Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat: configure excluded propagate labels/annotations #142

Merged
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
32 changes: 17 additions & 15 deletions charts/accurate/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -53,21 +53,23 @@ $ helm install --create-namespace --namespace accurate accurate -f values.yaml a

## Values

| Key | Type | Default | Description |
| ---------------------------------------- | ------ | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| controller.additionalRBAC.rules | list | `[]` | Specify the RBAC rules to be added to the controller. ClusterRole and ClusterRoleBinding are created with the names `{{ release name }}-additional-resources`. The rules defined here will be used for the ClusterRole rules. |
| controller.additionalRBAC.clusterRoles | list | `[]` | Specify additional ClusterRoles to be granted to the accurate controller. "admin" is recommended to allow the controller to manage common namespace-scoped resources. |
| controller.config.annotationKeys | list | `[]` | Annotations to be propagated to sub-namespaces. It is also possible to specify a glob pattern that can be interpreted by Go's "path.Match" func. |
| controller.config.labelKeys | list | `[]` | Labels to be propagated to sub-namespaces. It is also possible to specify a glob pattern that can be interpreted by Go's "path.Match" func. |
| controller.config.watches | list | `[{"group":"rbac.authorization.k8s.io","kind":"Role","version":"v1"},{"group":"rbac.authorization.k8s.io","kind":"RoleBinding","version":"v1"},{"kind":"Secret","version":"v1"}]` | List of GVK for namespace-scoped resources that can be propagated. Any namespace-scoped resource is allowed. |
| controller.extraArgs | list | `[]` | Optional additional arguments. |
| controller.replicas | int | `2` | Specify the number of replicas of the controller Pod. |
| controller.resources | object | `{"requests":{"cpu":"100m","memory":"20Mi"}}` | Specify resources. |
| controller.terminationGracePeriodSeconds | int | `10` | Specify terminationGracePeriodSeconds. |
| image.pullPolicy | string | `nil` | Accurate image pullPolicy. |
| image.repository | string | `"ghcr.io/cybozu-go/accurate"` | Accurate image repository to use. |
| image.tag | string | `{{ .Chart.AppVersion }}` | Accurate image tag to use. |
| installCRDs | bool | `true` | Controls if CRDs are automatically installed and managed as part of your Helm release. |
| Key | Type | Default | Description |
|--------------------------------------------------|--------|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| controller.additionalRBAC.rules | list | `[]` | Specify the RBAC rules to be added to the controller. ClusterRole and ClusterRoleBinding are created with the names `{{ release name }}-additional-resources`. The rules defined here will be used for the ClusterRole rules. |
| controller.additionalRBAC.clusterRoles | list | `[]` | Specify additional ClusterRoles to be granted to the accurate controller. "admin" is recommended to allow the controller to manage common namespace-scoped resources. |
| controller.config.annotationKeys | list | `[]` | Annotations to be propagated to sub-namespaces. It is also possible to specify a glob pattern that can be interpreted by Go's "path.Match" func. |
| controller.config.labelKeys | list | `[]` | Labels to be propagated to sub-namespaces. It is also possible to specify a glob pattern that can be interpreted by Go's "path.Match" func. |
| controller.config.watches | list | `[{"group":"rbac.authorization.k8s.io","kind":"Role","version":"v1"},{"group":"rbac.authorization.k8s.io","kind":"RoleBinding","version":"v1"},{"kind":"Secret","version":"v1"}]` | List of GVK for namespace-scoped resources that can be propagated. Any namespace-scoped resource is allowed. |
| controller.config.propagateAnnotationKeyExcludes | list | `["*kubernetes.io/*"]` | Annotations to exclude when propagating resources. It is also possible to specify a glob pattern that can be interpreted by Go's "path.Match" func. |
| controller.config.propagateLabelKeyExcludes | list | `["*kubernetes.io/*"]` | Labels to exclude when propagating resources. It is also possible to specify a glob pattern that can be interpreted by Go's "path.Match" func. |
| controller.extraArgs | list | `[]` | Optional additional arguments. |
| controller.replicas | int | `2` | Specify the number of replicas of the controller Pod. |
| controller.resources | object | `{"requests":{"cpu":"100m","memory":"20Mi"}}` | Specify resources. |
| controller.terminationGracePeriodSeconds | int | `10` | Specify terminationGracePeriodSeconds. |
| image.pullPolicy | string | `nil` | Accurate image pullPolicy. |
| image.repository | string | `"ghcr.io/cybozu-go/accurate"` | Accurate image repository to use. |
| image.tag | string | `{{ .Chart.AppVersion }}` | Accurate image tag to use. |
| installCRDs | bool | `true` | Controls if CRDs are automatically installed and managed as part of your Helm release. |

## Generate Manifests

Expand Down
6 changes: 6 additions & 0 deletions charts/accurate/templates/configmap.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -21,5 +21,11 @@ data:
{{- end }}
watches: {{ toYaml .Values.controller.config.watches | nindent 6 }}
{{- with .Values.controller.config.namingPolicies }}
{{- with .Values.controller.config.propagateLabelKeyExcludes }}
propagateLabelKeyExcludes: {{ toYaml . | nindent 6 }}
{{- end }}
{{- with .Values.controller.config.propagateAnnotationKeyExcludes }}
propagateAnnotationKeyExcludes: {{ toYaml . | nindent 6 }}
{{- end }}
namingPolicies: {{ toYaml . | nindent 6 }}
{{- end }}
12 changes: 12 additions & 0 deletions charts/accurate/values.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -68,6 +68,18 @@ controller:
- version: v1
kind: ResourceQuota

# controller.config.propagateLabelKeyExcludes -- Labels to exclude when propagating resources.
# It is also possible to specify a glob pattern that can be interpreted by Go's "path.Match" func.
## https://pkg.go.dev/path#Match
propagateLabelKeyExcludes:
- '*kubernetes.io/*'

# controller.config.propagateAnnotationKeyExcludes -- Annotations to exclude when propagating resources.
# It is also possible to specify a glob pattern that can be interpreted by Go's "path.Match" func.
## https://pkg.go.dev/path#Match
propagateAnnotationKeyExcludes:
- '*kubernetes.io/*'

# controller.config.namingPolicies -- List of nameing policy for SubNamespaces.
# root and match are both regular expressions.
# When a SubNamespace is created in a tree starting from a root namespace and the root namespace's name matches the "root" regular expression, the SubNamespace name is validated with the "match" regular expression.
Expand Down
7 changes: 6 additions & 1 deletion cmd/accurate-controller/sub/run.go
Original file line number Diff line number Diff line change
Expand Up @@ -109,6 +109,10 @@ func subMain(ns, addr string, port int) error {
})
}

cloner := controllers.ResourceCloner{
LabelKeyExcludes: cfg.PropagateLabelKeyExcludes,
AnnotationKeyExcludes: cfg.PropagateAnnotationKeyExcludes,
}
dec := admission.NewDecoder(scheme)

// Namespace reconciler & webhook
Expand All @@ -117,6 +121,7 @@ func subMain(ns, addr string, port int) error {
}
if err := (&controllers.NamespaceReconciler{
Client: mgr.GetClient(),
ResourceCloner: cloner,
LabelKeys: cfg.LabelKeys,
AnnotationKeys: cfg.AnnotationKeys,
SubNamespaceLabelKeys: cfg.SubNamespaceLabelKeys,
Expand All @@ -142,7 +147,7 @@ func subMain(ns, addr string, port int) error {
if err := indexing.SetupIndexForResource(ctx, mgr, res); err != nil {
return fmt.Errorf("failed to setup indexer for %s: %w", res.GroupVersionKind().String(), err)
}
if err := controllers.NewPropagateController(res).SetupWithManager(mgr); err != nil {
if err := controllers.NewPropagateController(res, cloner).SetupWithManager(mgr); err != nil {
return fmt.Errorf("unable to create %s controller: %w", res.GroupVersionKind().String(), err)
}
logger.Info("watching", "gvk", res.GroupVersionKind().String())
Expand Down
7 changes: 4 additions & 3 deletions controllers/namespace_controller.go
Original file line number Diff line number Diff line change
Expand Up @@ -26,6 +26,7 @@ import (
// NamespaceReconciler reconciles a Namespace object
type NamespaceReconciler struct {
client.Client
ResourceCloner
LabelKeys []string
AnnotationKeys []string
SubNamespaceLabelKeys []string
Expand Down Expand Up @@ -229,7 +230,7 @@ func (r *NamespaceReconciler) propagateCreate(ctx context.Context, res *unstruct
return err
}

if err := r.Create(ctx, cloneResource(res, ns)); err != nil {
if err := r.Create(ctx, r.cloneResource(res, ns)); err != nil {
return utilerrors.Ignore(err, utilerrors.IsNamespaceTerminating)
}

Expand All @@ -249,14 +250,14 @@ func (r *NamespaceReconciler) propagateUpdate(ctx context.Context, res *unstruct
if !apierrors.IsNotFound(err) {
return err
}
if err := r.Create(ctx, cloneResource(res, ns)); err != nil {
if err := r.Create(ctx, r.cloneResource(res, ns)); err != nil {
return utilerrors.Ignore(err, utilerrors.IsNamespaceTerminating)
}
logger.Info("created a resource", "namespace", ns, "name", res.GetName(), "gvk", gvk.String())
return nil
}

c2 := cloneResource(res, ns)
c2 := r.cloneResource(res, ns)

// Ensure that managed fields are upgraded to SSA before the following SSA.
// TODO(migration): This code could be removed after a couple of releases.
Expand Down
Loading
Loading