Add labels and annotations to pods.

Currently, there is only one deployment, so avoid premature optimization
by making these global (and follow the same pattern for
imagePullSecrets)

Requires more aggressive usage of the `strip-kustomize-helm.sh` script
because we have to preserve existing annotations and labels from the
config/manager directory.

Also update labels and annotations for injected pods (FlagD sidecar,
FlagD standalone, and FlagD proxy).

Signed-off-by: Christopher Pitstick <cpitstick@lat.ai>

Author: cpitstick-latai

.github/scripts/strip-kustomize-helm.sh

@@ -1,18 +1,26 @@
-#!/bin/bash
+#!/usr/bin/env bash
 
 # This script is a hack to support helm flow control in kustomize overlays, which would otherwise break them.
 # It allows us to render helm template bindings and add newlines.
 # For instance, it transforms "___{{ .Value.myValue }}___" to {{ .Value.myValue }}.
-# It also adds newlines wherever ___newline___ is found.
-
-CHARTS_DIR='./chart/open-feature-operator/templates';
+# It also adds newlines wherever ___newline___ is found, and other operations. See
+# sed_expressions below.
 
 echo 'Running strip-kustomize-helm.sh script'
-filenames=`find $CHARTS_DIR -name "*.yaml"`
-for file in $filenames; do
-    sed -i "s/___newline___/\\n/g" $file
-    sed -i "s/\"___//g" $file
-    sed -i "s/___\"//g" $file
-    sed -i "s/___//g" $file
+CHARTS_DIR='./chart/open-feature-operator/templates'
+# Careful! Ordering of these expressions matter!
+sed_expressions=(
+    "s/___newline___/\\n/g"
+    "s/___space___/ /g"
+    "s/\"___//g"
+    "s/___\"//g"
+    "/___delete_me___/d"
+    "s/___//g"
+)
+find $CHARTS_DIR -name "*.yaml" | while read file; do
+    for expr in "${sed_expressions[@]}"; do
+        sed -i "$expr" "$file"
+    done
 done
-echo 'Done running strip-kustomize-helm.sh script'
+
+echo 'Done running strip-kustomize-helm.sh script'

Makefile

@@ -252,7 +252,7 @@ set-helm-overlay:
 helm-package: set-helm-overlay generate release-manifests helm
 	mkdir -p chart/open-feature-operator/templates/crds
 	mv chart/open-feature-operator/templates/*customresourcedefinition* chart/open-feature-operator/templates/crds
-	sh .github/scripts/strip-kustomize-helm.sh
+	.github/scripts/strip-kustomize-helm.sh
 	$(HELM) package --version $(CHART_VERSION) chart/open-feature-operator
 	mkdir -p charts && mv open-feature-operator-*.tgz charts
 	$(HELM) repo index --url https://open-feature.github.io/open-feature-operator/charts charts

chart/open-feature-operator/README.md

@@ -97,6 +97,8 @@ The command removes all the Kubernetes components associated with the chart and
 | ------------------ | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------------------ |
 | `defaultNamespace` | To override the namespace use the `--namespace` flag. This default is provided to ensure that the kustomize build charts in `/templates` deploy correctly when no `namespace` is provided via the `-n` flag.                                                                     | `open-feature-operator-system` |
 | `imagePullSecrets` | Array of ImagePullSecret objects containing credentials for images pulled by the operator (flagdProxyConfiguration.image, flagdConfiguration.image, controllerManager.manager.image, controllerManager.kubeRbacProxy.image). Example: imagePullSecrets: [{"name": "my-secret"}]  | `[]`                           |
+| `labels`           | Labels to apply to all of the pods in the operator.                                                                                                                                                                                                                              | `{}`                           |
+| `annotations`      | Annotations to apply to all of the pods in the operator.                                                                                                                                                                                                                         | `{}`                           |
 
 ### Sidecar configuration
 
@@ -167,7 +169,7 @@ The command removes all the Kubernetes components associated with the chart and
 | `controllerManager.kubeRbacProxy.resources.requests.cpu`                  | Sets cpu resource requests for kube-rbac-proxy.                                                                  | `5m`                                         |
 | `controllerManager.kubeRbacProxy.resources.requests.memory`               | Sets memory resource requests for kube-rbac-proxy.                                                               | `64Mi`                                       |
 | `controllerManager.manager.image.repository`                              | Sets the image for the operator.                                                                                 | `ghcr.io/open-feature/open-feature-operator` |
-| `controllerManager.manager.image.tag`                                     | Sets the version tag for the operator.                                                                           | `v0.6.1`                                     |
+| `controllerManager.manager.image.tag`                                     | Sets the version tag for the operator.                                                                           | `v0.7.0`                                     |
 | `controllerManager.manager.resources.limits.cpu`                          | Sets cpu resource limits for operator.                                                                           | `500m`                                       |
 | `controllerManager.manager.resources.limits.memory`                       | Sets memory resource limits for operator.                                                                        | `128Mi`                                      |
 | `controllerManager.manager.resources.requests.cpu`                        | Sets cpu resource requests for operator.                                                                         | `10m`                                        |
@@ -180,3 +182,4 @@ The command removes all the Kubernetes components associated with the chart and
 | `managerConfig.controllerManagerConfigYaml.metrics.bindAddress`           | Sets the bind address for metrics (combined with bindPort).                                                      | `127.0.0.1`                                  |
 | `managerConfig.controllerManagerConfigYaml.metrics.bindPort`              | Sets the bind port for metrics.                                                                                  | `8080`                                       |
 | `managerConfig.controllerManagerConfigYaml.webhook.port`                  | Sets the bind address for webhook.                                                                               | `9443`                                       |
+

chart/open-feature-operator/values.yaml

@@ -4,6 +4,10 @@
 defaultNamespace: open-feature-operator-system
 ## @param imagePullSecrets Array of ImagePullSecret objects containing credentials for images pulled by the operator (flagdProxyConfiguration.image, flagdConfiguration.image, controllerManager.manager.image, controllerManager.kubeRbacProxy.image). Example: imagePullSecrets: [{"name": "my-secret"}] 
 imagePullSecrets: []
+## @param labels Labels to apply to all of the pods in the operator.
+labels: {}
+## @param annotations Annotations to apply to all of the pods in the operator.
+annotations: {}
 
 ## @section Sidecar configuration
 sidecarConfiguration:

common/flagdproxy/flagdproxy.go

@@ -8,6 +8,7 @@ import (
 	"github.com/go-logr/logr"
 	"github.com/open-feature/open-feature-operator/common"
 	"github.com/open-feature/open-feature-operator/common/types"
+	"golang.org/x/exp/maps"
 	appsV1 "k8s.io/api/apps/v1"
 	corev1 "k8s.io/api/core/v1"
 	"k8s.io/apimachinery/pkg/api/errors"
@@ -39,9 +40,11 @@ type FlagdProxyConfiguration struct {
 	Namespace              string
 	OperatorDeploymentName string
 	ImagePullSecrets       []string
+	Labels                 map[string]string
+	Annotations            map[string]string
 }
 
-func NewFlagdProxyConfiguration(env types.EnvConfig, imagePullSecrets []string) *FlagdProxyConfiguration {
+func NewFlagdProxyConfiguration(env types.EnvConfig, imagePullSecrets []string, labels map[string]string, annotations map[string]string) *FlagdProxyConfiguration {
 	return &FlagdProxyConfiguration{
 		Image:                  env.FlagdProxyImage,
 		Tag:                    env.FlagdProxyTag,
@@ -51,6 +54,8 @@ func NewFlagdProxyConfiguration(env types.EnvConfig, imagePullSecrets []string)
 		ManagementPort:         env.FlagdProxyManagementPort,
 		DebugLogging:           env.FlagdProxyDebugLogging,
 		ImagePullSecrets:       imagePullSecrets,
+		Labels:                 labels,
+		Annotations:            annotations,
 	}
 }
 
@@ -151,6 +156,21 @@ func (f *FlagdProxyHandler) newFlagdProxyManifest(ownerReference *metav1.OwnerRe
 			Name: secret,
 		})
 	}
+	flagdLabels := map[string]string{
+		"app":                          FlagdProxyDeploymentName,
+		"app.kubernetes.io/name":       FlagdProxyDeploymentName,
+		"app.kubernetes.io/managed-by": common.ManagedByAnnotationValue,
+		"app.kubernetes.io/version":    f.config.Tag,
+	}
+	if len(f.config.Labels) > 0 {
+		maps.Copy(flagdLabels, f.config.Labels)
+	}
+
+	// No "built-in" annotations to merge at this time. If adding them follow the same pattern as labels.
+	flagdAnnotations := map[string]string{}
+	if len(f.config.Annotations) > 0 {
+		maps.Copy(flagdAnnotations, f.config.Annotations)
+	}
 
 	return &appsV1.Deployment{
 		ObjectMeta: metav1.ObjectMeta{
@@ -172,12 +192,8 @@ func (f *FlagdProxyHandler) newFlagdProxyManifest(ownerReference *metav1.OwnerRe
 			},
 			Template: corev1.PodTemplateSpec{
 				ObjectMeta: metav1.ObjectMeta{
-					Labels: map[string]string{
-						"app":                          FlagdProxyDeploymentName,
-						"app.kubernetes.io/name":       FlagdProxyDeploymentName,
-						"app.kubernetes.io/managed-by": common.ManagedByAnnotationValue,
-						"app.kubernetes.io/version":    f.config.Tag,
-					},
+					Labels:      flagdLabels,
+					Annotations: flagdAnnotations,
 				},
 				Spec: corev1.PodSpec{
 					ServiceAccountName: FlagdProxyServiceAccountName,

common/flagdproxy/flagdproxy_test.go

@@ -21,12 +21,22 @@ import (
 
 var pullSecrets = []string{"test-pullSecret"}
 
+var labels = map[string]string{
+	"label1": "labelValue1",
+	"label2": "labelValue2",
+}
+
+var annotations = map[string]string{
+	"annotation1": "annotationValue1",
+	"annotation2": "annotationValue2",
+}
+
 func TestNewFlagdProxyConfiguration(t *testing.T) {
 
 	kpConfig := NewFlagdProxyConfiguration(types.EnvConfig{
 		FlagdProxyPort:           8015,
 		FlagdProxyManagementPort: 8016,
-	}, pullSecrets)
+	}, pullSecrets, labels, annotations)
 
 	require.NotNil(t, kpConfig)
 	require.Equal(t, &FlagdProxyConfiguration{
@@ -35,6 +45,8 @@ func TestNewFlagdProxyConfiguration(t *testing.T) {
 		DebugLogging:           false,
 		OperatorDeploymentName: common.OperatorDeploymentName,
 		ImagePullSecrets:       pullSecrets,
+		Labels:                 labels,
+		Annotations:            annotations,
 	}, kpConfig)
 }
 
@@ -48,7 +60,7 @@ func TestNewFlagdProxyConfiguration_OverrideEnvVars(t *testing.T) {
 		FlagdProxyDebugLogging:   true,
 	}
 
-	kpConfig := NewFlagdProxyConfiguration(env, pullSecrets)
+	kpConfig := NewFlagdProxyConfiguration(env, pullSecrets, labels, annotations)
 
 	require.NotNil(t, kpConfig)
 	require.Equal(t, &FlagdProxyConfiguration{
@@ -60,11 +72,13 @@ func TestNewFlagdProxyConfiguration_OverrideEnvVars(t *testing.T) {
 		Namespace:              "my-namespace",
 		OperatorDeploymentName: common.OperatorDeploymentName,
 		ImagePullSecrets:       pullSecrets,
+		Labels:                 labels,
+		Annotations:            annotations,
 	}, kpConfig)
 }
 
 func TestNewFlagdProxyHandler(t *testing.T) {
-	kpConfig := NewFlagdProxyConfiguration(types.EnvConfig{}, pullSecrets)
+	kpConfig := NewFlagdProxyConfiguration(types.EnvConfig{}, pullSecrets, labels, annotations)
 
 	require.NotNil(t, kpConfig)
 
@@ -100,7 +114,7 @@ func TestDoesFlagdProxyExist(t *testing.T) {
 		},
 	}
 
-	kpConfig := NewFlagdProxyConfiguration(env, pullSecrets)
+	kpConfig := NewFlagdProxyConfiguration(env, pullSecrets, labels, annotations)
 
 	require.NotNil(t, kpConfig)
 
@@ -128,7 +142,7 @@ func TestFlagdProxyHandler_HandleFlagdProxy_ProxyExistsWithBadVersion(t *testing
 	env := types.EnvConfig{
 		PodNamespace: "ns",
 	}
-	kpConfig := NewFlagdProxyConfiguration(env, pullSecrets)
+	kpConfig := NewFlagdProxyConfiguration(env, pullSecrets, labels, annotations)
 
 	require.NotNil(t, kpConfig)
 
@@ -187,7 +201,7 @@ func TestFlagdProxyHandler_HandleFlagdProxy_ProxyExistsWithoutLabel(t *testing.T
 	env := types.EnvConfig{
 		PodNamespace: "ns",
 	}
-	kpConfig := NewFlagdProxyConfiguration(env, pullSecrets)
+	kpConfig := NewFlagdProxyConfiguration(env, pullSecrets, labels, annotations)
 
 	require.NotNil(t, kpConfig)
 
@@ -236,7 +250,7 @@ func TestFlagdProxyHandler_HandleFlagdProxy_ProxyExistsWithNewestVersion(t *test
 	env := types.EnvConfig{
 		PodNamespace: "ns",
 	}
-	kpConfig := NewFlagdProxyConfiguration(env, pullSecrets)
+	kpConfig := NewFlagdProxyConfiguration(env, pullSecrets, labels, annotations)
 
 	require.NotNil(t, kpConfig)
 
@@ -280,7 +294,7 @@ func TestFlagdProxyHandler_HandleFlagdProxy_CreateProxy(t *testing.T) {
 		FlagdProxyManagementPort: 90,
 		FlagdProxyDebugLogging:   true,
 	}
-	kpConfig := NewFlagdProxyConfiguration(env, pullSecrets)
+	kpConfig := NewFlagdProxyConfiguration(env, pullSecrets, labels, annotations)
 
 	require.NotNil(t, kpConfig)
 
@@ -357,7 +371,10 @@ func TestFlagdProxyHandler_HandleFlagdProxy_CreateProxy(t *testing.T) {
 						"app.kubernetes.io/name":       FlagdProxyDeploymentName,
 						"app.kubernetes.io/managed-by": common.ManagedByAnnotationValue,
 						"app.kubernetes.io/version":    "tag",
+						"label1":                       "labelValue1",
+						"label2":                       "labelValue2",
 					},
+					Annotations: annotations,
 				},
 				Spec: corev1.PodSpec{
 					ServiceAccountName: FlagdProxyServiceAccountName,

config/overlays/helm/manager.yaml

@@ -6,12 +6,19 @@ metadata:
 spec:
   replicas: 0{{ .Values.controllerManager.replicas }}
   template:
+    metadata:
+      # this is transformed by .github/scripts/strip-kustomize-helm.sh
+      annotations:
+        ___delete_me___: "___ ___newline___{{ if .Values.annotations }}{{___space___toYaml___space___.Values.annotations___space___|___space___indent___space___8___space___}}{{ end }}___"
+      # this is transformed by .github/scripts/strip-kustomize-helm.sh
+      labels:
+        ___delete_me___: "___ ___newline___{{ if .Values.labels }}___newline___{{___space___toYaml___space___.Values.labels___space___|___space___indent___space___8___space___}}{{ end }}___"
     spec:
       # this is transformed by .github/scripts/strip-kustomize-helm.sh
-      ___imagePullSecrets___: "___ ___newline___{{ toYaml .Values.imagePullSecrets | indent 8 }}___"
-      dnsPolicy: "{{ .Values.controllerManager.manager.dnsPolicy }}"
+      ___imagePullSecrets___: "___ ___newline___        {{ toYaml .Values.imagePullSecrets___space___|___space___indent___space___8___space___}}___"
       # this is transformed by .github/scripts/strip-kustomize-helm.sh
       hostNetwork: "___{{ .Values.controllerManager.manager.hostNetwork }}___"
+      dnsPolicy: "{{ .Values.controllerManager.manager.dnsPolicy }}"
       containers:
         - name: manager
           image: "{{ .Values.controllerManager.manager.image.repository }}:{{ .Values.controllerManager.manager.image.tag }}"
@@ -104,6 +111,8 @@ spec:
             - --sidecar-ram-request={{ .Values.sidecarConfiguration.resources.requests.memory }}
             - --image-pull-secrets={{ range .Values.imagePullSecrets }}{{ .name }},{{- end }}
             - --metrics-bind-address=:{{ .Values.managerConfig.controllerManagerConfigYaml.metrics.bindPort }}
+            - --labels={{ $labelKeys := keys .Values.labels -}}{{- $labelPairs := list -}}{{- range $key := $labelKeys -}}{{- $labelPairs = append $labelPairs (printf "%s:%s" $key (index $.Values.labels $key)) -}}{{- end -}}{{- join "," $labelPairs }}
+            - --annotations={{ $annotationKeys := keys .Values.annotations -}}{{- $annotationPairs := list -}}{{- range $key := $annotationKeys -}}{{- $annotationPairs = append $annotationPairs (printf "%s:%s" $key (index $.Values.annotations $key)) -}}{{- end -}}{{- join "," $annotationPairs }}
         - name: kube-rbac-proxy
           image: "{{ .Values.controllerManager.kubeRbacProxy.image.repository }}:{{ .Values.controllerManager.kubeRbacProxy.image.tag }}"
           resources:

controllers/core/featureflagsource/controller_test.go

@@ -30,6 +30,16 @@ func TestFeatureFlagSourceReconciler_Reconcile(t *testing.T) {
 	)
 	var pullSecrets = []string{"test-pullsecret"}
 
+	var labels = map[string]string{
+		"label1": "labelValue1",
+		"label2": "labelValue2",
+	}
+
+	var annotations = map[string]string{
+		"annotation1": "annotationValue1",
+		"annotation2": "annotationValue2",
+	}
+
 	tests := []struct {
 		name                            string
 		fsConfig                        *api.FeatureFlagSource
@@ -93,7 +103,7 @@ func TestFeatureFlagSourceReconciler_Reconcile(t *testing.T) {
 			kpConfig := flagdproxy.NewFlagdProxyConfiguration(commontypes.EnvConfig{
 				FlagdProxyImage: "ghcr.io/open-feature/flagd-proxy",
 				FlagdProxyTag:   flagdProxyTag,
-			}, pullSecrets)
+			}, pullSecrets, labels, annotations)
 
 			kpConfig.Namespace = testNamespace
 			kph := flagdproxy.NewFlagdProxyHandler(
@@ -169,6 +179,7 @@ func createTestDeployment(fsConfigName string, testNamespace string, deploymentN
 					},
 				},
 				Spec: corev1.PodSpec{
+					ImagePullSecrets: []corev1.LocalObjectReference{{Name: "test-pullSecret"}},
 					Containers: []corev1.Container{
 						{
 							Name:  "test",

controllers/core/flagd/common/common.go

@@ -9,6 +9,8 @@ type FlagdConfiguration struct {
 	Image            string
 	Tag              string
 	ImagePullSecrets []string
+	Labels           map[string]string
+	Annotations      map[string]string
 
 	OperatorNamespace      string
 	OperatorDeploymentName string

controllers/core/flagd/config.go

@@ -6,7 +6,7 @@ import (
 	resources "github.com/open-feature/open-feature-operator/controllers/core/flagd/common"
 )
 
-func NewFlagdConfiguration(env types.EnvConfig, imagePullSecrets []string) resources.FlagdConfiguration {
+func NewFlagdConfiguration(env types.EnvConfig, imagePullSecrets []string, labels map[string]string, annotations map[string]string) resources.FlagdConfiguration {
 	return resources.FlagdConfiguration{
 		Image:                  env.FlagdImage,
 		Tag:                    env.FlagdTag,
@@ -17,5 +17,7 @@ func NewFlagdConfiguration(env types.EnvConfig, imagePullSecrets []string) resou
 		ManagementPort:         env.FlagdManagementPort,
 		DebugLogging:           env.FlagdDebugLogging,
 		ImagePullSecrets:       imagePullSecrets,
+		Labels:                 labels,
+		Annotations:            annotations,
 	}
 }