From bb783427cc942a9e55774fc7a9009c47c07f631b Mon Sep 17 00:00:00 2001 From: terc1997 <64480693+terc1997@users.noreply.github.com> Date: Thu, 4 Sep 2025 23:26:59 -0300 Subject: [PATCH 1/4] [patch] add kyverno labels to create namespace --- src/mas/devops/ocp.py | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/src/mas/devops/ocp.py b/src/mas/devops/ocp.py index 031e6686..f1c94e88 100644 --- a/src/mas/devops/ocp.py +++ b/src/mas/devops/ocp.py @@ -94,7 +94,7 @@ def getNamespace(dynClient: DynamicClient, namespace: str) -> dict: return {} -def createNamespace(dynClient: DynamicClient, namespace: str) -> bool: +def createNamespace(dynClient: DynamicClient, namespace: str, kyvernoLabels: bool = False) -> bool: """ Create a namespace if it does not exist """ @@ -110,6 +110,10 @@ def createNamespace(dynClient: DynamicClient, namespace: str) -> bool: "name": namespace } } + if kyvernoLabels is not None: + nsObj["metadata"]["labels"] = { + "ibm.com/kyverno": "audit" + } namespaceAPI.create(body=nsObj) logger.debug(f"Created namespace {namespace}") return True From 09b4d73470c7f2955e3d66e78ba9cd6e2cda803c Mon Sep 17 00:00:00 2001 From: terc1997 <64480693+terc1997@users.noreply.github.com> Date: Fri, 5 Sep 2025 07:46:15 -0300 Subject: [PATCH 2/4] [patch] switch kyverno label to str --- src/mas/devops/ocp.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/mas/devops/ocp.py b/src/mas/devops/ocp.py index f1c94e88..1e8180cd 100644 --- a/src/mas/devops/ocp.py +++ b/src/mas/devops/ocp.py @@ -94,7 +94,7 @@ def getNamespace(dynClient: DynamicClient, namespace: str) -> dict: return {} -def createNamespace(dynClient: DynamicClient, namespace: str, kyvernoLabels: bool = False) -> bool: +def createNamespace(dynClient: DynamicClient, namespace: str, kyvernoLabel: str) -> bool: """ Create a namespace if it does not exist """ @@ -110,7 +110,7 @@ def createNamespace(dynClient: DynamicClient, namespace: str, kyvernoLabels: boo "name": namespace } } - if kyvernoLabels is not None: + if kyvernoLabel is not None and kyvernoLabel == "audit": nsObj["metadata"]["labels"] = { "ibm.com/kyverno": "audit" } From cc0750fae0b2c32e59f3a3b3f958a52c5b07822f Mon Sep 17 00:00:00 2001 From: terc1997 <64480693+terc1997@users.noreply.github.com> Date: Fri, 5 Sep 2025 08:13:15 -0300 Subject: [PATCH 3/4] [patch] add default for kyverno label --- src/mas/devops/ocp.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/mas/devops/ocp.py b/src/mas/devops/ocp.py index 1e8180cd..951cf264 100644 --- a/src/mas/devops/ocp.py +++ b/src/mas/devops/ocp.py @@ -94,7 +94,7 @@ def getNamespace(dynClient: DynamicClient, namespace: str) -> dict: return {} -def createNamespace(dynClient: DynamicClient, namespace: str, kyvernoLabel: str) -> bool: +def createNamespace(dynClient: DynamicClient, namespace: str, kyvernoLabel: str = '') -> bool: """ Create a namespace if it does not exist """ From 56fa5c02e3062e49859242022b8bac9c74b6278f Mon Sep 17 00:00:00 2001 From: David Parker Date: Fri, 5 Sep 2025 14:00:03 +0100 Subject: [PATCH 4/4] Update ocp.py --- src/mas/devops/ocp.py | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/src/mas/devops/ocp.py b/src/mas/devops/ocp.py index 951cf264..9ce52219 100644 --- a/src/mas/devops/ocp.py +++ b/src/mas/devops/ocp.py @@ -94,7 +94,7 @@ def getNamespace(dynClient: DynamicClient, namespace: str) -> dict: return {} -def createNamespace(dynClient: DynamicClient, namespace: str, kyvernoLabel: str = '') -> bool: +def createNamespace(dynClient: DynamicClient, namespace: str, kyvernoLabel: str = None) -> bool: """ Create a namespace if it does not exist """ @@ -110,9 +110,9 @@ def createNamespace(dynClient: DynamicClient, namespace: str, kyvernoLabel: str "name": namespace } } - if kyvernoLabel is not None and kyvernoLabel == "audit": + if kyvernoLabel is not None: nsObj["metadata"]["labels"] = { - "ibm.com/kyverno": "audit" + "ibm.com/kyverno": kyvernoLabel } namespaceAPI.create(body=nsObj) logger.debug(f"Created namespace {namespace}")