add global lables to liqo-created resources

cmd/fabric/main.go

@@ -42,15 +42,18 @@ import (
 	"github.com/liqotech/liqo/pkg/gateway/concurrent"
 	"github.com/liqotech/liqo/pkg/liqo-controller-manager/networking/external-network/remapping"
 	"github.com/liqotech/liqo/pkg/route"
+	argsutils "github.com/liqotech/liqo/pkg/utils/args"
 	flagsutils "github.com/liqotech/liqo/pkg/utils/flags"
 	kernelversion "github.com/liqotech/liqo/pkg/utils/kernel/version"
 	"github.com/liqotech/liqo/pkg/utils/mapper"
+	"github.com/liqotech/liqo/pkg/utils/resource"
 	"github.com/liqotech/liqo/pkg/utils/restcfg"
 )
 
 var (
-	options = fabric.NewOptions()
-	scheme  = runtime.NewScheme()
+	options      = fabric.NewOptions()
+	scheme       = runtime.NewScheme()
+	globalLabels argsutils.StringMap
 )
 
 func init() {
@@ -68,6 +71,9 @@ func main() {
 	restcfg.InitFlags(cmd.Flags())
 	fabric.InitFlags(cmd.Flags(), options)
 
+	// Initialize global labels flag
+	cmd.Flags().Var(&globalLabels, "global-labels", "The set of labels that will be added to all resources created by Liqo controllers")
+
 	if err := fabric.MarkFlagsRequired(&cmd); err != nil {
 		klog.Error(err)
 		os.Exit(1)
@@ -92,6 +98,9 @@ func run(cmd *cobra.Command, _ []string) error {
 	// Set controller-runtime logger.
 	log.SetLogger(klog.NewKlogr())
 
+	// Initialize global labels from flag
+	resource.SetGlobalLabels(globalLabels.StringMap)
+
 	// Get the rest config.
 	cfg := config.GetConfigOrDie()
 

cmd/gateway/main.go

@@ -40,16 +40,19 @@ import (
 	"github.com/liqotech/liqo/pkg/gateway/connection/conncheck"
 	"github.com/liqotech/liqo/pkg/liqo-controller-manager/networking/external-network/remapping"
 	"github.com/liqotech/liqo/pkg/route"
+	argsutils "github.com/liqotech/liqo/pkg/utils/args"
 	flagsutils "github.com/liqotech/liqo/pkg/utils/flags"
 	"github.com/liqotech/liqo/pkg/utils/kernel"
 	kernelversion "github.com/liqotech/liqo/pkg/utils/kernel/version"
 	"github.com/liqotech/liqo/pkg/utils/mapper"
+	"github.com/liqotech/liqo/pkg/utils/resource"
 	"github.com/liqotech/liqo/pkg/utils/restcfg"
 )
 
 var (
-	connoptions *connection.Options
-	scheme      = runtime.NewScheme()
+	connoptions  *connection.Options
+	scheme       = runtime.NewScheme()
+	globalLabels argsutils.StringMap
 )
 
 func init() {
@@ -83,6 +86,9 @@ func main() {
 
 	connection.InitFlags(cmd.Flags(), connoptions)
 
+	// Initialize global labels flag
+	cmd.Flags().Var(&globalLabels, "global-labels", "The set of labels that will be added to all resources created by Liqo controllers")
+
 	if err := cmd.Execute(); err != nil {
 		klog.Error(err)
 		os.Exit(1)
@@ -112,6 +118,9 @@ func run(cmd *cobra.Command, _ []string) error {
 	// Set controller-runtime logger.
 	log.SetLogger(klog.NewKlogr())
 
+	// Initialize global labels from flag
+	resource.SetGlobalLabels(globalLabels.StringMap)
+
 	// Get the rest config.
 	cfg := config.GetConfigOrDie()
 

cmd/liqo-controller-manager/main.go

@@ -62,6 +62,7 @@ import (
 	"github.com/liqotech/liqo/pkg/utils/indexer"
 	ipamips "github.com/liqotech/liqo/pkg/utils/ipam/mapping"
 	"github.com/liqotech/liqo/pkg/utils/mapper"
+	"github.com/liqotech/liqo/pkg/utils/resource"
 	"github.com/liqotech/liqo/pkg/utils/restcfg"
 )
 
@@ -88,6 +89,7 @@ func main() {
 	var defaultNodeResources argsutils.ResourceMap
 	var gatewayServerResources argsutils.StringList
 	var gatewayClientResources argsutils.StringList
+	var globalLabels argsutils.StringMap
 	var apiServerAddressOverride string
 	var caOverride string
 	var trustedCA bool
@@ -149,6 +151,8 @@ func main() {
 	pflag.Var(&ingressClasses, "ingress-classes", "List of ingress classes offered by the cluster. Example: \"nginx;default,traefik\"")
 	pflag.Var(&loadBalancerClasses, "load-balancer-classes", "List of load balancer classes offered by the cluster. Example:\"metallb;default\"")
 	pflag.Var(&defaultNodeResources, "default-node-resources", "Default resources assigned to the Virtual Node Pod")
+	pflag.Var(&globalLabels, "global-labels",
+		"The set of labels that will be added to all resources created by Liqo controllers")
 
 	// OFFLOADING MODULE
 	// Storage Provisioner parameters
@@ -198,6 +202,9 @@ func main() {
 		DynamicSharedInformerFactory: dynamicinformer.NewFilteredDynamicSharedInformerFactory(dynClient, 0, corev1.NamespaceAll, nil),
 	}
 
+	// Initialize global labels from flag
+	resource.SetGlobalLabels(globalLabels.StringMap)
+
 	// Create the main manager.
 	mgr, err := ctrl.NewManager(config, ctrl.Options{
 		MapperProvider: mapper.LiqoMapperProvider(scheme),

deployments/liqo/README.md

@@ -13,6 +13,7 @@
 | authentication.enabled | bool | `true` | Enable/Disable the authentication module. |
 | common.affinity | object | `{}` | Affinity for all liqo pods, excluding virtual kubelet. |
 | common.extraArgs | list | `[]` | Extra arguments for all liqo pods, excluding virtual kubelet. |
+| common.globalLabels | object | `{}` | Global labels to be added to all resources created by Liqo controllers |
 | common.nodeSelector | object | `{}` | NodeSelector for all liqo pods, excluding virtual kubelet. |
 | common.tolerations | list | `[]` | Tolerations for all liqo pods, excluding virtual kubelet. |
 | controllerManager.config.defaultLimitsEnforcement | string | `"None"` | It enforces offerer-side that offloaded pods do not exceed offered limits. This feature is suggested to be enabled when consumer-side enforcement is not sufficient. It has the same tradeoffs of resource quotas (i.e, it requires all offloaded pods to have resource limits set). Possible values are: None, Soft, Hard. None: no enforcement is applied. Soft: request <= limit. Hard: request == limit. |

deployments/liqo/templates/liqo-controller-manager-deployment.yaml

@@ -56,6 +56,10 @@ spec:
           - --default-limits-enforcement={{ .Values.controllerManager.config.defaultLimitsEnforcement }}
           {{- $d := dict "commandName" "--default-node-resources" "dictionary" .Values.offloading.defaultNodeResources -}}
           {{- include "liqo.concatenateMap" $d | nindent 10 }}
+          {{- if .Values.common.globalLabels }}
+          {{- $d := dict "commandName" "--global-labels" "dictionary" .Values.common.globalLabels -}}
+          {{- include "liqo.concatenateMap" $d | nindent 10 }}
+          {{- end }}
           {{- if .Values.authentication.awsConfig.accessKeyId }}
           - --aws-access-key-id=$(ACCESS_KEY_ID)
           {{- end }}

deployments/liqo/templates/liqo-fabric-daemonset.yaml

@@ -49,6 +49,9 @@ spec:
           - --disable-kernel-version-check
           {{- end }}
           - --enable-nft-monitor={{ .Values.networking.fabric.config.nftablesMonitor }}
+          {{- if .Values.globalLabels }}
+          - --global-labels={{ include "liqo.formatLabels" .Values.globalLabels }}
+          {{- end }}
           {{- if .Values.common.extraArgs }}
           {{- toYaml .Values.common.extraArgs | nindent 10 }}
           {{- end }}

deployments/liqo/templates/liqo-wireguard-gateway-client-template.yaml

@@ -51,6 +51,9 @@ spec:
                 - --mode=client
                 - --container-name=gateway
                 - --concurrent-containers-names=wireguard,geneve
+                {{- if .Values.globalLabels }}
+                - --global-labels={{ include "liqo.formatLabels" .Values.globalLabels }}
+                {{- end }}
                 {{- if .Values.metrics.enabled }}
                 - --metrics-address=:8080
                 {{- end }}

deployments/liqo/templates/liqo-wireguard-gateway-server-template-eks.yaml

@@ -78,6 +78,9 @@ spec:
                 - --mode=server
                 - --container-name=gateway
                 - --concurrent-containers-names=wireguard,geneve
+                {{- if .Values.globalLabels }}
+                - --global-labels={{ include "liqo.formatLabels" .Values.globalLabels }}
+                {{- end }}
                 {{- if .Values.metrics.enabled }}
                 - --metrics-address=:8080
                 {{- end }}

deployments/liqo/templates/liqo-wireguard-gateway-server-template.yaml

@@ -71,6 +71,9 @@ spec:
                 - --mode=server
                 - --container-name=gateway
                 - --concurrent-containers-names=wireguard,geneve
+                {{- if .Values.globalLabels }}
+                - --global-labels={{ include "liqo.formatLabels" .Values.globalLabels }}
+                {{- end }}
                 {{- if .Values.metrics.enabled }}
                 - --metrics-address=:8080
                 {{- end }}

deployments/liqo/values.yaml

@@ -307,6 +307,8 @@ common:
   affinity: {}
   # -- Extra arguments for all liqo pods, excluding virtual kubelet.
   extraArgs: []
+  # -- Global labels to be added to all resources created by Liqo controllers
+  globalLabels: {}
 
 controllerManager:
   # -- The number of controller-manager instances to run, which can be increased for active/passive high availability.

pkg/gateway/tunnel/wireguard/k8s.go

@@ -24,12 +24,12 @@ import (
 	"k8s.io/apimachinery/pkg/types"
 	"k8s.io/klog/v2"
 	"sigs.k8s.io/controller-runtime/pkg/client"
-	"sigs.k8s.io/controller-runtime/pkg/controller/controllerutil"
 
 	networkingv1beta1 "github.com/liqotech/liqo/apis/networking/v1beta1"
 	"github.com/liqotech/liqo/pkg/consts"
 	"github.com/liqotech/liqo/pkg/gateway"
 	"github.com/liqotech/liqo/pkg/gateway/forge"
+	"github.com/liqotech/liqo/pkg/utils/resource"
 )
 
 // CheckKeysSecret checks if the keys secret exists and if it contains the private and public keys.
@@ -62,7 +62,7 @@ func CreateKeysSecret(ctx context.Context, cl client.Client, opts *gateway.Optio
 		},
 	}
 
-	if _, err := controllerutil.CreateOrUpdate(ctx, cl, secret, func() error {
+	if _, err := resource.CreateOrUpdateWithGlobalLabels(ctx, cl, secret, func() error {
 		secret.SetLabels(map[string]string{
 			string(consts.RemoteClusterID):      opts.RemoteClusterID,
 			string(consts.GatewayResourceLabel): string(consts.GatewayResourceLabelValue),
@@ -93,7 +93,7 @@ func EnsureConnection(ctx context.Context, cl client.Client, scheme *runtime.Sch
 
 	klog.Infof("Creating connection %q", conn.Name)
 
-	_, err := controllerutil.CreateOrUpdate(ctx, cl, conn, func() error {
+	_, err := resource.CreateOrUpdateWithGlobalLabels(ctx, cl, conn, func() error {
 		if err := gateway.SetOwnerReferenceWithMode(opts.GwOptions, conn, scheme); err != nil {
 			return err
 		}

pkg/identityManager/certificateIdentityProvider.go

@@ -31,14 +31,14 @@ import (
 	"k8s.io/client-go/rest"
 	"k8s.io/klog/v2"
 	"sigs.k8s.io/controller-runtime/pkg/client"
-	"sigs.k8s.io/controller-runtime/pkg/controller/controllerutil"
 
 	authv1beta1 "github.com/liqotech/liqo/apis/authentication/v1beta1"
 	"github.com/liqotech/liqo/pkg/consts"
 	responsetypes "github.com/liqotech/liqo/pkg/identityManager/responseTypes"
 	tenantnamespace "github.com/liqotech/liqo/pkg/tenantNamespace"
 	"github.com/liqotech/liqo/pkg/utils/apiserver"
 	certificateSigningRequest "github.com/liqotech/liqo/pkg/utils/csr"
+	"github.com/liqotech/liqo/pkg/utils/resource"
 )
 
 // random package initialization.
@@ -205,7 +205,7 @@ func (identityProvider *certificateIdentityProvider) storeRemoteCertificate(ctx
 		},
 	}
 
-	_, err := controllerutil.CreateOrUpdate(ctx, identityProvider.cl, secret, func() error {
+	_, err := resource.CreateOrUpdateWithGlobalLabels(ctx, identityProvider.cl, secret, func() error {
 		if secret.Labels == nil {
 			secret.Labels = map[string]string{}
 		}

pkg/identityManager/iamIdentityProvider.go

@@ -34,12 +34,12 @@ import (
 	"k8s.io/apimachinery/pkg/types"
 	"k8s.io/klog/v2"
 	"sigs.k8s.io/controller-runtime/pkg/client"
-	"sigs.k8s.io/controller-runtime/pkg/controller/controllerutil"
 
 	authv1beta1 "github.com/liqotech/liqo/apis/authentication/v1beta1"
 	"github.com/liqotech/liqo/pkg/consts"
 	responsetypes "github.com/liqotech/liqo/pkg/identityManager/responseTypes"
 	"github.com/liqotech/liqo/pkg/liqo-controller-manager/authentication"
+	"github.com/liqotech/liqo/pkg/utils/resource"
 )
 
 const (
@@ -445,7 +445,7 @@ func (identityProvider *iamIdentityProvider) storeRemoteCertificate(ctx context.
 		},
 	}
 
-	_, err := controllerutil.CreateOrUpdate(ctx, identityProvider.cl, secret, func() error {
+	_, err := resource.CreateOrUpdateWithGlobalLabels(ctx, identityProvider.cl, secret, func() error {
 		if secret.Labels == nil {
 			secret.Labels = map[string]string{}
 		}

pkg/liqo-controller-manager/authentication/identity-controller/identity_controller.go

@@ -31,6 +31,7 @@ import (
 	"github.com/liqotech/liqo/pkg/consts"
 	"github.com/liqotech/liqo/pkg/liqo-controller-manager/authentication"
 	"github.com/liqotech/liqo/pkg/liqo-controller-manager/authentication/forge"
+	"github.com/liqotech/liqo/pkg/utils/resource"
 )
 
 // NewIdentityReconciler returns a new IdentityReconciler.
@@ -111,7 +112,7 @@ func (r *IdentityReconciler) ensureKubeconfigSecret(ctx context.Context, identit
 
 	// Create or update the secret containing the kubeconfig.
 	kubeconfigSecret := forge.KubeconfigSecret(identity)
-	op, err := controllerutil.CreateOrUpdate(ctx, r.Client, kubeconfigSecret, func() error {
+	op, err := resource.CreateOrUpdateWithGlobalLabels(ctx, r.Client, kubeconfigSecret, func() error {
 		if err := forge.MutateKubeconfigSecret(kubeconfigSecret, identity, privateKey, namespace); err != nil {
 			return err
 		}

pkg/liqo-controller-manager/authentication/identitycreator-controller/identitycreator_controller.go

@@ -35,6 +35,7 @@ import (
 	"github.com/liqotech/liqo/pkg/consts"
 	"github.com/liqotech/liqo/pkg/liqo-controller-manager/authentication"
 	"github.com/liqotech/liqo/pkg/liqo-controller-manager/authentication/forge"
+	"github.com/liqotech/liqo/pkg/utils/resource"
 )
 
 // NewIdentityCreatorReconciler returns a new IdentityCreatorReconciler.
@@ -107,7 +108,7 @@ func (r *IdentityCreatorReconciler) Reconcile(ctx context.Context, req ctrl.Requ
 
 	// Create or update the Identity resource.
 	identity := forge.Identity(forge.ResourceSliceIdentityName(&resourceSlice), resourceSlice.Namespace)
-	if _, err := controllerutil.CreateOrUpdate(ctx, r.Client, identity, func() error {
+	if _, err := resource.CreateOrUpdateWithGlobalLabels(ctx, r.Client, identity, func() error {
 		forge.MutateIdentity(identity, *resourceSlice.Spec.ProviderClusterID, authv1beta1.ResourceSliceIdentityType,
 			resourceSlice.Status.AuthParams, nil)
 		if identity.Labels == nil {

pkg/liqo-controller-manager/authentication/keys.go

@@ -29,6 +29,7 @@ import (
 	"sigs.k8s.io/controller-runtime/pkg/client"
 
 	"github.com/liqotech/liqo/pkg/consts"
+	"github.com/liqotech/liqo/pkg/utils/resource"
 )
 
 // GenerateEd25519Keys returns a new pair of private and public keys in PEM format.
@@ -89,7 +90,9 @@ func InitClusterKeys(ctx context.Context, cl client.Client, liqoNamespace string
 				consts.PublicKeyField:  public,
 			},
 		}
-		if err := cl.Create(ctx, &secret); err != nil {
+		if _, err := resource.CreateOrUpdateWithGlobalLabels(ctx, cl, &secret, func() error {
+			return nil
+		}); err != nil {
 			return fmt.Errorf("error while creating secret %s/%s: %w", liqoNamespace, consts.AuthKeysSecretName, err)
 		}
 		klog.Infof("Created Secret (%s/%s) containing cluster authentication keys", liqoNamespace, consts.AuthKeysSecretName)

pkg/liqo-controller-manager/authentication/utils/nonce.go

@@ -20,19 +20,19 @@ import (
 
 	"k8s.io/apimachinery/pkg/api/errors"
 	"sigs.k8s.io/controller-runtime/pkg/client"
-	"sigs.k8s.io/controller-runtime/pkg/controller/controllerutil"
 
 	liqov1beta1 "github.com/liqotech/liqo/apis/core/v1beta1"
 	"github.com/liqotech/liqo/pkg/liqo-controller-manager/authentication/forge"
 	authgetters "github.com/liqotech/liqo/pkg/liqo-controller-manager/authentication/getters"
 	"github.com/liqotech/liqo/pkg/utils/getters"
+	"github.com/liqotech/liqo/pkg/utils/resource"
 )
 
 // EnsureNonceSecret ensures that a nonce secret exists in the tenant namespace.
 func EnsureNonceSecret(ctx context.Context, cl client.Client,
 	remoteClusterID liqov1beta1.ClusterID, tenantNamespace string) error {
 	nonce := forge.Nonce(tenantNamespace)
-	_, err := controllerutil.CreateOrUpdate(ctx, cl, nonce, func() error {
+	_, err := resource.CreateOrUpdateWithGlobalLabels(ctx, cl, nonce, func() error {
 		return forge.MutateNonce(nonce, remoteClusterID)
 	})
 	if err != nil {
@@ -55,7 +55,9 @@ func EnsureSignedNonceSecret(ctx context.Context, cl client.Client,
 			return fmt.Errorf("nonce not provided and no nonce secret found")
 		}
 		secret := forge.SignedNonce(remoteClusterID, tenantNamespace, *nonce)
-		if err := cl.Create(ctx, secret); err != nil {
+		if _, err := resource.CreateOrUpdateWithGlobalLabels(ctx, cl, secret, func() error {
+			return nil
+		}); err != nil {
 			return fmt.Errorf("unable to create nonce secret: %w", err)
 		}
 		return nil

pkg/liqo-controller-manager/ipmapping/configuration_controller.go

@@ -34,6 +34,7 @@ import (
 	"github.com/liqotech/liqo/pkg/consts"
 	"github.com/liqotech/liqo/pkg/ipam/utils"
 	configuration "github.com/liqotech/liqo/pkg/liqo-controller-manager/networking/external-network/configuration"
+	"github.com/liqotech/liqo/pkg/utils/resource"
 )
 
 // cluster-role
@@ -111,7 +112,7 @@ func (r *ConfigurationReconciler) createOrUpdateUnknownSourceIPResource(ctx cont
 			},
 		},
 	}
-	if _, err := controllerutil.CreateOrUpdate(ctx, r.Client, ip, func() error {
+	if _, err := resource.CreateOrUpdateWithGlobalLabels(ctx, r.Client, ip, func() error {
 		ip.Spec = ipamv1alpha1.IPSpec{
 			IP: networkingv1beta1.IP(remoteUnknownSourceIP),
 		}

pkg/liqo-controller-manager/ipmapping/k8s.go

@@ -27,6 +27,7 @@ import (
 
 	ipamv1alpha1 "github.com/liqotech/liqo/apis/ipam/v1alpha1"
 	networkingv1beta1 "github.com/liqotech/liqo/apis/networking/v1beta1"
+	"github.com/liqotech/liqo/pkg/utils/resource"
 )
 
 // CreateOrUpdateIP creates or updates an IP resource for the given pod.
@@ -37,7 +38,7 @@ func CreateOrUpdateIP(ctx context.Context, cl client.Client, scheme *runtime.Sch
 			Namespace: pod.Namespace,
 		},
 	}
-	if _, err := controllerutil.CreateOrUpdate(ctx, cl, ip, mutateIP(ip, pod, scheme)); err != nil {
+	if _, err := resource.CreateOrUpdateWithGlobalLabels(ctx, cl, ip, mutateIP(ip, pod, scheme)); err != nil {
 		return fmt.Errorf("unable to create or update IP %q: %w", ip.Name, err)
 	}
 	return nil