diff --git a/.github/workflows/svcaplbot-run-dyff.yml b/.github/workflows/svcaplbot-run-dyff.yml index 6fb32fbfef..4486535ed5 100644 --- a/.github/workflows/svcaplbot-run-dyff.yml +++ b/.github/workflows/svcaplbot-run-dyff.yml @@ -5,10 +5,13 @@ on: pull_request: types: [opened, synchronize, reopened, ready_for_review] paths: - - "charts/**" - - "values/**" - - "tests/fixtures/**" - - "helmfile.d/**" + - '.github/workflows/svcaplbot-run-dyff.yml' + - 'bin/dyff.sh' + - 'bin/compare.sh' + - 'charts/**' + - 'values/**' + - 'tests/fixtures/**' + - 'helmfile.d/**' permissions: contents: read @@ -80,7 +83,7 @@ jobs: - name: Install Helm and Helmfile uses: helmfile/helmfile-action@v2.4.0 with: - helmfile-args: version # In this step, we only want these tools to be installed + helmfile-args: version # In this step, we only want these tools to be installed helm-plugins: > https://github.com/databus23/helm-diff, https://github.com/jkroepke/helm-secrets diff --git a/bin/dyff.sh b/bin/dyff.sh index edfbd48244..198dfeb9c7 100755 --- a/bin/dyff.sh +++ b/bin/dyff.sh @@ -32,24 +32,72 @@ elif [ -z "$targetDirB" ]; then exit 1 fi +targetDirA=${targetDirA%/} +targetDirB=${targetDirB%/} + +to_relative_path() { + local full_path=$1 + local base_path=$2 + local rel + + if [[ "$full_path" == "$base_path" ]]; then + printf '%s' "." + return + elif [[ "$full_path" == "$base_path/"* ]]; then + rel="${full_path#"$base_path/"}" + else + rel="$full_path" + fi + + # Strip the first directory component + printf '%s' "${rel#*/}" +} + +join_relative_path() { + local dir_path=$1 + local file_name=$2 + + if [[ "$dir_path" == "." ]]; then + printf '%s' "$file_name" + else + printf '%s' "$dir_path/$file_name" + fi +} + +print_comment() { + echo "# $*" +} + set +e diff_output=$(diff -q -r "$targetDirA" "$targetDirB") set -e -# Process each line of diff output - +# Process each line of diff output. echo "$diff_output" | while read -r line; do - # Check if the line indicates a difference - if [[ $line == *" and "* ]]; then - # Extract the paths using cut - first_path=$(echo $line | cut -d' ' -f2) - second_path=$(echo $line | cut -d' ' -f4) + # diff -q -r emits: "Files and differ" + if [[ $line =~ ^Files[[:space:]]+(.+)[[:space:]]+and[[:space:]]+(.+)[[:space:]]+differ$ ]]; then + # Capture regexp groups from the abouve pattern to get the full paths of the differing files + first_path="${BASH_REMATCH[1]}" + second_path="${BASH_REMATCH[2]}" + relative_first_path=$(to_relative_path "$first_path" "$targetDirA") + relative_second_path=$(to_relative_path "$second_path" "$targetDirB") + + [ ! -f "$second_path" ] && print_comment "New file added: $relative_first_path" && continue + [ ! -f "$first_path" ] && print_comment "Old file deleted: $relative_second_path" && continue - [ ! -f $second_path ] && echo "New file added: $first_path" && continue - [ ! -f $first_path ] && echo "Old file deleted: $second_path" && continue + print_comment "$relative_first_path" - # Use dyff to compare the files dyff between "$second_path" "$first_path" --omit-header \ --exclude "data.tls.key" --exclude "/data/ca.crt" --exclude "/data/tls.crt" --exclude "/data/tls.key" \ --exclude-regexp "/checksum" --exclude-regexp "/webhooks.*" --ignore-order-changes "${miscArgs[@]}" + elif [[ $line =~ ^Only[[:space:]]+in[[:space:]]+(.+):[[:space:]]+(.+)$ ]]; then + only_in_dir="${BASH_REMATCH[1]}" + only_in_file="${BASH_REMATCH[2]}" + if [[ "$only_in_dir" == "$targetDirA"* ]]; then + print_comment "New file added: $(join_relative_path "$(to_relative_path "$only_in_dir" "$targetDirA")" "$only_in_file")" + elif [[ "$only_in_dir" == "$targetDirB"* ]]; then + print_comment "Old file deleted: $(join_relative_path "$(to_relative_path "$only_in_dir" "$targetDirB")" "$only_in_file")" + else + print_comment "$line" + fi fi done diff --git a/charts/tekton-triggers/templates/interceptor/deployment.yaml b/charts/tekton-triggers/templates/interceptor/deployment.yaml index 83d125f77d..b324cc0714 100644 --- a/charts/tekton-triggers/templates/interceptor/deployment.yaml +++ b/charts/tekton-triggers/templates/interceptor/deployment.yaml @@ -33,6 +33,10 @@ spec: version: "v0.25.0" spec: serviceAccountName: tekton-triggers-core-interceptors + {{- with .Values.interceptors.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} containers: - name: tekton-triggers-core-interceptors image: {{ .Values.interceptors.image.repository }}:{{ .Values.interceptors.image.tag }} diff --git a/charts/tekton-triggers/templates/release/deployments.yaml b/charts/tekton-triggers/templates/release/deployments.yaml index 4fbe969c57..2486702687 100644 --- a/charts/tekton-triggers/templates/release/deployments.yaml +++ b/charts/tekton-triggers/templates/release/deployments.yaml @@ -33,6 +33,10 @@ spec: version: "v0.25.0" spec: serviceAccountName: tekton-triggers-controller + {{- with .Values.controller.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} containers: - name: tekton-triggers-controller image: {{ .Values.controller.image.repository }}:{{ .Values.controller.image.tag }} @@ -102,6 +106,10 @@ spec: version: "v0.25.0" spec: serviceAccountName: tekton-triggers-webhook + {{- with .Values.webhook.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} containers: - name: webhook # This is the Go import path for the binary that is containerized diff --git a/charts/tekton-triggers/values.yaml b/charts/tekton-triggers/values.yaml index b84d9ef212..c9dfa54cca 100644 --- a/charts/tekton-triggers/values.yaml +++ b/charts/tekton-triggers/values.yaml @@ -3,18 +3,21 @@ interceptors: resources: {} + nodeSelector: {} image: repository: "ghcr.io/tektoncd/github.com/tektoncd/triggers/cmd/interceptors" tag: "v0.25.0" controller: resources: {} + nodeSelector: {} image: repository: "ghcr.io/tektoncd/github.com/tektoncd/triggers/cmd/controller" tag: "v0.25.0" webhook: resources: {} + nodeSelector: {} image: repository: "ghcr.io/tektoncd/github.com/tektoncd/triggers/cmd/webhook" tag: "v0.25.0" diff --git a/helmfile.d/snippets/defaults.yaml b/helmfile.d/snippets/defaults.yaml index 3391ceb7a6..0428eebb31 100644 --- a/helmfile.d/snippets/defaults.yaml +++ b/helmfile.d/snippets/defaults.yaml @@ -1184,7 +1184,8 @@ environments: hasExternalDNS: false hasExternalIDP: false isMultitenant: true - nodeSelector: {} + nodeSelector: + kubernetes.io/os: linux isPreInstalled: false useORCS: true aiEnabled: false diff --git a/values/apl-gitea-operator/apl-gitea-operator.gotmpl b/values/apl-gitea-operator/apl-gitea-operator.gotmpl index a4b10368b3..a344e0c29e 100644 --- a/values/apl-gitea-operator/apl-gitea-operator.gotmpl +++ b/values/apl-gitea-operator/apl-gitea-operator.gotmpl @@ -21,3 +21,5 @@ env: GITEA_URL_PORT: '3000' GITEA_OPERATOR_NAMESPACE: apl-gitea-operator GITEA_USERNAME: {{ $v.otomi.git.username }} + +nodeSelector: {{- toYaml .Values.otomi.nodeSelector | nindent 2 }} diff --git a/values/apl-harbor-operator/apl-harbor-operator.gotmpl b/values/apl-harbor-operator/apl-harbor-operator.gotmpl index 60b951ece3..84607dbe11 100644 --- a/values/apl-harbor-operator/apl-harbor-operator.gotmpl +++ b/values/apl-harbor-operator/apl-harbor-operator.gotmpl @@ -29,3 +29,5 @@ env: HARBOR_BASE_URL_PORT: '80' HARBOR_OPERATOR_NAMESPACE: apl-harbor-operator HARBOR_SYSTEM_NAMESPACE: harbor + +nodeSelector: {{- toYaml .Values.otomi.nodeSelector | nindent 2 }} diff --git a/values/apl-keycloak-operator/apl-keycloak-operator.gotmpl b/values/apl-keycloak-operator/apl-keycloak-operator.gotmpl index e172f31bca..e7dc5b3f64 100644 --- a/values/apl-keycloak-operator/apl-keycloak-operator.gotmpl +++ b/values/apl-keycloak-operator/apl-keycloak-operator.gotmpl @@ -29,3 +29,5 @@ script: | {{- end }} resources: {{- toYaml $o.resources.operator | nindent 2 }} + +nodeSelector: {{- toYaml .Values.otomi.nodeSelector | nindent 2 }} diff --git a/values/apl-operator/apl-operator.gotmpl b/values/apl-operator/apl-operator.gotmpl index d3bc151b2a..f06f94ee6d 100644 --- a/values/apl-operator/apl-operator.gotmpl +++ b/values/apl-operator/apl-operator.gotmpl @@ -27,3 +27,5 @@ git: repoUrl: {{ $v.otomi.git.repoUrl | quote }} branch: {{ $v.otomi.git.branch | quote }} + +nodeSelector: {{- toYaml .Values.otomi.nodeSelector | nindent 2 }} diff --git a/values/argocd-image-updater/argocd-image-updater.gotmpl b/values/argocd-image-updater/argocd-image-updater.gotmpl index 92317bc82b..8850bbed58 100644 --- a/values/argocd-image-updater/argocd-image-updater.gotmpl +++ b/values/argocd-image-updater/argocd-image-updater.gotmpl @@ -11,3 +11,5 @@ resources: {{ $a.resources.imageUpdater | toYaml | nindent 2 }} config: git.commit-message-template: "build: automatic update of {{`{{ .AppName }}`}} [ci skip]" + +nodeSelector: {{- toYaml .Values.otomi.nodeSelector | nindent 2 }} diff --git a/values/argocd/argocd.gotmpl b/values/argocd/argocd.gotmpl index eafbd91873..6b70d7f4ca 100644 --- a/values/argocd/argocd.gotmpl +++ b/values/argocd/argocd.gotmpl @@ -9,12 +9,7 @@ global: repository: "{{- $v.otomi.linodeLkeImageRepository }}/quay/argoproj/argocd" {{- end }} domain: {{ $hostname }} - {{- with $v.otomi | get "nodeSelector" nil }} - nodeSelector: - {{- range $key, $val := . }} - {{ $key }}: {{ $val }} - {{- end }} - {{- end }} + nodeSelector: {{- toYaml $v.otomi.nodeSelector | nindent 4 }} # ApplicationSet Controller applicationSet: replicas: {{ $a.applicationSet.replicas }} diff --git a/values/cert-manager-webhook-linode/cert-manager-webhook-linode.gotmpl b/values/cert-manager-webhook-linode/cert-manager-webhook-linode.gotmpl index b494d143a7..fa9135973e 100644 --- a/values/cert-manager-webhook-linode/cert-manager-webhook-linode.gotmpl +++ b/values/cert-manager-webhook-linode/cert-manager-webhook-linode.gotmpl @@ -7,4 +7,5 @@ resources: memory: 64Mi deployment: secretName: external-dns - secretKey: secret \ No newline at end of file + secretKey: secret +nodeSelector: {{- toYaml .Values.otomi.nodeSelector | nindent 2 }} diff --git a/values/cert-manager/cert-manager.gotmpl b/values/cert-manager/cert-manager.gotmpl index 7efd126f3d..972c4a9f35 100644 --- a/values/cert-manager/cert-manager.gotmpl +++ b/values/cert-manager/cert-manager.gotmpl @@ -54,3 +54,5 @@ acmesolver: config: enableGatewayAPI: true + +nodeSelector: {{- toYaml .Values.otomi.nodeSelector | nindent 2 }} diff --git a/values/cloudnative-pg-plugin-barman-cloud/cloudnative-pg-plugin-barman-cloud.gotmpl b/values/cloudnative-pg-plugin-barman-cloud/cloudnative-pg-plugin-barman-cloud.gotmpl index 883a86568c..dbfd8755f9 100644 --- a/values/cloudnative-pg-plugin-barman-cloud/cloudnative-pg-plugin-barman-cloud.gotmpl +++ b/values/cloudnative-pg-plugin-barman-cloud/cloudnative-pg-plugin-barman-cloud.gotmpl @@ -14,3 +14,5 @@ sidecarImage: priorityClassName: "otomi-critical" resources: {{- $cnpg.barmanPluginResources | toYaml | nindent 2 }} + +nodeSelector: {{- toYaml .Values.otomi.nodeSelector | nindent 2 }} diff --git a/values/cloudnative-pg/cloudnative-pg.gotmpl b/values/cloudnative-pg/cloudnative-pg.gotmpl index 7f56d69291..6ab00cbe45 100644 --- a/values/cloudnative-pg/cloudnative-pg.gotmpl +++ b/values/cloudnative-pg/cloudnative-pg.gotmpl @@ -14,4 +14,5 @@ priorityClassName: "otomi-critical" {{- if $v.otomi.linodeLkeImageRepository }} image: repository: "{{- $v.otomi.linodeLkeImageRepository }}/ghcr/cloudnative-pg/cloudnative-pg" -{{- end }} \ No newline at end of file +{{- end }} +nodeSelector: {{- toYaml .Values.otomi.nodeSelector | nindent 2 }} diff --git a/values/external-dns/external-dns.gotmpl b/values/external-dns/external-dns.gotmpl index faa85e2f0f..e44336fe65 100644 --- a/values/external-dns/external-dns.gotmpl +++ b/values/external-dns/external-dns.gotmpl @@ -222,3 +222,5 @@ provider: {{ .name }} deploymentStrategy: type: RollingUpdate + +nodeSelector: {{- toYaml .Values.otomi.nodeSelector | nindent 2 }} diff --git a/values/gitea/gitea-valkey.gotmpl b/values/gitea/gitea-valkey.gotmpl index cbbe100975..935e07331d 100644 --- a/values/gitea/gitea-valkey.gotmpl +++ b/values/gitea/gitea-valkey.gotmpl @@ -19,3 +19,8 @@ auth: password: changeme architecture: standalone + +primary: + nodeSelector: {{- toYaml $v.otomi.nodeSelector | nindent 4 }} +replica: + nodeSelector: {{- toYaml $v.otomi.nodeSelector | nindent 4 }} diff --git a/values/gitea/gitea.gotmpl b/values/gitea/gitea.gotmpl index a77a4ebeea..96287b2334 100644 --- a/values/gitea/gitea.gotmpl +++ b/values/gitea/gitea.gotmpl @@ -255,3 +255,5 @@ extraDeploy: type: PathPrefix value: / - {{ tpl (readFile "../../helmfile.d/snippets/serviceentry.gotmpl") (dict "name" "gitea" "host" $giteaDomain) | nindent 4 }} + +nodeSelector: {{- toYaml .Values.otomi.nodeSelector | nindent 2 }} diff --git a/values/harbor/harbor.gotmpl b/values/harbor/harbor.gotmpl index a623af0823..ed60af19bf 100644 --- a/values/harbor/harbor.gotmpl +++ b/values/harbor/harbor.gotmpl @@ -19,6 +19,7 @@ updateStrategy: core: secretName: harbor-token-service-ca priorityClassName: otomi-critical + nodeSelector: {{- toYaml $v.otomi.nodeSelector | nindent 4 }} {{- if $v.otomi.linodeLkeImageRepository }} image: repository: "{{- $v.otomi.linodeLkeImageRepository }}/docker/goharbor/harbor-core" @@ -42,6 +43,7 @@ database: exporter: priorityClassName: otomi-critical + nodeSelector: {{- toYaml $v.otomi.nodeSelector | nindent 4 }} {{- if $v.otomi.linodeLkeImageRepository }} image: repository: "{{- $v.otomi.linodeLkeImageRepository }}/docker/goharbor/harbor-exporter" @@ -63,6 +65,7 @@ expose: jobservice: priorityClassName: otomi-critical + nodeSelector: {{- toYaml $v.otomi.nodeSelector | nindent 4 }} {{- if $v.otomi.linodeLkeImageRepository }} image: repository: "{{- $v.otomi.linodeLkeImageRepository }}/docker/goharbor/harbor-jobservice" @@ -80,6 +83,7 @@ metrics: prometheus: system nginx: + nodeSelector: {{- toYaml $v.otomi.nodeSelector | nindent 4 }} resources: {{- $h.resources.nginx | toYaml | nindent 4 }} {{- if $v.otomi.linodeLkeImageRepository }} image: @@ -148,6 +152,7 @@ persistence: portal: priorityClassName: otomi-critical + nodeSelector: {{- toYaml $v.otomi.nodeSelector | nindent 4 }} {{- if $v.otomi.linodeLkeImageRepository }} image: repository: "{{- $v.otomi.linodeLkeImageRepository }}/docker/goharbor/harbor-portal" @@ -160,6 +165,7 @@ portal: redis: internal: priorityClassName: otomi-critical + nodeSelector: {{- toYaml $v.otomi.nodeSelector | nindent 6 }} {{- if $v.otomi.linodeLkeImageRepository }} image: repository: "{{- $v.otomi.linodeLkeImageRepository }}/docker/goharbor/redis-photon" @@ -171,16 +177,18 @@ registry: existingSecret: harbor-registry-http registry: - {{- if $v.otomi.linodeLkeImageRepository }} + nodeSelector: {{- toYaml $v.otomi.nodeSelector | nindent 6 }} + {{- if $v.otomi.linodeLkeImageRepository }} image: repository: "{{- $v.otomi.linodeLkeImageRepository }}/docker/goharbor/registry-photon" - {{- end }} + {{- end }} resources: {{- $h.resources.registry | toYaml | nindent 6 }} controller: - {{- if $v.otomi.linodeLkeImageRepository }} + nodeSelector: {{- toYaml $v.otomi.nodeSelector | nindent 6 }} + {{- if $v.otomi.linodeLkeImageRepository }} image: repository: "{{- $v.otomi.linodeLkeImageRepository }}/docker/goharbor/harbor-registryctl" - {{- end }} + {{- end }} resources: {{- $h.resources.registryController | toYaml | nindent 6 }} relativeurls: false credentials: @@ -189,11 +197,11 @@ registry: trivy: priorityClassName: otomi-critical - - {{- if $v.otomi.linodeLkeImageRepository }} + nodeSelector: {{- toYaml $v.otomi.nodeSelector | nindent 4 }} + {{- if $v.otomi.linodeLkeImageRepository }} image: repository: "{{- $v.otomi.linodeLkeImageRepository }}/docker/goharbor/trivy-adapter-photon" - {{- end }} + {{- end }} resources: {{- $h.resources.trivy | toYaml | nindent 4 }} automountServiceAccountToken: true diff --git a/values/ingress-nginx/ingress-nginx.gotmpl b/values/ingress-nginx/ingress-nginx.gotmpl index 5205f29e09..af1613fc85 100644 --- a/values/ingress-nginx/ingress-nginx.gotmpl +++ b/values/ingress-nginx/ingress-nginx.gotmpl @@ -22,6 +22,8 @@ controller: enabled: false patch: priorityClassName: otomi-critical + nodeSelector: {{- toYaml $v.otomi.nodeSelector | nindent 8 }} + nodeSelector: {{- toYaml $v.otomi.nodeSelector | nindent 4 }} resources: {{- $app.resources.controller | toYaml | nindent 4 }} replicaCount: 2 minAvailable: 1 @@ -102,6 +104,7 @@ defaultBackend: enabled: true useComponentLabel: true priorityClassName: otomi-critical + nodeSelector: {{- toYaml $v.otomi.nodeSelector | nindent 4 }} resources: {{- $app.resources.defaultBackend | toYaml | nindent 4 }} service: omitClusterIP: true diff --git a/values/istio-gateway/istio-egressgateway.yaml.gotmpl b/values/istio-gateway/istio-egressgateway.yaml.gotmpl index e9db407211..485c3884ee 100644 --- a/values/istio-gateway/istio-egressgateway.yaml.gotmpl +++ b/values/istio-gateway/istio-egressgateway.yaml.gotmpl @@ -17,6 +17,7 @@ service: type: ClusterIP resources: {{- $i.resources.egressgateway | toYaml | nindent 2 }} +nodeSelector: {{- toYaml $v.otomi.nodeSelector | nindent 2 }} strategy: rollingUpdate: diff --git a/values/istio-gateway/istio-ingressgateway.yaml.gotmpl b/values/istio-gateway/istio-ingressgateway.yaml.gotmpl index 5e13363ddc..53a81fd980 100644 --- a/values/istio-gateway/istio-ingressgateway.yaml.gotmpl +++ b/values/istio-gateway/istio-ingressgateway.yaml.gotmpl @@ -17,6 +17,7 @@ service: type: ClusterIP resources: {{- $i.resources.ingressgateway | toYaml | nindent 2 }} +nodeSelector: {{- toYaml $v.otomi.nodeSelector | nindent 2 }} strategy: rollingUpdate: diff --git a/values/istiod/istiod.gotmpl b/values/istiod/istiod.gotmpl index a83f63c72b..dd70937fe4 100644 --- a/values/istiod/istiod.gotmpl +++ b/values/istiod/istiod.gotmpl @@ -4,6 +4,7 @@ autoscaleMin: {{ $i.autoscaling.pilot.minReplicas }} autoscaleMax: {{ $i.autoscaling.pilot.maxReplicas }} resources: {{- $i.resources.pilot | toYaml | nindent 2 }} +nodeSelector: {{- toYaml $v.otomi.nodeSelector | nindent 2 }} {{- if $v._derived.untrustedCA }} jwksResolverExtraRootCA: | {{- $v._derived.caCertRoot | nindent 2 }} diff --git a/values/keycloak/keycloak.gotmpl b/values/keycloak/keycloak.gotmpl index 3230088364..e085372c60 100644 --- a/values/keycloak/keycloak.gotmpl +++ b/values/keycloak/keycloak.gotmpl @@ -116,3 +116,5 @@ extraEnv: | extraManifests: - {{ tpl (readFile "../../helmfile.d/snippets/serviceentry.gotmpl") (dict "name" "keycloak" "host" $v._derived.keycloakDomain) | nindent 4 }} + +nodeSelector: {{- toYaml .Values.otomi.nodeSelector | nindent 2 }} diff --git a/values/kserve/kserve.gotmpl b/values/kserve/kserve.gotmpl index 0870398aef..fcbb0565b2 100644 --- a/values/kserve/kserve.gotmpl +++ b/values/kserve/kserve.gotmpl @@ -3,6 +3,7 @@ kserve: controller: + nodeSelector: {{- toYaml $v.otomi.nodeSelector | nindent 6 }} rbacProxy: resources: {{- $ks.resources.rbacProxy | toYaml | nindent 8 }} resources: {{- $ks.resources.controller | toYaml | nindent 6 }} diff --git a/values/kyverno/kyverno-raw.gotmpl b/values/kyverno/kyverno-raw.gotmpl index 5b11def04a..9ec143cb27 100644 --- a/values/kyverno/kyverno-raw.gotmpl +++ b/values/kyverno/kyverno-raw.gotmpl @@ -1,66 +1,6 @@ {{- $v := .Values -}} -{{- with $v.otomi | get "nodeSelector" nil }} -resources: - - apiVersion: kyverno.io/v1 - kind: ClusterPolicy - metadata: - name: require-otomi-node-selector - spec: - background: false - rules: - - name: otomi-all-node-selector - match: - any: - - resources: - kinds: - - Pod - namespaces: - - otomi - - harbor - - keycloak - - otel - - grafana - - istio-system - - knative-serving - - knative-operator - - gitea - - gitea-operator - - cert-manager - - tekton-pipelines - - tekton-triggers - - tekton-pipelines-resolvers - - otomi-operator - - maintenance - - external-secrets - - external-dns - - ingress - - cnpg-system - - kyverno - - vault - - trivy-operator - - resources: - kinds: - - Pod - namespaces: - - monitoring - names: - - "prometheus-po-prometheus-*" - - "po-operator-*" - - "prometheus-blackbox-exporter-*" - - "prometheus-operator-kube-state-metrics-*" - - "loki-*" - mutate: - patchStrategicMerge: - spec: - nodeSelector: - {{- range $key, $val := . }} - {{ $key }}: {{ $val }} - {{- end }} -{{- end }} {{- if $v.otomi.linodeLkeImageRepository }} -{{- if not $v.otomi.nodeSelector }} resources: -{{- end }} - apiVersion: kyverno.io/v1 kind: ClusterPolicy metadata: diff --git a/values/kyverno/kyverno.gotmpl b/values/kyverno/kyverno.gotmpl index 6a9ab56eaa..001ae01320 100644 --- a/values/kyverno/kyverno.gotmpl +++ b/values/kyverno/kyverno.gotmpl @@ -43,6 +43,7 @@ admissionController: registry: "{{- $v.otomi.linodeLkeImageRepository }}/ghcr" {{- end }} resources: {{- $kv.resources.admissionController | toYaml | nindent 6 }} + nodeSelector: {{- toYaml $v.otomi.nodeSelector | nindent 4 }} cleanupController: {{- if $v.otomi.linodeLkeImageRepository }} @@ -56,6 +57,7 @@ cleanupController: replicas: 3 {{- end }} resources: {{- $kv.resources.cleanupController | toYaml | nindent 4 }} + nodeSelector: {{- toYaml $v.otomi.nodeSelector | nindent 4 }} backgroundController: {{- if $v.otomi.linodeLkeImageRepository }} @@ -69,6 +71,7 @@ backgroundController: replicas: 2 {{- end }} resources: {{- $kv.resources.backgroundController | toYaml | nindent 4 }} + nodeSelector: {{- toYaml $v.otomi.nodeSelector | nindent 4 }} serviceMonitor: enabled: true additionalLabels: @@ -86,6 +89,7 @@ reportsController: replicas: 2 {{- end }} resources: {{- $kv.resources.reportsController | toYaml | nindent 4 }} + nodeSelector: {{- toYaml $v.otomi.nodeSelector | nindent 4 }} features: logging: diff --git a/values/linode-cfw/linode-cfw.gotmpl b/values/linode-cfw/linode-cfw.gotmpl index 723d3fcb0b..aca5317c56 100644 --- a/values/linode-cfw/linode-cfw.gotmpl +++ b/values/linode-cfw/linode-cfw.gotmpl @@ -16,3 +16,5 @@ firewall: addresses: ipv4: - 192.168.128.0/17 + +nodeSelector: {{- toYaml .Values.otomi.nodeSelector | nindent 2 }} diff --git a/values/loki/loki.gotmpl b/values/loki/loki.gotmpl index 6748eab223..d536fb29f0 100644 --- a/values/loki/loki.gotmpl +++ b/values/loki/loki.gotmpl @@ -195,6 +195,7 @@ gateway: repository: docker/nginxinc/nginx-unprivileged {{- end }} replicas: 1 + nodeSelector: {{- toYaml $v.otomi.nodeSelector | nindent 4 }} resources: {{ $l.resources.gateway | toYaml | nindent 4 }} autoscaling: {{ $l.autoscaling.gateway | toYaml | nindent 4 }} @@ -204,6 +205,7 @@ deploymentMode: Distributed ingester: replicas: 3 maxUnavailable: 1 + nodeSelector: {{- toYaml $v.otomi.nodeSelector | nindent 4 }} resources: {{ $l.resources.ingester | toYaml | nindent 4 }} autoscaling: {{ $l.autoscaling.ingester | toYaml | nindent 4 }} @@ -218,6 +220,7 @@ ingester: querier: replicas: 1 + nodeSelector: {{- toYaml $v.otomi.nodeSelector | nindent 4 }} resources: {{ $l.resources.querier | toYaml | nindent 4 }} {{- if $s3SecretName }} @@ -230,6 +233,7 @@ querier: distributor: replicas: 1 + nodeSelector: {{- toYaml $v.otomi.nodeSelector | nindent 4 }} resources: {{ $l.resources.distributor | toYaml | nindent 4 }} {{- if $s3SecretName }} @@ -242,6 +246,7 @@ distributor: queryFrontend: replicas: 1 + nodeSelector: {{- toYaml $v.otomi.nodeSelector | nindent 4 }} resources: {{ $l.resources.queryFrontend | toYaml | nindent 4 }} autoscaling: {{ $l.autoscaling.queryFrontend | toYaml | nindent 4 }} podAnnotations: @@ -257,6 +262,7 @@ queryFrontend: queryScheduler: replicas: 1 + nodeSelector: {{- toYaml $v.otomi.nodeSelector | nindent 4 }} resources: {{ $l.resources.queryScheduler | toYaml | nindent 4 }} autoscaling: {{ $l.autoscaling.queryScheduler | toYaml | nindent 4 }} @@ -268,6 +274,7 @@ queryScheduler: indexGateway: replicas: 1 + nodeSelector: {{- toYaml $v.otomi.nodeSelector | nindent 4 }} resources: {{ $l.resources.indexGateway | toYaml | nindent 4 }} {{- if $s3SecretName }} @@ -278,6 +285,7 @@ indexGateway: compactor: replicas: 1 + nodeSelector: {{- toYaml $v.otomi.nodeSelector | nindent 4 }} resources: {{ $l.resources.compactor | toYaml | nindent 4 }} {{- if $s3SecretName }} @@ -294,6 +302,7 @@ deploymentMode: SingleBinary singleBinary: replicas: 1 + nodeSelector: {{- toYaml $v.otomi.nodeSelector | nindent 4 }} resources: {{ $l.resources.singleBinary | toYaml | nindent 4 }} diff --git a/values/metrics-server/metrics-server.gotmpl b/values/metrics-server/metrics-server.gotmpl index 82aa80777d..eaf332f953 100644 --- a/values/metrics-server/metrics-server.gotmpl +++ b/values/metrics-server/metrics-server.gotmpl @@ -38,3 +38,5 @@ resources: {{- end }} priorityClassName: otomi-critical + +nodeSelector: {{- toYaml .Values.otomi.nodeSelector | nindent 2 }} diff --git a/values/oauth2-proxy/oauth2-proxy.gotmpl b/values/oauth2-proxy/oauth2-proxy.gotmpl index 96807e4283..8b233dce7c 100644 --- a/values/oauth2-proxy/oauth2-proxy.gotmpl +++ b/values/oauth2-proxy/oauth2-proxy.gotmpl @@ -198,3 +198,5 @@ gatewayApi: extraObjects: - {{ tpl (readFile "../../helmfile.d/snippets/serviceentry.gotmpl") (dict "name" "oauth2-proxy" "host" $v._derived.authDomain) | nindent 4 }} + +nodeSelector: {{- toYaml .Values.otomi.nodeSelector | nindent 2 }} diff --git a/values/otel-operator/otel-operator.gotmpl b/values/otel-operator/otel-operator.gotmpl index e9c88623b7..4b1374d5b9 100644 --- a/values/otel-operator/otel-operator.gotmpl +++ b/values/otel-operator/otel-operator.gotmpl @@ -25,3 +25,5 @@ kubeRBACProxy: image: repository: "{{- $v.otomi.linodeLkeImageRepository }}/quay/brancz/kube-rbac-proxy" {{- end }} + +nodeSelector: {{- toYaml .Values.otomi.nodeSelector | nindent 2 }} diff --git a/values/otomi-api/otomi-api.gotmpl b/values/otomi-api/otomi-api.gotmpl index 9e55fd1635..a37a8bdda0 100644 --- a/values/otomi-api/otomi-api.gotmpl +++ b/values/otomi-api/otomi-api.gotmpl @@ -94,3 +94,5 @@ httpRoute: extraManifests: - {{ tpl (readFile "../../helmfile.d/snippets/authpolicy-oauth2-ext.gotmpl") (dict "prefix" "tty" "gatewayName" $v.ingress.platformClass.className "host" $v._derived.ttyDomain) | nindent 4 }} - {{ tpl (readFile "../../helmfile.d/snippets/serviceentry.gotmpl") (dict "name" "otomi-api" "hosts" (list $v._derived.apiDomain $v._derived.ttyDomain)) | nindent 4 }} + +nodeSelector: {{- toYaml .Values.otomi.nodeSelector | nindent 2 }} diff --git a/values/otomi-console/otomi-console.gotmpl b/values/otomi-console/otomi-console.gotmpl index 89cc393210..4122627351 100644 --- a/values/otomi-console/otomi-console.gotmpl +++ b/values/otomi-console/otomi-console.gotmpl @@ -58,3 +58,5 @@ httpRoute: extraManifests: - {{ tpl (readFile "../../helmfile.d/snippets/authpolicy-oauth2-ext.gotmpl") (dict "prefix" "console" "gatewayName" $v.ingress.platformClass.className "host" $v._derived.consoleDomain) | nindent 4 }} - {{ tpl (readFile "../../helmfile.d/snippets/serviceentry.gotmpl") (dict "name" "otomi-console" "host" $v._derived.consoleDomain) | nindent 4 }} + +nodeSelector: {{- toYaml .Values.otomi.nodeSelector | nindent 2 }} diff --git a/values/otomi-operator/otomi-operator.gotmpl b/values/otomi-operator/otomi-operator.gotmpl index e46eb94b96..9893f67a8c 100644 --- a/values/otomi-operator/otomi-operator.gotmpl +++ b/values/otomi-operator/otomi-operator.gotmpl @@ -15,3 +15,5 @@ imagePullSecrets: {{- end }} resources: {{- toYaml $o.resources.operator | nindent 2 }} + +nodeSelector: {{- toYaml .Values.otomi.nodeSelector | nindent 2 }} diff --git a/values/policy-reporter/policy-reporter.gotmpl b/values/policy-reporter/policy-reporter.gotmpl index d980ffb0d0..3e2d0c9587 100644 --- a/values/policy-reporter/policy-reporter.gotmpl +++ b/values/policy-reporter/policy-reporter.gotmpl @@ -26,3 +26,5 @@ sourceFilters: disableClusterReports: false kinds: exclude: [ReplicaSet] + +nodeSelector: {{- toYaml .Values.otomi.nodeSelector | nindent 2 }} diff --git a/values/prometheus-blackbox-exporter/prometheus-blackbox-exporter.gotmpl b/values/prometheus-blackbox-exporter/prometheus-blackbox-exporter.gotmpl index 8acd72eb16..f835db3530 100644 --- a/values/prometheus-blackbox-exporter/prometheus-blackbox-exporter.gotmpl +++ b/values/prometheus-blackbox-exporter/prometheus-blackbox-exporter.gotmpl @@ -30,3 +30,5 @@ image: pullPolicy: IfNotPresent pspEnabled: false + +nodeSelector: {{- toYaml .Values.otomi.nodeSelector | nindent 2 }} diff --git a/values/prometheus-msteams/prometheus-msteams.gotmpl b/values/prometheus-msteams/prometheus-msteams.gotmpl index d766c25c40..bb6f06193b 100644 --- a/values/prometheus-msteams/prometheus-msteams.gotmpl +++ b/values/prometheus-msteams/prometheus-msteams.gotmpl @@ -27,3 +27,5 @@ resources: requests: cpu: 1m memory: 8Mi + +nodeSelector: {{- toYaml .Values.otomi.nodeSelector | nindent 2 }} diff --git a/values/prometheus-operator/prometheus-operator.gotmpl b/values/prometheus-operator/prometheus-operator.gotmpl index dbf5082bc0..bf87149e87 100644 --- a/values/prometheus-operator/prometheus-operator.gotmpl +++ b/values/prometheus-operator/prometheus-operator.gotmpl @@ -48,6 +48,7 @@ defaultRules: {{- end }} prometheusOperator: resources: {{- $p.resources.prometheusOperator | toYaml | nindent 4 }} + nodeSelector: {{- toYaml $v.otomi.nodeSelector | nindent 4 }} {{- if $v.otomi.linodeLkeImageRepository }} image: registry: "{{- $v.otomi.linodeLkeImageRepository }}/quay" @@ -106,6 +107,7 @@ prometheus: {{- else }} sidecar.istio.io/inject: "true" {{- end }} + nodeSelector: {{- toYaml $v.otomi.nodeSelector | nindent 6 }} resources: {{- $p.resources.prometheus | toYaml | nindent 6 }} # all team alert managers that will get alerts alertingEndpoints: @@ -234,6 +236,7 @@ alertmanager: {{- end }} pullPolicy: {{ $a | get "image.pullPolicy" "IfNotPresent" }} priorityClassName: otomi-critical + nodeSelector: {{- toYaml $v.otomi.nodeSelector | nindent 6 }} resources: {{- $a.resources.alertmanager | toYaml | nindent 6 }} externalUrl: https://{{ $alertmanagerDomain }} config: {{- tpl (readFile "../../helmfile.d/snippets/alertmanager.gotmpl") (dict "instance" $v "root" $v "slackTpl" $slackTpl "opsgenieTpl" $opsgenieTpl) | nindent 4 }} @@ -273,6 +276,7 @@ grafana: {{- end }} pullPolicy: {{ $g | get "image.pullPolicy" "IfNotPresent" }} resources: {{- $g.resources.grafana | toYaml | nindent 4 }} + nodeSelector: {{- toYaml $v.otomi.nodeSelector | nindent 4 }} sidecar: resources: {{- $g.resources.sidecar | toYaml | nindent 6 }} {{- if $v.otomi.linodeLkeImageRepository }} @@ -335,6 +339,7 @@ kubeStateMetrics: enabled: {{ $p.enabled }} kube-state-metrics: + nodeSelector: {{- toYaml $v.otomi.nodeSelector | nindent 4 }} prometheus: monitor: additionalLabels: @@ -357,6 +362,7 @@ nodeExporter: enabled: {{ $p.enabled }} prometheus-node-exporter: + nodeSelector: {{- toYaml $v.otomi.nodeSelector | nindent 4 }} prometheus: monitor: additionalLabels: diff --git a/values/promtail/promtail.gotmpl b/values/promtail/promtail.gotmpl index 9c38c91464..4f25345036 100644 --- a/values/promtail/promtail.gotmpl +++ b/values/promtail/promtail.gotmpl @@ -66,3 +66,5 @@ sidecar: image: registry: "{{ $v.otomi.linodeLkeImageRepository }}/docker" {{- end }} + +nodeSelector: {{- toYaml .Values.otomi.nodeSelector | nindent 2 }} diff --git a/values/rabbitmq/rabbitmq.gotmpl b/values/rabbitmq/rabbitmq.gotmpl index 95d5c6d72d..bdc759e7d7 100644 --- a/values/rabbitmq/rabbitmq.gotmpl +++ b/values/rabbitmq/rabbitmq.gotmpl @@ -12,6 +12,7 @@ clusterOperator: tag: 2.16.1-debian-12-r0 digest: "" resources: {{- $r.resources.clusterOperator | toYaml | nindent 4 }} + nodeSelector: {{- toYaml $v.otomi.nodeSelector | nindent 4 }} watchAllNamespaces: false watchNamespaces: {{- $teamNamespaces | toYaml | nindent 4 }} @@ -22,6 +23,7 @@ msgTopologyOperator: tag: 1.17.4-debian-12-r0 digest: "" resources: {{- $r.resources.msgTopologyOperator | toYaml | nindent 4 }} + nodeSelector: {{- toYaml $v.otomi.nodeSelector | nindent 4 }} watchAllNamespaces: false watchNamespaces: {{- $teamNamespaces | toYaml | nindent 4 }} @@ -45,4 +47,4 @@ global: {{- with $v.otomi | get "globalPullSecret" nil }} imagePullSecrets: - otomi-pullsecret-global -{{- end }} \ No newline at end of file +{{- end }} diff --git a/values/sealed-secrets/sealed-secrets.gotmpl b/values/sealed-secrets/sealed-secrets.gotmpl index c1a0c75d9e..90c34b42d5 100644 --- a/values/sealed-secrets/sealed-secrets.gotmpl +++ b/values/sealed-secrets/sealed-secrets.gotmpl @@ -6,4 +6,5 @@ resources: {{- $app.resources.operator | toYaml | nindent 2 }} {{- if $v.otomi.linodeLkeImageRepository }} image: registry: "{{- $v.otomi.linodeLkeImageRepository }}/docker" -{{- end }} \ No newline at end of file +{{- end }} +nodeSelector: {{- toYaml .Values.otomi.nodeSelector | nindent 2 }} diff --git a/values/tekton-pipelines/tekton-pipelines.gotmpl b/values/tekton-pipelines/tekton-pipelines.gotmpl index bccd880955..ff8d4b9676 100644 --- a/values/tekton-pipelines/tekton-pipelines.gotmpl +++ b/values/tekton-pipelines/tekton-pipelines.gotmpl @@ -8,6 +8,7 @@ namespace: controller: resources: {{- $t.resources.pipelinesController | toYaml | nindent 4 }} + nodeSelector: {{- toYaml $v.otomi.nodeSelector | nindent 4 }} deployment: image: "{{ with $v.otomi.linodeLkeImageRepository }}{{ . }}/ghcr{{ else }}ghcr.io{{ end }}/tektoncd/pipeline/controller-10a3e32792f33651396d02b6855a6e36:v1.3.1@sha256:702fca76e77ef1dc991d72b41fe7af4be00f0e0c84160060a7bdf11cd6a3429f" images: @@ -19,6 +20,7 @@ controller: remoteresolver: resources: {{- $t.resources.pipelinesRemoteresolver | toYaml | nindent 4 }} + nodeSelector: {{- toYaml $v.otomi.nodeSelector | nindent 4 }} deployment: image: "{{ with $v.otomi.linodeLkeImageRepository }}{{ . }}/ghcr{{ else }}ghcr.io{{ end }}/tektoncd/pipeline/resolvers-ff86b24f130c42b88983d3c13993056d:v1.3.1@sha256:625e3314b0036766b71255791dc91cc5243a880b2f1c252f81f494facf8efd61" @@ -29,6 +31,7 @@ events: webhook: resources: {{- $t.resources.pipelinesWebhook | toYaml | nindent 4 }} + nodeSelector: {{- toYaml $v.otomi.nodeSelector | nindent 4 }} deployment: image: "{{ with $v.otomi.linodeLkeImageRepository }}{{ . }}/ghcr{{ else }}ghcr.io{{ end }}/tektoncd/pipeline/webhook-d4749e605405422fd87700164e31b2d1:v1.3.1@sha256:dadeab6bfad0a577b74761e3bc04f9fb3a457b831f9d0cddd2cc4af1699ca42d" diff --git a/values/tekton-triggers/tekton-triggers.gotmpl b/values/tekton-triggers/tekton-triggers.gotmpl index 260ab42db7..79c17d53e1 100644 --- a/values/tekton-triggers/tekton-triggers.gotmpl +++ b/values/tekton-triggers/tekton-triggers.gotmpl @@ -14,10 +14,12 @@ controller: image: repository: "{{- $v.otomi.linodeLkeImageRepository }}/gcr/tekton-releases/github.com/tektoncd/triggers/cmd/controller" {{- end }} + nodeSelector: {{- toYaml .Values.otomi.nodeSelector | nindent 2 }} webhook: resources: {{- $t.resources.triggersWebhook | toYaml | nindent 4 }} {{- if $v.otomi.linodeLkeImageRepository }} image: repository: "{{- $v.otomi.linodeLkeImageRepository }}/gcr/tekton-releases/github.com/tektoncd/triggers/cmd/webhook" - {{- end }} \ No newline at end of file + {{- end }} + nodeSelector: {{- toYaml .Values.otomi.nodeSelector | nindent 2 }} diff --git a/values/trivy-operator/trivy-operator.gotmpl b/values/trivy-operator/trivy-operator.gotmpl index 9516bede58..d1f8c0d461 100644 --- a/values/trivy-operator/trivy-operator.gotmpl +++ b/values/trivy-operator/trivy-operator.gotmpl @@ -40,3 +40,5 @@ podSecurityContext: resources: {{- $t.resources.operator | toYaml | nindent 2 }} + +nodeSelector: {{- toYaml .Values.otomi.nodeSelector | nindent 2 }}