introduce default labels that are propagted from parent

This PR adds a new label, with key `environment` which is propgated
from the parent down the hierarchy, if it exists

Signed-off-by: mzeevi <meytar80@gmail.com>

.github/workflows/pr.yaml

@@ -51,3 +51,6 @@ jobs:
 
       - name: Run e2e tests
         run: make test-e2e
+
+      - name: Undeploy HNS
+        run: make undeploy

api/v1/types.go

@@ -10,6 +10,7 @@ const (
 )
 
 var DefaultAnnotations = []string{"scheduler.alpha.kubernetes.io/defaultTolerations", "openshift.io/node-selector"}
+var DefaultLabels = []string{"environment"}
 
 const (
 	Missing    Phase = "Missing"

config/rbac/auth_proxy_role_binding.yaml

@@ -8,5 +8,5 @@ roleRef:
   name: proxy-role
 subjects:
 - kind: ServiceAccount
-  name: default
+  name: controller-manager
   namespace: system

config/rbac/kustomization.yaml

@@ -1,14 +1,13 @@
 resources:
-- role.yaml
-- role_binding.yaml
-- leader_election_role.yaml
-- leader_election_role_binding.yaml
 - admin_sns.yaml
-- template_cluster_admin.yaml
-# Comment the following 4 lines if you want to disable
-# the auth proxy (https://github.com/brancz/kube-rbac-proxy)
-# which protects your /metrics endpoint.
-- auth_proxy_service.yaml
-- auth_proxy_role.yaml
-- auth_proxy_role_binding.yaml
 - auth_proxy_client_clusterrole.yaml
+- auth_proxy_role_binding.yaml
+- auth_proxy_role.yaml
+- auth_proxy_service.yaml
+- leader_election_role_binding.yaml
+- leader_election_role.yaml
+- role_binding.yaml
+- role.yaml
+- service_account.yaml
+- subnamespace_editor_role.yaml
+- subnamespace_viewer_role.yaml

config/rbac/leader_election_role_binding.yaml

@@ -8,5 +8,5 @@ roleRef:
   name: leader-election-role
 subjects:
 - kind: ServiceAccount
-  name: default
+  name: controller-manager
   namespace: system

config/rbac/role_binding.yaml

@@ -8,5 +8,5 @@ roleRef:
   name: manager-role
 subjects:
 - kind: ServiceAccount
-  name: default
+  name: controller-manager
   namespace: system

internal/namespace/nsutils/nsutils.go

@@ -67,6 +67,8 @@ func LabelsBasedOnParent(parentNS *objectcontext.ObjectContext, nsName string) m
 	parentDisplayNameSliced := DisplayNameSlice(parentNS)
 
 	labels := make(map[string]string)
+	defaultLabels(parentNS, labels)
+
 	labels[danav1.Parent] = parentNS.Object.(*corev1.Namespace).Name
 	labels[danav1.Hns] = "true"
 
@@ -116,6 +118,15 @@ func defaultAnnotations(ns *objectcontext.ObjectContext, annotations map[string]
 	}
 }
 
+// defaultLabels updates the map of the ns labels with the DefaultLabels.
+func defaultLabels(ns *objectcontext.ObjectContext, labels map[string]string) {
+	for key, value := range ns.Object.GetLabels() {
+		if slices.Contains(danav1.DefaultLabels, key) {
+			labels[key] = value
+		}
+	}
+}
+
 // Depth returns the depth of a namespace from its annotation.
 func Depth(namespace client.Object) int {
 	if ownerNamespaceDepth, err := strconv.Atoi(namespace.(*corev1.Namespace).Annotations[danav1.Depth]); err != nil {

test/e2e_tests/subnamespace_test.go

@@ -276,24 +276,32 @@ var _ = Describe("Subnamespaces", func() {
 		FieldShouldContain("subnamespace", nsA, nsB, ".status.total.free.pods", "10")
 	})
 
-	It("should update the child namespace with the default annotations of its parent", func() {
+	It("should update the child namespace with the default annotations and labels of its parent", func() {
 		nsA := GenerateE2EName("a", testPrefix, randPrefix)
 		nsB := GenerateE2EName("b", testPrefix, randPrefix)
 
 		CreateSubnamespace(nsA, nsRoot, randPrefix, false, storage, "50Gi", cpu, "50", memory, "50Gi", pods, "50", gpu, "50")
-		AnnotateNSDefaultAnnotation(nsA)
+		AnnotateNSDefaultAnnotations(nsA)
+		LabelNSDefaultLabels(nsA)
+
 		CreateSubnamespace(nsB, nsA, randPrefix, false, storage, "25Gi", cpu, "25", memory, "25Gi", pods, "25", gpu, "25")
 		for i := range danav1.DefaultAnnotations {
 			FieldShouldContain("namespace", "", nsB, ".metadata.annotations", danav1.DefaultAnnotations[i])
 		}
+
+		for i := range danav1.DefaultLabels {
+			FieldShouldContain("namespace", "", nsB, ".metadata.labels", danav1.DefaultLabels[i])
+		}
 	})
+
 	It("should fail when deleting a subnamespace directly", func() {
 		nsA := GenerateE2EName("a", testPrefix, randPrefix)
 
 		CreateSubnamespace(nsA, nsRoot, randPrefix, false, storage, "50Gi", cpu, "50", memory, "50Gi", pods, "50", gpu, "50")
 		MustNotRun("kubectl delete subnamespace", nsA)
 
 	})
+
 	It("should sync entire quota spec to quota object", func() {
 		nsA := GenerateE2EName("a", testPrefix, randPrefix)
 		nsB := GenerateE2EName("b", testPrefix, randPrefix)

test/testutils/composeutils.go

@@ -70,12 +70,17 @@ func AnnotateNSSecondaryRoot(ns string) {
 	MustRun("kubectl annotate --overwrite ns", ns, danav1.IsSecondaryRoot+"="+danav1.True)
 }
 
-// AnnotateNSDefaultAnnotation annotates a namespace with the default annotations.
-func AnnotateNSDefaultAnnotation(ns string) {
+// AnnotateNSDefaultAnnotations annotates a namespace with the default annotations.
+func AnnotateNSDefaultAnnotations(ns string) {
 	MustRun("kubectl annotate --overwrite ns", ns, danav1.DefaultAnnotations[0]+"='[{\"key\":\"test\",\"value\":\"true\",\"effect\":\"NoSchedule\"}]'")
 	MustRun("kubectl annotate --overwrite ns", ns, danav1.DefaultAnnotations[1]+"="+"testServer")
 }
 
+// LabelNSDefaultLabels labels a namespace with the default labels.
+func LabelNSDefaultLabels(ns string) {
+	MustRun("kubectl label --overwrite ns", ns, danav1.DefaultLabels[0]+"=test")
+}
+
 // CreateRootNS creates/updates a root name with a given name
 // and with the required labels.
 func CreateRootNS(nm, randPrefix string, rqDepth int) {