fix: Fix missing pod annotations from API server and add support for …

…podLabels in Helm chart (#2105)

Signed-off-by: Gyorgy Nadaban <[email protected]>
Signed-off-by: Hidde Beydals <[email protected]>
Co-authored-by: Hidde Beydals <[email protected]>

charts/kargo/templates/_helpers.tpl

@@ -54,7 +54,7 @@ helm.sh/chart: {{ include "kargo.chart" . }}
 app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
 {{- end }}
 app.kubernetes.io/managed-by: {{ .Release.Service }}
-{{- with (mergeOverwrite .Values.additionalLabels .Values.global.additionalLabels) }}
+{{- with .Values.global.labels }}
 {{ toYaml . }}
 {{- end }}
 {{- end -}}

charts/kargo/templates/api/deployment.yaml

@@ -7,6 +7,11 @@ metadata:
   labels:
     {{- include "kargo.labels" . | nindent 4 }}
     {{- include "kargo.api.labels" . | nindent 4 }}
+  {{- with (mergeOverwrite (deepCopy .Values.global.labels) .Values.api.labels) }}
+    {{- range $key, $value := . }}
+    {{ $key }}: {{ $value | quote }}
+    {{- end }}
+  {{- end }}
   {{- with (mergeOverwrite (deepCopy .Values.global.annotations) .Values.api.annotations) }}
   annotations:
     {{- range $key, $value := . }}
@@ -26,9 +31,19 @@ spec:
       labels:
         {{- include "kargo.labels" . | nindent 8 }}
         {{- include "kargo.api.labels" . | nindent 8 }}
+      {{- with (mergeOverwrite (deepCopy .Values.global.podLabels) .Values.api.podLabels) }}
+        {{- range $key, $value := . }}
+        {{ $key }}: {{ $value | quote }}
+        {{- end }}
+      {{- end }}
       annotations:
         configmap/checksum: {{ pick ( include (print $.Template.BasePath "/api/configmap.yaml") . | fromYaml ) "data" | toYaml | sha256sum }}
         secret/checksum: {{ pick ( include (print $.Template.BasePath "/api/secret.yaml") . | fromYaml ) "stringData" | toYaml | sha256sum }}
+      {{- with (mergeOverwrite (deepCopy .Values.global.podAnnotations) .Values.api.podAnnotations) }}
+        {{- range $key, $value := . }}
+        {{ $key }}: {{ $value | quote }}
+        {{- end }}
+      {{- end }}
     spec:
       serviceAccount: kargo-api
       {{- with .Values.api.affinity | default .Values.global.affinity }}

charts/kargo/templates/controller/deployment.yaml

@@ -7,6 +7,11 @@ metadata:
   labels:
     {{- include "kargo.labels" . | nindent 4 }}
     {{- include "kargo.controller.labels" . | nindent 4 }}
+  {{- with (mergeOverwrite (deepCopy .Values.global.labels) .Values.controller.labels) }}
+    {{- range $key, $value := . }}
+    {{ $key }}: {{ $value | quote }}
+    {{- end }}
+  {{- end }}
   {{- with (mergeOverwrite (deepCopy .Values.global.annotations) .Values.controller.annotations) }}
   annotations:
     {{- range $key, $value := . }}
@@ -26,8 +31,18 @@ spec:
       labels:
         {{- include "kargo.labels" . | nindent 8 }}
         {{- include "kargo.controller.labels" . | nindent 8 }}
+      {{- with (mergeOverwrite (deepCopy .Values.global.podLabels) .Values.controller.podLabels) }}
+        {{- range $key, $value := . }}
+        {{ $key }}: {{ $value | quote }}
+        {{- end }}
+      {{- end }}
       annotations:
         configmap/checksum: {{ pick ( include (print $.Template.BasePath "/controller/configmap.yaml") . | fromYaml ) "data" | toYaml | sha256sum }}
+      {{- with (mergeOverwrite (deepCopy .Values.global.podAnnotations) .Values.controller.podAnnotations) }}
+        {{- range $key, $value := . }}
+        {{ $key }}: {{ $value | quote }}
+        {{- end }}
+      {{- end }}
     spec:
       serviceAccount: kargo-controller
       {{- with .Values.controller.affinity | default .Values.global.affinity }}

charts/kargo/templates/garbage-collector/cron-job.yaml

@@ -7,6 +7,11 @@ metadata:
   labels:
     {{- include "kargo.labels" . | nindent 4 }}
     {{- include "kargo.garbageCollector.labels" . | nindent 4 }}
+  {{- with (mergeOverwrite (deepCopy .Values.global.labels) .Values.garbageCollector.labels) }}
+    {{- range $key, $value := . }}
+    {{ $key }}: {{ $value | quote }}
+    {{- end }}
+  {{- end }}
   {{- with (mergeOverwrite (deepCopy .Values.global.annotations) .Values.garbageCollector.annotations) }}
   annotations:
     {{- range $key, $value := . }}
@@ -25,6 +30,22 @@ spec:
         configmap/checksum: {{ pick ( include (print $.Template.BasePath "/garbage-collector/configmap.yaml") . | fromYaml ) "data" | toYaml | sha256sum }}
     spec:
       template:
+        metadata:
+          labels:
+            {{- include "kargo.labels" . | nindent 12 }}
+            {{- include "kargo.garbageCollector.labels" . | nindent 12 }}
+          {{- with (mergeOverwrite (deepCopy .Values.global.podLabels) .Values.garbageCollector.podLabels) }}
+            {{- range $key, $value := . }}
+            {{ $key }}: {{ $value | quote }}
+            {{- end }}
+          {{- end }}
+          annotations:
+            configmap/checksum: {{ pick ( include (print $.Template.BasePath "/garbage-collector/configmap.yaml") . | fromYaml ) "data" | toYaml | sha256sum }}
+          {{- with (mergeOverwrite (deepCopy .Values.global.podAnnotations) .Values.garbageCollector.podAnnotations) }}
+            {{- range $key, $value := . }}
+            {{ $key }}: {{ $value | quote }}
+            {{- end }}
+          {{- end }}
         spec:
           serviceAccountName: kargo-garbage-collector
           {{- with .Values.garbageCollector.affinity | default .Values.global.affinity }}

charts/kargo/templates/management-controller/deployment.yaml

@@ -7,6 +7,11 @@ metadata:
   labels:
     {{- include "kargo.labels" . | nindent 4 }}
     {{- include "kargo.managementController.labels" . | nindent 4 }}
+  {{- with (mergeOverwrite (deepCopy .Values.global.labels) .Values.managementController.labels) }}
+    {{- range $key, $value := . }}
+    {{ $key }}: {{ $value | quote }}
+    {{- end }}
+  {{- end }}
   {{- with (mergeOverwrite (deepCopy .Values.global.annotations) .Values.managementController.annotations) }}
   annotations:
     {{- range $key, $value := . }}
@@ -26,8 +31,18 @@ spec:
       labels:
         {{- include "kargo.selectorLabels" . | nindent 8 }}
         {{- include "kargo.managementController.labels" . | nindent 8 }}
+      {{- with (mergeOverwrite (deepCopy .Values.global.podLabels) .Values.managementController.podLabels) }}
+        {{- range $key, $value := . }}
+        {{ $key }}: {{ $value | quote }}
+        {{- end }}
+      {{- end }}
       annotations:
         configmap/checksum: {{ pick ( include (print $.Template.BasePath "/management-controller/configmap.yaml") . | fromYaml ) "data" | toYaml | sha256sum }}
+      {{- with (mergeOverwrite (deepCopy .Values.global.podAnnotations) .Values.managementController.podAnnotations) }}
+        {{- range $key, $value := . }}
+        {{ $key }}: {{ $value | quote }}
+        {{- end }}
+      {{- end }}
     spec:
       serviceAccount: kargo-management-controller
       {{- with .Values.managementController.affinity | default .Values.global.affinity }}

charts/kargo/templates/webhooks-server/deployment.yaml

@@ -7,6 +7,11 @@ metadata:
   labels:
     {{- include "kargo.labels" . | nindent 4 }}
     {{- include "kargo.webhooksServer.labels" . | nindent 4 }}
+  {{- with (mergeOverwrite (deepCopy .Values.global.labels) .Values.webhooksServer.labels) }}
+    {{- range $key, $value := . }}
+    {{ $key }}: {{ $value | quote }}
+    {{- end }}
+  {{- end }}
   {{- with (mergeOverwrite (deepCopy .Values.global.annotations) .Values.webhooksServer.annotations) }}
   annotations:
     {{- range $key, $value := . }}
@@ -26,8 +31,18 @@ spec:
       labels:
         {{- include "kargo.labels" . | nindent 8 }}
         {{- include "kargo.webhooksServer.labels" . | nindent 8 }}
+      {{- with (mergeOverwrite (deepCopy .Values.global.podLabels) .Values.webhooksServer.podLabels) }}
+        {{- range $key, $value := . }}
+        {{ $key }}: {{ $value | quote }}
+        {{- end }}
+      {{- end }}
       annotations:
         configmap/checksum: {{ pick ( include (print $.Template.BasePath "/webhooks-server/configmap.yaml") . | fromYaml ) "data" | toYaml | sha256sum }}
+      {{- with (mergeOverwrite (deepCopy .Values.global.podAnnotations) .Values.webhooksServer.podAnnotations) }}
+        {{- range $key, $value := . }}
+        {{ $key }}: {{ $value | quote }}
+        {{- end }}
+      {{- end }}
     spec:
       serviceAccount: kargo-webhooks-server
       {{- with .Values.webhooksServer.affinity | default .Values.global.affinity }}

charts/kargo/values.yaml

@@ -5,9 +5,6 @@
 
 ## @section Global Parameters
 global:
-  ## @param global.additionalLabels Additional labels to add to all resources.
-  additionalLabels: {}
-    # my-label: my-value
   ## @param global.env Environment variables to add to all Kargo pods.
   env: []
   #  - name: ENV_NAME
@@ -20,8 +17,16 @@ global:
   #      name: secret-name
   ## @param global.nodeSelector Default node selector for all Kargo pods.
   nodeSelector: {}
-  ## @param global.annotations Default annotations for all Kargo pods.
+
+  ## @param global.labels Labels to add to all resources.
+  labels: {}
+  ## @param global.annotations Annotations to add to all resources.
   annotations: {}
+  ## @param global.podLabels Labels to add to all pods.
+  podLabels: {}
+  ## @param global.podAnnotations Annotations to add to pods.
+  podAnnotations: {}
+
   ## @param global.tolerations Default tolerations for all Kargo pods.
   tolerations: []
   ## @param global.affinity Default affinity for all Kargo pods.
@@ -81,10 +86,6 @@ kubeconfigSecrets: {}
   ## @param kubeconfigSecrets.argocd [nullable] Kubernetes `Secret` name containing kubeconfig for a remote Kubernetes cluster hosting Argo CD resources. Used by Kargo controller(s) only.
   # argocd: ""
 
-## @skip additionalLabels Deprecated, use `global.additionalLabels` instead.
-additionalLabels: {}
-  # my-label: my-value
-
 ## @section API
 api:
   ## @param api.enabled Whether the API server is enabled.
@@ -95,6 +96,16 @@ api:
   host: localhost
   ## @param api.logLevel The log level for the API server.
   logLevel: INFO
+
+  ## @param api.labels Labels to add to the api resources. Merges with `global.labels`, allowing you to override or add to the global labels.
+  labels: {}
+  ## @param api.annotations Annotations to add to the api resources. Merges with `global.annotations`, allowing you to override or add to the global annotations.
+  annotations: {}
+  ## @param api.podLabels Optional labels to add to pods. Merges with `global.podLabels`, allowing you to override or add to the global labels.
+  podLabels: {}
+  ## @param api.podAnnotations Optional annotations to add to pods. Merges with `global.podAnnotations`, allowing you to override or add to the global annotations.
+  podAnnotations: {}
+
   ## @param api.resources Resources limits and requests for the api containers.
   resources: {}
     # limits:
@@ -109,8 +120,6 @@ api:
   tolerations: []
   ## @param api.affinity Specifies pod affinity for api pods. Defaults to `global.affinity`.
   affinity: {}
-  ## @param  api.annotations Annotations to add to the api pods. Merges with `global.annotations`, allowing you to override or add to the global annotations.
-  annotations: {}
   ## @param api.securityContext Security context for api pods. Defaults to `global.securityContext`.
   securityContext: {}
   ## @param api.env Environment variables to add to API server pods.
@@ -319,6 +328,15 @@ controller:
   ## @param controller.enabled Whether the controller is enabled.
   enabled: true
 
+  ## @param controller.labels Labels to add to the api resources. Merges with `global.labels`, allowing you to override or add to the global labels.
+  labels: {}
+  ## @param controller.annotations Annotations to add to the api resources. Merges with `global.annotations`, allowing you to override or add to the global annotations.
+  annotations: {}
+  ## @param controller.podLabels Optional labels to add to pods. Merges with `global.podLabels`, allowing you to override or add to the global labels.
+  podLabels: {}
+  ## @param controller.podAnnotations Optional annotations to add to pods. Merges with `global.podAnnotations`, allowing you to override or add to the global annotations.
+  podAnnotations: {}
+
   ## All settings relating to shared credentials (used across multiple kargo projects)
   globalCredentials:
     ## @param controller.globalCredentials.namespaces List of namespaces to look for shared credentials.
@@ -377,8 +395,6 @@ controller:
   tolerations: []
   ## @param controller.affinity Specifies pod affinity for controller pods. Defaults to `global.affinity`.
   affinity: {}
-  ## @param controller.annotations Annotations to add to the controller pods. Merges with `global.annotations`, allowing you to override or add to the global annotations.
-  annotations: {}
   ## @param controller.env Environment variables to add to controller pods.
   env: []
   #  - name: ENV_NAME
@@ -399,6 +415,15 @@ managementController:
   ## @param managementController.logLevel The log level for the management controller.
   logLevel: INFO
 
+  ## @param managementController.labels Labels to add to the api resources. Merges with `global.labels`, allowing you to override or add to the global labels.
+  labels: {}
+  ## @param managementController.annotations Annotations to add to the api resources. Merges with `global.annotations`, allowing you to override or add to the global annotations.
+  annotations: {}
+  ## @param managementController.podLabels Optional labels to add to pods. Merges with `global.podLabels`, allowing you to override or add to the global labels.
+  podLabels: {}
+  ## @param managementController.podAnnotations Optional annotations to add to pods. Merges with `global.podAnnotations`, allowing you to override or add to the global annotations.
+  podAnnotations: {}
+
   ## @param managementController.securityContext Security context for management controller pods. Defaults to `global.securityContext`.
   securityContext: {}
 
@@ -416,8 +441,6 @@ managementController:
   tolerations: []
   ## @param managementController.affinity Specifies pod affinity for management controller pods. Defaults to `global.affinity`.
   affinity: {}
-  ## @param managementController.annotations Annotations to add to the management controller pods. Merges with `global.annotations`, allowing you to override or add to the global annotations.
-  annotations: {}
   ## @param managementController.env Environment variables to add to management controller pods.
   env: []
   #  - name: ENV_NAME
@@ -445,6 +468,15 @@ webhooksServer:
   ## @param webhooksServer.controlplaneUserRegex Regular expression for matching controlplane users.
   controlplaneUserRegex: "" # ^system:serviceaccount:kargo:[a-z0-9]([-a-z0-9]*[a-z0-9])?$
 
+  ## @param webhooksServer.labels Labels to add to the api resources. Merges with `global.labels`, allowing you to override or add to the global labels.
+  labels: {}
+  ## @param webhooksServer.annotations Annotations to add to the api resources. Merges with `global.annotations`, allowing you to override or add to the global annotations.
+  annotations: {}
+  ## @param webhooksServer.podLabels Optional labels to add to pods. Merges with `global.podLabels`, allowing you to override or add to the global labels.
+  podLabels: {}
+  ## @param webhooksServer.podAnnotations Optional annotations to add to pods. Merges with `global.podAnnotations`, allowing you to override or add to the global annotations.
+  podAnnotations: {}
+
   tls:
     ## @param webhooksServer.tls.selfSignedCert  Whether to generate a self-signed certificate for the controller's built-in webhook server. If `true`, `cert-manager` CRDs **must** be present in the cluster. Kargo will create and use its own namespaced issuer. If `false`, a cert secret named `kargo-webhooks-server-cert` **must** be provided in the same namespace as Kargo. There is no provision for webhooks without TLS.
     selfSignedCert: true
@@ -462,8 +494,6 @@ webhooksServer:
   tolerations: []
   ## @param webhooksServer.affinity Specifies pod affinity for the webhooks server pods. Defaults to `global.affinity`.
   affinity: {}
-  ## @param webhooksServer.annotations Annotations to add to the webhooks server pods. Merges with `global.annotations`, allowing you to override or add to the global annotations.
-  annotations: {}
   ## @param webhooksServer.securityContext Security context for webhooks server pods. Defaults to `global.securityContext`.
   securityContext: {}
   ## @param webhooksServer.env Environment variables to add to webhook server pods.
@@ -495,6 +525,16 @@ garbageCollector:
   minFreightDeletionAge: 336h # Two weeks
   ## @param garbageCollector.logLevel The log level for the garbage collector.
   logLevel: INFO
+
+  ## @param garbageCollector.labels Labels to add to the api resources. Merges with `global.labels`, allowing you to override or add to the global labels.
+  labels: {}
+  ## @param garbageCollector.annotations Annotations to add to the api resources. Merges with `global.annotations`, allowing you to override or add to the global annotations.
+  annotations: {}
+  ## @param garbageCollector.podLabels Optional labels to add to pods. Merges with `global.podLabels`, allowing you to override or add to the global labels.
+  podLabels: {}
+  ## @param garbageCollector.podAnnotations Optional annotations to add to pods. Merges with `global.podAnnotations`, allowing you to override or add to the global annotations.
+  podAnnotations: {}
+
   ## @param garbageCollector.resources Resources limits and requests for the garbage collector containers.
   resources: {}
     # limits:
@@ -509,8 +549,6 @@ garbageCollector:
   tolerations: []
   ## @param garbageCollector.affinity Specifies pod affinity for the garbage collector pods. Defaults to `global.affinity`.
   affinity: {}
-  ## @param garbageCollector.annotations Annotations to add to the garbage collector pods. Merges with `global.annotations`, allowing you to override or add to the global annotations.
-  annotations: {}
   ## @param garbageCollector.securityContext Security context for garbage collector pods. Defaults to `global.securityContext`.
   securityContext: {}
   ## @param garbageCollector.env Environment variables to add to garbage collector pods.