From daa518a32ddd152ddd40f33a9f9fb0edac8d9fe6 Mon Sep 17 00:00:00 2001 From: Eliyam Levy Date: Tue, 26 Apr 2022 16:01:45 -0400 Subject: [PATCH] Add node selectors and tolerations for windows --- .../generated-changes/patch/Chart.yaml.patch | 3 ++- .../patch/templates/_helpers.tpl.patch | 20 +++++++++++--- .../gatekeeper-audit-deployment.yaml.patch | 26 +++++++++++++++--- ...r-controller-manager-deployment.yaml.patch | 27 ++++++++++++++++--- .../namespace-post-install.yaml.patch | 10 +++++-- .../templates/upgrade-crds-hook.yaml.patch | 10 +++++++ .../generated-changes/patch/values.yaml.patch | 18 +++++++++++++ packages/rancher-gatekeeper/package.yaml | 2 +- .../crd-template/templates/jobs.yaml | 16 +++++++++++ release.yaml | 6 ++++- 10 files changed, 123 insertions(+), 15 deletions(-) diff --git a/packages/rancher-gatekeeper/generated-changes/patch/Chart.yaml.patch b/packages/rancher-gatekeeper/generated-changes/patch/Chart.yaml.patch index 0d759dc30..6fd0fef19 100644 --- a/packages/rancher-gatekeeper/generated-changes/patch/Chart.yaml.patch +++ b/packages/rancher-gatekeeper/generated-changes/patch/Chart.yaml.patch @@ -1,6 +1,6 @@ --- charts-original/Chart.yaml +++ charts/Chart.yaml -@@ -1,10 +1,25 @@ +@@ -1,10 +1,26 @@ +annotations: + catalog.cattle.io/auto-install: rancher-gatekeeper-crd=match + catalog.cattle.io/certified: rancher @@ -8,6 +8,7 @@ + catalog.cattle.io/kube-version: '>= 1.16.0-0' + catalog.cattle.io/namespace: cattle-gatekeeper-system + catalog.cattle.io/os: linux ++ catalog.cattle.io/permits-os: linux,windows + catalog.cattle.io/provides-gvr: config.gatekeeper.sh.config/v1alpha1 + catalog.cattle.io/rancher-version: '>= 2.6.0-0 <= 2.6.100-0' + catalog.cattle.io/release-name: rancher-gatekeeper diff --git a/packages/rancher-gatekeeper/generated-changes/patch/templates/_helpers.tpl.patch b/packages/rancher-gatekeeper/generated-changes/patch/templates/_helpers.tpl.patch index 9b022aa62..12a4c9953 100644 --- a/packages/rancher-gatekeeper/generated-changes/patch/templates/_helpers.tpl.patch +++ b/packages/rancher-gatekeeper/generated-changes/patch/templates/_helpers.tpl.patch @@ -1,11 +1,9 @@ --- charts-original/templates/_helpers.tpl +++ charts/templates/_helpers.tpl -@@ -38,4 +38,12 @@ +@@ -38,4 +38,27 @@ {{- if .Values.podLabels }} {{- toYaml .Values.podLabels | nindent 8 }} {{- end }} --{{- end -}} -\ No newline at end of file +{{- end -}} + +{{- define "system_default_registry" -}} @@ -15,3 +13,19 @@ +{{- "" -}} +{{- end -}} +{{- end -}} ++ ++{{/* ++Windows cluster will add default taint for linux nodes, ++add below linux tolerations to workloads could be scheduled to those linux nodes ++*/}} ++{{- define "linux-node-tolerations" -}} ++- key: "cattle.io/os" ++ value: "linux" ++ effect: "NoSchedule" ++ operator: "Equal" ++{{- end -}} ++ ++{{- define "linux-node-selector" -}} ++kubernetes.io/os: linux + {{- end -}} +\ No newline at end of file diff --git a/packages/rancher-gatekeeper/generated-changes/patch/templates/gatekeeper-audit-deployment.yaml.patch b/packages/rancher-gatekeeper/generated-changes/patch/templates/gatekeeper-audit-deployment.yaml.patch index eba1bbb41..00dde3b33 100644 --- a/packages/rancher-gatekeeper/generated-changes/patch/templates/gatekeeper-audit-deployment.yaml.patch +++ b/packages/rancher-gatekeeper/generated-changes/patch/templates/gatekeeper-audit-deployment.yaml.patch @@ -11,12 +11,30 @@ livenessProbe: httpGet: path: /healthz -@@ -102,7 +102,7 @@ +@@ -102,16 +102,20 @@ dnsPolicy: {{ .Values.audit.dnsPolicy }} hostNetwork: {{ .Values.audit.hostNetwork }} imagePullSecrets: - {{- toYaml .Values.image.pullSecrets | nindent 8 }} +- nodeSelector: +- {{- toYaml .Values.audit.nodeSelector | nindent 8 }} +- {{- if .Values.audit.priorityClassName }} + {{- toYaml .Values.images.pullSecrets | nindent 8 }} - nodeSelector: - {{- toYaml .Values.audit.nodeSelector | nindent 8 }} - {{- if .Values.audit.priorityClassName }} ++ nodeSelector: {{ include "linux-node-selector" . | nindent 8 }} ++{{- if .Values.audit.nodeSelector }} ++{{ toYaml .Values.audit.nodeSelector | indent 8 }} ++{{- end }} ++ {{- if .Values.audit.priorityClassName }} + priorityClassName: {{ .Values.audit.priorityClassName }} + {{- end }} + serviceAccountName: gatekeeper-admin + terminationGracePeriodSeconds: 60 +- tolerations: +- {{- toYaml .Values.audit.tolerations | nindent 8 }} ++ tolerations: {{ include "linux-node-tolerations" . | nindent 8 }} ++{{- if .Values.audit.tolerations }} ++{{ toYaml .Values.audit.tolerations | indent 8 }} ++{{- end }} + volumes: + {{- if .Values.audit.writeToRAMDisk }} + - emptyDir: diff --git a/packages/rancher-gatekeeper/generated-changes/patch/templates/gatekeeper-controller-manager-deployment.yaml.patch b/packages/rancher-gatekeeper/generated-changes/patch/templates/gatekeeper-controller-manager-deployment.yaml.patch index 1e430c87a..c34d08055 100644 --- a/packages/rancher-gatekeeper/generated-changes/patch/templates/gatekeeper-controller-manager-deployment.yaml.patch +++ b/packages/rancher-gatekeeper/generated-changes/patch/templates/gatekeeper-controller-manager-deployment.yaml.patch @@ -11,12 +11,33 @@ livenessProbe: httpGet: path: /healthz -@@ -115,7 +115,7 @@ +@@ -115,18 +115,22 @@ dnsPolicy: {{ .Values.controllerManager.dnsPolicy }} hostNetwork: {{ .Values.controllerManager.hostNetwork }} imagePullSecrets: - {{- toYaml .Values.image.pullSecrets | nindent 8 }} +- nodeSelector: +- {{- toYaml .Values.controllerManager.nodeSelector | nindent 8 }} + {{- toYaml .Values.images.pullSecrets | nindent 8 }} - nodeSelector: - {{- toYaml .Values.controllerManager.nodeSelector | nindent 8 }} ++ nodeSelector: {{ include "linux-node-selector" . | nindent 8 }} ++{{- if .Values.controllerManager.nodeSelector }} ++{{ toYaml .Values.controllerManager.nodeSelector | indent 8 }} ++{{- end }} {{- if .Values.controllerManager.priorityClassName }} + priorityClassName: {{ .Values.controllerManager.priorityClassName }} + {{- end }} + serviceAccountName: gatekeeper-admin + terminationGracePeriodSeconds: 60 +- tolerations: +- {{- toYaml .Values.controllerManager.tolerations | nindent 8 }} ++ tolerations: {{ include "linux-node-tolerations" . | nindent 8 }} ++{{- if .Values.controllerManager.tolerations }} ++{{ toYaml .Values.controllerManager.tolerations | indent 8 }} ++{{- end }} + volumes: + - name: cert + secret: + defaultMode: 420 +- secretName: gatekeeper-webhook-server-cert ++ secretName: gatekeeper-webhook-server-cert +\ No newline at end of file diff --git a/packages/rancher-gatekeeper/generated-changes/patch/templates/namespace-post-install.yaml.patch b/packages/rancher-gatekeeper/generated-changes/patch/templates/namespace-post-install.yaml.patch index 6abf6d05e..5b0f4b852 100644 --- a/packages/rancher-gatekeeper/generated-changes/patch/templates/namespace-post-install.yaml.patch +++ b/packages/rancher-gatekeeper/generated-changes/patch/templates/namespace-post-install.yaml.patch @@ -1,7 +1,13 @@ --- charts-original/templates/namespace-post-install.yaml +++ charts/templates/namespace-post-install.yaml -@@ -30,7 +30,7 @@ - kubernetes.io/os: linux +@@ -26,11 +26,11 @@ + {{- .Values.postInstall.labelNamespace.image.pullSecrets | toYaml | nindent 12 }} + {{- end }} + serviceAccount: gatekeeper-update-namespace-label +- nodeSelector: +- kubernetes.io/os: linux ++ nodeSelector: {{ include "linux-node-selector" . | nindent 8 }} ++ tolerations: {{ include "linux-node-tolerations" . | nindent 8 }} containers: - name: kubectl-label - image: "{{ .Values.postInstall.labelNamespace.image.repository }}:{{ .Values.postInstall.labelNamespace.image.tag }}" diff --git a/packages/rancher-gatekeeper/generated-changes/patch/templates/upgrade-crds-hook.yaml.patch b/packages/rancher-gatekeeper/generated-changes/patch/templates/upgrade-crds-hook.yaml.patch index 2f2ccf2dc..fdaf30866 100644 --- a/packages/rancher-gatekeeper/generated-changes/patch/templates/upgrade-crds-hook.yaml.patch +++ b/packages/rancher-gatekeeper/generated-changes/patch/templates/upgrade-crds-hook.yaml.patch @@ -19,3 +19,13 @@ args: - apply - -f +@@ -98,7 +98,6 @@ + runAsGroup: 65532 + runAsNonRoot: true + runAsUser: 65532 +- nodeSelector: +- kubernetes.io/os: linux +- ++ nodeSelector: {{ include "linux-node-selector" . | nindent 8 }} ++ tolerations: {{ include "linux-node-tolerations" . | nindent 8 }} + {{- end }} diff --git a/packages/rancher-gatekeeper/generated-changes/patch/values.yaml.patch b/packages/rancher-gatekeeper/generated-changes/patch/values.yaml.patch index f598f463f..d575342de 100644 --- a/packages/rancher-gatekeeper/generated-changes/patch/values.yaml.patch +++ b/packages/rancher-gatekeeper/generated-changes/patch/values.yaml.patch @@ -31,6 +31,24 @@ pullPolicy: IfNotPresent pullSecrets: [] podAnnotations: +@@ -59,7 +62,7 @@ + topologyKey: kubernetes.io/hostname + weight: 100 + tolerations: [] +- nodeSelector: { kubernetes.io/os: linux } ++ nodeSelector: {} + resources: + limits: + cpu: 1000m +@@ -75,7 +78,7 @@ + priorityClassName: system-cluster-critical + affinity: {} + tolerations: [] +- nodeSelector: { kubernetes.io/os: linux } ++ nodeSelector: {} + writeToRAMDisk: false + resources: + limits: @@ -89,6 +92,12 @@ pdb: controllerManager: diff --git a/packages/rancher-gatekeeper/package.yaml b/packages/rancher-gatekeeper/package.yaml index 337f72d01..bf18d743c 100644 --- a/packages/rancher-gatekeeper/package.yaml +++ b/packages/rancher-gatekeeper/package.yaml @@ -1,5 +1,5 @@ url: https://open-policy-agent.github.io/gatekeeper/charts/gatekeeper-3.7.1.tgz -version: 100.1.0 +version: 100.1.1 additionalCharts: - workingDir: charts-crd crdOptions: diff --git a/packages/rancher-gatekeeper/templates/crd-template/templates/jobs.yaml b/packages/rancher-gatekeeper/templates/crd-template/templates/jobs.yaml index 709005fd9..671d11f8c 100644 --- a/packages/rancher-gatekeeper/templates/crd-template/templates/jobs.yaml +++ b/packages/rancher-gatekeeper/templates/crd-template/templates/jobs.yaml @@ -16,6 +16,14 @@ spec: app: {{ .Chart.Name }} spec: serviceAccountName: {{ .Chart.Name }}-manager + nodeSelector: {{ include "linux-node-selector" . | nindent 8 }} +{{- if .Values.nodeSelector }} +{{ toYaml .Values.nodeSelector | indent 8 }} +{{- end }} + tolerations: {{ include "linux-node-tolerations" . | nindent 8 }} +{{- if .Values.tolerations }} +{{ toYaml .Values.tolerations | indent 8 }} +{{- end }} securityContext: runAsNonRoot: true runAsUser: 1000 @@ -56,6 +64,14 @@ spec: app: {{ .Chart.Name }} spec: serviceAccountName: {{ .Chart.Name }}-manager + nodeSelector: {{ include "linux-node-selector" . | nindent 8 }} +{{- if .Values.nodeSelector }} +{{ toYaml .Values.nodeSelector | indent 8 }} +{{- end }} + tolerations: {{ include "linux-node-tolerations" . | nindent 8 }} +{{- if .Values.tolerations }} +{{ toYaml .Values.tolerations | indent 8 }} +{{- end }} securityContext: runAsNonRoot: true runAsUser: 1000 diff --git a/release.yaml b/release.yaml index e8d8daced..ea700b6a2 100644 --- a/release.yaml +++ b/release.yaml @@ -11,4 +11,8 @@ rancher-vsphere-cpi: rancher-webhook: - 1.0.5+up0.2.6-rc3 system-upgrade-controller: -- 100.0.3+up0.3.2 \ No newline at end of file +- 100.0.3+up0.3.2 +rancher-gatekeeper: +- 100.1.1+up3.7.1 +rancher-gatekeeper-crd: +- 100.1.1+up3.7.1