Allow custom labels to be edited on existing clusters

Jonathan S. Katz · jkatz · commit a4b78a36d73b · 2021-05-04T10:52:06.000-04:00
This allows for custom labels to be edited on all of the managed
objects within a cluster. This works both from editing "userlabels"
within the pgclusters custom resource, as well as via API calls.

The changes are applied to Postgres instances using a rolling
update.

Issue: [ch11329]
diff --git a/docs/content/custom-resources/_index.md b/docs/content/custom-resources/_index.md
@@ -854,6 +854,34 @@ spec:
 Save your edits, and in a short period of time, you should see these annotations
 applied to the managed Deployments.
 
+### Manage Custom Labels
+
+Several Kubernetes [Labels](https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/)
+are automatically applied by PGO to its managed objects. However, it is possible
+to apply your own custom labels to the objects that PGO manages for a Postgres
+cluster. These objects include:
+
+- ConfigMaps
+- Deployments
+- Jobs
+- Pods
+- PVCs
+- Secrets
+- Services
+
+The custom labels can be managed through the `userlabels` attribute on the
+`pgclusters.crunchydata.com` custom resource spec.
+
+For example, if I want to add a custom label to all of the objects within my
+Postgres cluster with a key of `favorite` and a value of `hippo`, you would
+apply the following to the spec:
+
+```
+spec:
+  userlabels:
+    favorite: hippo
+```
+
 ### Delete a PostgreSQL Cluster
 
 A PostgreSQL cluster can be deleted by simply deleting the `pgclusters.crunchydata.com` resource.
@@ -954,7 +982,7 @@ make changes, as described below.
 | tlsOnly | `create`,`update` | If set to true, requires client connections to use only TLS to connect to the PostgreSQL database. |
 | tolerations | `create`,`update` | Any array of Kubernetes [Tolerations](https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/). Please refer to the [Kubernetes documentation](https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/) for how to set this field. |
 | user | `create` | The name of the PostgreSQL user that is created when the PostgreSQL cluster is first created. |
-| userlabels | `create` | A set of key-value string pairs that are used as a sort of "catch-all" as well as a way to add custom labels to clusters. This will disappear at some point. |
+| userlabels | `create`,`update` | A set of key-value string pairs that are used as a sort of "catch-all" as well as a way to add custom labels to clusters. |
 
 ##### Storage Specification
 
diff --git a/internal/apiserver/labelservice/labelimpl.go b/internal/apiserver/labelservice/labelimpl.go
@@ -19,7 +19,6 @@ import (
 	"context"
 
 	"github.com/crunchydata/postgres-operator/internal/apiserver"
-	"github.com/crunchydata/postgres-operator/internal/config"
 	"github.com/crunchydata/postgres-operator/internal/kubeapi"
 	"github.com/crunchydata/postgres-operator/internal/util"
 	crv1 "github.com/crunchydata/postgres-operator/pkg/apis/crunchydata.com/v1"
@@ -111,7 +110,7 @@ func Label(request *msgs.LabelRequest, ns, pgouser string) msgs.LabelResponse {
 
 func addLabels(items []crv1.Pgcluster, DryRun bool, newLabels map[string]string, ns string) {
 	ctx := context.TODO()
-	patchBytes, err := kubeapi.NewMergePatch().Add("metadata", "labels")(newLabels).Bytes()
+	patchBytes, err := kubeapi.NewMergePatch().Add("spec", "userlabels")(newLabels).Bytes()
 	if err != nil {
 		log.Error(err.Error())
 		return
@@ -129,30 +128,6 @@ func addLabels(items []crv1.Pgcluster, DryRun bool, newLabels map[string]string,
 			}
 		}
 	}
-
-	for i := 0; i < len(items); i++ {
-		// get deployments for this CRD
-		selector := config.LABEL_PG_CLUSTER + "=" + items[i].Spec.Name
-		deployments, err := apiserver.Clientset.
-			AppsV1().Deployments(ns).
-			List(ctx, metav1.ListOptions{LabelSelector: selector})
-		if err != nil {
-			return
-		}
-
-		for _, d := range deployments.Items {
-			// update Deployment with the label
-			if !DryRun {
-				log.Debugf("patching deployment %s: %s", d.Name, patchBytes)
-				_, err := apiserver.Clientset.AppsV1().Deployments(ns).
-					Patch(ctx, d.Name, types.MergePatchType, patchBytes, metav1.PatchOptions{})
-				if err != nil {
-					log.Error(err.Error())
-				}
-			}
-		}
-
-	}
 }
 
 // DeleteLabel ...
@@ -241,7 +216,7 @@ func deleteLabels(items []crv1.Pgcluster, labelsMap map[string]string, ns string
 	ctx := context.TODO()
 	patch := kubeapi.NewMergePatch()
 	for key := range labelsMap {
-		patch.Remove("metadata", "labels", key)
+		patch.Remove("spec", "userlabels", key)
 	}
 	patchBytes, err := patch.Bytes()
 	if err != nil {
@@ -259,26 +234,5 @@ func deleteLabels(items []crv1.Pgcluster, labelsMap map[string]string, ns string
 		}
 	}
 
-	for i := 0; i < len(items); i++ {
-		// get deployments for this CRD
-		selector := config.LABEL_PG_CLUSTER + "=" + items[i].Spec.Name
-		deployments, err := apiserver.Clientset.
-			AppsV1().Deployments(ns).
-			List(ctx, metav1.ListOptions{LabelSelector: selector})
-		if err != nil {
-			return err
-		}
-
-		for _, d := range deployments.Items {
-			log.Debugf("patching deployment %s: %s", d.Name, patchBytes)
-			_, err = apiserver.Clientset.AppsV1().Deployments(ns).
-				Patch(ctx, d.Name, types.MergePatchType, patchBytes, metav1.PatchOptions{})
-			if err != nil {
-				log.Error(err.Error())
-				return err
-			}
-		}
-
-	}
-	return err
+	return nil
 }
diff --git a/internal/controller/pgcluster/pgclustercontroller.go b/internal/controller/pgcluster/pgclustercontroller.go
@@ -354,6 +354,19 @@ func (c *Controller) onUpdate(oldObj, newObj interface{}) {
 		}
 	}
 
+	// check to see if any of the custom labels have been modified
+	if !reflect.DeepEqual(util.GetCustomLabels(oldcluster), util.GetCustomLabels(newcluster)) {
+		// update the custom labels on all of the managed objects at are not the
+		// Postgres cluster deployments
+		if err := updateLabels(c, oldcluster, newcluster); err != nil {
+			log.Error(err)
+			return
+		}
+
+		// append the PostgreSQL specific functions as part of a rolling update
+		rollingUpdateFuncs = append(rollingUpdateFuncs, clusteroperator.UpdateLabels)
+	}
+
 	// check to see if any tolerations have been modified
 	if !reflect.DeepEqual(oldcluster.Spec.Tolerations, newcluster.Spec.Tolerations) {
 		rollingUpdateFuncs = append(rollingUpdateFuncs, clusteroperator.UpdateTolerations)
@@ -639,6 +652,237 @@ func updateBackrestS3(c *Controller, cluster *crv1.Pgcluster) error {
 	return nil
 }
 
+// updateLabels updates the custom labels on all of the managed objects *except*
+// the Postgres instances themselves, i.e. the deployment templates
+func updateLabels(c *Controller, oldCluster *crv1.Pgcluster, newCluster *crv1.Pgcluster) error {
+	// we need to figure out which labels need to be removed from the list
+	labelsToRemove := make([]string, 0)
+	labels := util.GetCustomLabels(newCluster)
+
+	for old := range util.GetCustomLabels(oldCluster) {
+		if _, ok := labels[old]; !ok {
+			labelsToRemove = append(labelsToRemove, old)
+		}
+	}
+
+	// go through each object group and update the labels.
+	if err := updateLabelsForDeployments(c, newCluster, labels, labelsToRemove); err != nil {
+		return err
+	}
+
+	if err := updateLabelsForPVCs(c, newCluster, labels, labelsToRemove); err != nil {
+		return err
+	}
+
+	if err := updateLabelsForConfigMaps(c, newCluster, labels, labelsToRemove); err != nil {
+		return err
+	}
+
+	if err := updateLabelsForSecrets(c, newCluster, labels, labelsToRemove); err != nil {
+		return err
+	}
+
+	return updateLabelsForServices(c, newCluster, labels, labelsToRemove)
+}
+
+// updateLabelsForConfigMaps updates the custom labels for ConfigMaps
+func updateLabelsForConfigMaps(c *Controller, cluster *crv1.Pgcluster, labels map[string]string, labelsToRemove []string) error {
+	ctx := context.TODO()
+
+	options := metav1.ListOptions{
+		LabelSelector: fields.AndSelectors(
+			fields.OneTermEqualSelector(config.LABEL_PG_CLUSTER, cluster.Name),
+			fields.OneTermEqualSelector(config.LABEL_VENDOR, config.LABEL_CRUNCHY),
+		).String(),
+	}
+
+	items, err := c.Client.CoreV1().ConfigMaps(cluster.Namespace).List(ctx, options)
+
+	if err != nil {
+		return err
+	}
+
+	for i := range items.Items {
+		item := &items.Items[i]
+
+		for j := range labelsToRemove {
+			delete(item.ObjectMeta.Labels, labelsToRemove[j])
+		}
+
+		for k, v := range labels {
+			item.ObjectMeta.Labels[k] = v
+		}
+
+		if _, err := c.Client.CoreV1().ConfigMaps(cluster.Namespace).Update(ctx,
+			item, metav1.UpdateOptions{}); err != nil {
+			return err
+		}
+	}
+
+	return nil
+}
+
+// updateLabelsForDeployments updates the custom labels for Deployments, except
+// for the **templates** on the Postgres instances
+func updateLabelsForDeployments(c *Controller, cluster *crv1.Pgcluster, labels map[string]string, labelsToRemove []string) error {
+	ctx := context.TODO()
+
+	options := metav1.ListOptions{
+		LabelSelector: fields.AndSelectors(
+			fields.OneTermEqualSelector(config.LABEL_PG_CLUSTER, cluster.Name),
+			fields.OneTermEqualSelector(config.LABEL_VENDOR, config.LABEL_CRUNCHY),
+		).String(),
+	}
+
+	items, err := c.Client.AppsV1().Deployments(cluster.Namespace).List(ctx, options)
+
+	if err != nil {
+		return err
+	}
+
+	for i := range items.Items {
+		item := &items.Items[i]
+
+		for j := range labelsToRemove {
+			delete(item.ObjectMeta.Labels, labelsToRemove[j])
+
+			// only remove the labels on the template if this is not a Postgres
+			// instance
+			if _, ok := item.ObjectMeta.Labels[config.LABEL_PG_DATABASE]; !ok {
+				delete(item.Spec.Template.ObjectMeta.Labels, labelsToRemove[j])
+			}
+		}
+
+		for k, v := range labels {
+			item.ObjectMeta.Labels[k] = v
+
+			// only update the labels on the template if this is not a Postgres
+			// instance
+			if _, ok := item.ObjectMeta.Labels[config.LABEL_PG_DATABASE]; !ok {
+				item.Spec.Template.ObjectMeta.Labels[k] = v
+			}
+		}
+
+		if _, err := c.Client.AppsV1().Deployments(cluster.Namespace).Update(ctx,
+			item, metav1.UpdateOptions{}); err != nil {
+			return err
+		}
+	}
+
+	return nil
+}
+
+// updateLabelsForPVCs updates the custom labels for PVCs
+func updateLabelsForPVCs(c *Controller, cluster *crv1.Pgcluster, labels map[string]string, labelsToRemove []string) error {
+	ctx := context.TODO()
+
+	options := metav1.ListOptions{
+		LabelSelector: fields.AndSelectors(
+			fields.OneTermEqualSelector(config.LABEL_PG_CLUSTER, cluster.Name),
+			fields.OneTermEqualSelector(config.LABEL_VENDOR, config.LABEL_CRUNCHY),
+		).String(),
+	}
+
+	items, err := c.Client.CoreV1().PersistentVolumeClaims(cluster.Namespace).List(ctx, options)
+
+	if err != nil {
+		return err
+	}
+
+	for i := range items.Items {
+		item := &items.Items[i]
+
+		for j := range labelsToRemove {
+			delete(item.ObjectMeta.Labels, labelsToRemove[j])
+		}
+
+		for k, v := range labels {
+			item.ObjectMeta.Labels[k] = v
+		}
+
+		if _, err := c.Client.CoreV1().PersistentVolumeClaims(cluster.Namespace).Update(ctx,
+			item, metav1.UpdateOptions{}); err != nil {
+			return err
+		}
+	}
+
+	return nil
+}
+
+// updateLabelsForSecrets updates the custom labels for Secrets
+func updateLabelsForSecrets(c *Controller, cluster *crv1.Pgcluster, labels map[string]string, labelsToRemove []string) error {
+	ctx := context.TODO()
+
+	options := metav1.ListOptions{
+		LabelSelector: fields.AndSelectors(
+			fields.OneTermEqualSelector(config.LABEL_PG_CLUSTER, cluster.Name),
+			fields.OneTermEqualSelector(config.LABEL_VENDOR, config.LABEL_CRUNCHY),
+		).String(),
+	}
+
+	items, err := c.Client.CoreV1().Secrets(cluster.Namespace).List(ctx, options)
+
+	if err != nil {
+		return err
+	}
+
+	for i := range items.Items {
+		item := &items.Items[i]
+
+		for j := range labelsToRemove {
+			delete(item.ObjectMeta.Labels, labelsToRemove[j])
+		}
+
+		for k, v := range labels {
+			item.ObjectMeta.Labels[k] = v
+		}
+
+		if _, err := c.Client.CoreV1().Secrets(cluster.Namespace).Update(ctx,
+			item, metav1.UpdateOptions{}); err != nil {
+			return err
+		}
+	}
+
+	return nil
+}
+
+// updateLabelsForServices updates the custom labels for Services
+func updateLabelsForServices(c *Controller, cluster *crv1.Pgcluster, labels map[string]string, labelsToRemove []string) error {
+	ctx := context.TODO()
+
+	options := metav1.ListOptions{
+		LabelSelector: fields.AndSelectors(
+			fields.OneTermEqualSelector(config.LABEL_PG_CLUSTER, cluster.Name),
+			fields.OneTermEqualSelector(config.LABEL_VENDOR, config.LABEL_CRUNCHY),
+		).String(),
+	}
+
+	items, err := c.Client.CoreV1().Services(cluster.Namespace).List(ctx, options)
+
+	if err != nil {
+		return err
+	}
+
+	for i := range items.Items {
+		item := &items.Items[i]
+
+		for j := range labelsToRemove {
+			delete(item.ObjectMeta.Labels, labelsToRemove[j])
+		}
+
+		for k, v := range labels {
+			item.ObjectMeta.Labels[k] = v
+		}
+
+		if _, err := c.Client.CoreV1().Services(cluster.Namespace).Update(ctx,
+			item, metav1.UpdateOptions{}); err != nil {
+			return err
+		}
+	}
+
+	return nil
+}
+
 // updatePgBouncer updates the pgBouncer Deployment to reflect any changes that
 // may be made, which include:
 // - enabling a pgBouncer Deployment :)
diff --git a/internal/operator/cluster/cluster.go b/internal/operator/cluster/cluster.go
