enabling a single configmap per deployment

AlexsJones · AlexsJones · commit f8d0d9f66eab · 2022-05-27T17:11:08.000+01:00
diff --git a/README.md b/README.md
@@ -66,3 +66,7 @@ root@nginx:/# curl localhost:8080
  3. `kubectl apply -f config/webhook/certificate.yaml`
  4. `IMG=ghcr.io/open-feature/open-feature-operator:main make deploy`
 
+#### Run the example
+
+1. `kubectl apply -f config/samples/featureflagconfiguration-sample.yaml`
+2. `kubectl apply -f config/samples/pod.yaml`
diff --git a/config/manager/kustomization.yaml b/config/manager/kustomization.yaml
@@ -12,5 +12,5 @@ apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 images:
 - name: controller
-  newName: ghcr.io/open-feature/open-feature-operator
-  newTag: main
+  newName: tibbar/of-operator
+  newTag: v0.0.2.1
diff --git a/config/samples/deployment.yaml b/config/samples/deployment.yaml
@@ -2,18 +2,18 @@ apiVersion: apps/v1
 kind: Deployment
 metadata:
   name: nginx-deployment
-  annotations:
-    openfeature.dev: "enabled"
-    openfeature.dev/featureflagconfiguration: "featureflagconfiguration-sample"
 spec:
   selector:
     matchLabels:
       app: nginx
-  replicas: 2 # tells deployment to run 2 pods matching the template
+  replicas: 5 # tells deployment to run 2 pods matching the template
   template:
     metadata:
       labels:
         app: nginx
+      annotations:
+        openfeature.dev: "enabled"
+        openfeature.dev/featureflagconfiguration: "featureflagconfiguration-sample"
     spec:
       containers:
       - name: nginx
diff --git a/config/webhook/manifests.yaml b/config/webhook/manifests.yaml
@@ -24,5 +24,4 @@ webhooks:
     - UPDATE
     resources:
     - pods
-    - deployments
   sideEffects: NoneOnDryRun
diff --git a/webhooks/mutating_admission_webhook.go b/webhooks/mutating_admission_webhook.go
@@ -17,7 +17,7 @@ import (
 // NOTE: RBAC not needed here.
 //+kubebuilder:rbac:groups="",resources=pods,verbs=get;list;watch;create;update;patch;delete
 //+kubebuilder:rbac:groups="",resources=configmaps,verbs=get;list;watch;create;update;patch;delete
-// +kubebuilder:webhook:path=/mutate-v1-pod,mutating=true,failurePolicy=Ignore,groups="",resources=pods;deployments,verbs=create;update,versions=v1,name=mpod.kb.io,admissionReviewVersions=v1,sideEffects=NoneOnDryRun
+// +kubebuilder:webhook:path=/mutate-v1-pod,mutating=true,failurePolicy=Ignore,groups="",resources=pods,verbs=create;update,versions=v1,name=mpod.kb.io,admissionReviewVersions=v1,sideEffects=NoneOnDryRun
 
 // PodMutator annotates Pods
 type PodMutator struct {
@@ -30,17 +30,13 @@ type PodMutator struct {
 func (m *PodMutator) Handle(ctx context.Context, req admission.Request) admission.Response {
 
 	pod := &corev1.Pod{}
-	m.Log.V(2).Info("Handling pod %s/%s", req.Namespace, req.Name)
 	err := m.decoder.Decode(req, pod)
 	if err != nil {
 		return admission.Errored(http.StatusBadRequest, err)
 	}
-
 	// Check enablement
 	val, ok := pod.GetAnnotations()["openfeature.dev"]
-	if !ok {
-		return admission.Allowed("no annotation")
-	} else {
+	if ok {
 		if val != "enabled" {
 			m.Log.V(2).Info("openfeature.dev Annotation is not enabled")
 			return admission.Allowed("openfeature is disabled")
@@ -50,7 +46,7 @@ func (m *PodMutator) Handle(ctx context.Context, req admission.Request) admissio
 	// Check CustomResource
 	val, ok = pod.GetAnnotations()["openfeature.dev/featureflagconfiguration"]
 	if !ok {
-		return admission.Denied("FeatureFlagConfiguration not found")
+		return admission.Allowed("FeatureFlagConfiguration not found")
 	} else {
 		// Current limitation is to use the same namespace, this is easy to fix though
 		// e.g. namespace/name check
@@ -60,28 +56,33 @@ func (m *PodMutator) Handle(ctx context.Context, req admission.Request) admissio
 			return admission.Denied("FeatureFlagConfiguration not found")
 		}
 	}
+	name := pod.Name
+	if len(pod.GetOwnerReferences()) != 0 {
+		name = pod.GetOwnerReferences()[0].Name
+	}
+
 	// TODO: this should be a short sha to avoid collisions
-	configName := fmt.Sprintf("%s-%s-config", pod.Name, pod.Namespace)
+	configName := name
 	// Create the agent configmap
 	m.Client.Delete(context.TODO(), &corev1.ConfigMap{
 		ObjectMeta: metav1.ObjectMeta{
 			Name:      configName,
 			Namespace: req.Namespace,
 		},
 	}) // Delete the configmap if it exists
-	m.Log.V(1).Info(fmt.Sprintf("Creating configmap %s/%s", pod.Namespace, configName))
+	m.Log.V(1).Info(fmt.Sprintf("Creating configmap %s", configName))
 	if err := m.Client.Create(ctx, &corev1.ConfigMap{
 		ObjectMeta: metav1.ObjectMeta{
 			Name:      configName,
-			Namespace: pod.Namespace,
+			Namespace: req.Namespace,
 		},
 		//TODO
 		Data: map[string]string{
 			"config.yaml": featureFlagCustomResource.Spec.FeatureFlagSpec,
 		},
 	}); err != nil {
 
-		m.Log.V(1).Info(fmt.Sprintf("failed to create config map %s", configName))
+		m.Log.V(1).Info(fmt.Sprintf("failed to create config map %s error: %s", configName, err.Error()))
 		return admission.Errored(http.StatusInternalServerError, err)
 	}
 
