Labels in DragonFly STS #398
Description
With the following resource, I'd expect the created pods to have the labels from spec.labels, however, they don't, so I get OPA gatekeeper complains.
apiVersion: dragonflydb.io/v1alpha1
kind: Dragonfly
metadata:
labels:
app.kubernetes.io/name: dragonfly
app.kubernetes.io/instance: dragonfly-sample
app.kubernetes.io/part-of: dragonfly-operator
app.kubernetes.io/managed-by: kustomize
app.kubernetes.io/created-by: dragonfly-operator
contact/owner: EngOps
contact/help.slack: engops-help
contact/alerts.slack: engops-notifications
contact/alerts.pagerduty: Kubernetes_B.Hours
contact/jira: ENGOPS
name: dragonfly-sample
namespace: test-dragonfly-operator
spec:
labels:
contact/owner: EngOps
contact/jira: ENGOPS
contact/help.slack: engops-help
contact/alerts.slack: engops-notifications
contact/alerts.pagerduty: Kubernetes_B.Hours
replicas: 2
resources:
requests:
cpu: 500m
memory: 500Mi
limits:
cpu: 600m
memory: 750Mi
manager 2025-10-14T09:41:47Z INFO reconciling dragonfly instance {"controller": "Dragonfly", "controllerGroup": "dragonflydb.io", "controllerKind": "Dragonfly", "Dragonfly": {"name":"dragonfly-sample","namespace":"test-dragonfly-operator"}, "namespace": "test-dragonfly-operator", "name": "dragonfly-sample", "reconcileID": "0b64e3df-635d-4c46-b248-8386029ce82d"}
manager 2025-10-14T09:41:47Z INFO reconciling dragonfly resource {"controller": "Dragonfly", "controllerGroup": "dragonflydb.io", "controllerKind": "Dragonfly", "Dragonfly": {"name":"dragonfly-sample","namespace":"test-dragonfly-operator"}, "namespace": "test-dragonfly-operator", "name": "dragonfly-sample", "reconcileID": "0b64e3df-635d-4c46-b248-8386029ce82d", "kind": "StatefulSet", "namespace": "test-dragonfly-operator", "Name": "dragonfly-sample"}
manager 2025-10-14T09:41:47Z INFO KubeAPIWarningLogger [non-default-sa[] [Implied by expand-workload-pods] Required spec.serviceAccountName is missing from pod template
manager 2025-10-14T09:41:47Z INFO KubeAPIWarningLogger [repo-is-approved[] [Implied by expand-workload-pods] container <dragonfly> has an invalid image repo <docker.dragonflydb.io/dragonflydb/dragonfly:v1.34.1>, allowed repos are ["nexus.aveng.me:5000/.*", ".*amazonaws.com/.*", "public.ecr.aws/eks/aws-load-balancer-controller:.*"]
manager 2025-10-14T09:41:47Z ERROR Reconciler error {"controller": "Dragonfly", "controllerGroup": "dragonflydb.io", "controllerKind": "Dragonfly", "Dragonfly": {"name":"dragonfly-sample","namespace":"test-dragonfly-operator"}, "namespace": "test-dragonfly-operator", "name": "dragonfly-sample", "reconcileID": "0b64e3df-635d-4c46-b248-8386029ce82d", "error": "failed to reconcile dragonfly resources: failed to create resource: admission webhook \"validation.gatekeeper.sh\" denied the request: [objects-must-have-labels] you must provide labels: {\"contact/alerts.slack\", \"contact/help.slack\", \"contact/jira\", \"contact/owner\"}"}
manager sigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller[...]).reconcileHandler
manager /go/pkg/mod/sigs.k8s.io/[email protected]/pkg/internal/controller/controller.go:347
manager sigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller[...]).processNextWorkItem
manager /go/pkg/mod/sigs.k8s.io/[email protected]/pkg/internal/controller/controller.go:294
manager sigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller[...]).Start.func2.2
manager /go/pkg/mod/sigs.k8s.io/[email protected]/pkg/internal/controller/controller.go:255