diff --git a/step-issuer/README.md b/step-issuer/README.md index e320f79..ff0d721 100644 --- a/step-issuer/README.md +++ b/step-issuer/README.md @@ -50,10 +50,13 @@ and their default values. | `image.repository` | Repository of the Step Issuer image. | `cr.step.sm/smallstep/step-issuer` | | `image.tag` | Tag of the image. If empty it will use .Chart.appVersion. | `""` | | `image.pullPolicy` | Step Issuer image pull policy | `IfNotPresent` | +| `commonLabels` | Additional labels to be added to most deployed resources. | `{}` | | `deployment.args.enableLeaderElection` | Enable k8s controller leader election. | `true` | | `deployment.args.disableApprovalCheck` | To disable cert-manager approvals on old version of cert-manager. | `false` | | `deployment.strategy` | To change the deployment strategy. | `{}` | -| `deployment.priorityClassName` | Pod priority for the Kubernetes scheduler | `""` | +| `deployment.priorityClassName` | Pod priority for the Kubernetes scheduler. | `""` | +| `deployment.labels` | Additional labels for the deployment. To add labels to the pods, see `deployment.podLabels`. | `{}` | +| `deployment.podLabels` | Additional labels for the pods. | `{}` | | `stepIssuer.create` | If we should automatically create a StepIssuer | `false` | | `stepIssuer.caUrl` | Step Certificates CA URL. This is usually the step certificates service FQDN. | `""` | | `stepIssuer.caBundle` | Step Certificates root certificate in a single-line base64 string. | `""` | @@ -61,6 +64,7 @@ and their default values. | `stepIssuer.provisioner.kid` | Key id of the provisioner used for authorizing the sign of certificates. | `""` | | `stepIssuer.provisioner.passwordRef.name` | Name of the secret with the provisioner password. | `""` | | `stepIssuer.provisioner.passwordRef.key` | Key name in the the secret with the provisioner password. | `""` | +| `stepIssuer.labels` | Additional labels for the issuer. | `{}` | | `stepClusterIssuer.create` | If we should automatically create a StepClusterIssuer | `false` | | `stepClusterIssuer.caUrl` | Step Certificates CA URL. This is usually the step certificates service FQDN. | `""` | | `stepClusterIssuer.caBundle` | Step Certificates root certificate in a single-line base64 string. | `""` | @@ -69,3 +73,6 @@ and their default values. | `stepClusterIssuer.provisioner.passwordRef.name` | Name of the secret with the provisioner password. | `""` | | `stepClusterIssuer.provisioner.passwordRef.key` | Key name in the the secret with the provisioner password. | `""` | | `stepClusterIssuer.provisioner.passwordRef.namespace` | Namespace where the provisioner password secret resides. | `""` | +| `stepClusterIssuer.labels` | Additional labels for the cluster issuer. | `{}` | +| `service.labels` | Additional labels for the service. | `{}` | +| `serviceAccount.labels` | Additional labels for the service account. | `{}` | diff --git a/step-issuer/templates/_helpers.tpl b/step-issuer/templates/_helpers.tpl index 3492960..12138b7 100644 --- a/step-issuer/templates/_helpers.tpl +++ b/step-issuer/templates/_helpers.tpl @@ -41,6 +41,9 @@ helm.sh/chart: {{ include "step-issuer.chart" . }} app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} {{- end }} app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- with .Values.commonLabels }} +{{ toYaml . }} +{{- end }} {{- end -}} {{/* diff --git a/step-issuer/templates/deployment.yaml b/step-issuer/templates/deployment.yaml index 63be54d..2811b02 100644 --- a/step-issuer/templates/deployment.yaml +++ b/step-issuer/templates/deployment.yaml @@ -6,6 +6,9 @@ metadata: labels: control-plane: {{ .Values.service.controlPlane }} {{- include "step-issuer.labels" . | nindent 4 }} + {{- with .Values.deployment.labels }} + {{- toYaml . | nindent 4 }} + {{- end }} spec: {{- if .Values.deployment.strategy }} strategy: {{ toYaml .Values.deployment.strategy | nindent 4 }} @@ -20,6 +23,9 @@ spec: labels: control-plane: {{ .Values.service.controlPlane }} {{- include "step-issuer.labels" . | nindent 8 }} + {{- with .Values.deployment.podLabels }} + {{- toYaml . | nindent 8 }} + {{- end }} spec: {{- if $.Values.imagePullSecrets }} imagePullSecrets: diff --git a/step-issuer/templates/rbac/sa.yaml b/step-issuer/templates/rbac/sa.yaml index d6444b1..3b92544 100644 --- a/step-issuer/templates/rbac/sa.yaml +++ b/step-issuer/templates/rbac/sa.yaml @@ -5,8 +5,11 @@ metadata: name: {{ include "step-issuer.serviceAccountName" . }} labels: {{- include "step-issuer.labels" . | nindent 4 }} + {{- with .Values.serviceAccount.labels }} + {{- toYaml . | nindent 4 }} + {{- end }} {{- with .Values.serviceAccount.annotations }} annotations: {{- toYaml . | nindent 4 }} {{- end }} -{{- end }} \ No newline at end of file +{{- end }} diff --git a/step-issuer/templates/service.yaml b/step-issuer/templates/service.yaml index d001ff0..cb0bad7 100644 --- a/step-issuer/templates/service.yaml +++ b/step-issuer/templates/service.yaml @@ -10,6 +10,9 @@ metadata: labels: control-plane: {{ .Values.service.controlPlane }} {{- include "step-issuer.labels" . | nindent 4 }} + {{- with .Values.service.labels }} + {{- toYaml . | nindent 4 }} + {{- end }} spec: ports: - name: {{ .Values.service.targetPorts }} diff --git a/step-issuer/templates/stepclusterissuer.yaml b/step-issuer/templates/stepclusterissuer.yaml index 7615aeb..b53885c 100644 --- a/step-issuer/templates/stepclusterissuer.yaml +++ b/step-issuer/templates/stepclusterissuer.yaml @@ -3,6 +3,13 @@ apiVersion: certmanager.step.sm/v1beta1 kind: StepClusterIssuer metadata: name: "{{ template "step-issuer.fullname" . }}" + labels: + {{- with .Values.commonLabels }} + {{- toYaml . | nindent 4 }} + {{- end }} + {{- with .Values.stepClusterIssuer.labels }} + {{- toYaml . | nindent 4 }} + {{- end }} spec: # The CA URL. {{- if .Values.stepClusterIssuer.caUrl }} @@ -20,4 +27,4 @@ spec: name: {{ .Values.stepClusterIssuer.provisioner.passwordRef.name }} namespace: {{ .Values.stepClusterIssuer.provisioner.passwordRef.namespace }} key: {{ .Values.stepClusterIssuer.provisioner.passwordRef.key }} -{{- end }} \ No newline at end of file +{{- end }} diff --git a/step-issuer/templates/stepissuer.yml b/step-issuer/templates/stepissuer.yml index cbd24c7..daa58e6 100644 --- a/step-issuer/templates/stepissuer.yml +++ b/step-issuer/templates/stepissuer.yml @@ -4,6 +4,13 @@ kind: StepIssuer metadata: name: "{{ template "step-issuer.fullname" . }}" namespace: {{ .Release.Namespace }} + labels: + {{- with .Values.commonLabels }} + {{- toYaml . | nindent 4 }} + {{- end }} + {{- with .Values.stepIssuer.labels }} + {{- toYaml . | nindent 4 }} + {{- end }} spec: # The CA URL. {{- if .Values.stepIssuer.caUrl }} @@ -20,4 +27,4 @@ spec: passwordRef: name: {{ .Values.stepIssuer.provisioner.passwordRef.name }} key: {{ .Values.stepIssuer.provisioner.passwordRef.key }} -{{- end }} \ No newline at end of file +{{- end }} diff --git a/step-issuer/values.yaml b/step-issuer/values.yaml index 7740ae4..f0b5b1d 100644 --- a/step-issuer/values.yaml +++ b/step-issuer/values.yaml @@ -27,6 +27,9 @@ imagePullSecrets: [] nameOverride: "" fullnameOverride: "" +# Labels to be added to most objects deployed by this chart. +commonLabels: {} + deployment: # Configure arguments to pass to the step issuer args: @@ -36,6 +39,10 @@ deployment: # Strategy used for the deployment strategy: {} priorityClassName: "" + # Labels for the deployment, does not affect the deployment's pods. + labels: {} + # Labels for the pods. + podLabels: {} resources: limits: @@ -52,6 +59,7 @@ service: controlPlane: controller-manager scrape: true scrapePort: 8080 + labels: {} # Security Context for the pod podSecurityContext: {} @@ -72,6 +80,7 @@ serviceAccount: # The name of the service account to use. # If not set and create is true, a name is generated using the fullname template name: "" + labels: {} # mandatory values to generate stepIssuer resource # please follow the https://github.com/smallstep/step-issuer#getting-started to setup step-ca and get step-issuer values @@ -85,6 +94,7 @@ stepIssuer: passwordRef: name: "" key: "" + labels: {} # mandatory values to generate stepClusterIssuer resource # please follow the https://github.com/smallstep/step-issuer#getting-started to setup step-ca and get step-issuer values @@ -99,6 +109,7 @@ stepClusterIssuer: name: "" namespace: "" key: "" + labels: {} # For the cert-manager approver certManager: