Skip to content

fix(operator): keep selector labels authoritative#199

Merged
onutc merged 1 commit intomainfrom
fix-spritz-selector-label-precedence
Apr 2, 2026
Merged

fix(operator): keep selector labels authoritative#199
onutc merged 1 commit intomainfrom
fix-spritz-selector-label-precedence

Conversation

@onutc
Copy link
Copy Markdown
Member

@onutc onutc commented Apr 2, 2026

TL;DR

This follow-up keeps selector-owned labels authoritative on the pod template while still propagating runtime policy labels and custom labels.

Summary

  • preserve selector and canonical runtime labels on pod templates
  • keep custom spec labels on pod templates for Istio injection and similar use cases
  • add a regression test for conflicting reserved labels

Review focus

  • selector safety when spec.labels contains reserved keys
  • regression coverage for pod-template label propagation

Test plan

  • go test ./controllers/...
  • go test ./controllers/... -run TestReconcileDeploymentKeepsSelectorLabelsAuthoritativeOnPodTemplate -count=1

@onutc onutc merged commit 65c4aa7 into main Apr 2, 2026
7 checks passed
@onutc onutc deleted the fix-spritz-selector-label-precedence branch April 2, 2026 16:07
@gitrank-connector
Copy link
Copy Markdown

gitrank-connector bot commented Apr 2, 2026

👍 GitRank PR Analysis

Score: 20 points

Metric Value
Component Other (1× multiplier)
Severity P2 - Medium (20 base pts)
Final Score 20 × 1 = 20

Eligibility Checks

Check Status
Issue/Bug Fix
Fix Implementation
PR Documented
Tests
Lines Within Limit

Impact Summary

This PR fixes a label precedence bug in the Spritz operator's deployment reconciliation. The fix ensures that selector labels (which are authoritative for pod selection) remain immutable even when users provide conflicting labels in spec.Labels. The change reorders the label merge operations so selectorLabels take final precedence, preventing user-provided labels from breaking pod selection logic.

Analysis Details

Component Classification: This PR affects the operator controller's deployment reconciliation logic, which doesn't fit neatly into a specific component category. It's categorized as OTHER since it's a general bug fix in the operator's label handling mechanism.

Severity Justification: This is a P2 (Medium) severity bug. It fixes a functional issue where selector-owned labels could be overridden by user-provided labels, potentially breaking pod selection and causing deployment failures. However, it has a workaround (users can avoid conflicting label keys) and doesn't cause complete service outage.

Eligibility Notes: Issue: True - PR title indicates this is a bug fix ('fix(operator)') addressing label authority issues. Fix Implementation: True - code changes align with the PR description; the merge order is reversed to keep selectorLabels authoritative. PR Linked: True - comprehensive description with TL;DR, summary, review focus, and test plan. Tests: True - adds regression test TestReconcileDeploymentKeepsSelectorLabelsAuthoritativeOnPodTemplate. Tests Required: True - this is a bug fix in business logic (label reconciliation) that affects pod selection behavior, requiring regression coverage.

Analyzed by GitRank 🤖

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@onutc