Merge pull request #234 from nirmata/global-labels-annotations

Global labels annotations
nirmata · Feb 9, 2024 · f902893 · f902893
2 parents 4622b87 + 6fb57b6
commit f902893
Show file tree

Hide file tree

Showing 83 changed files with 563 additions and 33 deletions.
diff --git a/charts/enterprise-kyverno-operator/Chart.yaml b/charts/enterprise-kyverno-operator/Chart.yaml
@@ -2,7 +2,7 @@ apiVersion: v2
 name: nirmata-kyverno-operator
 description: Helm Chart for Enterprise Kyverno Operator
 type: application
-version: v0.3.24
+version: v0.3.25-rc1
 appVersion: v0.2.6
 
 icon: https://github.com/kyverno/kyverno/raw/main/img/logo.png

diff --git a/charts/enterprise-kyverno-operator/templates/_cr-kyverno-helpers.tpl b/charts/enterprise-kyverno-operator/templates/_cr-kyverno-helpers.tpl
@@ -36,6 +36,16 @@ content:
       {{- if .Values.kyverno.helm }}
       {{- toYaml .Values.kyverno.helm | nindent 6 }}
       {{- end}}
+
+      customLabels:
+{{- if .Values.globalLabels }}
+{{- toYaml .Values.globalLabels | nindent 8 }}
+{{- end}} 
+      customAnnotations:
+{{- if .Values.globalAnnotations }}
+{{- toYaml .Values.globalAnnotations | nindent 8 }}
+{{- end}} 
+
       admissionController:
         podLabels: 
 {{- if .Values.globalLabels }}

diff --git a/charts/enterprise-kyverno-operator/templates/clusterrole.yaml b/charts/enterprise-kyverno-operator/templates/clusterrole.yaml
@@ -3,6 +3,14 @@ apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
 metadata:
   name: {{ template "enterprise-kyverno.fullname" . }}
+  labels:
+    {{- if .Values.globalLabels }}
+    {{- toYaml .Values.globalLabels | nindent 4 }}
+    {{- end }}
+  annotations:
+    {{- if .Values.globalAnnotations }}
+    {{- toYaml .Values.globalAnnotations | nindent 4 }}
+    {{- end }}
 rules:
 - apiGroups:
   - "security.nirmata.io"

diff --git a/charts/enterprise-kyverno-operator/templates/clusterrolebinding.yaml b/charts/enterprise-kyverno-operator/templates/clusterrolebinding.yaml
@@ -4,6 +4,14 @@ kind: ClusterRoleBinding
 apiVersion: rbac.authorization.k8s.io/v1
 metadata:
   name: {{ template "enterprise-kyverno.fullname" . }}
+  labels:
+    {{- if .Values.globalLabels }}
+    {{- toYaml .Values.globalLabels | nindent 4 }}
+    {{- end }}
+  annotations:
+    {{- if .Values.globalAnnotations }}
+    {{- toYaml .Values.globalAnnotations | nindent 4 }}
+    {{- end }}
 roleRef:
   apiGroup: rbac.authorization.k8s.io
   kind: ClusterRole

diff --git a/charts/enterprise-kyverno-operator/templates/configmap.yaml b/charts/enterprise-kyverno-operator/templates/configmap.yaml
@@ -3,6 +3,14 @@ kind: ConfigMap
 metadata:
   name: {{ template "enterprise-kyverno.fullname" . }}
   namespace: {{ template "enterprise-kyverno.namespace" . }}
+  labels:
+    {{- if .Values.globalLabels }}
+    {{- toYaml .Values.globalLabels| nindent 4 }}
+    {{- end }}
+  annotations:
+    {{- if .Values.globalAnnotations }}
+    {{- toYaml .Values.globalAnnotations | nindent 4 }}
+    {{- end }}
 data:
   kyvernoLatestRepository: https://kyverno.github.io/kyverno
   kyvernoLatestVersion: 2.7.0-rc.2

diff --git a/charts/enterprise-kyverno-operator/templates/cr-aws-adapter.yaml b/charts/enterprise-kyverno-operator/templates/cr-aws-adapter.yaml
@@ -5,6 +5,13 @@ metadata:
   annotations:
   labels:
     {{- include "enterprise-kyverno.labels" . | nindent 4 }}
+    {{- if .Values.globalLabels }}
+    {{- toYaml .Values.globalLabels| nindent 4 }}
+    {{- end }}
+  annotations:
+    {{- if .Values.globalAnnotations }}
+    {{- toYaml .Values.globalAnnotations | nindent 4 }}
+    {{- end }}
   name: aws-adapter-config
   namespace: {{ template "enterprise-kyverno.namespace" . }}
 spec:

diff --git a/charts/enterprise-kyverno-operator/templates/cr-cis-adapter.yaml b/charts/enterprise-kyverno-operator/templates/cr-cis-adapter.yaml
@@ -5,6 +5,13 @@ metadata:
   annotations:
   labels:
     {{- include "enterprise-kyverno.labels" . | nindent 4 }}
+    {{- if .Values.globalLabels }}
+    {{- toYaml .Values.globalLabels| nindent 4 }}
+    {{- end }}
+  annotations:
+    {{- if .Values.globalAnnotations }}
+    {{- toYaml .Values.globalAnnotations | nindent 4 }}
+    {{- end }}
   name: cis-adapter-config
   namespace: {{ template "enterprise-kyverno.namespace" . }}
 spec:

diff --git a/charts/enterprise-kyverno-operator/templates/cr-image-scan-adapter.yaml b/charts/enterprise-kyverno-operator/templates/cr-image-scan-adapter.yaml
@@ -5,6 +5,13 @@ metadata:
   annotations:
   labels:
     {{- include "enterprise-kyverno.labels" . | nindent 4 }}
+    {{- if .Values.globalLabels }}
+    {{- toYaml .Values.globalLabels| nindent 4 }}
+    {{- end }}
+  annotations:
+    {{- if .Values.globalAnnotations }}
+    {{- toYaml .Values.globalAnnotations | nindent 4 }}
+    {{- end }}
   name: image-scan-adapter-config
   namespace: {{ template "enterprise-kyverno.namespace" . }}
 spec:

diff --git a/charts/enterprise-kyverno-operator/templates/cr-kyverno.yaml b/charts/enterprise-kyverno-operator/templates/cr-kyverno.yaml
@@ -5,6 +5,10 @@ metadata:
   annotations:
   labels:
     {{- include "enterprise-kyverno.labels" . | nindent 4 }}
+  annotations:
+    {{- if .Values.globalAnnotations }}
+    {{- toYaml .Values.globalAnnotations | nindent 4 }}
+    {{- end }}
   name: kyverno
   namespace: {{ template "enterprise-kyverno.namespace" . }}
 spec:

diff --git a/charts/enterprise-kyverno-operator/templates/deployment.yaml b/charts/enterprise-kyverno-operator/templates/deployment.yaml
@@ -21,12 +21,15 @@ spec:
       {{- include "enterprise-kyverno.selectorLabels" . | nindent 6 }}
   template:
     metadata:
-      {{- with .Values.podAnnotations }}
+      {{- with .Values.globalAnnotations }}
       annotations:
         {{- toYaml . | nindent 8 }}
       {{- end }}
       labels:
         {{- include "enterprise-kyverno.selectorLabels" . | nindent 8 }}
+        {{- if .Values.globalLabels }}
+        {{- toYaml .Values.globalLabels| nindent 8 }}
+        {{- end }}
     spec:
       imagePullSecrets: 
       - name: {{ .Values.image.pullSecrets.name }}

diff --git a/charts/enterprise-kyverno-operator/templates/imagepullsecret.yaml b/charts/enterprise-kyverno-operator/templates/imagepullsecret.yaml
@@ -5,6 +5,10 @@ metadata:
   labels: {{ include "enterprise-kyverno.labels" $ | nindent 4 }}
     app: nirmata-kyverno-operator
   name: image-pull-secret
+  {{- if .Values.globalAnnotations }}
+  annotations: 
+    {{- toYaml .Values.globalAnnotations| nindent 4 }}
+  {{- end }}
   namespace: {{ include "enterprise-kyverno.namespace" . }}
 type: kubernetes.io/dockerconfigjson
 data:

diff --git a/charts/enterprise-kyverno-operator/templates/pre-delete-hook.yaml b/charts/enterprise-kyverno-operator/templates/pre-delete-hook.yaml
@@ -7,6 +7,9 @@ metadata:
     "helm.sh/hook": pre-delete
     "helm.sh/hook-weight": "3"
     "helm.sh/hook-delete-policy": hook-succeeded
+  {{- if .Values.globalAnnotations }}
+    {{- toYaml .Values.globalAnnotations| nindent 4 }}
+  {{- end }}
   labels:
     app: {{ template "enterprise-kyverno.name" . }}-operator
 {{ include "enterprise-kyverno.labels" . | indent 4 }}

diff --git a/charts/enterprise-kyverno-operator/templates/role.yaml b/charts/enterprise-kyverno-operator/templates/role.yaml
@@ -4,6 +4,14 @@ kind: Role
 metadata:
   name: {{ template "enterprise-kyverno.fullname" . }}
   namespace: {{ template "enterprise-kyverno.namespace" . }}
+  labels:
+    {{- if .Values.globalLabels }}
+    {{- toYaml .Values.globalLabels| nindent 4 }}
+  {{- if .Values.globalAnnotations }}
+  annotations: 
+    {{- toYaml .Values.globalAnnotations| nindent 4 }}
+  {{- end }}
+    {{- end }}
 rules:
 - apiGroups:
   - "apps"

diff --git a/charts/enterprise-kyverno-operator/templates/rolebinding.yaml b/charts/enterprise-kyverno-operator/templates/rolebinding.yaml
@@ -4,6 +4,14 @@ apiVersion: rbac.authorization.k8s.io/v1
 metadata:
   name: {{ template "enterprise-kyverno.fullname" . }}
   namespace: {{ template "enterprise-kyverno.namespace" . }}
+  labels:
+    {{- if .Values.globalLabels }}
+    {{- toYaml .Values.globalLabels| nindent 4 }}
+    {{- end }}
+  {{- if .Values.globalAnnotations }}
+  annotations: 
+    {{- toYaml .Values.globalAnnotations| nindent 4 }}
+  {{- end }}
 roleRef:
   apiGroup: rbac.authorization.k8s.io
   kind: Role

diff --git a/charts/enterprise-kyverno-operator/templates/secret-for-cr-params.yaml b/charts/enterprise-kyverno-operator/templates/secret-for-cr-params.yaml
@@ -2,8 +2,15 @@ apiVersion: v1
 kind: Secret
 metadata:
   name: operator-params
+  {{- if .Values.globalAnnotations }}
+  annotations: 
+    {{- toYaml .Values.globalAnnotations| nindent 4 }}
+  {{- end }}
   labels:
     {{- include "enterprise-kyverno.labels" . | nindent 4 }}
+    {{- if .Values.globalLabels }}
+    {{- toYaml .Values.globalLabels| nindent 4 }}
+    {{- end }}
     app: nirmata-kyverno-operator
 type: Opaque
 data:

diff --git a/charts/enterprise-kyverno-operator/templates/secret-for-webhook.yaml b/charts/enterprise-kyverno-operator/templates/secret-for-webhook.yaml
@@ -5,8 +5,15 @@ apiVersion: v1
 kind: Secret
 metadata:
   name: webhook-server-cert
+  {{- if .Values.globalAnnotations }}
+  annotations: 
+    {{- toYaml .Values.globalAnnotations| nindent 4 }}
+  {{- end }}
   labels:
     {{- include "enterprise-kyverno.labels" . | nindent 4 }}
+    {{- if .Values.globalLabels }}
+    {{- toYaml .Values.globalLabels| nindent 4 }}
+    {{- end }}
     "cert.security.nirmata.io/managed-by": "kyverno-operator"
     app: nirmata-kyverno-operator
 type: kubernetes.io/tls

diff --git a/charts/enterprise-kyverno-operator/templates/service.yaml b/charts/enterprise-kyverno-operator/templates/service.yaml
@@ -4,8 +4,19 @@ kind: Service
 metadata:
   name: {{ include "enterprise-kyverno.fullname" . }}
   namespace: {{ template "enterprise-kyverno.namespace" . }}
+  {{- if .Values.globalAnnotations }}
+  annotations: 
+    {{- toYaml .Values.globalAnnotations| nindent 4 }}
+  {{- end }}
   labels:
     {{- include "enterprise-kyverno.labels" . | nindent 4 }}
+    {{- if .Values.globalLabels }}
+    {{- toYaml .Values.globalLabels| nindent 4 }}
+    {{- end }}
+  {{- if .Values.globalAnnotations }}
+  annotations: 
+    {{- toYaml .Values.globalAnnotations| nindent 4 }}
+  {{- end }}
 spec:
   ports:
   - port: 443

diff --git a/charts/enterprise-kyverno-operator/templates/serviceaccount.yaml b/charts/enterprise-kyverno-operator/templates/serviceaccount.yaml
@@ -4,4 +4,12 @@ kind: ServiceAccount
 metadata:
   name: {{ template "enterprise-kyverno.rbac.serviceAccountName" . }}
   namespace: {{ template "enterprise-kyverno.namespace" . }}
+  {{- if .Values.globalAnnotations }}
+  annotations: 
+    {{- toYaml .Values.globalAnnotations| nindent 4 }}
+  {{- end }}
+  labels:
+    {{- if .Values.globalLabels }}
+    {{- toYaml .Values.globalLabels| nindent 4 }}
+    {{- end }}
 {{- end }}
diff --git a/charts/enterprise-kyverno-operator/templates/webhook.yaml b/charts/enterprise-kyverno-operator/templates/webhook.yaml
@@ -7,13 +7,20 @@ metadata:
     cert-manager.io/inject-ca-from: {{ template "enterprise-kyverno.namespace" . }}/kyverno-operator-serving-cert
   {{- end}}
   labels:
+    {{- if .Values.globalLabels }}
+    {{- toYaml .Values.globalLabels| nindent 4 }}
+    {{- end }}
     app.kubernetes.io/component: webhook
     app.kubernetes.io/created-by: kyverno-operator
     app.kubernetes.io/instance: validating-webhook-configuration
     app.kubernetes.io/managed-by: kustomize
     app.kubernetes.io/name: validatingwebhookconfiguration
     app.kubernetes.io/part-of: kyverno-operator
   name: kyverno-operator-validating-webhook-configuration
+  {{- if .Values.globalAnnotations }}
+  annotations: 
+    {{- toYaml .Values.globalAnnotations| nindent 4 }}
+  {{- end }}
 webhooks:
 - admissionReviewVersions:
   - v1

diff --git a/charts/nirmata/Chart.yaml b/charts/nirmata/Chart.yaml
@@ -1,8 +1,10 @@
 apiVersion: v2
 type: application
 name: kyverno
-version: 3.0.19
+
+version: 3.0.20-pre1
 appVersion: v1.10.7-n4k.nirmata.4
+
 icon: https://github.com/kyverno/kyverno/raw/main/img/logo.png
 description: Kubernetes Native Policy Management
 keywords:

diff --git a/charts/nirmata/templates/_helpers/_labels.tpl b/charts/nirmata/templates/_helpers/_labels.tpl
@@ -10,6 +10,16 @@
 {{- end -}}
 {{- end -}}
 
+{{- define "kyverno.annotations.merge" -}}
+{{- $annotations := dict -}}
+{{- range . -}}
+  {{- $annotations = merge $annotations (fromYaml .) -}}
+{{- end -}}
+{{- with $annotations -}}
+  {{- toYaml $annotations -}}
+{{- end -}}
+{{- end -}}
+
 {{- define "kyverno.labels.helm" -}}
 {{- if not .Values.templating.enabled -}}
 helm.sh/chart: {{ template "kyverno.chart" . }}
@@ -29,6 +39,14 @@ app.kubernetes.io/version: {{ template "kyverno.chartVersion" . }}
 ) -}}
 {{- end -}}
 
+{{- define "kyverno.annotations.common" -}}
+{{- if .Values.customAnnotations }}
+  {{- template "kyverno.annotations.merge" (list
+    (toYaml .Values.customAnnotations)
+  ) -}}
+  {{- end }}
+{{- end -}}
+
 {{- define "kyverno.matchLabels.common" -}}
 app.kubernetes.io/part-of: {{ template "kyverno.fullname" . }}
 app.kubernetes.io/instance: {{ .Release.Name }}

diff --git a/charts/nirmata/templates/admission-controller/_helpers.tpl b/charts/nirmata/templates/admission-controller/_helpers.tpl
@@ -1,5 +1,15 @@
 {{/* vim: set filetype=mustache: */}}
 
+{{- define "kyverno.annotations.merge" -}}
+{{- $annotations := dict -}}
+{{- range . -}}
+  {{- $annotations = merge $annotations (fromYaml .) -}}
+{{- end -}}
+{{- with $annotations -}}
+  {{- toYaml $annotations -}}
+{{- end -}}
+{{- end -}}
+
 {{- define "kyverno.admission-controller.name" -}}
 {{ template "kyverno.name" . }}-admission-controller
 {{- end -}}
@@ -33,3 +43,17 @@
 {{- define "kyverno.admission-controller.serviceName" -}}
 {{- printf "%s-svc" (include "kyverno.fullname" .) | trunc 63 | trimSuffix "-" -}}
 {{- end -}}
+
+{{- define "kyverno.admission-controller.serviceAnnotations" -}}
+  {{- template "kyverno.annotations.merge" (list
+    (toYaml .Values.customAnnotations)
+    (toYaml .Values.admissionController.service.annotations)
+  ) -}}
+{{- end -}}
+
+{{- define "kyverno.admission-controller.serviceAccountAnnotations" -}}
+  {{- template "kyverno.annotations.merge" (list
+    (toYaml .Values.customAnnotations)
+    (toYaml .Values.admissionController.rbac.serviceAccount.annotations)
+  ) -}}
+{{- end -}}
diff --git a/charts/nirmata/templates/admission-controller/clusterrole.yaml b/charts/nirmata/templates/admission-controller/clusterrole.yaml
@@ -5,6 +5,11 @@ metadata:
   name: {{ template "kyverno.admission-controller.roleName" . }}
   labels:
     {{- include "kyverno.admission-controller.labels" . | nindent 4 }}
+{{- $commonAnnotations := include "kyverno.annotations.common" . | nindent 4 }}
+{{- if $commonAnnotations }}
+  annotations:
+{{ $commonAnnotations }}
+{{- end }}
 aggregationRule:
   clusterRoleSelectors:
     - matchLabels:

diff --git a/charts/nirmata/templates/admission-controller/clusterrolebinding.yaml b/charts/nirmata/templates/admission-controller/clusterrolebinding.yaml
@@ -5,6 +5,11 @@ metadata:
   name: {{ template "kyverno.admission-controller.roleName" . }}
   labels:
     {{- include "kyverno.admission-controller.labels" . | nindent 4 }}
+{{- $commonAnnotations := include "kyverno.annotations.common" . | nindent 4 }}
+{{- if $commonAnnotations }}
+  annotations:
+{{ $commonAnnotations }}
+{{- end }}
 roleRef:
   apiGroup: rbac.authorization.k8s.io
   kind: ClusterRole

diff --git a/charts/nirmata/templates/admission-controller/deployment.yaml b/charts/nirmata/templates/admission-controller/deployment.yaml
@@ -6,6 +6,11 @@ metadata:
   namespace: {{ template "kyverno.namespace" . }}
   labels:
     {{- include "kyverno.admission-controller.labels" . | nindent 4 }}
+{{- $commonAnnotations := include "kyverno.annotations.common" . | nindent 4 }}
+{{- if $commonAnnotations }}
+  annotations:
+{{ $commonAnnotations }}
+{{- end }}
 spec:
   replicas: {{ template "kyverno.deployment.replicas" .Values.admissionController.replicas }}
   {{- with .Values.admissionController.updateStrategy }}