Helm: Support affinity for kubeclarity / sbom / grype (#473)

* feat(helm): Support affinity for kubeclarity / sbom / grype * feat(helm): Add global nodeSelector, affinity values * helm: Linting
openclarity · Sep 12, 2023 · 3584747 · 3584747
1 parent da64782
commit 3584747
Show file tree

Hide file tree

Showing 5 changed files with 67 additions and 4 deletions.
diff --git a/charts/kubeclarity/templates/deployment.yaml b/charts/kubeclarity/templates/deployment.yaml
@@ -16,6 +16,8 @@
   {{- $dbUser = index .Values "kubeclarity-postgresql-external" "auth" "username" -}}
   {{- $dbName = index .Values "kubeclarity-postgresql-external" "auth" "database" -}}
 {{ end }}
+{{- $affinity := (coalesce .Values.kubeclarity.affinity .Values.global.affinity) -}}
+{{- $nodeSelector := (coalesce .Values.kubeclarity.nodeSelector .Values.global.nodeSelector) -}}
 apiVersion: apps/v1
 kind: Deployment
 metadata:
@@ -37,6 +39,12 @@ spec:
       {{- end }}
     spec:
       serviceAccountName: {{ include "kubeclarity.name" . }}
+      {{- if $affinity }}
+      affinity: {{- toYaml $affinity | nindent 8 }}
+      {{- end }}
+      {{- if $nodeSelector }}
+      nodeSelector: {{- toYaml $nodeSelector | nindent 8 }}
+      {{- end }}
       initContainers:
         - name: '{{ include "kubeclarity.name" . }}-wait-for-pg-db'
           image: {{ index .Values "kubeclarity-postgresql" "image" "registry" }}/{{ index .Values "kubeclarity-postgresql" "image" "repository" }}:{{ index .Values "kubeclarity-postgresql" "image" "tag" }}

diff --git a/charts/kubeclarity/templates/grype_server/deployment.yaml b/charts/kubeclarity/templates/grype_server/deployment.yaml
@@ -1,4 +1,6 @@
 {{- if index .Values "kubeclarity-grype-server" "enabled" }}
+{{- $affinity := (coalesce (index .Values "kubeclarity-grype-server" "affinity") .Values.global.affinity) -}}
+{{- $nodeSelector := (coalesce (index .Values "kubeclarity-grype-server" "nodeSelector") .Values.global.nodeSelector) -}}
 apiVersion: apps/v1
 kind: Deployment
 metadata:
@@ -24,6 +26,12 @@ spec:
       securityContext:
         fsGroup: 1000
       {{- end }}
+      {{- if $affinity }}
+      affinity: {{- toYaml $affinity | nindent 8 }}
+      {{- end }}
+      {{- if $nodeSelector }}
+      nodeSelector: {{- toYaml $nodeSelector | nindent 8 }}
+      {{- end }}
       containers:
         - name: grype-server
           image: '{{ index .Values "kubeclarity-grype-server" "docker" "imageRepo" }}/grype-server:{{ index .Values "kubeclarity-grype-server" "docker" "imageTag" }}'

diff --git a/charts/kubeclarity/templates/sbom_db/deployment.yaml b/charts/kubeclarity/templates/sbom_db/deployment.yaml
@@ -1,3 +1,5 @@
+{{- $affinity := (coalesce (index .Values "kubeclarity-sbom-db" "affinity") .Values.global.affinity) -}}
+{{- $nodeSelector := (coalesce (index .Values "kubeclarity-sbom-db" "nodeSelector") .Values.global.nodeSelector) -}}
 apiVersion: apps/v1
 kind: Deployment
 metadata:
@@ -23,6 +25,12 @@ spec:
       securityContext:
         fsGroup: 1000
       {{- end }}
+      {{- if $affinity }}
+      affinity: {{- toYaml $affinity | nindent 8 }}
+      {{- end }}
+      {{- if $nodeSelector }}
+      nodeSelector: {{- toYaml $nodeSelector | nindent 8 }}
+      {{- end }}
       containers:
         - name: sbom-db
           {{- if index .Values "kubeclarity-sbom-db" "docker" "imageName" }}

diff --git a/charts/kubeclarity/templates/scanner-template-configmap.yaml b/charts/kubeclarity/templates/scanner-template-configmap.yaml
@@ -5,6 +5,8 @@
 {{- if index .Values "kubeclarity-trivy-server" "enabled" -}}
 {{- $noproxy = append $noproxy (print ((index .Values "kubeclarity-trivy-server" "service" "name") | default (include "trivy.fullname" (index .Subcharts "kubeclarity-trivy-server"))) "." .Release.Namespace ":" (index .Values "kubeclarity-trivy-server" "service" "port")) -}}
 {{- end -}}
+{{- $affinity := (coalesce (index .Values "kubeclarity-runtime-scan" "affinity") .Values.global.affinity) -}}
+{{- $nodeSelector := (coalesce (index .Values "kubeclarity-runtime-scan" "nodeSelector") .Values.global.nodeSelector) -}}
 apiVersion: v1
 kind: ConfigMap
 metadata:
@@ -32,10 +34,12 @@ data:
           tolerations:
 {{- toYaml (index .Values "kubeclarity-runtime-scan" "tolerations") | nindent 12 }}
 {{- end}}
-{{- if (index .Values "kubeclarity-runtime-scan" "nodeSelector") }}
-          nodeSelector:
-{{- toYaml (index .Values "kubeclarity-runtime-scan" "nodeSelector") | nindent 12 }}
-{{- end}}
+          {{- if $affinity }}
+          affinity: {{- toYaml $affinity | nindent 12 }}
+          {{- end }}
+          {{- if $nodeSelector }}
+          nodeSelector: {{- toYaml $nodeSelector | nindent 12 }}
+          {{- end }}
           restartPolicy: Never
           volumes:
           - name: tmp-volume

diff --git a/charts/kubeclarity/values.yaml b/charts/kubeclarity/values.yaml
@@ -19,6 +19,13 @@ global:
   ## NOTE: You also need to set the PostgreSQL section correctly if using the OpenShift restricted SCC
   openShiftRestricted: false
 
+  ## Affinity
+  ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
+  # affinity: {}
+  nodeSelector:
+    kubernetes.io/os: linux
+    kubernetes.io/arch: amd64
+
 ## End of Global Values
 #######################################################################################
 
@@ -107,6 +114,14 @@ kubeclarity:
         memory: "200Mi"
         cpu: "200m"
 
+  ## Overrides global.affinity
+  ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
+  # affinity: {}
+
+  ## Overrides global.nodeSelector
+  # nodeSelector:
+  #   key1: value1
+
 ## End of KubeClarity Values
 #######################################################################################
 
@@ -144,6 +159,10 @@ kubeclarity-runtime-scan:
   # nodeSelector:
   #   key1: value1
 
+  ## Scanner pods Affinity
+  ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
+  # affinity: {}
+
   registry:
     skipVerifyTlS: "false"
     useHTTP: "false"
@@ -261,6 +280,14 @@ kubeclarity-grype-server:
       cpu: "1000m"
       memory: "1G"
 
+  ## Overrides global.affinity
+  ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
+  # affinity: {}
+
+  ## Overrides global.nodeSelector
+  # nodeSelector:
+  #   key1: value1
+
 ## End of KubeClarity Grype Server Values
 #######################################################################################
 
@@ -331,6 +358,14 @@ kubeclarity-sbom-db:
       memory: "1Gi"
       cpu: "200m"
 
+  ## Overrides global.affinity
+  ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
+  # affinity: {}
+
+  ## Overrides global.nodeSelector
+  # nodeSelector:
+  #   key1: value1
+
 ## End of KubeClarity SBOM DB Values
 #######################################################################################