Fix src ranges (#371)

* only delete the deployment on ip range update

* fix the allowed_ips update

Author: sroettger

dist/bin/kctf-cluster

@@ -393,7 +393,8 @@ function kctf_cluster_ip_ranges {
   set_cloud_armor_policy "${RANGES}" || return
 
   # stop the operator
-  "${KCTF_BIN}/kubectl" delete -f "${KCTF_CTF_DIR}/kctf/resources/operator.yaml" || return
+  "${KCTF_BIN}/yq" eval "select(.kind == \"Deployment\")" "${KCTF_CTF_DIR}/kctf/resources/operator.yaml" \
+    | "${KCTF_BIN}/kubectl" delete -f - || return
 
   start_operator_gce || return
 }
@@ -407,8 +408,8 @@ function start_operator_gce {
     SUFFIX=$(echo "${PROJECT}-${CLUSTER_NAME}-${ZONE}" | sha1sum)
     POLICY_NAME="kctf-policy-${SUFFIX:0:16}"
     # restart the operator with the new range
-    "${KCTF_BIN}/yq" eval "(((.|select(has(\"spec\"))).spec|select(has(\"template\"))).template.spec.containers[0].env[] | select(.name == \"ALLOWED_IPS\")).value = \"${RANGES}\"" "${KCTF_CTF_DIR}/kctf/resources/operator.yaml" \
-      | "${KCTF_BIN}/yq" eval "(((.|select(has(\"spec\"))).spec|select(has(\"template\"))).template.spec.containers[0].env[] | select(.name == \"SECURITY_POLICY\")).value = \"${POLICY_NAME}\"" - \
+    "${KCTF_BIN}/yq" eval "(select(.kind == \"Deployment\").spec.template.spec.containers[] | select(.name == \"manager\").env[] | select(.name == \"ALLOWED_IPS\").value) |= \"${RANGES}\"" "${KCTF_CTF_DIR}/kctf/resources/operator.yaml" \
+      | "${KCTF_BIN}/yq" eval "(select(.kind == \"Deployment\").spec.template.spec.containers[] | select(.name == \"manager\").env[] | select(.name == \"SECURITY_POLICY\").value) |= \"${POLICY_NAME}\"" - \
       | "${KCTF_BIN}/kubectl" apply -f - || return
   fi
 }