diff --git a/app/kumactl/cmd/install/testdata/install-control-plane.dump-values.yaml b/app/kumactl/cmd/install/testdata/install-control-plane.dump-values.yaml index e765d6137db2..07e2bd710f37 100644 --- a/app/kumactl/cmd/install/testdata/install-control-plane.dump-values.yaml +++ b/app/kumactl/cmd/install/testdata/install-control-plane.dump-values.yaml @@ -119,6 +119,9 @@ controlPlane: # This is rendered as a template, so you can use variables to generate match labels. topologySpreadConstraints: + # -- Priority Class Name of the Kuma Control Plane + priorityClassName: "" + # -- Failure policy of the mutating webhook implemented by the Kuma Injector component injectorFailurePolicy: Fail @@ -532,6 +535,9 @@ ingress: # This is rendered as a template, so you can use variables to generate match labels. topologySpreadConstraints: + # -- Priority Class Name of the ingress + priorityClassName: "" + # -- Security context at the pod level for ingress podSecurityContext: runAsNonRoot: true @@ -655,6 +661,9 @@ egress: # This is rendered as a template, so you can use variables to generate match labels. topologySpreadConstraints: + # -- Priority Class Name of the egress + priorityClassName: "" + # -- Security context at the pod level for egress podSecurityContext: runAsNonRoot: true diff --git a/deployments/charts/kuma/README.md b/deployments/charts/kuma/README.md index 224873ea70a0..88a9c51f210e 100644 --- a/deployments/charts/kuma/README.md +++ b/deployments/charts/kuma/README.md @@ -40,6 +40,7 @@ A Helm chart for the Kuma Control Plane | controlPlane.podDisruptionBudget.maxUnavailable | int | `1` | The maximum number of unavailable pods allowed by the budget | | controlPlane.affinity | object | `{"podAntiAffinity":{"preferredDuringSchedulingIgnoredDuringExecution":[{"podAffinityTerm":{"labelSelector":{"matchExpressions":[{"key":"app.kubernetes.io/name","operator":"In","values":["{{ include \"kuma.name\" . }}"]},{"key":"app.kubernetes.io/instance","operator":"In","values":["{{ .Release.Name }}"]},{"key":"app","operator":"In","values":["{{ include \"kuma.name\" . }}-control-plane"]}]},"topologyKey":"kubernetes.io/hostname"},"weight":100}]}}` | Affinity placement rule for the Kuma Control Plane pods. This is rendered as a template, so you can reference other helm variables or includes. | | controlPlane.topologySpreadConstraints | string | `nil` | Topology spread constraints rule for the Kuma Control Plane pods. This is rendered as a template, so you can use variables to generate match labels. | +| controlPlane.priorityClassName | string | `""` | Priority Class Name of the Kuma Control Plane | | controlPlane.injectorFailurePolicy | string | `"Fail"` | Failure policy of the mutating webhook implemented by the Kuma Injector component | | controlPlane.service.apiServer.http.nodePort | int | `30681` | Port on which Http api server Service is exposed on Node for service of type NodePort | | controlPlane.service.apiServer.https.nodePort | int | `30682` | Port on which Https api server Service is exposed on Node for service of type NodePort | @@ -157,6 +158,7 @@ A Helm chart for the Kuma Control Plane | ingress.podDisruptionBudget.maxUnavailable | int | `1` | The maximum number of unavailable pods allowed by the budget | | ingress.affinity | object | `{"podAntiAffinity":{"preferredDuringSchedulingIgnoredDuringExecution":[{"podAffinityTerm":{"labelSelector":{"matchExpressions":[{"key":"app.kubernetes.io/name","operator":"In","values":["{{ include \"kuma.name\" . }}"]},{"key":"app.kubernetes.io/instance","operator":"In","values":["{{ .Release.Name }}"]},{"key":"app","operator":"In","values":["kuma-ingress"]}]},"topologyKey":"kubernetes.io/hostname"},"weight":100}]}}` | Affinity placement rule for the Kuma Ingress pods This is rendered as a template, so you can reference other helm variables or includes. | | ingress.topologySpreadConstraints | string | `nil` | Topology spread constraints rule for the Kuma Mesh Ingress pods. This is rendered as a template, so you can use variables to generate match labels. | +| ingress.priorityClassName | string | `""` | Priority Class Name of the ingress | | ingress.podSecurityContext | object | `{"runAsGroup":5678,"runAsNonRoot":true,"runAsUser":5678}` | Security context at the pod level for ingress | | ingress.containerSecurityContext | object | `{"readOnlyRootFilesystem":true}` | Security context at the container level for ingress | | ingress.serviceAccountAnnotations | object | `{}` | Annotations to add for Control Plane's Service Account | @@ -194,6 +196,7 @@ A Helm chart for the Kuma Control Plane | egress.podDisruptionBudget.maxUnavailable | int | `1` | The maximum number of unavailable pods allowed by the budget | | egress.affinity | object | `{"podAntiAffinity":{"preferredDuringSchedulingIgnoredDuringExecution":[{"podAffinityTerm":{"labelSelector":{"matchExpressions":[{"key":"app.kubernetes.io/name","operator":"In","values":["{{ include \"kuma.name\" . }}"]},{"key":"app.kubernetes.io/instance","operator":"In","values":["{{ .Release.Name }}"]},{"key":"app","operator":"In","values":["kuma-egress"]}]},"topologyKey":"kubernetes.io/hostname"},"weight":100}]}}` | Affinity placement rule for the Kuma Egress pods. This is rendered as a template, so you can reference other helm variables or includes. | | egress.topologySpreadConstraints | string | `nil` | Topology spread constraints rule for the Kuma Egress pods. This is rendered as a template, so you can use variables to generate match labels. | +| egress.priorityClassName | string | `""` | Priority Class Name of the egress | | egress.podSecurityContext | object | `{"runAsGroup":5678,"runAsNonRoot":true,"runAsUser":5678}` | Security context at the pod level for egress | | egress.containerSecurityContext | object | `{"readOnlyRootFilesystem":true}` | Security context at the container level for egress | | egress.serviceAccountAnnotations | object | `{}` | Annotations to add for Control Plane's Service Account | diff --git a/deployments/charts/kuma/templates/cp-deployment.yaml b/deployments/charts/kuma/templates/cp-deployment.yaml index 1111b149bce0..6e6329688c23 100644 --- a/deployments/charts/kuma/templates/cp-deployment.yaml +++ b/deployments/charts/kuma/templates/cp-deployment.yaml @@ -97,6 +97,9 @@ spec: {{- with .Values.controlPlane.topologySpreadConstraints }} topologySpreadConstraints: {{ tpl (toYaml . | nindent 8) $ }} {{- end }} + {{- with .Values.controlPlane.priorityClassName }} + priorityClassName: {{ . }} + {{- end }} securityContext: {{- toYaml .Values.controlPlane.podSecurityContext | trim | nindent 8 }} serviceAccountName: {{ include "kuma.name" . }}-control-plane diff --git a/deployments/charts/kuma/templates/egress-deployment.yaml b/deployments/charts/kuma/templates/egress-deployment.yaml index 3b6617eee0bd..1f6ccd2d754a 100644 --- a/deployments/charts/kuma/templates/egress-deployment.yaml +++ b/deployments/charts/kuma/templates/egress-deployment.yaml @@ -33,6 +33,9 @@ spec: {{- with .Values.egress.topologySpreadConstraints }} topologySpreadConstraints: {{ tpl (toYaml . | nindent 8) $ }} {{- end }} + {{- with .Values.egress.priorityClassName }} + priorityClassName: {{ . }} + {{- end }} securityContext: {{- toYaml .Values.egress.podSecurityContext | trim | nindent 8 }} serviceAccountName: {{ include "kuma.name" . }}-egress diff --git a/deployments/charts/kuma/templates/ingress-deployment.yaml b/deployments/charts/kuma/templates/ingress-deployment.yaml index fcefeaac6319..5a31584db951 100644 --- a/deployments/charts/kuma/templates/ingress-deployment.yaml +++ b/deployments/charts/kuma/templates/ingress-deployment.yaml @@ -33,6 +33,9 @@ spec: {{- with .Values.ingress.topologySpreadConstraints }} topologySpreadConstraints: {{ tpl (toYaml . | nindent 8) $ }} {{- end }} + {{- with .Values.ingress.priorityClassName }} + priorityClassName: {{ . }} + {{- end }} securityContext: {{- toYaml .Values.ingress.podSecurityContext | trim | nindent 8 }} serviceAccountName: {{ include "kuma.name" . }}-ingress diff --git a/deployments/charts/kuma/values.yaml b/deployments/charts/kuma/values.yaml index e765d6137db2..07e2bd710f37 100644 --- a/deployments/charts/kuma/values.yaml +++ b/deployments/charts/kuma/values.yaml @@ -119,6 +119,9 @@ controlPlane: # This is rendered as a template, so you can use variables to generate match labels. topologySpreadConstraints: + # -- Priority Class Name of the Kuma Control Plane + priorityClassName: "" + # -- Failure policy of the mutating webhook implemented by the Kuma Injector component injectorFailurePolicy: Fail @@ -532,6 +535,9 @@ ingress: # This is rendered as a template, so you can use variables to generate match labels. topologySpreadConstraints: + # -- Priority Class Name of the ingress + priorityClassName: "" + # -- Security context at the pod level for ingress podSecurityContext: runAsNonRoot: true @@ -655,6 +661,9 @@ egress: # This is rendered as a template, so you can use variables to generate match labels. topologySpreadConstraints: + # -- Priority Class Name of the egress + priorityClassName: "" + # -- Security context at the pod level for egress podSecurityContext: runAsNonRoot: true diff --git a/docs/generated/raw/helm-values.yaml b/docs/generated/raw/helm-values.yaml index e765d6137db2..07e2bd710f37 100644 --- a/docs/generated/raw/helm-values.yaml +++ b/docs/generated/raw/helm-values.yaml @@ -119,6 +119,9 @@ controlPlane: # This is rendered as a template, so you can use variables to generate match labels. topologySpreadConstraints: + # -- Priority Class Name of the Kuma Control Plane + priorityClassName: "" + # -- Failure policy of the mutating webhook implemented by the Kuma Injector component injectorFailurePolicy: Fail @@ -532,6 +535,9 @@ ingress: # This is rendered as a template, so you can use variables to generate match labels. topologySpreadConstraints: + # -- Priority Class Name of the ingress + priorityClassName: "" + # -- Security context at the pod level for ingress podSecurityContext: runAsNonRoot: true @@ -655,6 +661,9 @@ egress: # This is rendered as a template, so you can use variables to generate match labels. topologySpreadConstraints: + # -- Priority Class Name of the egress + priorityClassName: "" + # -- Security context at the pod level for egress podSecurityContext: runAsNonRoot: true