From e4760ab63a82c60ad37a511edc2cae3441608dea Mon Sep 17 00:00:00 2001 From: Yoan Blanc Date: Tue, 12 Nov 2024 09:54:57 +0100 Subject: [PATCH 1/5] feat: allow to customize the blocked labels Signed-off-by: Yoan Blanc --- Makefile | 2 +- charts/cluster-secret/Chart.yaml | 4 ++-- charts/cluster-secret/templates/deployment.yaml | 1 + charts/cluster-secret/values.yaml | 5 +++++ src/consts.py | 5 +++-- src/kubernetes_utils.py | 10 +++++----- src/os_utils.py | 13 ++++++++++++- src/tests/test_kubernetes_utils.py | 10 +++++----- 8 files changed, 34 insertions(+), 16 deletions(-) diff --git a/Makefile b/Makefile index 08fe5ed..05ee280 100644 --- a/Makefile +++ b/Makefile @@ -1,7 +1,7 @@ IMG_NAMESPACE = flag5 IMG_NAME = clustersecret IMG_FQNAME = $(IMG_NAMESPACE)/$(IMG_NAME) -IMG_VERSION = 0.0.12 +IMG_VERSION = 0.0.13 .PHONY: container push clean all: container diff --git a/charts/cluster-secret/Chart.yaml b/charts/cluster-secret/Chart.yaml index cd332aa..937bfa3 100755 --- a/charts/cluster-secret/Chart.yaml +++ b/charts/cluster-secret/Chart.yaml @@ -3,11 +3,11 @@ name: cluster-secret description: ClusterSecret Operator kubeVersion: '>= 1.25.0-0' type: application -version: 0.4.4 +version: 0.5.0 icon: https://clustersecret.com/assets/csninjasmall.png sources: - https://github.com/zakkg3/ClusterSecret -appVersion: "0.0.12" +appVersion: "0.0.13" maintainers: - email: zakkg3@gmail.com name: zakkg3 diff --git a/charts/cluster-secret/templates/deployment.yaml b/charts/cluster-secret/templates/deployment.yaml index 4c7c0f9..d926ed0 100644 --- a/charts/cluster-secret/templates/deployment.yaml +++ b/charts/cluster-secret/templates/deployment.yaml @@ -35,6 +35,7 @@ spec: {{- end }} containers: - env: + {{- .Values.env | default [] | toYAML | nindent 8 }} - name: KUBERNETES_CLUSTER_DOMAIN value: {{ .Values.kubernetesClusterDomain }} - name: CLUSTER_SECRET_VERSION diff --git a/charts/cluster-secret/values.yaml b/charts/cluster-secret/values.yaml index bb845b4..167b135 100644 --- a/charts/cluster-secret/values.yaml +++ b/charts/cluster-secret/values.yaml @@ -7,6 +7,11 @@ image: # Default is to ignore it via false setting. (to not loose any unintentional data) # It can also be replaced, just set value to true. replace_existing: 'false' + +env: + - name: BLOCKED_LABELS + value: app.kubernetes.io # it's a comma (,) separated list + kubernetesClusterDomain: cluster.local diff --git a/src/consts.py b/src/consts.py index b575edc..85e57d7 100644 --- a/src/consts.py +++ b/src/consts.py @@ -9,5 +9,6 @@ CLUSTER_SECRET_LABEL = "clustersecret.io" -BLACK_LISTED_ANNOTATIONS = ["kopf.zalando.org", "kubectl.kubernetes.io"] -BLACK_LISTED_LABELS = ["app.kubernetes.io"] +BLOCKED_ANNOTATIONS = ["kopf.zalando.org", "kubectl.kubernetes.io"] + +BLOCKED_LABELS = ["app.kubernetes.io"] diff --git a/src/kubernetes_utils.py b/src/kubernetes_utils.py index a0f3cd6..d9cb9e2 100644 --- a/src/kubernetes_utils.py +++ b/src/kubernetes_utils.py @@ -6,9 +6,9 @@ import kopf from kubernetes.client import CoreV1Api, CustomObjectsApi, exceptions, V1ObjectMeta, rest, V1Secret -from os_utils import get_replace_existing, get_version -from consts import CREATE_BY_ANNOTATION, LAST_SYNC_ANNOTATION, VERSION_ANNOTATION, BLACK_LISTED_ANNOTATIONS, \ - BLACK_LISTED_LABELS, CREATE_BY_AUTHOR, CLUSTER_SECRET_LABEL +from os_utils import get_blocked_labels, get_replace_existing, get_version +from consts import CREATE_BY_ANNOTATION, LAST_SYNC_ANNOTATION, VERSION_ANNOTATION, BLOCKED_ANNOTATIONS, \ + CREATE_BY_AUTHOR, CLUSTER_SECRET_LABEL def patch_clustersecret_status( @@ -309,8 +309,8 @@ def filter_dict( LAST_SYNC_ANNOTATION: datetime.now().isoformat(), } - _annotations = filter_dict(BLACK_LISTED_ANNOTATIONS, base_annotations, annotations) - _labels = filter_dict(BLACK_LISTED_LABELS, base_labels, labels) + _annotations = filter_dict(BLOCKED_ANNOTATIONS, base_annotations, annotations) + _labels = filter_dict(get_blocked_labels(), base_labels, labels) return V1ObjectMeta( name=name, namespace=namespace, diff --git a/src/os_utils.py b/src/os_utils.py index 98147f2..82379bf 100644 --- a/src/os_utils.py +++ b/src/os_utils.py @@ -1,6 +1,10 @@ import os +from functools import cache +from consts import BLOCKED_LABELS + +@cache def get_version() -> str: """ Wrapper for CLUSTER_SECRET_VERSION variable environment @@ -8,12 +12,19 @@ def get_version() -> str: return os.getenv('CLUSTER_SECRET_VERSION', '0') +@cache def get_replace_existing() -> bool: - replace_existing = os.getenv('REPLACE_EXISTING', 'false') return replace_existing.lower() == 'true' +@cache +def get_blocked_labels() -> list[str]: + blocked_labels = os.getenv('BLOCKED_LABELS', ','.join(BLOCKED_LABELS)) + return [label.strip() for label in blocked_labels.split(',')] + + +@cache def in_cluster() -> bool: """ Whether we are running in cluster (on the pod) or outside (debug mode.) diff --git a/src/tests/test_kubernetes_utils.py b/src/tests/test_kubernetes_utils.py index 5809b70..92eeac4 100644 --- a/src/tests/test_kubernetes_utils.py +++ b/src/tests/test_kubernetes_utils.py @@ -6,10 +6,10 @@ from kubernetes.client import V1ObjectMeta -from consts import CREATE_BY_ANNOTATION, LAST_SYNC_ANNOTATION, VERSION_ANNOTATION, BLACK_LISTED_ANNOTATIONS, \ - BLACK_LISTED_LABELS, CREATE_BY_AUTHOR, CLUSTER_SECRET_LABEL +from consts import CREATE_BY_ANNOTATION, LAST_SYNC_ANNOTATION, VERSION_ANNOTATION, BLOCKED_ANNOTATIONS, \ + CREATE_BY_AUTHOR, CLUSTER_SECRET_LABEL from kubernetes_utils import get_ns_list, create_secret_metadata -from os_utils import get_version +from os_utils import get_version, get_blocked_labels USER_NAMESPACE_COUNT = 10 initial_namespaces = ['default', 'kube-node-lease', 'kube-public', 'kube-system'] @@ -100,8 +100,8 @@ def test_create_secret_metadata(self) -> None: ] attributes_black_lists = dict( - labels=BLACK_LISTED_LABELS, - annotations=BLACK_LISTED_ANNOTATIONS, + labels=get_blocked_labels(), + annotations=BLOCKED_ANNOTATIONS, ) test_cases: list[Tuple[dict[str, str], dict[str, str]]] = [ From c86da2a85c42ab92ffa830c94465a550c341dea0 Mon Sep 17 00:00:00 2001 From: Yoan Blanc Date: Tue, 12 Nov 2024 10:21:54 +0100 Subject: [PATCH 2/5] fixup! feat: allow to customize the blocked labels Signed-off-by: Yoan Blanc --- charts/cluster-secret/templates/deployment.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/cluster-secret/templates/deployment.yaml b/charts/cluster-secret/templates/deployment.yaml index d926ed0..12de6a9 100644 --- a/charts/cluster-secret/templates/deployment.yaml +++ b/charts/cluster-secret/templates/deployment.yaml @@ -35,7 +35,7 @@ spec: {{- end }} containers: - env: - {{- .Values.env | default [] | toYAML | nindent 8 }} + {{- .Values.env | toYaml | nindent 8 }} - name: KUBERNETES_CLUSTER_DOMAIN value: {{ .Values.kubernetesClusterDomain }} - name: CLUSTER_SECRET_VERSION From 060a3a2f5aeea954fa90796928c4928a8646ab67 Mon Sep 17 00:00:00 2001 From: Yoan Blanc Date: Tue, 12 Nov 2024 11:47:27 +0100 Subject: [PATCH 3/5] fixup! fixup! feat: allow to customize the blocked labels Signed-off-by: Yoan Blanc --- src/os_utils.py | 7 +++++-- src/tests/test_kubernetes_utils.py | 8 ++++---- 2 files changed, 9 insertions(+), 6 deletions(-) diff --git a/src/os_utils.py b/src/os_utils.py index 82379bf..ca1f54b 100644 --- a/src/os_utils.py +++ b/src/os_utils.py @@ -20,9 +20,12 @@ def get_replace_existing() -> bool: @cache def get_blocked_labels() -> list[str]: - blocked_labels = os.getenv('BLOCKED_LABELS', ','.join(BLOCKED_LABELS)) - return [label.strip() for label in blocked_labels.split(',')] + blocked_labels = os.getenv('BLOCKED_LABELS') + + if not blocked_labels: + return BLOCKED_LABELS + return [label.strip() for label in blocked_labels.split(',')] @cache def in_cluster() -> bool: diff --git a/src/tests/test_kubernetes_utils.py b/src/tests/test_kubernetes_utils.py index 92eeac4..f19203c 100644 --- a/src/tests/test_kubernetes_utils.py +++ b/src/tests/test_kubernetes_utils.py @@ -99,7 +99,7 @@ def test_create_secret_metadata(self) -> None: (LAST_SYNC_ANNOTATION, is_iso_format) ] - attributes_black_lists = dict( + attributes_blocked_lists = dict( labels=get_blocked_labels(), annotations=BLOCKED_ANNOTATIONS, ) @@ -140,15 +140,15 @@ def test_create_secret_metadata(self) -> None: self.assertIsInstance(obj=subject, cls=V1ObjectMeta, msg='returned value has correct type') - for attribute, black_list in attributes_black_lists.items(): + for attribute, blocked_list in attributes_blocked_lists.items(): attribute_object = subject.__getattribute__(attribute) self.assertIsNotNone(obj=attribute_object, msg=f'attribute "{attribute}" is not None') for key in attribute_object.keys(): self.assertIsInstance(obj=key, cls=str, msg=f'the {attribute} key is a string') - for black_listed_label_prefix in black_list: + for blocked_listed_label_prefix in blocked_list: self.assertFalse( - expr=key.startswith(black_listed_label_prefix), + expr=key.startswith(blocked_listed_label_prefix), msg=f'{attribute} key does not match black listed prefix' ) From 0a64d6855c15f88092829eec07e0ac6c8d177d9a Mon Sep 17 00:00:00 2001 From: Yoan Blanc Date: Tue, 12 Nov 2024 11:54:51 +0100 Subject: [PATCH 4/5] fixup! fixup! fixup! feat: allow to customize the blocked labels Signed-off-by: Yoan Blanc --- src/os_utils.py | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/src/os_utils.py b/src/os_utils.py index ca1f54b..eb12153 100644 --- a/src/os_utils.py +++ b/src/os_utils.py @@ -20,12 +20,11 @@ def get_replace_existing() -> bool: @cache def get_blocked_labels() -> list[str]: - blocked_labels = os.getenv('BLOCKED_LABELS') + if blocked_labels := os.getenv('BLOCKED_LABELS'): + return [label.strip() for label in blocked_labels.split(',')] - if not blocked_labels: - return BLOCKED_LABELS + return BLOCKED_LABELS - return [label.strip() for label in blocked_labels.split(',')] @cache def in_cluster() -> bool: From a0ee1648eb56b5520c6f0450d35cacb0e8f37eff Mon Sep 17 00:00:00 2001 From: Yoan Blanc Date: Mon, 18 Nov 2024 09:31:15 +0100 Subject: [PATCH 5/5] fixup! fixup! fixup! fixup! feat: allow to customize the blocked labels Signed-off-by: Yoan Blanc --- charts/cluster-secret/values.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/cluster-secret/values.yaml b/charts/cluster-secret/values.yaml index 167b135..cd8440d 100644 --- a/charts/cluster-secret/values.yaml +++ b/charts/cluster-secret/values.yaml @@ -10,7 +10,7 @@ image: env: - name: BLOCKED_LABELS - value: app.kubernetes.io # it's a comma (,) separated list + value: app.kubernetes.io # a comma (,) separated list kubernetesClusterDomain: cluster.local