[minio] add podLabels, serviceAccount and priorityClass to bucke…#1218
Open
ixxeL2097 wants to merge 1 commit intoCloudPirates-io:mainfrom
Open
[minio] add podLabels, serviceAccount and priorityClass to bucke…#1218ixxeL2097 wants to merge 1 commit intoCloudPirates-io:mainfrom
ixxeL2097 wants to merge 1 commit intoCloudPirates-io:mainfrom
Conversation
…t-init job The bucket-init job template was missing several features compared to the Deployment template: - podLabels injection (needed for ArgoCD / Istio sidecar control) - commonLabels propagation to pod template - serviceAccountName (needed for IRSA/Workload Identity) - priorityClassName support Also fixes: - Job name regression from upstream sync (post-job -> bucket-init) - Remove dead postJob values section Ref: ENT-3741
ixxeL2097
changed the title
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
The bucket initialization job template is missing several features that the Deployment template already supports. This causes issues for users deploying with ArgoCD, service meshes (Istio), or Workload Identity.
Changes
Template (
bucket-init-job.yaml):bucketInitJob.podLabels— inject custom labels into the job's pod spec (e.g.sidecar.istio.io/inject: "false")commonLabelspropagation — pod template now usesminio.labelsinstead ofminio.selectorLabels, socommonLabelsare propagated to job pods (needed for network policies, Kyverno/OPA)serviceAccountName— the job now uses the chart's ServiceAccount (needed for IRSA/Workload Identity)priorityClassName— support priority class on the job podspost-job→bucket-init— aligns the Job resource name with the ConfigMap and container name which already usebucket-initValues (
values.yaml):bucketInitJob.podLabels: {}parameterpostJobsection (was not referenced by any template)bucketInitJob.annotationsTests:
bucket-init-job_test.yamltest suite (9 tests covering podLabels, commonLabels, serviceAccount, priorityClassName, podAnnotations)Other:
0.12.0→0.13.0values.schema.jsonMotivation
Reported by a customer deploying on OpenShift with ArgoCD:
podLabelsvalues set underbucketInitJobwere not rendered in the pod spec because the template didn't consume them. ThepostJobvalues section was also confusing as it was completely unused dead code.Test plan
helm unittest charts/minio/— all 26 tests passhelm lint charts/minio/— no errors