From 2fd84774c240c3654432d9e2e8276a1d6b136005 Mon Sep 17 00:00:00 2001 From: omris94 <46892443+omris94@users.noreply.github.com> Date: Sun, 19 Jan 2025 20:25:25 +0200 Subject: [PATCH] Update terminology: Rename annotation `serviceNameOverrideAnnotationName` to `workloadNameOverrideAnnotationName`, retaining support for backward compatibility (#270) Co-authored-by: Amit Lichtenberg --- credentials-operator/README.md | 44 +++++++++---------- .../credentials-operator-deployment.yaml | 5 ++- credentials-operator/values.yaml | 6 ++- intents-operator/README.md | 38 ++++++++-------- .../intents-operator-deployment.yaml | 7 ++- intents-operator/values.yaml | 8 +++- network-mapper/README.md | 30 ++++++------- .../templates/kafka-watcher-deployment.yaml | 5 ++- .../templates/mapper-deployment.yaml | 5 ++- .../templates/sniffer-daemonset.yaml | 5 ++- network-mapper/values.yaml | 6 ++- otterize-kubernetes/README.md | 30 ++++++------- otterize-kubernetes/values.yaml | 6 ++- 13 files changed, 110 insertions(+), 85 deletions(-) diff --git a/credentials-operator/README.md b/credentials-operator/README.md index bc69c227..78478015 100644 --- a/credentials-operator/README.md +++ b/credentials-operator/README.md @@ -2,28 +2,28 @@ ## Global parameters -| Key | Description | Default | -|-----------------------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-------------------------------------| -| `global.certificateProvider` | What provider should be used to generate certificates/credentials - `"spire"`, `"otterize-cloud"` or `"cert-manager"` | `"spire"` | -| `global.spire.serverServiceName` | If deployed with SPIRE, this key specifies SPIRE-server's service name. You should use either this **OR** `spire.serverAddress` (not both). | | -| `global.allowGetAllResources` | If defined overrides `allowGetAllResources`. | `false` | -| `global.commonAnnotations` | Annotations to add to all deployed objects | {} | -| `global.commonLabels` | Labels to add to all deployed objects | {} | -| `global.podAnnotations` | Annotations to add to all deployed pods | {} | -| `global.podLabels` | Labels to add to all deployed pods | {} | -| `global.serviceNameOverrideAnnotationName` | Which annotation to use (in the [service name resolution algorithm](https://docs.otterize.com/reference/service-identities#kubernetes-service-identity-resolution)) for setting a pod's service name, if not the default. Use this if you already have annotations on your pods that provide the correct service name. | `intents.otterize.com/service-name` | -| `global.aws.enabled` | Enable or disable AWS integration | `false` | -| `global.aws.eksClusterNameOverride` | EKS cluster name (overrides auto-detection) | `(none)` | -| `global.azure.enabled` | Enable or disable Azure integration | `false` | -| `global.aws.useSoftDelete` | Use soft delete strategy (tag as deleted instead of actually delete) for AWS roles and policies | `false` | -| `global.gcp.enabled` | Enable or disable GCPs integration | `false` | -| `global.telemetry.enabled` | If set to `false`, all anonymous telemetries collection will be disabled | `true` | -| `global.telemetry.usage.enabled` | If set to `false`, collection of anonymous telemetries on product usage will be disabled | `true` | -| `global.telemetry.errors.enabled` | If set to `false`, collection of anonymous telemetries on application crashes and errors will be disabled | `true` | -| `global.telemetry.errors.endpointAddress` | If set, overrides the default endpoint address for anonymous telemetries on application crashes and errors | `(none)` | -| `global.telemetry.errors.stage` | If set, overrides the default stage for anonymous telemetries on application crashes and errors | `(none)` | -| `global.telemetry.errors.credentialsOperatorApiKey` | If set, overrides the default API key for anonymous telemetries on application crashes and errors | `(none)` | -| `global.openshift` | Whether to configure and deploy SecurityContextConstraints that allow all components to run with minimal privileges on a default OpenShift installation. | `false` | +| Key | Description | Default | +|-----------------------------------------------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|--------------------------------------| +| `global.certificateProvider` | What provider should be used to generate certificates/credentials - `"spire"`, `"otterize-cloud"` or `"cert-manager"` | `"spire"` | +| `global.spire.serverServiceName` | If deployed with SPIRE, this key specifies SPIRE-server's service name. You should use either this **OR** `spire.serverAddress` (not both). | | +| `global.allowGetAllResources` | If defined overrides `allowGetAllResources`. | `false` | +| `global.commonAnnotations` | Annotations to add to all deployed objects | {} | +| `global.commonLabels` | Labels to add to all deployed objects | {} | +| `global.podAnnotations` | Annotations to add to all deployed pods | {} | +| `global.podLabels` | Labels to add to all deployed pods | {} | +| `global.workloadNameOverrideAnnotationName` | Which annotation to use (in the [service name resolution algorithm](https://docs.otterize.com/reference/service-identities#kubernetes-service-identity-resolution)) for setting a pod's service name, if not the default. Use this if you already have annotations on your pods that provide the correct workload name. | `intents.otterize.com/workload-name` | +| `global.aws.enabled` | Enable or disable AWS integration | `false` | +| `global.aws.eksClusterNameOverride` | EKS cluster name (overrides auto-detection) | `(none)` | +| `global.azure.enabled` | Enable or disable Azure integration | `false` | +| `global.aws.useSoftDelete` | Use soft delete strategy (tag as deleted instead of actually delete) for AWS roles and policies | `false` | +| `global.gcp.enabled` | Enable or disable GCPs integration | `false` | +| `global.telemetry.enabled` | If set to `false`, all anonymous telemetries collection will be disabled | `true` | +| `global.telemetry.usage.enabled` | If set to `false`, collection of anonymous telemetries on product usage will be disabled | `true` | +| `global.telemetry.errors.enabled` | If set to `false`, collection of anonymous telemetries on application crashes and errors will be disabled | `true` | +| `global.telemetry.errors.endpointAddress` | If set, overrides the default endpoint address for anonymous telemetries on application crashes and errors | `(none)` | +| `global.telemetry.errors.stage` | If set, overrides the default stage for anonymous telemetries on application crashes and errors | `(none)` | +| `global.telemetry.errors.credentialsOperatorApiKey` | If set, overrides the default API key for anonymous telemetries on application crashes and errors | `(none)` | +| `global.openshift` | Whether to configure and deploy SecurityContextConstraints that allow all components to run with minimal privileges on a default OpenShift installation. | `false` | ## SPIRE parameters diff --git a/credentials-operator/templates/credentials-operator-deployment.yaml b/credentials-operator/templates/credentials-operator-deployment.yaml index e09edd51..c236fe27 100644 --- a/credentials-operator/templates/credentials-operator-deployment.yaml +++ b/credentials-operator/templates/credentials-operator-deployment.yaml @@ -165,8 +165,11 @@ spec: key: otterize-cloud-client-secret {{ end }} {{ if .Values.global.serviceNameOverrideAnnotationName }} - - name: OTTERIZE_SERVICE_NAME_OVERRIDE_ANNOTATION + - name: OTTERIZE_WORKLOAD_NAME_OVERRIDE_ANNOTATION value: {{ .Values.global.serviceNameOverrideAnnotationName | quote }} + {{ else if .Values.global.workloadNameOverrideAnnotationName }} + - name: OTTERIZE_WORKLOAD_NAME_OVERRIDE_ANNOTATION + value: {{ .Values.global.workloadNameOverrideAnnotationName | quote }} {{ end }} {{ if .Values.global.otterizeCloud.apiExtraCAPEMSecret }} - name: OTTERIZE_API_EXTRA_CA_PEM diff --git a/credentials-operator/values.yaml b/credentials-operator/values.yaml index bd3606aa..890cfdd5 100644 --- a/credentials-operator/values.yaml +++ b/credentials-operator/values.yaml @@ -75,8 +75,10 @@ global: enabled: false - # Specify an annotation name that by setting it, one can override otterize's service name resolution. - serviceNameOverrideAnnotationName: intents.otterize.com/service-name + # Specify an annotation name that by setting it, one can override otterize's workload name resolution. + workloadNameOverrideAnnotationName: intents.otterize.com/workload-name + # DEPRECATED: use `workloadNameOverrideAnnotationName` instead + serviceNameOverrideAnnotationName: openshift: false diff --git a/intents-operator/README.md b/intents-operator/README.md index 6a37752f..2ef69c2b 100644 --- a/intents-operator/README.md +++ b/intents-operator/README.md @@ -2,25 +2,25 @@ ## Global parameters -| Key | Description | Default | -|-------------------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-------------------------------------| -| `global.allowGetAllResources` | If defined overrides `allowGetAllResources`. | | -| `global.telemetry.enabled` | If set to `false`, all anonymous telemetries collection will be disabled | `true` | -| `global.telemetry.usage.enabled` | If set to `false`, collection of anonymous telemetries on product usage will be disabled | `true` | -| `global.telemetry.errors.enabled` | If set to `false`, collection of anonymous telemetries on application crashes and errors will be disabled | `true` | -| `global.telemetry.errors.endpointAddress` | If set, overrides the default endpoint address for anonymous telemetries on application crashes and errors | `(none)` | -| `global.telemetry.errors.stage` | If set, overrides the default stage for anonymous telemetries on application crashes and errors | `(none)` | -| `global.telemetry.errors.intentsOperatorApiKey` | If set, overrides the default API key for anonymous telemetries on application crashes and errors | `(none)` | -| `global.commonAnnotations` | Annotations to add to all deployed objects | {} | -| `global.commonLabels` | Labels to add to all deployed objects | {} | -| `global.podAnnotations` | Annotations to add to all deployed pods | {} | -| `global.podLabels` | Labels to add to all deployed pods | {} | -| `global.serviceNameOverrideAnnotationName` | Which annotation to use (in the [service name resolution algorithm](https://docs.otterize.com/reference/service-identities#kubernetes-service-identity-resolution)) for setting a pod's service name, if not the default. Use this if you already have annotations on your pods that provide the correct service name. | `intents.otterize.com/service-name` | -| `global.aws.enabled` | Enable or disable AWS integration | `false` | -| `global.aws.eksClusterNameOverride` | EKS cluster name (overrides auto-detection) | `(none)` | -| `global.azure.enabled` | Enable or disable Azure integration | `false` | -| `global.gcp.enabled` | Enable or disable GCP integration | `false` | -| `global.openshift` | Whether to configure and deploy SecurityContextConstraints that allow all components to run with minimal privileges on a default OpenShift installation. | `false` | +| Key | Description | Default | +|-------------------------------------------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|--------------------------------------| +| `global.allowGetAllResources` | If defined overrides `allowGetAllResources`. | | +| `global.telemetry.enabled` | If set to `false`, all anonymous telemetries collection will be disabled | `true` | +| `global.telemetry.usage.enabled` | If set to `false`, collection of anonymous telemetries on product usage will be disabled | `true` | +| `global.telemetry.errors.enabled` | If set to `false`, collection of anonymous telemetries on application crashes and errors will be disabled | `true` | +| `global.telemetry.errors.endpointAddress` | If set, overrides the default endpoint address for anonymous telemetries on application crashes and errors | `(none)` | +| `global.telemetry.errors.stage` | If set, overrides the default stage for anonymous telemetries on application crashes and errors | `(none)` | +| `global.telemetry.errors.intentsOperatorApiKey` | If set, overrides the default API key for anonymous telemetries on application crashes and errors | `(none)` | +| `global.commonAnnotations` | Annotations to add to all deployed objects | {} | +| `global.commonLabels` | Labels to add to all deployed objects | {} | +| `global.podAnnotations` | Annotations to add to all deployed pods | {} | +| `global.podLabels` | Labels to add to all deployed pods | {} | +| `global.workloadNameOverrideAnnotationName` | Which annotation to use (in the [service name resolution algorithm](https://docs.otterize.com/reference/service-identities#kubernetes-service-identity-resolution)) for setting a pod's service name, if not the default. Use this if you already have annotations on your pods that provide the correct workload name. | `intents.otterize.com/workload-name` | +| `global.aws.enabled` | Enable or disable AWS integration | `false` | +| `global.aws.eksClusterNameOverride` | EKS cluster name (overrides auto-detection) | `(none)` | +| `global.azure.enabled` | Enable or disable Azure integration | `false` | +| `global.gcp.enabled` | Enable or disable GCP integration | `false` | +| `global.openshift` | Whether to configure and deploy SecurityContextConstraints that allow all components to run with minimal privileges on a default OpenShift installation. | `false` | ## Operator parameters diff --git a/intents-operator/templates/intents-operator-deployment.yaml b/intents-operator/templates/intents-operator-deployment.yaml index 14f1f93c..5e088d78 100644 --- a/intents-operator/templates/intents-operator-deployment.yaml +++ b/intents-operator/templates/intents-operator-deployment.yaml @@ -23,7 +23,7 @@ spec: metadata: annotations: kubectl.kubernetes.io/default-container: manager - intents.otterize.com/service-name: intents-operator + intents.otterize.com/workload-name: intents-operator checksum/config: {{ include (print $.Template.BasePath "/extended-config-configmap.yaml") . | sha256sum }} {{ if and (.Values.operator.autoGenerateTLSUsingCredentialsOperator) (.Values.global.certificateProvider) }} credentials-operator.otterize.com/tls-secret-name: intents-operator-spire-tls-controller-manager @@ -145,8 +145,11 @@ spec: value: {{ template "otterize.operator.apiExtraCAPEM" }} {{ end }} {{ if .Values.global.serviceNameOverrideAnnotationName }} - - name: OTTERIZE_SERVICE_NAME_OVERRIDE_ANNOTATION + - name: OTTERIZE_WORKLOAD_NAME_OVERRIDE_ANNOTATION value: {{ .Values.global.serviceNameOverrideAnnotationName | quote }} + {{ else if .Values.global.workloadNameOverrideAnnotationName }} + - name: OTTERIZE_WORKLOAD_NAME_OVERRIDE_ANNOTATION + value: {{ .Values.global.workloadNameOverrideAnnotationName | quote }} {{ end }} - name: OTTERIZE_ENABLE_AWS_IAM_POLICY value: {{ .Values.global.aws.enabled | quote }} diff --git a/intents-operator/values.yaml b/intents-operator/values.yaml index 7190e507..b9070f83 100644 --- a/intents-operator/values.yaml +++ b/intents-operator/values.yaml @@ -130,8 +130,12 @@ global: # Annotations to add to all deployed objects commonAnnotations: {} - # Specify an annotation name that by setting it, one can override otterize's service name resolution. - serviceNameOverrideAnnotationName: intents.otterize.com/service-name + # Specify an annotation name that by setting it, one can override otterize's workload name resolution. + workloadNameOverrideAnnotationName: intents.otterize.com/workload-name + + # DEPRECATED: use `workloadNameOverrideAnnotationName` instead + serviceNameOverrideAnnotationName: + experimentalUseDockerImageAsServiceNameForJobs: false openshift: false diff --git a/network-mapper/README.md b/network-mapper/README.md index e48a8a3a..6d789a6f 100644 --- a/network-mapper/README.md +++ b/network-mapper/README.md @@ -110,21 +110,21 @@ Deployed only when `aws.visibility.enabled` is set to `true`. ## Global parameters -| Key | Description | Default | -|-----------------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-------------------------------------| -| `global.allowGetAllResources` | If defined overrides `allowGetAllResources`. | | -| `global.telemetry.enabled` | If set to `false`, all anonymous telemetries collection will be disabled | `true` | -| `global.telemetry.usage.enabled` | If set to `false`, collection of anonymous telemetries on product usage will be disabled | `true` | -| `global.telemetry.errors.enabled` | If set to `false`, collection of anonymous telemetries on application crashes and errors will be disabled | `true` | -| `global.telemetry.errors.endpointAddress` | If set, overrides the default endpoint address for anonymous telemetries on application crashes and errors | `(none)` | -| `global.telemetry.errors.stage` | If set, overrides the default stage for anonymous telemetries on application crashes and errors | `(none)` | -| `global.telemetry.errors.networkMapperApiKey` | If set, overrides the default API key for anonymous telemetries on application crashes and errors | `(none)` | -| `global.commonAnnotations` | Annotations to add to all deployed objects | {} | -| `global.commonLabels` | Labels to add to all deployed objects | {} | -| `global.podAnnotations` | Annotations to add to all deployed pods | {} | -| `global.podLabels` | Labels to add to all deployed pods | {} | -| `global.serviceNameOverrideAnnotationName` | Which annotation to use (in the [service name resolution algorithm](https://docs.otterize.com/reference/service-identities#kubernetes-service-identity-resolution)) for setting a pod's service name, if not the default. Use this if you already have annotations on your pods that provide the correct service name. | `intents.otterize.com/service-name` | -| `global.openshift` | Whether to configure and deploy SecurityContextConstraints that allow all components to run with minimal privileges on a default OpenShift installation. | `false` | +| Key | Description | Default | +|-----------------------------------------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|--------------------------------------| +| `global.allowGetAllResources` | If defined overrides `allowGetAllResources`. | | +| `global.telemetry.enabled` | If set to `false`, all anonymous telemetries collection will be disabled | `true` | +| `global.telemetry.usage.enabled` | If set to `false`, collection of anonymous telemetries on product usage will be disabled | `true` | +| `global.telemetry.errors.enabled` | If set to `false`, collection of anonymous telemetries on application crashes and errors will be disabled | `true` | +| `global.telemetry.errors.endpointAddress` | If set, overrides the default endpoint address for anonymous telemetries on application crashes and errors | `(none)` | +| `global.telemetry.errors.stage` | If set, overrides the default stage for anonymous telemetries on application crashes and errors | `(none)` | +| `global.telemetry.errors.networkMapperApiKey` | If set, overrides the default API key for anonymous telemetries on application crashes and errors | `(none)` | +| `global.commonAnnotations` | Annotations to add to all deployed objects | {} | +| `global.commonLabels` | Labels to add to all deployed objects | {} | +| `global.podAnnotations` | Annotations to add to all deployed pods | {} | +| `global.podLabels` | Labels to add to all deployed pods | {} | +| `global.workloadNameOverrideAnnotationName` | Which annotation to use (in the [service name resolution algorithm](https://docs.otterize.com/reference/service-identities#kubernetes-service-identity-resolution)) for setting a pod's service name, if not the default. Use this if you already have annotations on your pods that provide the correct workload name. | `intents.otterize.com/workload-name` | +| `global.openshift` | Whether to configure and deploy SecurityContextConstraints that allow all components to run with minimal privileges on a default OpenShift installation. | `false` | ## Common parameters diff --git a/network-mapper/templates/kafka-watcher-deployment.yaml b/network-mapper/templates/kafka-watcher-deployment.yaml index 081b3f84..4f5435b5 100644 --- a/network-mapper/templates/kafka-watcher-deployment.yaml +++ b/network-mapper/templates/kafka-watcher-deployment.yaml @@ -73,8 +73,11 @@ spec: value: {{ join " " .Values.kafkawatcher.kafkaServers }} {{ end }} {{ if .Values.global.serviceNameOverrideAnnotationName }} - - name: OTTERIZE_SERVICE_NAME_OVERRIDE_ANNOTATION + - name: OTTERIZE_WORKLOAD_NAME_OVERRIDE_ANNOTATION value: {{ .Values.global.serviceNameOverrideAnnotationName | quote }} + {{ else if .Values.global.workloadNameOverrideAnnotationName }} + - name: OTTERIZE_WORKLOAD_NAME_OVERRIDE_ANNOTATION + value: {{ .Values.global.workloadNameOverrideAnnotationName | quote }} {{ end }} {{ if .Values.kafkawatcher.kafkaReportInterval }} - name: OTTERIZE_KAFKA_REPORT_INTERVAL diff --git a/network-mapper/templates/mapper-deployment.yaml b/network-mapper/templates/mapper-deployment.yaml index fc0b67cd..4ea7c35b 100644 --- a/network-mapper/templates/mapper-deployment.yaml +++ b/network-mapper/templates/mapper-deployment.yaml @@ -94,8 +94,11 @@ spec: value: "false" {{ end }} {{ if .Values.global.serviceNameOverrideAnnotationName }} - - name: OTTERIZE_SERVICE_NAME_OVERRIDE_ANNOTATION + - name: OTTERIZE_WORKLOAD_NAME_OVERRIDE_ANNOTATION value: {{ .Values.global.serviceNameOverrideAnnotationName | quote }} + {{ else if .Values.global.workloadNameOverrideAnnotationName }} + - name: OTTERIZE_WORKLOAD_NAME_OVERRIDE_ANNOTATION + value: {{ .Values.global.workloadNameOverrideAnnotationName | quote }} {{ end }} {{ if (and .Values.global.otterizeCloud.credentials.clientSecretKeyRef.secretName .Values.global.otterizeCloud.credentials.clientSecretKeyRef.clientIdKey) }} - name: OTTERIZE_CLIENT_ID diff --git a/network-mapper/templates/sniffer-daemonset.yaml b/network-mapper/templates/sniffer-daemonset.yaml index 96052893..41320a5e 100644 --- a/network-mapper/templates/sniffer-daemonset.yaml +++ b/network-mapper/templates/sniffer-daemonset.yaml @@ -74,8 +74,11 @@ spec: - name: OTTERIZE_DEBUG value: {{ .Values.debug | quote }} {{ if .Values.global.serviceNameOverrideAnnotationName }} - - name: OTTERIZE_SERVICE_NAME_OVERRIDE_ANNOTATION + - name: OTTERIZE_WORKLOAD_NAME_OVERRIDE_ANNOTATION value: {{ .Values.global.serviceNameOverrideAnnotationName | quote }} + {{ else if .Values.global.workloadNameOverrideAnnotationName }} + - name: OTTERIZE_WORKLOAD_NAME_OVERRIDE_ANNOTATION + value: {{ .Values.global.workloadNameOverrideAnnotationName | quote }} {{ end }} {{- if eq false .Values.global.telemetry.enabled }} - name: OTTERIZE_TELEMETRY_ENABLED diff --git a/network-mapper/values.yaml b/network-mapper/values.yaml index 5a021760..2302e115 100644 --- a/network-mapper/values.yaml +++ b/network-mapper/values.yaml @@ -172,8 +172,10 @@ global: commonLabels: {} # Annotations to add to all deployed objects commonAnnotations: {} - # Specify an annotation name that by setting it, one can override otterize's service name resolution. - serviceNameOverrideAnnotationName: intents.otterize.com/service-name + # Specify an annotation name that by setting it, one can override otterize's workload name resolution. + workloadNameOverrideAnnotationName: intents.otterize.com/workload-name + # DEPRECATED: use `workloadNameOverrideAnnotationName` instead + serviceNameOverrideAnnotationName: openshift: false # If defined overrides `allowGetAllResources` allowGetAllResources: diff --git a/otterize-kubernetes/README.md b/otterize-kubernetes/README.md index 489c77f0..12271304 100644 --- a/otterize-kubernetes/README.md +++ b/otterize-kubernetes/README.md @@ -14,21 +14,21 @@ These parameters are used by multiple charts, and must be kept the same for the correct functioning of the separate components. -| Key | Description | Default | -|--------------------------------------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-------------------------------------| -| `global.spiffe.CASubject` | The Subject that CA certificates should use (see below). | | -| `global.spiffe.CASubject.country` | SPIRE's CA certificates `Country` value. | `"US"` | -| `global.spiffe.CASubject.organization` | SPIRE's CA certificates `Organization` Value. | `"SPIRE"` | -| `global.spiffe.trustDomain` | The trust domain that SPIRE will use. | `"example.org"` | -| `global.certificateProvider` | What provider should be used to generate certificates for mTLS - `"spire"`, `"otterize-cloud"` or `"cert-manager"` | `"spire"` | -| `global.spire.serverServiceName` | Name of the Kubernetes service that will be created for SPIRE-server. | | -| `global.allowGetAllResources` | If defined overrides `allowGetAllResources` in subcharts. Gives get, list and watch permission to watch on all resources. This is used to resolve service names when pods have owners that are custom resources. When disabled, a limited set of permissions is used that only allows access to built-in Kubernetes resources that deploy Pods and Pods themselves - Deployments, StatefulSets, DaemonSets, ReplicaSets and Services. Resolving may not be able to complete if the owning resource is not one of those. | | -| `global.commonAnnotations` | Annotations to add to all deployed objects | {} | -| `global.commonLabels` | Labels to add to all deployed objects | {} | -| `global.podAnnotations` | Annotations to add to all deployed pods | {} | -| `global.podLabels` | Labels to add to all deployed pods | {} | -| `global.serviceNameOverrideAnnotationName` | Which annotation to use (in the [service name resolution algorithm](https://docs.otterize.com/reference/service-identities#kubernetes-service-identity-resolution)) for setting a pod's service name, if not the default. Use this if you already have annotations on your pods that provide the correct service name. | `intents.otterize.com/service-name` | -| `global.openshift` | Whether to configure and deploy SecurityContextConstraints that allow all components to run with minimal privileges on a default OpenShift installation. | `false` | +| Key | Description | Default | +|---------------------------------------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|--------------------------------------| +| `global.spiffe.CASubject` | The Subject that CA certificates should use (see below). | | +| `global.spiffe.CASubject.country` | SPIRE's CA certificates `Country` value. | `"US"` | +| `global.spiffe.CASubject.organization` | SPIRE's CA certificates `Organization` Value. | `"SPIRE"` | +| `global.spiffe.trustDomain` | The trust domain that SPIRE will use. | `"example.org"` | +| `global.certificateProvider` | What provider should be used to generate certificates for mTLS - `"spire"`, `"otterize-cloud"` or `"cert-manager"` | `"spire"` | +| `global.spire.serverServiceName` | Name of the Kubernetes service that will be created for SPIRE-server. | | +| `global.allowGetAllResources` | If defined overrides `allowGetAllResources` in subcharts. Gives get, list and watch permission to watch on all resources. This is used to resolve service names when pods have owners that are custom resources. When disabled, a limited set of permissions is used that only allows access to built-in Kubernetes resources that deploy Pods and Pods themselves - Deployments, StatefulSets, DaemonSets, ReplicaSets and Services. Resolving may not be able to complete if the owning resource is not one of those. | | +| `global.commonAnnotations` | Annotations to add to all deployed objects | {} | +| `global.commonLabels` | Labels to add to all deployed objects | {} | +| `global.podAnnotations` | Annotations to add to all deployed pods | {} | +| `global.podLabels` | Labels to add to all deployed pods | {} | +| `global.workloadNameOverrideAnnotationName` | Which annotation to use (in the [service name resolution algorithm](https://docs.otterize.com/reference/service-identities#kubernetes-service-identity-resolution)) for setting a pod's service name, if not the default. Use this if you already have annotations on your pods that provide the correct workload name. | `intents.otterize.com/workload-name` | +| `global.openshift` | Whether to configure and deploy SecurityContextConstraints that allow all components to run with minimal privileges on a default OpenShift installation. | `false` | ## Cloud parameters diff --git a/otterize-kubernetes/values.yaml b/otterize-kubernetes/values.yaml index 26e08dff..a11a586a 100644 --- a/otterize-kubernetes/values.yaml +++ b/otterize-kubernetes/values.yaml @@ -28,8 +28,10 @@ global: # Annotations to add to all deployed objects commonAnnotations: {} - # Specify an annotation name that by setting it, one can override otterize's service name resolution. - serviceNameOverrideAnnotationName: intents.otterize.com/service-name + # Specify an annotation name that by setting it, one can override otterize's workload name resolution. + workloadNameOverrideAnnotationName: intents.otterize.com/workload-name + # DEPRECATED: use `workloadNameOverrideAnnotationName` instead + serviceNameOverrideAnnotationName: # Provider for credentials-operator to use (spire/otterize-cloud/cert-manager), if empty - spire is used by default certificateProvider: