diff --git a/helm/ngrok-operator/README.md b/helm/ngrok-operator/README.md index 492f8fa2..472f142c 100644 --- a/helm/ngrok-operator/README.md +++ b/helm/ngrok-operator/README.md @@ -43,6 +43,8 @@ To uninstall the chart: | `commonLabels` | Labels to add to all deployed objects | `{}` | | `commonAnnotations` | Annotations to add to all deployed objects | `{}` | | `oneClickDemoMode` | If true, then the operator will startup without required fields or API registration, become Ready, but not actually be running | `false` | +| `podAnnotations` | Custom pod annotations to apply to all pods. | `{}` | +| `podLabels` | Custom pod labels to apply to all pods. | `{}` | ### Image configuration @@ -70,8 +72,6 @@ To uninstall the chart: | Name | Description | Value | | ------------------------------------ | ----------------------------------------------------------------------------------------- | ------- | -| `podAnnotations` | Custom pod annotations to apply to all pods. | `{}` | -| `podLabels` | Custom pod labels to apply to all pods. | `{}` | | `replicaCount` | The number of controllers to run. | `1` | | `affinity` | Affinity for the controller pod assignment | `{}` | | `podAffinityPreset` | Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` | @@ -79,6 +79,9 @@ To uninstall the chart: | `nodeAffinityPreset.type` | Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` | | `nodeAffinityPreset.key` | Node label key to match. Ignored if `affinity` is set. | `""` | | `nodeAffinityPreset.values` | Node label values to match. Ignored if `affinity` is set. | `[]` | +| `nodeSelector` | Node labels for manager pod(s) | `{}` | +| `tolerations` | Tolerations for manager pod(s) | `[]` | +| `topologySpreadConstraints` | Topology Spread Constraints for manager pod(s) | `[]` | | `priorityClassName` | Priority class for pod scheduling | `""` | | `lifecycle` | an object containing lifecycle configuration | `{}` | | `podDisruptionBudget.create` | Enable a Pod Disruption Budget creation | `false` | @@ -134,6 +137,9 @@ To uninstall the chart: | `agent.serviceAccount.create` | Specifies whether a ServiceAccount should be created for the agent. | `true` | | `agent.serviceAccount.name` | The name of the ServiceAccount to use for the agent. | `""` | | `agent.serviceAccount.annotations` | Additional annotations to add to the agent ServiceAccount | `{}` | +| `agent.tolerations` | Tolerations for the agent pod(s) | `[]` | +| `agent.nodeSelector` | Node labels for the agent pod(s) | `{}` | +| `agent.topologySpreadConstraints` | Topology Spread Constraints for the agent pod(s) | `[]` | ### Kubernetes Gateway feature configuration @@ -157,6 +163,9 @@ To uninstall the chart: | `bindings.forwarder.serviceAccount.create` | Specifies whether a ServiceAccount should be created for the bindings forwarder pod(s). | `true` | | `bindings.forwarder.serviceAccount.name` | The name of the ServiceAccount to use for the bindings forwarder pod(s). | `""` | | `bindings.forwarder.serviceAccount.annotations` | Additional annotations to add to the bindings-forwarder ServiceAccount | `{}` | +| `bindings.forwarder.tolerations` | Tolerations for the bindings forwarder pod(s) | `[]` | +| `bindings.forwarder.nodeSelector` | Node labels for the bindings forwarder pod(s) | `{}` | +| `bindings.forwarder.topologySpreadConstraints` | Topology Spread Constraints for the bindings forwarder pod(s) | `[]` | | `bindings.ngrokCA` | The ngrok intermediate CA certificate to use for verifyng self-signed TLS certs from ngrok | `-----BEGIN CERTIFICATE----- MIIDwjCCAqqgAwIBAgIUZqF2AkB17pISojTndgc2U5BDt7wwDQYJKoZIhvcNAQEL BQAwbzEQMA4GA1UEAwwHUm9vdCBDQTENMAsGA1UECwwEcHJvZDESMBAGA1UECgwJ diff --git a/helm/ngrok-operator/templates/agent/deployment.yaml b/helm/ngrok-operator/templates/agent/deployment.yaml index fd525c1b..254e2d6c 100644 --- a/helm/ngrok-operator/templates/agent/deployment.yaml +++ b/helm/ngrok-operator/templates/agent/deployment.yaml @@ -47,6 +47,18 @@ spec: podAntiAffinity: {{- include "common.affinities.pods" (dict "type" .Values.podAntiAffinityPreset "component" $component "context" $) | nindent 10 }} nodeAffinity: {{- include "common.affinities.nodes" (dict "type" .Values.nodeAffinityPreset.type "key" .Values.nodeAffinityPreset.key "values" .Values.nodeAffinityPreset.values) | nindent 10 }} {{- end }} + {{- with $agent.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{ with $agent.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with $agent.topologySpreadConstraints }} + topologySpreadConstraints: + {{- toYaml . | nindent 8 }} + {{- end }} serviceAccountName: {{ template "ngrok-operator.agent.serviceAccountName" . }} {{- if .Values.image.pullSecrets }} imagePullSecrets: diff --git a/helm/ngrok-operator/templates/bindings-forwarder/deployment.yaml b/helm/ngrok-operator/templates/bindings-forwarder/deployment.yaml index b2b4a947..233fee90 100644 --- a/helm/ngrok-operator/templates/bindings-forwarder/deployment.yaml +++ b/helm/ngrok-operator/templates/bindings-forwarder/deployment.yaml @@ -47,6 +47,18 @@ spec: podAntiAffinity: {{- include "common.affinities.pods" (dict "type" .Values.podAntiAffinityPreset "component" $component "context" $) | nindent 10 }} nodeAffinity: {{- include "common.affinities.nodes" (dict "type" .Values.nodeAffinityPreset.type "key" .Values.nodeAffinityPreset.key "values" .Values.nodeAffinityPreset.values) | nindent 10 }} {{- end }} + {{- with $forwarder.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{ with $forwarder.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with $forwarder.topologySpreadConstraints }} + topologySpreadConstraints: + {{- toYaml . | nindent 8 }} + {{- end }} serviceAccountName: {{ template "ngrok-operator.bindings.forwarder.serviceAccountName" . }} {{- if .Values.image.pullSecrets }} imagePullSecrets: diff --git a/helm/ngrok-operator/templates/controller-deployment.yaml b/helm/ngrok-operator/templates/controller-deployment.yaml index 9bcf32c1..ae7c80c2 100644 --- a/helm/ngrok-operator/templates/controller-deployment.yaml +++ b/helm/ngrok-operator/templates/controller-deployment.yaml @@ -46,6 +46,18 @@ spec: podAntiAffinity: {{- include "common.affinities.pods" (dict "type" .Values.podAntiAffinityPreset "component" $component "context" $) | nindent 10 }} nodeAffinity: {{- include "common.affinities.nodes" (dict "type" .Values.nodeAffinityPreset.type "key" .Values.nodeAffinityPreset.key "values" .Values.nodeAffinityPreset.values) | nindent 10 }} {{- end }} + {{- with .Values.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{ with .Values.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.topologySpreadConstraints }} + topologySpreadConstraints: + {{- toYaml . | nindent 8 }} + {{- end }} serviceAccountName: {{ template "ngrok-operator.serviceAccountName" . }} {{- if .Values.image.pullSecrets }} imagePullSecrets: diff --git a/helm/ngrok-operator/tests/agent/deployment_test.yaml b/helm/ngrok-operator/tests/agent/deployment_test.yaml index 6fa678d7..dbd150da 100644 --- a/helm/ngrok-operator/tests/agent/deployment_test.yaml +++ b/helm/ngrok-operator/tests/agent/deployment_test.yaml @@ -33,3 +33,45 @@ tests: content: labelKey1: labelValue1 labelKey2: labelValue2 +- it: Supports selecting which nodes the agent should run on with node selectors + set: + agent: + nodeSelector: &nodeSelector + disktype: ssd + template: agent/deployment.yaml + asserts: + - equal: + path: spec.template.spec.nodeSelector + value: *nodeSelector +- it: Supports setting tolerations on the agent pods + set: + agent: + tolerations: + - &toleration + key: "key1" + operator: "Equal" + value: "value1" + effect: "NoSchedule" + template: agent/deployment.yaml + asserts: + - contains: + path: spec.template.spec.tolerations + content: *toleration +- it: Supports setting topologySpreadConstraints on the agent pods + set: + agent: + topologySpreadConstraints: + - &tsc + maxSkew: 1 + topologyKey: kubernetes.io/hostname + whenUnsatisfiable: DoNotSchedule + labelSelector: + matchLabels: + app: foo + matchLabelKeys: + - pod-template-hash + template: agent/deployment.yaml + asserts: + - contains: + path: spec.template.spec.topologySpreadConstraints + content: *tsc diff --git a/helm/ngrok-operator/tests/bindings-forwarder/deployment_test.yaml b/helm/ngrok-operator/tests/bindings-forwarder/deployment_test.yaml index 31b8ba72..c995635d 100644 --- a/helm/ngrok-operator/tests/bindings-forwarder/deployment_test.yaml +++ b/helm/ngrok-operator/tests/bindings-forwarder/deployment_test.yaml @@ -43,3 +43,48 @@ tests: content: labelKey1: labelValue1 labelKey2: labelValue2 +- it: Supports selecting which nodes the bindings forwarders should run on with node selectors + set: + bindings: + forwarder: + nodeSelector: &nodeSelector + disktype: ssd + template: bindings-forwarder/deployment.yaml + asserts: + - equal: + path: spec.template.spec.nodeSelector + value: *nodeSelector +- it: Supports setting tolerations on the bindings forwarder pods + set: + bindings: + forwarder: + tolerations: + - &toleration + key: "key1" + operator: "Equal" + value: "value1" + effect: "NoSchedule" + template: bindings-forwarder/deployment.yaml + asserts: + - contains: + path: spec.template.spec.tolerations + content: *toleration +- it: Supports setting topologySpreadConstraints on the bindings forwarder pods + set: + bindings: + forwarder: + topologySpreadConstraints: + - &tsc + maxSkew: 1 + topologyKey: kubernetes.io/hostname + whenUnsatisfiable: DoNotSchedule + labelSelector: + matchLabels: + app: foo + matchLabelKeys: + - pod-template-hash + template: bindings-forwarder/deployment.yaml + asserts: + - contains: + path: spec.template.spec.topologySpreadConstraints + content: *tsc diff --git a/helm/ngrok-operator/tests/controller-deployment_test.yaml b/helm/ngrok-operator/tests/controller-deployment_test.yaml index 05ff0356..9fd8f75c 100644 --- a/helm/ngrok-operator/tests/controller-deployment_test.yaml +++ b/helm/ngrok-operator/tests/controller-deployment_test.yaml @@ -380,3 +380,42 @@ tests: content: labelKey1: labelValue1 labelKey2: labelValue2 +- it: Supports selecting which nodes the manager should run on with node selectors + set: + nodeSelector: &nodeSelector + disktype: ssd + template: controller-deployment.yaml + asserts: + - equal: + path: spec.template.spec.nodeSelector + value: *nodeSelector +- it: Supports setting tolerations on the manager pods + set: + tolerations: + - &toleration + key: "key1" + operator: "Equal" + value: "value1" + effect: "NoSchedule" + template: controller-deployment.yaml + asserts: + - contains: + path: spec.template.spec.tolerations + content: *toleration +- it: Supports setting topologySpreadConstraints on the manager pods + set: + topologySpreadConstraints: + - &tsc + maxSkew: 1 + topologyKey: kubernetes.io/hostname + whenUnsatisfiable: DoNotSchedule + labelSelector: + matchLabels: + app: foo + matchLabelKeys: + - pod-template-hash + template: controller-deployment.yaml + asserts: + - contains: + path: spec.template.spec.topologySpreadConstraints + content: *tsc diff --git a/helm/ngrok-operator/values.schema.json b/helm/ngrok-operator/values.schema.json index ba3c6557..e9c870ea 100644 --- a/helm/ngrok-operator/values.schema.json +++ b/helm/ngrok-operator/values.schema.json @@ -32,6 +32,16 @@ "description": "If true, then the operator will startup without required fields or API registration, become Ready, but not actually be running", "default": false }, + "podAnnotations": { + "type": "object", + "description": "Custom pod annotations to apply to all pods.", + "default": {} + }, + "podLabels": { + "type": "object", + "description": "Custom pod labels to apply to all pods.", + "default": {} + }, "image": { "type": "object", "properties": { @@ -93,16 +103,6 @@ "description": "Configure the default cluster base domain for your kubernetes cluster DNS resolution", "default": "svc.cluster.local" }, - "podAnnotations": { - "type": "object", - "description": "Custom pod annotations to apply to all pods.", - "default": {} - }, - "podLabels": { - "type": "object", - "description": "Custom pod labels to apply to all pods.", - "default": {} - }, "replicaCount": { "type": "number", "description": "The number of controllers to run.", @@ -144,6 +144,23 @@ } } }, + "nodeSelector": { + "type": "object", + "description": "Node labels for manager pod(s)", + "default": {} + }, + "tolerations": { + "type": "array", + "description": "Tolerations for manager pod(s)", + "default": [], + "items": {} + }, + "topologySpreadConstraints": { + "type": "array", + "description": "Topology Spread Constraints for manager pod(s)", + "default": [], + "items": {} + }, "priorityClassName": { "type": "string", "description": "Priority class for pod scheduling", @@ -343,6 +360,23 @@ "default": {} } } + }, + "tolerations": { + "type": "array", + "description": "Tolerations for the agent pod(s)", + "default": [], + "items": {} + }, + "nodeSelector": { + "type": "object", + "description": "Node labels for the agent pod(s)", + "default": {} + }, + "topologySpreadConstraints": { + "type": "array", + "description": "Topology Spread Constraints for the agent pod(s)", + "default": [], + "items": {} } } }, @@ -426,6 +460,23 @@ "default": {} } } + }, + "tolerations": { + "type": "array", + "description": "Tolerations for the bindings forwarder pod(s)", + "default": [], + "items": {} + }, + "nodeSelector": { + "type": "object", + "description": "Node labels for the bindings forwarder pod(s)", + "default": {} + }, + "topologySpreadConstraints": { + "type": "array", + "description": "Topology Spread Constraints for the bindings forwarder pod(s)", + "default": [], + "items": {} } } }, diff --git a/helm/ngrok-operator/values.yaml b/helm/ngrok-operator/values.yaml index 5bf1cecc..4d09e90d 100644 --- a/helm/ngrok-operator/values.yaml +++ b/helm/ngrok-operator/values.yaml @@ -14,6 +14,11 @@ commonLabels: {} commonAnnotations: {} oneClickDemoMode: false +## @param podAnnotations Custom pod annotations to apply to all pods. +## @param podLabels Custom pod labels to apply to all pods. +podAnnotations: {} +podLabels: {} + ## ## @section Image configuration ## @@ -65,11 +70,6 @@ clusterDomain: svc.cluster.local ## ## @section Operator Manager parameters ## -## @param podAnnotations Custom pod annotations to apply to all pods. -## @param podLabels Custom pod labels to apply to all pods. -## -podAnnotations: {} -podLabels: {} ## @param replicaCount The number of controllers to run. ## A minimum of 2 is recommended in production for HA. @@ -109,6 +109,13 @@ nodeAffinityPreset: ## values: [] +## @param nodeSelector Node labels for manager pod(s) +## @param tolerations Tolerations for manager pod(s) +## @param topologySpreadConstraints Topology Spread Constraints for manager pod(s) +nodeSelector: {} +tolerations: [] +topologySpreadConstraints: [] + ## @param priorityClassName Priority class for pod scheduling ## ref: https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/#priorityclass ## @@ -258,6 +265,15 @@ agent: name: "" annotations: {} + ## @param agent.tolerations Tolerations for the agent pod(s) + tolerations: [] + + ## @param agent.nodeSelector Node labels for the agent pod(s) + nodeSelector: {} + + ## @param agent.topologySpreadConstraints Topology Spread Constraints for the agent pod(s) + topologySpreadConstraints: [] + ## ## @section Kubernetes Gateway feature configuration ## @@ -303,6 +319,15 @@ bindings: name: "" annotations: {} + ## @param bindings.forwarder.tolerations Tolerations for the bindings forwarder pod(s) + tolerations: [] + + ## @param bindings.forwarder.nodeSelector Node labels for the bindings forwarder pod(s) + nodeSelector: {} + + ## @param bindings.forwarder.topologySpreadConstraints Topology Spread Constraints for the bindings forwarder pod(s) + topologySpreadConstraints: [] + ## @param bindings.ngrokCA The ngrok intermediate CA certificate to use for verifyng self-signed TLS certs from ngrok ## Note: This is temporarily vendored and will be removed in a future release. ngrokCA: | # ngrok intermediate CA