Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

add labels, securityContext and image pull secret in cluster controller #3835

Merged
merged 2 commits into from
Feb 4, 2025
Merged

add labels, securityContext and image pull secret in cluster controller #3835

merged 2 commits into from
Feb 4, 2025

Conversation

mittal-ishaan
Copy link
Collaborator

@mittal-ishaan mittal-ishaan commented Feb 4, 2025
edited
Loading

What does this PR change?

Adds Labels, SecurityContext and image pull secrets to cluster controller configurations.

Does this PR rely on any other PRs?

No

How does this PR impact users? (This is the kind of thing that goes in release notes!)

Users will now be able to add:

  • custom labels to the deployment and pod.
  • Security context at the pod and container level
  • image pull secret to cluster controller pod

Links to Issues or tickets this PR addresses or fixes

No

What risks are associated with merging this PR? What is required to fully test this PR?

No

How was this PR tested?

When setting imagePullSecret, labels and securityContext. We get the following deployment template using helm template

# Source: cost-analyzer/templates/kubecost-cluster-controller-template.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
  name: cost-analyzer-cluster-controller
  namespace: default
  labels:
    app.kubernetes.io/name: cost-analyzer
    helm.sh/chart: cost-analyzer-2.3.3
    app.kubernetes.io/instance: cost-analyzer
    app.kubernetes.io/managed-by: Helm
    app: cost-analyzer
    hey: there
  annotations:
spec:
  strategy:
    rollingUpdate:
      maxSurge: 1
      maxUnavailable: 1
    type: RollingUpdate
  selector:
    matchLabels:
      app: cost-analyzer-cluster-controller
  template:
    metadata:
      labels:
        app: cost-analyzer-cluster-controller
        hey: there
    spec:
      securityContext:
        fsGroup: 1001
        fsGroupChangePolicy: OnRootMismatch
        runAsGroup: 1001
        runAsNonRoot: true
        runAsUser: 1001
        seccompProfile:
          type: RuntimeDefault
      containers:
      - name: cost-analyzer-cluster-controller
        image: gcr.io/kubecost1/cluster-controller:v0.16.11
        imagePullPolicy: IfNotPresent
        securityContext:
          hey: there
        volumeMounts:
        - name: cluster-controller-keys
          mountPath: /var/keys
        env:
          ...
        ports:
        - name: http-server
          containerPort: 9731
          hostPort: 9731
        resources:
            {}
      imagePullSecrets:
        - name: image-pull-secret
      serviceAccount: cost-analyzer-cluster-controller
      serviceAccountName: cost-analyzer-cluster-controller
      volumes:
        ...

deployed kubecost using these configurations

Have you made an update to documentation? If so, please provide the corresponding PR.

No

@mittal-ishaan mittal-ishaan marked this pull request as ready for review February 4, 2025 15:17
thomasvn
thomasvn approved these changes Feb 4, 2025
View reviewed changes
Copy link
Member

@thomasvn thomasvn left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for these updates, and for providing the results when templating using these new values. The changes here align with how cost-analyzer-deployment.yaml sets these values. LGTM!

@mittal-ishaan mittal-ishaan merged commit f9db56e into develop Feb 4, 2025
36 checks passed
@mittal-ishaan mittal-ishaan deleted the clusterController branch February 4, 2025 17:41
gcp-cherry-pick-bot bot pushed a commit that referenced this pull request Feb 4, 2025
@mittal-ishaan
add labels, securityContext and image pull secret in cluster controll…
81eef80 
…er (#3835)

* add labels, securityContext and image pull secret in cluster controller

* image pull secret at pod level
@gcp-cherry-pick-bot gcp-cherry-pick-bot bot mentioned this pull request Feb 4, 2025
Merged
thomasvn pushed a commit that referenced this pull request Feb 4, 2025
@gcp-cherry-pick-bot @mittal-ishaan
add labels, securityContext and image pull secret in cluster controll…
0604af5 
…er (#3835) (#3836)

* add labels, securityContext and image pull secret in cluster controller

* image pull secret at pod level

Co-authored-by: Ishaan Mittal <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@thomasvn thomasvn thomasvn approved these changes

Assignees
No one assigned
Labels
needs cherry-pick v2.6
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@mittal-ishaan @thomasvn