From e50c090a6dd0aecac31746e65771cc7e98afc4b3 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Joakim=20Jars=C3=A4ter?= Date: Wed, 11 Feb 2026 11:29:06 +0100 Subject: [PATCH] feat(step-certificates): add custom labels support to service resource Add service.labels configuration option to allow users to add custom labels to the Kubernetes Service resource. This enables integration with service meshes, monitoring systems, and compliance tagging frameworks (NIS2, GDPR). Custom labels are merged with standard Helm labels and follow the existing pattern established by serviceaccount.labels. - Add service.labels configuration in values.yaml - Update Service template to render custom labels - Document feature in README with examples --- step-certificates/README.md | 24 ++++++++++++++++++++++++ step-certificates/templates/service.yaml | 3 +++ step-certificates/values.yaml | 8 ++++++++ 3 files changed, 35 insertions(+) diff --git a/step-certificates/README.md b/step-certificates/README.md index 58918e9..b72fb0d 100644 --- a/step-certificates/README.md +++ b/step-certificates/README.md @@ -276,6 +276,7 @@ chart and their default values. | `service.targetPort` | Internal port where Step CA runs | `9000` | | `service.annotations` | Service annotations (YAML) | `{}` | | `service.externalIPs` | Service externalIPs | `[]` | +| `service.labels` | Custom labels to add to the service resource (YAML) | `{}` | | `replicaCount` | Number of Step CA replicas. Only one replica is currently supported. | `1` | | `image.repository` | Repository of the Step CA image | `cr.step.sm/smallstep/step-ca` | | `image.initContainerRepository` | Repository of the Step CA Init Container image. | `busybox:latest` | @@ -350,6 +351,29 @@ helm install --set ca.dns="ca.example.com\,my-release-step-certificates.default. my-release smallstep/step-certificates ``` +### Service Customization + +You can add custom labels to the service resource for integration with service meshes, monitoring systems, or compliance requirements: + +```console +helm install step-certificates smallstep/step-certificates \ + --set service.labels.environment=production \ + --set service.labels.team=platform +``` + +Or using a values file: + +```yaml +service: + labels: + environment: production + team: platform + cost-center: engineering + compliance: nis2 +``` + +**Note**: Custom labels are merged with standard Helm labels. Avoid using reserved Kubernetes label prefixes like `app.kubernetes.io/`, `helm.sh/`, or `kubernetes.io/`. + Alternatively, a YAML file that specifies the values for the parameters can be provided while installing the chart. For example, diff --git a/step-certificates/templates/service.yaml b/step-certificates/templates/service.yaml index 4d29852..ab11643 100644 --- a/step-certificates/templates/service.yaml +++ b/step-certificates/templates/service.yaml @@ -5,6 +5,9 @@ metadata: namespace: {{ .Release.Namespace }} labels: {{- include "step-certificates.labels" . | nindent 4 }} + {{- with .Values.service.labels }} + {{- toYaml . | nindent 4 }} + {{- end }} {{- with .Values.service.annotations }} annotations: {{- toYaml . | nindent 4 }} diff --git a/step-certificates/values.yaml b/step-certificates/values.yaml index dde6b45..c6182c9 100644 --- a/step-certificates/values.yaml +++ b/step-certificates/values.yaml @@ -235,6 +235,14 @@ service: nodePort: "" annotations: {} externalIPs: [] + # labels is a map of custom labels to add to the service resource. + # These labels are merged with the standard Helm labels. + # Example: + # labels: + # environment: production + # team: platform + # cost-center: engineering + labels: {} # linkedca contains the token to configure step-ca using the linkedca mode. #