diff --git a/helm/olmv1/templates/networkpolicy/networkpolicy-olmv1-system-catalogd-controller-manager.yml b/helm/olmv1/templates/networkpolicy/networkpolicy-olmv1-system-catalogd-controller-manager.yml index 9c63ab376a..803e2c5943 100644 --- a/helm/olmv1/templates/networkpolicy/networkpolicy-olmv1-system-catalogd-controller-manager.yml +++ b/helm/olmv1/templates/networkpolicy/networkpolicy-olmv1-system-catalogd-controller-manager.yml @@ -22,7 +22,7 @@ spec: protocol: TCP podSelector: matchLabels: - app.kubernetes.io/name: catalogd + control-plane: catalogd-controller-manager policyTypes: - Ingress - Egress diff --git a/helm/olmv1/templates/networkpolicy/networkpolicy-olmv1-system-operator-controller-controller-manager.yml b/helm/olmv1/templates/networkpolicy/networkpolicy-olmv1-system-operator-controller-controller-manager.yml index e91a7e55dd..fc85c57b84 100644 --- a/helm/olmv1/templates/networkpolicy/networkpolicy-olmv1-system-operator-controller-controller-manager.yml +++ b/helm/olmv1/templates/networkpolicy/networkpolicy-olmv1-system-operator-controller-controller-manager.yml @@ -18,7 +18,7 @@ spec: protocol: TCP podSelector: matchLabels: - app.kubernetes.io/name: operator-controller + control-plane: operator-controller-controller-manager policyTypes: - Ingress - Egress diff --git a/manifests/experimental-e2e.yaml b/manifests/experimental-e2e.yaml index 8f2dfe1970..9fd345a3db 100644 --- a/manifests/experimental-e2e.yaml +++ b/manifests/experimental-e2e.yaml @@ -40,7 +40,7 @@ spec: protocol: TCP podSelector: matchLabels: - app.kubernetes.io/name: catalogd + control-plane: catalogd-controller-manager policyTypes: - Ingress - Egress @@ -82,7 +82,7 @@ spec: protocol: TCP podSelector: matchLabels: - app.kubernetes.io/name: operator-controller + control-plane: operator-controller-controller-manager policyTypes: - Ingress - Egress diff --git a/manifests/experimental.yaml b/manifests/experimental.yaml index 4e5f80c745..9658b7de8a 100644 --- a/manifests/experimental.yaml +++ b/manifests/experimental.yaml @@ -40,7 +40,7 @@ spec: protocol: TCP podSelector: matchLabels: - app.kubernetes.io/name: catalogd + control-plane: catalogd-controller-manager policyTypes: - Ingress - Egress @@ -82,7 +82,7 @@ spec: protocol: TCP podSelector: matchLabels: - app.kubernetes.io/name: operator-controller + control-plane: operator-controller-controller-manager policyTypes: - Ingress - Egress diff --git a/manifests/standard-e2e.yaml b/manifests/standard-e2e.yaml index ca7a68e05e..3a8518092d 100644 --- a/manifests/standard-e2e.yaml +++ b/manifests/standard-e2e.yaml @@ -40,7 +40,7 @@ spec: protocol: TCP podSelector: matchLabels: - app.kubernetes.io/name: catalogd + control-plane: catalogd-controller-manager policyTypes: - Ingress - Egress @@ -82,7 +82,7 @@ spec: protocol: TCP podSelector: matchLabels: - app.kubernetes.io/name: operator-controller + control-plane: operator-controller-controller-manager policyTypes: - Ingress - Egress diff --git a/manifests/standard.yaml b/manifests/standard.yaml index 76b0d4f2a8..55f0e28c3d 100644 --- a/manifests/standard.yaml +++ b/manifests/standard.yaml @@ -40,7 +40,7 @@ spec: protocol: TCP podSelector: matchLabels: - app.kubernetes.io/name: catalogd + control-plane: catalogd-controller-manager policyTypes: - Ingress - Egress @@ -82,7 +82,7 @@ spec: protocol: TCP podSelector: matchLabels: - app.kubernetes.io/name: operator-controller + control-plane: operator-controller-controller-manager policyTypes: - Ingress - Egress diff --git a/test/e2e/metrics_test.go b/test/e2e/metrics_test.go index 54ff41201f..a95f16c2c3 100644 --- a/test/e2e/metrics_test.go +++ b/test/e2e/metrics_test.go @@ -32,7 +32,7 @@ import ( func TestOperatorControllerMetricsExportedEndpoint(t *testing.T) { client := utils.FindK8sClient(t) curlNamespace := createRandomNamespace(t, client) - componentNamespace := getComponentNamespace(t, client, operatorManagerSelector) + componentNamespace := getComponentNamespace(t, client, "control-plane=operator-controller-controller-manager") metricsURL := fmt.Sprintf("https://operator-controller-service.%s.svc.cluster.local:8443/metrics", componentNamespace) config := NewMetricsTestConfig( @@ -52,7 +52,7 @@ func TestOperatorControllerMetricsExportedEndpoint(t *testing.T) { func TestCatalogdMetricsExportedEndpoint(t *testing.T) { client := utils.FindK8sClient(t) curlNamespace := createRandomNamespace(t, client) - componentNamespace := getComponentNamespace(t, client, catalogdManagerSelector) + componentNamespace := getComponentNamespace(t, client, "control-plane=catalogd-controller-manager") metricsURL := fmt.Sprintf("https://catalogd-service.%s.svc.cluster.local:7443/metrics", componentNamespace) config := NewMetricsTestConfig( @@ -231,20 +231,16 @@ func createRandomNamespace(t *testing.T, client string) string { } // getComponentNamespace returns the namespace where operator-controller or catalogd is running -func getComponentNamespace(t *testing.T, client string, selectors []string) string { - for _, selector := range selectors { - cmd := exec.Command(client, "get", "pods", "--all-namespaces", "--selector="+selector, "--output=jsonpath={.items[0].metadata.namespace}") - output, err := cmd.CombinedOutput() - if err != nil { - continue - } - namespace := string(bytes.TrimSpace(output)) - if namespace != "" { - return namespace - } +func getComponentNamespace(t *testing.T, client, selector string) string { + cmd := exec.Command(client, "get", "pods", "--all-namespaces", "--selector="+selector, "--output=jsonpath={.items[0].metadata.namespace}") + output, err := cmd.CombinedOutput() + require.NoError(t, err, "Error determining namespace: %s", string(output)) + + namespace := string(bytes.TrimSpace(output)) + if namespace == "" { + t.Fatal("No namespace found for selector " + selector) } - t.Fatalf("No namespace found for selectors: %v", selectors) - return "" + return namespace } func stdoutAndCombined(cmd *exec.Cmd) ([]byte, []byte, error) { diff --git a/test/e2e/network_policy_test.go b/test/e2e/network_policy_test.go index ad35e72cb5..00143df416 100644 --- a/test/e2e/network_policy_test.go +++ b/test/e2e/network_policy_test.go @@ -20,17 +20,14 @@ import ( const ( minJustificationLength = 40 + catalogdManagerSelector = "control-plane=catalogd-controller-manager" + operatorManagerSelector = "control-plane=operator-controller-controller-manager" catalogdMetricsPort = 7443 catalogdWebhookPort = 9443 catalogServerPort = 8443 operatorControllerMetricsPort = 8443 ) -var ( - catalogdManagerSelector = []string{"app.kubernetes.io/name=catalogd", "control-plane=catalogd-controller-manager"} - operatorManagerSelector = []string{"app.kubernetes.io/name=operator-controller", "control-plane=operator-controller-controller-manager"} -) - type portWithJustification struct { port []networkingv1.NetworkPolicyPort justification string @@ -91,7 +88,7 @@ var prometheuSpec = allowedPolicyDefinition{ // Ref: https://docs.google.com/document/d/1bHEEWzA65u-kjJFQRUY1iBuMIIM1HbPy4MeDLX4NI3o/edit?usp=sharing var allowedNetworkPolicies = map[string]allowedPolicyDefinition{ "catalogd-controller-manager": { - selector: metav1.LabelSelector{MatchLabels: map[string]string{"app.kubernetes.io/name": "catalogd"}}, + selector: metav1.LabelSelector{MatchLabels: map[string]string{"control-plane": "catalogd-controller-manager"}}, policyTypes: []networkingv1.PolicyType{networkingv1.PolicyTypeIngress, networkingv1.PolicyTypeEgress}, ingressRule: ingressRule{ ports: []portWithJustification{ @@ -119,7 +116,7 @@ var allowedNetworkPolicies = map[string]allowedPolicyDefinition{ }, }, "operator-controller-controller-manager": { - selector: metav1.LabelSelector{MatchLabels: map[string]string{"app.kubernetes.io/name": "operator-controller"}}, + selector: metav1.LabelSelector{MatchLabels: map[string]string{"control-plane": "operator-controller-controller-manager"}}, policyTypes: []networkingv1.PolicyType{networkingv1.PolicyTypeIngress, networkingv1.PolicyTypeEgress}, ingressRule: ingressRule{ ports: []portWithJustification{