From 85a11f7d97c2f8eba76a5a339d0501706fe6cc43 Mon Sep 17 00:00:00 2001 From: michaelhtm <98621731+michaelhtm@users.noreply.github.com> Date: Wed, 14 May 2025 13:30:16 -0700 Subject: [PATCH 1/2] feat: Make helm chart names dynamic extra changes: add labels to roles/rolebindings --- templates/helm/templates/caches-role-binding.yaml.tpl | 8 ++++---- templates/helm/templates/caches-role.yaml.tpl | 4 ++-- templates/helm/templates/cluster-role-binding.yaml.tpl | 8 ++++---- templates/helm/templates/cluster-role-controller.yaml.tpl | 5 +++-- .../helm/templates/leader-election-role-binding.yaml.tpl | 4 ++-- templates/helm/templates/leader-election-role.yaml.tpl | 2 +- templates/helm/templates/role-reader.yaml.tpl | 2 +- templates/helm/templates/role-writer.yaml.tpl | 2 +- 8 files changed, 18 insertions(+), 17 deletions(-) diff --git a/templates/helm/templates/caches-role-binding.yaml.tpl b/templates/helm/templates/caches-role-binding.yaml.tpl index 57b753f7..50a8d19e 100644 --- a/templates/helm/templates/caches-role-binding.yaml.tpl +++ b/templates/helm/templates/caches-role-binding.yaml.tpl @@ -1,11 +1,11 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: - name: ack-namespaces-cache-{{ .ControllerName }}-controller + name: {{ IncludeTemplate "app.fullname" }} roleRef: kind: ClusterRole apiGroup: rbac.authorization.k8s.io - name: ack-namespaces-cache-{{ .ControllerName }}-controller + name: {{ IncludeTemplate "app.fullname" }} subjects: - kind: ServiceAccount name: {{ IncludeTemplate "service-account.name" }} @@ -14,12 +14,12 @@ subjects: apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: - name: ack-configmaps-cache-{{ .ControllerName }}-controller + name: {{ IncludeTemplate "app.fullname" }} namespace: {{ "{{ .Release.Namespace }}" }} roleRef: kind: Role apiGroup: rbac.authorization.k8s.io - name: ack-configmaps-cache-{{ .ControllerName }}-controller + name: {{ IncludeTemplate "app.fullname" }} subjects: - kind: ServiceAccount name: {{ IncludeTemplate "service-account.name" }} diff --git a/templates/helm/templates/caches-role.yaml.tpl b/templates/helm/templates/caches-role.yaml.tpl index 9451709b..3addf119 100644 --- a/templates/helm/templates/caches-role.yaml.tpl +++ b/templates/helm/templates/caches-role.yaml.tpl @@ -1,7 +1,7 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: - name: ack-namespaces-cache-{{ .ControllerName }}-controller + name: {{ IncludeTemplate "app.fullname" }}-clusterrole rules: - apiGroups: - "" @@ -15,7 +15,7 @@ rules: apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: - name: ack-configmaps-cache-{{ .ControllerName }}-controller + name: {{ IncludeTemplate "app.fullname" }}-role namespace: {{ "{{ .Release.Namespace }}" }} rules: - apiGroups: diff --git a/templates/helm/templates/cluster-role-binding.yaml.tpl b/templates/helm/templates/cluster-role-binding.yaml.tpl index 78e50682..fbf2150e 100644 --- a/templates/helm/templates/cluster-role-binding.yaml.tpl +++ b/templates/helm/templates/cluster-role-binding.yaml.tpl @@ -2,11 +2,11 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: - name: {{ IncludeTemplate "app.fullname" }} + name: {{ IncludeTemplate "app.fullname" }}-rolebinding roleRef: kind: ClusterRole apiGroup: rbac.authorization.k8s.io - name: ack-{{ .ControllerName }}-controller + name: {{ IncludeTemplate "app.fullname" }} subjects: - kind: ServiceAccount name: {{ IncludeTemplate "service-account.name" }} @@ -22,12 +22,12 @@ subjects: apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: - name: {{ "{{ $fullname }}" }} + name: {{ "{{ $fullname }}" }}-{{ "{{ . }}" }} namespace: {{ "{{ . }}" }} roleRef: kind: Role apiGroup: rbac.authorization.k8s.io - name: ack-{{ .ControllerName }}-controller + name: {{ "{{ $fullname }}" }}-{{ "{{ . }}" }} subjects: - kind: ServiceAccount name: {{ "{{ $serviceAccountName }}" }} diff --git a/templates/helm/templates/cluster-role-controller.yaml.tpl b/templates/helm/templates/cluster-role-controller.yaml.tpl index 378b284f..01461c38 100644 --- a/templates/helm/templates/cluster-role-controller.yaml.tpl +++ b/templates/helm/templates/cluster-role-controller.yaml.tpl @@ -1,10 +1,11 @@ {{ "{{ $labels := .Values.role.labels }}" }} {{ VarIncludeTemplate "rbacRules" "rbac-rules" }} +{{ VarIncludeTemplate "fullname" "app.fullname" }} {{ "{{ if eq .Values.installScope \"cluster\" }}" }} apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: - name: ack-{{ .ControllerName }}-controller + name: {{ IncludeTemplate "app.fullname" }} labels: {{ "{{- range $key, $value := $labels }}" }} {{ "{{ $key }}: {{ $value | quote }}" }} @@ -18,7 +19,7 @@ metadata: apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: - name: ack-{{ .ControllerName }}-controller + name: {{ "{{ $fullname }}" }}-{{ "{{ . }}" }} namespace: {{ "{{ . }}" }} labels: {{ "{{- range $key, $value := $labels }}" }} diff --git a/templates/helm/templates/leader-election-role-binding.yaml.tpl b/templates/helm/templates/leader-election-role-binding.yaml.tpl index 005c1820..958fd34f 100644 --- a/templates/helm/templates/leader-election-role-binding.yaml.tpl +++ b/templates/helm/templates/leader-election-role-binding.yaml.tpl @@ -2,7 +2,7 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: - name: {{.ControllerName}}-leader-election-rolebinding + name: {{ IncludeTemplate "app.fullname" }}-leaderelection {{ "{{ if .Values.leaderElection.namespace }}" }} namespace: {{ "{{ .Values.leaderElection.namespace }}" }} {{ "{{ else }}" }} @@ -11,7 +11,7 @@ metadata: roleRef: apiGroup: rbac.authorization.k8s.io kind: Role - name: {{.ControllerName}}-leader-election-role + name: {{ IncludeTemplate "app.fullname" }}-leaderelection subjects: - kind: ServiceAccount name: {{ IncludeTemplate "service-account.name" }} diff --git a/templates/helm/templates/leader-election-role.yaml.tpl b/templates/helm/templates/leader-election-role.yaml.tpl index a21a5277..5d0cb01a 100644 --- a/templates/helm/templates/leader-election-role.yaml.tpl +++ b/templates/helm/templates/leader-election-role.yaml.tpl @@ -2,7 +2,7 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: - name: {{.ControllerName}}-leader-election-role + name: {{ IncludeTemplate "app.fullname" }}-leaderelection {{ "{{ if .Values.leaderElection.namespace }}" }} namespace: {{ "{{ .Values.leaderElection.namespace }}" }} {{ "{{ else }}" }} diff --git a/templates/helm/templates/role-reader.yaml.tpl b/templates/helm/templates/role-reader.yaml.tpl index 39b369f3..8ceb9777 100644 --- a/templates/helm/templates/role-reader.yaml.tpl +++ b/templates/helm/templates/role-reader.yaml.tpl @@ -3,7 +3,7 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: creationTimestamp: null - name: ack-{{ .ControllerName }}-reader + name: {{ IncludeTemplate "app.fullname" }}-reader namespace: {{ "{{ .Release.Namespace }}" }} rules: - apiGroups: diff --git a/templates/helm/templates/role-writer.yaml.tpl b/templates/helm/templates/role-writer.yaml.tpl index 6745ada7..6db6855d 100644 --- a/templates/helm/templates/role-writer.yaml.tpl +++ b/templates/helm/templates/role-writer.yaml.tpl @@ -3,7 +3,7 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: creationTimestamp: null - name: ack-{{ .ControllerName }}-writer + name: {{ IncludeTemplate "app.fullname" }}-writer namespace: {{ "{{ .Release.Namespace }}" }} rules: - apiGroups: From c8e6b7d949d4851543fba1f243c0e2e1e8ec9d61 Mon Sep 17 00:00:00 2001 From: michaelhtm <98621731+michaelhtm@users.noreply.github.com> Date: Thu, 29 May 2025 12:37:40 -0700 Subject: [PATCH 2/2] add labels to helm resources --- .../templates/caches-role-binding.yaml.tpl | 22 +++++++++++++++---- templates/helm/templates/caches-role.yaml.tpl | 18 +++++++++++++-- .../templates/cluster-role-binding.yaml.tpl | 16 ++++++++++++++ .../cluster-role-controller.yaml.tpl | 14 ++++++++++++ .../leader-election-role-binding.yaml.tpl | 7 ++++++ .../templates/leader-election-role.yaml.tpl | 7 ++++++ templates/helm/templates/role-reader.yaml.tpl | 7 ++++++ templates/helm/templates/role-writer.yaml.tpl | 7 ++++++ 8 files changed, 92 insertions(+), 6 deletions(-) diff --git a/templates/helm/templates/caches-role-binding.yaml.tpl b/templates/helm/templates/caches-role-binding.yaml.tpl index 50a8d19e..1e0e5ec3 100644 --- a/templates/helm/templates/caches-role-binding.yaml.tpl +++ b/templates/helm/templates/caches-role-binding.yaml.tpl @@ -1,11 +1,18 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: - name: {{ IncludeTemplate "app.fullname" }} + name: {{ IncludeTemplate "app.fullname" }}-namespace-caches + labels: + app.kubernetes.io/name: {{ IncludeTemplate "app.name" }} + app.kubernetes.io/instance: {{ "{{ .Release.Name }}" }} + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/version: {{ "{{ .Chart.AppVersion | quote }}" }} + k8s-app: {{ IncludeTemplate "app.name" }} + helm.sh/chart: {{ IncludeTemplate "chart.name-version" }} roleRef: kind: ClusterRole apiGroup: rbac.authorization.k8s.io - name: {{ IncludeTemplate "app.fullname" }} + name: {{ IncludeTemplate "app.fullname" }}-namespace-caches subjects: - kind: ServiceAccount name: {{ IncludeTemplate "service-account.name" }} @@ -14,12 +21,19 @@ subjects: apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: - name: {{ IncludeTemplate "app.fullname" }} + name: {{ IncludeTemplate "app.fullname" }}-configmaps-cache namespace: {{ "{{ .Release.Namespace }}" }} + labels: + app.kubernetes.io/name: {{ IncludeTemplate "app.name" }} + app.kubernetes.io/instance: {{ "{{ .Release.Name }}" }} + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/version: {{ "{{ .Chart.AppVersion | quote }}" }} + k8s-app: {{ IncludeTemplate "app.name" }} + helm.sh/chart: {{ IncludeTemplate "chart.name-version" }} roleRef: kind: Role apiGroup: rbac.authorization.k8s.io - name: {{ IncludeTemplate "app.fullname" }} + name: {{ IncludeTemplate "app.fullname" }}-configmaps-cache subjects: - kind: ServiceAccount name: {{ IncludeTemplate "service-account.name" }} diff --git a/templates/helm/templates/caches-role.yaml.tpl b/templates/helm/templates/caches-role.yaml.tpl index 3addf119..49dbe8a4 100644 --- a/templates/helm/templates/caches-role.yaml.tpl +++ b/templates/helm/templates/caches-role.yaml.tpl @@ -1,7 +1,14 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: - name: {{ IncludeTemplate "app.fullname" }}-clusterrole + name: {{ IncludeTemplate "app.fullname" }}-namespaces-cache + labels: + app.kubernetes.io/name: {{ IncludeTemplate "app.name" }} + app.kubernetes.io/instance: {{ "{{ .Release.Name }}" }} + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/version: {{ "{{ .Chart.AppVersion | quote }}" }} + k8s-app: {{ IncludeTemplate "app.name" }} + helm.sh/chart: {{ IncludeTemplate "chart.name-version" }} rules: - apiGroups: - "" @@ -15,8 +22,15 @@ rules: apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: - name: {{ IncludeTemplate "app.fullname" }}-role + name: {{ IncludeTemplate "app.fullname" }}-configmaps-cache namespace: {{ "{{ .Release.Namespace }}" }} + labels: + app.kubernetes.io/name: {{ IncludeTemplate "app.name" }} + app.kubernetes.io/instance: {{ "{{ .Release.Name }}" }} + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/version: {{ "{{ .Chart.AppVersion | quote }}" }} + k8s-app: {{ IncludeTemplate "app.name" }} + helm.sh/chart: {{ IncludeTemplate "chart.name-version" }} rules: - apiGroups: - "" diff --git a/templates/helm/templates/cluster-role-binding.yaml.tpl b/templates/helm/templates/cluster-role-binding.yaml.tpl index fbf2150e..17b7d9b2 100644 --- a/templates/helm/templates/cluster-role-binding.yaml.tpl +++ b/templates/helm/templates/cluster-role-binding.yaml.tpl @@ -3,6 +3,13 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: name: {{ IncludeTemplate "app.fullname" }}-rolebinding + labels: + app.kubernetes.io/name: {{ IncludeTemplate "app.name" }} + app.kubernetes.io/instance: {{ "{{ .Release.Name }}" }} + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/version: {{ "{{ .Chart.AppVersion | quote }}" }} + k8s-app: {{ IncludeTemplate "app.name" }} + helm.sh/chart: {{ IncludeTemplate "chart.name-version" }} roleRef: kind: ClusterRole apiGroup: rbac.authorization.k8s.io @@ -17,6 +24,8 @@ subjects: {{ VarIncludeTemplate "fullname" "app.fullname" }} {{ "{{ $releaseNamespace := .Release.Namespace }}" }} {{ VarIncludeTemplate "serviceAccountName" "service-account.name" }} +{{ VarIncludeTemplate "chartVersion" "chart.name-version" }} +{{ "{{ $appVersion := .Chart.AppVersion | quote }}" }} {{ "{{ range $namespaces }}" }} --- apiVersion: rbac.authorization.k8s.io/v1 @@ -24,6 +33,13 @@ kind: RoleBinding metadata: name: {{ "{{ $fullname }}" }}-{{ "{{ . }}" }} namespace: {{ "{{ . }}" }} + labels: + app.kubernetes.io/name: {{ "{{ $fullname }}" }} + app.kubernetes.io/instance: {{ "{{ $.Release.Name }}" }} + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/version: {{ "{{ $appVersion }}" }} + k8s-app: {{ "{{ $fullname }}" }} + helm.sh/chart: {{ "{{ $chartVersion }}" }} roleRef: kind: Role apiGroup: rbac.authorization.k8s.io diff --git a/templates/helm/templates/cluster-role-controller.yaml.tpl b/templates/helm/templates/cluster-role-controller.yaml.tpl index 01461c38..bb0a9192 100644 --- a/templates/helm/templates/cluster-role-controller.yaml.tpl +++ b/templates/helm/templates/cluster-role-controller.yaml.tpl @@ -1,12 +1,20 @@ {{ "{{ $labels := .Values.role.labels }}" }} +{{ "{{ $appVersion := .Chart.AppVersion | quote }}" }} {{ VarIncludeTemplate "rbacRules" "rbac-rules" }} {{ VarIncludeTemplate "fullname" "app.fullname" }} +{{ VarIncludeTemplate "chartVersion" "chart.name-version" }} {{ "{{ if eq .Values.installScope \"cluster\" }}" }} apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: name: {{ IncludeTemplate "app.fullname" }} labels: + app.kubernetes.io/name: {{ IncludeTemplate "app.name" }} + app.kubernetes.io/instance: {{ "{{ .Release.Name }}" }} + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/version: {{ "{{ .Chart.AppVersion | quote }}" }} + k8s-app: {{ IncludeTemplate "app.name" }} + helm.sh/chart: {{ IncludeTemplate "chart.name-version" }} {{ "{{- range $key, $value := $labels }}" }} {{ "{{ $key }}: {{ $value | quote }}" }} {{ "{{- end }}" }} @@ -22,6 +30,12 @@ metadata: name: {{ "{{ $fullname }}" }}-{{ "{{ . }}" }} namespace: {{ "{{ . }}" }} labels: + app.kubernetes.io/name: {{ "{{ $fullname }}" }} + app.kubernetes.io/instance: {{ "{{ $.Release.Name }}" }} + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/version: {{ "{{ $appVersion }}" }} + k8s-app: {{ "{{ $fullname }}" }} + helm.sh/chart: {{ "{{ $chartVersion }}" }} {{ "{{- range $key, $value := $labels }}" }} {{ "{{ $key }}: {{ $value | quote }}" }} {{ "{{- end }}" }} diff --git a/templates/helm/templates/leader-election-role-binding.yaml.tpl b/templates/helm/templates/leader-election-role-binding.yaml.tpl index 958fd34f..15f40ec7 100644 --- a/templates/helm/templates/leader-election-role-binding.yaml.tpl +++ b/templates/helm/templates/leader-election-role-binding.yaml.tpl @@ -8,6 +8,13 @@ metadata: {{ "{{ else }}" }} namespace: {{ "{{ .Release.Namespace }}" }} {{ "{{ end }}" }} + labels: + app.kubernetes.io/name: {{ IncludeTemplate "app.name" }} + app.kubernetes.io/instance: {{ "{{ .Release.Name }}" }} + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/version: {{ "{{ .Chart.AppVersion | quote }}" }} + k8s-app: {{ IncludeTemplate "app.name" }} + helm.sh/chart: {{ IncludeTemplate "chart.name-version" }} roleRef: apiGroup: rbac.authorization.k8s.io kind: Role diff --git a/templates/helm/templates/leader-election-role.yaml.tpl b/templates/helm/templates/leader-election-role.yaml.tpl index 5d0cb01a..845f8d4a 100644 --- a/templates/helm/templates/leader-election-role.yaml.tpl +++ b/templates/helm/templates/leader-election-role.yaml.tpl @@ -8,6 +8,13 @@ metadata: {{ "{{ else }}" }} namespace: {{ "{{ .Release.Namespace }}" }} {{ "{{ end }}" }} + labels: + app.kubernetes.io/name: {{ IncludeTemplate "app.name" }} + app.kubernetes.io/instance: {{ "{{ .Release.Name }}" }} + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/version: {{ "{{ .Chart.AppVersion | quote }}" }} + k8s-app: {{ IncludeTemplate "app.name" }} + helm.sh/chart: {{ IncludeTemplate "chart.name-version" }} rules: - apiGroups: - coordination.k8s.io diff --git a/templates/helm/templates/role-reader.yaml.tpl b/templates/helm/templates/role-reader.yaml.tpl index 8ceb9777..b7de4568 100644 --- a/templates/helm/templates/role-reader.yaml.tpl +++ b/templates/helm/templates/role-reader.yaml.tpl @@ -5,6 +5,13 @@ metadata: creationTimestamp: null name: {{ IncludeTemplate "app.fullname" }}-reader namespace: {{ "{{ .Release.Namespace }}" }} + labels: + app.kubernetes.io/name: {{ IncludeTemplate "app.name" }} + app.kubernetes.io/instance: {{ "{{ .Release.Name }}" }} + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/version: {{ "{{ .Chart.AppVersion | quote }}" }} + k8s-app: {{ IncludeTemplate "app.name" }} + helm.sh/chart: {{ IncludeTemplate "chart.name-version" }} rules: - apiGroups: - {{ .APIGroup }} diff --git a/templates/helm/templates/role-writer.yaml.tpl b/templates/helm/templates/role-writer.yaml.tpl index 6db6855d..4eadf20a 100644 --- a/templates/helm/templates/role-writer.yaml.tpl +++ b/templates/helm/templates/role-writer.yaml.tpl @@ -5,6 +5,13 @@ metadata: creationTimestamp: null name: {{ IncludeTemplate "app.fullname" }}-writer namespace: {{ "{{ .Release.Namespace }}" }} + labels: + app.kubernetes.io/name: {{ IncludeTemplate "app.name" }} + app.kubernetes.io/instance: {{ "{{ .Release.Name }}" }} + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/version: {{ "{{ .Chart.AppVersion | quote }}" }} + k8s-app: {{ IncludeTemplate "app.name" }} + helm.sh/chart: {{ IncludeTemplate "chart.name-version" }} rules: - apiGroups: - {{ .APIGroup }}