diff --git a/egress/templates/_helpers.tpl b/egress/templates/_helpers.tpl index e1dbcfe..d5f6fe4 100644 --- a/egress/templates/_helpers.tpl +++ b/egress/templates/_helpers.tpl @@ -36,6 +36,8 @@ Common labels {{- define "egress.labels" -}} helm.sh/chart: {{ include "egress.chart" . }} {{ include "egress.selectorLabels" . }} +app.kubernetes.io/component: egress +app.kubernetes.io/part-of: livekit {{- if .Chart.AppVersion }} app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} {{- end }} diff --git a/egress/templates/configmap.yaml b/egress/templates/configmap.yaml index 409929d..a8a0c15 100644 --- a/egress/templates/configmap.yaml +++ b/egress/templates/configmap.yaml @@ -2,6 +2,8 @@ apiVersion: v1 kind: ConfigMap metadata: name: {{ include "egress.fullname" . }} + labels: + {{- include "egress.labels" . | nindent 4 }} data: config.yaml: | {{ toYaml .Values.egress | indent 4 }} diff --git a/egress/templates/deployment.yaml b/egress/templates/deployment.yaml index 4a8808a..1c697ae 100644 --- a/egress/templates/deployment.yaml +++ b/egress/templates/deployment.yaml @@ -20,6 +20,9 @@ spec: checksum/config: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }} labels: {{- include "egress.selectorLabels" . | nindent 8 }} + {{- with .Values.podLabels }} + {{- toYaml . | nindent 8 }} + {{- end }} spec: serviceAccountName: {{ include "egress.serviceAccountName" . }} securityContext: diff --git a/egress/templates/pdb.yaml b/egress/templates/pdb.yaml new file mode 100644 index 0000000..ec6f4cd --- /dev/null +++ b/egress/templates/pdb.yaml @@ -0,0 +1,18 @@ +{{- if .Values.podDisruptionBudget.enabled }} +apiVersion: policy/v1 +kind: PodDisruptionBudget +metadata: + name: {{ include "egress.fullname" . }} + labels: + {{- include "egress.labels" . | nindent 4 }} +spec: + {{- if .Values.podDisruptionBudget.minAvailable }} + minAvailable: {{ .Values.podDisruptionBudget.minAvailable }} + {{- end }} + {{- if .Values.podDisruptionBudget.maxUnavailable }} + maxUnavailable: {{ .Values.podDisruptionBudget.maxUnavailable }} + {{- end }} + selector: + matchLabels: + {{- include "egress.selectorLabels" . | nindent 6 }} +{{- end }} diff --git a/egress/values.yaml b/egress/values.yaml index 1343c35..ac3110c 100644 --- a/egress/values.yaml +++ b/egress/values.yaml @@ -34,6 +34,9 @@ podAnnotations: sidecar.istio.io/inject: "false" linkerd.io/inject: disabled +# Extra labels to add to pods. Useful for network policy selectors. +podLabels: {} + podSecurityContext: {} securityContext: {} @@ -41,3 +44,10 @@ securityContext: {} tolerations: [] affinity: {} + +# Pod Disruption Budget ensures minimum availability during voluntary disruptions +# (node drains, cluster upgrades). Disabled by default — enable when running 2+ replicas. +podDisruptionBudget: + enabled: false + # minAvailable: 1 + # maxUnavailable: 1 diff --git a/ingress/templates/_helpers.tpl b/ingress/templates/_helpers.tpl index 8c9e045..b45dcfc 100644 --- a/ingress/templates/_helpers.tpl +++ b/ingress/templates/_helpers.tpl @@ -36,6 +36,8 @@ Common labels {{- define "ingress.labels" -}} helm.sh/chart: {{ include "ingress.chart" . }} {{ include "ingress.selectorLabels" . }} +app.kubernetes.io/component: ingress +app.kubernetes.io/part-of: livekit {{- if .Chart.AppVersion }} app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} {{- end }} diff --git a/ingress/templates/configmap.yaml b/ingress/templates/configmap.yaml index 0ab2a6f..2f89d7b 100644 --- a/ingress/templates/configmap.yaml +++ b/ingress/templates/configmap.yaml @@ -2,6 +2,8 @@ apiVersion: v1 kind: ConfigMap metadata: name: {{ include "ingress.fullname" . }} + labels: + {{- include "ingress.labels" . | nindent 4 }} data: config.yaml: | {{ toYaml .Values.ingress | indent 4 }} diff --git a/ingress/templates/deployment.yaml b/ingress/templates/deployment.yaml index c2d2307..df9b323 100644 --- a/ingress/templates/deployment.yaml +++ b/ingress/templates/deployment.yaml @@ -20,6 +20,9 @@ spec: checksum/config: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }} labels: {{- include "ingress.selectorLabels" . | nindent 8 }} + {{- with .Values.podLabels }} + {{- toYaml . | nindent 8 }} + {{- end }} spec: serviceAccountName: {{ include "ingress.serviceAccountName" . }} securityContext: diff --git a/ingress/templates/pdb.yaml b/ingress/templates/pdb.yaml new file mode 100644 index 0000000..6185e49 --- /dev/null +++ b/ingress/templates/pdb.yaml @@ -0,0 +1,18 @@ +{{- if .Values.podDisruptionBudget.enabled }} +apiVersion: policy/v1 +kind: PodDisruptionBudget +metadata: + name: {{ include "ingress.fullname" . }} + labels: + {{- include "ingress.labels" . | nindent 4 }} +spec: + {{- if .Values.podDisruptionBudget.minAvailable }} + minAvailable: {{ .Values.podDisruptionBudget.minAvailable }} + {{- end }} + {{- if .Values.podDisruptionBudget.maxUnavailable }} + maxUnavailable: {{ .Values.podDisruptionBudget.maxUnavailable }} + {{- end }} + selector: + matchLabels: + {{- include "ingress.selectorLabels" . | nindent 6 }} +{{- end }} diff --git a/ingress/values.yaml b/ingress/values.yaml index 00d8b06..635c4d5 100644 --- a/ingress/values.yaml +++ b/ingress/values.yaml @@ -53,6 +53,12 @@ podAnnotations: sidecar.istio.io/inject: "false" linkerd.io/inject: disabled +# Extra labels to add to pods. Useful for network policy selectors. +# Ingress uses host networking, so it typically needs to bypass CNI +# network policies (Calico, Cilium, etc.). +podLabels: {} + # networking/allow-host-network: "true" + podSecurityContext: {} securityContext: {} @@ -60,3 +66,10 @@ securityContext: {} tolerations: [] affinity: {} + +# Pod Disruption Budget ensures minimum availability during voluntary disruptions +# (node drains, cluster upgrades). Disabled by default — enable when running 2+ replicas. +podDisruptionBudget: + enabled: false + # minAvailable: 1 + # maxUnavailable: 1 diff --git a/livekit-server/templates/_helpers.tpl b/livekit-server/templates/_helpers.tpl index e136477..b59807d 100644 --- a/livekit-server/templates/_helpers.tpl +++ b/livekit-server/templates/_helpers.tpl @@ -36,6 +36,8 @@ Common labels {{- define "livekit-server.labels" -}} helm.sh/chart: {{ include "livekit-server.chart" . }} {{ include "livekit-server.selectorLabels" . }} +app.kubernetes.io/component: sfu +app.kubernetes.io/part-of: livekit {{- if .Chart.AppVersion }} app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} {{- end }} diff --git a/livekit-server/templates/backendconfig.yaml b/livekit-server/templates/backendconfig.yaml index 659737f..223440d 100644 --- a/livekit-server/templates/backendconfig.yaml +++ b/livekit-server/templates/backendconfig.yaml @@ -3,6 +3,8 @@ apiVersion: cloud.google.com/v1 kind: BackendConfig metadata: name: {{ include "livekit-server.fullname" . }} + labels: + {{- include "livekit-server.labels" . | nindent 4 }} spec: {{ .Values.gcp.backendConfig | toPrettyJson }} {{ end }} \ No newline at end of file diff --git a/livekit-server/templates/configmap.yaml b/livekit-server/templates/configmap.yaml index a44fc82..ff28dd7 100644 --- a/livekit-server/templates/configmap.yaml +++ b/livekit-server/templates/configmap.yaml @@ -2,6 +2,8 @@ apiVersion: v1 kind: ConfigMap metadata: name: {{ include "livekit-server.fullname" . }} + labels: + {{- include "livekit-server.labels" . | nindent 4 }} data: config.yaml: | {{ toYaml .Values.livekit | indent 4 }} diff --git a/livekit-server/templates/deployment.yaml b/livekit-server/templates/deployment.yaml index 7b35cee..b085e0f 100644 --- a/livekit-server/templates/deployment.yaml +++ b/livekit-server/templates/deployment.yaml @@ -28,6 +28,9 @@ spec: checksum/config: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }} labels: {{- include "livekit-server.selectorLabels" . | nindent 8 }} + {{- with .Values.podLabels }} + {{- toYaml . | nindent 8 }} + {{- end }} spec: {{- with .Values.imagePullSecrets }} imagePullSecrets: diff --git a/livekit-server/templates/pdb.yaml b/livekit-server/templates/pdb.yaml new file mode 100644 index 0000000..4197ec2 --- /dev/null +++ b/livekit-server/templates/pdb.yaml @@ -0,0 +1,18 @@ +{{- if .Values.podDisruptionBudget.enabled }} +apiVersion: policy/v1 +kind: PodDisruptionBudget +metadata: + name: {{ include "livekit-server.fullname" . }} + labels: + {{- include "livekit-server.labels" . | nindent 4 }} +spec: + {{- if .Values.podDisruptionBudget.minAvailable }} + minAvailable: {{ .Values.podDisruptionBudget.minAvailable }} + {{- end }} + {{- if .Values.podDisruptionBudget.maxUnavailable }} + maxUnavailable: {{ .Values.podDisruptionBudget.maxUnavailable }} + {{- end }} + selector: + matchLabels: + {{- include "livekit-server.selectorLabels" . | nindent 6 }} +{{- end }} diff --git a/livekit-server/values.yaml b/livekit-server/values.yaml index bcf6d51..7bf072e 100644 --- a/livekit-server/values.yaml +++ b/livekit-server/values.yaml @@ -106,6 +106,12 @@ serviceAccount: podHostNetwork: true +# Extra labels to add to pods. Useful for network policy selectors. +# LiveKit uses host networking and wide port ranges, so it typically needs +# to bypass CNI network policies (Calico, Cilium, etc.). +podLabels: {} + # networking/allow-host-network: "true" + podAnnotations: sidecar.istio.io/inject: "false" linkerd.io/inject: disabled @@ -150,3 +156,10 @@ serviceMonitor: name: "" # The scrape interval interval: 30s + +# Pod Disruption Budget ensures minimum availability during voluntary disruptions +# (node drains, cluster upgrades). Disabled by default — enable when running 2+ replicas. +podDisruptionBudget: + enabled: false + # minAvailable: 1 + # maxUnavailable: 1