build: create resources with k8s recommended labels

Use Recommended Labels in the helm chart,
for better visuals and management of k8s object

Closes: rook#8400
Signed-off-by: parth-gr <paarora@redhat.com>

build/rbac/keep-rbac-yaml.py

@@ -26,6 +26,11 @@ def log(*values):
 def kind_and_name(doc):
     return doc["kind"] + "/" + doc["metadata"]["name"]
 
+# Remove label for rendered RBAC
+def remove_label(label_name):
+    if "labels" in doc["metadata"] and label_name in doc["metadata"]["labels"]:
+        log("dropping " + label_name + " label")
+        del doc["metadata"]["labels"][label_name]
 
 # Set up and configure the yaml parser/dumper
 yaml=ruamel.yaml.YAML()
@@ -56,14 +61,12 @@ def kind_and_name(doc):
                 log("  dropping comment:", comment.value.strip())
                 comments.remove(comment)
 
-    # helm-managed resources have a "chart" label, but we remove those for rendered RBAC
-    if "labels" in doc["metadata"] and "chart" in doc["metadata"]["labels"]:
-        log("  dropping 'chart' label")
-        del doc["metadata"]["labels"]["chart"]
+    remove_label("helm.sh/chart")
+    remove_label("app.kubernetes.io/managed-by")
+    remove_label("app.kubernetes.io/created-by")
 
     kept_docs.append(doc)
 
-
 kept_docs.sort(key=kind_and_name)
 
 # Log to stderr the overall list of docs kept and a summary

build/rbac/rbac.yaml

@@ -74,6 +74,7 @@ metadata:
   labels:
     operator: rook
     storage-backend: ceph
+    app.kubernetes.io/part-of: rook-ceph-operator
 rules:
   - apiGroups:
       - policy
@@ -185,6 +186,7 @@ metadata:
   labels:
     operator: rook
     storage-backend: ceph
+    app.kubernetes.io/part-of: rook-ceph-operator
 rules:
   - apiGroups:
       - ''
@@ -217,6 +219,7 @@ metadata:
   labels:
     operator: rook
     storage-backend: ceph
+    app.kubernetes.io/part-of: rook-ceph-operator
 rules:
   - apiGroups:
       - ''
@@ -342,6 +345,7 @@ metadata:
   labels:
     operator: rook
     storage-backend: ceph
+    app.kubernetes.io/part-of: rook-ceph-operator
 rules:
   - apiGroups:
       - ''
@@ -398,6 +402,7 @@ metadata:
   labels:
     operator: rook
     storage-backend: ceph
+    app.kubernetes.io/part-of: rook-ceph-operator
 rules:
   - apiGroups: ['']
     resources: [secrets, configmaps]
@@ -463,6 +468,7 @@ metadata:
   labels:
     operator: rook
     storage-backend: ceph
+    app.kubernetes.io/part-of: rook-ceph-operator
 rules:
   # Most resources are represented by a string representation of their name, such as "pods", just as it appears in the URL for the relevant API endpoint.
   # However, some Kubernetes APIs involve a "subresource", such as the logs for a pod. [...]
@@ -535,6 +541,7 @@ metadata:
   labels:
     operator: rook
     storage-backend: ceph
+    app.kubernetes.io/part-of: rook-ceph-operator
 roleRef:
   apiGroup: rbac.authorization.k8s.io
   kind: ClusterRole
@@ -593,6 +600,7 @@ metadata:
   labels:
     operator: rook
     storage-backend: ceph
+    app.kubernetes.io/part-of: rook-ceph-operator
 roleRef:
   apiGroup: rbac.authorization.k8s.io
   kind: ClusterRole
@@ -609,6 +617,7 @@ metadata:
   labels:
     operator: rook
     storage-backend: ceph
+    app.kubernetes.io/part-of: rook-ceph-operator
 roleRef:
   apiGroup: rbac.authorization.k8s.io
   kind: ClusterRole
@@ -891,6 +900,7 @@ metadata:
   labels:
     operator: rook
     storage-backend: ceph
+    app.kubernetes.io/part-of: rook-ceph-operator
 rules:
   - apiGroups:
       - ''
@@ -1018,6 +1028,7 @@ metadata:
   labels:
     operator: rook
     storage-backend: ceph
+    app.kubernetes.io/part-of: rook-ceph-operator
 roleRef:
   apiGroup: rbac.authorization.k8s.io
   kind: ClusterRole
@@ -1124,6 +1135,7 @@ metadata:
   labels:
     operator: rook
     storage-backend: ceph
+    app.kubernetes.io/part-of: rook-ceph-operator
 roleRef:
   apiGroup: rbac.authorization.k8s.io
   kind: Role
@@ -1142,6 +1154,7 @@ metadata:
   labels:
     operator: rook
     storage-backend: ceph
+    app.kubernetes.io/part-of: rook-ceph-operator
 ---
 # Service account for Ceph mgrs
 apiVersion: v1
@@ -1152,6 +1165,7 @@ metadata:
   labels:
     operator: rook
     storage-backend: ceph
+    app.kubernetes.io/part-of: rook-ceph-operator
 ---
 # Service account for Ceph OSDs
 apiVersion: v1
@@ -1163,6 +1177,7 @@ metadata:
     operator: rook
     storage-backend: ceph
     i-am-a-new-label: delete-me
+    app.kubernetes.io/part-of: rook-ceph-operator
 ---
 # Service account for job that purges OSDs from a Rook-Ceph cluster
 apiVersion: v1
@@ -1180,6 +1195,7 @@ metadata:
   labels:
     operator: rook
     storage-backend: ceph
+    app.kubernetes.io/part-of: rook-ceph-operator
 ---
 # Service account for the CephFS CSI driver
 apiVersion: v1

cluster/charts/library/templates/_cluster-psp.tpl

@@ -10,6 +10,7 @@ metadata:
   labels:
     operator: rook
     storage-backend: ceph
+    {{- include "library.rook-ceph.labels" . | nindent 4 }}
 roleRef:
   apiGroup: rbac.authorization.k8s.io
   kind: ClusterRole

cluster/charts/library/templates/_cluster-serviceaccount.tpl

@@ -12,6 +12,7 @@ metadata:
     operator: rook
     storage-backend: ceph
     i-am-a-new-label: delete-me
+    {{- include "library.rook-ceph.labels" . | nindent 4 }}
 {{ include "library.imagePullSecrets" . }}
 ---
 # Service account for Ceph mgrs
@@ -23,6 +24,7 @@ metadata:
   labels:
     operator: rook
     storage-backend: ceph
+    {{- include "library.rook-ceph.labels" . | nindent 4 }}
 {{ include "library.imagePullSecrets" . }}
 ---
 # Service account for the job that reports the Ceph version in an image
@@ -34,6 +36,7 @@ metadata:
   labels:
     operator: rook
     storage-backend: ceph
+    {{- include "library.rook-ceph.labels" . | nindent 4 }}
 {{ include "library.imagePullSecrets" . }}
 ---
 # Service account for job that purges OSDs from a Rook-Ceph cluster

cluster/charts/library/templates/_recommended-labels.tpl

@@ -0,0 +1,9 @@
+{{/*
+Common labels
+*/}}
+{{- define "library.rook-ceph.labels" -}}
+app.kubernetes.io/part-of: rook-ceph-operator
+app.kubernetes.io/managed-by: helm
+app.kubernetes.io/created-by: helm
+helm.sh/chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}"
+{{- end -}}

cluster/charts/rook-ceph/templates/clusterrole.yaml

@@ -6,6 +6,7 @@ metadata:
   labels:
     operator: rook
     storage-backend: ceph
+    {{- include "library.rook-ceph.labels" . | nindent 4 }}
 rules:
   # Most resources are represented by a string representation of their name, such as "pods", just as it appears in the URL for the relevant API endpoint.
   # However, some Kubernetes APIs involve a "subresource", such as the logs for a pod. [...]
@@ -26,6 +27,7 @@ metadata:
   labels:
     operator: rook
     storage-backend: ceph
+    {{- include "library.rook-ceph.labels" . | nindent 4 }}
 rules:
 - apiGroups:
   - ""
@@ -58,6 +60,7 @@ metadata:
   labels:
     operator: rook
     storage-backend: ceph
+    {{- include "library.rook-ceph.labels" . | nindent 4 }}
 rules:
 - apiGroups:
   - ""
@@ -183,6 +186,7 @@ metadata:
   labels:
     operator: rook
     storage-backend: ceph
+    {{- include "library.rook-ceph.labels" . | nindent 4 }}
 rules:
 - apiGroups:
   - ""
@@ -239,6 +243,7 @@ metadata:
   labels:
     operator: rook
     storage-backend: ceph
+    {{- include "library.rook-ceph.labels" . | nindent 4 }}
 rules:
   - apiGroups: [""]
     resources: ["secrets", "configmaps"]

cluster/charts/rook-ceph/templates/clusterrolebinding.yaml

@@ -6,6 +6,7 @@ metadata:
   labels:
     operator: rook
     storage-backend: ceph
+    {{- include "library.rook-ceph.labels" . | nindent 4 }}
 roleRef:
   apiGroup: rbac.authorization.k8s.io
   kind: ClusterRole
@@ -23,7 +24,7 @@ metadata:
   labels:
     operator: rook
     storage-backend: ceph
-    chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}"
+    {{- include "library.rook-ceph.labels" . | nindent 4 }}
 roleRef:
   apiGroup: rbac.authorization.k8s.io
   kind: ClusterRole

cluster/charts/rook-ceph/templates/deployment.yaml

@@ -5,7 +5,7 @@ metadata:
   labels:
     operator: rook
     storage-backend: ceph
-    chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}"
+    {{- include "library.rook-ceph.labels" . | nindent 4 }}
 spec:
   replicas: 1
   selector:
@@ -15,7 +15,7 @@ spec:
     metadata:
       labels:
         app: rook-ceph-operator
-        chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}"
+        helm.sh/chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}"
 {{- if .Values.annotations }}
       annotations:
 {{ toYaml .Values.annotations | indent 8 }}

cluster/charts/rook-ceph/templates/psp.yaml

@@ -84,7 +84,7 @@ metadata:
   labels:
     operator: rook
     storage-backend: ceph
-    chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}"
+    {{- include "library.rook-ceph.labels" . | nindent 4 }}
 rules:
 - apiGroups:
   - policy
@@ -102,7 +102,7 @@ metadata:
   labels:
     operator: rook
     storage-backend: ceph
-    chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}"
+    {{- include "library.rook-ceph.labels" . | nindent 4 }}
 roleRef:
   apiGroup: rbac.authorization.k8s.io
   kind: ClusterRole

cluster/charts/rook-ceph/templates/role.yaml

@@ -8,6 +8,7 @@ metadata:
   labels:
     operator: rook
     storage-backend: ceph
+    {{- include "library.rook-ceph.labels" . | nindent 4 }}
 rules:
 - apiGroups:
   - ""

cluster/charts/rook-ceph/templates/rolebinding.yaml

@@ -8,6 +8,7 @@ metadata:
   labels:
     operator: rook
     storage-backend: ceph
+    {{- include "library.rook-ceph.labels" . | nindent 4 }}
 roleRef:
   apiGroup: rbac.authorization.k8s.io
   kind: Role

cluster/charts/rook-ceph/templates/serviceaccount.yaml

@@ -7,7 +7,7 @@ metadata:
   labels:
     operator: rook
     storage-backend: ceph
-    chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}"
+    {{- include "library.rook-ceph.labels" . | nindent 4 }}
 {{ template "library.imagePullSecrets" . }}
 ---
 # Service account for the CephFS CSI driver