feat: Add labels and annotations to pods. (#681)

Signed-off-by: Christopher Pitstick <cpitstick@lat.ai>
Signed-off-by: Todd Baert <todd.baert@dynatrace.com>
Co-authored-by: Todd Baert <todd.baert@dynatrace.com>

Author: cpitstick-latai

.github/scripts/strip-kustomize-helm.sh

@@ -1,18 +1,26 @@
-#!/bin/bash
+#!/usr/bin/env bash
 
 # This script is a hack to support helm flow control in kustomize overlays, which would otherwise break them.
 # It allows us to render helm template bindings and add newlines.
 # For instance, it transforms "___{{ .Value.myValue }}___" to {{ .Value.myValue }}.
-# It also adds newlines wherever ___newline___ is found.
-
-CHARTS_DIR='./chart/open-feature-operator/templates';
+# It also adds newlines wherever ___newline___ is found, and other operations. See
+# sed_expressions below.
 
 echo 'Running strip-kustomize-helm.sh script'
-filenames=`find $CHARTS_DIR -name "*.yaml"`
-for file in $filenames; do
-    sed -i "s/___newline___/\\n/g" $file
-    sed -i "s/\"___//g" $file
-    sed -i "s/___\"//g" $file
-    sed -i "s/___//g" $file
+CHARTS_DIR='./chart/open-feature-operator/templates'
+# Careful! Ordering of these expressions matter!
+sed_expressions=(
+    "s/___newline___/\\n/g"
+    "s/___space___/ /g"
+    "s/\"___//g"
+    "s/___\"//g"
+    "/___delete_me___/d"
+    "s/___//g"
+)
+find $CHARTS_DIR -name "*.yaml" | while read file; do
+    for expr in "${sed_expressions[@]}"; do
+        sed -i "$expr" "$file"
+    done
 done
-echo 'Done running strip-kustomize-helm.sh script'
+
+echo 'Done running strip-kustomize-helm.sh script'

Makefile

@@ -252,7 +252,7 @@ set-helm-overlay:
 helm-package: set-helm-overlay generate release-manifests helm
 	mkdir -p chart/open-feature-operator/templates/crds
 	mv chart/open-feature-operator/templates/*customresourcedefinition* chart/open-feature-operator/templates/crds
-	sh .github/scripts/strip-kustomize-helm.sh
+	.github/scripts/strip-kustomize-helm.sh
 	$(HELM) package --version $(CHART_VERSION) chart/open-feature-operator
 	mkdir -p charts && mv open-feature-operator-*.tgz charts
 	$(HELM) repo index --url https://open-feature.github.io/open-feature-operator/charts charts

chart/open-feature-operator/README.md

@@ -97,6 +97,8 @@ The command removes all the Kubernetes components associated with the chart and
 | ------------------ | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------------------ |
 | `defaultNamespace` | To override the namespace use the `--namespace` flag. This default is provided to ensure that the kustomize build charts in `/templates` deploy correctly when no `namespace` is provided via the `-n` flag.                                                                     | `open-feature-operator-system` |
 | `imagePullSecrets` | Array of ImagePullSecret objects containing credentials for images pulled by the operator (flagdProxyConfiguration.image, flagdConfiguration.image, controllerManager.manager.image, controllerManager.kubeRbacProxy.image). Example: imagePullSecrets: [{"name": "my-secret"}]  | `[]`                           |
+| `labels`           | Labels to apply to all of the pods in the operator.                                                                                                                                                                                                                              | `{}`                           |
+| `annotations`      | Annotations to apply to all of the pods in the operator.                                                                                                                                                                                                                         | `{}`                           |
 
 ### Sidecar configuration
 
@@ -167,7 +169,7 @@ The command removes all the Kubernetes components associated with the chart and
 | `controllerManager.kubeRbacProxy.resources.requests.cpu`                  | Sets cpu resource requests for kube-rbac-proxy.                                                                  | `5m`                                         |
 | `controllerManager.kubeRbacProxy.resources.requests.memory`               | Sets memory resource requests for kube-rbac-proxy.                                                               | `64Mi`                                       |
 | `controllerManager.manager.image.repository`                              | Sets the image for the operator.                                                                                 | `ghcr.io/open-feature/open-feature-operator` |
-| `controllerManager.manager.image.tag`                                     | Sets the version tag for the operator.                                                                           | `v0.6.1`                                     |
+| `controllerManager.manager.image.tag`                                     | Sets the version tag for the operator.                                                                           | `v0.7.0`                                     |
 | `controllerManager.manager.resources.limits.cpu`                          | Sets cpu resource limits for operator.                                                                           | `500m`                                       |
 | `controllerManager.manager.resources.limits.memory`                       | Sets memory resource limits for operator.                                                                        | `128Mi`                                      |
 | `controllerManager.manager.resources.requests.cpu`                        | Sets cpu resource requests for operator.                                                                         | `10m`                                        |
@@ -180,3 +182,4 @@ The command removes all the Kubernetes components associated with the chart and
 | `managerConfig.controllerManagerConfigYaml.metrics.bindAddress`           | Sets the bind address for metrics (combined with bindPort).                                                      | `127.0.0.1`                                  |
 | `managerConfig.controllerManagerConfigYaml.metrics.bindPort`              | Sets the bind port for metrics.                                                                                  | `8080`                                       |
 | `managerConfig.controllerManagerConfigYaml.webhook.port`                  | Sets the bind address for webhook.                                                                               | `9443`                                       |
+

chart/open-feature-operator/values.yaml

@@ -4,6 +4,10 @@
 defaultNamespace: open-feature-operator-system
 ## @param imagePullSecrets Array of ImagePullSecret objects containing credentials for images pulled by the operator (flagdProxyConfiguration.image, flagdConfiguration.image, controllerManager.manager.image, controllerManager.kubeRbacProxy.image). Example: imagePullSecrets: [{"name": "my-secret"}] 
 imagePullSecrets: []
+## @param labels Labels to apply to all of the pods in the operator.
+labels: {}
+## @param annotations Annotations to apply to all of the pods in the operator.
+annotations: {}
 
 ## @section Sidecar configuration
 sidecarConfiguration:

common/flagdproxy/flagdproxy.go

@@ -8,6 +8,7 @@ import (
 	"github.com/go-logr/logr"
 	"github.com/open-feature/open-feature-operator/common"
 	"github.com/open-feature/open-feature-operator/common/types"
+	"golang.org/x/exp/maps"
 	appsV1 "k8s.io/api/apps/v1"
 	corev1 "k8s.io/api/core/v1"
 	"k8s.io/apimachinery/pkg/api/errors"
@@ -39,9 +40,11 @@ type FlagdProxyConfiguration struct {
 	Namespace              string
 	OperatorDeploymentName string
 	ImagePullSecrets       []string
+	Labels                 map[string]string
+	Annotations            map[string]string
 }
 
-func NewFlagdProxyConfiguration(env types.EnvConfig, imagePullSecrets []string) *FlagdProxyConfiguration {
+func NewFlagdProxyConfiguration(env types.EnvConfig, imagePullSecrets []string, labels map[string]string, annotations map[string]string) *FlagdProxyConfiguration {
 	return &FlagdProxyConfiguration{
 		Image:                  env.FlagdProxyImage,
 		Tag:                    env.FlagdProxyTag,
@@ -51,6 +54,8 @@ func NewFlagdProxyConfiguration(env types.EnvConfig, imagePullSecrets []string)
 		ManagementPort:         env.FlagdProxyManagementPort,
 		DebugLogging:           env.FlagdProxyDebugLogging,
 		ImagePullSecrets:       imagePullSecrets,
+		Labels:                 labels,
+		Annotations:            annotations,
 	}
 }
 
@@ -151,6 +156,21 @@ func (f *FlagdProxyHandler) newFlagdProxyManifest(ownerReference *metav1.OwnerRe
 			Name: secret,
 		})
 	}
+	flagdLabels := map[string]string{
+		"app":                          FlagdProxyDeploymentName,
+		"app.kubernetes.io/name":       FlagdProxyDeploymentName,
+		"app.kubernetes.io/managed-by": common.ManagedByAnnotationValue,
+		"app.kubernetes.io/version":    f.config.Tag,
+	}
+	if len(f.config.Labels) > 0 {
+		maps.Copy(flagdLabels, f.config.Labels)
+	}
+
+	// No "built-in" annotations to merge at this time. If adding them follow the same pattern as labels.
+	flagdAnnotations := map[string]string{}
+	if len(f.config.Annotations) > 0 {
+		maps.Copy(flagdAnnotations, f.config.Annotations)
+	}
 
 	return &appsV1.Deployment{
 		ObjectMeta: metav1.ObjectMeta{
@@ -172,12 +192,8 @@ func (f *FlagdProxyHandler) newFlagdProxyManifest(ownerReference *metav1.OwnerRe
 			},
 			Template: corev1.PodTemplateSpec{
 				ObjectMeta: metav1.ObjectMeta{
-					Labels: map[string]string{
-						"app":                          FlagdProxyDeploymentName,
-						"app.kubernetes.io/name":       FlagdProxyDeploymentName,
-						"app.kubernetes.io/managed-by": common.ManagedByAnnotationValue,
-						"app.kubernetes.io/version":    f.config.Tag,
-					},
+					Labels:      flagdLabels,
+					Annotations: flagdAnnotations,
 				},
 				Spec: corev1.PodSpec{
 					ServiceAccountName: FlagdProxyServiceAccountName,

common/flagdproxy/flagdproxy_test.go

@@ -21,12 +21,22 @@ import (
 
 var pullSecrets = []string{"test-pullSecret"}
 
+var labels = map[string]string{
+	"label1": "labelValue1",
+	"label2": "labelValue2",
+}
+
+var annotations = map[string]string{
+	"annotation1": "annotationValue1",
+	"annotation2": "annotationValue2",
+}
+
 func TestNewFlagdProxyConfiguration(t *testing.T) {
 
 	kpConfig := NewFlagdProxyConfiguration(types.EnvConfig{
 		FlagdProxyPort:           8015,
 		FlagdProxyManagementPort: 8016,
-	}, pullSecrets)
+	}, pullSecrets, labels, annotations)
 
 	require.NotNil(t, kpConfig)
 	require.Equal(t, &FlagdProxyConfiguration{
@@ -35,6 +45,8 @@ func TestNewFlagdProxyConfiguration(t *testing.T) {
 		DebugLogging:           false,
 		OperatorDeploymentName: common.OperatorDeploymentName,
 		ImagePullSecrets:       pullSecrets,
+		Labels:                 labels,
+		Annotations:            annotations,
 	}, kpConfig)
 }
 
@@ -48,7 +60,7 @@ func TestNewFlagdProxyConfiguration_OverrideEnvVars(t *testing.T) {
 		FlagdProxyDebugLogging:   true,
 	}
 
-	kpConfig := NewFlagdProxyConfiguration(env, pullSecrets)
+	kpConfig := NewFlagdProxyConfiguration(env, pullSecrets, labels, annotations)
 
 	require.NotNil(t, kpConfig)
 	require.Equal(t, &FlagdProxyConfiguration{
@@ -60,11 +72,13 @@ func TestNewFlagdProxyConfiguration_OverrideEnvVars(t *testing.T) {
 		Namespace:              "my-namespace",
 		OperatorDeploymentName: common.OperatorDeploymentName,
 		ImagePullSecrets:       pullSecrets,
+		Labels:                 labels,
+		Annotations:            annotations,
 	}, kpConfig)
 }
 
 func TestNewFlagdProxyHandler(t *testing.T) {
-	kpConfig := NewFlagdProxyConfiguration(types.EnvConfig{}, pullSecrets)
+	kpConfig := NewFlagdProxyConfiguration(types.EnvConfig{}, pullSecrets, labels, annotations)
 
 	require.NotNil(t, kpConfig)
 
@@ -100,7 +114,7 @@ func TestDoesFlagdProxyExist(t *testing.T) {
 		},
 	}
 
-	kpConfig := NewFlagdProxyConfiguration(env, pullSecrets)
+	kpConfig := NewFlagdProxyConfiguration(env, pullSecrets, labels, annotations)
 
 	require.NotNil(t, kpConfig)
 
@@ -128,7 +142,7 @@ func TestFlagdProxyHandler_HandleFlagdProxy_ProxyExistsWithBadVersion(t *testing
 	env := types.EnvConfig{
 		PodNamespace: "ns",
 	}
-	kpConfig := NewFlagdProxyConfiguration(env, pullSecrets)
+	kpConfig := NewFlagdProxyConfiguration(env, pullSecrets, labels, annotations)
 
 	require.NotNil(t, kpConfig)
 
@@ -187,7 +201,7 @@ func TestFlagdProxyHandler_HandleFlagdProxy_ProxyExistsWithoutLabel(t *testing.T
 	env := types.EnvConfig{
 		PodNamespace: "ns",
 	}
-	kpConfig := NewFlagdProxyConfiguration(env, pullSecrets)
+	kpConfig := NewFlagdProxyConfiguration(env, pullSecrets, labels, annotations)
 
 	require.NotNil(t, kpConfig)
 
@@ -236,7 +250,7 @@ func TestFlagdProxyHandler_HandleFlagdProxy_ProxyExistsWithNewestVersion(t *test
 	env := types.EnvConfig{
 		PodNamespace: "ns",
 	}
-	kpConfig := NewFlagdProxyConfiguration(env, pullSecrets)
+	kpConfig := NewFlagdProxyConfiguration(env, pullSecrets, labels, annotations)
 
 	require.NotNil(t, kpConfig)
 
@@ -280,7 +294,7 @@ func TestFlagdProxyHandler_HandleFlagdProxy_CreateProxy(t *testing.T) {
 		FlagdProxyManagementPort: 90,
 		FlagdProxyDebugLogging:   true,
 	}
-	kpConfig := NewFlagdProxyConfiguration(env, pullSecrets)
+	kpConfig := NewFlagdProxyConfiguration(env, pullSecrets, labels, annotations)
 
 	require.NotNil(t, kpConfig)
 
@@ -357,7 +371,10 @@ func TestFlagdProxyHandler_HandleFlagdProxy_CreateProxy(t *testing.T) {
 						"app.kubernetes.io/name":       FlagdProxyDeploymentName,
 						"app.kubernetes.io/managed-by": common.ManagedByAnnotationValue,
 						"app.kubernetes.io/version":    "tag",
+						"label1":                       "labelValue1",
+						"label2":                       "labelValue2",
 					},
+					Annotations: annotations,
 				},
 				Spec: corev1.PodSpec{
 					ServiceAccountName: FlagdProxyServiceAccountName,

config/overlays/helm/manager.yaml

@@ -6,12 +6,19 @@ metadata:
 spec:
   replicas: 0{{ .Values.controllerManager.replicas }}
   template:
+    metadata:
+      # this is transformed by .github/scripts/strip-kustomize-helm.sh
+      annotations:
+        ___delete_me___: "___ ___newline___{{ if .Values.annotations }}{{___space___toYaml___space___.Values.annotations___space___|___space___indent___space___8___space___}}{{ end }}___"
+      # this is transformed by .github/scripts/strip-kustomize-helm.sh
+      labels:
+        ___delete_me___: "___ ___newline___{{ if .Values.labels }}___newline___{{___space___toYaml___space___.Values.labels___space___|___space___indent___space___8___space___}}{{ end }}___"
     spec:
       # this is transformed by .github/scripts/strip-kustomize-helm.sh
-      ___imagePullSecrets___: "___ ___newline___{{ toYaml .Values.imagePullSecrets | indent 8 }}___"
-      dnsPolicy: "{{ .Values.controllerManager.manager.dnsPolicy }}"
+      ___imagePullSecrets___: "___ ___newline___        {{ toYaml .Values.imagePullSecrets___space___|___space___indent___space___8___space___}}___"
       # this is transformed by .github/scripts/strip-kustomize-helm.sh
       hostNetwork: "___{{ .Values.controllerManager.manager.hostNetwork }}___"
+      dnsPolicy: "{{ .Values.controllerManager.manager.dnsPolicy }}"
       containers:
         - name: manager
           image: "{{ .Values.controllerManager.manager.image.repository }}:{{ .Values.controllerManager.manager.image.tag }}"
@@ -104,6 +111,8 @@ spec:
             - --sidecar-ram-request={{ .Values.sidecarConfiguration.resources.requests.memory }}
             - --image-pull-secrets={{ range .Values.imagePullSecrets }}{{ .name }},{{- end }}
             - --metrics-bind-address=:{{ .Values.managerConfig.controllerManagerConfigYaml.metrics.bindPort }}
+            - --labels={{ $labelKeys := keys .Values.labels -}}{{- $labelPairs := list -}}{{- range $key := $labelKeys -}}{{- $labelPairs = append $labelPairs (printf "%s:%s" $key (index $.Values.labels $key)) -}}{{- end -}}{{- join "," $labelPairs }}
+            - --annotations={{ $annotationKeys := keys .Values.annotations -}}{{- $annotationPairs := list -}}{{- range $key := $annotationKeys -}}{{- $annotationPairs = append $annotationPairs (printf "%s:%s" $key (index $.Values.annotations $key)) -}}{{- end -}}{{- join "," $annotationPairs }}
         - name: kube-rbac-proxy
           image: "{{ .Values.controllerManager.kubeRbacProxy.image.repository }}:{{ .Values.controllerManager.kubeRbacProxy.image.tag }}"
           resources:

controllers/core/featureflagsource/controller_test.go

@@ -30,6 +30,16 @@ func TestFeatureFlagSourceReconciler_Reconcile(t *testing.T) {
 	)
 	var pullSecrets = []string{"test-pullsecret"}
 
+	var labels = map[string]string{
+		"label1": "labelValue1",
+		"label2": "labelValue2",
+	}
+
+	var annotations = map[string]string{
+		"annotation1": "annotationValue1",
+		"annotation2": "annotationValue2",
+	}
+
 	tests := []struct {
 		name                            string
 		fsConfig                        *api.FeatureFlagSource
@@ -93,7 +103,7 @@ func TestFeatureFlagSourceReconciler_Reconcile(t *testing.T) {
 			kpConfig := flagdproxy.NewFlagdProxyConfiguration(commontypes.EnvConfig{
 				FlagdProxyImage: "ghcr.io/open-feature/flagd-proxy",
 				FlagdProxyTag:   flagdProxyTag,
-			}, pullSecrets)
+			}, pullSecrets, labels, annotations)
 
 			kpConfig.Namespace = testNamespace
 			kph := flagdproxy.NewFlagdProxyHandler(
@@ -169,6 +179,7 @@ func createTestDeployment(fsConfigName string, testNamespace string, deploymentN
 					},
 				},
 				Spec: corev1.PodSpec{
+					ImagePullSecrets: []corev1.LocalObjectReference{{Name: "test-pullSecret"}},
 					Containers: []corev1.Container{
 						{
 							Name:  "test",

controllers/core/flagd/common/common.go

@@ -9,6 +9,8 @@ type FlagdConfiguration struct {
 	Image            string
 	Tag              string
 	ImagePullSecrets []string
+	Labels           map[string]string
+	Annotations      map[string]string
 
 	OperatorNamespace      string
 	OperatorDeploymentName string

controllers/core/flagd/config.go

@@ -6,7 +6,7 @@ import (
 	resources "github.com/open-feature/open-feature-operator/controllers/core/flagd/common"
 )
 
-func NewFlagdConfiguration(env types.EnvConfig, imagePullSecrets []string) resources.FlagdConfiguration {
+func NewFlagdConfiguration(env types.EnvConfig, imagePullSecrets []string, labels map[string]string, annotations map[string]string) resources.FlagdConfiguration {
 	return resources.FlagdConfiguration{
 		Image:                  env.FlagdImage,
 		Tag:                    env.FlagdTag,
@@ -17,5 +17,7 @@ func NewFlagdConfiguration(env types.EnvConfig, imagePullSecrets []string) resou
 		ManagementPort:         env.FlagdManagementPort,
 		DebugLogging:           env.FlagdDebugLogging,
 		ImagePullSecrets:       imagePullSecrets,
+		Labels:                 labels,
+		Annotations:            annotations,
 	}
 }