feat(helm): add labels and annotations for capsuleconfiguration (#1710)

oliverbaehler · web-flow · commit 2261ea6f4eb3 · 2025-10-20T15:37:12.000+02:00
Signed-off-by: Oliver Bähler &lt;oliverbaehler@hotmail.com&gt;
diff --git a/charts/capsule/README.md b/charts/capsule/README.md
@@ -107,11 +107,13 @@ The following Values have changed key or Value:
 | manager.kind | string | `"Deployment"` | Set the controller deployment mode as `Deployment` or `DaemonSet`. |
 | manager.livenessProbe | object | `{"httpGet":{"path":"/healthz","port":10080}}` | Configure the liveness probe using Deployment probe spec |
 | manager.options.allowServiceAccountPromotion | bool | `false` | ServiceAccounts within tenant namespaces can be promoted to owners of the given tenant this can be achieved by labeling the serviceaccount and then they are considered owners. This can only be done by other owners of the tenant. However ServiceAccounts which have been promoted to owner can not promote further serviceAccounts. |
+| manager.options.annotations | object | `{}` | Additional annotations to add to the CapsuleConfiguration resource |
 | manager.options.capsuleConfiguration | string | `"default"` | Change the default name of the capsule configuration name |
 | manager.options.capsuleUserGroups | list | `["projectcapsule.dev"]` | Names of the groups considered as Capsule users. |
 | manager.options.forceTenantPrefix | bool | `false` | Boolean, enforces the Tenant owner, during Namespace creation, to name it using the selected Tenant name as prefix, separated by a dash |
 | manager.options.generateCertificates | bool | `true` | Specifies whether capsule webhooks certificates should be generated by capsule operator |
 | manager.options.ignoreUserWithGroups | list | `[]` | Define groups which when found in the request of a user will be ignored by the Capsule this might be useful if you have one group where all the users are in, but you want to separate administrators from normal users with additional groups. |
+| manager.options.labels | object | `{}` | Additional labels to add to the CapsuleConfiguration resource |
 | manager.options.logLevel | string | `"4"` | Set the log verbosity of the capsule with a value from 1 to 10 |
 | manager.options.nodeMetadata | object | `{"forbiddenAnnotations":{"denied":[],"deniedRegex":""},"forbiddenLabels":{"denied":[],"deniedRegex":""}}` | Allows to set the forbidden metadata for the worker nodes that could be patched by a Tenant |
 | manager.options.protectedNamespaceRegex | string | `""` | If specified, disallows creation of namespaces matching the passed regexp |
diff --git a/charts/capsule/templates/configuration-default.yaml b/charts/capsule/templates/configuration-default.yaml
@@ -5,8 +5,11 @@ metadata:
   name: default
   labels:
   {{- include "capsule.labels" . | nindent 4 }}
+  {{- with .Values.manager.options.labels }}
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
   annotations:
-  {{- with .Values.customAnnotations }}
+  {{- with (mergeOverwrite .Values.customAnnotations .Values.manager.options.annotations) }}
     {{- toYaml . | nindent 4 }}
   {{- end }}
 spec:
diff --git a/charts/capsule/values.schema.json b/charts/capsule/values.schema.json
@@ -297,6 +297,10 @@
                             "description": "ServiceAccounts within tenant namespaces can be promoted to owners of the given tenant this can be achieved by labeling the serviceaccount and then they are considered owners. This can only be done by other owners of the tenant. However ServiceAccounts which have been promoted to owner can not promote further serviceAccounts.",
                             "type": "boolean"
                         },
+                        "annotations": {
+                            "description": "Additional annotations to add to the CapsuleConfiguration resource",
+                            "type": "object"
+                        },
                         "capsuleConfiguration": {
                             "description": "Change the default name of the capsule configuration name",
                             "type": "string"
@@ -320,6 +324,10 @@
                             "description": "Define groups which when found in the request of a user will be ignored by the Capsule this might be useful if you have one group where all the users are in, but you want to separate administrators from normal users with additional groups.",
                             "type": "array"
                         },
+                        "labels": {
+                            "description": "Additional labels to add to the CapsuleConfiguration resource",
+                            "type": "object"
+                        },
                         "logLevel": {
                             "description": "Set the log verbosity of the capsule with a value from 1 to 10",
                             "type": "string"
diff --git a/charts/capsule/values.yaml b/charts/capsule/values.yaml
@@ -158,6 +158,10 @@ manager:
 
   # Additional Capsule Controller Options
   options:
+    # -- Additional labels to add to the CapsuleConfiguration resource
+    labels: {}
+    # -- Additional annotations to add to the CapsuleConfiguration resource
+    annotations: {}
     # -- Change the default name of the capsule configuration name
     capsuleConfiguration: default
     # -- Set the log verbosity of the capsule with a value from 1 to 10
