 }}
+{{- end }}
volumes:
- name: cert
secret:
defaultMode: 420
- secretName: gatekeeper-webhook-server-cert
+ secretName: gatekeeper-webhook-server-cert
\ No newline at end of file

10
packages/rancher-gatekeeper/generated-changes/patch/templates/namespace-post-install.yaml.patch
View File

@ -1,7 +1,13 @@
--- charts-original/templates/namespace-post-install.yaml
+++ charts/templates/namespace-post-install.yaml
@@ -30,7 +30,7 @@
kubernetes.io/os: linux
@@ -26,11 +26,11 @@
{{- .Values.postInstall.labelNamespace.image.pullSecrets | toYaml | nindent 12 }}
{{- end }}
serviceAccount: gatekeeper-update-namespace-label
- nodeSelector:
- kubernetes.io/os: linux
+ nodeSelector: {{ include "linux-node-selector" . | nindent 8 }}
+ tolerations: {{ include "linux-node-tolerations" . | nindent 8 }}
containers:
- name: kubectl-label
- image: "{{ .Values.postInstall.labelNamespace.image.repository }}:{{ .Values.postInstall.labelNamespace.image.tag }}"

10
packages/rancher-gatekeeper/generated-changes/patch/templates/upgrade-crds-hook.yaml.patch
View File

@ -19,3 +19,13 @@
args:
- apply
- -f
@@ -98,7 +98,6 @@
runAsGroup: 65532
runAsNonRoot: true
runAsUser: 65532
- nodeSelector:
- kubernetes.io/os: linux
-
+ nodeSelector: {{ include "linux-node-selector" . | nindent 8 }}
+ tolerations: {{ include "linux-node-tolerations" . | nindent 8 }}
{{- end }}

18
packages/rancher-gatekeeper/generated-changes/patch/values.yaml.patch
View File

@ -31,6 +31,24 @@
pullPolicy: IfNotPresent
pullSecrets: []
podAnnotations:
@@ -59,7 +62,7 @@
topologyKey: kubernetes.io/hostname
weight: 100
tolerations: []
- nodeSelector: { kubernetes.io/os: linux }
+ nodeSelector: {}
resources:
limits:
cpu: 1000m
@@ -75,7 +78,7 @@
priorityClassName: system-cluster-critical
affinity: {}
tolerations: []
- nodeSelector: { kubernetes.io/os: linux }
+ nodeSelector: {}
writeToRAMDisk: false
resources:
limits:
@@ -89,6 +92,12 @@
pdb:
controllerManager:

2
packages/rancher-gatekeeper/package.yaml
View File

@ -1,5 +1,5 @@
url: https://open-policy-agent.github.io/gatekeeper/charts/gatekeeper-3.7.1.tgz
version: 100.1.0
version: 100.1.1
additionalCharts:
- workingDir: charts-crd
crdOptions:

16
packages/rancher-gatekeeper/templates/crd-template/templates/jobs.yaml
View File

@ -16,6 +16,14 @@ spec:
app: {{ .Chart.Name }}
spec:
serviceAccountName: {{ .Chart.Name }}-manager
nodeSelector: {{ include "linux-node-selector" . | nindent 8 }}
{{- if .Values.nodeSelector }}
{{ toYaml .Values.nodeSelector | indent 8 }}
{{- end }}
tolerations: {{ include "linux-node-tolerations" . | nindent 8 }}
{{- if .Values.tolerations }}
{{ toYaml .Values.tolerations | indent 8 }}
{{- end }}
securityContext:
runAsNonRoot: true
runAsUser: 1000
@ -56,6 +64,14 @@ spec:
app: {{ .Chart.Name }}
spec:
serviceAccountName: {{ .Chart.Name }}-manager
nodeSelector: {{ include "linux-node-selector" . | nindent 8 }}
{{- if .Values.nodeSelector }}
{{ toYaml .Values.nodeSelector | indent 8 }}
{{- end }}
tolerations: {{ include "linux-node-tolerations" . | nindent 8 }}
{{- if .Values.tolerations }}
{{ toYaml .Values.tolerations | indent 8 }}
{{- end }}
securityContext:
runAsNonRoot: true
runAsUser: 1000

6
release.yaml
View File

@ -11,4 +11,8 @@ rancher-vsphere-cpi:
rancher-webhook:
- 1.0.5+up0.2.6-rc3
system-upgrade-controller:
- 100.0.3+up0.3.2
- 100.0.3+up0.3.2
rancher-gatekeeper:
- 100.1.1+up3.7.1
rancher-gatekeeper-crd:
- 100.1.1+up3.7.1