adding autopilot support

CHANGELOG.md

@@ -7,6 +7,10 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ## Unreleased
 
+### enhancement 
+- Add support for GKE Autopilot && allows users to set resource requets/limits on jobs. @Philip-R-Beckwith [#600](https://github.com/newrelic/k8s-metadata-injection/pull/671/)
+
+
 ### 🔒 Security
 - Allow pre-upgrade job pods to honor global security context settings @dpacheconr [#670](https://github.com/newrelic/k8s-metadata-injection/pull/670)
 

charts/nri-metadata-injection/Chart.yaml

@@ -23,3 +23,5 @@ maintainers:
     url: https://github.com/csongnr
   - name: dbudziwojskiNR
     url: https://github.com/dbudziwojskiNR
+  - name: Philip-R-Beckwith
+    url: https://github.com/Philip-R-Beckwith

charts/nri-metadata-injection/README.md

@@ -59,6 +59,7 @@ Options that can be defined globally include `affinity`, `nodeSelector`, `tolera
 | ports.health | int | `8080` | Port for health check endpoint (HTTP) |
 | ports.webhook | int | `8443` | Port on which the webhook server listens (TLS/HTTPS) |
 | priorityClassName | string | `""` | Sets pod's priorityClassName. Can be configured also with `global.priorityClassName` |
+| provider | string | `""` | Sets configs for providers with known constraints, currently has support for `GKE_AUTOPILOT` | 
 | rbac.pspEnabled | bool | `false` | Whether the chart should create Pod Security Policy objects. |
 | replicas | int | `1` |  |
 | resources | object | 100m/30M -/80M | Image for creating the needed certificates of this webhook to work |

charts/nri-metadata-injection/templates/admission-webhooks/job-patch/job-createSecret.yaml

@@ -30,6 +30,8 @@ spec:
         - name: create
           image: {{ include "newrelic.common.images.image" ( dict "defaultRegistry" "registry.k8s.io" "imageRoot" .Values.jobImage "context" .) }}
           imagePullPolicy: {{ .Values.jobImage.pullPolicy }}
+          resources:
+            {{- toYaml .Values.jobs.resources | nindent 12 }}
           {{- with include "newrelic.common.securityContext.container" . }}
           securityContext:
             {{- . | nindent 12 }}

charts/nri-metadata-injection/templates/admission-webhooks/job-patch/job-patchWebhook.yaml

@@ -30,6 +30,8 @@ spec:
         - name: patch
           image: {{ include "newrelic.common.images.image" ( dict "defaultRegistry" "registry.k8s.io" "imageRoot" .Values.jobImage "context" .) }}
           imagePullPolicy: {{ .Values.jobImage.pullPolicy }}
+          resources:
+            {{- toYaml .Values.jobs.resources | nindent 12 }}
           {{- with include "newrelic.common.securityContext.container" . }}
           securityContext:
             {{- . | nindent 12 }}

charts/nri-metadata-injection/templates/admission-webhooks/mutatingWebhookConfiguration.yaml

@@ -32,6 +32,18 @@ webhooks:
       - key: kubernetes.io/metadata.name
         operator: NotIn
         values: {{ .Values.ignoreNamespaces | toJson }}
+    {{ if include "newrelic.common.gkeAutopilot" . }}
+      - key: kubernetes.io/metadata.name
+        operator: NotIn
+        values:
+          - kube-system
+          - gke-gmp-system
+          - gke-managed-cim
+          - gke-managed-volumepopulator
+          - gke-managed-checkpointing
+          - gke-managed-parallelstorecsi
+          - gke-managed-lustrecsi
+    {{ end }}
 {{- end }}
 {{- if .Values.injectOnlyLabeledNamespaces }}
     matchLabels:

charts/nri-metadata-injection/values.yaml

@@ -6,6 +6,9 @@ fullnameOverride: ""
 # -- Name of the Kubernetes cluster monitored. Can be configured also with `global.cluster`
 cluster: ""
 
+# -- The provider that you are deploying your cluster on. Sets config options providers that are known to have constraints.
+provider:
+
 # -- Image for the New Relic Metadata Injector
 # @default -- See `values.yaml`
 image:
@@ -39,6 +42,9 @@ jobImage:
   #  - name: tmp
   #    emptyDir: {}
 
+jobs:
+  resources: {}
+
 rbac:
   # rbac.pspEnabled -- Whether the chart should create Pod Security Policy objects.
   pspEnabled: false