feat(helm): helm apps deployed by portainer not marked as external EE-1624 (#5637)

* helm lib update * helm handler requires kubernetes deployer to modify helm deployed resources * AddAppLabels updated to be more generic - support for adding multiple labels using map * path installed helm release manifest with portainer labels using kubectl * updated helm handler unit tests to use mock KubernetesDeployer * adding labels to manifest retrieved from release * optional namespace support for k8s raw manifest deployment * - inline postprocessing support when extracting - get namespace from yaml support - added and updated tests * lowercase error wrapping * updated libhelm dep
2025-07-19 13:29:41 +02:00 · 2021-09-29 13:12:45 +13:00 · 2021-09-29 13:12:45 +13:00 · af98660a55
commit af98660a55
parent 50f63ae865
14 changed files with 494 additions and 30 deletions
--- a/api/kubernetes/yaml.go
+++ b/api/kubernetes/yaml.go
@ -11,6 +11,14 @@ import (
 	"gopkg.in/yaml.v3"
 )

+const (
+	labelPortainerAppStackID = "io.portainer.kubernetes.application.stackid"
+	labelPortainerAppName    = "io.portainer.kubernetes.application.name"
+	labelPortainerAppOwner   = "io.portainer.kubernetes.application.owner"
+	labelPortainerAppKind    = "io.portainer.kubernetes.application.kind"
+)
+
+// KubeAppLabels are labels applied to all resources deployed in a kubernetes stack
 type KubeAppLabels struct {
 	StackID int
 	Name    string
@ -18,14 +26,49 @@ type KubeAppLabels struct {
 	Kind    string
 }

+// ToMap converts KubeAppLabels to a map[string]string
+func (kal *KubeAppLabels) ToMap() map[string]string {
+	return map[string]string{
+		labelPortainerAppStackID: strconv.Itoa(kal.StackID),
+		labelPortainerAppName:    kal.Name,
+		labelPortainerAppOwner:   kal.Owner,
+		labelPortainerAppKind:    kal.Kind,
+	}
+}
+
+// GetHelmAppLabels returns the labels to be applied to portainer deployed helm applications
+func GetHelmAppLabels(name, owner string) map[string]string {
+	return map[string]string{
+		labelPortainerAppName:  name,
+		labelPortainerAppOwner: owner,
+	}
+}
+
 // AddAppLabels adds required labels to "Resource"->metadata->labels.
 // It'll add those labels to all Resource (nodes with a kind property exluding a list) it can find in provided yaml.
 // Items in the yaml file could either be organised as a list or broken into multi documents.
-func AddAppLabels(manifestYaml []byte, appLabels KubeAppLabels) ([]byte, error) {
+func AddAppLabels(manifestYaml []byte, appLabels map[string]string) ([]byte, error) {
 	if bytes.Equal(manifestYaml, []byte("")) {
 		return manifestYaml, nil
 	}

+	postProcessYaml := func(yamlDoc interface{}) error {
+		addResourceLabels(yamlDoc, appLabels)
+		return nil
+	}
+
+	docs, err := ExtractDocuments(manifestYaml, postProcessYaml)
+	if err != nil {
+		return nil, err
+	}
+
+	return bytes.Join(docs, []byte("---\n")), nil
+}
+
+// ExtractDocuments extracts all the documents from a yaml file
+// Optionally post-process each document with a function, which can modify the document in place.
+// Pass in nil for postProcessYaml to skip post-processing.
+func ExtractDocuments(manifestYaml []byte, postProcessYaml func(interface{}) error) ([][]byte, error) {
 	docs := make([][]byte, 0)
 	yamlDecoder := yaml.NewDecoder(bytes.NewReader(manifestYaml))

@ -43,7 +86,12 @@ func AddAppLabels(manifestYaml []byte, appLabels KubeAppLabels) ([]byte, error)
 			break
 		}

-		addResourceLabels(m, appLabels)
+		// optionally post-process yaml
+		if postProcessYaml != nil {
+			if err := postProcessYaml(m); err != nil {
+				return nil, errors.Wrap(err, "failed to post process yaml document")
+			}
+		}

 		var out bytes.Buffer
 		yamlEncoder := yaml.NewEncoder(&out)
@ -55,10 +103,29 @@ func AddAppLabels(manifestYaml []byte, appLabels KubeAppLabels) ([]byte, error)
 		docs = append(docs, out.Bytes())
 	}

-	return bytes.Join(docs, []byte("---\n")), nil
+	return docs, nil
 }

-func addResourceLabels(yamlDoc interface{}, appLabels KubeAppLabels) {
+// GetNamespace returns the namespace of a kubernetes resource from its metadata
+// It returns an empty string if namespace is not found in the resource
+func GetNamespace(manifestYaml []byte) (string, error) {
+	yamlDecoder := yaml.NewDecoder(bytes.NewReader(manifestYaml))
+	m := make(map[string]interface{})
+	err := yamlDecoder.Decode(&m)
+	if err != nil {
+		return "", errors.Wrap(err, "failed to unmarshal yaml manifest when obtaining namespace")
+	}
+
+	if _, ok := m["metadata"]; ok {
+		if namespace, ok := m["metadata"].(map[string]interface{})["namespace"]; ok {
+			return namespace.(string), nil
+		}
+	}
+
+	return "", nil
+}
+
+func addResourceLabels(yamlDoc interface{}, appLabels map[string]string) {
 	m, ok := yamlDoc.(map[string]interface{})
 	if !ok {
 		return
@ -82,7 +149,7 @@ func addResourceLabels(yamlDoc interface{}, appLabels KubeAppLabels) {
 	}
 }

-func addLabels(obj map[string]interface{}, appLabels KubeAppLabels) {
+func addLabels(obj map[string]interface{}, appLabels map[string]string) {
 	metadata := make(map[string]interface{})
 	if m, ok := obj["metadata"]; ok {
 		metadata = m.(map[string]interface{})
@ -95,17 +162,17 @@ func addLabels(obj map[string]interface{}, appLabels KubeAppLabels) {
 		}
 	}

-	name := appLabels.Name
-	if appLabels.Name == "" {
-		if n, ok := metadata["name"]; ok {
-			name = n.(string)
-		}
+	// merge app labels with existing labels
+	for k, v := range appLabels {
+		labels[k] = v
 	}

-	labels["io.portainer.kubernetes.application.stackid"] = strconv.Itoa(appLabels.StackID)
-	labels["io.portainer.kubernetes.application.name"] = name
-	labels["io.portainer.kubernetes.application.owner"] = appLabels.Owner
-	labels["io.portainer.kubernetes.application.kind"] = appLabels.Kind
+	// fallback to metadata name if name label not explicitly provided
+	if name, ok := labels[labelPortainerAppName]; !ok || name == "" {
+		if n, ok := metadata["name"]; ok {
+			labels[labelPortainerAppName] = n.(string)
+		}
+	}

 	metadata["labels"] = labels
 	obj["metadata"] = metadata
--- a/api/kubernetes/yaml_test.go
+++ b/api/kubernetes/yaml_test.go
@ -410,7 +410,7 @@ spec:

 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
-			result, err := AddAppLabels([]byte(tt.input), labels)
+			result, err := AddAppLabels([]byte(tt.input), labels.ToMap())
 			assert.NoError(t, err)
 			assert.Equal(t, tt.wantOutput, string(result))
 		})
@ -451,7 +451,7 @@ spec:
      targetPort: 5000
 `

-	result, err := AddAppLabels([]byte(input), labels)
+	result, err := AddAppLabels([]byte(input), labels.ToMap())
 	assert.NoError(t, err)
 	assert.Equal(t, expected, string(result))
 }
@ -487,7 +487,291 @@ spec:
      targetPort: 5000
 `

-	result, err := AddAppLabels([]byte(input), labels)
+	result, err := AddAppLabels([]byte(input), labels.ToMap())
 	assert.NoError(t, err)
 	assert.Equal(t, expected, string(result))
 }
+
+func Test_AddAppLabels_HelmApp(t *testing.T) {
+	labels := GetHelmAppLabels("best-name", "best-owner")
+
+	tests := []struct {
+		name       string
+		input      string
+		wantOutput string
+	}{
+		{
+			name: "bitnami nginx configmap",
+			input: `apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: nginx-test-server-block
+  labels:
+    app.kubernetes.io/name: nginx
+    helm.sh/chart: nginx-9.5.4
+    app.kubernetes.io/instance: nginx-test
+    app.kubernetes.io/managed-by: Helm
+data:
+  server-blocks-paths.conf: |-
+    include  "/opt/bitnami/nginx/conf/server_blocks/ldap/*.conf";
+    include  "/opt/bitnami/nginx/conf/server_blocks/common/*.conf";
+`,
+			wantOutput: `apiVersion: v1
+data:
+  server-blocks-paths.conf: |-
+    include  "/opt/bitnami/nginx/conf/server_blocks/ldap/*.conf";
+    include  "/opt/bitnami/nginx/conf/server_blocks/common/*.conf";
+kind: ConfigMap
+metadata:
+  labels:
+    app.kubernetes.io/instance: nginx-test
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: nginx
+    helm.sh/chart: nginx-9.5.4
+    io.portainer.kubernetes.application.name: best-name
+    io.portainer.kubernetes.application.owner: best-owner
+  name: nginx-test-server-block
+`,
+		},
+		{
+			name: "bitnami nginx service",
+			input: `apiVersion: v1
+kind: Service
+metadata:
+  name: nginx-test
+  labels:
+    app.kubernetes.io/name: nginx
+    helm.sh/chart: nginx-9.5.4
+    app.kubernetes.io/instance: nginx-test
+    app.kubernetes.io/managed-by: Helm
+spec:
+  type: LoadBalancer
+  externalTrafficPolicy: "Cluster"
+  ports:
+    - name: http
+      port: 80
+      targetPort: http
+  selector:
+    app.kubernetes.io/name: nginx
+    app.kubernetes.io/instance: nginx-test
+`,
+			wantOutput: `apiVersion: v1
+kind: Service
+metadata:
+  labels:
+    app.kubernetes.io/instance: nginx-test
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: nginx
+    helm.sh/chart: nginx-9.5.4
+    io.portainer.kubernetes.application.name: best-name
+    io.portainer.kubernetes.application.owner: best-owner
+  name: nginx-test
+spec:
+  externalTrafficPolicy: Cluster
+  ports:
+    - name: http
+      port: 80
+      targetPort: http
+  selector:
+    app.kubernetes.io/instance: nginx-test
+    app.kubernetes.io/name: nginx
+  type: LoadBalancer
+`,
+		},
+		{
+			name: "bitnami nginx deployment",
+			input: `apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: nginx-test
+  labels:
+    app.kubernetes.io/name: nginx
+    helm.sh/chart: nginx-9.5.4
+    app.kubernetes.io/instance: nginx-test
+    app.kubernetes.io/managed-by: Helm
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: nginx
+      app.kubernetes.io/instance: nginx-test
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: nginx
+        helm.sh/chart: nginx-9.5.4
+        app.kubernetes.io/instance: nginx-test
+        app.kubernetes.io/managed-by: Helm
+    spec:
+      automountServiceAccountToken: false
+      shareProcessNamespace: false
+      serviceAccountName: default
+      containers:
+        - name: nginx
+          image: docker.io/bitnami/nginx:1.21.3-debian-10-r0
+          imagePullPolicy: "IfNotPresent"
+`,
+			wantOutput: `apiVersion: apps/v1
+kind: Deployment
+metadata:
+  labels:
+    app.kubernetes.io/instance: nginx-test
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: nginx
+    helm.sh/chart: nginx-9.5.4
+    io.portainer.kubernetes.application.name: best-name
+    io.portainer.kubernetes.application.owner: best-owner
+  name: nginx-test
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app.kubernetes.io/instance: nginx-test
+      app.kubernetes.io/name: nginx
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/instance: nginx-test
+        app.kubernetes.io/managed-by: Helm
+        app.kubernetes.io/name: nginx
+        helm.sh/chart: nginx-9.5.4
+    spec:
+      automountServiceAccountToken: false
+      containers:
+        - image: docker.io/bitnami/nginx:1.21.3-debian-10-r0
+          imagePullPolicy: IfNotPresent
+          name: nginx
+      serviceAccountName: default
+      shareProcessNamespace: false
+`,
+		},
+	}
+
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			result, err := AddAppLabels([]byte(tt.input), labels)
+			assert.NoError(t, err)
+			assert.Equal(t, tt.wantOutput, string(result))
+		})
+	}
+}
+
+func Test_DocumentSeperator(t *testing.T) {
+	labels := KubeAppLabels{
+		StackID: 123,
+		Name:    "best-name",
+		Owner:   "best-owner",
+		Kind:    "git",
+	}
+
+	input := `apiVersion: v1
+kind: Service
+metadata:
+  labels:
+    io.kompose.service: database
+---
+apiVersion: v1
+kind: Service
+metadata:
+  labels:
+    io.kompose.service: backend
+`
+	expected := `apiVersion: v1
+kind: Service
+metadata:
+  labels:
+    io.kompose.service: database
+    io.portainer.kubernetes.application.kind: git
+    io.portainer.kubernetes.application.name: best-name
+    io.portainer.kubernetes.application.owner: best-owner
+    io.portainer.kubernetes.application.stackid: "123"
+---
+apiVersion: v1
+kind: Service
+metadata:
+  labels:
+    io.kompose.service: backend
+    io.portainer.kubernetes.application.kind: git
+    io.portainer.kubernetes.application.name: best-name
+    io.portainer.kubernetes.application.owner: best-owner
+    io.portainer.kubernetes.application.stackid: "123"
+`
+	result, err := AddAppLabels([]byte(input), labels.ToMap())
+	assert.NoError(t, err)
+	assert.Equal(t, expected, string(result))
+}
+
+func Test_GetNamespace(t *testing.T) {
+	tests := []struct {
+		name  string
+		input string
+		want  string
+	}{
+		{
+			name: "valid namespace",
+			input: `apiVersion: v1
+kind: Namespace
+metadata:
+  namespace: test-namespace
+`,
+			want: "test-namespace",
+		},
+		{
+			name: "invalid namespace",
+			input: `apiVersion: v1
+kind: Namespace
+`,
+			want: "",
+		},
+	}
+
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			result, err := GetNamespace([]byte(tt.input))
+			assert.NoError(t, err)
+			assert.Equal(t, tt.want, result)
+		})
+	}
+}
+
+func Test_ExtractDocuments(t *testing.T) {
+	tests := []struct {
+		name  string
+		input string
+		want  []string
+	}{
+		{
+			name: "multiple documents",
+			input: `apiVersion: v1
+kind: Namespace
+---
+apiVersion: v1
+kind: Service
+`,
+			want: []string{`apiVersion: v1
+kind: Namespace
+`, `apiVersion: v1
+kind: Service
+`},
+		},
+		{
+			name: "single document",
+			input: `apiVersion: v1
+kind: Namespace
+`,
+			want: []string{`apiVersion: v1
+kind: Namespace
+`},
+		},
+	}
+
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			results, err := ExtractDocuments([]byte(tt.input), nil)
+			assert.NoError(t, err)
+			for i := range results {
+				assert.Equal(t, tt.want[i], string(results[i]))
+			}
+		})
+	}
+}