From a66ea81a35879de640dd92bd0323a7aa83e46796 Mon Sep 17 00:00:00 2001 From: Anatolii Bazko Date: Wed, 29 Mar 2023 18:40:43 +0300 Subject: [PATCH] fix: sync should not update labels and annotations for an object (#1649) * fix: sync should not update labels and annotations for an object Signed-off-by: Anatolii Bazko --- .../che-operator.clusterserviceversion.yaml | 4 +- pkg/deploy/sync.go | 20 --------- pkg/deploy/tls/certificates.go | 34 +++++++-------- pkg/deploy/tls/certificates_test.go | 41 +++++++++++++++++++ 4 files changed, 57 insertions(+), 42 deletions(-) diff --git a/bundle/next/eclipse-che/manifests/che-operator.clusterserviceversion.yaml b/bundle/next/eclipse-che/manifests/che-operator.clusterserviceversion.yaml index e212eb5ce..2d3b26c02 100644 --- a/bundle/next/eclipse-che/manifests/che-operator.clusterserviceversion.yaml +++ b/bundle/next/eclipse-che/manifests/che-operator.clusterserviceversion.yaml @@ -77,7 +77,7 @@ metadata: operators.operatorframework.io/project_layout: go.kubebuilder.io/v3 repository: https://github.com/eclipse-che/che-operator support: Eclipse Foundation - name: eclipse-che.v7.64.0-780.next + name: eclipse-che.v7.64.0-782.next namespace: placeholder spec: apiservicedefinitions: {} @@ -1243,7 +1243,7 @@ spec: minKubeVersion: 1.19.0 provider: name: Eclipse Foundation - version: 7.64.0-780.next + version: 7.64.0-782.next webhookdefinitions: - admissionReviewVersions: - v1 diff --git a/pkg/deploy/sync.go b/pkg/deploy/sync.go index 3793af078..1a1e7f8a5 100644 --- a/pkg/deploy/sync.go +++ b/pkg/deploy/sync.go @@ -165,26 +165,6 @@ func UpdateWithClient(client client.Client, deployContext *chetypes.DeployContex fmt.Printf("Difference:\n%s", diff) } - targetLabels := map[string]string{} - targetAnnos := map[string]string{} - - for k, v := range actualMeta.GetAnnotations() { - targetAnnos[k] = v - } - for k, v := range actualMeta.GetLabels() { - targetLabels[k] = v - } - - for k, v := range blueprint.GetAnnotations() { - targetAnnos[k] = v - } - for k, v := range blueprint.GetLabels() { - targetLabels[k] = v - } - - blueprint.SetAnnotations(targetAnnos) - blueprint.SetLabels(targetLabels) - if isUpdateUsingDeleteCreate(actual.GetObjectKind().GroupVersionKind().Kind) { done, err := DeleteWithClient(client, actual) if !done { diff --git a/pkg/deploy/tls/certificates.go b/pkg/deploy/tls/certificates.go index 3364bdfb5..30422d0a4 100644 --- a/pkg/deploy/tls/certificates.go +++ b/pkg/deploy/tls/certificates.go @@ -17,9 +17,7 @@ import ( "reflect" "strings" - k8shelper "github.com/eclipse-che/che-operator/pkg/common/k8s-helper" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/apimachinery/pkg/util/json" "github.com/eclipse-che/che-operator/pkg/common/chetypes" "github.com/eclipse-che/che-operator/pkg/common/constants" @@ -121,14 +119,14 @@ func (c *CertificatesReconciler) syncTrustStoreConfigMapToCluster(ctx *chetypes. // Kubernetes root certificates to Che components. It is needed to use NonCachingClient because the map // initially is not in the cache. func (c *CertificatesReconciler) syncKubernetesRootCertificates(ctx *chetypes.DeployContext) (bool, error) { - certs := &corev1.ConfigMap{} + kubeRootCertsConfigMap := &corev1.ConfigMap{} if err := ctx.ClusterAPI.NonCachingClient.Get( context.TODO(), types.NamespacedName{ Name: KubernetesRootCertificateConfigMapName, Namespace: ctx.CheCluster.Namespace, }, - certs); err != nil { + kubeRootCertsConfigMap); err != nil { if errors.IsNotFound(err) { return true, nil } else { @@ -136,23 +134,19 @@ func (c *CertificatesReconciler) syncKubernetesRootCertificates(ctx *chetypes.De } } - patchData, _ := json.Marshal(corev1.ConfigMap{ - ObjectMeta: metav1.ObjectMeta{ - Labels: map[string]string{ - constants.KubernetesPartOfLabelKey: constants.CheEclipseOrg, - constants.KubernetesComponentLabelKey: CheCACertsConfigMapLabelValue, - }, - }, - }) + if kubeRootCertsConfigMap.GetLabels() == nil { + kubeRootCertsConfigMap.SetLabels(map[string]string{}) + } - _, err := k8shelper.New().GetClientset().CoreV1().ConfigMaps(ctx.CheCluster.Namespace).Patch( - context.TODO(), - KubernetesRootCertificateConfigMapName, - types.MergePatchType, - patchData, - metav1.PatchOptions{}, - ) - return err == nil, err + kubeRootCertsConfigMap.Labels[constants.KubernetesPartOfLabelKey] = constants.CheEclipseOrg + kubeRootCertsConfigMap.Labels[constants.KubernetesComponentLabelKey] = CheCACertsConfigMapLabelValue + + // Set TypeMeta to avoid "cause: no version "" has been registered in scheme" error + kubeRootCertsConfigMap.TypeMeta = metav1.TypeMeta{ + Kind: "ConfigMap", + APIVersion: "v1", + } + return deploy.SyncWithClient(ctx.ClusterAPI.NonCachingClient, ctx, kubeRootCertsConfigMap, deploy.ConfigMapDiffOpts) } func (c *CertificatesReconciler) syncAdditionalCACertsConfigMapToCluster(ctx *chetypes.DeployContext) (bool, error) { diff --git a/pkg/deploy/tls/certificates_test.go b/pkg/deploy/tls/certificates_test.go index 23843f93c..aa8ba42e8 100644 --- a/pkg/deploy/tls/certificates_test.go +++ b/pkg/deploy/tls/certificates_test.go @@ -129,6 +129,47 @@ func TestSyncAdditionalCACertsConfigMapToCluster(t *testing.T) { assert.Equal(t, cacertMerged.ObjectMeta.Annotations["che.eclipse.org/included-configmaps"], "cert1-1.cert2-1") } +func TestSyncKubernetesRootCertificates(t *testing.T) { + caCertsMerged := &corev1.ConfigMap{ + ObjectMeta: metav1.ObjectMeta{ + Name: CheAllCACertsConfigMapName, + Namespace: "eclipse-che", + Labels: map[string]string{ + "app": "che", + "app.kubernetes.io/component": "che", + "app.kubernetes.io/instance": "che", + "app.kubernetes.io/managed-by": "che-operator", + "app.kubernetes.io/name": "che", + "app.kubernetes.io/part-of": "che.eclipse.org", + "component": "che", + }, + }, + } + + kubeRootCert := &corev1.ConfigMap{ + ObjectMeta: metav1.ObjectMeta{ + Name: KubernetesRootCertificateConfigMapName, + Namespace: "eclipse-che", + }, + Data: map[string]string{ + "ca.crt": "root-cert", + }, + } + + ctx := test.GetDeployContext(nil, []runtime.Object{kubeRootCert, caCertsMerged}) + + certificates := NewCertificatesReconciler() + _, _, err := certificates.Reconcile(ctx) + assert.Nil(t, err) + + _, _, err = certificates.Reconcile(ctx) + assert.Nil(t, err) + + _, done, err := certificates.Reconcile(ctx) + assert.Nil(t, err) + assert.True(t, done) +} + func TestSyncGitSelfSignedCertificate(t *testing.T) { cert := &corev1.ConfigMap{ ObjectMeta: metav1.ObjectMeta{