From 360e26a81b3fa9ee50f4dae3ebc8f890a63338fa Mon Sep 17 00:00:00 2001 From: Fabian Wiesel Date: Fri, 9 Jan 2026 15:03:02 +0100 Subject: [PATCH] More Label-Selector support The label-selector flag needs to get exposed as a config value, and the leader election needs to be independent per label. --- charts/openstack-hypervisor-operator/Chart.yaml | 2 +- .../templates/deployment.yaml | 2 ++ charts/openstack-hypervisor-operator/values.yaml | 2 ++ cmd/main.go | 9 ++++++++- config/manager/manager.yaml | 2 ++ 5 files changed, 15 insertions(+), 2 deletions(-) diff --git a/charts/openstack-hypervisor-operator/Chart.yaml b/charts/openstack-hypervisor-operator/Chart.yaml index 610141e..1cd747e 100644 --- a/charts/openstack-hypervisor-operator/Chart.yaml +++ b/charts/openstack-hypervisor-operator/Chart.yaml @@ -2,5 +2,5 @@ apiVersion: v2 name: openstack-hypervisor-operator description: A Helm chart for Kubernetes appVersion: 0.1.0 -version: 0.1.8 +version: 0.2.0 type: application diff --git a/charts/openstack-hypervisor-operator/templates/deployment.yaml b/charts/openstack-hypervisor-operator/templates/deployment.yaml index 07c0178..afabbe8 100644 --- a/charts/openstack-hypervisor-operator/templates/deployment.yaml +++ b/charts/openstack-hypervisor-operator/templates/deployment.yaml @@ -39,6 +39,8 @@ spec: secretKeyRef: key: SERVICE_PASSWORD name: {{ include "openstack-hypervisor-operator.fullname" . }}-secret + - name: LABEL_SELECTOR + value: {{ quote .Values.controllerManager.manager.env.labelSelector }} - name: KUBERNETES_CLUSTER_DOMAIN value: {{ quote .Values.kubernetesClusterDomain }} image: {{ .Values.controllerManager.manager.image.repository }}:{{ .Values.controllerManager.manager.image.tag diff --git a/charts/openstack-hypervisor-operator/values.yaml b/charts/openstack-hypervisor-operator/values.yaml index 00a8245..5dfedaf 100644 --- a/charts/openstack-hypervisor-operator/values.yaml +++ b/charts/openstack-hypervisor-operator/values.yaml @@ -4,12 +4,14 @@ controllerManager: - --metrics-bind-address=:8443 - --leader-elect - --health-probe-bind-address=:8081 + - --label-selector=${LABEL_SELECTOR} containerSecurityContext: allowPrivilegeEscalation: false capabilities: drop: - ALL env: + labelSelector: "" osAuthUrl: "" osProjectDomainName: "" osProjectName: "" diff --git a/cmd/main.go b/cmd/main.go index aa8d6e3..671ddc8 100644 --- a/cmd/main.go +++ b/cmd/main.go @@ -18,6 +18,7 @@ limitations under the License. package main import ( + "crypto/sha256" "crypto/tls" "flag" "fmt" @@ -162,6 +163,7 @@ func main() { bininfo.Component(), bininfo.VersionOr("devel"), gruntime.GOOS, gruntime.GOARCH, bininfo.CommitOr("edge")) + leaderElectionID := "4c28796a.cloud.sap" var cacheOptions cache.Options if global.LabelSelector != "" { setupLog.Info("setting up cache with label selector", "selector", global.LabelSelector) @@ -182,6 +184,11 @@ func main() { }, }, } + + h := sha256.New() + h.Write([]byte(leaderElectionID)) // Seed it with something "unique" to the project + h.Write([]byte(global.LabelSelector)) + leaderElectionID = fmt.Sprintf("%x.cloud.sap", h.Sum(nil)) } mgr, err := ctrl.NewManager(restConfig, ctrl.Options{ @@ -190,7 +197,7 @@ func main() { WebhookServer: webhookServer, HealthProbeBindAddress: probeAddr, LeaderElection: enableLeaderElection, - LeaderElectionID: "4c28796a.cloud.sap", + LeaderElectionID: leaderElectionID, // LeaderElectionReleaseOnCancel defines if the leader should step down voluntarily // when the Manager ends. This requires the binary to immediately end when the // Manager is stopped, otherwise, this setting is unsafe. Setting this significantly diff --git a/config/manager/manager.yaml b/config/manager/manager.yaml index 493bfe8..e20ce8d 100644 --- a/config/manager/manager.yaml +++ b/config/manager/manager.yaml @@ -61,6 +61,7 @@ spec: - args: - --leader-elect - --health-probe-bind-address=:8081 + - --label-selector=${LABEL_SELECTOR} env: - name: OS_AUTH_URL - name: OS_PROJECT_DOMAIN_NAME @@ -73,6 +74,7 @@ spec: secretKeyRef: name: secret key: SERVICE_PASSWORD + - name: LABEL_SELECTOR image: keppel.eu-de-1.cloud.sap/ccloud/openstack-hypervisor-operator:latest name: manager securityContext: