Add missing labels and annotations to superuserSecret (k8ssandra#608)

* Add missing labels and annotations to superuserSecret, move some other annotations / labels code around for clarity * Add small test change
burmanm · Jan 11, 2024 · ff5bc87 · ff5bc87
1 parent aee2251
commit ff5bc87
Show file tree

Hide file tree

Showing 9 changed files with 33 additions and 42 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -12,6 +12,7 @@ Changelog for Cass Operator, new PRs should update the `main / unreleased` secti
 ## unreleased
 
 * [FEATURE] [#601](https://github.com/k8ssandra/cass-operator/pull/601) Add additionalAnnotations field to CR so that all resources created by the operator can be annotated.
+* [BUGFIX] [#607](https://github.com/k8ssandra/cass-operator/issues/607) Add missing additional labels and annotations to the superuserSecret.
 
 ## v1.18.2
 

diff --git a/apis/cassandra/v1beta1/zz_generated.deepcopy.go b/apis/cassandra/v1beta1/zz_generated.deepcopy.go
diff --git a/apis/config/v1beta1/zz_generated.deepcopy.go b/apis/config/v1beta1/zz_generated.deepcopy.go
diff --git a/apis/control/v1alpha1/zz_generated.deepcopy.go b/apis/control/v1alpha1/zz_generated.deepcopy.go
diff --git a/pkg/oplabels/labels.go b/pkg/oplabels/labels.go
@@ -21,6 +21,9 @@ const (
 )
 
 func AddOperatorLabels(m map[string]string, dc *api.CassandraDatacenter) {
+	if m == nil {
+		m = make(map[string]string)
+	}
 	m[ManagedByLabel] = ManagedByLabelValue
 	m[NameLabel] = NameLabelValue
 	m[VersionLabel] = dc.Spec.ServerVersion

diff --git a/pkg/reconciliation/construct_service.go b/pkg/reconciliation/construct_service.go
@@ -70,9 +70,6 @@ func newServiceForCassandraDatacenter(dc *api.CassandraDatacenter) *corev1.Servi
 	}
 
 	service.Spec.Ports = ports
-	anns := make(map[string]string)
-	oplabels.AddOperatorAnnotations(anns, dc)
-	service.ObjectMeta.Annotations = anns
 
 	addAdditionalOptions(service, &dc.Spec.AdditionalServiceConfig.DatacenterService)
 
@@ -143,7 +140,7 @@ func newSeedServiceForCassandraDatacenter(dc *api.CassandraDatacenter) *corev1.S
 func newAdditionalSeedServiceForCassandraDatacenter(dc *api.CassandraDatacenter) *corev1.Service {
 	labels := dc.GetDatacenterLabels()
 	oplabels.AddOperatorLabels(labels, dc)
-	anns := dc.GetAnnotations()
+	anns := make(map[string]string)
 	oplabels.AddOperatorAnnotations(anns, dc)
 	var service corev1.Service
 	service.ObjectMeta.Name = dc.GetAdditionalSeedsServiceName()
@@ -169,7 +166,7 @@ func newEndpointsForAdditionalSeeds(dc *api.CassandraDatacenter) (*corev1.Endpoi
 	endpoints.ObjectMeta.Name = dc.GetAdditionalSeedsServiceName()
 	endpoints.ObjectMeta.Namespace = dc.Namespace
 	endpoints.ObjectMeta.Labels = labels
-	anns := dc.GetAnnotations()
+	anns := make(map[string]string)
 	oplabels.AddOperatorAnnotations(anns, dc)
 	endpoints.ObjectMeta.Annotations = anns
 

diff --git a/pkg/reconciliation/reconcile_racks.go b/pkg/reconciliation/reconcile_racks.go
@@ -457,23 +457,6 @@ func (rc *ReconciliationContext) CheckRackLabels() result.ReconcileResult {
 			rc.Recorder.Eventf(rc.Datacenter, corev1.EventTypeNormal, events.LabeledRackResource,
 				"Update rack annotations for StatefulSet %s", statefulSet.Name)
 		}
-
-		ptsAnns := statefulSet.Spec.Template.GetAnnotations()
-		oplabels.AddOperatorAnnotations(ptsAnns, rc.Datacenter)
-		if !reflect.DeepEqual(ptsAnns, statefulSet.GetAnnotations()) {
-			rc.ReqLogger.Info("Updating annotations",
-				"statefulSet", statefulSet,
-				"current", ptsAnns,
-				"desired", updatedLabels)
-			statefulSet.Spec.Template.SetAnnotations(ptsAnns)
-
-			if err := rc.Client.Patch(rc.Ctx, statefulSet, patch); err != nil {
-				return result.Error(err)
-			}
-
-			rc.Recorder.Eventf(rc.Datacenter, corev1.EventTypeNormal, events.LabeledRackResource,
-				"Update pod template spec rack annotations for StatefulSet %s", statefulSet.Name)
-		}
 	}
 
 	return result.Continue()

diff --git a/pkg/reconciliation/secrets.go b/pkg/reconciliation/secrets.go
@@ -55,11 +55,6 @@ func buildDefaultSuperuserSecret(dc *api.CassandraDatacenter) (*corev1.Secret, e
 	var secret *corev1.Secret = nil
 
 	if dc.ShouldGenerateSuperuserSecret() {
-		labels := make(map[string]string)
-		oplabels.AddOperatorLabels(labels, dc)
-		anns := make(map[string]string)
-		oplabels.AddOperatorAnnotations(anns, dc)
-
 		secretNamespacedName := dc.GetSuperuserSecretNamespacedName()
 		secret = &corev1.Secret{
 			TypeMeta: metav1.TypeMeta{
@@ -69,10 +64,12 @@ func buildDefaultSuperuserSecret(dc *api.CassandraDatacenter) (*corev1.Secret, e
 			ObjectMeta: metav1.ObjectMeta{
 				Name:        secretNamespacedName.Name,
 				Namespace:   secretNamespacedName.Namespace,
-				Labels:      labels,
-				Annotations: anns,
+				Labels:      dc.GetDatacenterLabels(),
+				Annotations: make(map[string]string),
 			},
 		}
+		oplabels.AddOperatorLabels(secret.Labels, dc)
+		oplabels.AddOperatorAnnotations(secret.Annotations, dc)
 		username := api.CleanupForKubernetes(dc.Spec.ClusterName) + "-superuser"
 		password, err := generateUtf8Password()
 		if err != nil {
@@ -152,10 +149,16 @@ func (rc *ReconciliationContext) createInternodeCACredential() (*corev1.Secret,
 			APIVersion: "v1",
 		},
 		ObjectMeta: metav1.ObjectMeta{
-			Name:      rc.keystoreCASecret().Name,
-			Namespace: rc.keystoreCASecret().Namespace,
+			Name:        rc.keystoreCASecret().Name,
+			Namespace:   rc.keystoreCASecret().Namespace,
+			Labels:      rc.Datacenter.GetDatacenterLabels(),
+			Annotations: make(map[string]string),
 		},
 	}
+
+	oplabels.AddOperatorLabels(secret.Labels, rc.Datacenter)
+	oplabels.AddOperatorAnnotations(secret.Annotations, rc.Datacenter)
+
 	if keypem, certpem, err := utils.GetNewCAandKey(fmt.Sprintf("%s-ca-keystore", rc.Datacenter.Name), rc.Datacenter.Namespace); err == nil {
 		secret.Data = map[string][]byte{
 			"key":  []byte(keypem),
@@ -168,30 +171,32 @@ func (rc *ReconciliationContext) createInternodeCACredential() (*corev1.Secret,
 }
 
 func (rc *ReconciliationContext) createCABootstrappingSecret(jksBlob []byte) error {
-	_, err := rc.retrieveSecret(types.NamespacedName{
+	if _, err := rc.retrieveSecret(types.NamespacedName{
 		Name:      fmt.Sprintf("%s-keystore", rc.Datacenter.Name),
 		Namespace: rc.Datacenter.Namespace,
-	})
-
-	if err == nil { // This secret already exists, nothing to do
+	}); err == nil {
 		return nil
 	}
 
 	secret := &corev1.Secret{
-
 		TypeMeta: metav1.TypeMeta{
 			Kind:       "Secret",
 			APIVersion: "v1",
 		},
 		ObjectMeta: metav1.ObjectMeta{
-			Name:      fmt.Sprintf("%s-keystore", rc.Datacenter.Name),
-			Namespace: rc.Datacenter.Namespace,
+			Name:        fmt.Sprintf("%s-keystore", rc.Datacenter.Name),
+			Namespace:   rc.Datacenter.Namespace,
+			Labels:      make(map[string]string),
+			Annotations: make(map[string]string),
 		},
 	}
 	secret.Data = map[string][]byte{
 		"node-keystore.jks": jksBlob,
 	}
 
+	oplabels.AddOperatorLabels(secret.Labels, rc.Datacenter)
+	oplabels.AddOperatorAnnotations(secret.Annotations, rc.Datacenter)
+
 	return rc.Client.Create(rc.Ctx, secret)
 }
 

diff --git a/pkg/reconciliation/secrets_test.go b/pkg/reconciliation/secrets_test.go
@@ -20,7 +20,7 @@ func Test_buildDefaultSuperuserSecret(t *testing.T) {
 	t.Run("test default superuser secret is created", func(t *testing.T) {
 		dc := &api.CassandraDatacenter{
 			ObjectMeta: metav1.ObjectMeta{
-				Name:      "exampleDC",
+				Name:      "exampledc",
 				Namespace: "examplens",
 			},
 			Spec: api.CassandraDatacenterSpec{
@@ -52,6 +52,8 @@ func Test_buildDefaultSuperuserSecret(t *testing.T) {
 		}
 
 		expectedSecretLabels := map[string]string{
+			api.ClusterLabel:        "exampleCluster",
+			api.DatacenterLabel:     "exampledc",
 			oplabels.InstanceLabel:  "cassandra-exampleCluster",
 			oplabels.ManagedByLabel: oplabels.ManagedByLabelValue,
 			oplabels.NameLabel:      oplabels.NameLabelValue,