Add ownership annotation for certificates

openshift · Nov 22, 2023 · d20f426 · d20f426
1 parent ec1f3e4
commit d20f426
Show file tree

Hide file tree

Showing 6 changed files with 52 additions and 2 deletions.
diff --git a/assets/cluster-monitoring-operator/federate-client-certs.yaml b/assets/cluster-monitoring-operator/federate-client-certs.yaml
@@ -2,6 +2,8 @@ apiVersion: v1
 data: {}
 kind: Secret
 metadata:
+  annotations:
+    openshift.io/owning-component: Monitoring
   labels:
     app.kubernetes.io/managed-by: cluster-monitoring-operator
     app.kubernetes.io/part-of: openshift-monitoring

diff --git a/assets/cluster-monitoring-operator/metrics-client-certs.yaml b/assets/cluster-monitoring-operator/metrics-client-certs.yaml
@@ -2,6 +2,8 @@ apiVersion: v1
 data: {}
 kind: Secret
 metadata:
+  annotations:
+    openshift.io/owning-component: Monitoring
   labels:
     app.kubernetes.io/managed-by: cluster-monitoring-operator
     app.kubernetes.io/part-of: openshift-monitoring

diff --git a/jsonnet/components/cluster-monitoring-operator.libsonnet b/jsonnet/components/cluster-monitoring-operator.libsonnet
@@ -62,6 +62,9 @@ function(params) {
     metadata: {
       name: 'metrics-client-certs',
       namespace: cfg.namespace,
+      annotations: {
+        'openshift.io/owning-component': 'Monitoring'
+      }
     },
     type: 'Opaque',
     data: {},
@@ -73,6 +76,9 @@ function(params) {
     metadata: {
       name: 'federate-client-certs',
       namespace: cfg.namespace,
+      annotations: {
+        'openshift.io/owning-component': 'Monitoring'
+      }
     },
     type: 'Opaque',
     data: {},

diff --git a/pkg/manifests/tls.go b/pkg/manifests/tls.go
@@ -21,6 +21,7 @@ import (
 	"math/big"
 	"time"
 
+	"github.com/openshift/api/annotations"
 	"github.com/openshift/library-go/pkg/crypto"
 	"github.com/pkg/errors"
 	v1 "k8s.io/api/core/v1"
@@ -61,7 +62,9 @@ func (f *Factory) MetricsClientCerts() (*v1.Secret, error) {
 
 	s.Namespace = f.namespace
 	s.Data = make(map[string][]byte)
-	s.Annotations = make(map[string]string)
+	s.Annotations = map[string]string{
+		annotations.OpenShiftComponent: "Monitoring",
+	}
 
 	return s, nil
 }
@@ -74,7 +77,9 @@ func (f *Factory) FederateClientCerts() (*v1.Secret, error) {
 
 	s.Namespace = f.namespace
 	s.Data = make(map[string][]byte)
-	s.Annotations = make(map[string]string)
+	s.Annotations = map[string]string{
+		annotations.OpenShiftComponent: "Monitoring",
+	}
 
 	return s, nil
 }

diff --git a/vendor/github.com/openshift/api/annotations/annotations.go b/vendor/github.com/openshift/api/annotations/annotations.go
diff --git a/vendor/modules.txt b/vendor/modules.txt
@@ -295,6 +295,7 @@ github.com/opencontainers/go-digest
 # github.com/openshift/api v0.0.0-20231109185848-6cd72e415ddb
 ## explicit; go 1.20
 github.com/openshift/api
+github.com/openshift/api/annotations
 github.com/openshift/api/apiserver
 github.com/openshift/api/apiserver/v1
 github.com/openshift/api/apps