From ff5bc87f10b890ab09eb2d5c369edf2568169dd8 Mon Sep 17 00:00:00 2001 From: Michael Burman Date: Thu, 11 Jan 2024 19:38:05 +0200 Subject: [PATCH] Add missing labels and annotations to superuserSecret (#608) * Add missing labels and annotations to superuserSecret, move some other annotations / labels code around for clarity * Add small test change --- CHANGELOG.md | 1 + .../v1beta1/zz_generated.deepcopy.go | 2 +- apis/config/v1beta1/zz_generated.deepcopy.go | 2 +- .../control/v1alpha1/zz_generated.deepcopy.go | 2 +- pkg/oplabels/labels.go | 3 ++ pkg/reconciliation/construct_service.go | 7 +--- pkg/reconciliation/reconcile_racks.go | 17 --------- pkg/reconciliation/secrets.go | 37 +++++++++++-------- pkg/reconciliation/secrets_test.go | 4 +- 9 files changed, 33 insertions(+), 42 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 6149ef45..598ce5c2 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -12,6 +12,7 @@ Changelog for Cass Operator, new PRs should update the `main / unreleased` secti ## unreleased * [FEATURE] [#601](https://github.com/k8ssandra/cass-operator/pull/601) Add additionalAnnotations field to CR so that all resources created by the operator can be annotated. +* [BUGFIX] [#607](https://github.com/k8ssandra/cass-operator/issues/607) Add missing additional labels and annotations to the superuserSecret. ## v1.18.2 diff --git a/apis/cassandra/v1beta1/zz_generated.deepcopy.go b/apis/cassandra/v1beta1/zz_generated.deepcopy.go index e296e4df..6a63ef87 100644 --- a/apis/cassandra/v1beta1/zz_generated.deepcopy.go +++ b/apis/cassandra/v1beta1/zz_generated.deepcopy.go @@ -2,7 +2,7 @@ // +build !ignore_autogenerated /* -Copyright 2021. +Copyright 2023. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. diff --git a/apis/config/v1beta1/zz_generated.deepcopy.go b/apis/config/v1beta1/zz_generated.deepcopy.go index 79386c32..8f0d56d8 100644 --- a/apis/config/v1beta1/zz_generated.deepcopy.go +++ b/apis/config/v1beta1/zz_generated.deepcopy.go @@ -2,7 +2,7 @@ // +build !ignore_autogenerated /* -Copyright 2021. +Copyright 2023. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. diff --git a/apis/control/v1alpha1/zz_generated.deepcopy.go b/apis/control/v1alpha1/zz_generated.deepcopy.go index 096ead4c..3a2fa124 100644 --- a/apis/control/v1alpha1/zz_generated.deepcopy.go +++ b/apis/control/v1alpha1/zz_generated.deepcopy.go @@ -2,7 +2,7 @@ // +build !ignore_autogenerated /* -Copyright 2021. +Copyright 2023. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. diff --git a/pkg/oplabels/labels.go b/pkg/oplabels/labels.go index 9f3d77e2..e47c1253 100644 --- a/pkg/oplabels/labels.go +++ b/pkg/oplabels/labels.go @@ -21,6 +21,9 @@ const ( ) func AddOperatorLabels(m map[string]string, dc *api.CassandraDatacenter) { + if m == nil { + m = make(map[string]string) + } m[ManagedByLabel] = ManagedByLabelValue m[NameLabel] = NameLabelValue m[VersionLabel] = dc.Spec.ServerVersion diff --git a/pkg/reconciliation/construct_service.go b/pkg/reconciliation/construct_service.go index 9319f9cd..5724bd69 100644 --- a/pkg/reconciliation/construct_service.go +++ b/pkg/reconciliation/construct_service.go @@ -70,9 +70,6 @@ func newServiceForCassandraDatacenter(dc *api.CassandraDatacenter) *corev1.Servi } service.Spec.Ports = ports - anns := make(map[string]string) - oplabels.AddOperatorAnnotations(anns, dc) - service.ObjectMeta.Annotations = anns addAdditionalOptions(service, &dc.Spec.AdditionalServiceConfig.DatacenterService) @@ -143,7 +140,7 @@ func newSeedServiceForCassandraDatacenter(dc *api.CassandraDatacenter) *corev1.S func newAdditionalSeedServiceForCassandraDatacenter(dc *api.CassandraDatacenter) *corev1.Service { labels := dc.GetDatacenterLabels() oplabels.AddOperatorLabels(labels, dc) - anns := dc.GetAnnotations() + anns := make(map[string]string) oplabels.AddOperatorAnnotations(anns, dc) var service corev1.Service service.ObjectMeta.Name = dc.GetAdditionalSeedsServiceName() @@ -169,7 +166,7 @@ func newEndpointsForAdditionalSeeds(dc *api.CassandraDatacenter) (*corev1.Endpoi endpoints.ObjectMeta.Name = dc.GetAdditionalSeedsServiceName() endpoints.ObjectMeta.Namespace = dc.Namespace endpoints.ObjectMeta.Labels = labels - anns := dc.GetAnnotations() + anns := make(map[string]string) oplabels.AddOperatorAnnotations(anns, dc) endpoints.ObjectMeta.Annotations = anns diff --git a/pkg/reconciliation/reconcile_racks.go b/pkg/reconciliation/reconcile_racks.go index ce519f94..5392b399 100644 --- a/pkg/reconciliation/reconcile_racks.go +++ b/pkg/reconciliation/reconcile_racks.go @@ -457,23 +457,6 @@ func (rc *ReconciliationContext) CheckRackLabels() result.ReconcileResult { rc.Recorder.Eventf(rc.Datacenter, corev1.EventTypeNormal, events.LabeledRackResource, "Update rack annotations for StatefulSet %s", statefulSet.Name) } - - ptsAnns := statefulSet.Spec.Template.GetAnnotations() - oplabels.AddOperatorAnnotations(ptsAnns, rc.Datacenter) - if !reflect.DeepEqual(ptsAnns, statefulSet.GetAnnotations()) { - rc.ReqLogger.Info("Updating annotations", - "statefulSet", statefulSet, - "current", ptsAnns, - "desired", updatedLabels) - statefulSet.Spec.Template.SetAnnotations(ptsAnns) - - if err := rc.Client.Patch(rc.Ctx, statefulSet, patch); err != nil { - return result.Error(err) - } - - rc.Recorder.Eventf(rc.Datacenter, corev1.EventTypeNormal, events.LabeledRackResource, - "Update pod template spec rack annotations for StatefulSet %s", statefulSet.Name) - } } return result.Continue() diff --git a/pkg/reconciliation/secrets.go b/pkg/reconciliation/secrets.go index 1a0090e3..e1aa0b4e 100644 --- a/pkg/reconciliation/secrets.go +++ b/pkg/reconciliation/secrets.go @@ -55,11 +55,6 @@ func buildDefaultSuperuserSecret(dc *api.CassandraDatacenter) (*corev1.Secret, e var secret *corev1.Secret = nil if dc.ShouldGenerateSuperuserSecret() { - labels := make(map[string]string) - oplabels.AddOperatorLabels(labels, dc) - anns := make(map[string]string) - oplabels.AddOperatorAnnotations(anns, dc) - secretNamespacedName := dc.GetSuperuserSecretNamespacedName() secret = &corev1.Secret{ TypeMeta: metav1.TypeMeta{ @@ -69,10 +64,12 @@ func buildDefaultSuperuserSecret(dc *api.CassandraDatacenter) (*corev1.Secret, e ObjectMeta: metav1.ObjectMeta{ Name: secretNamespacedName.Name, Namespace: secretNamespacedName.Namespace, - Labels: labels, - Annotations: anns, + Labels: dc.GetDatacenterLabels(), + Annotations: make(map[string]string), }, } + oplabels.AddOperatorLabels(secret.Labels, dc) + oplabels.AddOperatorAnnotations(secret.Annotations, dc) username := api.CleanupForKubernetes(dc.Spec.ClusterName) + "-superuser" password, err := generateUtf8Password() if err != nil { @@ -152,10 +149,16 @@ func (rc *ReconciliationContext) createInternodeCACredential() (*corev1.Secret, APIVersion: "v1", }, ObjectMeta: metav1.ObjectMeta{ - Name: rc.keystoreCASecret().Name, - Namespace: rc.keystoreCASecret().Namespace, + Name: rc.keystoreCASecret().Name, + Namespace: rc.keystoreCASecret().Namespace, + Labels: rc.Datacenter.GetDatacenterLabels(), + Annotations: make(map[string]string), }, } + + oplabels.AddOperatorLabels(secret.Labels, rc.Datacenter) + oplabels.AddOperatorAnnotations(secret.Annotations, rc.Datacenter) + if keypem, certpem, err := utils.GetNewCAandKey(fmt.Sprintf("%s-ca-keystore", rc.Datacenter.Name), rc.Datacenter.Namespace); err == nil { secret.Data = map[string][]byte{ "key": []byte(keypem), @@ -168,30 +171,32 @@ func (rc *ReconciliationContext) createInternodeCACredential() (*corev1.Secret, } func (rc *ReconciliationContext) createCABootstrappingSecret(jksBlob []byte) error { - _, err := rc.retrieveSecret(types.NamespacedName{ + if _, err := rc.retrieveSecret(types.NamespacedName{ Name: fmt.Sprintf("%s-keystore", rc.Datacenter.Name), Namespace: rc.Datacenter.Namespace, - }) - - if err == nil { // This secret already exists, nothing to do + }); err == nil { return nil } secret := &corev1.Secret{ - TypeMeta: metav1.TypeMeta{ Kind: "Secret", APIVersion: "v1", }, ObjectMeta: metav1.ObjectMeta{ - Name: fmt.Sprintf("%s-keystore", rc.Datacenter.Name), - Namespace: rc.Datacenter.Namespace, + Name: fmt.Sprintf("%s-keystore", rc.Datacenter.Name), + Namespace: rc.Datacenter.Namespace, + Labels: make(map[string]string), + Annotations: make(map[string]string), }, } secret.Data = map[string][]byte{ "node-keystore.jks": jksBlob, } + oplabels.AddOperatorLabels(secret.Labels, rc.Datacenter) + oplabels.AddOperatorAnnotations(secret.Annotations, rc.Datacenter) + return rc.Client.Create(rc.Ctx, secret) } diff --git a/pkg/reconciliation/secrets_test.go b/pkg/reconciliation/secrets_test.go index 192ddaaf..a581644c 100644 --- a/pkg/reconciliation/secrets_test.go +++ b/pkg/reconciliation/secrets_test.go @@ -20,7 +20,7 @@ func Test_buildDefaultSuperuserSecret(t *testing.T) { t.Run("test default superuser secret is created", func(t *testing.T) { dc := &api.CassandraDatacenter{ ObjectMeta: metav1.ObjectMeta{ - Name: "exampleDC", + Name: "exampledc", Namespace: "examplens", }, Spec: api.CassandraDatacenterSpec{ @@ -52,6 +52,8 @@ func Test_buildDefaultSuperuserSecret(t *testing.T) { } expectedSecretLabels := map[string]string{ + api.ClusterLabel: "exampleCluster", + api.DatacenterLabel: "exampledc", oplabels.InstanceLabel: "cassandra-exampleCluster", oplabels.ManagedByLabel: oplabels.ManagedByLabelValue, oplabels.NameLabel: oplabels.NameLabelValue,