From 79dd94d3bead659167d438fd119b6fafe98078fc Mon Sep 17 00:00:00 2001 From: Guilherme Santos <157053549+gsantos-hc@users.noreply.github.com> Date: Tue, 2 Jul 2024 10:14:10 -0400 Subject: [PATCH] Enable custom annotations in Policy Controller pods Signed-off-by: Guilherme Santos <157053549+gsantos-hc@users.noreply.github.com> --- charts/policy-controller/Chart.yaml | 2 +- charts/policy-controller/README.md | 3 ++- .../templates/webhook/deployment_webhook.yaml | 4 ++++ charts/policy-controller/values.schema.json | 3 +++ charts/policy-controller/values.yaml | 1 + 5 files changed, 11 insertions(+), 2 deletions(-) diff --git a/charts/policy-controller/Chart.yaml b/charts/policy-controller/Chart.yaml index 58a96f79..905f212e 100644 --- a/charts/policy-controller/Chart.yaml +++ b/charts/policy-controller/Chart.yaml @@ -8,7 +8,7 @@ sources: type: application name: policy-controller -version: 0.6.9 +version: 0.7.0 appVersion: 0.8.2 maintainers: diff --git a/charts/policy-controller/README.md b/charts/policy-controller/README.md index c64cb857..a603ed62 100644 --- a/charts/policy-controller/README.md +++ b/charts/policy-controller/README.md @@ -2,7 +2,7 @@ -![Version: 0.6.9](https://img.shields.io/badge/Version-0.6.9-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.8.2](https://img.shields.io/badge/AppVersion-0.8.2-informational?style=flat-square) +![Version: 0.7.0](https://img.shields.io/badge/Version-0.7.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.8.2](https://img.shields.io/badge/AppVersion-0.8.2-informational?style=flat-square) The Helm chart for Policy Controller @@ -173,6 +173,7 @@ helm uninstall [RELEASE_NAME] | webhook.namespaceSelector.matchExpressions[0].key | string | `"policy.sigstore.dev/include"` | | | webhook.namespaceSelector.matchExpressions[0].operator | string | `"In"` | | | webhook.namespaceSelector.matchExpressions[0].values[0] | string | `"true"` | | +| webhook.podAnnotations | object | `{}` | | | webhook.podDisruptionBudget.enabled | bool | `true` | | | webhook.podDisruptionBudget.minAvailable | int | `1` | | | webhook.podSecurityContext.allowPrivilegeEscalation | bool | `false` | | diff --git a/charts/policy-controller/templates/webhook/deployment_webhook.yaml b/charts/policy-controller/templates/webhook/deployment_webhook.yaml index 54fd36d6..0474b7c1 100644 --- a/charts/policy-controller/templates/webhook/deployment_webhook.yaml +++ b/charts/policy-controller/templates/webhook/deployment_webhook.yaml @@ -14,6 +14,10 @@ spec: control-plane: {{ template "policy-controller.fullname" . }}-webhook template: metadata: + {{- with .Values.webhook.podAnnotations }} + annotations: + {{- toYaml . | nindent 8 }} + {{- end }} labels: control-plane: {{ template "policy-controller.fullname" . }}-webhook {{- include "policy-controller.labels" . | nindent 8 }} diff --git a/charts/policy-controller/values.schema.json b/charts/policy-controller/values.schema.json index f2e2faab..a6fc34ef 100644 --- a/charts/policy-controller/values.schema.json +++ b/charts/policy-controller/values.schema.json @@ -118,6 +118,9 @@ } } }, + "podAnnotations": { + "type": "object" + }, "podDisruptionBudget": { "type": "object", "properties": { diff --git a/charts/policy-controller/values.yaml b/charts/policy-controller/values.yaml index c9627e3a..6ee8023a 100644 --- a/charts/policy-controller/values.yaml +++ b/charts/policy-controller/values.yaml @@ -32,6 +32,7 @@ webhook: enabled: false runAsUser: 65532 failurePolicy: Fail + podAnnotations: {} podSecurityContext: enabled: true allowPrivilegeEscalation: false