Merge pull request #7 from ninech/add-labels-to-nameserver

Add labels to nameserver
ninech · Dec 17, 2024 · c6d3f62 · c6d3f62
2 parents ff93bd1 + 38f58ea
commit c6d3f62
Show file tree

Hide file tree

Showing 8 changed files with 37 additions and 27 deletions.
diff --git a/cmd/k8s-operator/deploy/chart/templates/dns-config.yaml b/cmd/k8s-operator/deploy/chart/templates/dns-config.yaml
diff --git a/cmd/k8s-operator/deploy/chart/values.yaml b/cmd/k8s-operator/deploy/chart/values.yaml
@@ -90,15 +90,3 @@ apiServerProxyConfig:
   mode: "false" # "true", "false", "noauth"
 
 imagePullSecrets: []
-
-# dnsConfig allows to deploy the k8s-nameserver which allows to use magicDNS
-# names.
-dnsConfig:
-  enabled: false
-  image:
-    repo: "tailscale/k8s-nameserver"
-    ## tag can be used to overwrite the tag of the container image to be used.
-    ## By default the appVersion will be used. 
-    tag: ""
-  ## domain allows to customize the magicDNS domain.
-  domain: "ts.net"
diff --git a/cmd/k8s-operator/deploy/crds/tailscale.com_dnsconfigs.yaml b/cmd/k8s-operator/deploy/crds/tailscale.com_dnsconfigs.yaml
@@ -103,6 +103,13 @@ spec:
                         tag:
                           description: Tag defaults to unstable.
                           type: string
+                podLabels:
+                  description: |-
+                    PodLabels are the labels which will be attached to the nameserver
+                    pod. They can be used to define network policies.
+                  type: object
+                  additionalProperties:
+                    type: string
             status:
               description: |-
                 Status describes the status of the DNSConfig. This is set

diff --git a/cmd/k8s-operator/deploy/manifests/operator.yaml b/cmd/k8s-operator/deploy/manifests/operator.yaml
@@ -348,6 +348,13 @@ spec:
                                                 type: string
                                         type: object
                                 type: object
+                            podLabels:
+                                additionalProperties:
+                                    type: string
+                                description: |-
+                                    PodLabels are the labels which will be attached to the nameserver
+                                    pod. They can be used to define network policies.
+                                type: object
                         required:
                             - nameserver
                         type: object

diff --git a/cmd/k8s-operator/nameserver.go b/cmd/k8s-operator/nameserver.go
@@ -163,11 +163,12 @@ func nameserverResourceLabels(name, namespace string) map[string]string {
 }
 
 func (a *NameserverReconciler) maybeProvision(ctx context.Context, tsDNSCfg *tsapi.DNSConfig, logger *zap.SugaredLogger) error {
-	labels := nameserverResourceLabels(tsDNSCfg.Name, a.tsNamespace)
+	resourceLabels := nameserverResourceLabels(tsDNSCfg.Name, a.tsNamespace)
 	dCfg := &deployConfig{
 		ownerRefs: []metav1.OwnerReference{*metav1.NewControllerRef(tsDNSCfg, tsapi.SchemeGroupVersion.WithKind("DNSConfig"))},
 		namespace: a.tsNamespace,
-		labels:    labels,
+		labels:    resourceLabels,
+		podLabels: tsDNSCfg.Spec.PodLabels,
 		imageRepo: defaultNameserverImageRepo,
 		imageTag:  defaultNameserverImageTag,
 	}
@@ -208,6 +209,7 @@ type deployConfig struct {
 	imageRepo string
 	imageTag  string
 	labels    map[string]string
+	podLabels map[string]string
 	ownerRefs []metav1.OwnerReference
 	namespace string
 	domain    string
@@ -237,6 +239,13 @@ var (
 			d.ObjectMeta.Namespace = cfg.namespace
 			d.ObjectMeta.Labels = cfg.labels
 			d.ObjectMeta.OwnerReferences = cfg.ownerRefs
+			if d.Spec.Template.Labels == nil {
+				d.Spec.Template.Labels = make(map[string]string)
+			}
+			for key, value := range cfg.podLabels {
+				d.Spec.Template.Labels[key] = value
+			}
+
 			updateF := func(oldD *appsv1.Deployment) {
 				oldD.Spec = d.Spec
 			}

diff --git a/k8s-operator/api.md b/k8s-operator/api.md
@@ -212,6 +212,7 @@ _Appears in:_
 | --- | --- | --- | --- |
 | `nameserver` _[Nameserver](#nameserver)_ | Configuration for a nameserver that can resolve ts.net DNS names<br />associated with in-cluster proxies for Tailscale egress Services and<br />Tailscale Ingresses. The operator will always deploy this nameserver<br />when a DNSConfig is applied. |  |  |
 | `domain` _string_ | Domain is the domain for which DNS entries will be resolved. If left<br />empty, the default of the k8s-nameserver will be used. |  |  |
+| `podLabels` _object (keys:string, values:string)_ | PodLabels are the labels which will be attached to the nameserver<br />pod. They can be used to define network policies. |  |  |
 
 
 #### DNSConfigStatus

diff --git a/k8s-operator/apis/v1alpha1/types_tsdnsconfig.go b/k8s-operator/apis/v1alpha1/types_tsdnsconfig.go
@@ -79,6 +79,10 @@ type DNSConfigSpec struct {
 	// empty, the default of the k8s-nameserver will be used.
 	// +optional
 	Domain string `json:"domain"`
+	// PodLabels are the labels which will be attached to the nameserver
+	// pod. They can be used to define network policies.
+	// +optional
+	PodLabels map[string]string `json:"podLabels,omitempty"`
 }
 
 type Nameserver struct {

diff --git a/k8s-operator/apis/v1alpha1/zz_generated.deepcopy.go b/k8s-operator/apis/v1alpha1/zz_generated.deepcopy.go