helm: add nodeSelector support to kata-deploy chart

- Add nodeSelector configuration to values.yaml with empty default - Update DaemonSet template to conditionally include nodeSelector - Add documentation and examples for nodeSelector usage in README - Allows users to restrict kata-containers deployment to specific nodes by labeling them Signed-off-by: Gus Minto-Cowcher <gus@basecamp-research.com>
2025-07-24 20:21:14 +00:00 · 2025-07-11 13:58:21 +01:00 · 2025-07-11 13:58:21 +01:00 · 41d41d51f7
commit 41d41d51f7
parent 7d709a0759
3 changed files with 38 additions and 1 deletions
--- a/tools/packaging/kata-deploy/helm-chart/README.md
+++ b/tools/packaging/kata-deploy/helm-chart/README.md
@ -125,6 +125,7 @@ All values can be overridden with --set key=value or a custom `-f myvalues.yaml`
 | `image.reference` | Fully qualified image reference | `quay.io/kata-containers/kata-deploy` |
 | `image.tag` | Tag of the image reference | `""` |
 | `k8sDistribution` | Set the k8s distribution to use: `k8s`, `k0s`, `k3s`, `rke2`, `microk8s` | `k8s` |
+| `nodeSelector` | Node labels for pod assignment. Allows restricting deployment to specific nodes | `{}` |
 | `env.debug` | Enable debugging in the `configuration.toml` | `false` |
 | `env.shims` | List of shims to deploy | `clh cloud-hypervisor dragonball fc qemu qemu-coco-dev qemu-runtime-rs qemu-se-runtime-rs qemu-sev qemu-snp qemu-tdx stratovirt qemu-nvidia-gpu qemu-nvidia-gpu-snp qemu-nvidia-gpu-tdx` |
 | `env.defaultShim` | The default shim to use if none specified | `qemu` |
@ -148,6 +149,32 @@ $ helm install kata-deploy \
  "${CHART}" --version  "${VERSION}"
 ```

+## Example: Deploy only to specific nodes using `nodeSelector`
+
+```sh
+# First, label the nodes where you want kata-containers to be installed
+$ kubectl label nodes worker-node-1 kata-containers=enabled
+$ kubectl label nodes worker-node-2 kata-containers=enabled
+
+# Then install the chart with `nodeSelector`
+$ helm install kata-deploy \
+  --set nodeSelector.kata-containers="enabled" \
+  "${CHART}" --version  "${VERSION}"
+```
+
+You can also use a values file:
+
+```yaml
+# values.yaml
+nodeSelector:
+  kata-containers: "enabled"
+  node-type: "worker"
+```
+
+```sh
+$ helm install kata-deploy -f values.yaml "${CHART}" --version "${VERSION}"
+```
+
 ## Example: Multiple Kata installations on the same node

 For debugging, testing and other use-case it is possible to deploy multiple
--- a/tools/packaging/kata-deploy/helm-chart/kata-deploy/templates/kata-deploy.yaml
+++ b/tools/packaging/kata-deploy/helm-chart/kata-deploy/templates/kata-deploy.yaml
@ -32,6 +32,10 @@ spec:
      serviceAccountName: {{ .Chart.Name }}-sa-{{ .Values.env.multiInstallSuffix }}
 {{- else }}
      serviceAccountName: {{ .Chart.Name }}-sa
+{{- end }}
+{{- with .Values.nodeSelector }}
+      nodeSelector:
+{{- toYaml . | nindent 8 }}
 {{- end }}
      hostPID: true
      containers:
--- a/tools/packaging/kata-deploy/helm-chart/kata-deploy/values.yaml
+++ b/tools/packaging/kata-deploy/helm-chart/kata-deploy/values.yaml
@ -5,9 +5,15 @@ image:
  tag: ""
 # k8s-dist can be k8s, k3s, rke2, k0s, microk8s
 k8sDistribution: "k8s"
+# Node selector to control which nodes the kata-deploy daemonset runs on
+# Example:
+# nodeSelector:
+#   kata-containers: "enabled"
+#   node-type: "worker"
+nodeSelector: {}
 env:
  debug: "false"
-  shims: "clh cloud-hypervisor dragonball fc qemu qemu-coco-dev qemu-runtime-rs qemu-se-runtime-rs qemu-snp qemu-tdx stratovirt qemu-nvidia-gpu qemu-nvidia-gpu-snp qemu-nvidia-gpu-tdx"
+  shims: "clh cloud-hypervisor dragonball fc qemu qemu-coco-dev qemu-runtime-rs qemu-se-runtime-rs qemu-sev qemu-snp qemu-tdx stratovirt qemu-nvidia-gpu qemu-nvidia-gpu-snp qemu-nvidia-gpu-tdx"
  defaultShim: "qemu"
  createRuntimeClasses: "true"
  createDefaultRuntimeClass: "false"