From a8b4b6213ea994e2aca1305784781fcfb46d7d94 Mon Sep 17 00:00:00 2001 From: QuentinBisson Date: Mon, 8 Jun 2026 12:39:18 +0200 Subject: [PATCH 1/3] fix(agents): add podSecurityContext and securityContext to all agent charts All declarative agent charts render Agent CRs without security context fields in spec.declarative.deployment. The kagent controller therefore creates Deployments that fail admission on clusters enforcing Kubernetes restricted Pod Security Standards (e.g. via Kyverno or OPA). Add podSecurityContext and securityContext values to each chart (defaulting to empty, so existing deployments are unaffected) and wire them through the template using {{- with }} so they are only emitted when set. Signed-off-by: QuentinBisson --- helm/agents/argo-rollouts/templates/agent.yaml | 8 ++++++++ helm/agents/argo-rollouts/values.yaml | 4 ++++ helm/agents/cilium-debug/templates/agent.yaml | 8 ++++++++ helm/agents/cilium-debug/values.yaml | 4 ++++ helm/agents/cilium-manager/templates/agent.yaml | 8 ++++++++ helm/agents/cilium-manager/values.yaml | 4 ++++ helm/agents/cilium-policy/templates/agent.yaml | 8 ++++++++ helm/agents/cilium-policy/values.yaml | 4 ++++ helm/agents/helm/templates/agent.yaml | 8 ++++++++ helm/agents/helm/values.yaml | 4 ++++ helm/agents/istio/templates/agent.yaml | 8 ++++++++ helm/agents/istio/values.yaml | 4 ++++ helm/agents/k8s/templates/agent.yaml | 8 ++++++++ helm/agents/k8s/values.yaml | 4 ++++ helm/agents/kgateway/templates/agent.yaml | 8 ++++++++ helm/agents/kgateway/values.yaml | 4 ++++ helm/agents/observability/templates/agent.yaml | 8 ++++++++ helm/agents/observability/values.yaml | 4 ++++ helm/agents/promql/templates/agent.yaml | 8 ++++++++ helm/agents/promql/values.yaml | 4 ++++ 20 files changed, 120 insertions(+) diff --git a/helm/agents/argo-rollouts/templates/agent.yaml b/helm/agents/argo-rollouts/templates/agent.yaml index 466e824758..f37d962920 100644 --- a/helm/agents/argo-rollouts/templates/agent.yaml +++ b/helm/agents/argo-rollouts/templates/agent.yaml @@ -191,5 +191,13 @@ spec: imagePullSecrets: {{- toYaml . | nindent 8 }} {{- end }} + {{- with .Values.podSecurityContext }} + podSecurityContext: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.securityContext }} + securityContext: + {{- toYaml . | nindent 8 }} + {{- end }} resources: {{- toYaml .Values.resources | nindent 8 }} diff --git a/helm/agents/argo-rollouts/values.yaml b/helm/agents/argo-rollouts/values.yaml index b0f51d9951..8ffcecbc8b 100644 --- a/helm/agents/argo-rollouts/values.yaml +++ b/helm/agents/argo-rollouts/values.yaml @@ -16,3 +16,7 @@ resources: compaction: {} + +podSecurityContext: {} + +securityContext: {} diff --git a/helm/agents/cilium-debug/templates/agent.yaml b/helm/agents/cilium-debug/templates/agent.yaml index 4826e15b8f..72bad4c7f3 100644 --- a/helm/agents/cilium-debug/templates/agent.yaml +++ b/helm/agents/cilium-debug/templates/agent.yaml @@ -164,5 +164,13 @@ spec: imagePullSecrets: {{- toYaml . | nindent 8 }} {{- end }} + {{- with .Values.podSecurityContext }} + podSecurityContext: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.securityContext }} + securityContext: + {{- toYaml . | nindent 8 }} + {{- end }} resources: {{- toYaml .Values.resources | nindent 8 }} diff --git a/helm/agents/cilium-debug/values.yaml b/helm/agents/cilium-debug/values.yaml index 1cfd5eeaf3..7de147c565 100644 --- a/helm/agents/cilium-debug/values.yaml +++ b/helm/agents/cilium-debug/values.yaml @@ -15,3 +15,7 @@ resources: memory: 1Gi compaction: {} + +podSecurityContext: {} + +securityContext: {} diff --git a/helm/agents/cilium-manager/templates/agent.yaml b/helm/agents/cilium-manager/templates/agent.yaml index 9013aff50b..51ce64035a 100644 --- a/helm/agents/cilium-manager/templates/agent.yaml +++ b/helm/agents/cilium-manager/templates/agent.yaml @@ -436,5 +436,13 @@ spec: imagePullSecrets: {{- toYaml . | nindent 8 }} {{- end }} + {{- with .Values.podSecurityContext }} + podSecurityContext: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.securityContext }} + securityContext: + {{- toYaml . | nindent 8 }} + {{- end }} resources: {{- toYaml .Values.resources | nindent 8 }} diff --git a/helm/agents/cilium-manager/values.yaml b/helm/agents/cilium-manager/values.yaml index 1cfd5eeaf3..7de147c565 100644 --- a/helm/agents/cilium-manager/values.yaml +++ b/helm/agents/cilium-manager/values.yaml @@ -15,3 +15,7 @@ resources: memory: 1Gi compaction: {} + +podSecurityContext: {} + +securityContext: {} diff --git a/helm/agents/cilium-policy/templates/agent.yaml b/helm/agents/cilium-policy/templates/agent.yaml index 5c9d029147..d3eef5c089 100644 --- a/helm/agents/cilium-policy/templates/agent.yaml +++ b/helm/agents/cilium-policy/templates/agent.yaml @@ -528,5 +528,13 @@ spec: imagePullSecrets: {{- toYaml . | nindent 8 }} {{- end }} + {{- with .Values.podSecurityContext }} + podSecurityContext: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.securityContext }} + securityContext: + {{- toYaml . | nindent 8 }} + {{- end }} resources: {{- toYaml .Values.resources | nindent 8 }} diff --git a/helm/agents/cilium-policy/values.yaml b/helm/agents/cilium-policy/values.yaml index b0f51d9951..8ffcecbc8b 100644 --- a/helm/agents/cilium-policy/values.yaml +++ b/helm/agents/cilium-policy/values.yaml @@ -16,3 +16,7 @@ resources: compaction: {} + +podSecurityContext: {} + +securityContext: {} diff --git a/helm/agents/helm/templates/agent.yaml b/helm/agents/helm/templates/agent.yaml index 2b5dab71ea..fa76b0360b 100644 --- a/helm/agents/helm/templates/agent.yaml +++ b/helm/agents/helm/templates/agent.yaml @@ -183,5 +183,13 @@ spec: imagePullSecrets: {{- toYaml . | nindent 8 }} {{- end }} + {{- with .Values.podSecurityContext }} + podSecurityContext: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.securityContext }} + securityContext: + {{- toYaml . | nindent 8 }} + {{- end }} resources: {{- toYaml .Values.resources | nindent 8 }} diff --git a/helm/agents/helm/values.yaml b/helm/agents/helm/values.yaml index b0f51d9951..8ffcecbc8b 100644 --- a/helm/agents/helm/values.yaml +++ b/helm/agents/helm/values.yaml @@ -16,3 +16,7 @@ resources: compaction: {} + +podSecurityContext: {} + +securityContext: {} diff --git a/helm/agents/istio/templates/agent.yaml b/helm/agents/istio/templates/agent.yaml index e6311e8e8d..85777161f5 100644 --- a/helm/agents/istio/templates/agent.yaml +++ b/helm/agents/istio/templates/agent.yaml @@ -236,5 +236,13 @@ spec: imagePullSecrets: {{- toYaml . | nindent 8 }} {{- end }} + {{- with .Values.podSecurityContext }} + podSecurityContext: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.securityContext }} + securityContext: + {{- toYaml . | nindent 8 }} + {{- end }} resources: {{- toYaml .Values.resources | nindent 8 }} diff --git a/helm/agents/istio/values.yaml b/helm/agents/istio/values.yaml index 1cfd5eeaf3..7de147c565 100644 --- a/helm/agents/istio/values.yaml +++ b/helm/agents/istio/values.yaml @@ -15,3 +15,7 @@ resources: memory: 1Gi compaction: {} + +podSecurityContext: {} + +securityContext: {} diff --git a/helm/agents/k8s/templates/agent.yaml b/helm/agents/k8s/templates/agent.yaml index fc7660e70a..918b9f6012 100644 --- a/helm/agents/k8s/templates/agent.yaml +++ b/helm/agents/k8s/templates/agent.yaml @@ -154,5 +154,13 @@ spec: imagePullSecrets: {{- toYaml . | nindent 8 }} {{- end }} + {{- with .Values.podSecurityContext }} + podSecurityContext: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.securityContext }} + securityContext: + {{- toYaml . | nindent 8 }} + {{- end }} resources: {{- toYaml .Values.resources | nindent 8 }} diff --git a/helm/agents/k8s/values.yaml b/helm/agents/k8s/values.yaml index 1cfd5eeaf3..7de147c565 100644 --- a/helm/agents/k8s/values.yaml +++ b/helm/agents/k8s/values.yaml @@ -15,3 +15,7 @@ resources: memory: 1Gi compaction: {} + +podSecurityContext: {} + +securityContext: {} diff --git a/helm/agents/kgateway/templates/agent.yaml b/helm/agents/kgateway/templates/agent.yaml index c103468532..6123b43994 100644 --- a/helm/agents/kgateway/templates/agent.yaml +++ b/helm/agents/kgateway/templates/agent.yaml @@ -318,5 +318,13 @@ spec: imagePullSecrets: {{- toYaml . | nindent 8 }} {{- end }} + {{- with .Values.podSecurityContext }} + podSecurityContext: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.securityContext }} + securityContext: + {{- toYaml . | nindent 8 }} + {{- end }} resources: {{- toYaml .Values.resources | nindent 8 }} diff --git a/helm/agents/kgateway/values.yaml b/helm/agents/kgateway/values.yaml index 1cfd5eeaf3..7de147c565 100644 --- a/helm/agents/kgateway/values.yaml +++ b/helm/agents/kgateway/values.yaml @@ -15,3 +15,7 @@ resources: memory: 1Gi compaction: {} + +podSecurityContext: {} + +securityContext: {} diff --git a/helm/agents/observability/templates/agent.yaml b/helm/agents/observability/templates/agent.yaml index 8d7a05a101..4ef88deb0e 100644 --- a/helm/agents/observability/templates/agent.yaml +++ b/helm/agents/observability/templates/agent.yaml @@ -170,5 +170,13 @@ spec: imagePullSecrets: {{- toYaml . | nindent 8 }} {{- end }} + {{- with .Values.podSecurityContext }} + podSecurityContext: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.securityContext }} + securityContext: + {{- toYaml . | nindent 8 }} + {{- end }} resources: {{- toYaml .Values.resources | nindent 8 }} diff --git a/helm/agents/observability/values.yaml b/helm/agents/observability/values.yaml index 1cfd5eeaf3..7de147c565 100644 --- a/helm/agents/observability/values.yaml +++ b/helm/agents/observability/values.yaml @@ -15,3 +15,7 @@ resources: memory: 1Gi compaction: {} + +podSecurityContext: {} + +securityContext: {} diff --git a/helm/agents/promql/templates/agent.yaml b/helm/agents/promql/templates/agent.yaml index 17bd93fa9e..f5e3771d45 100644 --- a/helm/agents/promql/templates/agent.yaml +++ b/helm/agents/promql/templates/agent.yaml @@ -217,6 +217,14 @@ spec: imagePullSecrets: {{- toYaml . | nindent 8 }} {{- end }} + {{- with .Values.podSecurityContext }} + podSecurityContext: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.securityContext }} + securityContext: + {{- toYaml . | nindent 8 }} + {{- end }} resources: {{- toYaml .Values.resources | nindent 8 }} \ No newline at end of file diff --git a/helm/agents/promql/values.yaml b/helm/agents/promql/values.yaml index 1cfd5eeaf3..7de147c565 100644 --- a/helm/agents/promql/values.yaml +++ b/helm/agents/promql/values.yaml @@ -15,3 +15,7 @@ resources: memory: 1Gi compaction: {} + +podSecurityContext: {} + +securityContext: {} From 0531d35ed9681eed747998574d00b9756a631fa1 Mon Sep 17 00:00:00 2001 From: QuentinBisson Date: Mon, 8 Jun 2026 14:03:33 +0200 Subject: [PATCH 2/3] fix(agents): remove trailing whitespace and add missing newline in promql template Signed-off-by: QuentinBisson --- helm/agents/promql/templates/agent.yaml | 1 - 1 file changed, 1 deletion(-) diff --git a/helm/agents/promql/templates/agent.yaml b/helm/agents/promql/templates/agent.yaml index f5e3771d45..d1cb61dafb 100644 --- a/helm/agents/promql/templates/agent.yaml +++ b/helm/agents/promql/templates/agent.yaml @@ -227,4 +227,3 @@ spec: {{- end }} resources: {{- toYaml .Values.resources | nindent 8 }} - \ No newline at end of file From 797e96cd76003a7865e3def0ebe6405edf348a2a Mon Sep 17 00:00:00 2001 From: QuentinBisson Date: Mon, 8 Jun 2026 14:13:44 +0200 Subject: [PATCH 3/3] refactor(agents): extract deployment spec into shared _helpers.tpl Reduces each agent.yaml from 14 lines of repeated deployment boilerplate to a single include, and centralises imagePullSecrets, podSecurityContext, securityContext, and resources rendering in one place per chart. Signed-off-by: QuentinBisson --- helm/agents/argo-rollouts/templates/_helpers.tpl | 16 ++++++++++++++++ helm/agents/argo-rollouts/templates/agent.yaml | 15 +-------------- helm/agents/cilium-debug/templates/_helpers.tpl | 16 ++++++++++++++++ helm/agents/cilium-debug/templates/agent.yaml | 15 +-------------- .../agents/cilium-manager/templates/_helpers.tpl | 16 ++++++++++++++++ helm/agents/cilium-manager/templates/agent.yaml | 15 +-------------- helm/agents/cilium-policy/templates/_helpers.tpl | 16 ++++++++++++++++ helm/agents/cilium-policy/templates/agent.yaml | 15 +-------------- helm/agents/helm/templates/_helpers.tpl | 16 ++++++++++++++++ helm/agents/helm/templates/agent.yaml | 15 +-------------- helm/agents/istio/templates/_helpers.tpl | 16 ++++++++++++++++ helm/agents/istio/templates/agent.yaml | 15 +-------------- helm/agents/k8s/templates/_helpers.tpl | 16 ++++++++++++++++ helm/agents/k8s/templates/agent.yaml | 15 +-------------- helm/agents/kgateway/templates/_helpers.tpl | 16 ++++++++++++++++ helm/agents/kgateway/templates/agent.yaml | 15 +-------------- helm/agents/observability/templates/_helpers.tpl | 16 ++++++++++++++++ helm/agents/observability/templates/agent.yaml | 15 +-------------- helm/agents/promql/templates/_helpers.tpl | 16 ++++++++++++++++ helm/agents/promql/templates/agent.yaml | 15 +-------------- 20 files changed, 170 insertions(+), 140 deletions(-) create mode 100644 helm/agents/argo-rollouts/templates/_helpers.tpl create mode 100644 helm/agents/cilium-debug/templates/_helpers.tpl create mode 100644 helm/agents/cilium-manager/templates/_helpers.tpl create mode 100644 helm/agents/cilium-policy/templates/_helpers.tpl create mode 100644 helm/agents/helm/templates/_helpers.tpl create mode 100644 helm/agents/istio/templates/_helpers.tpl create mode 100644 helm/agents/k8s/templates/_helpers.tpl create mode 100644 helm/agents/kgateway/templates/_helpers.tpl create mode 100644 helm/agents/observability/templates/_helpers.tpl create mode 100644 helm/agents/promql/templates/_helpers.tpl diff --git a/helm/agents/argo-rollouts/templates/_helpers.tpl b/helm/agents/argo-rollouts/templates/_helpers.tpl new file mode 100644 index 0000000000..683d0a2303 --- /dev/null +++ b/helm/agents/argo-rollouts/templates/_helpers.tpl @@ -0,0 +1,16 @@ +{{- define "agent.deploymentSpec" -}} +{{- with coalesce (empty .Values.imagePullSecrets | ternary nil .Values.imagePullSecrets) .Values.global.imagePullSecrets }} +imagePullSecrets: + {{- toYaml . | nindent 2 }} +{{- end }} +{{- with .Values.podSecurityContext }} +podSecurityContext: + {{- toYaml . | nindent 2 }} +{{- end }} +{{- with .Values.securityContext }} +securityContext: + {{- toYaml . | nindent 2 }} +{{- end }} +resources: + {{- toYaml .Values.resources | nindent 2 }} +{{- end }} diff --git a/helm/agents/argo-rollouts/templates/agent.yaml b/helm/agents/argo-rollouts/templates/agent.yaml index f37d962920..033d9e5e04 100644 --- a/helm/agents/argo-rollouts/templates/agent.yaml +++ b/helm/agents/argo-rollouts/templates/agent.yaml @@ -187,17 +187,4 @@ spec: compaction: {{- toYaml .Values.compaction | nindent 8 }} {{- end }} deployment: - {{- with coalesce (empty .Values.imagePullSecrets | ternary nil .Values.imagePullSecrets) .Values.global.imagePullSecrets }} - imagePullSecrets: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.podSecurityContext }} - podSecurityContext: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.securityContext }} - securityContext: - {{- toYaml . | nindent 8 }} - {{- end }} - resources: - {{- toYaml .Values.resources | nindent 8 }} + {{- include "agent.deploymentSpec" . | nindent 6 }} diff --git a/helm/agents/cilium-debug/templates/_helpers.tpl b/helm/agents/cilium-debug/templates/_helpers.tpl new file mode 100644 index 0000000000..683d0a2303 --- /dev/null +++ b/helm/agents/cilium-debug/templates/_helpers.tpl @@ -0,0 +1,16 @@ +{{- define "agent.deploymentSpec" -}} +{{- with coalesce (empty .Values.imagePullSecrets | ternary nil .Values.imagePullSecrets) .Values.global.imagePullSecrets }} +imagePullSecrets: + {{- toYaml . | nindent 2 }} +{{- end }} +{{- with .Values.podSecurityContext }} +podSecurityContext: + {{- toYaml . | nindent 2 }} +{{- end }} +{{- with .Values.securityContext }} +securityContext: + {{- toYaml . | nindent 2 }} +{{- end }} +resources: + {{- toYaml .Values.resources | nindent 2 }} +{{- end }} diff --git a/helm/agents/cilium-debug/templates/agent.yaml b/helm/agents/cilium-debug/templates/agent.yaml index 72bad4c7f3..fe205e2bf6 100644 --- a/helm/agents/cilium-debug/templates/agent.yaml +++ b/helm/agents/cilium-debug/templates/agent.yaml @@ -160,17 +160,4 @@ spec: compaction: {{- toYaml .Values.compaction | nindent 8 }} {{- end }} deployment: - {{- with coalesce (empty .Values.imagePullSecrets | ternary nil .Values.imagePullSecrets) .Values.global.imagePullSecrets }} - imagePullSecrets: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.podSecurityContext }} - podSecurityContext: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.securityContext }} - securityContext: - {{- toYaml . | nindent 8 }} - {{- end }} - resources: - {{- toYaml .Values.resources | nindent 8 }} + {{- include "agent.deploymentSpec" . | nindent 6 }} diff --git a/helm/agents/cilium-manager/templates/_helpers.tpl b/helm/agents/cilium-manager/templates/_helpers.tpl new file mode 100644 index 0000000000..683d0a2303 --- /dev/null +++ b/helm/agents/cilium-manager/templates/_helpers.tpl @@ -0,0 +1,16 @@ +{{- define "agent.deploymentSpec" -}} +{{- with coalesce (empty .Values.imagePullSecrets | ternary nil .Values.imagePullSecrets) .Values.global.imagePullSecrets }} +imagePullSecrets: + {{- toYaml . | nindent 2 }} +{{- end }} +{{- with .Values.podSecurityContext }} +podSecurityContext: + {{- toYaml . | nindent 2 }} +{{- end }} +{{- with .Values.securityContext }} +securityContext: + {{- toYaml . | nindent 2 }} +{{- end }} +resources: + {{- toYaml .Values.resources | nindent 2 }} +{{- end }} diff --git a/helm/agents/cilium-manager/templates/agent.yaml b/helm/agents/cilium-manager/templates/agent.yaml index 51ce64035a..27284c6bb6 100644 --- a/helm/agents/cilium-manager/templates/agent.yaml +++ b/helm/agents/cilium-manager/templates/agent.yaml @@ -432,17 +432,4 @@ spec: compaction: {{- toYaml .Values.compaction | nindent 8 }} {{- end }} deployment: - {{- with coalesce (empty .Values.imagePullSecrets | ternary nil .Values.imagePullSecrets) .Values.global.imagePullSecrets }} - imagePullSecrets: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.podSecurityContext }} - podSecurityContext: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.securityContext }} - securityContext: - {{- toYaml . | nindent 8 }} - {{- end }} - resources: - {{- toYaml .Values.resources | nindent 8 }} + {{- include "agent.deploymentSpec" . | nindent 6 }} diff --git a/helm/agents/cilium-policy/templates/_helpers.tpl b/helm/agents/cilium-policy/templates/_helpers.tpl new file mode 100644 index 0000000000..683d0a2303 --- /dev/null +++ b/helm/agents/cilium-policy/templates/_helpers.tpl @@ -0,0 +1,16 @@ +{{- define "agent.deploymentSpec" -}} +{{- with coalesce (empty .Values.imagePullSecrets | ternary nil .Values.imagePullSecrets) .Values.global.imagePullSecrets }} +imagePullSecrets: + {{- toYaml . | nindent 2 }} +{{- end }} +{{- with .Values.podSecurityContext }} +podSecurityContext: + {{- toYaml . | nindent 2 }} +{{- end }} +{{- with .Values.securityContext }} +securityContext: + {{- toYaml . | nindent 2 }} +{{- end }} +resources: + {{- toYaml .Values.resources | nindent 2 }} +{{- end }} diff --git a/helm/agents/cilium-policy/templates/agent.yaml b/helm/agents/cilium-policy/templates/agent.yaml index d3eef5c089..9af38cc240 100644 --- a/helm/agents/cilium-policy/templates/agent.yaml +++ b/helm/agents/cilium-policy/templates/agent.yaml @@ -524,17 +524,4 @@ spec: compaction: {{- toYaml .Values.compaction | nindent 8 }} {{- end }} deployment: - {{- with coalesce (empty .Values.imagePullSecrets | ternary nil .Values.imagePullSecrets) .Values.global.imagePullSecrets }} - imagePullSecrets: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.podSecurityContext }} - podSecurityContext: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.securityContext }} - securityContext: - {{- toYaml . | nindent 8 }} - {{- end }} - resources: - {{- toYaml .Values.resources | nindent 8 }} + {{- include "agent.deploymentSpec" . | nindent 6 }} diff --git a/helm/agents/helm/templates/_helpers.tpl b/helm/agents/helm/templates/_helpers.tpl new file mode 100644 index 0000000000..683d0a2303 --- /dev/null +++ b/helm/agents/helm/templates/_helpers.tpl @@ -0,0 +1,16 @@ +{{- define "agent.deploymentSpec" -}} +{{- with coalesce (empty .Values.imagePullSecrets | ternary nil .Values.imagePullSecrets) .Values.global.imagePullSecrets }} +imagePullSecrets: + {{- toYaml . | nindent 2 }} +{{- end }} +{{- with .Values.podSecurityContext }} +podSecurityContext: + {{- toYaml . | nindent 2 }} +{{- end }} +{{- with .Values.securityContext }} +securityContext: + {{- toYaml . | nindent 2 }} +{{- end }} +resources: + {{- toYaml .Values.resources | nindent 2 }} +{{- end }} diff --git a/helm/agents/helm/templates/agent.yaml b/helm/agents/helm/templates/agent.yaml index fa76b0360b..0a7882798c 100644 --- a/helm/agents/helm/templates/agent.yaml +++ b/helm/agents/helm/templates/agent.yaml @@ -179,17 +179,4 @@ spec: compaction: {{- toYaml .Values.compaction | nindent 8 }} {{- end }} deployment: - {{- with coalesce (empty .Values.imagePullSecrets | ternary nil .Values.imagePullSecrets) .Values.global.imagePullSecrets }} - imagePullSecrets: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.podSecurityContext }} - podSecurityContext: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.securityContext }} - securityContext: - {{- toYaml . | nindent 8 }} - {{- end }} - resources: - {{- toYaml .Values.resources | nindent 8 }} + {{- include "agent.deploymentSpec" . | nindent 6 }} diff --git a/helm/agents/istio/templates/_helpers.tpl b/helm/agents/istio/templates/_helpers.tpl new file mode 100644 index 0000000000..683d0a2303 --- /dev/null +++ b/helm/agents/istio/templates/_helpers.tpl @@ -0,0 +1,16 @@ +{{- define "agent.deploymentSpec" -}} +{{- with coalesce (empty .Values.imagePullSecrets | ternary nil .Values.imagePullSecrets) .Values.global.imagePullSecrets }} +imagePullSecrets: + {{- toYaml . | nindent 2 }} +{{- end }} +{{- with .Values.podSecurityContext }} +podSecurityContext: + {{- toYaml . | nindent 2 }} +{{- end }} +{{- with .Values.securityContext }} +securityContext: + {{- toYaml . | nindent 2 }} +{{- end }} +resources: + {{- toYaml .Values.resources | nindent 2 }} +{{- end }} diff --git a/helm/agents/istio/templates/agent.yaml b/helm/agents/istio/templates/agent.yaml index 85777161f5..4e0b9d775e 100644 --- a/helm/agents/istio/templates/agent.yaml +++ b/helm/agents/istio/templates/agent.yaml @@ -232,17 +232,4 @@ spec: compaction: {{- toYaml .Values.compaction | nindent 8 }} {{- end }} deployment: - {{- with coalesce (empty .Values.imagePullSecrets | ternary nil .Values.imagePullSecrets) .Values.global.imagePullSecrets }} - imagePullSecrets: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.podSecurityContext }} - podSecurityContext: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.securityContext }} - securityContext: - {{- toYaml . | nindent 8 }} - {{- end }} - resources: - {{- toYaml .Values.resources | nindent 8 }} + {{- include "agent.deploymentSpec" . | nindent 6 }} diff --git a/helm/agents/k8s/templates/_helpers.tpl b/helm/agents/k8s/templates/_helpers.tpl new file mode 100644 index 0000000000..683d0a2303 --- /dev/null +++ b/helm/agents/k8s/templates/_helpers.tpl @@ -0,0 +1,16 @@ +{{- define "agent.deploymentSpec" -}} +{{- with coalesce (empty .Values.imagePullSecrets | ternary nil .Values.imagePullSecrets) .Values.global.imagePullSecrets }} +imagePullSecrets: + {{- toYaml . | nindent 2 }} +{{- end }} +{{- with .Values.podSecurityContext }} +podSecurityContext: + {{- toYaml . | nindent 2 }} +{{- end }} +{{- with .Values.securityContext }} +securityContext: + {{- toYaml . | nindent 2 }} +{{- end }} +resources: + {{- toYaml .Values.resources | nindent 2 }} +{{- end }} diff --git a/helm/agents/k8s/templates/agent.yaml b/helm/agents/k8s/templates/agent.yaml index 918b9f6012..343802569c 100644 --- a/helm/agents/k8s/templates/agent.yaml +++ b/helm/agents/k8s/templates/agent.yaml @@ -150,17 +150,4 @@ spec: compaction: {{- toYaml .Values.compaction | nindent 8 }} {{- end }} deployment: - {{- with coalesce (empty .Values.imagePullSecrets | ternary nil .Values.imagePullSecrets) .Values.global.imagePullSecrets }} - imagePullSecrets: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.podSecurityContext }} - podSecurityContext: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.securityContext }} - securityContext: - {{- toYaml . | nindent 8 }} - {{- end }} - resources: - {{- toYaml .Values.resources | nindent 8 }} + {{- include "agent.deploymentSpec" . | nindent 6 }} diff --git a/helm/agents/kgateway/templates/_helpers.tpl b/helm/agents/kgateway/templates/_helpers.tpl new file mode 100644 index 0000000000..683d0a2303 --- /dev/null +++ b/helm/agents/kgateway/templates/_helpers.tpl @@ -0,0 +1,16 @@ +{{- define "agent.deploymentSpec" -}} +{{- with coalesce (empty .Values.imagePullSecrets | ternary nil .Values.imagePullSecrets) .Values.global.imagePullSecrets }} +imagePullSecrets: + {{- toYaml . | nindent 2 }} +{{- end }} +{{- with .Values.podSecurityContext }} +podSecurityContext: + {{- toYaml . | nindent 2 }} +{{- end }} +{{- with .Values.securityContext }} +securityContext: + {{- toYaml . | nindent 2 }} +{{- end }} +resources: + {{- toYaml .Values.resources | nindent 2 }} +{{- end }} diff --git a/helm/agents/kgateway/templates/agent.yaml b/helm/agents/kgateway/templates/agent.yaml index 6123b43994..523cb40413 100644 --- a/helm/agents/kgateway/templates/agent.yaml +++ b/helm/agents/kgateway/templates/agent.yaml @@ -314,17 +314,4 @@ spec: compaction: {{- toYaml .Values.compaction | nindent 8 }} {{- end }} deployment: - {{- with coalesce (empty .Values.imagePullSecrets | ternary nil .Values.imagePullSecrets) .Values.global.imagePullSecrets }} - imagePullSecrets: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.podSecurityContext }} - podSecurityContext: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.securityContext }} - securityContext: - {{- toYaml . | nindent 8 }} - {{- end }} - resources: - {{- toYaml .Values.resources | nindent 8 }} + {{- include "agent.deploymentSpec" . | nindent 6 }} diff --git a/helm/agents/observability/templates/_helpers.tpl b/helm/agents/observability/templates/_helpers.tpl new file mode 100644 index 0000000000..683d0a2303 --- /dev/null +++ b/helm/agents/observability/templates/_helpers.tpl @@ -0,0 +1,16 @@ +{{- define "agent.deploymentSpec" -}} +{{- with coalesce (empty .Values.imagePullSecrets | ternary nil .Values.imagePullSecrets) .Values.global.imagePullSecrets }} +imagePullSecrets: + {{- toYaml . | nindent 2 }} +{{- end }} +{{- with .Values.podSecurityContext }} +podSecurityContext: + {{- toYaml . | nindent 2 }} +{{- end }} +{{- with .Values.securityContext }} +securityContext: + {{- toYaml . | nindent 2 }} +{{- end }} +resources: + {{- toYaml .Values.resources | nindent 2 }} +{{- end }} diff --git a/helm/agents/observability/templates/agent.yaml b/helm/agents/observability/templates/agent.yaml index 4ef88deb0e..6132ae2d7e 100644 --- a/helm/agents/observability/templates/agent.yaml +++ b/helm/agents/observability/templates/agent.yaml @@ -166,17 +166,4 @@ spec: compaction: {{- toYaml .Values.compaction | nindent 8 }} {{- end }} deployment: - {{- with coalesce (empty .Values.imagePullSecrets | ternary nil .Values.imagePullSecrets) .Values.global.imagePullSecrets }} - imagePullSecrets: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.podSecurityContext }} - podSecurityContext: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.securityContext }} - securityContext: - {{- toYaml . | nindent 8 }} - {{- end }} - resources: - {{- toYaml .Values.resources | nindent 8 }} + {{- include "agent.deploymentSpec" . | nindent 6 }} diff --git a/helm/agents/promql/templates/_helpers.tpl b/helm/agents/promql/templates/_helpers.tpl new file mode 100644 index 0000000000..683d0a2303 --- /dev/null +++ b/helm/agents/promql/templates/_helpers.tpl @@ -0,0 +1,16 @@ +{{- define "agent.deploymentSpec" -}} +{{- with coalesce (empty .Values.imagePullSecrets | ternary nil .Values.imagePullSecrets) .Values.global.imagePullSecrets }} +imagePullSecrets: + {{- toYaml . | nindent 2 }} +{{- end }} +{{- with .Values.podSecurityContext }} +podSecurityContext: + {{- toYaml . | nindent 2 }} +{{- end }} +{{- with .Values.securityContext }} +securityContext: + {{- toYaml . | nindent 2 }} +{{- end }} +resources: + {{- toYaml .Values.resources | nindent 2 }} +{{- end }} diff --git a/helm/agents/promql/templates/agent.yaml b/helm/agents/promql/templates/agent.yaml index d1cb61dafb..e48f0dcb1e 100644 --- a/helm/agents/promql/templates/agent.yaml +++ b/helm/agents/promql/templates/agent.yaml @@ -213,17 +213,4 @@ spec: compaction: {{- toYaml .Values.compaction | nindent 8 }} {{- end }} deployment: - {{- with coalesce (empty .Values.imagePullSecrets | ternary nil .Values.imagePullSecrets) .Values.global.imagePullSecrets }} - imagePullSecrets: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.podSecurityContext }} - podSecurityContext: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.securityContext }} - securityContext: - {{- toYaml . | nindent 8 }} - {{- end }} - resources: - {{- toYaml .Values.resources | nindent 8 }} + {{- include "agent.deploymentSpec" . | nindent 6 }}