From 54ca8cc54db8f50a0550c0053041954475f77ff9 Mon Sep 17 00:00:00 2001
From: olegvorobiov <olegvorobyov90@gmail.com>
Date: Thu, 6 Jun 2024 12:49:53 -0400
Subject: [PATCH] added topologySpreadConstraints to controller, manager, and
 scanner

---
 charts/core/README.md                            | 3 +++
 charts/core/templates/controller-deployment.yaml | 4 ++++
 charts/core/templates/manager-deployment.yaml    | 4 ++++
 charts/core/templates/scanner-deployment.yaml    | 4 ++++
 charts/core/values.yaml                          | 3 +++
 5 files changed, 18 insertions(+)

diff --git a/charts/core/README.md b/charts/core/README.md
index fe60454d..af89e395 100644
--- a/charts/core/README.md
+++ b/charts/core/README.md
@@ -50,6 +50,7 @@ Parameter | Description | Default | Notes
 `controller.replicas` | controller replicas | `3` |
 `controller.schedulerName` | kubernetes scheduler name | `nil` |
 `controller.affinity` | controller affinity rules  | ... | spread controllers to different nodes |
+`controller.topologySpreadConstraints` | List of constraints to control Pods spread across the cluster | `nil` |
 `controller.tolerations` | List of node taints to tolerate | `nil` |
 `controller.resources` | Add resources requests and limits to controller deployment | `{}` | see examples in [values.yaml](values.yaml)
 `controller.nodeSelector` | Enable and specify nodeSelector labels | `{}` |
@@ -186,6 +187,7 @@ Parameter | Description | Default | Notes
 `manager.ingress.secretName` | Name of the secret to be used for TLS-encryption | `nil` | Secret must be created separately (Let's encrypt, manually)
 `manager.resources` | Add resources requests and limits to manager deployment | `{}` | see examples in [values.yaml](values.yaml)
 `manager.affinity` | manager affinity rules  | `{}` |
+`manager.topologySpreadConstraints` | List of constraints to control Pods spread across the cluster | `nil` |
 `manager.tolerations` | List of node taints to tolerate | `nil` |
 `manager.nodeSelector` | Enable and specify nodeSelector labels | `{}` |
 `manager.runAsUser` | Specify the run as User ID | `nil` |
@@ -255,6 +257,7 @@ Parameter | Description | Default | Notes
 `cve.scanner.dockerPath` | the remote docker socket if CI/CD integration need scan images before they are pushed to the registry | `nil` |
 `cve.scanner.resources` | Add resources requests and limits to scanner deployment | `{}` | see examples in [values.yaml](values.yaml) |
 `cve.scanner.affinity` | scanner affinity rules  | `{}` |
+`cve.scanner.topologySpreadConstraints` | List of constraints to control Pods spread across the cluster | `nil` |
 `cve.scanner.tolerations` | List of node taints to tolerate | `nil` |
 `cve.scanner.nodeSelector` | Enable and specify nodeSelector labels | `{}` |
 `cve.scanner.runAsUser` | Specify the run as User ID | `nil` |
diff --git a/charts/core/templates/controller-deployment.yaml b/charts/core/templates/controller-deployment.yaml
index 691503f2..8c2a1d5f 100644
--- a/charts/core/templates/controller-deployment.yaml
+++ b/charts/core/templates/controller-deployment.yaml
@@ -59,6 +59,10 @@ spec:
       {{- if .Values.controller.tolerations }}
       tolerations:
 {{ toYaml .Values.controller.tolerations | indent 8 }}
+      {{- end }}
+      {{- if .Values.controller.topologySpreadConstraints }}
+      topologySpreadConstraints:
+{{ toYaml .Values.controller.topologySpreadConstraints | indent 8 }}
       {{- end }}
       {{- if .Values.controller.nodeSelector }}
       nodeSelector:
diff --git a/charts/core/templates/manager-deployment.yaml b/charts/core/templates/manager-deployment.yaml
index 2a85b3b9..fa68e34e 100644
--- a/charts/core/templates/manager-deployment.yaml
+++ b/charts/core/templates/manager-deployment.yaml
@@ -42,6 +42,10 @@ spec:
       {{- if .Values.manager.tolerations }}
       tolerations:
 {{ toYaml .Values.manager.tolerations | indent 8 }}
+      {{- end }}
+      {{- if .Values.manager.topologySpreadConstraints }}
+      topologySpreadConstraints:
+{{ toYaml .Values.manager.topologySpreadConstraints | indent 8 }}
       {{- end }}
       {{- if .Values.manager.nodeSelector }}
       nodeSelector:
diff --git a/charts/core/templates/scanner-deployment.yaml b/charts/core/templates/scanner-deployment.yaml
index 0c068cb8..0e41c334 100644
--- a/charts/core/templates/scanner-deployment.yaml
+++ b/charts/core/templates/scanner-deployment.yaml
@@ -38,6 +38,10 @@ spec:
       {{- if .Values.cve.scanner.tolerations }}
       tolerations:
 {{ toYaml .Values.cve.scanner.tolerations | indent 8 }}
+      {{- end }}
+      {{- if .Values.cve.scanner.topologySpreadConstraints }}
+      topologySpreadConstraints:
+{{ toYaml .Values.cve.scanner.topologySpreadConstraints | indent 8 }}
       {{- end }}
       {{- if .Values.cve.scanner.nodeSelector }}
       nodeSelector:
diff --git a/charts/core/values.yaml b/charts/core/values.yaml
index 9bbd6875..60b523cd 100644
--- a/charts/core/values.yaml
+++ b/charts/core/values.yaml
@@ -98,6 +98,7 @@ controller:
                     - neuvector-controller-pod
             topologyKey: "kubernetes.io/hostname"
   tolerations: []
+  topologySpreadConstraints: []
   nodeSelector:
     {}
     # key1: value1
@@ -382,6 +383,7 @@ manager:
     # requests:
     #   cpu: 100m
     #   memory: 2280Mi
+  topologySpreadConstraints: []
   affinity: {}
   podLabels: {}
   podAnnotations: {}
@@ -524,6 +526,7 @@ cve:
       # requests:
       #   cpu: 100m
       #   memory: 2280Mi
+    topologySpreadConstraints: []
     affinity: {}
     podLabels: {}
     podAnnotations: {}