deployment strategy support (#5091)

* feat(aws): secretsmanager to update/patch/delete tags (#4984)

* feat(aws): secretsmanager to update/patch/delete tags

Signed-off-by: ivan katliarchuk <ivan.katliarchuk@gmail.com>

* feat(aws): secretsmanager to update/patch/delete tags

Signed-off-by: ivan katliarchuk <ivan.katliarchuk@gmail.com>

* feat(aws): secretsmanager to update/patch/delete tags

Signed-off-by: ivan katliarchuk <ivan.katliarchuk@gmail.com>

---------

Signed-off-by: ivan katliarchuk <ivan.katliarchuk@gmail.com>
Signed-off-by: Jeroen Jacobs <jeroen.jacobs@portofantwerpbruges.com>

* Implement strategy support for deployments

Signed-off-by: Jeroen Jacobs <jeroen.jacobs@portofantwerpbruges.com>

* test: add missing templates to strategy tests…)

Signed-off-by: Jeroen Jacobs <jeroen.jacobs@portofantwerpbruges.com>

* test: fix asserts

Signed-off-by: Jeroen Jacobs <jeroen.jacobs@portofantwerpbruges.com>

* fix: update the e2e test with the new store status value (#5089)

* fix: update the e2e test with the new store status value

Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com>

* add argo server side apply option

Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com>

* fix tab character instead of spaces :facepalm:

Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com>

* add replace true for CRD updates

Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com>

* increase arcocd version and remove replace

Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com>

---------

Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com>
Co-authored-by: Idan Adar <iadar@il.ibm.com>
Signed-off-by: Jeroen Jacobs <jeroen.jacobs@portofantwerpbruges.com>

* fix: correct usage of if in dlc and update for server side apply (#5092)

* fix: correct usage of if in dlc and update for server side apply

Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com>

* fix tilt server side apply

Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com>

---------

Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com>
Signed-off-by: Jeroen Jacobs <jeroen.jacobs@portofantwerpbruges.com>

* chore: release helm chart for v0.19.0 (#5093)

Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com>
Signed-off-by: Jeroen Jacobs <jeroen.jacobs@portofantwerpbruges.com>

* chore: remove ubi note (#5094)

Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com>
Signed-off-by: Jeroen Jacobs <jeroen.jacobs@portofantwerpbruges.com>

* test: fix readme

Signed-off-by: Jeroen Jacobs <jeroen.jacobs@portofantwerpbruges.com>

---------

Signed-off-by: ivan katliarchuk <ivan.katliarchuk@gmail.com>
Signed-off-by: Jeroen Jacobs <jeroen.jacobs@portofantwerpbruges.com>
Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com>
Co-authored-by: Ivan Ka <5395690+ivankatliarchuk@users.noreply.github.com>
Co-authored-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com>
Co-authored-by: Idan Adar <iadar@il.ibm.com>

deploy/charts/external-secrets/README.md

@@ -83,6 +83,7 @@ The command removes all the Kubernetes components associated with the chart and
 | certController.serviceAccount.create | bool | `true` | Specifies whether a service account should be created. |
 | certController.serviceAccount.extraLabels | object | `{}` | Extra Labels to add to the service account. |
 | certController.serviceAccount.name | string | `""` | The name of the service account to use. If not set and create is true, a name is generated using the fullname template. |
+| certController.strategy | object | `{}` | Set deployment strategy |
 | certController.tolerations | list | `[]` |  |
 | certController.topologySpreadConstraints | list | `[]` |  |
 | commonLabels | object | `{}` | Additional labels added to all helm chart resources. |
@@ -175,6 +176,7 @@ The command removes all the Kubernetes components associated with the chart and
 | serviceMonitor.namespace | string | `""` | namespace where you want to install ServiceMonitors |
 | serviceMonitor.relabelings | list | `[]` | Relabel configs to apply to samples before ingestion. [Relabeling](https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config) |
 | serviceMonitor.scrapeTimeout | string | `"25s"` | Timeout if metrics can't be retrieved in given time interval |
+| strategy | object | `{}` | Set deployment strategy |
 | tolerations | list | `[]` |  |
 | topologySpreadConstraints | list | `[]` |  |
 | webhook.affinity | object | `{}` |  |
@@ -243,5 +245,6 @@ The command removes all the Kubernetes components associated with the chart and
 | webhook.serviceAccount.create | bool | `true` | Specifies whether a service account should be created. |
 | webhook.serviceAccount.extraLabels | object | `{}` | Extra Labels to add to the service account. |
 | webhook.serviceAccount.name | string | `""` | The name of the service account to use. If not set and create is true, a name is generated using the fullname template. |
+| webhook.strategy | object | `{}` | Set deployment strategy |
 | webhook.tolerations | list | `[]` |  |
 | webhook.topologySpreadConstraints | list | `[]` |  |

deploy/charts/external-secrets/templates/cert-controller-deployment.yaml

@@ -16,6 +16,10 @@ spec:
   selector:
     matchLabels:
       {{- include "external-secrets-cert-controller.selectorLabels" . | nindent 6 }}
+  {{- with .Values.certController.strategy }}
+  strategy:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
   template:
     metadata:
       {{- with .Values.certController.podAnnotations }}

deploy/charts/external-secrets/templates/deployment.yaml

@@ -17,6 +17,10 @@ spec:
   selector:
     matchLabels:
       {{- include "external-secrets.selectorLabels" . | nindent 6 }}
+  {{- with .Values.strategy }}
+  strategy:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
   template:
     metadata:
       {{- with .Values.podAnnotations }}

deploy/charts/external-secrets/templates/webhook-deployment.yaml

@@ -16,6 +16,10 @@ spec:
   selector:
     matchLabels:
       {{- include "external-secrets-webhook.selectorLabels" . | nindent 6 }}
+  {{- with .Values.webhook.strategy }}
+  strategy:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
   template:
     metadata:
       {{- with .Values.webhook.podAnnotations }}

deploy/charts/external-secrets/tests/cert_controller_test.yaml

@@ -42,7 +42,21 @@ tests:
       - equal:
           path: spec.template.spec.initContainers[0].restartPolicy
           value: Always
-
+  - it: should override the deployment strategy
+    templates:
+      - cert-controller-deployment.yaml
+    set:
+      certController.strategy:
+        rollingUpdate:
+          maxSurge: 1
+          maxUnavailable: 0
+    asserts:
+    - equal:
+        path: spec.strategy.rollingUpdate.maxSurge
+        value: 1
+    - equal:
+        path: spec.strategy.rollingUpdate.maxUnavailable
+        value: 0
   - it: should override securityContext
     set:
       certController.podSecurityContext:

deploy/charts/external-secrets/tests/controller_test.yaml

@@ -87,3 +87,16 @@ tests:
       - equal:
           path: spec.template.spec.initContainers[0].restartPolicy
           value: Always
+  - it: should override the deployment strategy
+    set:
+      strategy:
+        rollingUpdate:
+          maxSurge: 1
+          maxUnavailable: 0
+    asserts:
+      - equal:
+          path: spec.strategy.rollingUpdate.maxSurge
+          value: 1
+      - equal:
+          path: spec.strategy.rollingUpdate.maxUnavailable
+          value: 0

deploy/charts/external-secrets/tests/webhook_test.yaml

@@ -376,3 +376,18 @@ tests:
       - equal:
           path: spec.template.spec.initContainers[0].restartPolicy
           value: Always
+  - it: should override the deployment strategy
+    templates:
+      - webhook-deployment.yaml
+    set:
+      webhook.strategy:
+        rollingUpdate:
+          maxSurge: 1
+          maxUnavailable: 0
+    asserts:
+      - equal:
+          path: spec.strategy.rollingUpdate.maxSurge
+          value: 1
+      - equal:
+          path: spec.strategy.rollingUpdate.maxUnavailable
+          value: 0

deploy/charts/external-secrets/values.schema.json

@@ -121,6 +121,10 @@
                     "properties": {},
                     "type": "object"
                 },
+                "strategy": {
+                    "properties": {},
+                    "type": "object"
+                },
                 "podDisruptionBudget": {
                     "properties": {
                         "enabled": {
@@ -318,6 +322,10 @@
         "extraContainers": {
             "type": "array"
         },
+        "strategy": {
+            "properties": {},
+            "type": "object"
+        },
         "extraEnv": {
             "type": "array"
         },
@@ -829,6 +837,10 @@
                     "properties": {},
                     "type": "object"
                 },
+                "strategy": {
+                    "properties": {},
+                    "type": "object"
+                },
                 "podDisruptionBudget": {
                     "properties": {
                         "enabled": {

deploy/charts/external-secrets/values.yaml

@@ -161,6 +161,9 @@ extraContainers: []
 # -- Annotations to add to Deployment
 deploymentAnnotations: {}
 
+ # -- Set deployment strategy
+strategy: {}
+
 # -- Annotations to add to Pod
 podAnnotations: {}
 
@@ -370,6 +373,9 @@ webhook:
 
   affinity: {}
 
+  # -- Set deployment strategy
+  strategy: {}
+
     # -- Pod priority class name.
   priorityClassName: ""
 
@@ -506,6 +512,9 @@ certController:
 
   affinity: {}
 
+  # -- Set deployment strategy
+  strategy: {}
+
   # -- Run the certController on the host network
   hostNetwork: false