add watch labels to all managed secrets

Signed-off-by: Peter Wilcsinszky <[email protected]>
Co-authored-by: Bence Csati <[email protected]>

Author: pepov

pkg/resources/fluentbit/configsecret.go

@@ -448,9 +448,13 @@ func (r *Reconciler) configSecret() (runtime.Object, reconciler.DesiredState, er
 	}
 
 	r.configs = confs
-
+	meta := r.FluentbitObjectMeta(fluentBitSecretConfigName)
+	meta.Labels = utils.MergeLabels(
+		meta.Labels,
+		map[string]string{"logging.banzaicloud.io/watch": "enabled"},
+	)
 	return &corev1.Secret{
-		ObjectMeta: r.FluentbitObjectMeta(fluentBitSecretConfigName),
+		ObjectMeta: meta,
 		Data:       confs,
 	}, reconciler.StatePresent, nil
 }

pkg/resources/fluentd/appconfigmap.go

@@ -21,6 +21,7 @@ import (
 
 	"emperror.dev/errors"
 	"github.com/cisco-open/operator-tools/pkg/reconciler"
+	"github.com/cisco-open/operator-tools/pkg/utils"
 	"github.com/spf13/cast"
 	corev1 "k8s.io/api/core/v1"
 	apierrors "k8s.io/apimachinery/pkg/api/errors"
@@ -49,9 +50,11 @@ func (r *Reconciler) appConfigSecret() (runtime.Object, reconciler.DesiredState,
 	} else {
 		data[AppConfigKey] = []byte(*r.config)
 	}
+	meta := r.FluentdObjectMeta(AppSecretConfigName, ComponentFluentd)
+	meta.Labels = utils.MergeLabels(meta.Labels, map[string]string{"logging.banzaicloud.io/watch": "enabled"})
 
 	return &corev1.Secret{
-		ObjectMeta: r.FluentdObjectMeta(AppSecretConfigName, ComponentFluentd),
+		ObjectMeta: meta,
 		Data:       data,
 	}, reconciler.StatePresent, nil
 }
@@ -214,8 +217,11 @@ func (r *Reconciler) newCheckSecret(hashKey string, fluentdSpec v1beta1.FluentdS
 		data[ConfigCheckKey] = []byte(*r.config)
 	}
 	data["fluent.conf"] = []byte(fluentdConfigCheckTemplate)
+	meta := r.FluentdObjectMeta(fmt.Sprintf("fluentd-configcheck-%s", hashKey), ComponentConfigCheck)
+	meta.Labels = utils.MergeLabels(meta.Labels, map[string]string{"logging.banzaicloud.io/watch": "enabled"})
+
 	return &corev1.Secret{
-		ObjectMeta: r.FluentdObjectMeta(fmt.Sprintf("fluentd-configcheck-%s", hashKey), ComponentConfigCheck),
+		ObjectMeta: meta,
 		Data:       data,
 	}, nil
 }
@@ -229,8 +235,11 @@ func (r *Reconciler) newCheckSecretAppConfig(hashKey string, fluentdSpec v1beta1
 	} else {
 		data[ConfigCheckKey] = []byte(*r.config)
 	}
+	meta := r.FluentdObjectMeta(fmt.Sprintf("fluentd-configcheck-app-%s", hashKey), ComponentConfigCheck)
+	meta.Labels = utils.MergeLabels(meta.Labels, map[string]string{"logging.banzaicloud.io/watch": "enabled"})
+
 	return &corev1.Secret{
-		ObjectMeta: r.FluentdObjectMeta(fmt.Sprintf("fluentd-configcheck-app-%s", hashKey), ComponentConfigCheck),
+		ObjectMeta: meta,
 		Data:       data,
 	}, nil
 }
@@ -242,6 +251,10 @@ func (r *Reconciler) newCheckOutputSecret(hashKey string) (*corev1.Secret, error
 	}
 	if secret, ok := obj.(*corev1.Secret); ok {
 		secret.ObjectMeta = r.FluentdObjectMeta(fmt.Sprintf("fluentd-configcheck-output-%s", hashKey), ComponentConfigCheck)
+		secret.ObjectMeta.Labels = utils.MergeLabels(
+			secret.ObjectMeta.Labels,
+			map[string]string{"logging.banzaicloud.io/watch": "enabled"},
+		)
 		return secret, nil
 	}
 	return nil, errors.New("output secret is invalid, unable to create output secret for config check")

pkg/resources/fluentd/configsecret.go

@@ -21,9 +21,11 @@ import (
 
 	"emperror.dev/errors"
 	"github.com/cisco-open/operator-tools/pkg/reconciler"
-	"github.com/kube-logging/logging-operator/pkg/sdk/logging/api/v1beta1"
+	"github.com/cisco-open/operator-tools/pkg/utils"
 	corev1 "k8s.io/api/core/v1"
 	"k8s.io/apimachinery/pkg/runtime"
+
+	"github.com/kube-logging/logging-operator/pkg/sdk/logging/api/v1beta1"
 )
 
 type fluentdConfig struct {
@@ -96,10 +98,14 @@ func (r *Reconciler) secretConfig() (runtime.Object, reconciler.DesiredState, er
 		return nil, nil, err
 	}
 	configMap["fluentlog.conf"] = []byte(fmt.Sprintf(fluentLog, r.fluentdSpec.FluentLogDestination))
+	meta := r.FluentdObjectMeta(SecretConfigName, ComponentFluentd)
+	meta.Labels = utils.MergeLabels(
+		meta.Labels,
+		map[string]string{"logging.banzaicloud.io/watch": "enabled"},
+	)
 	configs := &corev1.Secret{
-		ObjectMeta: r.FluentdObjectMeta(SecretConfigName, ComponentFluentd),
+		ObjectMeta: meta,
 		Data:       configMap,
 	}
-
 	return configs, reconciler.StatePresent, nil
 }

pkg/resources/fluentd/outputsecret.go

@@ -21,6 +21,7 @@ import (
 	"emperror.dev/errors"
 	"github.com/cisco-open/operator-tools/pkg/reconciler"
 	"github.com/cisco-open/operator-tools/pkg/secret"
+	"github.com/cisco-open/operator-tools/pkg/utils"
 	corev1 "k8s.io/api/core/v1"
 	v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/runtime"
@@ -76,6 +77,10 @@ func (r *Reconciler) outputSecret(secrets *secret.MountSecrets, mountPath string
 			fluentOutputSecret.Data[secret.MappedKey] = secret.Value
 		}
 	}
+	fluentOutputSecret.ObjectMeta.Labels = utils.MergeLabels(
+		fluentOutputSecret.ObjectMeta.Labels,
+		map[string]string{"logging.banzaicloud.io/watch": "enabled"},
+	)
 
 	return fluentOutputSecret, reconciler.StatePresent, nil
 }

pkg/resources/syslogng/configcheck.go

@@ -22,6 +22,7 @@ import (
 
 	"emperror.dev/errors"
 	"github.com/cisco-open/operator-tools/pkg/merge"
+	"github.com/cisco-open/operator-tools/pkg/utils"
 	"github.com/spf13/cast"
 	corev1 "k8s.io/api/core/v1"
 	apierrors "k8s.io/apimachinery/pkg/api/errors"
@@ -163,8 +164,13 @@ func (r *Reconciler) configCheck(ctx context.Context) (*ConfigCheckResult, error
 }
 
 func (r *Reconciler) newCheckSecret(hashKey string) (*corev1.Secret, error) {
+	meta := r.SyslogNGObjectMeta(configCheckResourceName(hashKey), ComponentConfigCheck)
+	meta.Labels = utils.MergeLabels(
+		meta.Labels,
+		map[string]string{"logging.banzaicloud.io/watch": "enabled"},
+	)
 	return &corev1.Secret{
-		ObjectMeta: r.SyslogNGObjectMeta(configCheckResourceName(hashKey), ComponentConfigCheck),
+		ObjectMeta: meta,
 		Data: map[string][]byte{
 			configKey: []byte(r.config),
 		},
@@ -178,6 +184,11 @@ func (r *Reconciler) newCheckOutputSecret(hashKey string) (*corev1.Secret, error
 	}
 	if secret, ok := obj.(*corev1.Secret); ok {
 		secret.ObjectMeta = r.SyslogNGObjectMeta(fmt.Sprintf("syslog-ng-configcheck-output-%s", hashKey), ComponentConfigCheck)
+		secret.ObjectMeta.Labels = utils.MergeLabels(
+			secret.ObjectMeta.Labels,
+			map[string]string{"logging.banzaicloud.io/watch": "enabled"},
+		)
+
 		return secret, nil
 	}
 	return nil, errors.New("output secret is invalid, unable to create output secret for config check")

pkg/resources/syslogng/configsecret.go

@@ -16,6 +16,7 @@ package syslogng
 
 import (
 	"github.com/cisco-open/operator-tools/pkg/reconciler"
+	"github.com/cisco-open/operator-tools/pkg/utils"
 	corev1 "k8s.io/api/core/v1"
 	"k8s.io/apimachinery/pkg/runtime"
 )
@@ -27,6 +28,10 @@ func (r *Reconciler) configSecret() (runtime.Object, reconciler.DesiredState, er
 			configKey: []byte(r.config),
 		},
 	}
+	secret.ObjectMeta.Labels = utils.MergeLabels(
+		secret.ObjectMeta.Labels,
+		map[string]string{"logging.banzaicloud.io/watch": "enabled"},
+	)
 
 	return secret, reconciler.StatePresent, nil
 }

pkg/resources/syslogng/outputsecret.go

@@ -21,6 +21,7 @@ import (
 	"emperror.dev/errors"
 	"github.com/cisco-open/operator-tools/pkg/reconciler"
 	"github.com/cisco-open/operator-tools/pkg/secret"
+	"github.com/cisco-open/operator-tools/pkg/utils"
 	corev1 "k8s.io/api/core/v1"
 	v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/runtime"
@@ -62,6 +63,10 @@ func (r *Reconciler) outputSecret(secrets *secret.MountSecrets, mountPath string
 			Namespace: r.Logging.Spec.ControlNamespace,
 		},
 	}
+	syslogNGOutputSecret.ObjectMeta.Labels = utils.MergeLabels(
+		syslogNGOutputSecret.ObjectMeta.Labels,
+		map[string]string{"logging.banzaicloud.io/watch": "enabled"},
+	)
 	if syslogNGOutputSecret.Data == nil {
 		syslogNGOutputSecret.Data = make(map[string][]byte)
 	}