Add labels and annotations to pods.

Currently, there is only one deployment, so avoid premature optimization by making these global (and follow the same pattern for imagePullSecrets) Requires more aggressive usage of the `strip-kustomize-helm.sh` script because we have to preserve existing annotations and labels from the config/manager directory. Also update labels and annotations for injected pods (FlagD sidecar, FlagD standalone, and FlagD proxy). Signed-off-by: Christopher Pitstick <[email protected]>
open-feature · Jul 10, 2024 · a30abc9 · a30abc9
1 parent 917a680
commit a30abc9
Show file tree

Hide file tree

Showing 14 changed files with 164 additions and 65 deletions.
diff --git a/.github/scripts/strip-kustomize-helm.sh b/.github/scripts/strip-kustomize-helm.sh
@@ -1,18 +1,26 @@
-#!/bin/bash
+#!/usr/bin/env bash
 
 # This script is a hack to support helm flow control in kustomize overlays, which would otherwise break them.
 # It allows us to render helm template bindings and add newlines.
 # For instance, it transforms "___{{ .Value.myValue }}___" to {{ .Value.myValue }}.
-# It also adds newlines wherever ___newline___ is found.
-
-CHARTS_DIR='./chart/open-feature-operator/templates';
+# It also adds newlines wherever ___newline___ is found, and other operations. See
+# sed_expressions below.
 
 echo 'Running strip-kustomize-helm.sh script'
-filenames=`find $CHARTS_DIR -name "*.yaml"`
-for file in $filenames; do
-    sed -i "s/___newline___/\\n/g" $file
-    sed -i "s/\"___//g" $file
-    sed -i "s/___\"//g" $file
-    sed -i "s/___//g" $file
+CHARTS_DIR='./chart/open-feature-operator/templates'
+# Careful! Ordering of these expressions matter!
+sed_expressions=(
+    "s/___newline___/\\n/g"
+    "s/___space___/ /g"
+    "s/\"___//g"
+    "s/___\"//g"
+    "/___delete_me___/d"
+    "s/___//g"
+)
+find $CHARTS_DIR -name "*.yaml" | while read file; do
+    for expr in "${sed_expressions[@]}"; do
+        sed -i "$expr" "$file"
+    done
 done
-echo 'Done running strip-kustomize-helm.sh script'
+
+echo 'Done running strip-kustomize-helm.sh script'
diff --git a/Makefile b/Makefile
@@ -252,7 +252,7 @@ set-helm-overlay:
 helm-package: set-helm-overlay generate release-manifests helm
 	mkdir -p chart/open-feature-operator/templates/crds
 	mv chart/open-feature-operator/templates/*customresourcedefinition* chart/open-feature-operator/templates/crds
-	sh .github/scripts/strip-kustomize-helm.sh
+	.github/scripts/strip-kustomize-helm.sh
 	$(HELM) package --version $(CHART_VERSION) chart/open-feature-operator
 	mkdir -p charts && mv open-feature-operator-*.tgz charts
 	$(HELM) repo index --url https://open-feature.github.io/open-feature-operator/charts charts

diff --git a/chart/open-feature-operator/README.md b/chart/open-feature-operator/README.md
@@ -97,6 +97,8 @@ The command removes all the Kubernetes components associated with the chart and
 | ------------------ | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------------------ |
 | `defaultNamespace` | To override the namespace use the `--namespace` flag. This default is provided to ensure that the kustomize build charts in `/templates` deploy correctly when no `namespace` is provided via the `-n` flag.                                                                     | `open-feature-operator-system` |
 | `imagePullSecrets` | Array of ImagePullSecret objects containing credentials for images pulled by the operator (flagdProxyConfiguration.image, flagdConfiguration.image, controllerManager.manager.image, controllerManager.kubeRbacProxy.image). Example: imagePullSecrets: [{"name": "my-secret"}]  | `[]`                           |
+| `labels`           | Labels to apply to all of the pods in the operator.                                                                                                                                                                                                                              | `{}`                           |
+| `annotations`      | Annotations to apply to all of the pods in the operator.                                                                                                                                                                                                                         | `{}`                           |
 
 ### Sidecar configuration
 
@@ -167,7 +169,7 @@ The command removes all the Kubernetes components associated with the chart and
 | `controllerManager.kubeRbacProxy.resources.requests.cpu`                  | Sets cpu resource requests for kube-rbac-proxy.                                                                  | `5m`                                         |
 | `controllerManager.kubeRbacProxy.resources.requests.memory`               | Sets memory resource requests for kube-rbac-proxy.                                                               | `64Mi`                                       |
 | `controllerManager.manager.image.repository`                              | Sets the image for the operator.                                                                                 | `ghcr.io/open-feature/open-feature-operator` |
-| `controllerManager.manager.image.tag`                                     | Sets the version tag for the operator.                                                                           | `v0.6.1`                                     |
+| `controllerManager.manager.image.tag`                                     | Sets the version tag for the operator.                                                                           | `v0.7.0`                                     |
 | `controllerManager.manager.resources.limits.cpu`                          | Sets cpu resource limits for operator.                                                                           | `500m`                                       |
 | `controllerManager.manager.resources.limits.memory`                       | Sets memory resource limits for operator.                                                                        | `128Mi`                                      |
 | `controllerManager.manager.resources.requests.cpu`                        | Sets cpu resource requests for operator.                                                                         | `10m`                                        |
@@ -180,3 +182,4 @@ The command removes all the Kubernetes components associated with the chart and
 | `managerConfig.controllerManagerConfigYaml.metrics.bindAddress`           | Sets the bind address for metrics (combined with bindPort).                                                      | `127.0.0.1`                                  |
 | `managerConfig.controllerManagerConfigYaml.metrics.bindPort`              | Sets the bind port for metrics.                                                                                  | `8080`                                       |
 | `managerConfig.controllerManagerConfigYaml.webhook.port`                  | Sets the bind address for webhook.                                                                               | `9443`                                       |
+
diff --git a/chart/open-feature-operator/values.yaml b/chart/open-feature-operator/values.yaml
@@ -4,6 +4,10 @@
 defaultNamespace: open-feature-operator-system
 ## @param imagePullSecrets Array of ImagePullSecret objects containing credentials for images pulled by the operator (flagdProxyConfiguration.image, flagdConfiguration.image, controllerManager.manager.image, controllerManager.kubeRbacProxy.image). Example: imagePullSecrets: [{"name": "my-secret"}] 
 imagePullSecrets: []
+## @param labels Labels to apply to all of the pods in the operator.
+labels: {}
+## @param annotations Annotations to apply to all of the pods in the operator.
+annotations: {}
 
 ## @section Sidecar configuration
 sidecarConfiguration:

diff --git a/common/flagdproxy/flagdproxy.go b/common/flagdproxy/flagdproxy.go
@@ -5,6 +5,8 @@ import (
 	"fmt"
 	"reflect"
 
+	"golang.org/x/exp/maps"
+
 	"github.com/go-logr/logr"
 	"github.com/open-feature/open-feature-operator/common"
 	"github.com/open-feature/open-feature-operator/common/types"
@@ -39,9 +41,11 @@ type FlagdProxyConfiguration struct {
 	Namespace              string
 	OperatorDeploymentName string
 	ImagePullSecrets       []string
+	Labels                 map[string]string
+	Annotations            map[string]string
 }
 
-func NewFlagdProxyConfiguration(env types.EnvConfig, imagePullSecrets []string) *FlagdProxyConfiguration {
+func NewFlagdProxyConfiguration(env types.EnvConfig, imagePullSecrets []string, labels map[string]string, annotations map[string]string) *FlagdProxyConfiguration {
 	return &FlagdProxyConfiguration{
 		Image:                  env.FlagdProxyImage,
 		Tag:                    env.FlagdProxyTag,
@@ -51,6 +55,8 @@ func NewFlagdProxyConfiguration(env types.EnvConfig, imagePullSecrets []string)
 		ManagementPort:         env.FlagdProxyManagementPort,
 		DebugLogging:           env.FlagdProxyDebugLogging,
 		ImagePullSecrets:       imagePullSecrets,
+		Labels:                 labels,
+		Annotations:            annotations,
 	}
 }
 
@@ -151,6 +157,16 @@ func (f *FlagdProxyHandler) newFlagdProxyManifest(ownerReference *metav1.OwnerRe
 			Name: secret,
 		})
 	}
+	flagdLabels := map[string]string{
+		"app":                          FlagdProxyDeploymentName,
+		"app.kubernetes.io/name":       FlagdProxyDeploymentName,
+		"app.kubernetes.io/managed-by": common.ManagedByAnnotationValue,
+		"app.kubernetes.io/version":    f.config.Tag,
+	}
+	maps.Copy(flagdLabels, f.config.Labels)
+
+	// No "built-in" annotations to merge at this time. If adding them follow the same pattern as labels.
+	flagdAnnotations := f.config.Annotations
 
 	return &appsV1.Deployment{
 		ObjectMeta: metav1.ObjectMeta{
@@ -172,12 +188,8 @@ func (f *FlagdProxyHandler) newFlagdProxyManifest(ownerReference *metav1.OwnerRe
 			},
 			Template: corev1.PodTemplateSpec{
 				ObjectMeta: metav1.ObjectMeta{
-					Labels: map[string]string{
-						"app":                          FlagdProxyDeploymentName,
-						"app.kubernetes.io/name":       FlagdProxyDeploymentName,
-						"app.kubernetes.io/managed-by": common.ManagedByAnnotationValue,
-						"app.kubernetes.io/version":    f.config.Tag,
-					},
+					Labels:      flagdLabels,
+					Annotations: flagdAnnotations,
 				},
 				Spec: corev1.PodSpec{
 					ServiceAccountName: FlagdProxyServiceAccountName,

diff --git a/common/flagdproxy/flagdproxy_test.go b/common/flagdproxy/flagdproxy_test.go
@@ -21,12 +21,22 @@ import (
 
 var pullSecrets = []string{"test-pullSecret"}
 
+var labels = map[string]string{
+	"label1": "labelValue1",
+	"label2": "labelValue2",
+}
+
+var annotations = map[string]string{
+	"annotation1": "annotationValue1",
+	"annotation2": "annotationValue2",
+}
+
 func TestNewFlagdProxyConfiguration(t *testing.T) {
 
 	kpConfig := NewFlagdProxyConfiguration(types.EnvConfig{
 		FlagdProxyPort:           8015,
 		FlagdProxyManagementPort: 8016,
-	}, pullSecrets)
+	}, pullSecrets, labels, annotations)
 
 	require.NotNil(t, kpConfig)
 	require.Equal(t, &FlagdProxyConfiguration{
@@ -35,6 +45,8 @@ func TestNewFlagdProxyConfiguration(t *testing.T) {
 		DebugLogging:           false,
 		OperatorDeploymentName: common.OperatorDeploymentName,
 		ImagePullSecrets:       pullSecrets,
+		Labels:                 labels,
+		Annotations:            annotations,
 	}, kpConfig)
 }
 
@@ -48,7 +60,7 @@ func TestNewFlagdProxyConfiguration_OverrideEnvVars(t *testing.T) {
 		FlagdProxyDebugLogging:   true,
 	}
 
-	kpConfig := NewFlagdProxyConfiguration(env, pullSecrets)
+	kpConfig := NewFlagdProxyConfiguration(env, pullSecrets, labels, annotations)
 
 	require.NotNil(t, kpConfig)
 	require.Equal(t, &FlagdProxyConfiguration{
@@ -60,11 +72,13 @@ func TestNewFlagdProxyConfiguration_OverrideEnvVars(t *testing.T) {
 		Namespace:              "my-namespace",
 		OperatorDeploymentName: common.OperatorDeploymentName,
 		ImagePullSecrets:       pullSecrets,
+		Labels:                 labels,
+		Annotations:            annotations,
 	}, kpConfig)
 }
 
 func TestNewFlagdProxyHandler(t *testing.T) {
-	kpConfig := NewFlagdProxyConfiguration(types.EnvConfig{}, pullSecrets)
+	kpConfig := NewFlagdProxyConfiguration(types.EnvConfig{}, pullSecrets, labels, annotations)
 
 	require.NotNil(t, kpConfig)
 
@@ -100,7 +114,7 @@ func TestDoesFlagdProxyExist(t *testing.T) {
 		},
 	}
 
-	kpConfig := NewFlagdProxyConfiguration(env, pullSecrets)
+	kpConfig := NewFlagdProxyConfiguration(env, pullSecrets, labels, annotations)
 
 	require.NotNil(t, kpConfig)
 
@@ -128,7 +142,7 @@ func TestFlagdProxyHandler_HandleFlagdProxy_ProxyExistsWithBadVersion(t *testing
 	env := types.EnvConfig{
 		PodNamespace: "ns",
 	}
-	kpConfig := NewFlagdProxyConfiguration(env, pullSecrets)
+	kpConfig := NewFlagdProxyConfiguration(env, pullSecrets, labels, annotations)
 
 	require.NotNil(t, kpConfig)
 
@@ -187,7 +201,7 @@ func TestFlagdProxyHandler_HandleFlagdProxy_ProxyExistsWithoutLabel(t *testing.T
 	env := types.EnvConfig{
 		PodNamespace: "ns",
 	}
-	kpConfig := NewFlagdProxyConfiguration(env, pullSecrets)
+	kpConfig := NewFlagdProxyConfiguration(env, pullSecrets, labels, annotations)
 
 	require.NotNil(t, kpConfig)
 
@@ -236,7 +250,7 @@ func TestFlagdProxyHandler_HandleFlagdProxy_ProxyExistsWithNewestVersion(t *test
 	env := types.EnvConfig{
 		PodNamespace: "ns",
 	}
-	kpConfig := NewFlagdProxyConfiguration(env, pullSecrets)
+	kpConfig := NewFlagdProxyConfiguration(env, pullSecrets, labels, annotations)
 
 	require.NotNil(t, kpConfig)
 
@@ -280,7 +294,7 @@ func TestFlagdProxyHandler_HandleFlagdProxy_CreateProxy(t *testing.T) {
 		FlagdProxyManagementPort: 90,
 		FlagdProxyDebugLogging:   true,
 	}
-	kpConfig := NewFlagdProxyConfiguration(env, pullSecrets)
+	kpConfig := NewFlagdProxyConfiguration(env, pullSecrets, labels, annotations)
 
 	require.NotNil(t, kpConfig)
 
@@ -357,7 +371,10 @@ func TestFlagdProxyHandler_HandleFlagdProxy_CreateProxy(t *testing.T) {
 						"app.kubernetes.io/name":       FlagdProxyDeploymentName,
 						"app.kubernetes.io/managed-by": common.ManagedByAnnotationValue,
 						"app.kubernetes.io/version":    "tag",
+						"label1":                       "labelValue1",
+						"label2":                       "labelValue2",
 					},
+					Annotations: annotations,
 				},
 				Spec: corev1.PodSpec{
 					ServiceAccountName: FlagdProxyServiceAccountName,

diff --git a/config/overlays/helm/manager.yaml b/config/overlays/helm/manager.yaml
@@ -6,9 +6,17 @@ metadata:
 spec:
   replicas: 0{{ .Values.controllerManager.replicas }}
   template:
+    metadata:
+      # this is transformed by .github/scripts/strip-kustomize-helm.sh
+      annotations:
+        ___delete_me___: "___ ___newline___{{ if .Values.annotations }}{{___space___toYaml___space___.Values.annotations___space___|___space___indent___space___8___space___}}{{ end }}___"
+      # this is transformed by .github/scripts/strip-kustomize-helm.sh
+      labels:
+        ___delete_me___: "___ ___newline___{{ if .Values.labels }}___newline___{{___space___toYaml___space___.Values.labels___space___|___space___indent___space___8___space___}}{{ end }}___"
     spec:
       # this is transformed by .github/scripts/strip-kustomize-helm.sh
-      ___imagePullSecrets___: "___ ___newline___{{ toYaml .Values.imagePullSecrets | indent 8 }}___"
+      ___imagePullSecrets___: "___ ___newline___        {{ toYaml .Values.imagePullSecrets___space___|___space___indent___space___8___space___}}___"
+      # this is transformed by .github/scripts/strip-kustomize-helm.sh
       dnsPolicy: "{{ .Values.controllerManager.manager.dnsPolicy }}"
       # this is transformed by .github/scripts/strip-kustomize-helm.sh
       hostNetwork: "___{{ .Values.controllerManager.manager.hostNetwork }}___"
@@ -104,6 +112,8 @@ spec:
             - --sidecar-ram-request={{ .Values.sidecarConfiguration.resources.requests.memory }}
             - --image-pull-secrets={{ range .Values.imagePullSecrets }}{{ .name }},{{- end }}
             - --metrics-bind-address=:{{ .Values.managerConfig.controllerManagerConfigYaml.metrics.bindPort }}
+            - --labels={{- join "," (range $key, $value := .Values.labels -}}{{- printf "%s:%s" $key $value -}}{{- end) -}}
+            - --annotations={{- join "," (range $key, $value := .Values.annotations -}}{{- printf "%s:%s" $key $value -}}{{- end) -}}
         - name: kube-rbac-proxy
           image: "{{ .Values.controllerManager.kubeRbacProxy.image.repository }}:{{ .Values.controllerManager.kubeRbacProxy.image.tag }}"
           resources:

diff --git a/controllers/core/featureflagsource/controller_test.go b/controllers/core/featureflagsource/controller_test.go
@@ -30,6 +30,16 @@ func TestFeatureFlagSourceReconciler_Reconcile(t *testing.T) {
 	)
 	var pullSecrets = []string{"test-pullsecret"}
 
+	var labels = map[string]string{
+		"label1": "labelValue1",
+		"label2": "labelValue2",
+	}
+
+	var annotations = map[string]string{
+		"annotation1": "annotationValue1",
+		"annotation2": "annotationValue2",
+	}
+
 	tests := []struct {
 		name                            string
 		fsConfig                        *api.FeatureFlagSource
@@ -93,7 +103,7 @@ func TestFeatureFlagSourceReconciler_Reconcile(t *testing.T) {
 			kpConfig := flagdproxy.NewFlagdProxyConfiguration(commontypes.EnvConfig{
 				FlagdProxyImage: "ghcr.io/open-feature/flagd-proxy",
 				FlagdProxyTag:   flagdProxyTag,
-			}, pullSecrets)
+			}, pullSecrets, labels, annotations)
 
 			kpConfig.Namespace = testNamespace
 			kph := flagdproxy.NewFlagdProxyHandler(

diff --git a/controllers/core/flagd/common/common.go b/controllers/core/flagd/common/common.go
@@ -9,6 +9,8 @@ type FlagdConfiguration struct {
 	Image            string
 	Tag              string
 	ImagePullSecrets []string
+	Labels           map[string]string
+	Annotations      map[string]string
 
 	OperatorNamespace      string
 	OperatorDeploymentName string

diff --git a/controllers/core/flagd/config.go b/controllers/core/flagd/config.go
@@ -6,7 +6,7 @@ import (
 	resources "github.com/open-feature/open-feature-operator/controllers/core/flagd/common"
 )
 
-func NewFlagdConfiguration(env types.EnvConfig, imagePullSecrets []string) resources.FlagdConfiguration {
+func NewFlagdConfiguration(env types.EnvConfig, imagePullSecrets []string, labels map[string]string, annotations map[string]string) resources.FlagdConfiguration {
 	return resources.FlagdConfiguration{
 		Image:                  env.FlagdImage,
 		Tag:                    env.FlagdTag,
@@ -17,5 +17,7 @@ func NewFlagdConfiguration(env types.EnvConfig, imagePullSecrets []string) resou
 		ManagementPort:         env.FlagdManagementPort,
 		DebugLogging:           env.FlagdDebugLogging,
 		ImagePullSecrets:       imagePullSecrets,
+		Labels:                 labels,
+		Annotations:            annotations,
 	}
 }
diff --git a/controllers/core/flagd/resources/deployment.go b/controllers/core/flagd/resources/deployment.go
@@ -77,11 +77,9 @@ func (r *FlagdDeployment) GetResource(ctx context.Context, flagd *api.Flagd) (cl
 	}
 
 	featureFlagSource := &api.FeatureFlagSource{}
-	imagePullSecrets := []corev1.LocalObjectReference{}
-	for _, secret := range r.FlagdConfig.ImagePullSecrets {
-		imagePullSecrets = append(imagePullSecrets, corev1.LocalObjectReference{
-			Name: secret,
-		})
+	imagePullSecrets := make([]corev1.LocalObjectReference, len(r.FlagdConfig.ImagePullSecrets))
+	for i, secret := range r.FlagdConfig.ImagePullSecrets {
+		imagePullSecrets[i] = corev1.LocalObjectReference{Name: secret}
 	}
 
 	if err := r.Client.Get(ctx, client.ObjectKey{
@@ -100,9 +98,10 @@ func (r *FlagdDeployment) GetResource(ctx context.Context, flagd *api.Flagd) (cl
 		return nil, errors.New("no flagd container has been injected into deployment")
 	}
 
-	deployment.Spec.Template.Spec.ImagePullSecrets = imagePullSecrets
-
 	// override settings for the injected container for flagd standalone deployment mode
+	deployment.Spec.Template.Spec.ImagePullSecrets = imagePullSecrets
+	deployment.Spec.Template.ObjectMeta.Labels = r.FlagdConfig.Labels
+	deployment.Spec.Template.ObjectMeta.Annotations = r.FlagdConfig.Annotations
 	deployment.Spec.Template.Spec.Containers[0].Image = fmt.Sprintf("%s:%s", r.FlagdConfig.Image, r.FlagdConfig.Tag)
 
 	deployment.Spec.Template.Spec.Containers[0].Ports = []corev1.ContainerPort{

diff --git a/go.mod b/go.mod
@@ -9,6 +9,7 @@ require (
 	github.com/open-feature/open-feature-operator/apis v0.2.41-0.20240506125212-c4831a3cdc00
 	github.com/stretchr/testify v1.8.4
 	go.uber.org/zap v1.27.0
+	golang.org/x/exp v0.0.0-20240707233637-46b078467d37
 	k8s.io/api v0.28.10
 	k8s.io/apimachinery v0.28.10
 	k8s.io/client-go v0.28.10
@@ -31,7 +32,7 @@ require (
 	github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect
 	github.com/golang/protobuf v1.5.4 // indirect
 	github.com/google/gnostic-models v0.6.8 // indirect
-	github.com/google/go-cmp v0.5.9 // indirect
+	github.com/google/go-cmp v0.6.0 // indirect
 	github.com/google/gofuzz v1.2.0 // indirect
 	github.com/google/uuid v1.3.0 // indirect
 	github.com/imdario/mergo v0.3.12 // indirect
@@ -54,7 +55,6 @@ require (
 	github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415 // indirect
 	github.com/xeipuuv/gojsonschema v1.2.0 // indirect
 	go.uber.org/multierr v1.11.0 // indirect
-	golang.org/x/exp v0.0.0-20220722155223-a9213eeb770e // indirect
 	golang.org/x/net v0.23.0 // indirect
 	golang.org/x/oauth2 v0.8.0 // indirect
 	golang.org/x/sys v0.19.0 // indirect