fix: sync should not update labels and annotations for an object (#1649)

* fix: sync should not update labels and annotations for an object Signed-off-by: Anatolii Bazko <abazko@redhat.com>
2023-03-29 18:40:43 +03:00 · 2023-03-29 18:40:43 +03:00 · a66ea81a35
parent 7207630a3c
commit a66ea81a35
4 changed files with 57 additions and 42 deletions
--- a/bundle/next/eclipse-che/manifests/che-operator.clusterserviceversion.yaml
+++ b/bundle/next/eclipse-che/manifests/che-operator.clusterserviceversion.yaml
@ -77,7 +77,7 @@ metadata:
    operators.operatorframework.io/project_layout: go.kubebuilder.io/v3
    repository: https://github.com/eclipse-che/che-operator
    support: Eclipse Foundation
-  name: eclipse-che.v7.64.0-780.next
+  name: eclipse-che.v7.64.0-782.next
  namespace: placeholder
 spec:
  apiservicedefinitions: {}
@ -1243,7 +1243,7 @@ spec:
  minKubeVersion: 1.19.0
  provider:
    name: Eclipse Foundation
-  version: 7.64.0-780.next
+  version: 7.64.0-782.next
  webhookdefinitions:
    - admissionReviewVersions:
        - v1
--- a/pkg/deploy/sync.go
+++ b/pkg/deploy/sync.go
@ -165,26 +165,6 @@ func UpdateWithClient(client client.Client, deployContext *chetypes.DeployContex
 			fmt.Printf("Difference:\n%s", diff)
 		}

-		targetLabels := map[string]string{}
-		targetAnnos := map[string]string{}
-
-		for k, v := range actualMeta.GetAnnotations() {
-			targetAnnos[k] = v
-		}
-		for k, v := range actualMeta.GetLabels() {
-			targetLabels[k] = v
-		}
-
-		for k, v := range blueprint.GetAnnotations() {
-			targetAnnos[k] = v
-		}
-		for k, v := range blueprint.GetLabels() {
-			targetLabels[k] = v
-		}
-
-		blueprint.SetAnnotations(targetAnnos)
-		blueprint.SetLabels(targetLabels)
-
 		if isUpdateUsingDeleteCreate(actual.GetObjectKind().GroupVersionKind().Kind) {
 			done, err := DeleteWithClient(client, actual)
 			if !done {
--- a/pkg/deploy/tls/certificates.go
+++ b/pkg/deploy/tls/certificates.go
@ -17,9 +17,7 @@ import (
 	"reflect"
 	"strings"

-	k8shelper "github.com/eclipse-che/che-operator/pkg/common/k8s-helper"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
-	"k8s.io/apimachinery/pkg/util/json"

 	"github.com/eclipse-che/che-operator/pkg/common/chetypes"
 	"github.com/eclipse-che/che-operator/pkg/common/constants"
@ -121,14 +119,14 @@ func (c *CertificatesReconciler) syncTrustStoreConfigMapToCluster(ctx *chetypes.
 // Kubernetes root certificates to Che components. It is needed to use NonCachingClient because the map
 // initially is not in the cache.
 func (c *CertificatesReconciler) syncKubernetesRootCertificates(ctx *chetypes.DeployContext) (bool, error) {
-	certs := &corev1.ConfigMap{}
+	kubeRootCertsConfigMap := &corev1.ConfigMap{}
 	if err := ctx.ClusterAPI.NonCachingClient.Get(
 		context.TODO(),
 		types.NamespacedName{
 			Name:      KubernetesRootCertificateConfigMapName,
 			Namespace: ctx.CheCluster.Namespace,
 		},
-		certs); err != nil {
+		kubeRootCertsConfigMap); err != nil {
 		if errors.IsNotFound(err) {
 			return true, nil
 		} else {
@ -136,23 +134,19 @@ func (c *CertificatesReconciler) syncKubernetesRootCertificates(ctx *chetypes.De
 		}
 	}

-	patchData, _ := json.Marshal(corev1.ConfigMap{
-		ObjectMeta: metav1.ObjectMeta{
-			Labels: map[string]string{
-				constants.KubernetesPartOfLabelKey:    constants.CheEclipseOrg,
-				constants.KubernetesComponentLabelKey: CheCACertsConfigMapLabelValue,
-			},
-		},
-	})
+	if kubeRootCertsConfigMap.GetLabels() == nil {
+		kubeRootCertsConfigMap.SetLabels(map[string]string{})
+	}

-	_, err := k8shelper.New().GetClientset().CoreV1().ConfigMaps(ctx.CheCluster.Namespace).Patch(
-		context.TODO(),
-		KubernetesRootCertificateConfigMapName,
-		types.MergePatchType,
-		patchData,
-		metav1.PatchOptions{},
-	)
-	return err == nil, err
+	kubeRootCertsConfigMap.Labels[constants.KubernetesPartOfLabelKey] = constants.CheEclipseOrg
+	kubeRootCertsConfigMap.Labels[constants.KubernetesComponentLabelKey] = CheCACertsConfigMapLabelValue
+
+	// Set TypeMeta to avoid "cause: no version "" has been registered in scheme" error
+	kubeRootCertsConfigMap.TypeMeta = metav1.TypeMeta{
+		Kind:       "ConfigMap",
+		APIVersion: "v1",
+	}
+	return deploy.SyncWithClient(ctx.ClusterAPI.NonCachingClient, ctx, kubeRootCertsConfigMap, deploy.ConfigMapDiffOpts)
 }

 func (c *CertificatesReconciler) syncAdditionalCACertsConfigMapToCluster(ctx *chetypes.DeployContext) (bool, error) {
--- a/pkg/deploy/tls/certificates_test.go
+++ b/pkg/deploy/tls/certificates_test.go
@ -129,6 +129,47 @@ func TestSyncAdditionalCACertsConfigMapToCluster(t *testing.T) {
 	assert.Equal(t, cacertMerged.ObjectMeta.Annotations["che.eclipse.org/included-configmaps"], "cert1-1.cert2-1")
 }

+func TestSyncKubernetesRootCertificates(t *testing.T) {
+	caCertsMerged := &corev1.ConfigMap{
+		ObjectMeta: metav1.ObjectMeta{
+			Name:      CheAllCACertsConfigMapName,
+			Namespace: "eclipse-che",
+			Labels: map[string]string{
+				"app":                          "che",
+				"app.kubernetes.io/component":  "che",
+				"app.kubernetes.io/instance":   "che",
+				"app.kubernetes.io/managed-by": "che-operator",
+				"app.kubernetes.io/name":       "che",
+				"app.kubernetes.io/part-of":    "che.eclipse.org",
+				"component":                    "che",
+			},
+		},
+	}
+
+	kubeRootCert := &corev1.ConfigMap{
+		ObjectMeta: metav1.ObjectMeta{
+			Name:      KubernetesRootCertificateConfigMapName,
+			Namespace: "eclipse-che",
+		},
+		Data: map[string]string{
+			"ca.crt": "root-cert",
+		},
+	}
+
+	ctx := test.GetDeployContext(nil, []runtime.Object{kubeRootCert, caCertsMerged})
+
+	certificates := NewCertificatesReconciler()
+	_, _, err := certificates.Reconcile(ctx)
+	assert.Nil(t, err)
+
+	_, _, err = certificates.Reconcile(ctx)
+	assert.Nil(t, err)
+
+	_, done, err := certificates.Reconcile(ctx)
+	assert.Nil(t, err)
+	assert.True(t, done)
+}
+
 func TestSyncGitSelfSignedCertificate(t *testing.T) {
 	cert := &corev1.ConfigMap{
 		ObjectMeta: metav1.ObjectMeta{