From 3ce721fca4ecbad0265a95ea02dbab04289b4e69 Mon Sep 17 00:00:00 2001
From: Toninh0 <antoine.severac@gmail.com>
Date: Thu, 1 Jun 2023 11:38:22 +0200
Subject: [PATCH] CSI configurable nodeSelector and affinity (#862)

---
 CHANGELOG.md                 |  3 ++
 templates/_helpers.tpl       | 28 +++++++++++++++
 templates/csi-daemonset.yaml |  2 ++
 test/unit/csi-daemonset.bats | 68 ++++++++++++++++++++++++++++++++++++
 values.schema.json           | 14 ++++++++
 values.yaml                  | 11 ++++++
 6 files changed, 126 insertions(+)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 2d12e92..eabf9fe 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -4,6 +4,9 @@ Changes:
 * Latest Kubernetes version tested is now 1.27
 * server: Headless service ignores `server.service.publishNotReadyAddresses` setting and always sets it as `true` [GH-902](https://github.com/hashicorp/vault-helm/pull/902)
 
+Features:
+* CSI: Make `nodeSelector` and `affinity` configurable for CSI daemonset's pods [GH-862](https://github.com/hashicorp/vault-helm/pull/862)
+
 Bugs:
 * server: Set the default for `prometheusRules.rules` to an empty list [GH-886](https://github.com/hashicorp/vault-helm/pull/886)
 
diff --git a/templates/_helpers.tpl b/templates/_helpers.tpl
index 4b6baf1..dafac37 100644
--- a/templates/_helpers.tpl
+++ b/templates/_helpers.tpl
@@ -849,6 +849,34 @@ Sets the injector toleration for pod placement
   {{- end }}
 {{- end -}}
 
+{{/*
+Sets the CSI provider nodeSelector for pod placement
+*/}}
+{{- define "csi.pod.nodeselector" -}}
+  {{- if .Values.csi.pod.nodeSelector }}
+      nodeSelector:
+      {{- $tp := typeOf .Values.csi.pod.nodeSelector }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.csi.pod.nodeSelector . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.csi.pod.nodeSelector | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+{{/*
+Sets the CSI provider affinity for pod placement.
+*/}}
+{{- define "csi.pod.affinity" -}}
+  {{- if .Values.csi.pod.affinity }}
+      affinity:
+        {{ $tp := typeOf .Values.csi.pod.affinity }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.csi.pod.affinity . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.csi.pod.affinity | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
 {{/*
 Sets extra CSI provider pod annotations
 */}}
diff --git a/templates/csi-daemonset.yaml b/templates/csi-daemonset.yaml
index a32ef7c..28e7cd0 100644
--- a/templates/csi-daemonset.yaml
+++ b/templates/csi-daemonset.yaml
@@ -45,6 +45,8 @@ spec:
       {{- end }}
       serviceAccountName: {{ template "vault.fullname" . }}-csi-provider
       {{- template "csi.pod.tolerations" . }}
+      {{- template "csi.pod.nodeselector" . }}
+      {{- template "csi.pod.affinity" . }}
       containers:
         - name: {{ include "vault.name" . }}-csi-provider
           {{ template "csi.resources" . }}
diff --git a/test/unit/csi-daemonset.bats b/test/unit/csi-daemonset.bats
index 3ad9675..97bc86d 100644
--- a/test/unit/csi-daemonset.bats
+++ b/test/unit/csi-daemonset.bats
@@ -345,6 +345,74 @@ load _helpers
   [ "${actual}" = "true" ]
 }
 
+#--------------------------------------------------------------------
+# nodeSelector
+@test "csi/daemonset: nodeSelector not set by default" {
+  cd `chart_dir`
+  local actual=$(helm template \
+      --show-only templates/csi-daemonset.yaml  \
+      --set 'csi.enabled=true' \
+      . | tee /dev/stderr |
+      yq '.spec.template.spec | .nodeSelector? == null' | tee /dev/stderr)
+  [ "${actual}" = "true" ]
+}
+
+@test "csi/daemonset: nodeSelector can be set as string" {
+  cd `chart_dir`
+  local actual=$(helm template \
+      --show-only templates/csi-daemonset.yaml  \
+      --set 'csi.enabled=true' \
+      --set 'csi.pod.nodeSelector=foobar' \
+      . | tee /dev/stderr |
+      yq '.spec.template.spec.nodeSelector == "foobar"' | tee /dev/stderr)
+  [ "${actual}" = "true" ]
+}
+
+@test "csi/daemonset: nodeSelector can be set as YAML" {
+  cd `chart_dir`
+  local actual=$(helm template \
+      --show-only templates/csi-daemonset.yaml  \
+      --set 'csi.enabled=true' \
+      --set "csi.pod.nodeSelector[0].foo=bar,csi.pod.nodeSelector[1].baz=qux" \
+      . | tee /dev/stderr |
+      yq '.spec.template.spec.nodeSelector[0].foo == "bar" and .spec.template.spec.nodeSelector[1].baz == "qux"' | tee /dev/stderr)
+  [ "${actual}" = "true" ]
+}
+
+#--------------------------------------------------------------------
+# affinity
+@test "csi/daemonset: affinity not set by default" {
+  cd `chart_dir`
+  local actual=$(helm template \
+      --show-only templates/csi-daemonset.yaml  \
+      --set 'csi.enabled=true' \
+      . | tee /dev/stderr |
+      yq '.spec.template.spec | .affinity? == null' | tee /dev/stderr)
+  [ "${actual}" = "true" ]
+}
+
+@test "csi/daemonset: affinity can be set as string" {
+  cd `chart_dir`
+  local actual=$(helm template \
+      --show-only templates/csi-daemonset.yaml  \
+      --set 'csi.enabled=true' \
+      --set 'csi.pod.affinity=foobar' \
+      . | tee /dev/stderr |
+      yq '.spec.template.spec.affinity == "foobar"' | tee /dev/stderr)
+  [ "${actual}" = "true" ]
+}
+
+@test "csi/daemonset: affinity can be set as YAML" {
+  cd `chart_dir`
+  local actual=$(helm template \
+      --show-only templates/csi-daemonset.yaml  \
+      --set 'csi.enabled=true' \
+      --set "csi.pod.affinity.podAntiAffinity=foobar" \
+      . | tee /dev/stderr |
+      yq '.spec.template.spec.affinity.podAntiAffinity == "foobar"' | tee /dev/stderr)
+  [ "${actual}" = "true" ]
+}
+
 #--------------------------------------------------------------------
 # Extra Labels
 
diff --git a/values.schema.json b/values.schema.json
index e296426..7a7643b 100644
--- a/values.schema.json
+++ b/values.schema.json
@@ -136,6 +136,13 @@
                 "pod": {
                     "type": "object",
                     "properties": {
+                        "affinity": {
+                            "type": [
+                              "null",
+                              "array",
+                              "string"
+                            ]
+                        },
                         "annotations": {
                             "type": [
                                 "object",
@@ -145,6 +152,13 @@
                         "extraLabels": {
                             "type": "object"
                         },
+                        "nodeSelector": {
+                            "type": [
+                              "null",
+                              "array",
+                              "string"
+                            ]
+                        },
                         "tolerations": {
                             "type": [
                                 "null",
diff --git a/values.yaml b/values.yaml
index 2df0014..d80a043 100644
--- a/values.yaml
+++ b/values.yaml
@@ -1065,6 +1065,17 @@ csi:
     # in a PodSpec.
     tolerations: []
 
+    # nodeSelector labels for csi pod assignment, formatted as a multi-line string or YAML map.
+    # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
+    # Example:
+    # nodeSelector:
+    #   beta.kubernetes.io/arch: amd64
+    nodeSelector: []
+
+    # Affinity Settings
+    # This should be either a multi-line string or YAML matching the PodSpec's affinity field.
+    affinity: {}
+
     # Extra labels to attach to the vault-csi-provider pod
     # This should be a YAML map of the labels to apply to the csi provider pod
     extraLabels: {}