From 739d86ff91084b0b7cce60c87110a95c0d161490 Mon Sep 17 00:00:00 2001
From: Brian Kopp <briankopp.usa@gmail.com>
Date: Fri, 18 Sep 2020 08:59:35 -0600
Subject: [PATCH] Add node selector, affinity, and tolerations to engine
 upgrade jobs (#66)

* Add config for tolerations, node selectors, and affinity to jobs

Signed-off-by: Brian Kopp <briankopp.usa@gmail.com>

* Increment chart version

Signed-off-by: Brian Kopp <briankopp.usa@gmail.com>

* Remove unnecessary newline

Signed-off-by: Brian Kopp <briankopp.usa@gmail.com>
---
 stable/anchore-engine/Chart.yaml               |  2 +-
 .../templates/engine_upgrade_job.yaml          | 14 +++++++++++++-
 .../enterprise_feeds_upgrade_job.yaml          | 12 ++++++++++++
 .../templates/enterprise_upgrade_job.yaml      | 12 ++++++++++++
 stable/anchore-engine/values.yaml              | 18 ++++++++++++++++++
 5 files changed, 56 insertions(+), 2 deletions(-)

diff --git a/stable/anchore-engine/Chart.yaml b/stable/anchore-engine/Chart.yaml
index 981b7d4a..49c99708 100644
--- a/stable/anchore-engine/Chart.yaml
+++ b/stable/anchore-engine/Chart.yaml
@@ -1,6 +1,6 @@
 apiVersion: v1
 name: anchore-engine
-version: 1.9.3
+version: 1.9.4
 appVersion: 0.8.1
 description: Anchore container analysis and policy evaluation engine service
 keywords:
diff --git a/stable/anchore-engine/templates/engine_upgrade_job.yaml b/stable/anchore-engine/templates/engine_upgrade_job.yaml
index 0d2ba591..98ec637f 100644
--- a/stable/anchore-engine/templates/engine_upgrade_job.yaml
+++ b/stable/anchore-engine/templates/engine_upgrade_job.yaml
@@ -73,4 +73,16 @@ spec:
       - name: certs
         secret:
           secretName: {{ . }}
-      {{- end }}
\ No newline at end of file
+      {{- end }}
+      {{- with .Values.anchoreEngineUpgradeJob.nodeSelector }}
+      nodeSelector:
+        {{ toYaml . | nindent 8 }}
+      {{- end }}
+      {{- with .Values.anchoreEngineUpgradeJob.affinity }}
+      affinity:
+        {{ toYaml . | nindent 8 }}
+      {{- end }}
+      {{- with .Values.anchoreEngineUpgradeJob.tolerations }}
+      tolerations:
+        {{ toYaml . | nindent 8 }}
+      {{- end }}
diff --git a/stable/anchore-engine/templates/enterprise_feeds_upgrade_job.yaml b/stable/anchore-engine/templates/enterprise_feeds_upgrade_job.yaml
index 2923e282..668c8a54 100644
--- a/stable/anchore-engine/templates/enterprise_feeds_upgrade_job.yaml
+++ b/stable/anchore-engine/templates/enterprise_feeds_upgrade_job.yaml
@@ -71,4 +71,16 @@ spec:
         secret:
           secretName: {{ . }}
       {{- end }}
+      {{- with .Values.anchoreEnterpriseFeedsUpgradeJob.nodeSelector }}
+      nodeSelector:
+        {{ toYaml . | nindent 8 }}
+      {{- end }}
+      {{- with .Values.anchoreEnterpriseFeedsUpgradeJob.affinity }}
+      affinity:
+        {{ toYaml . | nindent 8 }}
+      {{- end }}
+      {{- with .Values.anchoreEnterpriseFeedsUpgradeJob.tolerations }}
+      tolerations:
+        {{ toYaml . | nindent 8 }}
+      {{- end }}
 {{- end }}
diff --git a/stable/anchore-engine/templates/enterprise_upgrade_job.yaml b/stable/anchore-engine/templates/enterprise_upgrade_job.yaml
index 48387bbd..23d9499d 100644
--- a/stable/anchore-engine/templates/enterprise_upgrade_job.yaml
+++ b/stable/anchore-engine/templates/enterprise_upgrade_job.yaml
@@ -63,4 +63,16 @@ spec:
         secret:
           secretName: {{ . }}
       {{- end }}
+      {{- with .Values.anchoreEnterpriseEngineUpgradeJob.nodeSelector }}
+      nodeSelector:
+        {{ toYaml . | nindent 8 }}
+      {{- end }}
+      {{- with .Values.anchoreEnterpriseEngineUpgradeJob.affinity }}
+      affinity:
+        {{ toYaml . | nindent 8 }}
+      {{- end }}
+      {{- with .Values.anchoreEnterpriseEngineUpgradeJob.tolerations }}
+      tolerations:
+        {{ toYaml . | nindent 8 }}
+      {{- end }}
 {{- end }}
\ No newline at end of file
diff --git a/stable/anchore-engine/values.yaml b/stable/anchore-engine/values.yaml
index d244d120..e71100d1 100644
--- a/stable/anchore-engine/values.yaml
+++ b/stable/anchore-engine/values.yaml
@@ -519,6 +519,12 @@ anchoreSimpleQueue:
   tolerations: []
   affinity: {}
 
+# Pod configuration for the helm post-install-hook engine upgrade Job
+anchoreEngineUpgradeJob:
+  nodeSelector: {}
+  tolerations: []
+  affinity: {}
+
 # This section is used for configuring anchore enterprise.
 anchoreEnterpriseGlobal:
   enabled: false
@@ -628,6 +634,12 @@ anchoreEnterpriseFeeds:
   tolerations: []
   affinity: {}
 
+# Pod configuration for the helm post-install-hook feeds upgrade Job
+anchoreEnterpriseFeedsUpgradeJob:
+  nodeSelector: {}
+  tolerations: []
+  affinity: {}
+
 # Configure the Anchore Enterprise role based access control component.
 # This component consists of 2 containers that run as side-cars in the anchore engine api pod.
 anchoreEnterpriseRbac:
@@ -862,6 +874,12 @@ anchore-ui-redis:
   # eg redis://:<password>@hostname:6379
   externalEndpoint: Null
 
+# Pod configuration for the helm post-install-hook enterprise engine upgrade Job
+anchoreEnterpriseEngineUpgradeJob:
+  nodeSelector: {}
+  tolerations: []
+  affinity: {}
+
 # To inject secrets ( credentails data ) via env, rather k8s secrets please set this flag to true.
 # This feature will be useful, especially to inject secrets directly into k8s pods from hashicorp vault
 # inject_secrets_via_env: false