diff --git a/crd-docs/cr/kiali.io_v1alpha1_kiali.yaml b/crd-docs/cr/kiali.io_v1alpha1_kiali.yaml index 5da629af..45f8a0a7 100644 --- a/crd-docs/cr/kiali.io_v1alpha1_kiali.yaml +++ b/crd-docs/cr/kiali.io_v1alpha1_kiali.yaml @@ -24,9 +24,10 @@ spec: - "^openshift.*" - "^ibm.*" - "^kiali-operator" - # default: label_selector is undefined - label_selector: "kiali.io/member-of=istio-system" - + include: [] + label_selector_exclude: "" + # default: label_selector_include is undefined + label_selector_include: "kiali.io/member-of=istio-system" auth: strategy: "" openid: diff --git a/crd-docs/crd/kiali.io_kialis.yaml b/crd-docs/crd/kiali.io_kialis.yaml index 8e1b881f..912bc4bb 100644 --- a/crd-docs/crd/kiali.io_kialis.yaml +++ b/crd-docs/crd/kiali.io_kialis.yaml @@ -92,17 +92,27 @@ spec: type: array items: type: string - label_selector: + include: + description: "A list of namespaces to be included in the list of namespaces provided by the Kiali API and Kiali UI (if those namespaces exist). Regex is supported. An undefined or empty list is ignored. This does not affect explicit namespace access." + type: array + items: + type: string + label_selector_exclude: + description: | + A Kubernetes label selector (e.g. `myLabel=myValue`) which is used for filtering out namespaces + when fetching the list of available namespaces. This does not affect explicit namespace access. + type: string + label_selector_include: description: | A Kubernetes label selector (e.g. `myLabel=myValue`) which is used when fetching the list of available namespaces. This does not affect explicit namespace access. If `deployment.accessible_namespaces` does not have the special value of `'**'` then the Kiali operator will add a new label to all accessible namespaces - that new - label will be this `label_selector`. + label will be this `label_selector_include` (this label is added regardless if the namespace matches the label_selector_exclude also). - Note that if you do not set this `label_selector` setting but `deployment.accessible_namespaces` - does not have the special "all namespaces" entry of `'**'` then this `label_selector` will be set + Note that if you do not set this `label_selector_include` setting but `deployment.accessible_namespaces` + does not have the special "all namespaces" entry of `'**'` then this `label_selector_include` will be set to a default value of `kiali.io/[.]member-of=` where `[.]` is the instance name assigned to the Kiali installation if it is not the default 'kiali' (otherwise, this is omitted) and `` diff --git a/molecule/accessible-namespaces-test/assert-api-namespaces-result.yml b/molecule/accessible-namespaces-test/assert-api-namespaces-result.yml new file mode 100644 index 00000000..de26c8f0 --- /dev/null +++ b/molecule/accessible-namespaces-test/assert-api-namespaces-result.yml @@ -0,0 +1,46 @@ +# pass in: +# - namespaces_expected: a list of namespaces expected to be returned (if known) +# - namespaces_not_expected: a list of namespaces that should not have been returned (if known) +# - min_namespaces_expected: the minimum number of namespaces that are expected to be returned (if known) +# - max_namespaces_expected: the maximum number of namespaces that are expected to be returned (if known) + +- name: "Call /namespaces API" + uri: + url: "{{ kiali_base_url }}/api/namespaces" + return_content: yes + validate_certs: false + register: api_results_raw + +- name: "Results of /namespaces API" + debug: + msg: "{{ api_results_raw }}" + +- name: Assert that we got no less than the minimum number of namespaces expected + assert: + that: + - api_results_raw.json | length >= min_namespaces_expected + when: + - min_namespaces_expected is defined + +- name: Assert that we got no more than the maximum number of namespaces expected + assert: + that: + - api_results_raw.json | length <= max_namespaces_expected + when: + - max_namespaces_expected is defined + +- name: Assert that we got the namespaces expected + assert: + that: + - api_results_raw.json | selectattr('name', 'equalto', item) | list | length == 1 + loop: "{{ namespaces_expected }}" + when: + - namespaces_expected is defined + +- name: Assert that we did not get namespaces that were not expected + assert: + that: + - api_results_raw.json | selectattr('name', 'equalto', item) | list | length == 0 + loop: "{{ namespaces_not_expected }}" + when: + - namespaces_not_expected is defined \ No newline at end of file diff --git a/molecule/accessible-namespaces-test/converge.yml b/molecule/accessible-namespaces-test/converge.yml index dd441aff..3e73f97a 100644 --- a/molecule/accessible-namespaces-test/converge.yml +++ b/molecule/accessible-namespaces-test/converge.yml @@ -11,31 +11,99 @@ - import_tasks: ../asserts/accessible_namespaces_contains.yml vars: namespace_list: [ '**' ] - - name: Make sure label_selector is not set since its default is nil when accessible namespaces is ** + - name: Make sure label_selector_include is not set since its default is nil when accessible namespaces is ** assert: that: - - kiali_configmap.api.namespaces.label_selector is not defined + - kiali_configmap.api.namespaces.label_selector_include is not defined - # change to accessible_namespaces to a fixed list of namespaces - - k8s: - state: present - definition: - apiVersion: v1 - kind: Namespace - metadata: - name: kialitestns - labels: - customLabel: test - - k8s: - state: present - api_version: v1 - kind: Namespace - name: kialitestns2 - - k8s: - state: present - api_version: v1 - kind: Namespace - name: kialianothertestns + - debug: msg="test to make sure the default AN=** behavior works (default include/exclude filters are in effect)" + - import_tasks: ./assert-api-namespaces-result.yml + vars: + min_namespaces_expected: 4 + namespaces_expected: + - "{{ istio.control_plane_namespace }}" + - kialitestns + - kialitestns2 + - kialianothertestns + namespaces_not_expected: + - kiali-operator + + - debug: msg="test that include filter works when AN=**; also tests exclude filter" + - import_tasks: ./set-api-namespaces.yml + vars: + # include kialitest* and kialianother* but we exclude kialianother* and exclude takes precedence. + # Also, trying to exclude the control plane namespace is ignored - the control plane namespace is always returned. + # So this will return the two kialitest* namespaces and the control plane namespace. + api_namespaces: + include: [ "kialitest.*", "kialianother.*" ] + exclude: [ "{{ istio.control_plane_namespace }}", "kialianother.*" ] + label_selector_include: null + label_selector_exclude: null + + - import_tasks: ./assert-api-namespaces-result.yml + vars: + min_namespaces_expected: 3 + max_namespaces_expected: 3 + namespaces_expected: + - "{{ istio.control_plane_namespace }}" + - kialitestns + - kialitestns2 + + - debug: msg="test both exclude filters (both exclude list and label selector) works" + - import_tasks: ./set-api-namespaces.yml + vars: + api_namespaces: + include: [ "kialitest.*", "kialianother.*" ] + exclude: [ "kialianother.*" ] + label_selector_include: null + label_selector_exclude: "customLabel=test" + + - import_tasks: ./assert-api-namespaces-result.yml + vars: + min_namespaces_expected: 2 + max_namespaces_expected: 2 + namespaces_expected: + - "{{ istio.control_plane_namespace }}" + - kialitestns2 + + - debug: msg="test include label selector works when AN=**" + - import_tasks: ./set-api-namespaces.yml + vars: + api_namespaces: + include: ["{{ istio.control_plane_namespace }}"] + exclude: null + label_selector_include: "customLabel=test" + label_selector_exclude: null + + - import_tasks: ./assert-api-namespaces-result.yml + vars: + min_namespaces_expected: 2 + max_namespaces_expected: 2 + namespaces_expected: + - "{{ istio.control_plane_namespace }}" + - kialitestns + + - debug: msg="reset the api.namespaces so it goes back to all defaults" + - import_tasks: ./set-api-namespaces.yml + vars: + api_namespaces: + include: null + exclude: null + label_selector_include: null + label_selector_exclude: null + + - import_tasks: ./assert-api-namespaces-result.yml + vars: + min_namespaces_expected: 4 + namespaces_expected: + - "{{ istio.control_plane_namespace }}" + - kialitestns + - kialitestns2 + - kialianothertestns + namespaces_not_expected: + - kiali-operator + + - debug: msg="change to accessible_namespaces to a fixed list of namespaces" - import_tasks: ../common/set_accessible_namespaces_to_list.yml vars: namespace_list: [ "{{ istio.control_plane_namespace }}", 'kialitestns', 'kialianother.*' ] @@ -46,37 +114,47 @@ - import_tasks: ../asserts/accessible_namespaces_equals.yml vars: namespace_list: [ "{{ istio.control_plane_namespace }}", 'kialitestns', 'kialianothertestns' ] - - name: "Make sure label_selector is set properly" + - name: "Make sure label_selector_include is set properly" assert: that: - - kiali_configmap.api.namespaces.label_selector == "kiali.io/member-of={{ istio.control_plane_namespace }}" + - kiali_configmap.api.namespaces.label_selector_include == "kiali.io/member-of={{ istio.control_plane_namespace }}" - name: Make sure the new label exists, but didn't overwrite any existing labels vars: # Use query - it is the only way to ensure a list is returned; for some reason, lookup/wantList=true is not working namespacesWithCustomLabel: "{{ query('kubernetes.core.k8s', kind='Namespace', label_selector='customLabel=test') }}" - namespacesWithKialiLabel: "{{ query('kubernetes.core.k8s', kind='Namespace', label_selector=kiali_configmap.api.namespaces.label_selector) }}" + namespacesWithKialiLabel: "{{ query('kubernetes.core.k8s', kind='Namespace', label_selector=kiali_configmap.api.namespaces.label_selector_include) }}" assert: that: - namespacesWithCustomLabel | length == 1 - namespacesWithCustomLabel[0].metadata.name == "kialitestns" - namespacesWithKialiLabel | length == 3 - - k8s: - state: absent - api_version: v1 - kind: Namespace - name: kialitestns - - k8s: - state: absent - api_version: v1 - kind: Namespace - name: kialitestns2 - - k8s: - state: absent - api_version: v1 - kind: Namespace - name: kialianothertestns + - debug: msg="test the normal accessible namespaces (without custom include/exclude filters defined)" + - import_tasks: ./assert-api-namespaces-result.yml + vars: + min_namespaces_expected: 3 + max_namespaces_expected: 3 + namespaces_expected: + - "{{ istio.control_plane_namespace }}" + - kialitestns + - kialianothertestns + + - debug: msg="test to show include is ignored when AN is not ** but exclude filters are still applied" + - import_tasks: ./set-api-namespaces.yml + vars: + api_namespaces: + include: [ ".*" ] + exclude: [ "kialianother.*" ] + label_selector_include: null + label_selector_exclude: "customLabel=test" + + - import_tasks: ./assert-api-namespaces-result.yml + vars: + min_namespaces_expected: 1 + max_namespaces_expected: 1 + namespaces_expected: + - "{{ istio.control_plane_namespace }}" # change to accessible_namespaces back to ** - import_tasks: ../common/set_accessible_namespaces_to_all.yml @@ -87,7 +165,7 @@ - import_tasks: ../asserts/accessible_namespaces_contains.yml vars: namespace_list: [ '**' ] - - name: Make sure label_selector is not set since its default is nil when accessible namespaces is ** + - name: Make sure label_selector_include is not set since its default is nil when accessible namespaces is ** assert: that: - - kiali_configmap.api.namespaces.label_selector is not defined + - kiali_configmap.api.namespaces.label_selector_include is not defined diff --git a/molecule/accessible-namespaces-test/destroy-accessible-namespaces-test.yml b/molecule/accessible-namespaces-test/destroy-accessible-namespaces-test.yml new file mode 100644 index 00000000..429d4488 --- /dev/null +++ b/molecule/accessible-namespaces-test/destroy-accessible-namespaces-test.yml @@ -0,0 +1,13 @@ +- name: Destroy + hosts: localhost + connection: local + collections: + - kubernetes.core + +- name: Include the base destroy play to destroy the first kiali install + import_playbook: ../default/destroy.yml + +- name: Delete the test namespaces + import_playbook: ./process-namespaces.yml + vars: + state: absent diff --git a/molecule/accessible-namespaces-test/molecule.yml b/molecule/accessible-namespaces-test/molecule.yml index a64d752a..78a8caf8 100644 --- a/molecule/accessible-namespaces-test/molecule.yml +++ b/molecule/accessible-namespaces-test/molecule.yml @@ -13,8 +13,8 @@ provisioner: defaults: callback_enabled: junit playbooks: - destroy: ../default/destroy.yml - prepare: ../default/prepare.yml + destroy: ./destroy-accessible-namespaces-test.yml + prepare: ./prepare-accessible-namespaces-test.yml cleanup: ../default/cleanup.yml inventory: group_vars: diff --git a/molecule/accessible-namespaces-test/prepare-accessible-namespaces-test.yml b/molecule/accessible-namespaces-test/prepare-accessible-namespaces-test.yml new file mode 100644 index 00000000..51089a94 --- /dev/null +++ b/molecule/accessible-namespaces-test/prepare-accessible-namespaces-test.yml @@ -0,0 +1,13 @@ +- name: Prepare + hosts: localhost + connection: local + collections: + - kubernetes.core + +- name: Create the test namespaces + import_playbook: ./process-namespaces.yml + vars: + state: present + +- name: Include the base prepare play to create the first kiali install + import_playbook: ../default/prepare.yml diff --git a/molecule/accessible-namespaces-test/process-namespaces.yml b/molecule/accessible-namespaces-test/process-namespaces.yml new file mode 100644 index 00000000..9f7df6de --- /dev/null +++ b/molecule/accessible-namespaces-test/process-namespaces.yml @@ -0,0 +1,27 @@ +- name: "Process Test Namespaces [state={{ state }}]" + hosts: localhost + connection: local + collections: + - kubernetes.core + + tasks: + - k8s: + state: "{{ state }}" + definition: + apiVersion: v1 + kind: Namespace + metadata: + name: kialitestns + labels: + customLabel: test + - k8s: + state: "{{ state }}" + api_version: v1 + kind: Namespace + name: kialitestns2 + - k8s: + state: "{{ state }}" + api_version: v1 + kind: Namespace + name: kialianothertestns + diff --git a/molecule/accessible-namespaces-test/set-api-namespaces.yml b/molecule/accessible-namespaces-test/set-api-namespaces.yml new file mode 100644 index 00000000..15ac821f --- /dev/null +++ b/molecule/accessible-namespaces-test/set-api-namespaces.yml @@ -0,0 +1,14 @@ +# Wait for the operator to finish any reconciliation currently ongoing +- import_tasks: ../common/wait_for_kiali_cr_changes.yml + +- name: "Set api.namespaces" + vars: + current_kiali_cr: "{{ kiali_cr_list.resources[0] }}" + set_fact: + new_kiali_cr: "{{ current_kiali_cr | combine({'spec': {'api': {'namespaces': api_namespaces }}}, recursive=True) }}" + +- import_tasks: ../common/set_kiali_cr.yml +- import_tasks: ../common/wait_for_kiali_cr_changes.yml +- import_tasks: ../common/wait_for_kiali_running.yml +- import_tasks: ../common/tasks.yml +- import_tasks: ../asserts/pod_asserts.yml \ No newline at end of file diff --git a/molecule/config-values-test/converge.yml b/molecule/config-values-test/converge.yml index 9bc6ba31..4d811122 100644 --- a/molecule/config-values-test/converge.yml +++ b/molecule/config-values-test/converge.yml @@ -10,6 +10,10 @@ - import_tasks: ../asserts/pod_asserts.yml - import_tasks: ../common/wait_for_kiali_cr_changes.yml + - name: The initial Kiali ConfigMap + debug: + msg: "{{ kiali_configmap }}" + - name: Test the default deployment.resources is what we expect vars: kiali_pod_spec: "{{ kiali_pod.resources[0].spec }}" @@ -40,6 +44,12 @@ that: - kiali_role_raw.resources[0].rules | to_yaml is search('pods/log') + - name: Test the deprecated api.namespaces.label_selector was renamed api.namespaces.label_selector_include + assert: + that: + - kiali_configmap.api.namespaces.label_selector is not defined + - kiali_configmap.api.namespaces.label_selector_include == "kiali.io/member-of=istio-system" + # This test will change some config settings to make sure things work like we expect. # We will add additional tasks and asserts in the future to test other config changes. # We load in the current kiali CR and then alter it with new config and deploy that new CR. @@ -150,6 +160,10 @@ - import_tasks: ../common/tasks.yml - import_tasks: ../asserts/pod_asserts.yml + - name: The new Kiali ConfigMap + debug: + msg: "{{ kiali_configmap }}" + # Assert the new config - name: Make sure version_label was truncated properly diff --git a/molecule/null-cr-values-test/converge.yml b/molecule/null-cr-values-test/converge.yml index 5d3b7409..a4aa2d6a 100644 --- a/molecule/null-cr-values-test/converge.yml +++ b/molecule/null-cr-values-test/converge.yml @@ -9,13 +9,24 @@ - import_tasks: ../common/tasks.yml - import_tasks: ../asserts/pod_asserts.yml + - name: The Kiali ConfigMap + debug: + msg: "{{ kiali_configmap }}" + # Assert that we have defaults since the CR set most settings to null. # The defaults come from the operator's roles/kiali-deploy/defaults/main.yaml # This just checks some of the settings to see that defaults are getting set. + # Note that accessible namespaces is being set to "[**]" so some settings depend on that. - assert: that: + - kiali_configmap.deployment.accessible_namespaces[0] == "**" - kiali_configmap.installation_tag == "" - kiali_configmap.additional_display_details | length == 1 + - kiali_configmap.api.namespaces.label_selector_exclude == "" + - kiali_configmap.api.namespaces.label_selector_include is not defined + - kiali_configmap.api.namespaces.exclude | length > 0 + - kiali_configmap.api.namespaces.include | length == 0 + - kiali_configmap.api.namespaces.label_selector is not defined - kiali_configmap.custom_dashboards | length == 0 - kiali_configmap.deployment.replicas == 1 - kiali_configmap.deployment.secret_name == "kiali" diff --git a/roles/default/kiali-deploy/defaults/main.yml b/roles/default/kiali-deploy/defaults/main.yml index 70536f05..b347e516 100644 --- a/roles/default/kiali-deploy/defaults/main.yml +++ b/roles/default/kiali-deploy/defaults/main.yml @@ -1,4 +1,4 @@ -# Defaults for all user-facing Kiali settings. These are documented in kiali_cr.yaml. +# Defaults for all user-facing Kiali settings. # # Note that these are under the main dictionary group "kiali_defaults". # The actual vars used by the role are found in the vars/ directory. @@ -25,7 +25,9 @@ kiali_defaults: - "^openshift.*" - "^ibm.*" - "^kiali-operator" - #label_selector: + include: [] + label_selector_exclude: "" + #label_selector_include: auth: openid: diff --git a/roles/default/kiali-deploy/tasks/main.yml b/roles/default/kiali-deploy/tasks/main.yml index d15aaaa3..d0dea58d 100644 --- a/roles/default/kiali-deploy/tasks/main.yml +++ b/roles/default/kiali-deploy/tasks/main.yml @@ -91,6 +91,15 @@ - kiali_vars.deployment.ingress_enabled is defined - kiali_vars.deployment.ingress is not defined or kiali_vars.deployment.ingress.enabled is not defined +- name: api.namespaces.label_selector is deprecated but if api.namespaces.label_selector_include is not set then use the old setting + set_fact: + kiali_vars: | + {% set ls=kiali_vars['api']['namespaces'].pop('label_selector') %} + {{ kiali_vars | combine({'api': {'namespaces': {'label_selector_include': ls|bool }}}, recursive=True) }} + when: + - kiali_vars.api.namespaces.label_selector is defined + - kiali_vars.api.namespaces.label_selector_include is not defined + # convert snake case to camelCase where appropriate - include_tasks: snake_camel_case.yaml @@ -540,20 +549,20 @@ # Note that we add the instance name to the member-of key name only if the instance name is not the default 'kiali'. # This is for backward compatibility, and for simplicity when deploying under normal default conditions. -- name: When accessible namespaces are specified, ensure label selector is set +- name: When accessible namespaces are specified, ensure label_selector_include is set set_fact: - kiali_vars: "{{ kiali_vars | combine({'api': {'namespaces': {'label_selector': ('kiali.io/' + ((kiali_vars.deployment.instance_name + '.') if kiali_vars.deployment.instance_name != 'kiali' else '') + 'member-of=' + kiali_vars.deployment.namespace)}}}, recursive=True) }}" + kiali_vars: "{{ kiali_vars | combine({'api': {'namespaces': {'label_selector_include': ('kiali.io/' + ((kiali_vars.deployment.instance_name + '.') if kiali_vars.deployment.instance_name != 'kiali' else '') + 'member-of=' + kiali_vars.deployment.namespace)}}}, recursive=True) }}" when: - '"**" not in kiali_vars.deployment.accessible_namespaces' - - kiali_vars.api.namespaces.label_selector is not defined + - kiali_vars.api.namespaces.label_selector_include is not defined -- name: Make sure label selector is in the valid format name=value +- name: Make sure label_selector_include is in the valid format name=value fail: - msg: "The api.namespaces.label_selector is not valid [{{ kiali_vars.api.namespaces.label_selector }}] - it must be in the form of 'name=value' following Kubernetes syntax rules for label names and values." + msg: "The api.namespaces.label_selector_include is not valid [{{ kiali_vars.api.namespaces.label_selector_include }}] - it must be in the form of 'name=value' following Kubernetes syntax rules for label names and values." when: - - kiali_vars.api.namespaces.label_selector is defined + - kiali_vars.api.namespaces.label_selector_include is defined # this regex is not 100% accurate, but we want to at least catch obvious errors - - kiali_vars.api.namespaces.label_selector is not regex('^[a-zA-Z0-9/_.-]+=[a-zA-Z0-9_.-]+$') + - kiali_vars.api.namespaces.label_selector_include is not regex('^[a-zA-Z0-9/_.-]+=[a-zA-Z0-9_.-]+$') # If the signing key is not empty string, and is not of the special value secret:name:key, # do some validation on it's length @@ -691,7 +700,7 @@ - name: Find some current configuration settings set_fact: current_accessible_namespaces: "{{ current_configmap.data['config.yaml'] | from_yaml | json_query('deployment.accessible_namespaces') }}" - current_label_selector: "{{ current_configmap.data['config.yaml'] | from_yaml | json_query('api.namespaces.label_selector') }}" + current_label_selector_include: "{{ current_configmap.data['config.yaml'] | from_yaml | json_query('api.namespaces.label_selector_include') }}" current_view_only_mode: "{{ current_configmap.data['config.yaml'] | from_yaml | json_query('deployment.view_only_mode') }}" current_image_name: "{{ current_configmap.data['config.yaml'] | from_yaml | json_query('deployment.image_name') }}" current_image_version: "{{ current_configmap.data['config.yaml'] | from_yaml | json_query('deployment.image_version') }}" @@ -702,18 +711,18 @@ - current_configmap.data['config.yaml'] is defined # Because we need to remove the labels that were created before, we must not allow the user to change -# the label_selector. So if the current accessible_namespaces is not ** but the label_select is being changed, +# the label_selector_include. So if the current accessible_namespaces is not ** but the label_selector_include is being changed, # we need to abort since we won't know what the old labels were. If current accessible_namespaces is ** then -# we know we didn't create labels before so we can allow label_selector to change. -- name: Do not allow user to change label selector +# we know we didn't create labels before so we can allow label_selector_include to change. +- name: Do not allow user to change label_selector_include fail: - msg: "The api.namespaces.label_selector cannot be changed to a different value. It was [{{ current_label_selector }}] but is now configured to be [{{ kiali_vars.api.namespaces.label_selector }}]. In order to install Kiali with a different label selector than what was used before, please uninstall Kiali first." + msg: "The api.namespaces.label_selector_include cannot be changed to a different value. It was [{{ current_label_selector_include }}] but is now configured to be [{{ kiali_vars.api.namespaces.label_selector_include }}]. In order to install Kiali with a different label selector than what was used before, please uninstall Kiali first." when: - current_accessible_namespaces is defined - '"**" not in current_accessible_namespaces' - - current_label_selector is defined - - kiali_vars.api.namespaces.label_selector is defined - - current_label_selector != kiali_vars.api.namespaces.label_selector + - current_label_selector_include is defined + - kiali_vars.api.namespaces.label_selector_include is defined + - current_label_selector_include != kiali_vars.api.namespaces.label_selector_include - name: Determine the namespaces that were previously accessible but are now inaccessible set_fact: @@ -765,7 +774,7 @@ - name: Remove Kiali label from namespaces that Kiali no longer has access to vars: # everything to the left of the = is the name of the label we want to remove - the_namespace_label_name: "{{ current_label_selector | regex_replace('^(.*)=.*$', '\\1') }}" + the_namespace_label_name: "{{ current_label_selector_include | regex_replace('^(.*)=.*$', '\\1') }}" # if a namespace happened to have been deleted, we do not want to (nor can we) resurrect it, hence we use state=patched k8s: state: patched @@ -782,14 +791,14 @@ {% endfor %} when: - no_longer_accessible_namespaces is defined - - current_label_selector is defined + - current_label_selector_include is defined - name: Create additional Kiali label on all accessible namespaces vars: namespaces: "{{ kiali_vars.deployment.accessible_namespaces }}" # everything to the left of the = is the label name; to the right is the label value - the_namespace_label_name: "{{ kiali_vars.api.namespaces.label_selector | regex_replace('^(.*)=.*$', '\\1') }}" - the_namespace_label_value: "{{ kiali_vars.api.namespaces.label_selector | regex_replace('^.*=(.*)$', '\\1') }}" + the_namespace_label_name: "{{ kiali_vars.api.namespaces.label_selector_include | regex_replace('^(.*)=.*$', '\\1') }}" + the_namespace_label_value: "{{ kiali_vars.api.namespaces.label_selector_include | regex_replace('^.*=(.*)$', '\\1') }}" k8s: state: patched definition: | diff --git a/roles/default/kiali-remove/tasks/main.yml b/roles/default/kiali-remove/tasks/main.yml index f1d838ed..5c587223 100644 --- a/roles/default/kiali-remove/tasks/main.yml +++ b/roles/default/kiali-remove/tasks/main.yml @@ -141,7 +141,7 @@ - name: Find currently configured label selector ignore_errors: yes set_fact: - current_label_selector: "{{ current_configmap.data['config.yaml'] | from_yaml | json_query('api.namespaces.label_selector') }}" + current_label_selector_include: "{{ current_configmap.data['config.yaml'] | from_yaml | json_query('api.namespaces.label_selector_include') }}" when: - current_configmap is defined - current_configmap.data is defined @@ -151,7 +151,7 @@ ignore_errors: yes vars: # everything to the left of the = is the name of the label we want to remove - the_namespace_label_name: "{{ current_label_selector | regex_replace('^(.*)=.*$', '\\1') }}" + the_namespace_label_name: "{{ current_label_selector_include | regex_replace('^(.*)=.*$', '\\1') }}" # if a namespace happened to have been deleted, we do not want to (nor can we) resurrect it, hence we use state=patched k8s: state: patched @@ -169,7 +169,7 @@ when: - current_accessible_namespaces is defined - '"**" not in current_accessible_namespaces' - - current_label_selector is defined + - current_label_selector_include is defined - name: Delete Kiali cluster roles ignore_errors: yes