✨ (helm/v2-alpha) add tolerations, nodeselector and affinity

docs/book/src/cronjob-tutorial/testdata/project/dist/chart/templates/manager/manager.yaml

@@ -21,6 +21,15 @@ spec:
                 app.kubernetes.io/name: project
                 control-plane: controller-manager
         spec:
+            {{- with .Values.manager.tolerations }}
+            tolerations: {{ toYaml . | nindent 16 }}
+            {{- end }}
+            {{- with .Values.manager.affinity }}
+            affinity: {{ toYaml . | nindent 16 }}
+            {{- end }}
+            {{- with .Values.manager.nodeSelector }}
+            nodeSelector: {{ toYaml . | nindent 16 }}
+            {{- end }}
             containers:
                 - args:
                     {{- if .Values.metrics.enable }}

docs/book/src/cronjob-tutorial/testdata/project/dist/chart/values.yaml

@@ -37,6 +37,15 @@ manager:
         cpu: 10m
         memory: 64Mi
 
+  # Pod's affinity
+  affinity: {}
+
+  # Pod's node selector
+  nodeSelector: {}
+
+  # Pod's tolerations
+  tolerations: []
+
 # Essential RBAC permissions (required for controller operation)
 # These include ServiceAccount, controller permissions, leader election, and metrics access
 # Note: Essential RBAC is always enabled as it's required for the controller to function

docs/book/src/getting-started/testdata/project/dist/chart/templates/manager/manager.yaml

@@ -21,6 +21,15 @@ spec:
                 app.kubernetes.io/name: project
                 control-plane: controller-manager
         spec:
+            {{- with .Values.manager.tolerations }}
+            tolerations: {{ toYaml . | nindent 16 }}
+            {{- end }}
+            {{- with .Values.manager.affinity }}
+            affinity: {{ toYaml . | nindent 16 }}
+            {{- end }}
+            {{- with .Values.manager.nodeSelector }}
+            nodeSelector: {{ toYaml . | nindent 16 }}
+            {{- end }}
             containers:
                 - args:
                     {{- if .Values.metrics.enable }}

docs/book/src/getting-started/testdata/project/dist/chart/values.yaml

@@ -37,6 +37,15 @@ manager:
         cpu: 10m
         memory: 64Mi
 
+  # Pod's affinity
+  affinity: {}
+
+  # Pod's node selector
+  nodeSelector: {}
+
+  # Pod's tolerations
+  tolerations: []
+
 # Essential RBAC permissions (required for controller operation)
 # These include ServiceAccount, controller permissions, leader election, and metrics access
 # Note: Essential RBAC is always enabled as it's required for the controller to function

docs/book/src/multiversion-tutorial/testdata/project/dist/chart/templates/manager/manager.yaml

@@ -21,6 +21,15 @@ spec:
                 app.kubernetes.io/name: project
                 control-plane: controller-manager
         spec:
+            {{- with .Values.manager.tolerations }}
+            tolerations: {{ toYaml . | nindent 16 }}
+            {{- end }}
+            {{- with .Values.manager.affinity }}
+            affinity: {{ toYaml . | nindent 16 }}
+            {{- end }}
+            {{- with .Values.manager.nodeSelector }}
+            nodeSelector: {{ toYaml . | nindent 16 }}
+            {{- end }}
             containers:
                 - args:
                     {{- if .Values.metrics.enable }}

docs/book/src/multiversion-tutorial/testdata/project/dist/chart/values.yaml

@@ -37,6 +37,15 @@ manager:
         cpu: 10m
         memory: 64Mi
 
+  # Pod's affinity
+  affinity: {}
+
+  # Pod's node selector
+  nodeSelector: {}
+
+  # Pod's tolerations
+  tolerations: []
+
 # Essential RBAC permissions (required for controller operation)
 # These include ServiceAccount, controller permissions, leader election, and metrics access
 # Note: Essential RBAC is always enabled as it's required for the controller to function

pkg/plugins/optional/helm/v2alpha/scaffolds/internal/kustomize/chart_converter.go

@@ -105,6 +105,9 @@ func (c *ChartConverter) ExtractDeploymentConfig() map[string]any {
 	}
 
 	extractPodSecurityContext(specMap, config)
+	extractPodNodeSelector(specMap, config)
+	extractPodTolerations(specMap, config)
+	extractPodAffinity(specMap, config)
 
 	container := firstManagerContainer(specMap)
 	if container == nil {
@@ -149,6 +152,48 @@ func extractPodSecurityContext(specMap map[string]any, config map[string]any) {
 	config["podSecurityContext"] = podSecurityContext
 }
 
+func extractPodNodeSelector(specMap map[string]any, config map[string]any) {
+	raw, found, err := unstructured.NestedFieldNoCopy(specMap, "nodeSelector")
+	if !found || err != nil {
+		return
+	}
+
+	result, ok := raw.(map[string]any)
+	if !ok || len(result) == 0 {
+		return
+	}
+
+	config["podNodeSelector"] = result
+}
+
+func extractPodTolerations(specMap map[string]any, config map[string]any) {
+	raw, found, err := unstructured.NestedFieldNoCopy(specMap, "tolerations")
+	if !found || err != nil {
+		return
+	}
+
+	result, ok := raw.([]any)
+	if !ok || len(result) == 0 {
+		return
+	}
+
+	config["podTolerations"] = result
+}
+
+func extractPodAffinity(specMap map[string]any, config map[string]any) {
+	raw, found, err := unstructured.NestedFieldNoCopy(specMap, "affinity")
+	if !found || err != nil {
+		return
+	}
+
+	result, ok := raw.(map[string]any)
+	if !ok || len(result) == 0 {
+		return
+	}
+
+	config["podAffinity"] = result
+}
+
 func firstManagerContainer(specMap map[string]any) map[string]any {
 	containers, found, err := unstructured.NestedFieldNoCopy(specMap, "containers")
 	if !found || err != nil {

pkg/plugins/optional/helm/v2alpha/scaffolds/internal/kustomize/helm_templater.go

@@ -190,6 +190,24 @@ func (t *HelmTemplater) templateDeploymentFields(yamlContent string) string {
 	yamlContent = t.templateVolumeMounts(yamlContent)
 	yamlContent = t.templateVolumes(yamlContent)
 	yamlContent = t.templateControllerManagerArgs(yamlContent)
+	yamlContent = t.templateBasicWithStatement(
+		yamlContent,
+		"nodeSelector",
+		"spec.template.spec",
+		".Values.manager.nodeSelector",
+	)
+	yamlContent = t.templateBasicWithStatement(
+		yamlContent,
+		"affinity",
+		"spec.template.spec",
+		".Values.manager.affinity",
+	)
+	yamlContent = t.templateBasicWithStatement(
+		yamlContent,
+		"tolerations",
+		"spec.template.spec",
+		".Values.manager.tolerations",
+	)
 
 	return yamlContent
 }
@@ -617,6 +635,88 @@ func (t *HelmTemplater) templateImageReference(yamlContent string) string {
 	return yamlContent
 }
 
+func (t *HelmTemplater) templateBasicWithStatement(
+	yamlContent string,
+	key string,
+	parentKey string,
+	valuePath string,
+) string {
+	lines := strings.Split(yamlContent, "\n")
+	yamlKey := fmt.Sprintf("%s:", key)
+
+	var start, end int
+	var indentLen int
+	if !strings.Contains(yamlContent, yamlKey) {
+		// Find parent block start if the key is missing
+		pKeyParts := strings.Split(parentKey, ".")
+		pKeyIdx := 0
+		pKeyInit := false
+		currIndent := 0
+		for i := range len(lines) {
+			_, lineIndent := leadingWhitespace(lines[i])
+			if pKeyInit && lineIndent <= currIndent {
+				return yamlContent
+			}
+			if !strings.HasPrefix(strings.TrimSpace(lines[i]), pKeyParts[pKeyIdx]) {
+				continue
+			}
+
+			// Parent key part found
+			pKeyIdx++
+			pKeyInit = true
+			if pKeyIdx >= len(pKeyParts) {
+				start = i + 1
+				end = start
+				break
+			}
+		}
+		_, indentLen = leadingWhitespace(lines[start])
+	} else {
+		// Find the existing block
+		for i := range len(lines) {
+			if !strings.HasPrefix(strings.TrimSpace(lines[i]), key) {
+				continue
+			}
+			start = i
+			end = i + 1
+			trimmed := strings.TrimSpace(lines[i])
+			if len(trimmed) == len(yamlKey) {
+				_, indentLenSearch := leadingWhitespace(lines[i])
+				for j := end; j < len(lines); j++ {
+					_, indentLenLine := leadingWhitespace(lines[j])
+					if indentLenLine <= indentLenSearch {
+						end = j
+						break
+					}
+				}
+			}
+		}
+		_, indentLen = leadingWhitespace(lines[start])
+	}
+
+	indentStr := strings.Repeat(" ", indentLen)
+
+	var builder strings.Builder
+	builder.WriteString(indentStr)
+	builder.WriteString("{{- with ")
+	builder.WriteString(valuePath)
+	builder.WriteString(" }}\n")
+	builder.WriteString(indentStr)
+	builder.WriteString(yamlKey)
+	builder.WriteString(" {{ toYaml . | nindent ")
+	builder.WriteString(strconv.Itoa(indentLen + 4))
+	builder.WriteString(" }}\n")
+	builder.WriteString(indentStr)
+	builder.WriteString("{{- end }}\n")
+
+	newBlock := strings.TrimRight(builder.String(), "\n")
+
+	newLines := append([]string{}, lines[:start]...)
+	newLines = append(newLines, strings.Split(newBlock, "\n")...)
+	newLines = append(newLines, lines[end:]...)
+	return strings.Join(newLines, "\n")
+}
+
 // makeWebhookAnnotationsConditional makes only cert-manager annotations conditional, not the entire webhook
 func (t *HelmTemplater) makeWebhookAnnotationsConditional(yamlContent string) string {
 	// Find cert-manager.io/inject-ca-from annotation and make it conditional

pkg/plugins/optional/helm/v2alpha/scaffolds/internal/templates/values_basic.go

@@ -210,15 +210,7 @@ func (f *HelmValuesBasic) addDeploymentConfig(buf *bytes.Buffer) {
 		buf.WriteString("  # Environment variables\n")
 		buf.WriteString("  env:\n")
 		if envYaml, err := yaml.Marshal(env); err == nil {
-			// Indent the YAML properly
-			lines := bytes.SplitSeq(envYaml, []byte("\n"))
-			for line := range lines {
-				if len(line) > 0 {
-					buf.WriteString("    ")
-					buf.Write(line)
-					buf.WriteString("\n")
-				}
-			}
+			f.IndentYamlProperly(buf, envYaml)
 		} else {
 			buf.WriteString("    []\n")
 		}
@@ -233,14 +225,7 @@ func (f *HelmValuesBasic) addDeploymentConfig(buf *bytes.Buffer) {
 		buf.WriteString("  # Pod-level security settings\n")
 		buf.WriteString("  podSecurityContext:\n")
 		if secYaml, err := yaml.Marshal(podSecCtx); err == nil {
-			lines := bytes.SplitSeq(secYaml, []byte("\n"))
-			for line := range lines {
-				if len(line) > 0 {
-					buf.WriteString("    ")
-					buf.Write(line)
-					buf.WriteString("\n")
-				}
-			}
+			f.IndentYamlProperly(buf, secYaml)
 		}
 		buf.WriteString("\n")
 	} else {
@@ -252,14 +237,7 @@ func (f *HelmValuesBasic) addDeploymentConfig(buf *bytes.Buffer) {
 		buf.WriteString("  # Container-level security settings\n")
 		buf.WriteString("  securityContext:\n")
 		if secYaml, err := yaml.Marshal(secCtx); err == nil {
-			lines := bytes.SplitSeq(secYaml, []byte("\n"))
-			for line := range lines {
-				if len(line) > 0 {
-					buf.WriteString("    ")
-					buf.Write(line)
-					buf.WriteString("\n")
-				}
-			}
+			f.IndentYamlProperly(buf, secYaml)
 		}
 		buf.WriteString("\n")
 	} else {
@@ -271,19 +249,59 @@ func (f *HelmValuesBasic) addDeploymentConfig(buf *bytes.Buffer) {
 		buf.WriteString("  # Resource limits and requests\n")
 		buf.WriteString("  resources:\n")
 		if resYaml, err := yaml.Marshal(resources); err == nil {
-			lines := bytes.SplitSeq(resYaml, []byte("\n"))
-			for line := range lines {
-				if len(line) > 0 {
-					buf.WriteString("    ")
-					buf.Write(line)
-					buf.WriteString("\n")
-				}
-			}
+			f.IndentYamlProperly(buf, resYaml)
 		}
 		buf.WriteString("\n")
 	} else {
 		f.addDefaultResources(buf)
 	}
+
+	buf.WriteString("  # Pod's affinity\n")
+	if affinity, exists := f.DeploymentConfig["podAffinity"]; exists && affinity != nil {
+		buf.WriteString("  affinity:\n")
+		if affYaml, err := yaml.Marshal(affinity); err == nil {
+			f.IndentYamlProperly(buf, affYaml)
+		}
+		buf.WriteString("\n")
+	} else {
+		buf.WriteString("  affinity: {}\n")
+		buf.WriteString("\n")
+	}
+
+	buf.WriteString("  # Pod's node selector\n")
+	if nodeSelector, exists := f.DeploymentConfig["podNodeSelector"]; exists && nodeSelector != nil {
+		buf.WriteString("  nodeSelector:\n")
+		if nodYaml, err := yaml.Marshal(nodeSelector); err == nil {
+			f.IndentYamlProperly(buf, nodYaml)
+		}
+		buf.WriteString("\n")
+	} else {
+		buf.WriteString("  nodeSelector: {}\n")
+		buf.WriteString("\n")
+	}
+
+	buf.WriteString("  # Pod's tolerations\n")
+	if tolerations, exists := f.DeploymentConfig["podTolerations"]; exists && tolerations != nil {
+		buf.WriteString("  tolerations:\n")
+		if tolYaml, err := yaml.Marshal(tolerations); err == nil {
+			f.IndentYamlProperly(buf, tolYaml)
+		}
+		buf.WriteString("\n")
+	} else {
+		buf.WriteString("  tolerations: []\n")
+		buf.WriteString("\n")
+	}
+}
+
+func (f *HelmValuesBasic) IndentYamlProperly(buf *bytes.Buffer, envYaml []byte) {
+	lines := bytes.SplitSeq(envYaml, []byte("\n"))
+	for line := range lines {
+		if len(line) > 0 {
+			buf.WriteString("    ")
+			buf.Write(line)
+			buf.WriteString("\n")
+		}
+	}
 }
 
 // addDefaultDeploymentSections adds default sections when no deployment config is available