From 22b29e26b8a20c28894fbd0b17c3da42a474499a Mon Sep 17 00:00:00 2001 From: Philip-R-Beckwith Date: Wed, 19 Nov 2025 10:04:40 -0800 Subject: [PATCH 1/4] adding autopilot support --- charts/nri-metadata-injection/Chart.yaml | 2 ++ charts/nri-metadata-injection/README.md | 1 + .../job-patch/job-createSecret.yaml | 2 ++ .../job-patch/job-patchWebhook.yaml | 2 ++ .../mutatingWebhookConfiguration.yaml | 12 ++++++++++++ charts/nri-metadata-injection/values.yaml | 8 ++++++++ 6 files changed, 27 insertions(+) diff --git a/charts/nri-metadata-injection/Chart.yaml b/charts/nri-metadata-injection/Chart.yaml index ef0cf359..0265210b 100644 --- a/charts/nri-metadata-injection/Chart.yaml +++ b/charts/nri-metadata-injection/Chart.yaml @@ -23,3 +23,5 @@ maintainers: url: https://github.com/csongnr - name: dbudziwojskiNR url: https://github.com/dbudziwojskiNR + - name: Philip-R-Beckwith + url: https://github.com/Philip-R-Beckwith \ No newline at end of file diff --git a/charts/nri-metadata-injection/README.md b/charts/nri-metadata-injection/README.md index 02832e9a..7c83c641 100644 --- a/charts/nri-metadata-injection/README.md +++ b/charts/nri-metadata-injection/README.md @@ -59,6 +59,7 @@ Options that can be defined globally include `affinity`, `nodeSelector`, `tolera | ports.health | int | `8080` | Port for health check endpoint (HTTP) | | ports.webhook | int | `8443` | Port on which the webhook server listens (TLS/HTTPS) | | priorityClassName | string | `""` | Sets pod's priorityClassName. Can be configured also with `global.priorityClassName` | +| provider | string | `""` | Sets configs for providers with known constraints, currently has support for `GKE_AUTOPILOT` | | rbac.pspEnabled | bool | `false` | Whether the chart should create Pod Security Policy objects. | | replicas | int | `1` | | | resources | object | 100m/30M -/80M | Image for creating the needed certificates of this webhook to work | diff --git a/charts/nri-metadata-injection/templates/admission-webhooks/job-patch/job-createSecret.yaml b/charts/nri-metadata-injection/templates/admission-webhooks/job-patch/job-createSecret.yaml index 40c4c751..04abf748 100644 --- a/charts/nri-metadata-injection/templates/admission-webhooks/job-patch/job-createSecret.yaml +++ b/charts/nri-metadata-injection/templates/admission-webhooks/job-patch/job-createSecret.yaml @@ -30,6 +30,8 @@ spec: - name: create image: {{ include "newrelic.common.images.image" ( dict "defaultRegistry" "registry.k8s.io" "imageRoot" .Values.jobImage "context" .) }} imagePullPolicy: {{ .Values.jobImage.pullPolicy }} + resources: + {{- toYaml .Values.jobs.resources | nindent 12 }} {{- with include "newrelic.common.securityContext.container" . }} securityContext: {{- . | nindent 12 }} diff --git a/charts/nri-metadata-injection/templates/admission-webhooks/job-patch/job-patchWebhook.yaml b/charts/nri-metadata-injection/templates/admission-webhooks/job-patch/job-patchWebhook.yaml index 66809eaf..32a26369 100644 --- a/charts/nri-metadata-injection/templates/admission-webhooks/job-patch/job-patchWebhook.yaml +++ b/charts/nri-metadata-injection/templates/admission-webhooks/job-patch/job-patchWebhook.yaml @@ -30,6 +30,8 @@ spec: - name: patch image: {{ include "newrelic.common.images.image" ( dict "defaultRegistry" "registry.k8s.io" "imageRoot" .Values.jobImage "context" .) }} imagePullPolicy: {{ .Values.jobImage.pullPolicy }} + resources: + {{- toYaml .Values.jobs.resources | nindent 12 }} {{- with include "newrelic.common.securityContext.container" . }} securityContext: {{- . | nindent 12 }} diff --git a/charts/nri-metadata-injection/templates/admission-webhooks/mutatingWebhookConfiguration.yaml b/charts/nri-metadata-injection/templates/admission-webhooks/mutatingWebhookConfiguration.yaml index 41b66d31..26015b48 100644 --- a/charts/nri-metadata-injection/templates/admission-webhooks/mutatingWebhookConfiguration.yaml +++ b/charts/nri-metadata-injection/templates/admission-webhooks/mutatingWebhookConfiguration.yaml @@ -32,6 +32,18 @@ webhooks: - key: kubernetes.io/metadata.name operator: NotIn values: {{ .Values.ignoreNamespaces | toJson }} + {{ if include "newrelic.common.gkeAutopilot" . }} + - key: kubernetes.io/metadata.name + operator: NotIn + values: + - kube-system + - gke-gmp-system + - gke-managed-cim + - gke-managed-volumepopulator + - gke-managed-checkpointing + - gke-managed-parallelstorecsi + - gke-managed-lustrecsi + {{ end }} {{- end }} {{- if .Values.injectOnlyLabeledNamespaces }} matchLabels: diff --git a/charts/nri-metadata-injection/values.yaml b/charts/nri-metadata-injection/values.yaml index e9355f86..21f13e40 100644 --- a/charts/nri-metadata-injection/values.yaml +++ b/charts/nri-metadata-injection/values.yaml @@ -6,6 +6,9 @@ fullnameOverride: "" # -- Name of the Kubernetes cluster monitored. Can be configured also with `global.cluster` cluster: "" +# -- The provider that you are deploying your cluster on. Sets config options providers that are known to have constraints. +provider: + # -- Image for the New Relic Metadata Injector # @default -- See `values.yaml` image: @@ -39,6 +42,9 @@ jobImage: # - name: tmp # emptyDir: {} +jobs: + resources: {} + rbac: # rbac.pspEnabled -- Whether the chart should create Pod Security Policy objects. pspEnabled: false @@ -61,6 +67,8 @@ resources: cpu: 100m memory: 30M + + # -- Sets pod's priorityClassName. Can be configured also with `global.priorityClassName` priorityClassName: "" # -- (bool) Sets pod's hostNetwork. Can be configured also with `global.hostNetwork` From 1ed96a0b976c64858176833aa64ab82a3e5fb840 Mon Sep 17 00:00:00 2001 From: Philip-R-Beckwith Date: Wed, 19 Nov 2025 10:12:42 -0800 Subject: [PATCH 2/4] change log --- CHANGELOG.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 298c34cc..f6555e1b 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -7,6 +7,10 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 ## Unreleased +### enhancement +- Add support for GKE Autopilot && allows users to set resource requets/limits on jobs. @Philip-R-Beckwith [#600](https://github.com/newrelic/k8s-metadata-injection/pull/671/) + + ### 🔒 Security - Allow pre-upgrade job pods to honor global security context settings @dpacheconr [#670](https://github.com/newrelic/k8s-metadata-injection/pull/670) From b09f125f35e71efb2f6cd6385c58d01c2ca27de7 Mon Sep 17 00:00:00 2001 From: Philip-R-Beckwith Date: Wed, 19 Nov 2025 10:32:22 -0800 Subject: [PATCH 3/4] lint --- charts/nri-metadata-injection/Chart.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/nri-metadata-injection/Chart.yaml b/charts/nri-metadata-injection/Chart.yaml index 0265210b..e8bf9d19 100644 --- a/charts/nri-metadata-injection/Chart.yaml +++ b/charts/nri-metadata-injection/Chart.yaml @@ -24,4 +24,4 @@ maintainers: - name: dbudziwojskiNR url: https://github.com/dbudziwojskiNR - name: Philip-R-Beckwith - url: https://github.com/Philip-R-Beckwith \ No newline at end of file + url: https://github.com/Philip-R-Beckwith From 894f170e22e9002e0f29b8d982c203f19fbef89e Mon Sep 17 00:00:00 2001 From: Philip-R-Beckwith Date: Wed, 19 Nov 2025 10:38:36 -0800 Subject: [PATCH 4/4] lint --- charts/nri-metadata-injection/values.yaml | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/charts/nri-metadata-injection/values.yaml b/charts/nri-metadata-injection/values.yaml index 21f13e40..2f27ddc1 100644 --- a/charts/nri-metadata-injection/values.yaml +++ b/charts/nri-metadata-injection/values.yaml @@ -6,8 +6,8 @@ fullnameOverride: "" # -- Name of the Kubernetes cluster monitored. Can be configured also with `global.cluster` cluster: "" -# -- The provider that you are deploying your cluster on. Sets config options providers that are known to have constraints. -provider: +# -- The provider that you are deploying your cluster on. Sets config options providers that are known to have constraints. +provider: # -- Image for the New Relic Metadata Injector # @default -- See `values.yaml` @@ -67,8 +67,6 @@ resources: cpu: 100m memory: 30M - - # -- Sets pod's priorityClassName. Can be configured also with `global.priorityClassName` priorityClassName: "" # -- (bool) Sets pod's hostNetwork. Can be configured also with `global.hostNetwork`