From df9aa3e03dbb3fdcd73083014b391ff979243e33 Mon Sep 17 00:00:00 2001 From: Mihai Galos Date: Fri, 29 Aug 2025 22:49:03 +0200 Subject: [PATCH 1/2] fix: Community-Operator - Fight with external Pod mutations Signed-off-by: Mihai Galos --- .../kube/podtemplatespec/podspec_template.go | 20 ++++--- .../podtemplatespec/podspec_template_test.go | 60 +++++++++++++++++++ 2 files changed, 72 insertions(+), 8 deletions(-) diff --git a/mongodb-community-operator/pkg/kube/podtemplatespec/podspec_template.go b/mongodb-community-operator/pkg/kube/podtemplatespec/podspec_template.go index 1b17f69b0..50f96fa22 100644 --- a/mongodb-community-operator/pkg/kube/podtemplatespec/podspec_template.go +++ b/mongodb-community-operator/pkg/kube/podtemplatespec/podspec_template.go @@ -93,16 +93,20 @@ func WithInitContainer(name string, containerfunc func(*corev1.Container)) Modif } } -// WithInitContainerByIndex applies the modifications to the container with the provided index -// if the index is out of range, a new container is added to accept these changes. -func WithInitContainerByIndex(index int, funcs ...func(container *corev1.Container)) func(podTemplateSpec *corev1.PodTemplateSpec) { +// WithPodLabels merges the provided labels with existing PodTemplateSpec labels. +// This preserves labels added by external systems (like Kyverno policies) while +// allowing the operator to add or override its own labels. +func WithPodLabels(labels map[string]string) Modification { + if labels == nil { + labels = map[string]string{} + } return func(podTemplateSpec *corev1.PodTemplateSpec) { - if index >= len(podTemplateSpec.Spec.InitContainers) { - podTemplateSpec.Spec.InitContainers = append(podTemplateSpec.Spec.InitContainers, corev1.Container{}) + if podTemplateSpec.ObjectMeta.Labels == nil { + podTemplateSpec.ObjectMeta.Labels = map[string]string{} } - c := &podTemplateSpec.Spec.InitContainers[index] - for _, f := range funcs { - f(c) + + for k, v := range labels { + podTemplateSpec.ObjectMeta.Labels[k] = v } } } diff --git a/mongodb-community-operator/pkg/kube/podtemplatespec/podspec_template_test.go b/mongodb-community-operator/pkg/kube/podtemplatespec/podspec_template_test.go index 680633d58..b387de976 100644 --- a/mongodb-community-operator/pkg/kube/podtemplatespec/podspec_template_test.go +++ b/mongodb-community-operator/pkg/kube/podtemplatespec/podspec_template_test.go @@ -616,3 +616,63 @@ func getCustomContainer() corev1.Container { Image: "image-1", } } + +func TestWithPodLabels_MergeWithExistingLabels(t *testing.T) { + existingPodTemplate := &corev1.PodTemplateSpec{ + ObjectMeta: metav1.ObjectMeta{ + Labels: map[string]string{ + "foo.bar/customer": "acme-corp", + "foo.bar/env": "prod", + "external-label": "preserve-me", + }, + }, + } + + operatorLabels := map[string]string{ + "app": "database", + "version": "6.0", + } + + modification := WithPodLabels(operatorLabels) + modification(existingPodTemplate) + + expectedLabels := map[string]string{ + "foo.bar/customer": "acme-corp", // Preserved from existing + "foo.bar/env": "prod", // Preserved from existing + "external-label": "preserve-me", // Preserved from existing + "app": "database", // Added by operator + "version": "6.0", // Added by operator + } + + assert.Equal(t, expectedLabels, existingPodTemplate.ObjectMeta.Labels) +} + +func TestWithPodLabels_OverrideExistingLabels(t *testing.T) { + existingPodTemplate := &corev1.PodTemplateSpec{ + ObjectMeta: metav1.ObjectMeta{ + Labels: map[string]string{ + "app": "old-app", + "version": "5.0", + "external-label": "should-be-preserved", + }, + }, + } + + operatorLabels := map[string]string{ + "app": "database", // Should override existing + "version": "6.0", // Should override existing + "tier": "backend", // Should be added + } + + modification := WithPodLabels(operatorLabels) + modification(existingPodTemplate) + + expectedLabels := map[string]string{ + "external-label": "should-be-preserved", // Preserved + "app": "database", // Overridden by operator + "version": "6.0", // Overridden by operator + "tier": "backend", // Added by operator + } + + assert.Equal(t, expectedLabels, existingPodTemplate.ObjectMeta.Labels) +} From 8fa8fcb964fc179e99d357dd80bc25360a5a14c9 Mon Sep 17 00:00:00 2001 From: Mihai Galos Date: Wed, 10 Sep 2025 10:23:15 +0200 Subject: [PATCH 2/2] fix: Community-Operator - Fight with external Pod mutations Signed-off-by: Mihai Galos --- .../kube/podtemplatespec/podspec_template.go | 23 +++++++++++-------- 1 file changed, 13 insertions(+), 10 deletions(-) diff --git a/mongodb-community-operator/pkg/kube/podtemplatespec/podspec_template.go b/mongodb-community-operator/pkg/kube/podtemplatespec/podspec_template.go index 50f96fa22..8abe6778e 100644 --- a/mongodb-community-operator/pkg/kube/podtemplatespec/podspec_template.go +++ b/mongodb-community-operator/pkg/kube/podtemplatespec/podspec_template.go @@ -93,6 +93,19 @@ func WithInitContainer(name string, containerfunc func(*corev1.Container)) Modif } } +// WithInitContainerByIndex applies the modifications to the container with the provided index +// if the index is out of range, a new container is added to accept these changes. +func WithInitContainerByIndex(index int, funcs ...func(container *corev1.Container)) func(podTemplateSpec *corev1.PodTemplateSpec) { + return func(podTemplateSpec *corev1.PodTemplateSpec) { + if index >= len(podTemplateSpec.Spec.InitContainers) { + podTemplateSpec.Spec.InitContainers = append(podTemplateSpec.Spec.InitContainers, corev1.Container{}) + } + c := &podTemplateSpec.Spec.InitContainers[index] + for _, f := range funcs { + f(c) + } + } +} // WithPodLabels merges the provided labels with existing PodTemplateSpec labels. // This preserves labels added by external systems (like Kyverno policies) while // allowing the operator to add or override its own labels. @@ -111,16 +124,6 @@ func WithPodLabels(labels map[string]string) Modification { } } -// WithPodLabels sets the PodTemplateSpec's Labels -func WithPodLabels(labels map[string]string) Modification { - if labels == nil { - labels = map[string]string{} - } - return func(podTemplateSpec *corev1.PodTemplateSpec) { - podTemplateSpec.Labels = labels - } -} - // WithServiceAccount sets the PodTemplateSpec's ServiceAccount name func WithServiceAccount(serviceAccountName string) Modification { return func(podTemplateSpec *corev1.PodTemplateSpec) {