add commonLabels to customizable values (#1404)

**Description of the change** Helm Chart only update, add new value `commonLabels` that functions the same as `commonAnnotations` by adding labels to `_helpers.tpl` in `sealed-secrets.labels` **Benefits** * Ability to add custom labels to all resources for any organization compliance **Possible drawbacks** N/A **Applicable issues** - fixes #1373 **Additional information** My current organization requires adding a custom label to all resources, thus the PR. The changes in the PR were tested on a local Kubernetes installation with both `commonLabels: {}` and `commonLabels: {x: 'y'}` --------- Signed-off-by: M Essam Hamed <[email protected]>
bitnami-labs · Dec 22, 2023 · 5e2233c · 5e2233c
1 parent f7196bb
commit 5e2233c
Show file tree

Hide file tree

Showing 18 changed files with 66 additions and 0 deletions.
diff --git a/helm/sealed-secrets/README.md b/helm/sealed-secrets/README.md
@@ -78,6 +78,7 @@ The command removes all the Kubernetes components associated with the chart and
 | `namespace`         | Namespace where to deploy the Sealed Secrets controller | `""`  |
 | `extraDeploy`       | Array of extra objects to deploy with the release       | `[]`  |
 | `commonAnnotations` | Annotations to add to all deployed resources            | `{}`  |
+| `commonLabels`      | Labels to add to all deployed resources                 | `{}`  |
 
 ### Sealed Secrets Parameters
 

diff --git a/helm/sealed-secrets/templates/cluster-role-binding.yaml b/helm/sealed-secrets/templates/cluster-role-binding.yaml
@@ -7,6 +7,9 @@ metadata:
     {{- if .Values.rbac.labels }}
     {{- include "sealed-secrets.render" ( dict "value" .Values.rbac.labels "context" $) | nindent 4 }}
     {{- end }}
+    {{- if .Values.commonLabels }}
+    {{- include "sealed-secrets.render" (dict "value" .Values.commonLabels "context" $) | nindent 4 }}
+    {{- end }}
 roleRef:
   apiGroup: rbac.authorization.k8s.io
   kind: ClusterRole

diff --git a/helm/sealed-secrets/templates/cluster-role.yaml b/helm/sealed-secrets/templates/cluster-role.yaml
@@ -7,6 +7,9 @@ metadata:
     {{- if .Values.rbac.labels }}
     {{- include "sealed-secrets.render" ( dict "value" .Values.rbac.labels "context" $) | nindent 4 }}
     {{- end }}
+    {{- if .Values.commonLabels }}
+    {{- include "sealed-secrets.render" (dict "value" .Values.commonLabels "context" $) | nindent 4 }}
+    {{- end }}
 rules:
   - apiGroups:
       - bitnami.com

diff --git a/helm/sealed-secrets/templates/configmap-dashboards.yaml b/helm/sealed-secrets/templates/configmap-dashboards.yaml
@@ -11,6 +11,9 @@ metadata:
     {{- if $.Values.metrics.dashboards.labels }}
     {{- include "sealed-secrets.render" ( dict "value" $.Values.metrics.dashboards.labels "context" $) | nindent 4 }}
     {{- end }}
+    {{- if .Values.commonLabels }}
+    {{- include "sealed-secrets.render" (dict "value" .Values.commonLabels "context" $) | nindent 4 }}
+    {{- end }}
   annotations:
     {{- if $.Values.metrics.dashboards.annotations }}
     {{- include "sealed-secrets.render" ( dict "value" $.Values.metrics.dashboards.annotations "context" $) | nindent 4 }}

diff --git a/helm/sealed-secrets/templates/deployment.yaml b/helm/sealed-secrets/templates/deployment.yaml
@@ -5,6 +5,9 @@ metadata:
   name: {{ include "sealed-secrets.fullname" . }}
   namespace: {{ include "sealed-secrets.namespace" . }}
   labels: {{- include "sealed-secrets.labels" . | nindent 4 }}
+    {{- if .Values.commonLabels }}
+    {{- include "sealed-secrets.render" (dict "value" .Values.commonLabels "context" $) | nindent 4 }}
+    {{- end }}
   {{- if .Values.commonAnnotations }}
   annotations: {{- toYaml .Values.commonAnnotations | nindent 4 }}
   {{- end }}

diff --git a/helm/sealed-secrets/templates/ingress.yaml b/helm/sealed-secrets/templates/ingress.yaml
@@ -5,6 +5,9 @@ metadata:
   name: {{ include "sealed-secrets.fullname" . }}
   namespace: {{ include "sealed-secrets.namespace" . }}
   labels: {{- include "sealed-secrets.labels" . | nindent 4 }}
+    {{- if .Values.commonLabels }}
+    {{- include "sealed-secrets.render" (dict "value" .Values.commonLabels "context" $) | nindent 4 }}
+    {{- end }}
   {{- if .Values.ingress.annotations }}
   annotations:
     {{- if .Values.ingress.annotations }}

diff --git a/helm/sealed-secrets/templates/networkpolicy.yaml b/helm/sealed-secrets/templates/networkpolicy.yaml
@@ -5,6 +5,9 @@ metadata:
   name: {{ include "sealed-secrets.fullname" . }}
   namespace: {{ include "sealed-secrets.namespace" . }}
   labels: {{- include "sealed-secrets.labels" . | nindent 4 }}
+    {{- if .Values.commonLabels }}
+    {{- include "sealed-secrets.render" (dict "value" .Values.commonLabels "context" $) | nindent 4 }}
+    {{- end }}
 spec:
   podSelector:
     matchLabels: {{- include "sealed-secrets.matchLabels" . | nindent 6 }}

diff --git a/helm/sealed-secrets/templates/pdb.yaml b/helm/sealed-secrets/templates/pdb.yaml
@@ -5,6 +5,9 @@ metadata:
   name: {{ include "sealed-secrets.fullname" . }}
   namespace: {{ include "sealed-secrets.namespace" . }}
   labels: {{- include "sealed-secrets.labels" . | nindent 4 }}
+    {{- if .Values.commonLabels }}
+    {{- include "sealed-secrets.render" (dict "value" .Values.commonLabels "context" $) | nindent 4 }}
+    {{- end }}
   {{- if .Values.commonAnnotations }}
   annotations: {{- toYaml .Values.commonAnnotations | nindent 4 }}
   {{- end }}

diff --git a/helm/sealed-secrets/templates/psp-clusterrole.yaml b/helm/sealed-secrets/templates/psp-clusterrole.yaml
@@ -7,6 +7,9 @@ metadata:
     {{- if .Values.rbac.labels }}
     {{- include "sealed-secrets.render" ( dict "value" .Values.rbac.labels "context" $) | nindent 4 }}
     {{- end }}
+    {{- if .Values.commonLabels }}
+    {{- include "sealed-secrets.render" (dict "value" .Values.commonLabels "context" $) | nindent 4 }}
+    {{- end }}
 rules:
   - apiGroups: ['extensions']
     resources: ['podsecuritypolicies']

diff --git a/helm/sealed-secrets/templates/psp-clusterrolebinding.yaml b/helm/sealed-secrets/templates/psp-clusterrolebinding.yaml
@@ -7,6 +7,9 @@ metadata:
     {{- if .Values.rbac.labels }}
     {{- include "sealed-secrets.render" ( dict "value" .Values.rbac.labels "context" $) | nindent 4 }}
     {{- end }}
+    {{- if .Values.commonLabels }}
+    {{- include "sealed-secrets.render" (dict "value" .Values.commonLabels "context" $) | nindent 4 }}
+    {{- end }}
 roleRef:
   apiGroup: rbac.authorization.k8s.io
   kind: ClusterRole

diff --git a/helm/sealed-secrets/templates/psp.yaml b/helm/sealed-secrets/templates/psp.yaml
@@ -4,6 +4,9 @@ kind: PodSecurityPolicy
 metadata:
   name: {{ include "sealed-secrets.fullname" . }}
   labels: {{- include "sealed-secrets.labels" . | nindent 4 }}
+    {{- if .Values.commonLabels }}
+    {{- include "sealed-secrets.render" (dict "value" .Values.commonLabels "context" $) | nindent 4 }}
+    {{- end }}
 spec:
   privileged: false
   allowPrivilegeEscalation: false

diff --git a/helm/sealed-secrets/templates/role-binding.yaml b/helm/sealed-secrets/templates/role-binding.yaml
@@ -8,6 +8,9 @@ metadata:
     {{- if .Values.rbac.labels }}
     {{- include "sealed-secrets.render" ( dict "value" .Values.rbac.labels "context" $) | nindent 4 }}
     {{- end }}
+    {{- if .Values.commonLabels }}
+    {{- include "sealed-secrets.render" (dict "value" .Values.commonLabels "context" $) | nindent 4 }}
+    {{- end }}
 roleRef:
   apiGroup: rbac.authorization.k8s.io
   kind: Role
@@ -27,6 +30,9 @@ metadata:
     {{- if .Values.rbac.labels }}
     {{- include "sealed-secrets.render" ( dict "value" .Values.rbac.labels "context" $) | nindent 4 }}
     {{- end }}
+    {{- if .Values.commonLabels }}
+    {{- include "sealed-secrets.render" (dict "value" .Values.commonLabels "context" $) | nindent 4 }}
+    {{- end }}
 roleRef:
   apiGroup: rbac.authorization.k8s.io
   kind: Role

diff --git a/helm/sealed-secrets/templates/role.yaml b/helm/sealed-secrets/templates/role.yaml
@@ -8,6 +8,9 @@ metadata:
     {{- if .Values.rbac.labels }}
     {{- include "sealed-secrets.render" ( dict "value" .Values.rbac.labels "context" $) | nindent 4 }}
     {{- end }}
+    {{- if .Values.commonLabels }}
+    {{- include "sealed-secrets.render" (dict "value" .Values.commonLabels "context" $) | nindent 4 }}
+    {{- end }}
 rules:
   - apiGroups:
       - ""
@@ -34,6 +37,9 @@ metadata:
     {{- if .Values.rbac.labels }}
     {{- include "sealed-secrets.render" ( dict "value" .Values.rbac.labels "context" $) | nindent 4 }}
     {{- end }}
+    {{- if .Values.commonLabels }}
+    {{- include "sealed-secrets.render" (dict "value" .Values.commonLabels "context" $) | nindent 4 }}
+    {{- end }}
 rules:
   - apiGroups:
       - ""

diff --git a/helm/sealed-secrets/templates/service-account.yaml b/helm/sealed-secrets/templates/service-account.yaml
@@ -17,4 +17,7 @@ metadata:
     {{- if .Values.serviceAccount.labels }}
     {{- include "sealed-secrets.render" ( dict "value" .Values.serviceAccount.labels "context" $) | nindent 4 }}
     {{- end }}
+    {{- if .Values.commonLabels }}
+    {{- include "sealed-secrets.render" (dict "value" .Values.commonLabels "context" $) | nindent 4 }}
+    {{- end }}
 {{ end }}
diff --git a/helm/sealed-secrets/templates/service.yaml b/helm/sealed-secrets/templates/service.yaml
@@ -17,6 +17,9 @@ metadata:
     {{- if .Values.service.labels }}
     {{- include "sealed-secrets.render" ( dict "value" .Values.service.labels "context" $) | nindent 4 }}
     {{- end }}
+    {{- if .Values.commonLabels }}
+    {{- include "sealed-secrets.render" (dict "value" .Values.commonLabels "context" $) | nindent 4 }}
+    {{- end }}
 spec:
   type: {{ .Values.service.type }}
   ports:
@@ -48,6 +51,9 @@ metadata:
     {{- if .Values.metrics.service.labels }}
     {{- include "sealed-secrets.render" ( dict "value" .Values.metrics.service.labels "context" $) | nindent 4 }}
     {{- end }}
+    {{- if .Values.commonLabels }}
+    {{- include "sealed-secrets.render" (dict "value" .Values.commonLabels "context" $) | nindent 4 }}
+    {{- end }}
 spec:
   type: {{ .Values.metrics.service.type }}
   ports:

diff --git a/helm/sealed-secrets/templates/servicemonitor.yaml b/helm/sealed-secrets/templates/servicemonitor.yaml
@@ -12,6 +12,9 @@ metadata:
     {{- if .Values.metrics.serviceMonitor.labels }}
     {{- include "sealed-secrets.render" ( dict "value" .Values.metrics.serviceMonitor.labels "context" $) | nindent 4 }}
     {{- end }}
+    {{- if .Values.commonLabels }}
+    {{- include "sealed-secrets.render" (dict "value" .Values.commonLabels "context" $) | nindent 4 }}
+    {{- end }}
   {{- if .Values.metrics.serviceMonitor.annotations }}
   annotations: {{- include "sealed-secrets.render" (dict "value" .Values.metrics.serviceMonitor.annotations "context" $) | nindent 4 }}
   {{- end }}

diff --git a/helm/sealed-secrets/templates/tls-secret.yaml b/helm/sealed-secrets/templates/tls-secret.yaml
@@ -7,6 +7,9 @@ metadata:
   name: {{ .name }}
   namespace: {{ include "sealed-secrets.namespace" $ | quote }}
   labels: {{- include "sealed-secrets.labels" $ | nindent 4 }}
+    {{- if .Values.commonLabels }}
+    {{- include "sealed-secrets.render" (dict "value" .Values.commonLabels "context" $) | nindent 4 }}
+    {{- end }}
 type: kubernetes.io/tls
 data:
   tls.crt: {{ .certificate | b64enc }}
@@ -23,6 +26,9 @@ metadata:
   name: {{ printf "%s-tls" .Values.ingress.hostname }}
   namespace: {{ include "sealed-secrets.namespace" . }}
   labels: {{- include "sealed-secrets.labels" . | nindent 4 }}
+    {{- if .Values.commonLabels }}
+    {{- include "sealed-secrets.render" (dict "value" .Values.commonLabels "context" $) | nindent 4 }}
+    {{- end }}
 type: kubernetes.io/tls
 data:
   tls.crt: {{ $cert.Cert | b64enc | quote }}

diff --git a/helm/sealed-secrets/values.yaml b/helm/sealed-secrets/values.yaml
@@ -21,6 +21,11 @@ extraDeploy: []
 ##
 commonAnnotations: {}
 
+## @param commonLabels [ojbect] Labels to add to all deployed resources
+## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/
+## 
+commonLabels: {}
+
 ## @section Sealed Secrets Parameters
 
 ## Sealed Secrets image