Skip to content

feat(fusion): add podLabels and podAnnotations hooks#151

Open
antoniocali wants to merge 1 commit into
datazip-inc:masterfrom
antoniocali:feat/fusion-podlabels-podannotations
Open

feat(fusion): add podLabels and podAnnotations hooks#151
antoniocali wants to merge 1 commit into
datazip-inc:masterfrom
antoniocali:feat/fusion-podlabels-podannotations

Conversation

@antoniocali
Copy link
Copy Markdown
Contributor

@antoniocali antoniocali commented May 27, 2026

Summary

Every other component in this chart — olake-ui, olake-worker, temporal, postgresql, nfs-server, elasticsearch — exposes podLabels and podAnnotations value blocks that get merged into spec.template.metadata. The Fusion deployment template is the only one missing both. Its pod-template metadata is hardcoded to the app.kubernetes.io/* labels and the config-checksum annotation, with no operator extension point.

This matters for deployments running under K8s admission policies that require specific labels on pod templates (Gatekeeper / Kyverno / OPA constraints, internal compliance tags, mesh-routing labels, etc.). Without a podLabels hook, operators either have to live with policy warnings on the Fusion pod or carry a parent-chart patch.

Real-world example: my deployment runs under a Gatekeeper template-required-labels-warn constraint requiring meta.zego.tools/{managed-from, owner, service} on every pod template. I can satisfy this for olake-ui / olake-worker / temporal / postgresql via their existing podLabels blocks, but the Fusion pod can't be reached without forking the chart.

Changes

Same pattern olake-ui/deployment.yaml already uses:

template:
  metadata:
    labels:
      app.kubernetes.io/name: ...
      ...
      {{- with .Values.fusion.podLabels }}
      {{- toYaml . | nindent 8 }}
      {{- end }}
    annotations:
      checksum/fusion-config: ...
      {{- with .Values.fusion.podAnnotations }}
      {{- toYaml . | nindent 8 }}
      {{- end }}

Defaults are {} in values.yaml, so existing deployments render byte-identically when neither value is set.

Verification

# Default: unchanged labels/annotations
helm template test helm/olake --set fusion.enabled=true

# Overrides: both merged into the rendered deployment
helm template test helm/olake --set fusion.enabled=true \
  --set fusion.podLabels.foo=bar \
  --set fusion.podAnnotations.alpha=beta

Both render as expected — no other resources touched.

Scope

Single template + matching values.yaml defaults. Mirrors existing conventions in this chart. No breaking change.

@antoniocali
feat(fusion): add podLabels and podAnnotations hooks
c29235f 
The other components in this chart (olake-ui, olake-worker, temporal,
postgresql, nfs-server, elasticsearch) all support `podLabels` and
`podAnnotations` value blocks that get merged into
`spec.template.metadata`. The Fusion deployment template was missing
both — its pod-template metadata was hardcoded to the
`app.kubernetes.io/*` labels and the config-checksum annotation,
with no extension point.

This matters for deployments running under K8s admission policies that
require specific labels on pod templates (Gatekeeper, Kyverno,
OPA constraints, etc.). Without a `podLabels` hook, operators either
have to live with the policy warnings or carry parent-chart patches.

Changes mirror the same pattern olake-ui/deployment.yaml already uses:

  template:
    metadata:
      labels:
        app.kubernetes.io/name: ...
        ...
        {{- with .Values.fusion.podLabels }}
        {{- toYaml . | nindent 8 }}
        {{- end }}
      annotations:
        checksum/fusion-config: ...
        {{- with .Values.fusion.podAnnotations }}
        {{- toYaml . | nindent 8 }}
        {{- end }}

Defaults are `{}` in values.yaml so existing deployments render
byte-identically when neither value is set.

Verified with `helm template`:
  - default (no overrides) → unchanged labels/annotations
  - `--set fusion.podLabels.foo=bar --set fusion.podAnnotations.alpha=beta`
    → both merged into the rendered deployment
@saptarshi-datazip
Copy link
Copy Markdown
Collaborator

saptarshi-datazip commented May 29, 2026

Hello @antoniocali , is this a blocker for you?
We are planning a release by next Tuesday and plan to release this fix along with it. If it is urgent then we can release this fix as a standalone by EOD.

@antoniocali
Copy link
Copy Markdown
Contributor Author

antoniocali commented May 29, 2026

Hello @antoniocali , is this a blocker for you?
We are planning a release by next Tuesday and plan to release this fix along with it. If it is urgent then we can release this fix as a standalone by EOD.

Hello

Not a blocker at all

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@antoniocali @saptarshi-datazip