feat: allow to customize the blocked labels

Signed-off-by: Yoan Blanc <[email protected]>
zakkg3 · Nov 12, 2024 · e4760ab · e4760ab
1 parent ff10c28
commit e4760ab
Show file tree

Hide file tree

Showing 8 changed files with 34 additions and 16 deletions.
diff --git a/Makefile b/Makefile
@@ -1,7 +1,7 @@
 IMG_NAMESPACE = flag5
 IMG_NAME = clustersecret
 IMG_FQNAME = $(IMG_NAMESPACE)/$(IMG_NAME)
-IMG_VERSION = 0.0.12
+IMG_VERSION = 0.0.13
 
 .PHONY: container push clean 
 all: container

diff --git a/charts/cluster-secret/Chart.yaml b/charts/cluster-secret/Chart.yaml
@@ -3,11 +3,11 @@ name: cluster-secret
 description: ClusterSecret Operator
 kubeVersion: '>= 1.25.0-0'
 type: application
-version: 0.4.4
+version: 0.5.0
 icon: https://clustersecret.com/assets/csninjasmall.png
 sources:
 - https://github.com/zakkg3/ClusterSecret
-appVersion: "0.0.12"
+appVersion: "0.0.13"
 maintainers:
 - email: [email protected]
   name: zakkg3
diff --git a/charts/cluster-secret/templates/deployment.yaml b/charts/cluster-secret/templates/deployment.yaml
@@ -35,6 +35,7 @@ spec:
       {{- end }}
       containers:
       - env:
+        {{- .Values.env | default [] | toYAML | nindent 8 }}
         - name: KUBERNETES_CLUSTER_DOMAIN
           value: {{ .Values.kubernetesClusterDomain }}
         - name: CLUSTER_SECRET_VERSION

diff --git a/charts/cluster-secret/values.yaml b/charts/cluster-secret/values.yaml
@@ -7,6 +7,11 @@ image:
   # Default is to ignore it via false setting. (to not loose any unintentional data)
   # It can also be replaced, just set value to true.
   replace_existing: 'false'
+
+env:
+  - name: BLOCKED_LABELS
+    value: app.kubernetes.io # it's a comma (,) separated list
+
 kubernetesClusterDomain: cluster.local
 
 

diff --git a/src/consts.py b/src/consts.py
@@ -9,5 +9,6 @@
 
 CLUSTER_SECRET_LABEL = "clustersecret.io"
 
-BLACK_LISTED_ANNOTATIONS = ["kopf.zalando.org", "kubectl.kubernetes.io"]
-BLACK_LISTED_LABELS = ["app.kubernetes.io"]
+BLOCKED_ANNOTATIONS = ["kopf.zalando.org", "kubectl.kubernetes.io"]
+
+BLOCKED_LABELS = ["app.kubernetes.io"]
diff --git a/src/kubernetes_utils.py b/src/kubernetes_utils.py
@@ -6,9 +6,9 @@
 import kopf
 from kubernetes.client import CoreV1Api, CustomObjectsApi, exceptions, V1ObjectMeta, rest, V1Secret
 
-from os_utils import get_replace_existing, get_version
-from consts import CREATE_BY_ANNOTATION, LAST_SYNC_ANNOTATION, VERSION_ANNOTATION, BLACK_LISTED_ANNOTATIONS, \
-    BLACK_LISTED_LABELS, CREATE_BY_AUTHOR, CLUSTER_SECRET_LABEL
+from os_utils import get_blocked_labels, get_replace_existing, get_version
+from consts import CREATE_BY_ANNOTATION, LAST_SYNC_ANNOTATION, VERSION_ANNOTATION, BLOCKED_ANNOTATIONS, \
+    CREATE_BY_AUTHOR, CLUSTER_SECRET_LABEL
 
 
 def patch_clustersecret_status(
@@ -309,8 +309,8 @@ def filter_dict(
         LAST_SYNC_ANNOTATION: datetime.now().isoformat(),
     }
 
-    _annotations = filter_dict(BLACK_LISTED_ANNOTATIONS, base_annotations, annotations)
-    _labels = filter_dict(BLACK_LISTED_LABELS, base_labels, labels)
+    _annotations = filter_dict(BLOCKED_ANNOTATIONS, base_annotations, annotations)
+    _labels = filter_dict(get_blocked_labels(), base_labels, labels)
     return V1ObjectMeta(
         name=name,
         namespace=namespace,

diff --git a/src/os_utils.py b/src/os_utils.py
@@ -1,19 +1,30 @@
 import os
+from functools import cache
 
+from consts import BLOCKED_LABELS
 
+
+@cache
 def get_version() -> str:
     """
     Wrapper for CLUSTER_SECRET_VERSION variable environment
     """
     return os.getenv('CLUSTER_SECRET_VERSION', '0')
 
 
+@cache
 def get_replace_existing() -> bool:
-
     replace_existing = os.getenv('REPLACE_EXISTING', 'false')
     return replace_existing.lower() == 'true'
 
 
+@cache
+def get_blocked_labels() -> list[str]:
+    blocked_labels = os.getenv('BLOCKED_LABELS', ','.join(BLOCKED_LABELS))
+    return [label.strip() for label in blocked_labels.split(',')]
+
+
+@cache
 def in_cluster() -> bool:
     """
     Whether we are running in cluster (on the pod)  or outside (debug mode.)

diff --git a/src/tests/test_kubernetes_utils.py b/src/tests/test_kubernetes_utils.py
@@ -6,10 +6,10 @@
 
 from kubernetes.client import V1ObjectMeta
 
-from consts import CREATE_BY_ANNOTATION, LAST_SYNC_ANNOTATION, VERSION_ANNOTATION, BLACK_LISTED_ANNOTATIONS, \
-    BLACK_LISTED_LABELS, CREATE_BY_AUTHOR, CLUSTER_SECRET_LABEL
+from consts import CREATE_BY_ANNOTATION, LAST_SYNC_ANNOTATION, VERSION_ANNOTATION, BLOCKED_ANNOTATIONS, \
+    CREATE_BY_AUTHOR, CLUSTER_SECRET_LABEL
 from kubernetes_utils import get_ns_list, create_secret_metadata
-from os_utils import get_version
+from os_utils import get_version, get_blocked_labels
 
 USER_NAMESPACE_COUNT = 10
 initial_namespaces = ['default', 'kube-node-lease', 'kube-public', 'kube-system']
@@ -100,8 +100,8 @@ def test_create_secret_metadata(self) -> None:
         ]
 
         attributes_black_lists = dict(
-            labels=BLACK_LISTED_LABELS,
-            annotations=BLACK_LISTED_ANNOTATIONS,
+            labels=get_blocked_labels(),
+            annotations=BLOCKED_ANNOTATIONS,
         )
 
         test_cases: list[Tuple[dict[str, str], dict[str, str]]] = [