Support `global.nodeSelector` in the Helm chart

[StingRayZA]

Feature Request: Support global.nodeSelector in the Helm chart to reduce configuration duplication

Is this a BUG REPORT or FEATURE REQUEST?: FEATURE REQUEST

Description:

Currently, the cert-manager Helm chart requires the nodeSelector to be specified individually for each component that creates pods (controller, cainjector, webhook, startupapicheck).

In many common scenarios, users want all cert-manager components to be scheduled on the same set of nodes (e.g., nodes dedicated to "cluster-services" or infrastructure workloads). To achieve this today, the user must duplicate the nodeSelector configuration across multiple sections in their values.yaml file.

This leads to a configuration that is not DRY (Don't Repeat Yourself), is more verbose than necessary, and increases the chance of error if a user forgets to update the selector for one of the components.

Example of current duplicated configuration:

# values.yaml
#
# To schedule all components on a specific node pool, one must currently do this:
nodeSelector:
  workload: "cluster-services"

cainjector:
  nodeSelector:
    workload: "cluster-services"

webhook:
  nodeSelector:
    workload: "cluster-services"
    
startupapicheck:
  nodeSelector:
    workload: "cluster-services"

Proposed Solution:

I propose adding a new global.nodeSelector value to the Helm chart.

This global value would serve as a fallback. The scheduling logic for each component's pods should be:

1. If a component-specific nodeSelector is defined (e.g., webhook.nodeSelector), use it. This preserves the ability to schedule components differently if needed.
2. If a component-specific nodeSelector is not defined, use the global.nodeSelector if it is defined.
3. If neither is defined, do not add a nodeSelector to the pod spec (current default behavior).

PR

I'm happy to work on this and will submit a PR shortly

/kind feature

[StingRayZA]

Resolved by #7818

[StingRayZA]

#7818 was released as a part of 1.19, but this issue is not yet resolved.

Cross-posting my comment at the bottom of the PR:

I've given this a test, and it's not actually working as well as I'd hoped. It seems coalesce will only choose the 'global' if there isn't a local value set - and I'm getting .nodeSelector.kubernetes.io/os: linux getting set somewhere in the chain.

The end result is that having:

global:
  nodeSelector:
    my.selector: true

get's 'ignored' at the individual deployment level - so I'm having to continue to set the nodeSelector for each.

I'm going to log a new PR that proposes using a merge rather than a coalesce - which would have the effect I originally desired.