diff --git a/CHANGELOG.md b/CHANGELOG.md index 8704bfaf4..e9a803998 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -3,6 +3,9 @@ Changes: * Latest Kubernetes version tested is now 1.27 +Features: +* CSI: Make `nodeSelector` and `affinity` configurable for CSI daemonset's pods [GH-862](https://github.com/hashicorp/vault-helm/pull/862) + Bugs: * server: Set the default for `prometheusRules.rules` to an empty list [GH-886](https://github.com/hashicorp/vault-helm/pull/886) diff --git a/templates/_helpers.tpl b/templates/_helpers.tpl index 4b6baf10e..dafac3787 100644 --- a/templates/_helpers.tpl +++ b/templates/_helpers.tpl @@ -849,6 +849,34 @@ Sets the injector toleration for pod placement {{- end }} {{- end -}} +{{/* +Sets the CSI provider nodeSelector for pod placement +*/}} +{{- define "csi.pod.nodeselector" -}} + {{- if .Values.csi.pod.nodeSelector }} + nodeSelector: + {{- $tp := typeOf .Values.csi.pod.nodeSelector }} + {{- if eq $tp "string" }} + {{ tpl .Values.csi.pod.nodeSelector . | nindent 8 | trim }} + {{- else }} + {{- toYaml .Values.csi.pod.nodeSelector | nindent 8 }} + {{- end }} + {{- end }} +{{- end -}} +{{/* +Sets the CSI provider affinity for pod placement. +*/}} +{{- define "csi.pod.affinity" -}} + {{- if .Values.csi.pod.affinity }} + affinity: + {{ $tp := typeOf .Values.csi.pod.affinity }} + {{- if eq $tp "string" }} + {{- tpl .Values.csi.pod.affinity . | nindent 8 | trim }} + {{- else }} + {{- toYaml .Values.csi.pod.affinity | nindent 8 }} + {{- end }} + {{ end }} +{{- end -}} {{/* Sets extra CSI provider pod annotations */}} diff --git a/templates/csi-daemonset.yaml b/templates/csi-daemonset.yaml index a32ef7c70..28e7cd070 100644 --- a/templates/csi-daemonset.yaml +++ b/templates/csi-daemonset.yaml @@ -45,6 +45,8 @@ spec: {{- end }} serviceAccountName: {{ template "vault.fullname" . }}-csi-provider {{- template "csi.pod.tolerations" . }} + {{- template "csi.pod.nodeselector" . }} + {{- template "csi.pod.affinity" . }} containers: - name: {{ include "vault.name" . }}-csi-provider {{ template "csi.resources" . }} diff --git a/test/unit/csi-daemonset.bats b/test/unit/csi-daemonset.bats index 3ad9675c4..97bc86d79 100644 --- a/test/unit/csi-daemonset.bats +++ b/test/unit/csi-daemonset.bats @@ -345,6 +345,74 @@ load _helpers [ "${actual}" = "true" ] } +#-------------------------------------------------------------------- +# nodeSelector +@test "csi/daemonset: nodeSelector not set by default" { + cd `chart_dir` + local actual=$(helm template \ + --show-only templates/csi-daemonset.yaml \ + --set 'csi.enabled=true' \ + . | tee /dev/stderr | + yq '.spec.template.spec | .nodeSelector? == null' | tee /dev/stderr) + [ "${actual}" = "true" ] +} + +@test "csi/daemonset: nodeSelector can be set as string" { + cd `chart_dir` + local actual=$(helm template \ + --show-only templates/csi-daemonset.yaml \ + --set 'csi.enabled=true' \ + --set 'csi.pod.nodeSelector=foobar' \ + . | tee /dev/stderr | + yq '.spec.template.spec.nodeSelector == "foobar"' | tee /dev/stderr) + [ "${actual}" = "true" ] +} + +@test "csi/daemonset: nodeSelector can be set as YAML" { + cd `chart_dir` + local actual=$(helm template \ + --show-only templates/csi-daemonset.yaml \ + --set 'csi.enabled=true' \ + --set "csi.pod.nodeSelector[0].foo=bar,csi.pod.nodeSelector[1].baz=qux" \ + . | tee /dev/stderr | + yq '.spec.template.spec.nodeSelector[0].foo == "bar" and .spec.template.spec.nodeSelector[1].baz == "qux"' | tee /dev/stderr) + [ "${actual}" = "true" ] +} + +#-------------------------------------------------------------------- +# affinity +@test "csi/daemonset: affinity not set by default" { + cd `chart_dir` + local actual=$(helm template \ + --show-only templates/csi-daemonset.yaml \ + --set 'csi.enabled=true' \ + . | tee /dev/stderr | + yq '.spec.template.spec | .affinity? == null' | tee /dev/stderr) + [ "${actual}" = "true" ] +} + +@test "csi/daemonset: affinity can be set as string" { + cd `chart_dir` + local actual=$(helm template \ + --show-only templates/csi-daemonset.yaml \ + --set 'csi.enabled=true' \ + --set 'csi.pod.affinity=foobar' \ + . | tee /dev/stderr | + yq '.spec.template.spec.affinity == "foobar"' | tee /dev/stderr) + [ "${actual}" = "true" ] +} + +@test "csi/daemonset: affinity can be set as YAML" { + cd `chart_dir` + local actual=$(helm template \ + --show-only templates/csi-daemonset.yaml \ + --set 'csi.enabled=true' \ + --set "csi.pod.affinity.podAntiAffinity=foobar" \ + . | tee /dev/stderr | + yq '.spec.template.spec.affinity.podAntiAffinity == "foobar"' | tee /dev/stderr) + [ "${actual}" = "true" ] +} + #-------------------------------------------------------------------- # Extra Labels diff --git a/values.schema.json b/values.schema.json index e296426fb..7a7643b2e 100644 --- a/values.schema.json +++ b/values.schema.json @@ -136,6 +136,13 @@ "pod": { "type": "object", "properties": { + "affinity": { + "type": [ + "null", + "array", + "string" + ] + }, "annotations": { "type": [ "object", @@ -145,6 +152,13 @@ "extraLabels": { "type": "object" }, + "nodeSelector": { + "type": [ + "null", + "array", + "string" + ] + }, "tolerations": { "type": [ "null", diff --git a/values.yaml b/values.yaml index 2a9ec9c24..1dd64742a 100644 --- a/values.yaml +++ b/values.yaml @@ -1063,6 +1063,17 @@ csi: # in a PodSpec. tolerations: [] + # nodeSelector labels for csi pod assignment, formatted as a multi-line string or YAML map. + # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector + # Example: + # nodeSelector: + # beta.kubernetes.io/arch: amd64 + nodeSelector: [] + + # Affinity Settings + # This should be either a multi-line string or YAML matching the PodSpec's affinity field. + affinity: {} + # Extra labels to attach to the vault-csi-provider pod # This should be a YAML map of the labels to apply to the csi provider pod extraLabels: {}