Skip to content

Commit b9665a0

Browse files
arturshadnikarturshadnik
authored
✨ helm values hardening; user-configured env; optional v1alpha1 disable (#71)
* feat: helm values hardening; user-configured env; optional v1alpha1 disable Signed-off-by: Artur Shad Nik <[email protected]> * fix: include legacy crd in env test assets Signed-off-by: Artur Shad Nik <[email protected]> * chore: words Signed-off-by: Artur Shad Nik <[email protected]> * docs: document pod security context values Signed-off-by: Artur Shad Nik <[email protected]> --------- Signed-off-by: Artur Shad Nik <[email protected]>
1 parent ed8ffbb commit b9665a0

File tree

15 files changed

+2839
-20
lines changed

15 files changed

+2839
-20
lines changed

fleetconfig-controller/Makefile

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -85,6 +85,7 @@ helm-doc-gen: helmdoc ## Generate helm chart README.md
8585
.PHONY: manifests
8686
manifests: controller-gen ## Generate CustomResourceDefinition and WebhookConfiguration objects.
8787
$(CONTROLLER_GEN) webhook crd paths="./..." output:crd:artifacts:config=charts/fleetconfig-controller/crds
88+
./hack/format_legacy_crds.sh
8889
./hack/install_crds.sh
8990

9091
##@ Testing Targets

fleetconfig-controller/api/v1alpha1/webhook_suite_test.go

Lines changed: 4 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -79,7 +79,10 @@ var _ = BeforeSuite(func() {
7979

8080
By("bootstrapping test environment")
8181
testEnv = &envtest.Environment{
82-
CRDDirectoryPaths: []string{filepath.Join(root, "charts", "fleetconfig-controller", "crds")},
82+
CRDDirectoryPaths: []string{
83+
filepath.Join(root, "charts", "fleetconfig-controller", "crds"),
84+
filepath.Join(root, "config", "crds"),
85+
},
8386
ErrorIfCRDPathMissing: false,
8487
WebhookInstallOptions: envtest.WebhookInstallOptions{
8588
Paths: []string{filepath.Join("..", "..", "config", "webhook")},

fleetconfig-controller/charts/fleetconfig-controller/README.md

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -155,6 +155,7 @@ Resource specifications for all klusterlet-managed containers.
155155
| --------------------------------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -------------------------------------------------------- |
156156
| `spokeConcurrentReconciles` | Maximum number of Spoke resources that will be reconciled at the same time. | `5` |
157157
| `addonMode` | Whether to run fleetconfig-controller in addon mode. Addon mode allows for decentralized day 2 management of spoke clusters. Not supported when kubernetesProvider is EKS. | `true` |
158+
| `enableLegacyControllers` | Whether to enable the legacy FleetConfig resource controller. | `false` |
158159
| `kubernetesProvider` | Kubernetes provider of the cluster that fleetconfig-controller will be installed on. Valid values are "Generic", "EKS", "GKE-Ingress". | `Generic` |
159160
| `replicas` | fleetconfig-controller replica count | `1` |
160161
| `imageRegistry` | Image registry | `""` |
@@ -163,9 +164,11 @@ Resource specifications for all klusterlet-managed containers.
163164
| `image.pullPolicy` | Image pull policy | `IfNotPresent` |
164165
| `imagePullSecrets` | Image pull secrets | `[]` |
165166
| `serviceAccount.annotations` | Annotations to add to the service account | `{}` |
167+
| `podSecurityContext.seccompProfile.type` | seccomp profile to use for the fleetconfig-controller manager and agent pods. | `RuntimeDefault` |
166168
| `containerSecurityContext.allowPrivilegeEscalation` | allowPrivilegeEscalation | `false` |
167169
| `containerSecurityContext.capabilities.drop` | capabilities to drop | `["ALL"]` |
168170
| `containerSecurityContext.runAsNonRoot` | runAsNonRoot | `true` |
171+
| `env` | Additional environment variables to pass to the fleetconfig-controller pod. | `[]` |
169172
| `resources.limits.cpu` | fleetconfig controller's cpu limit | `500m` |
170173
| `resources.limits.memory` | fleetconfig controller's memory limit | `512Mi` |
171174
| `resources.requests.cpu` | fleetconfig controller's cpu request | `200m` |

0 commit comments

Comments
 (0)