From 450514ec1f3272a0a1f0b8bde92d867691d3f443 Mon Sep 17 00:00:00 2001 From: Ido Heyvi Date: Tue, 15 Oct 2024 08:25:57 +0300 Subject: [PATCH] addressing PR comments Signed-off-by: Ido Heyvi --- bindata/manifests/operator-webhook/002-rbac.yaml | 4 ++-- bindata/manifests/operator-webhook/003-webhook.yaml | 4 ++-- bindata/manifests/webhook/002-rbac.yaml | 4 ++-- bindata/manifests/webhook/003-webhook.yaml | 2 +- controllers/sriovoperatorconfig_controller.go | 1 + .../templates/pre-delete-webooks.yaml | 6 ++---- deployment/sriov-network-operator-chart/values.yaml | 1 + 7 files changed, 11 insertions(+), 11 deletions(-) diff --git a/bindata/manifests/operator-webhook/002-rbac.yaml b/bindata/manifests/operator-webhook/002-rbac.yaml index b5f54a490..2fefc95b7 100644 --- a/bindata/manifests/operator-webhook/002-rbac.yaml +++ b/bindata/manifests/operator-webhook/002-rbac.yaml @@ -10,7 +10,7 @@ kind: ClusterRole metadata: name: operator-webhook labels: - created-by: {{ include "sriov-network-operator.fullname" . }} + created-by: {{ .OperatorGeneratedResourcesLabelSelector | default "sriov-network-operator" }} rules: - apiGroups: - "" @@ -35,7 +35,7 @@ kind: ClusterRoleBinding metadata: name: operator-webhook-role-binding labels: - created-by: {{ include "sriov-network-operator.fullname" . }} + created-by: {{ .OperatorGeneratedResourcesLabelSelector | default "sriov-network-operator" }} roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole diff --git a/bindata/manifests/operator-webhook/003-webhook.yaml b/bindata/manifests/operator-webhook/003-webhook.yaml index c9ba6f7a1..e9022c686 100644 --- a/bindata/manifests/operator-webhook/003-webhook.yaml +++ b/bindata/manifests/operator-webhook/003-webhook.yaml @@ -12,7 +12,7 @@ metadata: cert-manager.io/inject-ca-from: {{.Namespace}}/{{.OperatorWebhookSecretName}} {{- end }} labels: - created-by: {{ include "sriov-network-operator.fullname" . }} + created-by: {{ .OperatorGeneratedResourcesLabelSelector | default "sriov-network-operator" }} webhooks: - name: operator-webhook.sriovnetwork.openshift.io sideEffects: None @@ -46,7 +46,7 @@ metadata: cert-manager.io/inject-ca-from: {{.Namespace}}/{{.OperatorWebhookSecretName}} {{- end }} labels: - created-by: {{ include "sriov-network-operator.fullname" . }} + created-by: {{ .OperatorGeneratedResourcesLabelSelector | default "sriov-network-operator" }} webhooks: - name: operator-webhook.sriovnetwork.openshift.io sideEffects: None diff --git a/bindata/manifests/webhook/002-rbac.yaml b/bindata/manifests/webhook/002-rbac.yaml index 0de20f90f..0734363af 100644 --- a/bindata/manifests/webhook/002-rbac.yaml +++ b/bindata/manifests/webhook/002-rbac.yaml @@ -10,7 +10,7 @@ kind: ClusterRole metadata: name: network-resources-injector labels: - created-by: {{ include "sriov-network-operator.fullname" . }} + created-by: {{ .OperatorGeneratedResourcesLabelSelector | default "sriov-network-operator" }} rules: - apiGroups: - k8s.cni.cncf.io @@ -34,7 +34,7 @@ kind: ClusterRoleBinding metadata: name: network-resources-injector-role-binding labels: - created-by: {{ include "sriov-network-operator.fullname" . }} + created-by: {{ .OperatorGeneratedResourcesLabelSelector | default "sriov-network-operator" }} roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole diff --git a/bindata/manifests/webhook/003-webhook.yaml b/bindata/manifests/webhook/003-webhook.yaml index 9c118f86d..a957b56c3 100644 --- a/bindata/manifests/webhook/003-webhook.yaml +++ b/bindata/manifests/webhook/003-webhook.yaml @@ -12,7 +12,7 @@ metadata: cert-manager.io/inject-ca-from: {{.Namespace}}/{{.InjectorWebhookSecretName}} {{- end }} labels: - created-by: {{ include "sriov-network-operator.fullname" . }} + created-by: {{ .OperatorGeneratedResourcesLabelSelector | default "sriov-network-operator" }} webhooks: - name: network-resources-injector-config.k8s.io sideEffects: None diff --git a/controllers/sriovoperatorconfig_controller.go b/controllers/sriovoperatorconfig_controller.go index 377ebd2de..b44ea38ce 100644 --- a/controllers/sriovoperatorconfig_controller.go +++ b/controllers/sriovoperatorconfig_controller.go @@ -300,6 +300,7 @@ func (r *SriovOperatorConfigReconciler) syncWebhookObjs(ctx context.Context, dc data.Data["OperatorWebhookCA"] = os.Getenv("ADMISSION_CONTROLLERS_CERTIFICATES_OPERATOR_CA_CRT") data.Data["InjectorWebhookSecretName"] = os.Getenv("ADMISSION_CONTROLLERS_CERTIFICATES_INJECTOR_SECRET_NAME") data.Data["InjectorWebhookCA"] = os.Getenv("ADMISSION_CONTROLLERS_CERTIFICATES_INJECTOR_CA_CRT") + data.Data["OperatorGeneratedResourcesLabelSelector"] = os.Getenv("OPERATOR_GENERATED_RESOURCES_LABEL_SELECTOR") data.Data["ExternalControlPlane"] = false if r.PlatformHelper.IsOpenshiftCluster() { diff --git a/deployment/sriov-network-operator-chart/templates/pre-delete-webooks.yaml b/deployment/sriov-network-operator-chart/templates/pre-delete-webooks.yaml index 5da802fdf..26b72fb4d 100644 --- a/deployment/sriov-network-operator-chart/templates/pre-delete-webooks.yaml +++ b/deployment/sriov-network-operator-chart/templates/pre-delete-webooks.yaml @@ -1,4 +1,3 @@ -{{ if .Values.operator.admissionControllers.enabled }} apiVersion: batch/v1 kind: Job metadata: @@ -21,6 +20,5 @@ spec: - --namespace - {{ .Release.Namespace }} - --label-selector - - "created-by={{ include "sriov-network-operator.fullname" . }}" - restartPolicy: Never -{{ end }} \ No newline at end of file + - "created-by={{ .Values.operator.admissionControllers.labelSelector | default (include "sriov-network-operator.fullname" .) }}" + restartPolicy: Never \ No newline at end of file diff --git a/deployment/sriov-network-operator-chart/values.yaml b/deployment/sriov-network-operator-chart/values.yaml index c70d6e323..a895170c2 100644 --- a/deployment/sriov-network-operator-chart/values.yaml +++ b/deployment/sriov-network-operator-chart/values.yaml @@ -38,6 +38,7 @@ operator: deployRules: false admissionControllers: enabled: false + labelSelector: "" certificates: secretNames: operator: "operator-webhook-cert"