Merge pull request #152 from greut/fix/argocd-labels

feat: allow to customize the blocked labels

Author: axel7083

Makefile

@@ -1,7 +1,7 @@
 IMG_NAMESPACE = flag5
 IMG_NAME = clustersecret
 IMG_FQNAME = $(IMG_NAMESPACE)/$(IMG_NAME)
-IMG_VERSION = 0.0.12
+IMG_VERSION = 0.0.13
 
 .PHONY: container push clean 
 all: container

charts/cluster-secret/Chart.yaml

@@ -3,11 +3,11 @@ name: cluster-secret
 description: ClusterSecret Operator
 kubeVersion: '>= 1.25.0-0'
 type: application
-version: 0.4.5
+version: 0.5.0
 icon: https://clustersecret.com/assets/csninjasmall.png
 sources:
 - https://github.com/zakkg3/ClusterSecret
-appVersion: "0.0.12"
+appVersion: "0.0.13"
 maintainers:
 - email: [email protected]
   name: zakkg3

charts/cluster-secret/templates/deployment.yaml

@@ -35,6 +35,7 @@ spec:
       {{- end }}
       containers:
       - env:
+        {{- .Values.env | toYaml | nindent 8 }}
         - name: KUBERNETES_CLUSTER_DOMAIN
           value: {{ .Values.kubernetesClusterDomain }}
         - name: CLUSTER_SECRET_VERSION

charts/cluster-secret/values.yaml

@@ -9,6 +9,10 @@ image:
 # It can also be replaced, just set value to true.
 replace_existing: 'false'
 
+env:
+  - name: BLOCKED_LABELS
+    value: app.kubernetes.io  # a comma (,) separated list
+
 kubernetesClusterDomain: cluster.local
 
 nodeSelector: {}

src/consts.py

@@ -9,5 +9,6 @@
 
 CLUSTER_SECRET_LABEL = "clustersecret.io"
 
-BLACK_LISTED_ANNOTATIONS = ["kopf.zalando.org", "kubectl.kubernetes.io"]
-BLACK_LISTED_LABELS = ["app.kubernetes.io"]
+BLOCKED_ANNOTATIONS = ["kopf.zalando.org", "kubectl.kubernetes.io"]
+
+BLOCKED_LABELS = ["app.kubernetes.io"]

src/kubernetes_utils.py

@@ -6,9 +6,9 @@
 import kopf
 from kubernetes.client import CoreV1Api, CustomObjectsApi, exceptions, V1ObjectMeta, rest, V1Secret
 
-from os_utils import get_replace_existing, get_version
-from consts import CREATE_BY_ANNOTATION, LAST_SYNC_ANNOTATION, VERSION_ANNOTATION, BLACK_LISTED_ANNOTATIONS, \
-    BLACK_LISTED_LABELS, CREATE_BY_AUTHOR, CLUSTER_SECRET_LABEL
+from os_utils import get_blocked_labels, get_replace_existing, get_version
+from consts import CREATE_BY_ANNOTATION, LAST_SYNC_ANNOTATION, VERSION_ANNOTATION, BLOCKED_ANNOTATIONS, \
+    CREATE_BY_AUTHOR, CLUSTER_SECRET_LABEL
 
 
 def patch_clustersecret_status(
@@ -309,8 +309,8 @@ def filter_dict(
         LAST_SYNC_ANNOTATION: datetime.now().isoformat(),
     }
 
-    _annotations = filter_dict(BLACK_LISTED_ANNOTATIONS, base_annotations, annotations)
-    _labels = filter_dict(BLACK_LISTED_LABELS, base_labels, labels)
+    _annotations = filter_dict(BLOCKED_ANNOTATIONS, base_annotations, annotations)
+    _labels = filter_dict(get_blocked_labels(), base_labels, labels)
     return V1ObjectMeta(
         name=name,
         namespace=namespace,

src/os_utils.py

@@ -1,19 +1,32 @@
 import os
+from functools import cache
 
+from consts import BLOCKED_LABELS
 
+
+@cache
 def get_version() -> str:
     """
     Wrapper for CLUSTER_SECRET_VERSION variable environment
     """
     return os.getenv('CLUSTER_SECRET_VERSION', '0')
 
 
+@cache
 def get_replace_existing() -> bool:
-
     replace_existing = os.getenv('REPLACE_EXISTING', 'false')
     return replace_existing.lower() == 'true'
 
 
+@cache
+def get_blocked_labels() -> list[str]:
+    if blocked_labels := os.getenv('BLOCKED_LABELS'):
+        return [label.strip() for label in blocked_labels.split(',')]
+
+    return BLOCKED_LABELS
+
+
+@cache
 def in_cluster() -> bool:
     """
     Whether we are running in cluster (on the pod)  or outside (debug mode.)

src/tests/test_kubernetes_utils.py

@@ -6,10 +6,10 @@
 
 from kubernetes.client import V1ObjectMeta
 
-from consts import CREATE_BY_ANNOTATION, LAST_SYNC_ANNOTATION, VERSION_ANNOTATION, BLACK_LISTED_ANNOTATIONS, \
-    BLACK_LISTED_LABELS, CREATE_BY_AUTHOR, CLUSTER_SECRET_LABEL
+from consts import CREATE_BY_ANNOTATION, LAST_SYNC_ANNOTATION, VERSION_ANNOTATION, BLOCKED_ANNOTATIONS, \
+    CREATE_BY_AUTHOR, CLUSTER_SECRET_LABEL
 from kubernetes_utils import get_ns_list, create_secret_metadata
-from os_utils import get_version
+from os_utils import get_version, get_blocked_labels
 
 USER_NAMESPACE_COUNT = 10
 initial_namespaces = ['default', 'kube-node-lease', 'kube-public', 'kube-system']
@@ -99,9 +99,9 @@ def test_create_secret_metadata(self) -> None:
             (LAST_SYNC_ANNOTATION, is_iso_format)
         ]
 
-        attributes_black_lists = dict(
-            labels=BLACK_LISTED_LABELS,
-            annotations=BLACK_LISTED_ANNOTATIONS,
+        attributes_blocked_lists = dict(
+            labels=get_blocked_labels(),
+            annotations=BLOCKED_ANNOTATIONS,
         )
 
         test_cases: list[Tuple[dict[str, str], dict[str, str]]] = [
@@ -140,15 +140,15 @@ def test_create_secret_metadata(self) -> None:
 
             self.assertIsInstance(obj=subject, cls=V1ObjectMeta, msg='returned value has correct type')
 
-            for attribute, black_list in attributes_black_lists.items():
+            for attribute, blocked_list in attributes_blocked_lists.items():
                 attribute_object = subject.__getattribute__(attribute)
                 self.assertIsNotNone(obj=attribute_object, msg=f'attribute "{attribute}" is not None')
 
                 for key in attribute_object.keys():
                     self.assertIsInstance(obj=key, cls=str, msg=f'the {attribute} key is a string')
-                    for black_listed_label_prefix in black_list:
+                    for blocked_listed_label_prefix in blocked_list:
                         self.assertFalse(
-                            expr=key.startswith(black_listed_label_prefix),
+                            expr=key.startswith(blocked_listed_label_prefix),
                             msg=f'{attribute} key does not match black listed prefix'
                         )