Use app build suite to build the app (#214)

Co-authored-by: Andreas Sommer <[email protected]>
giantswarm · Jan 29, 2024 · 141b5b3 · 141b5b3
1 parent 21d6009
commit 141b5b3
Show file tree

Hide file tree

Showing 40 changed files with 93 additions and 72 deletions.
diff --git a/.abs/main.yaml b/.abs/main.yaml
@@ -0,0 +1,4 @@
+replace-chart-version-with-git: true
+generate-metadata: true
+chart-dir: ./helm/cluster-api-provider-aws-app
+destination: ./build
diff --git a/.circleci/config.yml b/.circleci/config.yml
@@ -1,12 +1,13 @@
 version: 2.1
 orbs:
-  architect: giantswarm/architect@4.35.5
+  architect: giantswarm/architect@4.38.0
 
 workflows:
   package-and-push-chart-on-tag:
     jobs:
       - architect/push-to-app-catalog:
           context: "architect"
+          executor: "app-build-suite"
           name: push-to-app-catalog
           app_catalog: "control-plane-catalog"
           app_catalog_test: "control-plane-test-catalog"

diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -7,6 +7,10 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ## [Unreleased]
 
+### Changed
+
+- Use `app-build-suite` to build the app
+
 ## [2.13.0] - 2024-01-23
 
 ### Changed

diff --git a/config/helm/common-labels.yaml b/config/helm/common-labels.yaml
@@ -4,13 +4,12 @@ kind: LabelTransformer
 metadata:
   name: common-labels
 labels:
-  app.giantswarm.io/branch: '{{ .Values.project.branch }}'
-  app.giantswarm.io/commit: '{{ .Values.project.commit }}'
   app.kubernetes.io/managed-by: '{{ .Release.Service }}'
   app.kubernetes.io/version: '{{ .Chart.AppVersion }}'
   helm.sh/chart: '{{ .Chart.Name }}'
   app.kubernetes.io/name: '{{ .Chart.Name }}'
   app.kubernetes.io/instance: '{{ .Release.Name }}'
+  application.giantswarm.io/team: '{{ index .Chart.Annotations "application.giantswarm.io/team" }}'
 fieldSpecs:
   - path: metadata/labels
     create: true

diff --git a/config/helm/deployment-requests-limits.yaml b/config/helm/deployment-requests-limits.yaml
@@ -0,0 +1,19 @@
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: capa-controller-manager
+  namespace: capa-system
+  annotations:
+    ignore-check.kube-linter.io/unset-cpu-requirements: "We don't want a CPU limit"
+spec:
+  template:
+    spec:
+      containers:
+        - name: manager
+          resources:
+            requests:
+              cpu: 10m
+              memory: 250Mi
+            limits:
+              memory: 512Mi
diff --git a/config/helm/deployment-securitycontext.yaml b/config/helm/deployment-securitycontext.yaml
@@ -13,6 +13,7 @@ spec:
         - name: manager
           securityContext:
             allowPrivilegeEscalation: false
+            readOnlyRootFilesystem: true
             capabilities:
               drop:
               - ALL
diff --git a/config/helm/kustomization.yaml b/config/helm/kustomization.yaml
@@ -38,6 +38,7 @@ patches:
   - path: deployment-metrics-port.yaml
   - path: deployment-iam-role.yaml
   - path: deployment-nodeaffinity.yaml
+  - path: deployment-requests-limits.yaml
   - path: deployment-seccomp.yaml
   - path: deployment-securitycontext.yaml
   - path: delete-namespace.yaml

diff --git a/helm/cluster-api-provider-aws/Chart.yaml b/helm/cluster-api-provider-aws/Chart.yaml
@@ -1,9 +1,10 @@
-apiVersion: "v1"
+apiVersion: "v2"
 name: cluster-api-provider-aws
 description: "Helm chart for cluster-api-provider-aws."
 home: "https://github.com/giantswarm/cluster-api-provider-aws-app"
-version: "[[ .Version ]]"
-appVersion: [[ .AppVersion ]]
+icon: https://s.giantswarm.io/app-icons/aws/2/dark.svg
+version: "2.11.0"
+appVersion: "2.3.0"
 annotations:
   application.giantswarm.io/team: "phoenix"
   config.giantswarm.io/version: 1.x.x
diff --git a/...cluster-api-provider-aws/files/bootstrap/bases/eksconfigs.bootstrap.cluster.x-k8s.io.yaml b/...cluster-api-provider-aws/files/bootstrap/bases/eksconfigs.bootstrap.cluster.x-k8s.io.yaml
@@ -5,12 +5,11 @@ metadata:
     cert-manager.io/inject-ca-from: '{{ .Release.Namespace }}/capa-serving-cert'
     controller-gen.kubebuilder.io/version: v0.12.1
   labels:
-    app.giantswarm.io/branch: '{{ .Values.project.branch }}'
-    app.giantswarm.io/commit: '{{ .Values.project.commit }}'
     app.kubernetes.io/instance: '{{ .Release.Name }}'
     app.kubernetes.io/managed-by: '{{ .Release.Service }}'
     app.kubernetes.io/name: '{{ .Chart.Name }}'
     app.kubernetes.io/version: '{{ .Chart.AppVersion }}'
+    application.giantswarm.io/team: '{{ index .Chart.Annotations "application.giantswarm.io/team" }}'
     cluster.x-k8s.io/provider: infrastructure-aws
     cluster.x-k8s.io/v1alpha3: v1alpha3
     cluster.x-k8s.io/v1alpha4: v1alpha4

diff --git a/...api-provider-aws/files/bootstrap/bases/eksconfigtemplates.bootstrap.cluster.x-k8s.io.yaml b/...api-provider-aws/files/bootstrap/bases/eksconfigtemplates.bootstrap.cluster.x-k8s.io.yaml
@@ -5,12 +5,11 @@ metadata:
     cert-manager.io/inject-ca-from: '{{ .Release.Namespace }}/capa-serving-cert'
     controller-gen.kubebuilder.io/version: v0.12.1
   labels:
-    app.giantswarm.io/branch: '{{ .Values.project.branch }}'
-    app.giantswarm.io/commit: '{{ .Values.project.commit }}'
     app.kubernetes.io/instance: '{{ .Release.Name }}'
     app.kubernetes.io/managed-by: '{{ .Release.Service }}'
     app.kubernetes.io/name: '{{ .Chart.Name }}'
     app.kubernetes.io/version: '{{ .Chart.AppVersion }}'
+    application.giantswarm.io/team: '{{ index .Chart.Annotations "application.giantswarm.io/team" }}'
     cluster.x-k8s.io/provider: infrastructure-aws
     cluster.x-k8s.io/v1alpha3: v1alpha3
     cluster.x-k8s.io/v1alpha4: v1alpha4

diff --git a/...r-aws/files/controlplane/bases/awsmanagedcontrolplanes.controlplane.cluster.x-k8s.io.yaml b/...r-aws/files/controlplane/bases/awsmanagedcontrolplanes.controlplane.cluster.x-k8s.io.yaml
@@ -5,12 +5,11 @@ metadata:
     cert-manager.io/inject-ca-from: '{{ .Release.Namespace }}/capa-serving-cert'
     controller-gen.kubebuilder.io/version: v0.12.1
   labels:
-    app.giantswarm.io/branch: '{{ .Values.project.branch }}'
-    app.giantswarm.io/commit: '{{ .Values.project.commit }}'
     app.kubernetes.io/instance: '{{ .Release.Name }}'
     app.kubernetes.io/managed-by: '{{ .Release.Service }}'
     app.kubernetes.io/name: '{{ .Chart.Name }}'
     app.kubernetes.io/version: '{{ .Chart.AppVersion }}'
+    application.giantswarm.io/team: '{{ index .Chart.Annotations "application.giantswarm.io/team" }}'
     cluster.x-k8s.io/provider: infrastructure-aws
     cluster.x-k8s.io/v1alpha3: v1alpha3
     cluster.x-k8s.io/v1alpha4: v1alpha4

diff --git a/.../infrastructure/bases/awsclustercontrolleridentities.infrastructure.cluster.x-k8s.io.yaml b/.../infrastructure/bases/awsclustercontrolleridentities.infrastructure.cluster.x-k8s.io.yaml
@@ -5,12 +5,11 @@ metadata:
     cert-manager.io/inject-ca-from: '{{ .Release.Namespace }}/capa-serving-cert'
     controller-gen.kubebuilder.io/version: v0.12.1
   labels:
-    app.giantswarm.io/branch: '{{ .Values.project.branch }}'
-    app.giantswarm.io/commit: '{{ .Values.project.commit }}'
     app.kubernetes.io/instance: '{{ .Release.Name }}'
     app.kubernetes.io/managed-by: '{{ .Release.Service }}'
     app.kubernetes.io/name: '{{ .Chart.Name }}'
     app.kubernetes.io/version: '{{ .Chart.AppVersion }}'
+    application.giantswarm.io/team: '{{ index .Chart.Annotations "application.giantswarm.io/team" }}'
     cluster.x-k8s.io/provider: infrastructure-aws
     cluster.x-k8s.io/v1alpha3: v1alpha3
     cluster.x-k8s.io/v1alpha4: v1alpha4

diff --git a/.../files/infrastructure/bases/awsclusterroleidentities.infrastructure.cluster.x-k8s.io.yaml b/.../files/infrastructure/bases/awsclusterroleidentities.infrastructure.cluster.x-k8s.io.yaml
@@ -5,12 +5,11 @@ metadata:
     cert-manager.io/inject-ca-from: '{{ .Release.Namespace }}/capa-serving-cert'
     controller-gen.kubebuilder.io/version: v0.12.1
   labels:
-    app.giantswarm.io/branch: '{{ .Values.project.branch }}'
-    app.giantswarm.io/commit: '{{ .Values.project.commit }}'
     app.kubernetes.io/instance: '{{ .Release.Name }}'
     app.kubernetes.io/managed-by: '{{ .Release.Service }}'
     app.kubernetes.io/name: '{{ .Chart.Name }}'
     app.kubernetes.io/version: '{{ .Chart.AppVersion }}'
+    application.giantswarm.io/team: '{{ index .Chart.Annotations "application.giantswarm.io/team" }}'
     cluster.x-k8s.io/provider: infrastructure-aws
     cluster.x-k8s.io/v1alpha3: v1alpha3
     cluster.x-k8s.io/v1alpha4: v1alpha4

diff --git a/...-provider-aws/files/infrastructure/bases/awsclusters.infrastructure.cluster.x-k8s.io.yaml b/...-provider-aws/files/infrastructure/bases/awsclusters.infrastructure.cluster.x-k8s.io.yaml
@@ -5,12 +5,11 @@ metadata:
     cert-manager.io/inject-ca-from: '{{ .Release.Namespace }}/capa-serving-cert'
     controller-gen.kubebuilder.io/version: v0.12.1
   labels:
-    app.giantswarm.io/branch: '{{ .Values.project.branch }}'
-    app.giantswarm.io/commit: '{{ .Values.project.commit }}'
     app.kubernetes.io/instance: '{{ .Release.Name }}'
     app.kubernetes.io/managed-by: '{{ .Release.Service }}'
     app.kubernetes.io/name: '{{ .Chart.Name }}'
     app.kubernetes.io/version: '{{ .Chart.AppVersion }}'
+    application.giantswarm.io/team: '{{ index .Chart.Annotations "application.giantswarm.io/team" }}'
     cluster.x-k8s.io/provider: infrastructure-aws
     cluster.x-k8s.io/v1alpha3: v1alpha3
     cluster.x-k8s.io/v1alpha4: v1alpha4

diff --git a/...iles/infrastructure/bases/awsclusterstaticidentities.infrastructure.cluster.x-k8s.io.yaml b/...iles/infrastructure/bases/awsclusterstaticidentities.infrastructure.cluster.x-k8s.io.yaml
@@ -5,12 +5,11 @@ metadata:
     cert-manager.io/inject-ca-from: '{{ .Release.Namespace }}/capa-serving-cert'
     controller-gen.kubebuilder.io/version: v0.12.1
   labels:
-    app.giantswarm.io/branch: '{{ .Values.project.branch }}'
-    app.giantswarm.io/commit: '{{ .Values.project.commit }}'
     app.kubernetes.io/instance: '{{ .Release.Name }}'
     app.kubernetes.io/managed-by: '{{ .Release.Service }}'
     app.kubernetes.io/name: '{{ .Chart.Name }}'
     app.kubernetes.io/version: '{{ .Chart.AppVersion }}'
+    application.giantswarm.io/team: '{{ index .Chart.Annotations "application.giantswarm.io/team" }}'
     cluster.x-k8s.io/provider: infrastructure-aws
     cluster.x-k8s.io/v1alpha3: v1alpha3
     cluster.x-k8s.io/v1alpha4: v1alpha4

diff --git a/...r-aws/files/infrastructure/bases/awsclustertemplates.infrastructure.cluster.x-k8s.io.yaml b/...r-aws/files/infrastructure/bases/awsclustertemplates.infrastructure.cluster.x-k8s.io.yaml
@@ -5,12 +5,11 @@ metadata:
     cert-manager.io/inject-ca-from: '{{ .Release.Namespace }}/capa-serving-cert'
     controller-gen.kubebuilder.io/version: v0.12.1
   labels:
-    app.giantswarm.io/branch: '{{ .Values.project.branch }}'
-    app.giantswarm.io/commit: '{{ .Values.project.commit }}'
     app.kubernetes.io/instance: '{{ .Release.Name }}'
     app.kubernetes.io/managed-by: '{{ .Release.Service }}'
     app.kubernetes.io/name: '{{ .Chart.Name }}'
     app.kubernetes.io/version: '{{ .Chart.AppVersion }}'
+    application.giantswarm.io/team: '{{ index .Chart.Annotations "application.giantswarm.io/team" }}'
     cluster.x-k8s.io/provider: infrastructure-aws
     cluster.x-k8s.io/v1alpha3: v1alpha3
     cluster.x-k8s.io/v1alpha4: v1alpha4

diff --git a/...er-aws/files/infrastructure/bases/awsfargateprofiles.infrastructure.cluster.x-k8s.io.yaml b/...er-aws/files/infrastructure/bases/awsfargateprofiles.infrastructure.cluster.x-k8s.io.yaml
@@ -5,12 +5,11 @@ metadata:
     cert-manager.io/inject-ca-from: '{{ .Release.Namespace }}/capa-serving-cert'
     controller-gen.kubebuilder.io/version: v0.12.1
   labels:
-    app.giantswarm.io/branch: '{{ .Values.project.branch }}'
-    app.giantswarm.io/commit: '{{ .Values.project.commit }}'
     app.kubernetes.io/instance: '{{ .Release.Name }}'
     app.kubernetes.io/managed-by: '{{ .Release.Service }}'
     app.kubernetes.io/name: '{{ .Chart.Name }}'
     app.kubernetes.io/version: '{{ .Chart.AppVersion }}'
+    application.giantswarm.io/team: '{{ index .Chart.Annotations "application.giantswarm.io/team" }}'
     cluster.x-k8s.io/provider: infrastructure-aws
     cluster.x-k8s.io/v1alpha3: v1alpha3
     cluster.x-k8s.io/v1alpha4: v1alpha4

diff --git a/...vider-aws/files/infrastructure/bases/awsmachinepools.infrastructure.cluster.x-k8s.io.yaml b/...vider-aws/files/infrastructure/bases/awsmachinepools.infrastructure.cluster.x-k8s.io.yaml
@@ -5,12 +5,11 @@ metadata:
     cert-manager.io/inject-ca-from: '{{ .Release.Namespace }}/capa-serving-cert'
     controller-gen.kubebuilder.io/version: v0.12.1
   labels:
-    app.giantswarm.io/branch: '{{ .Values.project.branch }}'
-    app.giantswarm.io/commit: '{{ .Values.project.commit }}'
     app.kubernetes.io/instance: '{{ .Release.Name }}'
     app.kubernetes.io/managed-by: '{{ .Release.Service }}'
     app.kubernetes.io/name: '{{ .Chart.Name }}'
     app.kubernetes.io/version: '{{ .Chart.AppVersion }}'
+    application.giantswarm.io/team: '{{ index .Chart.Annotations "application.giantswarm.io/team" }}'
     cluster.x-k8s.io/provider: infrastructure-aws
     cluster.x-k8s.io/v1alpha3: v1alpha3
     cluster.x-k8s.io/v1alpha4: v1alpha4

diff --git a/...-provider-aws/files/infrastructure/bases/awsmachines.infrastructure.cluster.x-k8s.io.yaml b/...-provider-aws/files/infrastructure/bases/awsmachines.infrastructure.cluster.x-k8s.io.yaml
@@ -5,12 +5,11 @@ metadata:
     cert-manager.io/inject-ca-from: '{{ .Release.Namespace }}/capa-serving-cert'
     controller-gen.kubebuilder.io/version: v0.12.1
   labels:
-    app.giantswarm.io/branch: '{{ .Values.project.branch }}'
-    app.giantswarm.io/commit: '{{ .Values.project.commit }}'
     app.kubernetes.io/instance: '{{ .Release.Name }}'
     app.kubernetes.io/managed-by: '{{ .Release.Service }}'
     app.kubernetes.io/name: '{{ .Chart.Name }}'
     app.kubernetes.io/version: '{{ .Chart.AppVersion }}'
+    application.giantswarm.io/team: '{{ index .Chart.Annotations "application.giantswarm.io/team" }}'
     cluster.x-k8s.io/provider: infrastructure-aws
     cluster.x-k8s.io/v1alpha3: v1alpha3
     cluster.x-k8s.io/v1alpha4: v1alpha4

diff --git a/...r-aws/files/infrastructure/bases/awsmachinetemplates.infrastructure.cluster.x-k8s.io.yaml b/...r-aws/files/infrastructure/bases/awsmachinetemplates.infrastructure.cluster.x-k8s.io.yaml
@@ -5,12 +5,11 @@ metadata:
     cert-manager.io/inject-ca-from: '{{ .Release.Namespace }}/capa-serving-cert'
     controller-gen.kubebuilder.io/version: v0.12.1
   labels:
-    app.giantswarm.io/branch: '{{ .Values.project.branch }}'
-    app.giantswarm.io/commit: '{{ .Values.project.commit }}'
     app.kubernetes.io/instance: '{{ .Release.Name }}'
     app.kubernetes.io/managed-by: '{{ .Release.Service }}'
     app.kubernetes.io/name: '{{ .Chart.Name }}'
     app.kubernetes.io/version: '{{ .Chart.AppVersion }}'
+    application.giantswarm.io/team: '{{ index .Chart.Annotations "application.giantswarm.io/team" }}'
     cluster.x-k8s.io/provider: infrastructure-aws
     cluster.x-k8s.io/v1alpha3: v1alpha3
     cluster.x-k8s.io/v1alpha4: v1alpha4

diff --git a/...er-aws/files/infrastructure/bases/awsmanagedclusters.infrastructure.cluster.x-k8s.io.yaml b/...er-aws/files/infrastructure/bases/awsmanagedclusters.infrastructure.cluster.x-k8s.io.yaml
@@ -5,12 +5,11 @@ metadata:
     cert-manager.io/inject-ca-from: '{{ .Release.Namespace }}/capa-serving-cert'
     controller-gen.kubebuilder.io/version: v0.12.1
   labels:
-    app.giantswarm.io/branch: '{{ .Values.project.branch }}'
-    app.giantswarm.io/commit: '{{ .Values.project.commit }}'
     app.kubernetes.io/instance: '{{ .Release.Name }}'
     app.kubernetes.io/managed-by: '{{ .Release.Service }}'
     app.kubernetes.io/name: '{{ .Chart.Name }}'
     app.kubernetes.io/version: '{{ .Chart.AppVersion }}'
+    application.giantswarm.io/team: '{{ index .Chart.Annotations "application.giantswarm.io/team" }}'
     cluster.x-k8s.io/provider: infrastructure-aws
     cluster.x-k8s.io/v1alpha3: v1alpha3
     cluster.x-k8s.io/v1alpha4: v1alpha4

diff --git a/...ws/files/infrastructure/bases/awsmanagedmachinepools.infrastructure.cluster.x-k8s.io.yaml b/...ws/files/infrastructure/bases/awsmanagedmachinepools.infrastructure.cluster.x-k8s.io.yaml
@@ -5,12 +5,11 @@ metadata:
     cert-manager.io/inject-ca-from: '{{ .Release.Namespace }}/capa-serving-cert'
     controller-gen.kubebuilder.io/version: v0.12.1
   labels:
-    app.giantswarm.io/branch: '{{ .Values.project.branch }}'
-    app.giantswarm.io/commit: '{{ .Values.project.commit }}'
     app.kubernetes.io/instance: '{{ .Release.Name }}'
     app.kubernetes.io/managed-by: '{{ .Release.Service }}'
     app.kubernetes.io/name: '{{ .Chart.Name }}'
     app.kubernetes.io/version: '{{ .Chart.AppVersion }}'
+    application.giantswarm.io/team: '{{ index .Chart.Annotations "application.giantswarm.io/team" }}'
     cluster.x-k8s.io/provider: infrastructure-aws
     cluster.x-k8s.io/v1alpha3: v1alpha3
     cluster.x-k8s.io/v1alpha4: v1alpha4

diff --git a/helm/cluster-api-provider-aws/templates/_helpers.tpl b/helm/cluster-api-provider-aws/templates/_helpers.tpl
@@ -62,12 +62,11 @@ Common labels
 */}}
 {{- define "labels.common" -}}
 app.kubernetes.io/instance: {{ .Release.Name | quote }}
-app.giantswarm.io/branch: {{ .Values.project.branch | replace "#" "-" | replace "/" "-" | replace "." "-" | trunc 63 | trimSuffix "-" | quote }}
-app.giantswarm.io/commit: {{ .Values.project.commit | quote }}
 app.kubernetes.io/managed-by: {{ .Release.Service | quote }}
 app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
 helm.sh/chart: {{ include "chart" . | quote }}
 giantswarm.io/service-type: {{ .Values.serviceType }}
+application.giantswarm.io/team: {{ index .Chart.Annotations "application.giantswarm.io/team" | quote }}
 {{- end -}}
 
 {{- define "capa.crdInstall" -}}

diff --git a/...ation.k8s.io_v1_mutatingwebhookconfiguration_zzz-capa-mutating-webhook-configuration.yaml b/...ation.k8s.io_v1_mutatingwebhookconfiguration_zzz-capa-mutating-webhook-configuration.yaml
@@ -4,12 +4,12 @@ metadata:
   annotations:
     cert-manager.io/inject-ca-from: '{{ .Release.Namespace }}/capa-serving-cert'
   labels:
-    app.giantswarm.io/branch: '{{ .Values.project.branch }}'
-    app.giantswarm.io/commit: '{{ .Values.project.commit }}'
     app.kubernetes.io/instance: '{{ .Release.Name }}'
     app.kubernetes.io/managed-by: '{{ .Release.Service }}'
     app.kubernetes.io/name: '{{ .Chart.Name }}'
     app.kubernetes.io/version: '{{ .Chart.AppVersion }}'
+    application.giantswarm.io/team: '{{ index .Chart.Annotations "application.giantswarm.io/team"
+      }}'
     cluster.x-k8s.io/provider: infrastructure-aws
     helm.sh/chart: '{{ .Chart.Name }}'
   name: zzz-capa-mutating-webhook-configuration

diff --git a/...ation.k8s.io_v1_validatingwebhookconfiguration_capa-validating-webhook-configuration.yaml b/...ation.k8s.io_v1_validatingwebhookconfiguration_capa-validating-webhook-configuration.yaml
@@ -4,12 +4,12 @@ metadata:
   annotations:
     cert-manager.io/inject-ca-from: '{{ .Release.Namespace }}/capa-serving-cert'
   labels:
-    app.giantswarm.io/branch: '{{ .Values.project.branch }}'
-    app.giantswarm.io/commit: '{{ .Values.project.commit }}'
     app.kubernetes.io/instance: '{{ .Release.Name }}'
     app.kubernetes.io/managed-by: '{{ .Release.Service }}'
     app.kubernetes.io/name: '{{ .Chart.Name }}'
     app.kubernetes.io/version: '{{ .Chart.AppVersion }}'
+    application.giantswarm.io/team: '{{ index .Chart.Annotations "application.giantswarm.io/team"
+      }}'
     cluster.x-k8s.io/provider: infrastructure-aws
     helm.sh/chart: '{{ .Chart.Name }}'
   name: capa-validating-webhook-configuration

diff --git a/helm/cluster-api-provider-aws/templates/apps_v1_deployment_capa-controller-manager.yaml b/helm/cluster-api-provider-aws/templates/apps_v1_deployment_capa-controller-manager.yaml
@@ -1,13 +1,15 @@
 apiVersion: apps/v1
 kind: Deployment
 metadata:
+  annotations:
+    ignore-check.kube-linter.io/unset-cpu-requirements: We don't want a CPU limit
   labels:
-    app.giantswarm.io/branch: '{{ .Values.project.branch }}'
-    app.giantswarm.io/commit: '{{ .Values.project.commit }}'
     app.kubernetes.io/instance: '{{ .Release.Name }}'
     app.kubernetes.io/managed-by: '{{ .Release.Service }}'
     app.kubernetes.io/name: '{{ .Chart.Name }}'
     app.kubernetes.io/version: '{{ .Chart.AppVersion }}'
+    application.giantswarm.io/team: '{{ index .Chart.Annotations "application.giantswarm.io/team"
+      }}'
     cluster.x-k8s.io/provider: infrastructure-aws
     control-plane: capa-controller-manager
     helm.sh/chart: '{{ .Chart.Name }}'
@@ -24,12 +26,12 @@ spec:
       annotations:
         iam.amazonaws.com/role: '{{ .Values.aws.arn }}:=""'
       labels:
-        app.giantswarm.io/branch: '{{ .Values.project.branch }}'
-        app.giantswarm.io/commit: '{{ .Values.project.commit }}'
         app.kubernetes.io/instance: '{{ .Release.Name }}'
         app.kubernetes.io/managed-by: '{{ .Release.Service }}'
         app.kubernetes.io/name: '{{ .Chart.Name }}'
         app.kubernetes.io/version: '{{ .Chart.AppVersion }}'
+        application.giantswarm.io/team: '{{ index .Chart.Annotations "application.giantswarm.io/team"
+          }}'
         cluster.x-k8s.io/provider: infrastructure-aws
         control-plane: capa-controller-manager
         helm.sh/chart: '{{ .Chart.Name }}'
@@ -80,11 +82,18 @@ spec:
           httpGet:
             path: /readyz
             port: healthz
+        resources:
+          limits:
+            memory: 512Mi
+          requests:
+            cpu: 10m
+            memory: 250Mi
         securityContext:
           allowPrivilegeEscalation: false
           capabilities:
             drop:
             - ALL
+          readOnlyRootFilesystem: true
           runAsGroup: 65532
           runAsUser: 65532
           seccompProfile: