Add labels and annotations to pods.

cpitstick-latai · cpitstick-latai · commit a30abc97b82c · 2024-07-09T21:23:54.000-04:00
Currently, there is only one deployment, so avoid premature optimization
by making these global (and follow the same pattern for
imagePullSecrets)

Requires more aggressive usage of the `strip-kustomize-helm.sh` script
because we have to preserve existing annotations and labels from the
config/manager directory.

Also update labels and annotations for injected pods (FlagD sidecar,
FlagD standalone, and FlagD proxy).

Signed-off-by: Christopher Pitstick &lt;cpitstick@lat.ai&gt;
diff --git a/.github/scripts/strip-kustomize-helm.sh b/.github/scripts/strip-kustomize-helm.sh
@@ -1,18 +1,26 @@
-#!/bin/bash
+#!/usr/bin/env bash
 
 # This script is a hack to support helm flow control in kustomize overlays, which would otherwise break them.
 # It allows us to render helm template bindings and add newlines.
 # For instance, it transforms "___{{ .Value.myValue }}___" to {{ .Value.myValue }}.
-# It also adds newlines wherever ___newline___ is found.
-
-CHARTS_DIR='./chart/open-feature-operator/templates';
+# It also adds newlines wherever ___newline___ is found, and other operations. See
+# sed_expressions below.
 
 echo 'Running strip-kustomize-helm.sh script'
-filenames=`find $CHARTS_DIR -name "*.yaml"`
-for file in $filenames; do
-    sed -i "s/___newline___/\\n/g" $file
-    sed -i "s/\"___//g" $file
-    sed -i "s/___\"//g" $file
-    sed -i "s/___//g" $file
+CHARTS_DIR='./chart/open-feature-operator/templates'
+# Careful! Ordering of these expressions matter!
+sed_expressions=(
+    "s/___newline___/\\n/g"
+    "s/___space___/ /g"
+    "s/\"___//g"
+    "s/___\"//g"
+    "/___delete_me___/d"
+    "s/___//g"
+)
+find $CHARTS_DIR -name "*.yaml" | while read file; do
+    for expr in "${sed_expressions[@]}"; do
+        sed -i "$expr" "$file"
+    done
 done
-echo 'Done running strip-kustomize-helm.sh script'
+
+echo 'Done running strip-kustomize-helm.sh script'
diff --git a/Makefile b/Makefile
@@ -252,7 +252,7 @@ set-helm-overlay:
 helm-package: set-helm-overlay generate release-manifests helm
 	mkdir -p chart/open-feature-operator/templates/crds
 	mv chart/open-feature-operator/templates/*customresourcedefinition* chart/open-feature-operator/templates/crds
-	sh .github/scripts/strip-kustomize-helm.sh
+	.github/scripts/strip-kustomize-helm.sh
 	$(HELM) package --version $(CHART_VERSION) chart/open-feature-operator
 	mkdir -p charts && mv open-feature-operator-*.tgz charts
 	$(HELM) repo index --url https://open-feature.github.io/open-feature-operator/charts charts
diff --git a/chart/open-feature-operator/README.md b/chart/open-feature-operator/README.md
@@ -97,6 +97,8 @@ The command removes all the Kubernetes components associated with the chart and
 | ------------------ | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------------------ |
 | `defaultNamespace` | To override the namespace use the `--namespace` flag. This default is provided to ensure that the kustomize build charts in `/templates` deploy correctly when no `namespace` is provided via the `-n` flag.                                                                     | `open-feature-operator-system` |
 | `imagePullSecrets` | Array of ImagePullSecret objects containing credentials for images pulled by the operator (flagdProxyConfiguration.image, flagdConfiguration.image, controllerManager.manager.image, controllerManager.kubeRbacProxy.image). Example: imagePullSecrets: [{"name": "my-secret"}]  | `[]`                           |
+| `labels`           | Labels to apply to all of the pods in the operator.                                                                                                                                                                                                                              | `{}`                           |
+| `annotations`      | Annotations to apply to all of the pods in the operator.                                                                                                                                                                                                                         | `{}`                           |
 
 ### Sidecar configuration
 
@@ -167,7 +169,7 @@ The command removes all the Kubernetes components associated with the chart and
 | `controllerManager.kubeRbacProxy.resources.requests.cpu`                  | Sets cpu resource requests for kube-rbac-proxy.                                                                  | `5m`                                         |
 | `controllerManager.kubeRbacProxy.resources.requests.memory`               | Sets memory resource requests for kube-rbac-proxy.                                                               | `64Mi`                                       |
 | `controllerManager.manager.image.repository`                              | Sets the image for the operator.                                                                                 | `ghcr.io/open-feature/open-feature-operator` |
-| `controllerManager.manager.image.tag`                                     | Sets the version tag for the operator.                                                                           | `v0.6.1`                                     |
+| `controllerManager.manager.image.tag`                                     | Sets the version tag for the operator.                                                                           | `v0.7.0`                                     |
 | `controllerManager.manager.resources.limits.cpu`                          | Sets cpu resource limits for operator.                                                                           | `500m`                                       |
 | `controllerManager.manager.resources.limits.memory`                       | Sets memory resource limits for operator.                                                                        | `128Mi`                                      |
 | `controllerManager.manager.resources.requests.cpu`                        | Sets cpu resource requests for operator.                                                                         | `10m`                                        |
@@ -180,3 +182,4 @@ The command removes all the Kubernetes components associated with the chart and
 | `managerConfig.controllerManagerConfigYaml.metrics.bindAddress`           | Sets the bind address for metrics (combined with bindPort).                                                      | `127.0.0.1`                                  |
 | `managerConfig.controllerManagerConfigYaml.metrics.bindPort`              | Sets the bind port for metrics.                                                                                  | `8080`                                       |
 | `managerConfig.controllerManagerConfigYaml.webhook.port`                  | Sets the bind address for webhook.                                                                               | `9443`                                       |
+
diff --git a/chart/open-feature-operator/values.yaml b/chart/open-feature-operator/values.yaml
@@ -4,6 +4,10 @@
 defaultNamespace: open-feature-operator-system
 ## @param imagePullSecrets Array of ImagePullSecret objects containing credentials for images pulled by the operator (flagdProxyConfiguration.image, flagdConfiguration.image, controllerManager.manager.image, controllerManager.kubeRbacProxy.image). Example: imagePullSecrets: [{"name": "my-secret"}] 
 imagePullSecrets: []
+## @param labels Labels to apply to all of the pods in the operator.
+labels: {}
+## @param annotations Annotations to apply to all of the pods in the operator.
+annotations: {}
 
 ## @section Sidecar configuration
 sidecarConfiguration:
diff --git a/common/flagdproxy/flagdproxy.go b/common/flagdproxy/flagdproxy.go
@@ -5,6 +5,8 @@ import (
 	"fmt"
 	"reflect"
 
+	"golang.org/x/exp/maps"
+
 	"github.com/go-logr/logr"
 	"github.com/open-feature/open-feature-operator/common"
 	"github.com/open-feature/open-feature-operator/common/types"
@@ -39,9 +41,11 @@ type FlagdProxyConfiguration struct {
 	Namespace              string
 	OperatorDeploymentName string
 	ImagePullSecrets       []string
+	Labels                 map[string]string
+	Annotations            map[string]string
 }
 
-func NewFlagdProxyConfiguration(env types.EnvConfig, imagePullSecrets []string) *FlagdProxyConfiguration {
+func NewFlagdProxyConfiguration(env types.EnvConfig, imagePullSecrets []string, labels map[string]string, annotations map[string]string) *FlagdProxyConfiguration {
 	return &FlagdProxyConfiguration{
 		Image:                  env.FlagdProxyImage,
 		Tag:                    env.FlagdProxyTag,
@@ -51,6 +55,8 @@ func NewFlagdProxyConfiguration(env types.EnvConfig, imagePullSecrets []string)
 		ManagementPort:         env.FlagdProxyManagementPort,
 		DebugLogging:           env.FlagdProxyDebugLogging,
 		ImagePullSecrets:       imagePullSecrets,
+		Labels:                 labels,
+		Annotations:            annotations,
 	}
 }
 
@@ -151,6 +157,16 @@ func (f *FlagdProxyHandler) newFlagdProxyManifest(ownerReference *metav1.OwnerRe
 			Name: secret,
 		})
 	}
+	flagdLabels := map[string]string{
+		"app":                          FlagdProxyDeploymentName,
+		"app.kubernetes.io/name":       FlagdProxyDeploymentName,
+		"app.kubernetes.io/managed-by": common.ManagedByAnnotationValue,
+		"app.kubernetes.io/version":    f.config.Tag,
+	}
+	maps.Copy(flagdLabels, f.config.Labels)
+
+	// No "built-in" annotations to merge at this time. If adding them follow the same pattern as labels.
+	flagdAnnotations := f.config.Annotations
 
 	return &appsV1.Deployment{
 		ObjectMeta: metav1.ObjectMeta{
@@ -172,12 +188,8 @@ func (f *FlagdProxyHandler) newFlagdProxyManifest(ownerReference *metav1.OwnerRe
 			},
 			Template: corev1.PodTemplateSpec{
 				ObjectMeta: metav1.ObjectMeta{
-					Labels: map[string]string{
-						"app":                          FlagdProxyDeploymentName,
-						"app.kubernetes.io/name":       FlagdProxyDeploymentName,
-						"app.kubernetes.io/managed-by": common.ManagedByAnnotationValue,
-						"app.kubernetes.io/version":    f.config.Tag,
-					},
+					Labels:      flagdLabels,
+					Annotations: flagdAnnotations,
 				},
 				Spec: corev1.PodSpec{
 					ServiceAccountName: FlagdProxyServiceAccountName,
diff --git a/common/flagdproxy/flagdproxy_test.go b/common/flagdproxy/flagdproxy_test.go
@@ -21,12 +21,22 @@ import (
 
 var pullSecrets = []string{"test-pullSecret"}
 
+var labels = map[string]string{
+	"label1": "labelValue1",
+	"label2": "labelValue2",
+}
+
+var annotations = map[string]string{
+	"annotation1": "annotationValue1",
+	"annotation2": "annotationValue2",
+}
+
 func TestNewFlagdProxyConfiguration(t *testing.T) {
 
 	kpConfig := NewFlagdProxyConfiguration(types.EnvConfig{
 		FlagdProxyPort:           8015,
 		FlagdProxyManagementPort: 8016,
-	}, pullSecrets)
+	}, pullSecrets, labels, annotations)
 
 	require.NotNil(t, kpConfig)
 	require.Equal(t, &FlagdProxyConfiguration{
@@ -35,6 +45,8 @@ func TestNewFlagdProxyConfiguration(t *testing.T) {
 		DebugLogging:           false,
 		OperatorDeploymentName: common.OperatorDeploymentName,
 		ImagePullSecrets:       pullSecrets,
+		Labels:                 labels,
+		Annotations:            annotations,
 	}, kpConfig)
 }
 
@@ -48,7 +60,7 @@ func TestNewFlagdProxyConfiguration_OverrideEnvVars(t *testing.T) {
 		FlagdProxyDebugLogging:   true,
 	}
 
-	kpConfig := NewFlagdProxyConfiguration(env, pullSecrets)
+	kpConfig := NewFlagdProxyConfiguration(env, pullSecrets, labels, annotations)
 
 	require.NotNil(t, kpConfig)
 	require.Equal(t, &FlagdProxyConfiguration{
@@ -60,11 +72,13 @@ func TestNewFlagdProxyConfiguration_OverrideEnvVars(t *testing.T) {
 		Namespace:              "my-namespace",
 		OperatorDeploymentName: common.OperatorDeploymentName,
 		ImagePullSecrets:       pullSecrets,
+		Labels:                 labels,
+		Annotations:            annotations,
 	}, kpConfig)
 }
 
 func TestNewFlagdProxyHandler(t *testing.T) {
-	kpConfig := NewFlagdProxyConfiguration(types.EnvConfig{}, pullSecrets)
+	kpConfig := NewFlagdProxyConfiguration(types.EnvConfig{}, pullSecrets, labels, annotations)
 
 	require.NotNil(t, kpConfig)
 
@@ -100,7 +114,7 @@ func TestDoesFlagdProxyExist(t *testing.T) {
 		},
 	}
 
-	kpConfig := NewFlagdProxyConfiguration(env, pullSecrets)
+	kpConfig := NewFlagdProxyConfiguration(env, pullSecrets, labels, annotations)
 
 	require.NotNil(t, kpConfig)
 
@@ -128,7 +142,7 @@ func TestFlagdProxyHandler_HandleFlagdProxy_ProxyExistsWithBadVersion(t *testing
 	env := types.EnvConfig{
 		PodNamespace: "ns",
 	}
-	kpConfig := NewFlagdProxyConfiguration(env, pullSecrets)
+	kpConfig := NewFlagdProxyConfiguration(env, pullSecrets, labels, annotations)
 
 	require.NotNil(t, kpConfig)
 
@@ -187,7 +201,7 @@ func TestFlagdProxyHandler_HandleFlagdProxy_ProxyExistsWithoutLabel(t *testing.T
 	env := types.EnvConfig{
 		PodNamespace: "ns",
 	}
-	kpConfig := NewFlagdProxyConfiguration(env, pullSecrets)
+	kpConfig := NewFlagdProxyConfiguration(env, pullSecrets, labels, annotations)
 
 	require.NotNil(t, kpConfig)
 
@@ -236,7 +250,7 @@ func TestFlagdProxyHandler_HandleFlagdProxy_ProxyExistsWithNewestVersion(t *test
 	env := types.EnvConfig{
 		PodNamespace: "ns",
 	}
-	kpConfig := NewFlagdProxyConfiguration(env, pullSecrets)
+	kpConfig := NewFlagdProxyConfiguration(env, pullSecrets, labels, annotations)
 
 	require.NotNil(t, kpConfig)
 
@@ -280,7 +294,7 @@ func TestFlagdProxyHandler_HandleFlagdProxy_CreateProxy(t *testing.T) {
 		FlagdProxyManagementPort: 90,
 		FlagdProxyDebugLogging:   true,
 	}
-	kpConfig := NewFlagdProxyConfiguration(env, pullSecrets)
+	kpConfig := NewFlagdProxyConfiguration(env, pullSecrets, labels, annotations)
 
 	require.NotNil(t, kpConfig)
 
@@ -357,7 +371,10 @@ func TestFlagdProxyHandler_HandleFlagdProxy_CreateProxy(t *testing.T) {
 						"app.kubernetes.io/name":       FlagdProxyDeploymentName,
 						"app.kubernetes.io/managed-by": common.ManagedByAnnotationValue,
 						"app.kubernetes.io/version":    "tag",
+						"label1":                       "labelValue1",
+						"label2":                       "labelValue2",
 					},
+					Annotations: annotations,
 				},
 				Spec: corev1.PodSpec{
 					ServiceAccountName: FlagdProxyServiceAccountName,
diff --git a/config/overlays/helm/manager.yaml b/config/overlays/helm/manager.yaml
@@ -6,9 +6,17 @@ metadata:
 spec:
   replicas: 0{{ .Values.controllerManager.replicas }}
   template:
+    metadata:
+      # this is transformed by .github/scripts/strip-kustomize-helm.sh
+      annotations:
+        ___delete_me___: "___ ___newline___{{ if .Values.annotations }}{{___space___toYaml___space___.Values.annotations___space___|___space___indent___space___8___space___}}{{ end }}___"
+      # this is transformed by .github/scripts/strip-kustomize-helm.sh
+      labels:
+        ___delete_me___: "___ ___newline___{{ if .Values.labels }}___newline___{{___space___toYaml___space___.Values.labels___space___|___space___indent___space___8___space___}}{{ end }}___"
     spec:
       # this is transformed by .github/scripts/strip-kustomize-helm.sh
-      ___imagePullSecrets___: "___ ___newline___{{ toYaml .Values.imagePullSecrets | indent 8 }}___"
+      ___imagePullSecrets___: "___ ___newline___        {{ toYaml .Values.imagePullSecrets___space___|___space___indent___space___8___space___}}___"
+      # this is transformed by .github/scripts/strip-kustomize-helm.sh
       dnsPolicy: "{{ .Values.controllerManager.manager.dnsPolicy }}"
       # this is transformed by .github/scripts/strip-kustomize-helm.sh
       hostNetwork: "___{{ .Values.controllerManager.manager.hostNetwork }}___"
@@ -104,6 +112,8 @@ spec:
             - --sidecar-ram-request={{ .Values.sidecarConfiguration.resources.requests.memory }}
             - --image-pull-secrets={{ range .Values.imagePullSecrets }}{{ .name }},{{- end }}
             - --metrics-bind-address=:{{ .Values.managerConfig.controllerManagerConfigYaml.metrics.bindPort }}
+            - --labels={{- join "," (range $key, $value := .Values.labels -}}{{- printf "%s:%s" $key $value -}}{{- end) -}}
+            - --annotations={{- join "," (range $key, $value := .Values.annotations -}}{{- printf "%s:%s" $key $value -}}{{- end) -}}
         - name: kube-rbac-proxy
           image: "{{ .Values.controllerManager.kubeRbacProxy.image.repository }}:{{ .Values.controllerManager.kubeRbacProxy.image.tag }}"
           resources:
diff --git a/controllers/core/featureflagsource/controller_test.go b/controllers/core/featureflagsource/controller_test.go
@@ -30,6 +30,16 @@ func TestFeatureFlagSourceReconciler_Reconcile(t *testing.T) {
 	)
 	var pullSecrets = []string{"test-pullsecret"}
 
+	var labels = map[string]string{
+		"label1": "labelValue1",
+		"label2": "labelValue2",
+	}
+
+	var annotations = map[string]string{
+		"annotation1": "annotationValue1",
+		"annotation2": "annotationValue2",
+	}
+
 	tests := []struct {
 		name                            string
 		fsConfig                        *api.FeatureFlagSource
@@ -93,7 +103,7 @@ func TestFeatureFlagSourceReconciler_Reconcile(t *testing.T) {
 			kpConfig := flagdproxy.NewFlagdProxyConfiguration(commontypes.EnvConfig{
 				FlagdProxyImage: "ghcr.io/open-feature/flagd-proxy",
 				FlagdProxyTag:   flagdProxyTag,
-			}, pullSecrets)
+			}, pullSecrets, labels, annotations)
 
 			kpConfig.Namespace = testNamespace
 			kph := flagdproxy.NewFlagdProxyHandler(
diff --git a/controllers/core/flagd/common/common.go b/controllers/core/flagd/common/common.go
@@ -9,6 +9,8 @@ type FlagdConfiguration struct {
 	Image            string
 	Tag              string
 	ImagePullSecrets []string
+	Labels           map[string]string
+	Annotations      map[string]string
 
 	OperatorNamespace      string
 	OperatorDeploymentName string
diff --git a/controllers/core/flagd/config.go b/controllers/core/flagd/config.go
@@ -6,7 +6,7 @@ import (
 	resources "github.com/open-feature/open-feature-operator/controllers/core/flagd/common"
 )
 
-func NewFlagdConfiguration(env types.EnvConfig, imagePullSecrets []string) resources.FlagdConfiguration {
+func NewFlagdConfiguration(env types.EnvConfig, imagePullSecrets []string, labels map[string]string, annotations map[string]string) resources.FlagdConfiguration {
 	return resources.FlagdConfiguration{
 		Image:                  env.FlagdImage,
 		Tag:                    env.FlagdTag,
@@ -17,5 +17,7 @@ func NewFlagdConfiguration(env types.EnvConfig, imagePullSecrets []string) resou
 		ManagementPort:         env.FlagdManagementPort,
 		DebugLogging:           env.FlagdDebugLogging,
 		ImagePullSecrets:       imagePullSecrets,
+		Labels:                 labels,
+		Annotations:            annotations,
 	}
 }
diff --git a/controllers/core/flagd/resources/deployment.go b/controllers/core/flagd/resources/deployment.go
@@ -77,11 +77,9 @@ func (r *FlagdDeployment) GetResource(ctx context.Context, flagd *api.Flagd) (cl
 	}
 
 	featureFlagSource := &api.FeatureFlagSource{}
-	imagePullSecrets := []corev1.LocalObjectReference{}
-	for _, secret := range r.FlagdConfig.ImagePullSecrets {
-		imagePullSecrets = append(imagePullSecrets, corev1.LocalObjectReference{
-			Name: secret,
-		})
+	imagePullSecrets := make([]corev1.LocalObjectReference, len(r.FlagdConfig.ImagePullSecrets))
+	for i, secret := range r.FlagdConfig.ImagePullSecrets {
+		imagePullSecrets[i] = corev1.LocalObjectReference{Name: secret}
 	}
 
 	if err := r.Client.Get(ctx, client.ObjectKey{
@@ -100,9 +98,10 @@ func (r *FlagdDeployment) GetResource(ctx context.Context, flagd *api.Flagd) (cl
 		return nil, errors.New("no flagd container has been injected into deployment")
 	}
 
-	deployment.Spec.Template.Spec.ImagePullSecrets = imagePullSecrets
-
 	// override settings for the injected container for flagd standalone deployment mode
+	deployment.Spec.Template.Spec.ImagePullSecrets = imagePullSecrets
+	deployment.Spec.Template.ObjectMeta.Labels = r.FlagdConfig.Labels
+	deployment.Spec.Template.ObjectMeta.Annotations = r.FlagdConfig.Annotations
 	deployment.Spec.Template.Spec.Containers[0].Image = fmt.Sprintf("%s:%s", r.FlagdConfig.Image, r.FlagdConfig.Tag)
 
 	deployment.Spec.Template.Spec.Containers[0].Ports = []corev1.ContainerPort{
diff --git a/go.mod b/go.mod
@@ -9,6 +9,7 @@ require (
 	github.com/open-feature/open-feature-operator/apis v0.2.41-0.20240506125212-c4831a3cdc00
 	github.com/stretchr/testify v1.8.4
 	go.uber.org/zap v1.27.0
+	golang.org/x/exp v0.0.0-20240707233637-46b078467d37
 	k8s.io/api v0.28.10
 	k8s.io/apimachinery v0.28.10
 	k8s.io/client-go v0.28.10
@@ -31,7 +32,7 @@ require (
 	github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect
 	github.com/golang/protobuf v1.5.4 // indirect
 	github.com/google/gnostic-models v0.6.8 // indirect
-	github.com/google/go-cmp v0.5.9 // indirect
+	github.com/google/go-cmp v0.6.0 // indirect
 	github.com/google/gofuzz v1.2.0 // indirect
 	github.com/google/uuid v1.3.0 // indirect
 	github.com/imdario/mergo v0.3.12 // indirect
@@ -54,7 +55,6 @@ require (
 	github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415 // indirect
 	github.com/xeipuuv/gojsonschema v1.2.0 // indirect
 	go.uber.org/multierr v1.11.0 // indirect
-	golang.org/x/exp v0.0.0-20220722155223-a9213eeb770e // indirect
 	golang.org/x/net v0.23.0 // indirect
 	golang.org/x/oauth2 v0.8.0 // indirect
 	golang.org/x/sys v0.19.0 // indirect
diff --git a/go.sum b/go.sum
diff --git a/main.go b/main.go

Original file line number	Diff line number	Diff line change
`@@ -6,7 +6,7 @@ import (`
`6`	`6`	`resources "github.com/open-feature/open-feature-operator/controllers/core/flagd/common"`
`7`	`7`	`)`
`8`	`8`
`9`		`-func NewFlagdConfiguration(env types.EnvConfig, imagePullSecrets []string) resources.FlagdConfiguration {`
	`9`	`+func NewFlagdConfiguration(env types.EnvConfig, imagePullSecrets []string, labels map[string]string, annotations map[string]string) resources.FlagdConfiguration {`
`10`	`10`	`return resources.FlagdConfiguration{`
`11`	`11`	`Image: env.FlagdImage,`
`12`	`12`	`Tag: env.FlagdTag,`
`@@ -17,5 +17,7 @@ func NewFlagdConfiguration(env types.EnvConfig, imagePullSecrets []string) resou`
`17`	`17`	`ManagementPort: env.FlagdManagementPort,`
`18`	`18`	`DebugLogging: env.FlagdDebugLogging,`
`19`	`19`	`ImagePullSecrets: imagePullSecrets,`
	`20`	`+ Labels: labels,`
	`21`	`+ Annotations: annotations,`
`20`	`22`	`}`
`21`	`23`	`}`