feat(k8s): refactoring Kubernetes labels (#91)

* feat(helm): refactoring Kubernetes recommended labels Signed-off-by: Nicolas Lamirault <[email protected]> * feat(helm): support additional labels Signed-off-by: Nicolas Lamirault <[email protected]> --------- Signed-off-by: Nicolas Lamirault <[email protected]>
keephq · Dec 13, 2024 · 8fa7153 · 8fa7153
1 parent f9c3afb
commit 8fa7153
Show file tree

Hide file tree

Showing 27 changed files with 84 additions and 44 deletions.
diff --git a/charts/keep/README.md b/charts/keep/README.md
@@ -1,6 +1,6 @@
 # keep
 
-![Version: 0.1.25](https://img.shields.io/badge/Version-0.1.25-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.27.0](https://img.shields.io/badge/AppVersion-0.27.0-informational?style=flat-square)
+![Version: 0.1.47](https://img.shields.io/badge/Version-0.1.47-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.31.7](https://img.shields.io/badge/AppVersion-0.31.7-informational?style=flat-square)
 
 Keep Helm Chart
 
@@ -21,6 +21,7 @@ Keep Helm Chart
 
 | Key | Type | Default | Description |
 |-----|------|---------|-------------|
+| additionalLabels | object | `{}` |  |
 | backend.affinity | object | `{}` |  |
 | backend.autoscaling.enabled | bool | `false` |  |
 | backend.autoscaling.maxReplicas | int | `3` |  |
@@ -86,7 +87,7 @@ Keep Helm Chart
 | database.autoscaling.enabled | bool | `false` |  |
 | database.enabled | bool | `true` |  |
 | database.env[0].name | string | `"MYSQL_ALLOW_EMPTY_PASSWORD"` |  |
-| database.env[0].value | string | `"yes"` |  |
+| database.env[0].value | bool | `true` |  |
 | database.env[1].name | string | `"MYSQL_DATABASE"` |  |
 | database.env[1].value | string | `"keep"` |  |
 | database.env[2].name | string | `"MYSQL_PASSWORD"` |  |
@@ -109,6 +110,7 @@ Keep Helm Chart
 | database.pv.size | string | `"5Gi"` |  |
 | database.pv.storageClass | string | `""` |  |
 | database.pvc.enabled | bool | `true` |  |
+| database.pvc.retain | bool | `false` |  |
 | database.pvc.size | string | `"5Gi"` |  |
 | database.pvc.storageClass | string | `""` |  |
 | database.replicaCount | int | `1` |  |
@@ -172,22 +174,12 @@ Keep Helm Chart
 | global.ingress.annotations | object | `{}` |  |
 | global.ingress.backendPrefix | string | `"/v2"` |  |
 | global.ingress.className | string | `"nginx"` |  |
+| global.ingress.classType | string | `""` |  |
 | global.ingress.enabled | bool | `true` |  |
 | global.ingress.frontendPrefix | string | `"/"` |  |
 | global.ingress.hosts | list | `[]` |  |
 | global.ingress.tls | list | `[]` |  |
 | global.ingress.websocketPrefix | string | `"/websocket"` |  |
-| ingress-nginx.controller.admissionWebhooks.certManager.enabled | bool | `false` |  |
-| ingress-nginx.controller.admissionWebhooks.failurePolicy | string | `"Ignore"` |  |
-| ingress-nginx.controller.admissionWebhooks.patch.enabled | bool | `true` |  |
-| ingress-nginx.controller.admissionWebhooks.patch.image.pullPolicy | string | `"IfNotPresent"` |  |
-| ingress-nginx.controller.allowSnippetAnnotations | bool | `true` |  |
-| ingress-nginx.controller.service.annotations | object | `{}` |  |
-| ingress-nginx.controller.service.enabled | bool | `true` |  |
-| ingress-nginx.controller.service.ports.http | int | `80` |  |
-| ingress-nginx.controller.service.ports.https | int | `443` |  |
-| ingress-nginx.controller.service.type | string | `"LoadBalancer"` |  |
-| ingress-nginx.enabled | bool | `true` |  |
 | isGKE | bool | `false` |  |
 | nameOverride | string | `""` |  |
 | namespace | string | `"keep"` |  |

diff --git a/charts/keep/templates/_helpers.tpl b/charts/keep/templates/_helpers.tpl
@@ -40,6 +40,10 @@ helm.sh/chart: {{ include "keep.chart" . }}
 app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
 {{- end }}
 app.kubernetes.io/managed-by: {{ .Release.Service }}
+app.kubernetes.io/part-of: keep
+{{- if .Values.additionalLabels }}
+{{ toYaml .Values.additionalLabels }}
+{{- end }}
 {{- end }}
 
 {{/*
@@ -186,4 +190,4 @@ Helper function for KEEP_API_URL that handles both relative and absolute URLs
 {{- else -}}
     {{- include "keep.fullUrl" . -}}{{- $apiUrlClient -}}
 {{- end -}}
-{{- end -}}
+{{- end -}}
diff --git a/charts/keep/templates/backend-hpa.yaml b/charts/keep/templates/backend-hpa.yaml
@@ -5,6 +5,7 @@ metadata:
   name: {{ include "keep.fullname" . }}-backend
   labels:
     {{- include "keep.labels" . | nindent 4 }}
+    app.kubernetes.io/component: backend
 spec:
   scaleTargetRef:
     apiVersion: apps/v1

diff --git a/charts/keep/templates/backend-route.yaml b/charts/keep/templates/backend-route.yaml
@@ -4,16 +4,18 @@ apiVersion: route.openshift.io/v1
 kind: Route
 metadata:
   name: {{ $fullName }}
-  labels: {{- include "keep.labels" . | nindent 4 }}
+  labels:
+    {{- include "keep.labels" . | nindent 4 }}
+    app.kubernetes.io/component: backend
 spec:
   host: {{ .Values.backend.route.host }}
   to:
     kind: Service
     name: {{ $fullName }}-backend
     weight: 100
-  port: 
+  port:
     targetPort: {{ .Values.backend.service.port }}
   wildcardPolicy: {{ .Values.backend.route.wildcardPolicy }}
-  tls: 
-  {{ toYaml .Values.backend.route.tls | indent 4 }} 
+  tls:
+  {{ toYaml .Values.backend.route.tls | indent 4 }}
 {{- end}}
diff --git a/charts/keep/templates/backend-service.yaml b/charts/keep/templates/backend-service.yaml
@@ -5,7 +5,8 @@ metadata:
   name: {{ include "keep.fullname" . }}-backend
   labels:
     {{- include "keep.labels" . | nindent 4 }}
-    keep-component: backend-service
+    app.kubernetes.io/component: backend
+    keep-component: backend
   annotations:
     {{- if .Values.isGKE }}
     cloud.google.com/backend-config: '{"default": "{{ include "keep.fullname" . }}-backend-backendconfig"}'

diff --git a/charts/keep/templates/backend.yaml b/charts/keep/templates/backend.yaml
@@ -5,6 +5,7 @@ metadata:
   name: {{ include "keep.fullname" . }}-backend
   labels:
     {{- include "keep.labels" . | nindent 4 }}
+    app.kubernetes.io/component: backend
     keep-component: backend
 spec:
   {{- if not .Values.backend.autoscaling.enabled }}
@@ -27,7 +28,8 @@ spec:
         {{- end }}
       {{- end }}
       labels:
-        {{- include "keep.selectorLabels" . | nindent 8 }}
+        {{- include "keep.labels" . | nindent 8 }}
+        app.kubernetes.io/component: backend
         keep-component: backend
     spec:
       {{- with .Values.backend.imagePullSecrets }}

diff --git a/charts/keep/templates/db-pv.yaml b/charts/keep/templates/db-pv.yaml
@@ -2,6 +2,9 @@
 apiVersion: v1
 kind: PersistentVolume
 metadata:
+  labels:
+    {{- include "keep.labels" . | nindent 4 }}
+    app.kubernetes.io/component: database
   name: {{ include "keep.fullname" . }}-pv
 spec:
   capacity:

diff --git a/charts/keep/templates/db-pvc.yaml b/charts/keep/templates/db-pvc.yaml
@@ -10,6 +10,9 @@ metadata:
     {{- if .Values.database.pvc.retain }}
     helm.sh/resource-policy: keep
     {{- end }}
+  labels:
+    {{- include "keep.labels" . | nindent 4 }}
+    app.kubernetes.io/component: database
 spec:
   {{- if $existingPvc }}
   # Use existing PVC spec
@@ -25,4 +28,4 @@ spec:
     requests:
       storage: {{ .Values.database.pvc.size }}
   {{- end }}
-{{- end }}
+{{- end }}
diff --git a/charts/keep/templates/db-service.yaml b/charts/keep/templates/db-service.yaml
@@ -5,7 +5,8 @@ metadata:
   name: {{ include "keep.name" . }}-database
   labels:
     {{- include "keep.labels" . | nindent 4 }}
-    keep-component: database-service
+    app.kubernetes.io/component: database
+    keep-component: database
 spec:
   type: {{ .Values.database.service.type }}
   ports:

diff --git a/charts/keep/templates/db.yaml b/charts/keep/templates/db.yaml
@@ -5,6 +5,7 @@ metadata:
   name: {{ include "keep.fullname" . }}-database
   labels:
     {{- include "keep.labels" . | nindent 4 }}
+    app.kubernetes.io/component: database
     keep-component: database
 spec:
   {{- if not .Values.database.autoscaling.enabled }}
@@ -21,7 +22,8 @@ spec:
         {{- toYaml . | nindent 8 }}
       {{- end }}
       labels:
-        {{- include "keep.selectorLabels" . | nindent 8 }}
+        {{- include "keep.labels" . | nindent 8 }}
+        app.kubernetes.io/component: database
         keep-component: database
     spec:
       {{- with .Values.database.imagePullSecrets }}

diff --git a/charts/keep/templates/delete-secret-job.yaml b/charts/keep/templates/delete-secret-job.yaml
@@ -5,6 +5,9 @@ metadata:
   annotations:
     "helm.sh/hook": pre-delete
     "helm.sh/hook-delete-policy": hook-succeeded,hook-failed
+  labels:
+    {{- include "keep.labels" . | nindent 4 }}
+    app.kubernetes.io/component: secrets
 spec:
   template:
     spec:

diff --git a/charts/keep/templates/frontend-hpa.yaml b/charts/keep/templates/frontend-hpa.yaml
@@ -5,6 +5,7 @@ metadata:
   name: {{ include "keep.fullname" . }}-frontend
   labels:
     {{- include "keep.labels" . | nindent 4 }}
+    app.kubernetes.io/component: frontend
 spec:
   scaleTargetRef:
     apiVersion: apps/v1

diff --git a/charts/keep/templates/frontend-route.yaml b/charts/keep/templates/frontend-route.yaml
@@ -4,16 +4,18 @@ apiVersion: route.openshift.io/v1
 kind: Route
 metadata:
   name: {{ $fullName }}
-  labels: {{- include "keep.labels" . | nindent 4 }}
+  labels:
+    {{- include "keep.labels" . | nindent 4 }}
+    app.kubernetes.io/component: frontend
 spec:
   host: {{ .Values.frontend.route.host }}
   to:
     kind: Service
     name: {{ $fullName }}-frontend
     weight: 100
-  port: 
+  port:
     targetPort: {{ .Values.frontend.service.port }}
   wildcardPolicy: {{ .Values.frontend.route.wildcardPolicy }}
-  tls: 
-  {{ toYaml .Values.frontend.route.tls | indent 4 }} 
+  tls:
+  {{ toYaml .Values.frontend.route.tls | indent 4 }}
 {{- end}}
diff --git a/charts/keep/templates/frontend-service.yaml b/charts/keep/templates/frontend-service.yaml
@@ -5,7 +5,8 @@ metadata:
   name: {{ include "keep.fullname" . }}-frontend
   labels:
     {{- include "keep.labels" . | nindent 4 }}
-    keep-component: frontend-service
+    app.kubernetes.io/component: frontend
+    keep-component: frontend
   annotations:
     {{- if .Values.isGKE }}
     cloud.google.com/backend-config: '{"default": "{{ include "keep.fullname" . }}-frontend-backendconfig"}'

diff --git a/charts/keep/templates/frontend.yaml b/charts/keep/templates/frontend.yaml
@@ -5,6 +5,7 @@ metadata:
   name: {{ include "keep.fullname" . }}-frontend
   labels:
     {{- include "keep.labels" . | nindent 4 }}
+    app.kubernetes.io/component: frontend
     keep-component: frontend
 spec:
   {{- if not .Values.frontend.autoscaling.enabled }}
@@ -21,7 +22,8 @@ spec:
         {{- toYaml . | nindent 8 }}
       {{- end }}
       labels:
-        {{- include "keep.selectorLabels" . | nindent 8 }}
+        {{- include "keep.labels" . | nindent 8 }}
+        app.kubernetes.io/component: frontend
         keep-component: frontend
     spec:
       {{- with .Values.frontend.imagePullSecrets }}
@@ -51,10 +53,10 @@ spec:
             - name: NEXTAUTH_URL
               value: {{ include "keep.nextAuthUrl" . | quote }}
             {{- range .Values.frontend.env }}
-            {{- if and 
-                  (ne .name "PUSHER_HOST") 
-                  (ne .name "API_URL_CLIENT") 
-                  (ne .name "API_URL") 
+            {{- if and
+                  (ne .name "PUSHER_HOST")
+                  (ne .name "API_URL_CLIENT")
+                  (ne .name "API_URL")
                   (ne .name "NEXTAUTH_URL") }}
             - name: {{ .name }}
               value: {{ .value | quote }}
@@ -87,4 +89,4 @@ spec:
       volumes:
         - name: state-volume
           emptyDir: {}
-{{- end }}
+{{- end }}
diff --git a/charts/keep/templates/ingress-haproxy.yaml b/charts/keep/templates/ingress-haproxy.yaml
@@ -6,6 +6,7 @@ metadata:
   name: {{ $fullName }}-ingress
   labels:
     {{- include "keep.labels" . | nindent 4 }}
+    app.kubernetes.io/component: networking
   annotations:
     kubernetes.io/ingress.class: "haproxy"
     # HAProxy timeout configurations
@@ -14,7 +15,7 @@ metadata:
     haproxy-ingress.github.io/timeout-connect: "3600s"
     haproxy-ingress.github.io/timeout-tunnel: "3600s"
     haproxy-ingress.github.io/ssl-redirect: "false"
-    
+
     # Backend configurations for path rewrites + # WebSocket support
     haproxy-ingress.github.io/config-backend: |
       acl path_v2 path_beg {{ .Values.global.ingress.backendPrefix }}/
@@ -98,4 +99,4 @@ spec:
               port:
                 number: {{ $.Values.frontend.service.port }}
     {{- end }}
-{{- end }}
+{{- end }}
diff --git a/charts/keep/templates/ingress-nginx.yaml b/charts/keep/templates/ingress-nginx.yaml
@@ -6,6 +6,7 @@ metadata:
   name: {{ $fullName }}-ingress
   labels:
     {{- include "keep.labels" . | nindent 4 }}
+    app.kubernetes.io/component: networking
   annotations:
     {{- if or (eq .Values.global.ingress.className "nginx") (eq .Values.global.ingress.classType "nginx") }}
     kubernetes.io/ingress.class: "nginx"
@@ -115,4 +116,4 @@ spec:
               port:
                 number: {{ $.Values.frontend.service.port }}
     {{- end }}
-{{- end }}
+{{- end }}
diff --git a/charts/keep/templates/ingress-traefik-middleware.yaml b/charts/keep/templates/ingress-traefik-middleware.yaml
@@ -6,9 +6,10 @@ metadata:
   namespace: {{ .Release.Namespace }}
   labels:
     {{- include "keep.labels" . | nindent 4 }}
+    app.kubernetes.io/component: networking
 spec:
   stripPrefix:
     prefixes:
       - {{ .Values.global.ingress.backendPrefix }}
       - {{ .Values.global.ingress.websocketPrefix }}
-{{- end }}
+{{- end }}
diff --git a/charts/keep/templates/ingress-traefik.yaml b/charts/keep/templates/ingress-traefik.yaml
@@ -6,14 +6,15 @@ metadata:
   name: {{ $fullName }}-ingress
   labels:
     {{- include "keep.labels" . | nindent 4 }}
+    app.kubernetes.io/component: networking
   annotations:
     traefik.ingress.kubernetes.io/router.middlewares: {{ .Release.Namespace }}-strip-prefix@kubernetescrd
     traefik.ingress.kubernetes.io/router.entrypoints: web
     traefik.ingress.kubernetes.io/timeouts.idle: "3600s"
     traefik.ingress.kubernetes.io/timeouts.connect: "3600s"
     traefik.ingress.kubernetes.io/timeouts.read: "3600s"
     traefik.ingress.kubernetes.io/timeouts.write: "3600s"
-    
+
     # WebSocket configuration
     traefik.ingress.kubernetes.io/websockets.enabled: "true"
     {{- with .Values.global.ingress.annotations }}
@@ -93,4 +94,4 @@ spec:
               port:
                 number: {{ $.Values.frontend.service.port }}
     {{- end }}
-{{- end }}
+{{- end }}
diff --git a/charts/keep/templates/role-binding-secret-manager.yaml b/charts/keep/templates/role-binding-secret-manager.yaml
@@ -3,6 +3,9 @@ kind: RoleBinding
 metadata:
   name: secret-manager-rolebinding
   namespace: {{ include "keep.namespace" . }}
+  labels:
+    {{- include "keep.labels" . | nindent 4 }}
+    app.kubernetes.io/component: secrets
 subjects:
   - kind: ServiceAccount
     name: {{ include "keep.serviceAccountName" . }}

diff --git a/charts/keep/templates/role-secret-manager.yaml b/charts/keep/templates/role-secret-manager.yaml
@@ -3,6 +3,9 @@ kind: Role
 metadata:
   name: secret-manager-role
   namespace: {{ include "keep.namespace" . }}
+  labels:
+    {{- include "keep.labels" . | nindent 4 }}
+    app.kubernetes.io/component: secrets
 rules:
   - apiGroups: [""]
     resources: ["secrets"]

diff --git a/charts/keep/templates/serviceaccount.yaml b/charts/keep/templates/serviceaccount.yaml
@@ -5,6 +5,7 @@ metadata:
   name: {{ include "keep.serviceAccountName" . }}
   labels:
     {{- include "keep.labels" . | nindent 4 }}
+    app.kubernetes.io/component: rbac
   {{- with .Values.serviceAccount.annotations }}
   annotations:
     {{- toYaml . | nindent 4 }}

diff --git a/charts/keep/templates/websocket-hpa.yaml b/charts/keep/templates/websocket-hpa.yaml
@@ -5,6 +5,7 @@ metadata:
   name: {{ include "keep.fullname" . }}-websocket
   labels:
     {{- include "keep.labels" . | nindent 4 }}
+    app.kubernetes.io/component: websocket
 spec:
   scaleTargetRef:
     apiVersion: apps/v1