From 9da593b1df782845d50618f9d086d08eca71b083 Mon Sep 17 00:00:00 2001 From: m-terra Date: Wed, 27 May 2026 11:57:20 +0200 Subject: [PATCH 1/2] fix label name issue and optimize pod patching --- controllers/instance/instance_controller.go | 16 ++++++---------- controllers/instance/instance_controller_test.go | 8 ++++---- controllers/instance/statefulset_test.go | 3 +-- pkg/utils/labels.go | 3 +-- 4 files changed, 12 insertions(+), 18 deletions(-) diff --git a/controllers/instance/instance_controller.go b/controllers/instance/instance_controller.go index b2ad75d..5e5fa7c 100644 --- a/controllers/instance/instance_controller.go +++ b/controllers/instance/instance_controller.go @@ -2,6 +2,7 @@ package instance import ( "context" + "fmt" configv1alpha1 "github.com/six-group/haproxy-operator/apis/config/v1alpha1" proxyv1alpha1 "github.com/six-group/haproxy-operator/apis/proxy/v1alpha1" @@ -11,6 +12,7 @@ import ( "k8s.io/apimachinery/pkg/api/errors" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/runtime" + "k8s.io/apimachinery/pkg/types" ctrl "sigs.k8s.io/controller-runtime" "sigs.k8s.io/controller-runtime/pkg/client" "sigs.k8s.io/controller-runtime/pkg/controller/controllerutil" @@ -133,7 +135,7 @@ func (r *Reconciler) handleError(ctx context.Context, instance *proxyv1alpha1.In func (r *Reconciler) patchPods(ctx context.Context, instance *proxyv1alpha1.Instance, checksum string) error { ls := client.MatchingLabels{ - corev1.LabelMetadataName: utils.GetServiceAndStatefulsetName(instance), + "app.kubernetes.io/name": utils.GetServiceAndStatefulsetName(instance), } l := &corev1.PodList{} @@ -142,16 +144,10 @@ func (r *Reconciler) patchPods(ctx context.Context, instance *proxyv1alpha1.Inst return err } - for i := range l.Items { - pod := &l.Items[i] - original := pod.DeepCopy() - - if pod.Annotations == nil { - pod.Annotations = map[string]string{} - } - pod.Annotations["haproxy.operator/checksum"] = checksum + patch := fmt.Appendf(nil, `{"metadata":{"annotations":{"haproxy.operator/checksum": "%s"}}}`, checksum) - err = r.Patch(ctx, pod, client.MergeFrom(original)) + for i := range l.Items { + err = r.Patch(ctx, &l.Items[i], client.RawPatch(types.MergePatchType, patch)) if err != nil { return err } diff --git a/controllers/instance/instance_controller_test.go b/controllers/instance/instance_controller_test.go index a96c601..e54ec83 100644 --- a/controllers/instance/instance_controller_test.go +++ b/controllers/instance/instance_controller_test.go @@ -473,7 +473,7 @@ var _ = Describe("Reconcile", Label("controller"), func() { Name: "haproxy-0", Namespace: "foo", Labels: map[string]string{ - corev1.LabelMetadataName: utils.GetServiceAndStatefulsetName(proxy), + "app.kubernetes.io/name": utils.GetServiceAndStatefulsetName(proxy), }, }, } @@ -483,7 +483,7 @@ var _ = Describe("Reconcile", Label("controller"), func() { Name: "haproxy-1", Namespace: "foo", Labels: map[string]string{ - corev1.LabelMetadataName: utils.GetServiceAndStatefulsetName(proxy), + "app.kubernetes.io/name": utils.GetServiceAndStatefulsetName(proxy), }, }, } @@ -509,7 +509,7 @@ var _ = Describe("Reconcile", Label("controller"), func() { Ω(cli.Get(ctx, client.ObjectKey{Namespace: proxy.Namespace, Name: utils.GetServiceAndStatefulsetName(proxy)}, service)).ShouldNot(HaveOccurred()) Ω(service.Spec.Type).Should(Equal(corev1.ServiceTypeLoadBalancer)) Ω(service.Annotations["service.beta.kubernetes.io/aws-load-balancer-scheme"]).Should(Equal("internet-facing")) - Ω(service.Spec.Selector[corev1.LabelMetadataName]).Should(Equal(proxy.Name + "-haproxy")) + Ω(service.Spec.Selector["app.kubernetes.io/name"]).Should(Equal(proxy.Name + "-haproxy")) secret := &corev1.Secret{} Ω(cli.Get(ctx, client.ObjectKey{Namespace: proxy.Namespace, Name: "bar-foo-haproxy-config"}, secret)).ShouldNot(HaveOccurred()) @@ -517,7 +517,7 @@ var _ = Describe("Reconcile", Label("controller"), func() { statefulSet := &appsv1.StatefulSet{} Ω(cli.Get(ctx, client.ObjectKey{Namespace: proxy.Namespace, Name: "bar-foo-haproxy"}, statefulSet)).ShouldNot(HaveOccurred()) - Ω(statefulSet.Spec.Template.ObjectMeta.Labels[corev1.LabelMetadataName]).Should(Equal(proxy.Name + "-haproxy")) + Ω(statefulSet.Spec.Template.ObjectMeta.Labels["app.kubernetes.io/name"]).Should(Equal(proxy.Name + "-haproxy")) Ω(statefulSet.Spec.Template.ObjectMeta.Labels["label-test"]).Should(Equal("ok")) Ω(statefulSet.Spec.Template.Spec.InitContainers).Should(HaveLen(1)) Ω(statefulSet.Spec.Template.Spec.InitContainers[0].Name).Should(Equal(proxy.Spec.InitContainers[0].Name)) diff --git a/controllers/instance/statefulset_test.go b/controllers/instance/statefulset_test.go index fe038cf..79da65c 100644 --- a/controllers/instance/statefulset_test.go +++ b/controllers/instance/statefulset_test.go @@ -8,7 +8,6 @@ import ( configv1alpha1 "github.com/six-group/haproxy-operator/apis/config/v1alpha1" proxyv1alpha1 "github.com/six-group/haproxy-operator/apis/proxy/v1alpha1" appsv1 "k8s.io/api/apps/v1" - corev1 "k8s.io/api/core/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/runtime" "k8s.io/apimachinery/pkg/util/uuid" @@ -82,7 +81,7 @@ var _ = Describe("Reconcile", Label("controller"), func() { statefulSet := &appsv1.StatefulSet{} Ω(cli.Get(ctx, client.ObjectKey{Namespace: proxy.Namespace, Name: "bar-foo-haproxy"}, statefulSet)).ShouldNot(HaveOccurred()) - Ω(statefulSet.Spec.Template.ObjectMeta.Labels[corev1.LabelMetadataName]).Should(Equal(proxy.Name + "-haproxy")) + Ω(statefulSet.Spec.Template.ObjectMeta.Labels["app.kubernetes.io/name"]).Should(Equal(proxy.Name + "-haproxy")) Ω(statefulSet.Spec.Template.ObjectMeta.Labels["label-test"]).Should(Equal("ok")) Ω(statefulSet.Spec.Template.Spec.InitContainers).Should(HaveLen(1)) Ω(statefulSet.Spec.Template.Spec.InitContainers[0].Args[0]).Should(ContainSubstring("10.158.182.27")) diff --git a/pkg/utils/labels.go b/pkg/utils/labels.go index 169a73e..fa874d0 100644 --- a/pkg/utils/labels.go +++ b/pkg/utils/labels.go @@ -2,12 +2,11 @@ package utils import ( "github.com/six-group/haproxy-operator/apis/proxy/v1alpha1" - corev1 "k8s.io/api/core/v1" ) func GetAppSelectorLabels(instance *v1alpha1.Instance) map[string]string { return map[string]string{ - corev1.LabelMetadataName: GetServiceAndStatefulsetName(instance), + "app.kubernetes.io/name": GetServiceAndStatefulsetName(instance), } } From 8a9f7396a0ec36a7903929f16db0e4dd6dfad9b3 Mon Sep 17 00:00:00 2001 From: m-terra Date: Wed, 27 May 2026 12:01:04 +0200 Subject: [PATCH 2/2] add pod rbac --- helm/haproxy-operator/templates/clusterrole.yaml | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/helm/haproxy-operator/templates/clusterrole.yaml b/helm/haproxy-operator/templates/clusterrole.yaml index f346958..dab9670 100644 --- a/helm/haproxy-operator/templates/clusterrole.yaml +++ b/helm/haproxy-operator/templates/clusterrole.yaml @@ -51,6 +51,16 @@ rules: - update - watch - delete + - apiGroups: + - '' + resources: + - pods + verbs: + - get + - list + - patch + - update + - watch - apiGroups: - route.openshift.io resources: