diff --git a/pkg/controller/bundle/bundle_unpacker.go b/pkg/controller/bundle/bundle_unpacker.go index 37686e86271..79f67ab177d 100644 --- a/pkg/controller/bundle/bundle_unpacker.go +++ b/pkg/controller/bundle/bundle_unpacker.go @@ -86,11 +86,19 @@ func newBundleUnpackResult(lookup *operatorsv1alpha1.BundleLookup) *BundleUnpack func (c *ConfigMapUnpacker) job(cmRef *corev1.ObjectReference, bundlePath string, secrets []corev1.LocalObjectReference, annotationUnpackTimeout time.Duration) *batchv1.Job { job := &batchv1.Job{ + ObjectMeta: metav1.ObjectMeta{ + Labels: map[string]string{ + install.OLMManagedLabelKey: install.OLMManagedLabelValue, + }, + }, Spec: batchv1.JobSpec{ //ttlSecondsAfterFinished: 0 // can use in the future to not have to clean up job Template: corev1.PodTemplateSpec{ ObjectMeta: metav1.ObjectMeta{ Name: cmRef.Name, + Labels: map[string]string{ + install.OLMManagedLabelKey: install.OLMManagedLabelValue, + }, }, Spec: corev1.PodSpec{ // With restartPolicy = "OnFailure" when the spec.backoffLimit is reached, the job controller will delete all @@ -687,6 +695,7 @@ func (c *ConfigMapUnpacker) ensureRole(cmRef *corev1.ObjectReference) (role *rba fresh.SetNamespace(cmRef.Namespace) fresh.SetName(cmRef.Name) fresh.SetOwnerReferences([]metav1.OwnerReference{ownerRef(cmRef)}) + fresh.SetLabels(map[string]string{install.OLMManagedLabelKey: install.OLMManagedLabelValue}) role, err = c.roleLister.Roles(fresh.GetNamespace()).Get(fresh.GetName()) if err != nil { @@ -730,6 +739,7 @@ func (c *ConfigMapUnpacker) ensureRoleBinding(cmRef *corev1.ObjectReference) (ro fresh.SetNamespace(cmRef.Namespace) fresh.SetName(cmRef.Name) fresh.SetOwnerReferences([]metav1.OwnerReference{ownerRef(cmRef)}) + fresh.SetLabels(map[string]string{install.OLMManagedLabelKey: install.OLMManagedLabelValue}) roleBinding, err = c.rbLister.RoleBindings(fresh.GetNamespace()).Get(fresh.GetName()) if err != nil { diff --git a/pkg/controller/bundle/bundle_unpacker_test.go b/pkg/controller/bundle/bundle_unpacker_test.go index ffb006d45c5..2bb0d470253 100644 --- a/pkg/controller/bundle/bundle_unpacker_test.go +++ b/pkg/controller/bundle/bundle_unpacker_test.go @@ -208,6 +208,7 @@ func TestConfigMapUnpacker(t *testing.T) { ObjectMeta: metav1.ObjectMeta{ Name: pathHash, Namespace: "ns-a", + Labels: map[string]string{install.OLMManagedLabelKey: install.OLMManagedLabelValue}, OwnerReferences: []metav1.OwnerReference{ { APIVersion: "v1", @@ -224,7 +225,8 @@ func TestConfigMapUnpacker(t *testing.T) { BackoffLimit: &backoffLimit, Template: corev1.PodTemplateSpec{ ObjectMeta: metav1.ObjectMeta{ - Name: pathHash, + Name: pathHash, + Labels: map[string]string{install.OLMManagedLabelKey: install.OLMManagedLabelValue}, }, Spec: corev1.PodSpec{ RestartPolicy: corev1.RestartPolicyNever, @@ -369,6 +371,7 @@ func TestConfigMapUnpacker(t *testing.T) { ObjectMeta: metav1.ObjectMeta{ Name: pathHash, Namespace: "ns-a", + Labels: map[string]string{install.OLMManagedLabelKey: install.OLMManagedLabelValue}, OwnerReferences: []metav1.OwnerReference{ { APIVersion: "v1", @@ -402,6 +405,7 @@ func TestConfigMapUnpacker(t *testing.T) { ObjectMeta: metav1.ObjectMeta{ Name: pathHash, Namespace: "ns-a", + Labels: map[string]string{install.OLMManagedLabelKey: install.OLMManagedLabelValue}, OwnerReferences: []metav1.OwnerReference{ { APIVersion: "v1", @@ -437,6 +441,7 @@ func TestConfigMapUnpacker(t *testing.T) { ObjectMeta: metav1.ObjectMeta{ Name: digestHash, Namespace: "ns-a", + Labels: map[string]string{install.OLMManagedLabelKey: install.OLMManagedLabelValue}, OwnerReferences: []metav1.OwnerReference{ { APIVersion: "v1", @@ -452,7 +457,8 @@ func TestConfigMapUnpacker(t *testing.T) { BackoffLimit: &backoffLimit, Template: corev1.PodTemplateSpec{ ObjectMeta: metav1.ObjectMeta{ - Name: digestHash, + Name: digestHash, + Labels: map[string]string{install.OLMManagedLabelKey: install.OLMManagedLabelValue}, }, Spec: corev1.PodSpec{ RestartPolicy: corev1.RestartPolicyNever, @@ -607,6 +613,7 @@ func TestConfigMapUnpacker(t *testing.T) { ObjectMeta: metav1.ObjectMeta{ Name: digestHash, Namespace: "ns-a", + Labels: map[string]string{install.OLMManagedLabelKey: install.OLMManagedLabelValue}, OwnerReferences: []metav1.OwnerReference{ { APIVersion: "operators.coreos.com/v1alpha1", @@ -705,6 +712,7 @@ func TestConfigMapUnpacker(t *testing.T) { ObjectMeta: metav1.ObjectMeta{ Name: digestHash, Namespace: "ns-a", + Labels: map[string]string{install.OLMManagedLabelKey: install.OLMManagedLabelValue}, OwnerReferences: []metav1.OwnerReference{ { APIVersion: "v1", @@ -720,7 +728,8 @@ func TestConfigMapUnpacker(t *testing.T) { BackoffLimit: &backoffLimit, Template: corev1.PodTemplateSpec{ ObjectMeta: metav1.ObjectMeta{ - Name: digestHash, + Name: digestHash, + Labels: map[string]string{install.OLMManagedLabelKey: install.OLMManagedLabelValue}, }, Spec: corev1.PodSpec{ RestartPolicy: corev1.RestartPolicyNever, @@ -877,6 +886,7 @@ func TestConfigMapUnpacker(t *testing.T) { ObjectMeta: metav1.ObjectMeta{ Name: digestHash, Namespace: "ns-a", + Labels: map[string]string{install.OLMManagedLabelKey: install.OLMManagedLabelValue}, OwnerReferences: []metav1.OwnerReference{ { APIVersion: "v1", @@ -910,6 +920,7 @@ func TestConfigMapUnpacker(t *testing.T) { ObjectMeta: metav1.ObjectMeta{ Name: digestHash, Namespace: "ns-a", + Labels: map[string]string{install.OLMManagedLabelKey: install.OLMManagedLabelValue}, OwnerReferences: []metav1.OwnerReference{ { APIVersion: "v1", @@ -967,6 +978,7 @@ func TestConfigMapUnpacker(t *testing.T) { ObjectMeta: metav1.ObjectMeta{ Name: pathHash, Namespace: "ns-a", + Labels: map[string]string{install.OLMManagedLabelKey: install.OLMManagedLabelValue}, OwnerReferences: []metav1.OwnerReference{ { APIVersion: "v1", @@ -982,7 +994,8 @@ func TestConfigMapUnpacker(t *testing.T) { BackoffLimit: &backoffLimit, Template: corev1.PodTemplateSpec{ ObjectMeta: metav1.ObjectMeta{ - Name: pathHash, + Name: pathHash, + Labels: map[string]string{install.OLMManagedLabelKey: install.OLMManagedLabelValue}, }, Spec: corev1.PodSpec{ RestartPolicy: corev1.RestartPolicyNever, @@ -1124,6 +1137,7 @@ func TestConfigMapUnpacker(t *testing.T) { ObjectMeta: metav1.ObjectMeta{ Name: pathHash, Namespace: "ns-a", + Labels: map[string]string{install.OLMManagedLabelKey: install.OLMManagedLabelValue}, OwnerReferences: []metav1.OwnerReference{ { APIVersion: "operators.coreos.com/v1alpha1", @@ -1199,6 +1213,7 @@ func TestConfigMapUnpacker(t *testing.T) { ObjectMeta: metav1.ObjectMeta{ Name: pathHash, Namespace: "ns-a", + Labels: map[string]string{install.OLMManagedLabelKey: install.OLMManagedLabelValue}, OwnerReferences: []metav1.OwnerReference{ { APIVersion: "v1", @@ -1214,7 +1229,8 @@ func TestConfigMapUnpacker(t *testing.T) { BackoffLimit: &backoffLimit, Template: corev1.PodTemplateSpec{ ObjectMeta: metav1.ObjectMeta{ - Name: pathHash, + Name: pathHash, + Labels: map[string]string{install.OLMManagedLabelKey: install.OLMManagedLabelValue}, }, Spec: corev1.PodSpec{ RestartPolicy: corev1.RestartPolicyNever, @@ -1368,6 +1384,7 @@ func TestConfigMapUnpacker(t *testing.T) { ObjectMeta: metav1.ObjectMeta{ Name: pathHash, Namespace: "ns-a", + Labels: map[string]string{install.OLMManagedLabelKey: install.OLMManagedLabelValue}, OwnerReferences: []metav1.OwnerReference{ { APIVersion: "operators.coreos.com/v1alpha1", @@ -1442,6 +1459,7 @@ func TestConfigMapUnpacker(t *testing.T) { ObjectMeta: metav1.ObjectMeta{ Name: pathHash, Namespace: "ns-a", + Labels: map[string]string{install.OLMManagedLabelKey: install.OLMManagedLabelValue}, OwnerReferences: []metav1.OwnerReference{ { APIVersion: "v1", @@ -1457,7 +1475,8 @@ func TestConfigMapUnpacker(t *testing.T) { BackoffLimit: &backoffLimit, Template: corev1.PodTemplateSpec{ ObjectMeta: metav1.ObjectMeta{ - Name: pathHash, + Name: pathHash, + Labels: map[string]string{install.OLMManagedLabelKey: install.OLMManagedLabelValue}, }, Spec: corev1.PodSpec{ RestartPolicy: corev1.RestartPolicyNever, diff --git a/pkg/controller/install/certresources.go b/pkg/controller/install/certresources.go index f48e62b7718..7e4836a031a 100644 --- a/pkg/controller/install/certresources.go +++ b/pkg/controller/install/certresources.go @@ -241,6 +241,11 @@ func CalculateCertRotatesAt(certExpirationTime time.Time) time.Time { func (i *StrategyDeploymentInstaller) installCertRequirementsForDeployment(deploymentName string, ca *certs.KeyPair, expiration time.Time, depSpec appsv1.DeploymentSpec, ports []corev1.ServicePort) (*appsv1.DeploymentSpec, []byte, error) { logger := log.WithFields(log.Fields{}) + if depSpec.Template.Labels == nil { + depSpec.Template.Labels = map[string]string{} + } + depSpec.Template.Labels[OLMManagedLabelKey] = OLMManagedLabelValue + // Create a service for the deployment service := &corev1.Service{ Spec: corev1.ServiceSpec{ @@ -251,6 +256,7 @@ func (i *StrategyDeploymentInstaller) installCertRequirementsForDeployment(deplo service.SetName(ServiceName(deploymentName)) service.SetNamespace(i.owner.GetNamespace()) ownerutil.AddNonBlockingOwner(service, i.owner) + service.SetLabels(map[string]string{OLMManagedLabelKey: OLMManagedLabelValue}) existingService, err := i.strategyClient.GetOpLister().CoreV1().ServiceLister().Services(i.owner.GetNamespace()).Get(service.GetName()) if err == nil { @@ -366,6 +372,7 @@ func (i *StrategyDeploymentInstaller) installCertRequirementsForDeployment(deplo } secretRole.SetName(secret.GetName()) secretRole.SetNamespace(i.owner.GetNamespace()) + secretRole.SetLabels(map[string]string{OLMManagedLabelKey: OLMManagedLabelValue}) existingSecretRole, err := i.strategyClient.GetOpLister().RbacV1().RoleLister().Roles(i.owner.GetNamespace()).Get(secretRole.GetName()) if err == nil { @@ -412,6 +419,7 @@ func (i *StrategyDeploymentInstaller) installCertRequirementsForDeployment(deplo } secretRoleBinding.SetName(secret.GetName()) secretRoleBinding.SetNamespace(i.owner.GetNamespace()) + secretRoleBinding.SetLabels(map[string]string{OLMManagedLabelKey: OLMManagedLabelValue}) existingSecretRoleBinding, err := i.strategyClient.GetOpLister().RbacV1().RoleBindingLister().RoleBindings(i.owner.GetNamespace()).Get(secretRoleBinding.GetName()) if err == nil { @@ -454,6 +462,7 @@ func (i *StrategyDeploymentInstaller) installCertRequirementsForDeployment(deplo }, } authDelegatorClusterRoleBinding.SetName(service.GetName() + "-system:auth-delegator") + authDelegatorClusterRoleBinding.SetLabels(map[string]string{OLMManagedLabelKey: OLMManagedLabelValue}) existingAuthDelegatorClusterRoleBinding, err := i.strategyClient.GetOpLister().RbacV1().ClusterRoleBindingLister().Get(authDelegatorClusterRoleBinding.GetName()) if err == nil { @@ -502,6 +511,7 @@ func (i *StrategyDeploymentInstaller) installCertRequirementsForDeployment(deplo } authReaderRoleBinding.SetName(service.GetName() + "-auth-reader") authReaderRoleBinding.SetNamespace(KubeSystem) + authReaderRoleBinding.SetLabels(map[string]string{OLMManagedLabelKey: OLMManagedLabelValue}) existingAuthReaderRoleBinding, err := i.strategyClient.GetOpLister().RbacV1().RoleBindingLister().RoleBindings(KubeSystem).Get(authReaderRoleBinding.GetName()) if err == nil { diff --git a/pkg/controller/install/certresources_test.go b/pkg/controller/install/certresources_test.go index 3823f29f371..86f2d42281c 100644 --- a/pkg/controller/install/certresources_test.go +++ b/pkg/controller/install/certresources_test.go @@ -7,6 +7,7 @@ import ( "time" "github.com/golang/mock/gomock" + "github.com/google/go-cmp/cmp" "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" appsv1 "k8s.io/api/apps/v1" @@ -155,7 +156,8 @@ func TestInstallCertRequirementsForDeployment(t *testing.T) { mockOpClient.EXPECT().DeleteService(namespace, "test-service", &metav1.DeleteOptions{}).Return(nil) service := corev1.Service{ ObjectMeta: metav1.ObjectMeta{ - Name: "test-service", + Name: "test-service", + Labels: map[string]string{OLMManagedLabelKey: OLMManagedLabelValue}, OwnerReferences: []metav1.OwnerReference{ ownerutil.NonBlockingOwner(&v1alpha1.ClusterServiceVersion{}), }, @@ -198,6 +200,7 @@ func TestInstallCertRequirementsForDeployment(t *testing.T) { ObjectMeta: metav1.ObjectMeta{ Name: secret.GetName(), Namespace: namespace, + Labels: map[string]string{OLMManagedLabelKey: OLMManagedLabelValue}, }, Rules: []rbacv1.PolicyRule{ { @@ -214,6 +217,7 @@ func TestInstallCertRequirementsForDeployment(t *testing.T) { ObjectMeta: metav1.ObjectMeta{ Name: secret.GetName(), Namespace: namespace, + Labels: map[string]string{OLMManagedLabelKey: OLMManagedLabelValue}, }, Subjects: []rbacv1.Subject{ { @@ -233,7 +237,8 @@ func TestInstallCertRequirementsForDeployment(t *testing.T) { authDelegatorClusterRoleBinding := &rbacv1.ClusterRoleBinding{ ObjectMeta: metav1.ObjectMeta{ - Name: service.GetName() + "-system:auth-delegator", + Name: service.GetName() + "-system:auth-delegator", + Labels: map[string]string{OLMManagedLabelKey: OLMManagedLabelValue}, }, Subjects: []rbacv1.Subject{ { @@ -269,6 +274,7 @@ func TestInstallCertRequirementsForDeployment(t *testing.T) { } authReaderRoleBinding.SetName(service.GetName() + "-auth-reader") authReaderRoleBinding.SetNamespace(KubeSystem) + authReaderRoleBinding.SetLabels(map[string]string{OLMManagedLabelKey: OLMManagedLabelValue}) mockOpClient.EXPECT().UpdateRoleBinding(authReaderRoleBinding).Return(authReaderRoleBinding, nil) }, @@ -324,6 +330,9 @@ func TestInstallCertRequirementsForDeployment(t *testing.T) { Selector: selector(t, "test=label"), Template: corev1.PodTemplateSpec{ ObjectMeta: metav1.ObjectMeta{ + Labels: map[string]string{ + OLMManagedLabelKey: OLMManagedLabelValue, + }, Annotations: map[string]string{ "foo": "bar", OLMCAHashAnnotationKey: caHash}, @@ -380,6 +389,7 @@ func TestInstallCertRequirementsForDeployment(t *testing.T) { ObjectMeta: metav1.ObjectMeta{ Name: "test-service", Namespace: owner.GetNamespace(), + Labels: map[string]string{OLMManagedLabelKey: OLMManagedLabelValue}, OwnerReferences: []metav1.OwnerReference{ ownerutil.NonBlockingOwner(owner), }, @@ -422,6 +432,7 @@ func TestInstallCertRequirementsForDeployment(t *testing.T) { ObjectMeta: metav1.ObjectMeta{ Name: secret.GetName(), Namespace: namespace, + Labels: map[string]string{OLMManagedLabelKey: OLMManagedLabelValue}, }, Rules: []rbacv1.PolicyRule{ { @@ -438,6 +449,7 @@ func TestInstallCertRequirementsForDeployment(t *testing.T) { ObjectMeta: metav1.ObjectMeta{ Name: secret.GetName(), Namespace: namespace, + Labels: map[string]string{OLMManagedLabelKey: OLMManagedLabelValue}, }, Subjects: []rbacv1.Subject{ { @@ -457,7 +469,8 @@ func TestInstallCertRequirementsForDeployment(t *testing.T) { authDelegatorClusterRoleBinding := &rbacv1.ClusterRoleBinding{ ObjectMeta: metav1.ObjectMeta{ - Name: service.GetName() + "-system:auth-delegator", + Name: service.GetName() + "-system:auth-delegator", + Labels: map[string]string{OLMManagedLabelKey: OLMManagedLabelValue}, }, Subjects: []rbacv1.Subject{ { @@ -493,6 +506,7 @@ func TestInstallCertRequirementsForDeployment(t *testing.T) { } authReaderRoleBinding.SetName(service.GetName() + "-auth-reader") authReaderRoleBinding.SetNamespace(KubeSystem) + authReaderRoleBinding.SetLabels(map[string]string{OLMManagedLabelKey: OLMManagedLabelValue}) mockOpClient.EXPECT().UpdateRoleBinding(authReaderRoleBinding).Return(authReaderRoleBinding, nil) }, @@ -544,6 +558,9 @@ func TestInstallCertRequirementsForDeployment(t *testing.T) { Selector: selector(t, "test=label"), Template: corev1.PodTemplateSpec{ ObjectMeta: metav1.ObjectMeta{ + Labels: map[string]string{ + OLMManagedLabelKey: OLMManagedLabelValue, + }, Annotations: map[string]string{OLMCAHashAnnotationKey: caHash}, }, Spec: corev1.PodSpec{ @@ -596,7 +613,8 @@ func TestInstallCertRequirementsForDeployment(t *testing.T) { mockOpClient.EXPECT().DeleteService(namespace, "test-service", &metav1.DeleteOptions{}).Return(nil) service := corev1.Service{ ObjectMeta: metav1.ObjectMeta{ - Name: "test-service", + Name: "test-service", + Labels: map[string]string{OLMManagedLabelKey: OLMManagedLabelValue}, OwnerReferences: []metav1.OwnerReference{ ownerutil.NonBlockingOwner(&v1alpha1.ClusterServiceVersion{}), }, @@ -649,6 +667,7 @@ func TestInstallCertRequirementsForDeployment(t *testing.T) { ObjectMeta: metav1.ObjectMeta{ Name: secret.GetName(), Namespace: namespace, + Labels: map[string]string{OLMManagedLabelKey: OLMManagedLabelValue}, }, Rules: []rbacv1.PolicyRule{ { @@ -665,6 +684,7 @@ func TestInstallCertRequirementsForDeployment(t *testing.T) { ObjectMeta: metav1.ObjectMeta{ Name: secret.GetName(), Namespace: namespace, + Labels: map[string]string{OLMManagedLabelKey: OLMManagedLabelValue}, }, Subjects: []rbacv1.Subject{ { @@ -684,7 +704,8 @@ func TestInstallCertRequirementsForDeployment(t *testing.T) { authDelegatorClusterRoleBinding := &rbacv1.ClusterRoleBinding{ ObjectMeta: metav1.ObjectMeta{ - Name: service.GetName() + "-system:auth-delegator", + Name: service.GetName() + "-system:auth-delegator", + Labels: map[string]string{OLMManagedLabelKey: OLMManagedLabelValue}, }, Subjects: []rbacv1.Subject{ { @@ -720,6 +741,7 @@ func TestInstallCertRequirementsForDeployment(t *testing.T) { } authReaderRoleBinding.SetName(service.GetName() + "-auth-reader") authReaderRoleBinding.SetNamespace(KubeSystem) + authReaderRoleBinding.SetLabels(map[string]string{OLMManagedLabelKey: OLMManagedLabelValue}) mockOpClient.EXPECT().UpdateRoleBinding(authReaderRoleBinding).Return(authReaderRoleBinding, nil) }, @@ -777,6 +799,9 @@ func TestInstallCertRequirementsForDeployment(t *testing.T) { Selector: selector(t, "test=label"), Template: corev1.PodTemplateSpec{ ObjectMeta: metav1.ObjectMeta{ + Labels: map[string]string{ + OLMManagedLabelKey: OLMManagedLabelValue, + }, Annotations: map[string]string{ "foo": "bar", OLMCAHashAnnotationKey: caHash}, @@ -853,7 +878,7 @@ func TestInstallCertRequirementsForDeployment(t *testing.T) { return } if !reflect.DeepEqual(got, tt.want) { - t.Errorf("installCertRequirementsForDeployment() \n got = %v \n want = %v", got, tt.want) + t.Errorf("installCertRequirementsForDeployment() \n got = %v \n want = %v\n diff=%s\n", got, tt.want, cmp.Diff(got, tt.want)) } }) } diff --git a/pkg/controller/install/deployment.go b/pkg/controller/install/deployment.go index 43aab8e1ced..12e8044b259 100644 --- a/pkg/controller/install/deployment.go +++ b/pkg/controller/install/deployment.go @@ -152,6 +152,10 @@ func (i *StrategyDeploymentInstaller) deploymentForSpec(name string, spec appsv1 dep.Spec.Template.SetAnnotations(annotations) // Set custom labels before CSV owner labels + if dep.Labels == nil { + dep.Labels = map[string]string{} + } + dep.Labels[OLMManagedLabelKey] = OLMManagedLabelValue dep.SetLabels(specLabels) ownerutil.AddNonBlockingOwner(dep, i.owner) diff --git a/pkg/controller/install/webhook.go b/pkg/controller/install/webhook.go index 74c19875167..a152434ced2 100644 --- a/pkg/controller/install/webhook.go +++ b/pkg/controller/install/webhook.go @@ -67,11 +67,11 @@ func (i *StrategyDeploymentInstaller) createOrUpdateWebhook(caPEM []byte, desc v switch desc.Type { case v1alpha1.ValidatingAdmissionWebhook: - i.createOrUpdateValidatingWebhook(ogNamespacelabelSelector, caPEM, desc) + return i.createOrUpdateValidatingWebhook(ogNamespacelabelSelector, caPEM, desc) case v1alpha1.MutatingAdmissionWebhook: - i.createOrUpdateMutatingWebhook(ogNamespacelabelSelector, caPEM, desc) + return i.createOrUpdateMutatingWebhook(ogNamespacelabelSelector, caPEM, desc) case v1alpha1.ConversionWebhook: - i.createOrUpdateConversionWebhook(caPEM, desc) + return i.createOrUpdateConversionWebhook(caPEM, desc) } return nil } @@ -287,6 +287,7 @@ func addWebhookLabels(object metav1.Object, webhookDesc v1alpha1.WebhookDescript } labels[WebhookDescKey] = webhookDesc.GenerateName labels[WebhookHashKey] = HashWebhookDesc(webhookDesc) + labels[OLMManagedLabelKey] = OLMManagedLabelValue object.SetLabels(labels) return nil diff --git a/pkg/controller/operators/catalog/operator.go b/pkg/controller/operators/catalog/operator.go index b140a4f8917..a4e6e31e9e0 100644 --- a/pkg/controller/operators/catalog/operator.go +++ b/pkg/controller/operators/catalog/operator.go @@ -2147,6 +2147,10 @@ func (o *Operator) ExecutePlan(plan *v1alpha1.InstallPlan) error { // Attempt to create the CSV. csv.SetNamespace(namespace) + if csv.Labels == nil { + csv.Labels = map[string]string{} + } + csv.Labels[install.OLMManagedLabelKey] = install.OLMManagedLabelValue status, err := ensurer.EnsureClusterServiceVersion(&csv) if err != nil { @@ -2172,6 +2176,10 @@ func (o *Operator) ExecutePlan(plan *v1alpha1.InstallPlan) error { // Attempt to create the Subscription sub.SetNamespace(namespace) + if sub.Labels == nil { + sub.Labels = map[string]string{} + } + sub.Labels[install.OLMManagedLabelKey] = install.OLMManagedLabelValue status, err := ensurer.EnsureSubscription(&sub) if err != nil { @@ -2202,6 +2210,10 @@ func (o *Operator) ExecutePlan(plan *v1alpha1.InstallPlan) error { } s.SetOwnerReferences(updated) s.SetNamespace(namespace) + if s.Labels == nil { + s.Labels = map[string]string{} + } + s.Labels[install.OLMManagedLabelKey] = install.OLMManagedLabelValue status, err := ensurer.EnsureBundleSecret(plan.Namespace, &s) if err != nil { @@ -2226,6 +2238,11 @@ func (o *Operator) ExecutePlan(plan *v1alpha1.InstallPlan) error { return errorwrap.Wrapf(err, "error parsing step manifest: %s", step.Resource.Name) } + if cr.Labels == nil { + cr.Labels = map[string]string{} + } + cr.Labels[install.OLMManagedLabelKey] = install.OLMManagedLabelValue + status, err := ensurer.EnsureClusterRole(&cr, step) if err != nil { return err @@ -2240,6 +2257,10 @@ func (o *Operator) ExecutePlan(plan *v1alpha1.InstallPlan) error { if err != nil { return errorwrap.Wrapf(err, "error parsing step manifest: %s", step.Resource.Name) } + if rb.Labels == nil { + rb.Labels = map[string]string{} + } + rb.Labels[install.OLMManagedLabelKey] = install.OLMManagedLabelValue status, err := ensurer.EnsureClusterRoleBinding(&rb, step) if err != nil { @@ -2263,6 +2284,10 @@ func (o *Operator) ExecutePlan(plan *v1alpha1.InstallPlan) error { } r.SetOwnerReferences(updated) r.SetNamespace(namespace) + if r.Labels == nil { + r.Labels = map[string]string{} + } + r.Labels[install.OLMManagedLabelKey] = install.OLMManagedLabelValue status, err := ensurer.EnsureRole(plan.Namespace, &r) if err != nil { @@ -2286,6 +2311,10 @@ func (o *Operator) ExecutePlan(plan *v1alpha1.InstallPlan) error { } rb.SetOwnerReferences(updated) rb.SetNamespace(namespace) + if rb.Labels == nil { + rb.Labels = map[string]string{} + } + rb.Labels[install.OLMManagedLabelKey] = install.OLMManagedLabelValue status, err := ensurer.EnsureRoleBinding(plan.Namespace, &rb) if err != nil { @@ -2309,6 +2338,10 @@ func (o *Operator) ExecutePlan(plan *v1alpha1.InstallPlan) error { } sa.SetOwnerReferences(updated) sa.SetNamespace(namespace) + if sa.Labels == nil { + sa.Labels = map[string]string{} + } + sa.Labels[install.OLMManagedLabelKey] = install.OLMManagedLabelValue status, err := ensurer.EnsureServiceAccount(namespace, &sa) if err != nil { @@ -2340,6 +2373,10 @@ func (o *Operator) ExecutePlan(plan *v1alpha1.InstallPlan) error { } s.SetOwnerReferences(updated) s.SetNamespace(namespace) + if s.Labels == nil { + s.Labels = map[string]string{} + } + s.Labels[install.OLMManagedLabelKey] = install.OLMManagedLabelValue status, err := ensurer.EnsureService(namespace, &s) if err != nil { @@ -2370,6 +2407,10 @@ func (o *Operator) ExecutePlan(plan *v1alpha1.InstallPlan) error { } cfg.SetOwnerReferences(updated) cfg.SetNamespace(namespace) + if cfg.Labels == nil { + cfg.Labels = map[string]string{} + } + cfg.Labels[install.OLMManagedLabelKey] = install.OLMManagedLabelValue status, err := ensurer.EnsureConfigMap(plan.Namespace, &cfg) if err != nil { @@ -2429,6 +2470,12 @@ func (o *Operator) ExecutePlan(plan *v1alpha1.InstallPlan) error { } } } + l := unstructuredObject.GetLabels() + if l == nil { + l = map[string]string{} + } + l[install.OLMManagedLabelKey] = install.OLMManagedLabelValue + unstructuredObject.SetLabels(l) // Set up the dynamic client ResourceInterface and set ownerrefs var resourceInterface dynamic.ResourceInterface diff --git a/pkg/controller/operators/catalog/operator_test.go b/pkg/controller/operators/catalog/operator_test.go index cdf31e4d5ae..2da59792850 100644 --- a/pkg/controller/operators/catalog/operator_test.go +++ b/pkg/controller/operators/catalog/operator_test.go @@ -13,6 +13,7 @@ import ( "testing/quick" "time" + "github.com/operator-framework/operator-lifecycle-manager/pkg/controller/install" "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions" "github.com/sirupsen/logrus" @@ -568,6 +569,14 @@ func TestExecutePlan(t *testing.T) { modify(t, decodeFile(t, "./testdata/prometheusrule.cr.yaml", &unstructured.Unstructured{}), withNamespace(namespace), withOwner(csv("csv", namespace, nil, nil)), + modifyMeta(func(m metav1.Object) { + labels := m.GetLabels() + if labels == nil { + labels = map[string]string{} + } + labels[install.OLMManagedLabelKey] = install.OLMManagedLabelValue + m.SetLabels(labels) + }), ), }, err: nil, @@ -599,7 +608,7 @@ func TestExecutePlan(t *testing.T) { }), want: []runtime.Object{ &apiextensionsv1.CustomResourceDefinition{ - ObjectMeta: metav1.ObjectMeta{Name: "test"}, + ObjectMeta: metav1.ObjectMeta{Name: "test", Labels: map[string]string{install.OLMManagedLabelKey: install.OLMManagedLabelValue}}, TypeMeta: metav1.TypeMeta{ Kind: "CustomResourceDefinition", APIVersion: "apiextensions.k8s.io/v1", // v1 CRD version of API @@ -1826,6 +1835,7 @@ func csv(name, namespace string, owned, required []string) *v1alpha1.ClusterServ ObjectMeta: metav1.ObjectMeta{ Name: name, Namespace: namespace, + Labels: map[string]string{install.OLMManagedLabelKey: install.OLMManagedLabelValue}, }, Spec: v1alpha1.ClusterServiceVersionSpec{ CustomResourceDefinitions: v1alpha1.CustomResourceDefinitions{ @@ -1839,7 +1849,8 @@ func csv(name, namespace string, owned, required []string) *v1alpha1.ClusterServ func crd(name string) apiextensionsv1beta1.CustomResourceDefinition { return apiextensionsv1beta1.CustomResourceDefinition{ ObjectMeta: metav1.ObjectMeta{ - Name: name, + Name: name, + Labels: map[string]string{install.OLMManagedLabelKey: install.OLMManagedLabelValue}, }, Spec: apiextensionsv1beta1.CustomResourceDefinitionSpec{ Group: name + "group", @@ -1860,6 +1871,7 @@ func service(name, namespace string) *corev1.Service { ObjectMeta: metav1.ObjectMeta{ Name: name, Namespace: namespace, + Labels: map[string]string{install.OLMManagedLabelKey: install.OLMManagedLabelValue}, }, } } @@ -1869,6 +1881,7 @@ func secret(name, namespace string) *corev1.Secret { ObjectMeta: metav1.ObjectMeta{ Name: name, Namespace: namespace, + Labels: map[string]string{install.OLMManagedLabelKey: install.OLMManagedLabelValue}, }, } } @@ -1877,12 +1890,12 @@ func serviceAccount(name, namespace, generateName string, secretRef *corev1.Obje if secretRef == nil { return &corev1.ServiceAccount{ TypeMeta: metav1.TypeMeta{Kind: serviceAccountKind, APIVersion: ""}, - ObjectMeta: metav1.ObjectMeta{Name: name, Namespace: namespace, GenerateName: generateName}, + ObjectMeta: metav1.ObjectMeta{Name: name, Namespace: namespace, GenerateName: generateName, Labels: map[string]string{install.OLMManagedLabelKey: install.OLMManagedLabelValue}}, } } return &corev1.ServiceAccount{ TypeMeta: metav1.TypeMeta{Kind: serviceAccountKind, APIVersion: ""}, - ObjectMeta: metav1.ObjectMeta{Name: name, Namespace: namespace, GenerateName: generateName}, + ObjectMeta: metav1.ObjectMeta{Name: name, Namespace: namespace, GenerateName: generateName, Labels: map[string]string{install.OLMManagedLabelKey: install.OLMManagedLabelValue}}, Secrets: []corev1.ObjectReference{*secretRef}, } } @@ -1890,7 +1903,7 @@ func serviceAccount(name, namespace, generateName string, secretRef *corev1.Obje func configMap(name, namespace string) *corev1.ConfigMap { return &corev1.ConfigMap{ TypeMeta: metav1.TypeMeta{Kind: configMapKind}, - ObjectMeta: metav1.ObjectMeta{Name: name, Namespace: namespace}, + ObjectMeta: metav1.ObjectMeta{Name: name, Namespace: namespace, Labels: map[string]string{install.OLMManagedLabelKey: install.OLMManagedLabelValue}}, } } diff --git a/pkg/controller/operators/catalog/step.go b/pkg/controller/operators/catalog/step.go index 54abd56bf90..d3f54f18270 100644 --- a/pkg/controller/operators/catalog/step.go +++ b/pkg/controller/operators/catalog/step.go @@ -4,6 +4,7 @@ import ( "context" "fmt" + "github.com/operator-framework/operator-lifecycle-manager/pkg/controller/install" "github.com/pkg/errors" "github.com/sirupsen/logrus" apiextensionsv1 "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1" @@ -128,6 +129,10 @@ func (b *builder) NewCRDV1Step(client apiextensionsv1client.ApiextensionsV1Inter } setInstalledAlongsideAnnotation(b.annotator, crd, b.plan.GetNamespace(), step.Resolving, b.csvLister, crd) + if crd.Labels == nil { + crd.Labels = map[string]string{} + } + crd.Labels[install.OLMManagedLabelKey] = install.OLMManagedLabelValue _, createError := client.CustomResourceDefinitions().Create(context.TODO(), crd, metav1.CreateOptions{}) if apierrors.IsAlreadyExists(createError) { @@ -211,6 +216,10 @@ func (b *builder) NewCRDV1Beta1Step(client apiextensionsv1beta1client.Apiextensi } setInstalledAlongsideAnnotation(b.annotator, crd, b.plan.GetNamespace(), step.Resolving, b.csvLister, crd) + if crd.Labels == nil { + crd.Labels = map[string]string{} + } + crd.Labels[install.OLMManagedLabelKey] = install.OLMManagedLabelValue _, createError := client.CustomResourceDefinitions().Create(context.TODO(), crd, metav1.CreateOptions{}) if apierrors.IsAlreadyExists(createError) { diff --git a/pkg/controller/operators/catalog/step_ensurer.go b/pkg/controller/operators/catalog/step_ensurer.go index 91c309f97a8..3369aa65615 100644 --- a/pkg/controller/operators/catalog/step_ensurer.go +++ b/pkg/controller/operators/catalog/step_ensurer.go @@ -4,6 +4,7 @@ import ( "context" "fmt" + "github.com/operator-framework/operator-lifecycle-manager/pkg/controller/install" errorwrap "github.com/pkg/errors" corev1 "k8s.io/api/core/v1" rbacv1 "k8s.io/api/rbac/v1" @@ -91,6 +92,9 @@ func (o *StepEnsurer) EnsureSecret(operatorNamespace, planNamespace, name string ObjectMeta: metav1.ObjectMeta{ Name: secret.Name, Namespace: planNamespace, + Labels: map[string]string{ + install.OLMManagedLabelKey: install.OLMManagedLabelValue, + }, }, Data: secret.Data, Type: secret.Type, diff --git a/pkg/controller/operators/olm/operatorgroup.go b/pkg/controller/operators/olm/operatorgroup.go index 9900bc3844e..90d2cb89945 100644 --- a/pkg/controller/operators/olm/operatorgroup.go +++ b/pkg/controller/operators/olm/operatorgroup.go @@ -383,7 +383,8 @@ func (a *Operator) ensureProvidedAPIClusterRole(namePrefix, suffix string, verbs // Matches aggregation rules on the bootstrap ClusterRoles. // https://github.com/kubernetes/kubernetes/blob/61847eab61788fb0543b4cf147773c9da646ed2f/plugin/pkg/auth/authorizer/rbac/bootstrappolicy/policy.go#L232 fmt.Sprintf("rbac.authorization.k8s.io/aggregate-to-%s", suffix): "true", - aggregationLabel: "true", + aggregationLabel: "true", + install.OLMManagedLabelKey: install.OLMManagedLabelValue, }, OwnerReferences: []metav1.OwnerReference{ownerutil.NonBlockingOwner(api)}, }, @@ -983,7 +984,8 @@ func (a *Operator) updateNamespaceList(op *operatorsv1.OperatorGroup) ([]string, func (a *Operator) ensureOpGroupClusterRole(op *operatorsv1.OperatorGroup, suffix string, apis cache.APISet) error { clusterRole := &rbacv1.ClusterRole{ ObjectMeta: metav1.ObjectMeta{ - Name: strings.Join([]string{op.GetName(), suffix}, "-"), + Name: strings.Join([]string{op.GetName(), suffix}, "-"), + Labels: map[string]string{install.OLMManagedLabelKey: install.OLMManagedLabelValue}, }, } var selectors []metav1.LabelSelector diff --git a/pkg/controller/operators/operatorcondition_controller.go b/pkg/controller/operators/operatorcondition_controller.go index 45e85e44cb2..c805977c016 100644 --- a/pkg/controller/operators/operatorcondition_controller.go +++ b/pkg/controller/operators/operatorcondition_controller.go @@ -5,11 +5,12 @@ import ( "reflect" "github.com/go-logr/logr" + "github.com/operator-framework/operator-lifecycle-manager/pkg/controller/install" appsv1 "k8s.io/api/apps/v1" corev1 "k8s.io/api/core/v1" rbacv1 "k8s.io/api/rbac/v1" apierrors "k8s.io/apimachinery/pkg/api/errors" - meta "k8s.io/apimachinery/pkg/api/meta" + "k8s.io/apimachinery/pkg/api/meta" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/runtime" "k8s.io/apimachinery/pkg/types" @@ -128,6 +129,9 @@ func (r *OperatorConditionReconciler) ensureOperatorConditionRole(operatorCondit ObjectMeta: metav1.ObjectMeta{ Name: operatorCondition.GetName(), Namespace: operatorCondition.GetNamespace(), + Labels: map[string]string{ + install.OLMManagedLabelKey: install.OLMManagedLabelValue, + }, }, Rules: []rbacv1.PolicyRule{ { @@ -176,6 +180,9 @@ func (r *OperatorConditionReconciler) ensureOperatorConditionRoleBinding(operato ObjectMeta: metav1.ObjectMeta{ Name: operatorCondition.GetName(), Namespace: operatorCondition.GetNamespace(), + Labels: map[string]string{ + install.OLMManagedLabelKey: install.OLMManagedLabelValue, + }, }, Subjects: subjects, RoleRef: rbacv1.RoleRef{ diff --git a/pkg/controller/registry/reconciler/configmap.go b/pkg/controller/registry/reconciler/configmap.go index 11a87a8746a..a4aee1c2f04 100644 --- a/pkg/controller/registry/reconciler/configmap.go +++ b/pkg/controller/registry/reconciler/configmap.go @@ -5,6 +5,7 @@ import ( "context" "fmt" + "github.com/operator-framework/operator-lifecycle-manager/pkg/controller/install" "github.com/pkg/errors" "github.com/sirupsen/logrus" corev1 "k8s.io/api/core/v1" @@ -52,7 +53,8 @@ const ( func (s *configMapCatalogSourceDecorator) Labels() map[string]string { labels := map[string]string{ - CatalogSourceLabelKey: s.GetName(), + CatalogSourceLabelKey: s.GetName(), + install.OLMManagedLabelKey: install.OLMManagedLabelValue, } if s.Spec.SourceType == v1alpha1.SourceTypeInternal || s.Spec.SourceType == v1alpha1.SourceTypeConfigmap { labels[ConfigMapRVLabelKey] = s.Status.ConfigMapResource.ResourceVersion @@ -93,7 +95,9 @@ func (s *configMapCatalogSourceDecorator) Service() *corev1.Service { }, } - labels := map[string]string{} + labels := map[string]string{ + install.OLMManagedLabelKey: install.OLMManagedLabelValue, + } hash := HashServiceSpec(svc.Spec) labels[ServiceHashLabelKey] = hash svc.SetLabels(labels) @@ -114,6 +118,9 @@ func (s *configMapCatalogSourceDecorator) ServiceAccount() *corev1.ServiceAccoun ObjectMeta: metav1.ObjectMeta{ Name: s.serviceAccountName(), Namespace: s.GetNamespace(), + Labels: map[string]string{ + install.OLMManagedLabelKey: install.OLMManagedLabelValue, + }, }, } ownerutil.AddOwner(sa, s.CatalogSource, false, false) @@ -125,6 +132,9 @@ func (s *configMapCatalogSourceDecorator) Role() *rbacv1.Role { ObjectMeta: metav1.ObjectMeta{ Name: s.roleName(), Namespace: s.GetNamespace(), + Labels: map[string]string{ + install.OLMManagedLabelKey: install.OLMManagedLabelValue, + }, }, Rules: []rbacv1.PolicyRule{ { @@ -144,6 +154,9 @@ func (s *configMapCatalogSourceDecorator) RoleBinding() *rbacv1.RoleBinding { ObjectMeta: metav1.ObjectMeta{ Name: s.GetName() + "-server-configmap-reader", Namespace: s.GetNamespace(), + Labels: map[string]string{ + install.OLMManagedLabelKey: install.OLMManagedLabelValue, + }, }, Subjects: []rbacv1.Subject{ { diff --git a/pkg/controller/registry/reconciler/grpc.go b/pkg/controller/registry/reconciler/grpc.go index 117c081b236..a73c9833c0b 100644 --- a/pkg/controller/registry/reconciler/grpc.go +++ b/pkg/controller/registry/reconciler/grpc.go @@ -6,6 +6,7 @@ import ( "hash/fnv" "time" + "github.com/operator-framework/operator-lifecycle-manager/pkg/controller/install" "github.com/pkg/errors" "github.com/sirupsen/logrus" corev1 "k8s.io/api/core/v1" @@ -58,7 +59,8 @@ func (s *grpcCatalogSourceDecorator) SelectorForUpdate() labels.Selector { func (s *grpcCatalogSourceDecorator) Labels() map[string]string { return map[string]string{ - CatalogSourceLabelKey: s.GetName(), + CatalogSourceLabelKey: s.GetName(), + install.OLMManagedLabelKey: install.OLMManagedLabelValue, } } @@ -88,6 +90,7 @@ func (s *grpcCatalogSourceDecorator) Service() *corev1.Service { labels := map[string]string{} hash := HashServiceSpec(svc.Spec) labels[ServiceHashLabelKey] = hash + labels[install.OLMManagedLabelKey] = install.OLMManagedLabelValue svc.SetLabels(labels) ownerutil.AddOwner(svc, s.CatalogSource, false, false) return svc @@ -107,6 +110,7 @@ func (s *grpcCatalogSourceDecorator) ServiceAccount() *corev1.ServiceAccount { ObjectMeta: metav1.ObjectMeta{ Name: s.GetName(), Namespace: s.GetNamespace(), + Labels: map[string]string{install.OLMManagedLabelKey: install.OLMManagedLabelValue}, OwnerReferences: []metav1.OwnerReference{ { Name: s.GetName(), diff --git a/pkg/controller/registry/reconciler/reconciler.go b/pkg/controller/registry/reconciler/reconciler.go index 4eb6a542f47..1fe786c692d 100644 --- a/pkg/controller/registry/reconciler/reconciler.go +++ b/pkg/controller/registry/reconciler/reconciler.go @@ -5,6 +5,7 @@ import ( "fmt" "hash/fnv" + "github.com/operator-framework/operator-lifecycle-manager/pkg/controller/install" corev1 "k8s.io/api/core/v1" "k8s.io/apimachinery/pkg/api/resource" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" @@ -115,6 +116,7 @@ func Pod(source *operatorsv1alpha1.CatalogSource, name string, img string, saNam for key, value := range labels { podLabels[key] = value } + podLabels[install.OLMManagedLabelKey] = install.OLMManagedLabelValue for key, value := range annotations { podAnnotations[key] = value diff --git a/pkg/controller/registry/reconciler/reconciler_test.go b/pkg/controller/registry/reconciler/reconciler_test.go index fe2e256d7b6..7e288338f57 100644 --- a/pkg/controller/registry/reconciler/reconciler_test.go +++ b/pkg/controller/registry/reconciler/reconciler_test.go @@ -35,7 +35,7 @@ func TestPodMemoryTarget(t *testing.T) { ObjectMeta: metav1.ObjectMeta{ GenerateName: "test-", Namespace: "testns", - Labels: map[string]string{"olm.pod-spec-hash": "68d7885bb7"}, + Labels: map[string]string{"olm.pod-spec-hash": "68d7885bb7", "olm.managed": "true"}, Annotations: map[string]string{"cluster-autoscaler.kubernetes.io/safe-to-evict": "true"}, }, Spec: corev1.PodSpec{ @@ -107,7 +107,7 @@ func TestPodMemoryTarget(t *testing.T) { ObjectMeta: metav1.ObjectMeta{ GenerateName: "test-", Namespace: "testns", - Labels: map[string]string{"olm.pod-spec-hash": "5c6bb6945f"}, + Labels: map[string]string{"olm.pod-spec-hash": "5c6bb6945f", "olm.managed": "true"}, Annotations: map[string]string{"cluster-autoscaler.kubernetes.io/safe-to-evict": "true"}, }, Spec: corev1.PodSpec{ diff --git a/test/e2e/util.go b/test/e2e/util.go index 1764292bf67..ee5aa47c221 100644 --- a/test/e2e/util.go +++ b/test/e2e/util.go @@ -346,7 +346,7 @@ func catalogSourceRegistryPodSynced(catalog *operatorsv1alpha1.CatalogSource) bo if connState != nil { state = connState.LastObservedState } - fmt.Printf("waiting for catalog pod %v to be available (for sync) - %s\n", catalog.GetName(), state) + fmt.Printf("waiting for catalog pod %s/%s to be available (for sync) - %s\n", catalog.GetNamespace(), catalog.GetName(), state) return false }