feat: suport native nodeSelector

.github/workflows/svcaplbot-run-dyff.yml

@@ -5,10 +5,13 @@ on:
   pull_request:
     types: [opened, synchronize, reopened, ready_for_review]
     paths:
-      - "charts/**"
-      - "values/**"
-      - "tests/fixtures/**"
-      - "helmfile.d/**"
+      - '.github/workflows/svcaplbot-run-dyff.yml'
+      - 'bin/dyff.sh'
+      - 'bin/compare.sh'
+      - 'charts/**'
+      - 'values/**'
+      - 'tests/fixtures/**'
+      - 'helmfile.d/**'
 
 permissions:
   contents: read
@@ -80,7 +83,7 @@ jobs:
       - name: Install Helm and Helmfile
         uses: helmfile/helmfile-action@v2.3.1
         with:
-          helmfile-args: version  # In this step, we only want these tools to be installed
+          helmfile-args: version # In this step, we only want these tools to be installed
           helm-plugins: >
             https://github.com/databus23/helm-diff,
             https://github.com/jkroepke/helm-secrets

bin/dyff.sh

@@ -32,24 +32,72 @@ elif [ -z "$targetDirB" ]; then
   exit 1
 fi
 
+targetDirA=${targetDirA%/}
+targetDirB=${targetDirB%/}
+
+to_relative_path() {
+  local full_path=$1
+  local base_path=$2
+  local rel
+
+  if [[ "$full_path" == "$base_path" ]]; then
+    printf '%s' "."
+    return
+  elif [[ "$full_path" == "$base_path/"* ]]; then
+    rel="${full_path#"$base_path/"}"
+  else
+    rel="$full_path"
+  fi
+
+  # Strip the first directory component
+  printf '%s' "${rel#*/}"
+}
+
+join_relative_path() {
+  local dir_path=$1
+  local file_name=$2
+
+  if [[ "$dir_path" == "." ]]; then
+    printf '%s' "$file_name"
+  else
+    printf '%s' "$dir_path/$file_name"
+  fi
+}
+
+print_comment() {
+  echo "# $*"
+}
+
 set +e
 diff_output=$(diff -q -r "$targetDirA" "$targetDirB")
 set -e
-# Process each line of diff output
-
+# Process each line of diff output.
 echo "$diff_output" | while read -r line; do
-  # Check if the line indicates a difference
-  if [[ $line == *" and "* ]]; then
-    # Extract the paths using cut
-    first_path=$(echo $line | cut -d' ' -f2)
-    second_path=$(echo $line | cut -d' ' -f4)
+  # diff -q -r emits: "Files <pathA> and <pathB> differ"
+  if [[ $line =~ ^Files[[:space:]]+(.+)[[:space:]]+and[[:space:]]+(.+)[[:space:]]+differ$ ]]; then
+    # Capture regexp groups from the abouve pattern to get the full paths of the differing files
+    first_path="${BASH_REMATCH[1]}"
+    second_path="${BASH_REMATCH[2]}"
+    relative_first_path=$(to_relative_path "$first_path" "$targetDirA")
+    relative_second_path=$(to_relative_path "$second_path" "$targetDirB")
+
+    [ ! -f "$second_path" ] && print_comment "New file added: $relative_first_path" && continue
+    [ ! -f "$first_path" ] && print_comment "Old file deleted: $relative_second_path" && continue
 
-    [ ! -f $second_path ] && echo "New file added: $first_path" && continue
-    [ ! -f $first_path ] && echo "Old file deleted: $second_path" && continue
+    print_comment "$relative_first_path"
 
-    # Use dyff to compare the files
     dyff between "$second_path" "$first_path" --omit-header \
       --exclude "data.tls.key" --exclude "/data/ca.crt" --exclude "/data/tls.crt" --exclude "/data/tls.key" \
       --exclude-regexp "/checksum" --exclude-regexp "/webhooks.*" --ignore-order-changes "${miscArgs[@]}"
+  elif [[ $line =~ ^Only[[:space:]]+in[[:space:]]+(.+):[[:space:]]+(.+)$ ]]; then
+    only_in_dir="${BASH_REMATCH[1]}"
+    only_in_file="${BASH_REMATCH[2]}"
+    if [[ "$only_in_dir" == "$targetDirA"* ]]; then
+      print_comment "New file added: $(join_relative_path "$(to_relative_path "$only_in_dir" "$targetDirA")" "$only_in_file")"
+    elif [[ "$only_in_dir" == "$targetDirB"* ]]; then
+      print_comment "Old file deleted: $(join_relative_path "$(to_relative_path "$only_in_dir" "$targetDirB")" "$only_in_file")"
+    else
+      print_comment "$line"
+    fi
   fi
 done

helmfile.d/snippets/defaults.yaml

@@ -1183,7 +1183,8 @@ environments:
           hasExternalDNS: false
           hasExternalIDP: false
           isMultitenant: true
-          nodeSelector: {}
+          nodeSelector:
+            kubernetes.io/os: linux
           isPreInstalled: false
           useORCS: true
           aiEnabled: false

values/apl-gitea-operator/apl-gitea-operator.gotmpl

@@ -21,3 +21,5 @@ env:
   GITEA_URL_PORT: '3000'
   GITEA_OPERATOR_NAMESPACE: apl-gitea-operator
   GITEA_USERNAME: {{ $v.otomi.git.username }}
+
+nodeSelector: {{- toYaml .Values.otomi.nodeSelector | nindent 2 }}

values/apl-harbor-operator/apl-harbor-operator.gotmpl

@@ -22,3 +22,5 @@ env:
   HARBOR_BASE_URL_PORT: '80'
   HARBOR_OPERATOR_NAMESPACE: apl-harbor-operator
   HARBOR_SYSTEM_NAMESPACE: harbor
+
+nodeSelector: {{- toYaml .Values.otomi.nodeSelector | nindent 2 }}

values/apl-keycloak-operator/apl-keycloak-operator.gotmpl

@@ -29,3 +29,5 @@ script: |
   {{- end }}
 
 resources: {{- toYaml $o.resources.operator | nindent 2 }}
+
+nodeSelector: {{- toYaml .Values.otomi.nodeSelector | nindent 2 }}

values/apl-operator/apl-operator.gotmpl

@@ -27,3 +27,5 @@ git:
   repoUrl: {{ $v.otomi.git.repoUrl | quote }}
   branch: {{ $v.otomi.git.branch | quote }}
 
+
+nodeSelector: {{- toYaml .Values.otomi.nodeSelector | nindent 2 }}

values/argocd-image-updater/argocd-image-updater.gotmpl

@@ -11,3 +11,5 @@ resources: {{ $a.resources.imageUpdater | toYaml | nindent 2 }}
 
 config:
   git.commit-message-template: "build: automatic update of {{`{{ .AppName }}`}} [ci skip]"
+
+nodeSelector: {{- toYaml .Values.otomi.nodeSelector | nindent 2 }}

values/argocd/argocd.gotmpl

@@ -9,12 +9,7 @@ global:
     repository: "{{- $v.otomi.linodeLkeImageRepository }}/quay/argoproj/argocd"
   {{- end }}
   domain: {{ $hostname }}
-  {{- with $v.otomi | get "nodeSelector" nil }}
-  nodeSelector:
-    {{- range $key, $val := . }}
-    {{ $key }}: {{ $val }}
-    {{- end }}
-  {{- end }}
+  nodeSelector: {{- toYaml $v.otomi.nodeSelector | nindent 4 }}
 # ApplicationSet Controller
 applicationSet:
   replicas: {{ $a.applicationSet.replicas }}

values/cert-manager-webhook-linode/cert-manager-webhook-linode.gotmpl

@@ -7,4 +7,5 @@ resources:
         memory: 64Mi
 deployment:
   secretName: external-dns
-  secretKey: secret
+  secretKey: secret
+nodeSelector: {{- toYaml .Values.otomi.nodeSelector | nindent 2 }}

values/cert-manager/cert-manager.gotmpl

@@ -54,3 +54,5 @@ acmesolver:
 
 config:
   enableGatewayAPI: true
+
+nodeSelector: {{- toYaml .Values.otomi.nodeSelector | nindent 2 }}

values/cloudnative-pg-plugin-barman-cloud/cloudnative-pg-plugin-barman-cloud.gotmpl

@@ -14,3 +14,5 @@ sidecarImage:
 priorityClassName: "otomi-critical"
 
 resources: {{- $cnpg.barmanPluginResources | toYaml | nindent 2 }}
+
+nodeSelector: {{- toYaml .Values.otomi.nodeSelector | nindent 2 }}

values/cloudnative-pg/cloudnative-pg.gotmpl

@@ -14,4 +14,5 @@ priorityClassName: "otomi-critical"
 {{- if $v.otomi.linodeLkeImageRepository }}
 image:
   repository: "{{- $v.otomi.linodeLkeImageRepository }}/ghcr/cloudnative-pg/cloudnative-pg"
-{{- end }}
+{{- end }}
+nodeSelector: {{- toYaml .Values.otomi.nodeSelector | nindent 2 }}

values/external-dns/external-dns.gotmpl

@@ -222,3 +222,5 @@ provider: {{ .name }}
 
 deploymentStrategy:
   type: RollingUpdate
+
+nodeSelector: {{- toYaml .Values.otomi.nodeSelector | nindent 2 }}

values/gitea/gitea-valkey.gotmpl

@@ -18,3 +18,8 @@ auth:
   password: changeme
 
 architecture: standalone
+
+primary:
+  nodeSelector: {{- toYaml $v.otomi.nodeSelector | nindent 4 }}
+replica:
+  nodeSelector: {{- toYaml $v.otomi.nodeSelector | nindent 4 }}

values/gitea/gitea.gotmpl

@@ -255,3 +255,5 @@ extraDeploy:
                 type: PathPrefix
                 value: /
   - {{ tpl (readFile "../../helmfile.d/snippets/serviceentry.gotmpl") (dict "name" "gitea" "host" $giteaDomain) | nindent 4 }}
+
+nodeSelector: {{- toYaml .Values.otomi.nodeSelector | nindent 2 }}

values/harbor/harbor.gotmpl

@@ -19,6 +19,7 @@ updateStrategy:
 core:
   secretName: harbor-token-service-ca
   priorityClassName: otomi-critical
+  nodeSelector: {{- toYaml $v.otomi.nodeSelector | nindent 4 }}
     {{- if $v.otomi.linodeLkeImageRepository }}
   image:
     repository: "{{- $v.otomi.linodeLkeImageRepository }}/docker/goharbor/harbor-core"
@@ -42,6 +43,7 @@ database:
 
 exporter:
   priorityClassName: otomi-critical
+  nodeSelector: {{- toYaml $v.otomi.nodeSelector | nindent 4 }}
     {{- if $v.otomi.linodeLkeImageRepository }}
   image:
     repository: "{{- $v.otomi.linodeLkeImageRepository }}/docker/goharbor/harbor-exporter"
@@ -63,6 +65,7 @@ expose:
 
 jobservice:
   priorityClassName: otomi-critical
+  nodeSelector: {{- toYaml $v.otomi.nodeSelector | nindent 4 }}
     {{- if $v.otomi.linodeLkeImageRepository }}
   image:
     repository: "{{- $v.otomi.linodeLkeImageRepository }}/docker/goharbor/harbor-jobservice"
@@ -80,6 +83,7 @@ metrics:
       prometheus: system
 
 nginx:
+  nodeSelector: {{- toYaml $v.otomi.nodeSelector | nindent 4 }}
   resources: {{- $h.resources.nginx | toYaml | nindent 4 }}
     {{- if $v.otomi.linodeLkeImageRepository }}
   image:
@@ -148,6 +152,7 @@ persistence:
 
 portal:
   priorityClassName: otomi-critical
+  nodeSelector: {{- toYaml $v.otomi.nodeSelector | nindent 4 }}
   {{- if $v.otomi.linodeLkeImageRepository }}
   image:
     repository: "{{- $v.otomi.linodeLkeImageRepository }}/docker/goharbor/harbor-portal"
@@ -157,6 +162,7 @@ portal:
 redis:
   internal:
     priorityClassName: otomi-critical
+    nodeSelector: {{- toYaml $v.otomi.nodeSelector | nindent 6 }}
     {{- if $v.otomi.linodeLkeImageRepository }}
     image:
       repository: "{{- $v.otomi.linodeLkeImageRepository }}/docker/goharbor/redis-photon"
@@ -168,16 +174,18 @@ registry:
   existingSecret: harbor-registry-http
 
   registry:
-      {{- if $v.otomi.linodeLkeImageRepository }}
+    nodeSelector: {{- toYaml $v.otomi.nodeSelector | nindent 6 }}
+    {{- if $v.otomi.linodeLkeImageRepository }}
     image:
       repository: "{{- $v.otomi.linodeLkeImageRepository }}/docker/goharbor/registry-photon"
-      {{- end }}
+    {{- end }}
     resources: {{- $h.resources.registry | toYaml | nindent 6 }}
   controller:
-      {{- if $v.otomi.linodeLkeImageRepository }}
+    nodeSelector: {{- toYaml $v.otomi.nodeSelector | nindent 6 }}
+    {{- if $v.otomi.linodeLkeImageRepository }}
     image:
       repository: "{{- $v.otomi.linodeLkeImageRepository }}/docker/goharbor/harbor-registryctl"
-      {{- end }}
+    {{- end }}
     resources: {{- $h.resources.registryController | toYaml | nindent 6 }}
   relativeurls: false
   credentials:
@@ -186,11 +194,11 @@ registry:
 
 trivy:
   priorityClassName: otomi-critical
-
-    {{- if $v.otomi.linodeLkeImageRepository }}
+  nodeSelector: {{- toYaml $v.otomi.nodeSelector | nindent 4 }}
+  {{- if $v.otomi.linodeLkeImageRepository }}
   image:
     repository: "{{- $v.otomi.linodeLkeImageRepository }}/docker/goharbor/trivy-adapter-photon"
-    {{- end }}
+  {{- end }}
   resources:
     {{- $h.resources.trivy | toYaml  | nindent 4 }}
   automountServiceAccountToken: true

values/ingress-nginx/ingress-nginx.gotmpl

@@ -22,6 +22,8 @@ controller:
     enabled: false
     patch:
       priorityClassName: otomi-critical
+      nodeSelector: {{- toYaml $v.otomi.nodeSelector | nindent 8 }}
+  nodeSelector: {{- toYaml $v.otomi.nodeSelector | nindent 4 }}
   resources: {{- $app.resources.controller | toYaml | nindent 4 }}
   replicaCount: 2
   minAvailable: 1
@@ -102,6 +104,7 @@ defaultBackend:
   enabled: true
   useComponentLabel: true
   priorityClassName: otomi-critical
+  nodeSelector: {{- toYaml $v.otomi.nodeSelector | nindent 4 }}
   resources: {{- $app.resources.defaultBackend | toYaml | nindent 4 }}
   service:
     omitClusterIP: true

values/istio-gateway/istio-egressgateway.yaml.gotmpl

@@ -17,6 +17,7 @@ service:
   type: ClusterIP
 
 resources: {{- $i.resources.egressgateway | toYaml | nindent 2 }}
+nodeSelector: {{- toYaml $v.otomi.nodeSelector | nindent 2 }}
 
 strategy:
   rollingUpdate:

values/istio-gateway/istio-ingressgateway.yaml.gotmpl

@@ -17,6 +17,7 @@ service:
   type: ClusterIP
 
 resources: {{- $i.resources.ingressgateway | toYaml | nindent 2 }}
+nodeSelector: {{- toYaml $v.otomi.nodeSelector | nindent 2 }}
 
 strategy:
   rollingUpdate:

values/istiod/istiod.gotmpl

@@ -4,6 +4,7 @@
 autoscaleMin: {{ $i.autoscaling.pilot.minReplicas }}
 autoscaleMax: {{ $i.autoscaling.pilot.maxReplicas }}
 resources: {{- $i.resources.pilot | toYaml | nindent 2 }}
+nodeSelector: {{- toYaml $v.otomi.nodeSelector | nindent 2 }}
 {{- if $v._derived.untrustedCA }}
 jwksResolverExtraRootCA: |
   {{- $v._derived.caCertRoot | nindent 2 }}

values/keycloak/keycloak.gotmpl

@@ -116,3 +116,5 @@ extraEnv: |
 
 extraManifests:
   - {{ tpl (readFile "../../helmfile.d/snippets/serviceentry.gotmpl") (dict "name" "keycloak" "host" $v._derived.keycloakDomain) | nindent 4 }}
+
+nodeSelector: {{- toYaml .Values.otomi.nodeSelector | nindent 2 }}

values/kserve/kserve.gotmpl

@@ -3,6 +3,7 @@
 
 kserve:
   controller:
+    nodeSelector: {{- toYaml $v.otomi.nodeSelector | nindent 6 }}
     rbacProxy:
       resources: {{- $ks.resources.rbacProxy | toYaml | nindent 8 }}
     resources: {{- $ks.resources.controller | toYaml | nindent 6 }}