operator: added priorityClass configuration and made certmanager para…

…ms configurable
VictoriaMetrics · Jan 20, 2025 · 2302040 · 2302040
1 parent 8b56076
commit 2302040
Show file tree

Hide file tree

Showing 6 changed files with 64 additions and 6 deletions.
diff --git a/charts/victoria-metrics-operator/CHANGELOG.md b/charts/victoria-metrics-operator/CHANGELOG.md
@@ -1,6 +1,7 @@
 ## Next release
 
-- TODO
+- Made certManager certificates commonName and duration configurable. See [this issue](https://github.com/VictoriaMetrics/helm-charts/issues/1924).
+- Add pod priority class configuration for operator. See [this issue](https://github.com/VictoriaMetrics/helm-charts/issues/1929).
 
 ## 0.40.4
 

diff --git a/charts/victoria-metrics-operator/Chart.yaml b/charts/victoria-metrics-operator/Chart.yaml
@@ -6,7 +6,7 @@ home: https://github.com/VictoriaMetrics/operator
 sources:
   - https://github.com/VictoriaMetrics/helm-charts
   - https://github.com/VictoriaMetrics/operator
-version: 0.40.4
+version: 0.40.5
 appVersion: v0.51.3
 icon: https://avatars.githubusercontent.com/u/43720803?s=200&v=4
 kubeVersion: ">=1.25.0-0"

diff --git a/charts/victoria-metrics-operator/README.md b/charts/victoria-metrics-operator/README.md
@@ -255,6 +255,11 @@ Change the values according to the need of the environment in ``victoria-metrics
       <td>object</td>
       <td><pre class="helm-vars-default-value language-yaml" lang="plaintext">
 <code class="language-yaml">certManager:
+    ca:
+        commonName: ca.validation.victoriametrics
+        duration: 63800h0m0s
+    cert:
+        duration: 45800h0m0s
     enabled: false
     issuer: {}
 enabled: true
@@ -285,12 +290,40 @@ tls:
       <td>admissionWebhooks.certManager</td>
       <td>object</td>
       <td><pre class="helm-vars-default-value language-yaml" lang="plaintext">
-<code class="language-yaml">enabled: false
+<code class="language-yaml">ca:
+    commonName: ca.validation.victoriametrics
+    duration: 63800h0m0s
+cert:
+    duration: 45800h0m0s
+enabled: false
 issuer: {}
 </code>
 </pre>
 </td>
       <td><p>Enables custom ca bundle, if you are not using cert-manager. In case of custom ca, you have to create secret - {chart-name}-validation with keys: tls.key, tls.crt, ca.crt</p>
+</td>
+    </tr>
+    <tr>
+      <td>admissionWebhooks.certManager.ca</td>
+      <td>object</td>
+      <td><pre class="helm-vars-default-value language-yaml" lang="plaintext">
+<code class="language-yaml">commonName: ca.validation.victoriametrics
+duration: 63800h0m0s
+</code>
+</pre>
+</td>
+      <td><p>Certificate Authority parameters</p>
+</td>
+    </tr>
+    <tr>
+      <td>admissionWebhooks.certManager.cert</td>
+      <td>object</td>
+      <td><pre class="helm-vars-default-value language-yaml" lang="plaintext">
+<code class="language-yaml">duration: 45800h0m0s
+</code>
+</pre>
+</td>
+      <td><p>Certificate parameters</p>
 </td>
     </tr>
     <tr>
@@ -777,6 +810,17 @@ labels: {}
 </pre>
 </td>
       <td><p>Pod&rsquo;s security context. Details are <a href="https://kubernetes.io/docs/tasks/configure-pod-container/security-context/" target="_blank">here</a></p>
+</td>
+    </tr>
+    <tr>
+      <td>priorityClassName</td>
+      <td>string</td>
+      <td><pre class="helm-vars-default-value language-yaml" lang="">
+<code class="language-yaml">""
+</code>
+</pre>
+</td>
+      <td><p>Name of Priority Class</p>
 </td>
     </tr>
     <tr>

diff --git a/charts/victoria-metrics-operator/templates/deployment.yaml b/charts/victoria-metrics-operator/templates/deployment.yaml
@@ -136,6 +136,9 @@ spec:
       {{- with .Values.nodeSelector }}
       nodeSelector: {{ toYaml . | nindent 8 }}
       {{- end }}
+      {{- with .Values.priorityClassName }}
+      priorityClassName: {{ . }}
+      {{- end }}
       terminationGracePeriodSeconds: {{ .Values.terminationGracePeriodSeconds }}
       {{- with .Values.lifecycle }}
       lifecycle: {{ toYaml . | nindent 8 }}

diff --git a/charts/victoria-metrics-operator/templates/webhook.yaml b/charts/victoria-metrics-operator/templates/webhook.yaml
@@ -66,10 +66,10 @@ metadata:
   namespace: {{ $ns }}
 spec:
   secretName: {{ $fullname }}-root-ca
-  duration: 63800h0m0s
+  duration: {{ .Values.admissionWebhooks.certManager.ca.duration }}
   issuerRef:
     name: {{ $fullname }}-root
-  commonName: "ca.validation.victoriametrics"
+  commonName: {{ .Values.admissionWebhooks.certManager.ca.commonName }}
   isCA: true
 ---
 apiVersion: cert-manager.io/v1
@@ -90,7 +90,7 @@ metadata:
   namespace: {{ $ns }}
 spec:
   secretName: {{ $fullname }}-validation
-  duration: 45800h0m0s
+  duration: {{ .Values.admissionWebhooks.certManager.cert.duration }}
   {{- $issuerRef := .Values.admissionWebhooks.certManager.issuer | default dict }}
   {{- if empty $issuerRef }}
     {{- $_ := set $issuerRef "name" (printf "%s-issuer" $fullname) }}

diff --git a/charts/victoria-metrics-operator/values.yaml b/charts/victoria-metrics-operator/values.yaml
@@ -177,6 +177,9 @@ resources:
 # -- Pod's node selector. Details are [here](https://kubernetes.io/docs/user-guide/node-selection/)
 nodeSelector: {}
 
+# -- Name of Priority Class
+priorityClassName: ""
+
 # -- Array of tolerations object. Spec is [here](https://kubernetes.io/docs/concepts/configuration/assign-pod-node/)
 tolerations: []
 
@@ -255,6 +258,13 @@ admissionWebhooks:
     enabled: false
     # --If needed, provide own issuer. Operator will create self-signed if empty.
     issuer: {}
+    # -- Certificate Authority parameters
+    ca:
+      duration: 63800h0m0s
+      commonName: ca.validation.victoriametrics
+    # -- Certificate parameters
+    cert:
+      duration: 45800h0m0s
   keepTLSSecret: true
   # tls specifies TLS cert/key for the webhook
   tls: