From e23d966926d7cf35c22319ecede1eb468a2d9506 Mon Sep 17 00:00:00 2001
From: Karsten Kraus <Karsten.Kraus@swr.de>
Date: Wed, 2 Oct 2024 11:45:55 +0200
Subject: [PATCH] Add values for deployment & and pod labes and & annotations

---
 charts/vault-raft-snapshot-agent/Chart.yaml   |  3 +-
 .../templates/deployment.yaml                 | 46 ++++++----
 charts/vault-raft-snapshot-agent/values.yaml  | 85 ++++++++++---------
 3 files changed, 75 insertions(+), 59 deletions(-)

diff --git a/charts/vault-raft-snapshot-agent/Chart.yaml b/charts/vault-raft-snapshot-agent/Chart.yaml
index 26077c1..32d0512 100644
--- a/charts/vault-raft-snapshot-agent/Chart.yaml
+++ b/charts/vault-raft-snapshot-agent/Chart.yaml
@@ -1,7 +1,7 @@
 apiVersion: v2
 name: vault-raft-snapshot-agent
 type: application
-version: 0.4.24
+version: 0.5.0
 appVersion: "v0.11.0"
 description: Vault Raft Snapshot Agent takes periodic snapshots of Vault's Raft database and stores them on a local volume or an remote S3 bucket
 keywords:
@@ -29,4 +29,3 @@ annotations:
         - linux/arm/v7
   artifacthub.io/recommendations: |
     - url: https://artifacthub.io/packages/helm/hashicorp/vault
-  artifacthub.io/containsSecurityUpdates: "false"
diff --git a/charts/vault-raft-snapshot-agent/templates/deployment.yaml b/charts/vault-raft-snapshot-agent/templates/deployment.yaml
index 96b6868..6ba4ae3 100644
--- a/charts/vault-raft-snapshot-agent/templates/deployment.yaml
+++ b/charts/vault-raft-snapshot-agent/templates/deployment.yaml
@@ -9,6 +9,13 @@ metadata:
     app.kubernetes.io/instance: {{ .Release.Name }}
     app.kubernetes.io/managed-by: {{ .Release.Service }}
     component: snapshot-agent
+    {{- with .Values.deployment.extraLabels }}
+    {{ toYaml . | indent 4 }}
+    {{- end }}
+  {{- with .Values.deployment.extraAnnotations }}
+  annotations:
+    {{ toYaml . | indent 4 }}
+  {{- end }}
 spec:
   selector:
     matchLabels:
@@ -17,9 +24,9 @@ spec:
       component: snapshot-agent
   replicas: 1
   strategy:
-    type: {{ .Values.deployment.strategy.type }}
-  {{- with .Values.deployment.revisionHistoryLimit }}
-  revisionHistoryLimit: {{ .Values.deployment.revisionHistoryLimit }}
+    type: {{ .Values.deployment.spec.strategy.type }}
+  {{- with .Values.deployment.spec.revisionHistoryLimit }}
+  revisionHistoryLimit: {{ .Values.deployment.spec.revisionHistoryLimit }}
   {{- end }}
   template:
     metadata:
@@ -29,29 +36,32 @@ spec:
         app.kubernetes.io/instance: {{ .Release.Name }}
         app.kubernetes.io/managed-by: {{ .Release.Service }}
         component: snapshot-agent
+        {{- with .Values.deployment.spec.extraLabels }}
+        {{ toYaml . | indent 8 }}
+        {{- end }}
       annotations:
         checksum/config: {{ include (print .Template.BasePath "/configmap.yaml") . | sha256sum }}
-        {{- if .Values.deployment.extraAnnotations }}
-        {{ toYaml .Values.deployment.extraAnnotations | indent 8 }}
+        {{- with .Values.deployment.spec.extraAnnotations }}
+        {{ toYaml . | indent 8 }}
         {{- end }}
     spec:
       restartPolicy: Always
       serviceAccountName: {{ include "helm.serviceAccountName" . }}
       containers:
         - name: {{ include "vault-raft-snapshot-agent.name" . }}
-          {{- with .Values.deployment.image }}
+          {{- with .Values.deployment.spec.image }}
           image: {{ .repo }}:{{ .tag | default $.Chart.AppVersion }}
           imagePullPolicy: {{ .pullPolicy }}
           {{- end }}
-          {{- if not (empty .Values.deployment.extraEnv) }}
-          env: {{ toYaml .Values.deployment.extraEnv | nindent 12 }}
+          {{- if not (empty .Values.deployment.spec.extraEnv) }}
+          env: {{ toYaml .Values.deployment.spec.extraEnv | nindent 12 }}
           {{- end }}
-          {{- if not (empty .Values.deployment.extraEnvFrom) }}
-          envFrom: {{ toYaml .Values.deployment.extraEnvFrom | nindent 12 }}
+          {{- if not (empty .Values.deployment.spec.extraEnvFrom) }}
+          envFrom: {{ toYaml .Values.deployment.spec.extraEnvFrom | nindent 12 }}
           {{- end }}
-          {{- if not (and (empty .Values.deployment.resources.limits) (empty .Values.deployment.resources.requests)) }}
+          {{- if not (and (empty .Values.deployment.spec.resources.limits) (empty .Values.deployment.spec.resources.requests)) }}
           resources:
-            {{- with .Values.deployment.resources.limits }}
+            {{- with .Values.deployment.spec.resources.limits }}
             limits:
               {{- with .cpu }}
               cpu: {{ . }}
@@ -60,7 +70,7 @@ spec:
               memory: {{ . }}
               {{- end }}
             {{- end }}
-            {{- with .Values.deployment.resources.requests }}
+            {{- with .Values.deployment.spec.resources.requests }}
             requests:
               {{- with .cpu }}
               cpu: {{ . }}
@@ -78,14 +88,14 @@ spec:
             - mountPath: {{ .Values.config.snapshots.storages.local.path }}
               name: snapshots
             {{- end }}
-            {{- range $volume := .Values.deployment.extraVolumes }}
+            {{- range $volume := .Values.deployment.spec.extraVolumes }}
             - mountPath: {{ required "volume mountPath is required" $volume.mountPath }}
               name: {{ required "volume name is required" $volume.name }}
               {{- with $volume.readOnly }}
               readOnly: {{ $volume.readOnly }}
               {{- end }}
             {{- end }}
-      {{ with .Values.deployment.initContainer }}
+      {{ with .Values.deployment.spec.initContainer }}
       initContainers:
       - name: {{  .name | default "initialize-agent" }}
         image: {{ .image | default "alpine:3.19.1" }}
@@ -95,9 +105,9 @@ spec:
         {{- with .env }}
         env: {{ tpl (toYaml .) $ | nindent 8 }}
         {{- end }}
-        {{- with $.Values.deployment.extraVolumes }}
+        {{- with $.Values.deployment.spec.extraVolumes }}
         volumeMounts:
-          {{- range $volume := $.Values.deployment.extraVolumes }}
+          {{- range $volume := $.Values.deployment.spec.extraVolumes }}
           - mountPath: {{ required "volume mountPath is required" $volume.mountPath }}
             name: {{ required "volume name is required" $volume.name }}
             {{- with $volume.readOnly }}
@@ -121,7 +131,7 @@ spec:
           {{- end }}
           {{- end }}
         {{- end }}
-        {{- range $volume := .Values.deployment.extraVolumes }}
+        {{- range $volume := .Values.deployment.spec.extraVolumes }}
         - name: {{ required "volume name is required" (get $volume "name") }}
           {{- toYaml (omit $volume "name" "mountPath" "readOnly") | nindent 10 }}
         {{- end }}
diff --git a/charts/vault-raft-snapshot-agent/values.yaml b/charts/vault-raft-snapshot-agent/values.yaml
index 06ffe5a..0417131 100644
--- a/charts/vault-raft-snapshot-agent/values.yaml
+++ b/charts/vault-raft-snapshot-agent/values.yaml
@@ -11,46 +11,53 @@ fullnameOverride:
 nameOverride:
 
 deployment:
-  # -- additional annotation to add to the pod's metadata
+  # -- additional labels to add to the deployment's metadata
+  extraLabels: {}
+  # -- additional annotation to add to the deployment's metadata
   extraAnnotations: {}
   # -- additional environment-variables to add to the pod
-  extraEnv: []
-  # -- additional environment-refs to add to the pod
-  extraEnvFrom: []
-  # -- additional volumes for the container. configures the pods `volumeMounts` and `volumes`-sections:
-  # <pre>- name: my-volume<br>  mountPath: /my-path<br>  emptyDir: {}</pre>
-  # `name` and `mountPath` are used both in `volumeMounts` and `volumes`, `readOnly` only applies to
-  # `volumeMounts` and any other key is added to `volumes` only
-  extraVolumes: []
-  strategy:
-    # -- Update-strategy for the agent's pods
-    #    `Recreate` guarantees that no two snapshots get taken at the same time
-    #    `RollingUpdate` ensures that there's always one instance of the agent running
-    type: "Recreate"
-  image:
-    # -- Image that is deployed (change e.g. for private registry-proxy)
-    repo: ghcr.io/argelbargel/vault-raft-snapshot-agent
-    # -- (string) the image's tag
-    # @default -- `.Chart.AppVersion`
-    tag:
-    # -- New releases of vault-raft-snapshot-agent always change the
-    #    `.Chart.AppVersion` of this chart thus must only be changed
-    #    if you use another repository than the default
-    pullPolicy: IfNotPresent
-  # -- resource limits and requests for the deployment
-  resources:
-    # -- resource limits of the deployment
-    limits: {}
-    # -- resource requests by the deployment
-    requests: {}
-  # -- specify optional init-container. Only properties `name`, `image`, `command` and `env` are used.
-  #    `name` and `image` are optional, by default alpine:3.19.1, which is the agents-base-image, is used as image
-  #    The init-container has access to all extraVolumes.
-  initContainer: {}
-  # -- (int) see [kubernetes docs](https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#clean-up-policy)
-  #    You might want to change this to a small value to avoid cluttering up the
-  #    UI of a Continuous Delivery Tool like Argo-CD
-  revisionHistoryLimit:
+  spec:
+    # -- additional labels to add to the pods's metadata
+    extraLabels: {}
+    # -- additional annotation to add to the pods's metadata
+    extraAnnotations: {}
+    extraEnv: []
+    # -- additional environment-refs to add to the pod
+    extraEnvFrom: []
+    # -- additional volumes for the container. configures the pods `volumeMounts` and `volumes`-sections:
+    # <pre>- name: my-volume<br>  mountPath: /my-path<br>  emptyDir: {}</pre>
+    # `name` and `mountPath` are used both in `volumeMounts` and `volumes`, `readOnly` only applies to
+    # `volumeMounts` and any other key is added to `volumes` only
+    extraVolumes: []
+    strategy:
+      # -- Update-strategy for the agent's pods
+      #    `Recreate` guarantees that no two snapshots get taken at the same time
+      #    `RollingUpdate` ensures that there's always one instance of the agent running
+      type: "Recreate"
+    image:
+      # -- Image that is deployed (change e.g. for private registry-proxy)
+      repo: ghcr.io/argelbargel/vault-raft-snapshot-agent
+      # -- (string) the image's tag
+      # @default -- `.Chart.AppVersion`
+      tag:
+      # -- New releases of vault-raft-snapshot-agent always change the
+      #    `.Chart.AppVersion` of this chart thus must only be changed
+      #    if you use another repository than the default
+      pullPolicy: IfNotPresent
+    # -- resource limits and requests for the deployment
+    resources:
+      # -- resource limits of the deployment
+      limits: {}
+      # -- resource requests by the deployment
+      requests: {}
+    # -- specify optional init-container. Only properties `name`, `image`, `command` and `env` are used.
+    #    `name` and `image` are optional, by default alpine:3.19.1, which is the agents-base-image, is used as image
+    #    The init-container has access to all extraVolumes.
+    initContainer: {}
+    # -- (int) see [kubernetes docs](https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#clean-up-policy)
+    #    You might want to change this to a small value to avoid cluttering up the
+    #    UI of a Continuous Delivery Tool like Argo-CD
+    revisionHistoryLimit:
 
 
 serviceAccount:
@@ -68,7 +75,7 @@ serviceAccount:
 config:
   vault:
     nodes:
-     # -- Urls to the vault-nodes. Recommended to use a single url always pointing to the *leader* of your vault-cluster, e.g. `https?://vault-active.<vault-namespace>.svc.cluster.local:<vault-server service-port>`
+      # -- Urls to the vault-nodes. Recommended to use a single url always pointing to the *leader* of your vault-cluster, e.g. `https?://vault-active.<vault-namespace>.svc.cluster.local:<vault-server service-port>`
       urls:
       - http://127.0.0.1:8200
       autoDetectLeader: false