cleanup[BREAKING]: Templatize and cleanup labeling on resources

gremlin/templates/_helpers.tpl

@@ -31,6 +31,26 @@ Create chart name and version as used by the chart label.
 {{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
 {{- end -}}
 
+{{/*
+Common labels
+*/}}
+{{- define "gremlin.labels" -}}
+helm.sh/chart: {{ include "gremlin.chart" . }}
+{{ include "gremlin.selectorLabels" . }}
+{{- if .Chart.AppVersion }}
+app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
+{{- end }}
+app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end }}
+
+{{/*
+Selector labels
+*/}}
+{{- define "gremlin.selectorLabels" -}}
+app.kubernetes.io/name: {{ include "gremlin.name" . }}
+app.kubernetes.io/instance: {{ .Release.Name }}
+{{- end }}
+
 {{/*
 Because we've evolved the recommended way to pass the secret name over time, we hide the following order of operations behind this computed value:
 In later versions of this chart, we will remove the use of the fallback value of `gremlin-team-cert`

gremlin/templates/apparmor-configmap.yaml

@@ -4,6 +4,8 @@ kind: ConfigMap
 metadata:
   name: {{ .Release.Name }}-apparmor-profile-content
   namespace: {{ .Release.Namespace }}
+  labels:
+    {{- include "gremlin.labels" . | nindent 4 }}
 data:
   agent_apparmor.profile: |-
     {{ .Files.Get "agent_apparmor.profile" | nindent 4 | trim }}

gremlin/templates/apparmor-loader.yaml

@@ -6,24 +6,19 @@ metadata:
   # Namespace must match that of the ConfigMap.
   namespace: {{ .Release.Namespace}}
   labels:
-    daemon: apparmor-loader
-    helm.sh/chart: {{ include "gremlin.chart" . }}
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/managed-by: {{ .Release.Service }}
-    version: v1
+    {{- include "gremlin.labels" . | nindent 4 }}
+    app.kubernetes.io/component: apparmor-loader
 spec:
   selector:
     matchLabels:
-      daemon: apparmor-loader
+      {{- include "gremlin.selectorLabels" . | nindent 6 }}
+      app.kubernetes.io/component: apparmor-loader
   template:
     metadata:
       name: apparmor-loader
       labels:
-        daemon: apparmor-loader
-        helm.sh/chart: {{ include "gremlin.chart" . }}
-        app.kubernetes.io/instance: {{ .Release.Name }}
-        app.kubernetes.io/managed-by: {{ .Release.Service }}
-        version: v1
+        {{- include "gremlin.labels" . | nindent 8 }}
+        app.kubernetes.io/component: apparmor-loader
     {{- if .Values.gremlin.podSecurity.seccomp.enabled }}
       annotations:
         container.seccomp.security.alpha.kubernetes.io/{{ .Chart.Name }}: {{ .Values.gremlin.podSecurity.seccomp.profile }}

gremlin/templates/chao-deployment.yaml

@@ -2,16 +2,14 @@
 apiVersion: apps/v1
 kind: Deployment
 metadata:
+  name: chao
+  namespace: {{ .Release.Namespace }}
   labels:
-    app.kubernetes.io/instance: chao
-    app.kubernetes.io/name: chao
-    helm.sh/chart: {{ include "gremlin.chart" . }}
-    app.kubernetes.io/version: "1"
+    {{- include "gremlin.labels" . | nindent 4 }}
+    app.kubernetes.io/component: chao
     {{- if .Values.chao.podLabels }}
     {{- toYaml .Values.chao.podLabels | nindent 4 }}
     {{- end }}
-  name: chao
-  namespace: {{ .Release.Namespace }}
 spec:
   replicas: 1
   {{- if .Values.chao.updateStrategy }}
@@ -20,16 +18,13 @@ spec:
   {{- end }}
   selector:
     matchLabels:
-      app.kubernetes.io/instance: chao
-      app.kubernetes.io/name: chao
-      app.kubernetes.io/version: "1"
+      {{ include "gremlin.selectorLabels" . | nindent 6 }}
+      app.kubernetes.io/component: chao
   template:
     metadata:
       labels:
-        app.kubernetes.io/instance: chao
-        app.kubernetes.io/name: chao
-        helm.sh/chart: {{ include "gremlin.chart" . }}
-        app.kubernetes.io/version: "1"
+        {{ include "gremlin.labels" . | nindent 8 }}
+        app.kubernetes.io/component: chao
         {{- if .Values.chao.podLabels }}
         {{- toYaml .Values.chao.podLabels | nindent 8 }}
         {{- end }}

gremlin/templates/chao-service-account.yaml

@@ -5,6 +5,12 @@ kind: ServiceAccount
 metadata:
   name: chao
   namespace: {{ .Release.Namespace }}
+  labels:
+    {{- include "gremlin.labels" . | nindent 4 }}
+    app.kubernetes.io/component: chao
+    {{- if .Values.chao.serviceAccount.labels }}
+    {{- toYaml .Values.chao.serviceAccount.labels | nindent 4 }}
+    {{- end }}
   annotations:
     {{- with .Values.chao.serviceAccount.annotations }}
       {{- toYaml . | nindent 4 }}
@@ -29,7 +35,7 @@ rules:
     verbs: ["get", "watch", "list"]
   - apiGroups: ["argoproj.io"]
     resources: ["rollouts"]
-    verbs: ["get", "list", "watch"]    
+    verbs: ["get", "list", "watch"]
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRoleBinding

gremlin/templates/daemonset.yaml

@@ -4,30 +4,25 @@ metadata:
   name: {{ include "gremlin.fullname" . }}
   namespace: {{ .Release.Namespace }}
   labels:
-    app.kubernetes.io/name: {{ include "gremlin.name" . }}
-    helm.sh/chart: {{ include "gremlin.chart" . }}
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/managed-by: {{ .Release.Service }}
-    version: v1
+    {{- include "gremlin.labels" . | nindent 4 }}
+    app.kubernetes.io/component: agent
     {{- if .Values.gremlin.podLabels }}
     {{- toYaml .Values.gremlin.podLabels | nindent 4 }}
     {{- end }}
 spec:
   selector:
     matchLabels:
-      app.kubernetes.io/name: {{ include "gremlin.name" . }}
+      {{ include "gremlin.selectorLabels" . | nindent 6 }}
+      app.kubernetes.io/component: agent
   {{- if .Values.gremlin.updateStrategy }}
   updateStrategy:
     {{- toYaml .Values.gremlin.updateStrategy | nindent 4 }}
   {{- end }}
   template:
     metadata:
       labels:
-        app.kubernetes.io/name: {{ include "gremlin.name" . }}
-        helm.sh/chart: {{ include "gremlin.chart" . }}
-        app.kubernetes.io/instance: {{ .Release.Name }}
-        app.kubernetes.io/managed-by: {{ .Release.Service }}
-        version: v1
+        {{ include "gremlin.labels" . | nindent 8 }}
+        app.kubernetes.io/component: agent
         {{- if .Values.gremlin.podLabels }}
         {{- toYaml .Values.gremlin.podLabels | nindent 8 }}
         {{- end }}

gremlin/templates/gremlin-scc.yaml

@@ -3,11 +3,13 @@
 kind: SecurityContextConstraints
 apiVersion: security.openshift.io/v1
 metadata:
+  name: gremlin
+  labels:
+    {{- include "gremlin.labels" . | nindent 4 }}
   annotations:
     kubernetes.io/description: 'This SCC provides as many restrictions from the `restricted` SCC as possible while
     allowing host mounts, any UID by a pod, and forces the process to run as the gremlin.process SELinux type. This is
     intended to be used solely by  Gremlin. WARNING: this SCC allows host file system access as root Grant with caution.'
-  name: gremlin
 allowHostDirVolumePlugin: {{ .Values.gremlin.podSecurity.securityContextConstraints.allowHostDirVolumePlugin }}
 allowHostIPC: false
 allowHostNetwork: {{ .Values.gremlin.hostNetwork }}

gremlin/templates/gremlin-seccomp-configmap.yaml

@@ -6,11 +6,7 @@ metadata:
   name: {{ template "gremlin.fullname" . }}-seccomp
   namespace: {{ .Release.Namespace }}
   labels:
-    helm.sh/chart: {{ include "gremlin.chart" . }}
-    app.kubernetes.io/name: {{ include "gremlin.fullname" . }}
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/managed-by: {{ .Release.Service }}
-    app.kubernetes.io/version: "1"
+    {{- include "gremlin.labels" . | nindent 4 }}
 data:
   # The following profile extends Docker's default seccomp profile, adding `keyctl` and `pivot_root` to the list of
   # allowed syscalls.
@@ -840,4 +836,4 @@ data:
         }
       ]
     }
-{{- end }}
+{{- end }}

gremlin/templates/gremlin-service-account.yaml

@@ -5,6 +5,12 @@ kind: ServiceAccount
 metadata:
   name: gremlin
   namespace: {{ .Release.Namespace }}
+  labels:
+    {{- include "gremlin.labels" . | nindent 4 }}
+    app.kubernetes.io/component: agent
+    {{- if .Values.chao.serviceAccount.labels }}
+    {{- toYaml .Values.chao.serviceAccount.labels | nindent 4 }}
+    {{- end }}
   annotations:
     {{- with .Values.gremlin.serviceAccount.annotations }}
       {{- toYaml . | nindent 4 }}
@@ -14,6 +20,8 @@ apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
 metadata:
   name: gremlin-metadata-reader
+  labels:
+    {{- include "gremlin.labels" . | nindent 4 }}
 rules:
   - apiGroups: [""]
     resources:
@@ -32,6 +40,8 @@ apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRoleBinding
 metadata:
   name: gremlin-metadata-reader
+  labels:
+    {{- include "gremlin.labels" . | nindent 4 }}
 subjects:
   - kind: ServiceAccount
     name: gremlin
@@ -78,6 +88,7 @@ kind: Role
 metadata:
   name: scc:gremlin
   labels:
+    {{- include "gremlin.labels" . | nindent 4 }}
     addonmanager.kubernetes.io/mode: EnsureExists
 rules:
 - apiGroups: ['security.openshift.io']
@@ -91,6 +102,7 @@ kind: RoleBinding
 metadata:
   name: default:gremlin
   labels:
+    {{- include "gremlin.labels" . | nindent 4 }}
     addonmanager.kubernetes.io/mode: EnsureExists
 roleRef:
   apiGroup: rbac.authorization.k8s.io

gremlin/templates/secret-ssl-cert-file.yaml

@@ -6,11 +6,7 @@ metadata:
   name: ssl-cert-file
   namespace: {{ .Release.Namespace }}
   labels:
-    app.kubernetes.io/name: {{ include "gremlin.name" . }}
-    helm.sh/chart: {{ include "gremlin.chart" . }}
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/managed-by: {{ .Release.Service }}
-    version: v1
+    {{- include "gremlin.labels" . | nindent 4 }}
 type: kubernetes.io/Opaque
 data:
   certfile.pem: {{ default .Values.ssl.certFile | toString | b64enc }}

gremlin/templates/secret.yaml

@@ -6,11 +6,7 @@ metadata:
   name: {{ include "gremlin.secretName" . }}
   namespace: {{ .Release.Namespace }}
   labels:
-    app.kubernetes.io/name: {{ include "gremlin.name" . }}
-    helm.sh/chart: {{ include "gremlin.chart" . }}
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/managed-by: {{ .Release.Service }}
-    version: v1
+    {{- include "gremlin.labels" . | nindent 4 }}
 type: kubernetes.io/Opaque
 stringData:
   GREMLIN_CLUSTER_ID: {{ default .Values.gremlin.clusterID .Values.gremlin.secret.clusterID | required "required: .Values.gremlin.secret.clusterID" | toString }}

gremlin/tests/chao_deployment_test.yaml

@@ -6,7 +6,19 @@ release:
   namespace: my-namespace
   revision: 1
   upgrade: true
+chart:
+  version: 1.0.0
 tests:
+  - it: should set the correct default labels and annotations
+    asserts:
+      - isSubset:
+          path: metadata.labels
+          content:
+            app.kubernetes.io/component: chao
+            app.kubernetes.io/instance: my-release
+            app.kubernetes.io/managed-by: Helm
+            app.kubernetes.io/name: gremlin
+            helm.sh/chart: gremlin-1.0.0
   - it: should create a deployment
     set:
       chao.create: true
@@ -19,6 +31,24 @@ tests:
       - equal:
           path: metadata.namespace
           value: my-namespace
+  - it: should set the correct labels on the pods
+    asserts:
+      - isSubset:
+          path: spec.template.metadata.labels
+          content:
+            app.kubernetes.io/component: chao
+            app.kubernetes.io/instance: my-release
+            app.kubernetes.io/managed-by: Helm
+            app.kubernetes.io/name: gremlin
+            helm.sh/chart: gremlin-1.0.0
+  - it: should match the correct labels on the pods
+    asserts:
+      - isSubset:
+          path: spec.selector.matchLabels
+          content:
+            app.kubernetes.io/component: chao
+            app.kubernetes.io/instance: my-release
+            app.kubernetes.io/name: gremlin
   - it: should allow specifying a custom registry and tag
     set:
       chaoimage.tag: "0.0.1"

gremlin/tests/daemonset_test.yaml

@@ -6,7 +6,19 @@ release:
   namespace: my-namespace
   revision: 1
   upgrade: true
+chart:
+  version: 1.0.0
 tests:
+  - it: should set the correct default labels and annotations
+    asserts:
+      - isSubset:
+          path: metadata.labels
+          content:
+            app.kubernetes.io/component: agent
+            app.kubernetes.io/instance: my-release
+            app.kubernetes.io/managed-by: Helm
+            app.kubernetes.io/name: gremlin
+            helm.sh/chart: gremlin-1.0.0
   - it: should create a daemonset
     asserts:
       - isKind:
@@ -17,6 +29,24 @@ tests:
       - equal:
           path: metadata.namespace
           value: my-namespace
+  - it: should set the correct labels on the pods
+    asserts:
+      - isSubset:
+          path: spec.template.metadata.labels
+          content:
+            app.kubernetes.io/component: agent
+            app.kubernetes.io/instance: my-release
+            app.kubernetes.io/managed-by: Helm
+            app.kubernetes.io/name: gremlin
+            helm.sh/chart: gremlin-1.0.0
+  - it: should match the correct labels on the pods
+    asserts:
+      - isSubset:
+          path: spec.selector.matchLabels
+          content:
+            app.kubernetes.io/component: agent
+            app.kubernetes.io/instance: my-release
+            app.kubernetes.io/name: gremlin
   - it: should allow specifying a custom registry and tag
     set:
       image.tag: "0.0.1"