cloudfoundry · danail-branekov · May 30, 2024 · May 28, 2024 · May 30, 2024 · danail-branekov
diff --git a/README.helm.md b/README.helm.md
@@ -104,6 +104,7 @@ Here are all the values that can be set for the chart:
 - `logLevel` (_String_): Sets level of logging for api and controllers components. Can be 'info' or 'debug'.
 - `networking`: Networking configuration
   - `gatewayClass` (_String_): The name of the GatewayClass Korifi Gateway references
+- `nodeSelector`: Node labels for korifi-api and korifi-controllers pod assignment.
 - `reconcilers`:
   - `app` (_String_): ID of the workload runner to set on all `AppWorkload` objects. Defaults to `statefulset-runner`.
   - `build` (_String_): ID of the image builder to set on all `BuildWorkload` objects. Defaults to `kpack-image-builder`.
@@ -124,3 +125,4 @@ Here are all the values that can be set for the chart:
       - `memory` (_String_): Memory request.
   - `temporarySetPodSeccompProfile` (_Boolean_): Sets the pod .spec.securityContext.seccompProfile to RuntimeDefault. Setting this flag to true will cause a restart of all previously running pods.
 - `systemImagePullSecrets` (_Array_): List of `Secret` names to be used when pulling Korifi system images from private registries
+- `tolerations` (_Array_): Pod tolerations for taints.
diff --git a/helm/korifi/api/deployment.yaml b/helm/korifi/api/deployment.yaml
@@ -57,6 +57,14 @@ spec:
 {{- end }}
       {{- include "korifi.podSecurityContext" . | indent 6 }}
       serviceAccountName: korifi-api-system-serviceaccount
+{{- if .Values.nodeSelector }}
+      nodeSelector:
+      {{ toYaml .Values.nodeSelector | indent 8 }}
+{{- end }}
+{{- if .Values.tolerations }}
+      tolerations:
+      {{- toYaml .Values.tolerations | nindent 8 }}
+{{- end }}
       volumes:
       - configMap:
           name: korifi-api-config

diff --git a/helm/korifi/controllers/deployment.yaml b/helm/korifi/controllers/deployment.yaml
@@ -76,6 +76,14 @@ spec:
           readOnly: true
       {{- include "korifi.podSecurityContext" . | indent 6 }}
       serviceAccountName: korifi-controllers-controller-manager
+{{- if .Values.nodeSelector }}
+      nodeSelector:
+      {{ toYaml .Values.nodeSelector | indent 8 }}
+{{- end }}
+{{- if .Values.tolerations }}
+      tolerations:
+      {{- toYaml .Values.tolerations | nindent 8 }}
+{{- end }}
       terminationGracePeriodSeconds: 10
       volumes:
       - name: cert

diff --git a/helm/korifi/values.schema.json b/helm/korifi/values.schema.json
@@ -86,6 +86,25 @@
       },
       "required": ["memoryMB", "diskMB", "buildCacheMB"]
     },
+    "nodeSelector": {
+      "description": "Node labels for korifi-api and korifi-controllers pod assignment.",
+      "type": "object",
+      "properties": {}
+    },
+    "tolerations": {
+      "type": "array",
+      "items": {
+        "type": "object",
+        "properties": {
+          "key": { "type": "string" },
+          "operator": { "type": "string" },
+          "value": { "type": "string" },
+          "effect": { "type": "string" }
+        },
+        "required": ["key", "operator", "effect"]
+      },
+      "description": "Pod tolerations for taints."
+    }, 
     "api": {
       "properties": {
         "include": {

diff --git a/helm/korifi/values.yaml b/helm/korifi/values.yaml
@@ -9,6 +9,8 @@ containerRegistrySecrets:
 eksContainerRegistryRoleARN: ""
 containerRegistryCACertSecret:
 systemImagePullSecrets: []
+tolerations: []
+nodeSelector: {}
 
 reconcilers:
   build: kpack-image-builder