diff --git a/helm/core/templates/_pod.tpl b/helm/core/templates/_pod.tpl index ca6b3841b..c87e4d3ef 100644 --- a/helm/core/templates/_pod.tpl +++ b/helm/core/templates/_pod.tpl @@ -15,6 +15,9 @@ template: {{- with .Values.gateway.revision }} istio.io/rev: {{ . }} {{- end }} + {{- with .Values.gateway.podLabels }} + {{- toYaml . | nindent 6 }} + {{- end }} {{- include "gateway.selectorLabels" . | nindent 6 }} spec: {{- with .Values.gateway.imagePullSecrets }} diff --git a/helm/core/templates/controller-deployment.yaml b/helm/core/templates/controller-deployment.yaml index 38a770248..93041e339 100644 --- a/helm/core/templates/controller-deployment.yaml +++ b/helm/core/templates/controller-deployment.yaml @@ -19,6 +19,9 @@ spec: {{- toYaml . | nindent 8 }} {{- end }} labels: + {{- with .Values.controller.podLabels }} + {{- toYaml . | nindent 8 }} + {{- end }} {{- include "controller.selectorLabels" . | nindent 8 }} spec: {{- with .Values.controller.imagePullSecrets }} diff --git a/helm/core/values.yaml b/helm/core/values.yaml index 9aead2a02..d4fdff6eb 100644 --- a/helm/core/values.yaml +++ b/helm/core/values.yaml @@ -462,6 +462,9 @@ gateway: prometheus.io/path: "/stats/prometheus" sidecar.istio.io/inject: "false" + # -- Labels to apply to the pod + podLabels: {} + # -- Define the security context for the pod. # If unset, this will be automatically set to the minimum privileges required to bind to port 80 and 443. # On Kubernetes 1.22+, this only requires the `net.ipv4.ip_unprivileged_port_start` sysctl. @@ -544,12 +547,12 @@ controller: labels: {} probe: - { - httpGet: { path: /ready, port: 8888 }, - initialDelaySeconds: 1, - periodSeconds: 3, - timeoutSeconds: 5, - } + httpGet: + path: /ready + port: 8888 + initialDelaySeconds: 1 + periodSeconds: 3 + timeoutSeconds: 5 imagePullSecrets: [] @@ -567,21 +570,26 @@ controller: podAnnotations: {} + # -- Labels to apply to the pod + podLabels: {} + podSecurityContext: {} # fsGroup: 2000 ports: - [ - { "name": "http", "protocol": "TCP", "port": 8888, "targetPort": 8888 }, - { - "name": "http-solver", - "protocol": "TCP", - "port": 8889, - "targetPort": 8889, - }, - { "name": "grpc", "protocol": "TCP", "port": 15051, "targetPort": 15051 }, - ] + - name: http + protocol: TCP + port: 8888 + targetPort: 8888 + - name: http-solver + protocol: TCP + port: 8889 + targetPort: 8889 + - name: grpc + protocol: TCP + port: 15051 + targetPort: 15051 service: type: ClusterIP diff --git a/helm/higress/README.md b/helm/higress/README.md index 365564063..2cecaa91f 100644 --- a/helm/higress/README.md +++ b/helm/higress/README.md @@ -51,6 +51,7 @@ The command removes all the Kubernetes components associated with the chart and | controller.name | string | `"higress-controller"` | | | controller.nodeSelector | object | `{}` | | | controller.podAnnotations | object | `{}` | | +| controller.podLabels | object | `{}` | Labels to apply to the pod | | controller.podSecurityContext | object | `{}` | | | controller.ports[0].name | string | `"http"` | | | controller.ports[0].port | int | `8888` | | @@ -115,6 +116,7 @@ The command removes all the Kubernetes components associated with the chart and | gateway.podAnnotations."prometheus.io/port" | string | `"15020"` | | | gateway.podAnnotations."prometheus.io/scrape" | string | `"true"` | | | gateway.podAnnotations."sidecar.istio.io/inject" | string | `"false"` | | +| gateway.podLabels | object | `{}` | Labels to apply to the pod | | gateway.rbac.enabled | bool | `true` | If enabled, roles will be created to enable accessing certificates from Gateways. This is not needed when using http://gateway-api.org/. | | gateway.readinessFailureThreshold | int | `30` | The number of successive failed probes before indicating readiness failure. | | gateway.readinessInitialDelaySeconds | int | `1` | The initial delay for readiness probes in seconds. |