Add additional_labels parameter (#1160)

* Move label templates into `common` role So that there is single source of labels management, and labels are unified across the other roles * Introduce `additional_labels` * Fix paths for labels templates * Return `additional_labels_items` as list * Add molecule tests
2026-05-08 14:22:49 +00:00 · 2023-01-31 00:51:08 +01:00
parent d26a6bf641
commit 5a856eeba8
37 changed files with 204 additions and 109 deletions
--- a/roles/backup/defaults/main.yml
+++ b/roles/backup/defaults/main.yml
@@ -31,6 +31,9 @@ backup_resource_requirements:
 # Allow additional parameters to be added to the pg_dump backup command
 pg_dump_suffix: ''

+# Labels defined on the resource, which should be propagated to child resources
+additional_labels: []
+
 # Maintain some of the recommended `app.kubernetes.io/*` labels on the resource (self)
 set_self_labels: true
 ...
--- a/roles/backup/meta/main.yml
+++ b/roles/backup/meta/main.yml
@@ -24,7 +24,8 @@ galaxy_info:
    - backup
    - automation

-dependencies: []
+dependencies:
+  - role: common

 collections:
  - kubernetes.core
--- a/roles/backup/tasks/creation.yml
+++ b/roles/backup/tasks/creation.yml
@@ -10,12 +10,7 @@
      metadata:
        name: "{{ ansible_operator_meta.name }}"
        namespace: "{{ ansible_operator_meta.namespace }}"
-        labels:
-          app.kubernetes.io/name: "{{ ansible_operator_meta.name }}"
-          app.kubernetes.io/part-of: "{{ ansible_operator_meta.name }}"
-          app.kubernetes.io/managed-by: "{{ deployment_type }}-operator"
-          app.kubernetes.io/component: "{{ deployment_type }}"
-          app.kubernetes.io/operator-version: '{{ lookup("env", "OPERATOR_VERSION") }}'
+        labels: '{{ lookup("template", "../common/templates/labels/common.yaml.j2") | from_yaml }}'
  when: set_self_labels | bool

 - name: Look up details for this backup object
@@ -26,6 +21,16 @@
    namespace: "{{ ansible_operator_meta.namespace }}"
  register: this_backup

+- name: Build `additional_labels_items` labels from `additional_labels`
+  set_fact:
+    additional_labels_items: >-
+      {{ this_backup['resources'][0]['metadata']['labels']
+         | dict2items | selectattr('key', 'in', additional_labels)
+      }}
+  when:
+  - additional_labels | length
+  - this_backup['resources'][0]['metadata']['labels']
+
 - block:
    - include_tasks: init.yml

--- a/roles/backup/templates/backup_pvc.yml.j2
+++ b/roles/backup/templates/backup_pvc.yml.j2
@@ -6,11 +6,7 @@ metadata:
  namespace: {{ backup_pvc_namespace }}
  ownerReferences: null
  labels:
-    app.kubernetes.io/name: '{{ ansible_operator_meta.name }}'
-    app.kubernetes.io/part-of: '{{ ansible_operator_meta.name }}'
-    app.kubernetes.io/managed-by: '{{ deployment_type }}-operator'
-    app.kubernetes.io/component: '{{ deployment_type }}'
-    app.kubernetes.io/operator-version: '{{ lookup("env", "OPERATOR_VERSION") }}'
+    {{ lookup("template", "../common/templates/labels/common.yaml.j2") | indent(width=4) | trim }}
 spec:
  accessModes:
    - ReadWriteOnce
--- a/roles/backup/templates/management-pod.yml.j2
+++ b/roles/backup/templates/management-pod.yml.j2
@@ -5,11 +5,7 @@ metadata:
  name: {{ ansible_operator_meta.name }}-db-management
  namespace: {{ backup_pvc_namespace }}
  labels:
-    app.kubernetes.io/name: '{{ ansible_operator_meta.name }}'
-    app.kubernetes.io/part-of: '{{ ansible_operator_meta.name }}'
-    app.kubernetes.io/managed-by: '{{ deployment_type }}-operator'
-    app.kubernetes.io/component: '{{ deployment_type }}'
-    app.kubernetes.io/operator-version: '{{ lookup("env", "OPERATOR_VERSION") }}'
+    {{ lookup("template", "../common/templates/labels/common.yaml.j2") | indent(width=4) | trim }}
 spec:
  containers:
  - name: {{ ansible_operator_meta.name }}-db-management
--- a/roles/common/templates/labels/additional_labels.yaml.j2
+++ b/roles/common/templates/labels/additional_labels.yaml.j2
@@ -0,0 +1,3 @@
+{% for item in additional_labels_items | default([]) %}
+{{ item.key }}: '{{ item.value }}'
+{% endfor %}
--- a/roles/installer/templates/labels/common.yaml.j2
+++ b/roles/installer/templates/labels/common.yaml.j2
@@ -4,3 +4,4 @@ app.kubernetes.io/part-of: '{{ ansible_operator_meta.name }}'
 app.kubernetes.io/managed-by: '{{ deployment_type }}-operator'
 app.kubernetes.io/component: '{{ deployment_type }}'
 app.kubernetes.io/operator-version: '{{ lookup("env", "OPERATOR_VERSION") }}'
+{{ lookup("template", "../common/templates/labels/additional_labels.yaml.j2") }}
--- a/roles/installer/templates/labels/version.yaml.j2
+++ b/roles/installer/templates/labels/version.yaml.j2
--- a/roles/installer/defaults/main.yml
+++ b/roles/installer/defaults/main.yml
@@ -303,6 +303,9 @@ no_log: true
 #
 auto_upgrade: true

+# Labels defined on the resource, which should be propagated to child resources
+additional_labels: []
+
 # Maintain some of the recommended `app.kubernetes.io/*` labels on the resource (self)
 set_self_labels: true

--- a/roles/installer/tasks/install.yml
+++ b/roles/installer/tasks/install.yml
@@ -10,9 +10,29 @@
      metadata:
        name: '{{ ansible_operator_meta.name }}'
        namespace: '{{ ansible_operator_meta.namespace }}'
-        labels: '{{ lookup("template", "labels/common.yaml.j2") | from_yaml }}'
+        labels: '{{ lookup("template", "../common/templates/labels/common.yaml.j2") | from_yaml }}'
  when: set_self_labels | bool

+- name: Build `additional_labels_items` labels from `additional_labels`
+  block:
+  - name: Look up details for this deployment
+    k8s_info:
+      api_version: "{{ api_version }}"
+      kind: "{{ kind }}"
+      name: "{{ ansible_operator_meta.name }}"
+      namespace: "{{ ansible_operator_meta.namespace }}"
+    register: this_awx
+
+  - name: Select resource labels which are in `additional_labels`
+    set_fact:
+      additional_labels_items: >-
+        {{ this_awx['resources'][0]['metadata']['labels']
+           | dict2items | selectattr('key', 'in', additional_labels)
+           | list
+        }}
+    when: this_awx['resources'][0]['metadata']['labels']
+  when: additional_labels | length
+
 - name: Include secret key configuration tasks
  include_tasks: secret_key_configuration.yml

--- a/roles/installer/templates/configmaps/config.yaml.j2
+++ b/roles/installer/templates/configmaps/config.yaml.j2
@@ -6,11 +6,7 @@ metadata:
  name: '{{ ansible_operator_meta.name }}-{{ deployment_type }}-configmap'
  namespace: '{{ ansible_operator_meta.namespace }}'
  labels:
-    app.kubernetes.io/name: '{{ ansible_operator_meta.name }}'
-    app.kubernetes.io/part-of: '{{ ansible_operator_meta.name }}'
-    app.kubernetes.io/managed-by: '{{ deployment_type }}-operator'
-    app.kubernetes.io/component: '{{ deployment_type }}'
-    app.kubernetes.io/operator-version: '{{ lookup("env", "OPERATOR_VERSION") }}'
+    {{ lookup("template", "../common/templates/labels/common.yaml.j2") | indent(width=4) | trim }}
 data:
  environment: |
    AWX_SKIP_MIGRATIONS=true
--- a/roles/installer/templates/deployments/deployment.yaml.j2
+++ b/roles/installer/templates/deployments/deployment.yaml.j2
@@ -6,8 +6,8 @@ metadata:
  name: '{{ ansible_operator_meta.name }}'
  namespace: '{{ ansible_operator_meta.namespace }}'
  labels:
-    {{ lookup("template", "labels/common.yaml.j2")  | indent(width=4) | trim }}
-    {{ lookup("template", "labels/version.yaml.j2") | indent(width=4) | trim }}
+    {{ lookup("template", "../common/templates/labels/common.yaml.j2")  | indent(width=4) | trim }}
+    {{ lookup("template", "../common/templates/labels/version.yaml.j2") | indent(width=4) | trim }}
 spec:
  replicas: {{ replicas }}
  selector:
@@ -18,8 +18,8 @@ spec:
  template:
    metadata:
      labels:
-        {{ lookup("template", "labels/common.yaml.j2")  | indent(width=8) | trim }}
-        {{ lookup("template", "labels/version.yaml.j2") | indent(width=8) | trim }}
+        {{ lookup("template", "../common/templates/labels/common.yaml.j2")  | indent(width=8) | trim }}
+        {{ lookup("template", "../common/templates/labels/version.yaml.j2") | indent(width=8) | trim }}
 {% if annotations %}
      annotations:
        {{ annotations | indent(width=8) }}
--- a/roles/installer/templates/networking/ingress.yaml.j2
+++ b/roles/installer/templates/networking/ingress.yaml.j2
@@ -8,11 +8,7 @@ metadata:
  name: '{{ ansible_operator_meta.name }}-ingress'
  namespace: '{{ ansible_operator_meta.namespace }}'
  labels:
-    app.kubernetes.io/name: '{{ ansible_operator_meta.name }}'
-    app.kubernetes.io/part-of: '{{ ansible_operator_meta.name }}'
-    app.kubernetes.io/managed-by: '{{ deployment_type }}-operator'
-    app.kubernetes.io/component: '{{ deployment_type }}'
-    app.kubernetes.io/operator-version: '{{ lookup("env", "OPERATOR_VERSION") }}'
+    {{ lookup("template", "../common/templates/labels/common.yaml.j2") | indent(width=4) | trim }}
 {% if ingress_annotations %}
  annotations:
    {{ ingress_annotations | indent(width=4) }}
@@ -52,11 +48,7 @@ metadata:
  name: '{{ ansible_operator_meta.name }}'
  namespace: '{{ ansible_operator_meta.namespace }}'
  labels:
-    app.kubernetes.io/name: '{{ ansible_operator_meta.name }}'
-    app.kubernetes.io/part-of: '{{ ansible_operator_meta.name }}'
-    app.kubernetes.io/managed-by: '{{ deployment_type }}-operator'
-    app.kubernetes.io/component: '{{ deployment_type }}'
-    app.kubernetes.io/operator-version: '{{ lookup("env", "OPERATOR_VERSION") }}'
+    {{ lookup("template", "../common/templates/labels/common.yaml.j2") | indent(width=4) | trim }}
 spec:
 {% if route_host != '' %}
  host: {{ route_host }}
--- a/roles/installer/templates/networking/service.yaml.j2
+++ b/roles/installer/templates/networking/service.yaml.j2
@@ -5,11 +5,7 @@ metadata:
  name: '{{ ansible_operator_meta.name }}-service'
  namespace: '{{ ansible_operator_meta.namespace }}'
  labels:
-    app.kubernetes.io/name: '{{ ansible_operator_meta.name }}'
-    app.kubernetes.io/part-of: '{{ ansible_operator_meta.name }}'
-    app.kubernetes.io/managed-by: '{{ deployment_type }}-operator'
-    app.kubernetes.io/component: '{{ deployment_type }}'
-    app.kubernetes.io/operator-version: '{{ lookup("env", "OPERATOR_VERSION") }}'
+    {{ lookup("template", "../common/templates/labels/common.yaml.j2") | indent(width=4) | trim }}
    {{ service_labels | indent(width=4) }}
 {% if service_annotations %}
  annotations:
--- a/roles/installer/templates/rbac/service_account.yaml.j2
+++ b/roles/installer/templates/rbac/service_account.yaml.j2
@@ -5,11 +5,7 @@ metadata:
  name: '{{ ansible_operator_meta.name }}'
  namespace: '{{ ansible_operator_meta.namespace }}'
  labels:
-    app.kubernetes.io/name: '{{ ansible_operator_meta.name }}'
-    app.kubernetes.io/part-of: '{{ ansible_operator_meta.name }}'
-    app.kubernetes.io/managed-by: '{{ deployment_type }}-operator'
-    app.kubernetes.io/component: '{{ deployment_type }}'
-    app.kubernetes.io/operator-version: '{{ lookup("env", "OPERATOR_VERSION") }}'
+    {{ lookup("template", "../common/templates/labels/common.yaml.j2") | indent(width=4) | trim }}
 {% if service_account_annotations %}
  annotations:
    {{ service_account_annotations | indent(width=4) }}
@@ -20,6 +16,8 @@ kind: Role
 metadata:
  name: '{{ ansible_operator_meta.name }}'
  namespace: '{{ ansible_operator_meta.namespace }}'
+  labels:
+    {{ lookup("template", "../common/templates/labels/common.yaml.j2") | indent(width=4) | trim }}
 rules:
 - apiGroups: [""] # "" indicates the core API group
  resources: ["pods"]
@@ -40,6 +38,8 @@ apiVersion: rbac.authorization.k8s.io/v1
 metadata:
  name: '{{ ansible_operator_meta.name }}'
  namespace: '{{ ansible_operator_meta.namespace }}'
+  labels:
+    {{ lookup("template", "../common/templates/labels/common.yaml.j2") | indent(width=4) | trim }}
 subjects:
 - kind: ServiceAccount
  name: '{{ ansible_operator_meta.name }}'
--- a/roles/installer/templates/secrets/admin_password_secret.yaml.j2
+++ b/roles/installer/templates/secrets/admin_password_secret.yaml.j2
@@ -5,10 +5,6 @@ metadata:
  name: '{{ ansible_operator_meta.name }}-admin-password'
  namespace: '{{ ansible_operator_meta.namespace }}'
  labels:
-    app.kubernetes.io/name: '{{ ansible_operator_meta.name }}'
-    app.kubernetes.io/part-of: '{{ ansible_operator_meta.name }}'
-    app.kubernetes.io/managed-by: '{{ deployment_type }}-operator'
-    app.kubernetes.io/component: '{{ deployment_type }}'
-    app.kubernetes.io/operator-version: '{{ lookup("env", "OPERATOR_VERSION") }}'
+    {{ lookup("template", "../common/templates/labels/common.yaml.j2") | indent(width=4) | trim }}
 stringData:
  password: '{{ lookup('password', '/dev/null length=32 chars=ascii_letters,digits') }}'
--- a/roles/installer/templates/secrets/app_credentials.yaml.j2
+++ b/roles/installer/templates/secrets/app_credentials.yaml.j2
@@ -6,11 +6,7 @@ metadata:
  name: '{{ ansible_operator_meta.name }}-app-credentials'
  namespace: '{{ ansible_operator_meta.namespace }}'
  labels:
-    app.kubernetes.io/name: '{{ ansible_operator_meta.name }}'
-    app.kubernetes.io/part-of: '{{ ansible_operator_meta.name }}'
-    app.kubernetes.io/managed-by: '{{ deployment_type }}-operator'
-    app.kubernetes.io/component: '{{ deployment_type }}'
-    app.kubernetes.io/operator-version: '{{ lookup("env", "OPERATOR_VERSION") }}'
+    {{ lookup("template", "../common/templates/labels/common.yaml.j2") | indent(width=4) | trim }}
 data:
  credentials.py: "{{ lookup('template', 'settings/credentials.py.j2') | b64encode }}"
  ldap.py: "{{ lookup('template', 'settings/ldap.py.j2') | b64encode }}"
--- a/roles/installer/templates/secrets/broadcast_websocket_secret.yaml.j2
+++ b/roles/installer/templates/secrets/broadcast_websocket_secret.yaml.j2
@@ -5,10 +5,6 @@ metadata:
  name: '{{ ansible_operator_meta.name }}-broadcast-websocket'
  namespace: '{{ ansible_operator_meta.namespace }}'
  labels:
-    app.kubernetes.io/name: '{{ ansible_operator_meta.name }}'
-    app.kubernetes.io/part-of: '{{ ansible_operator_meta.name }}'
-    app.kubernetes.io/managed-by: '{{ deployment_type }}-operator'
-    app.kubernetes.io/component: '{{ deployment_type }}'
-    app.kubernetes.io/operator-version: '{{ lookup("env", "OPERATOR_VERSION") }}'
+    {{ lookup("template", "../common/templates/labels/common.yaml.j2") | indent(width=4) | trim }}
 stringData:
  secret: '{{ lookup('password', '/dev/null length=32 chars=ascii_letters,digits') }}'
--- a/roles/installer/templates/secrets/postgres_secret.yaml.j2
+++ b/roles/installer/templates/secrets/postgres_secret.yaml.j2
@@ -6,11 +6,7 @@ metadata:
  name: '{{ ansible_operator_meta.name }}-postgres-configuration'
  namespace: '{{ ansible_operator_meta.namespace }}'
  labels:
-    app.kubernetes.io/name: '{{ ansible_operator_meta.name }}'
-    app.kubernetes.io/part-of: '{{ ansible_operator_meta.name }}'
-    app.kubernetes.io/managed-by: '{{ deployment_type }}-operator'
-    app.kubernetes.io/component: '{{ deployment_type }}'
-    app.kubernetes.io/operator-version: '{{ lookup("env", "OPERATOR_VERSION") }}'
+    {{ lookup("template", "../common/templates/labels/common.yaml.j2") | indent(width=4) | trim }}
 stringData:
  password: '{{ lookup('password', '/dev/null length=32 chars=ascii_letters,digits') }}'
  username: '{{ database_username }}'
--- a/roles/installer/templates/secrets/postgres_upgrade_secret.yaml.j2
+++ b/roles/installer/templates/secrets/postgres_upgrade_secret.yaml.j2
@@ -6,11 +6,7 @@ metadata:
  name: '{{ ansible_operator_meta.name }}-postgres-configuration'
  namespace: '{{ ansible_operator_meta.namespace }}'
  labels:
-    app.kubernetes.io/name: '{{ ansible_operator_meta.name }}'
-    app.kubernetes.io/part-of: '{{ ansible_operator_meta.name }}'
-    app.kubernetes.io/managed-by: '{{ deployment_type }}-operator'
-    app.kubernetes.io/component: '{{ deployment_type }}'
-    app.kubernetes.io/operator-version: '{{ lookup("env", "OPERATOR_VERSION") }}'
+    {{ lookup("template", "../common/templates/labels/common.yaml.j2") | indent(width=4) | trim }}
 stringData:
  password: '{{ awx_postgres_pass }}'
  username: '{{ awx_postgres_user }}'
--- a/roles/installer/templates/secrets/receptor_ca_secret.yaml.j2
+++ b/roles/installer/templates/secrets/receptor_ca_secret.yaml.j2
@@ -5,11 +5,7 @@ metadata:
  name: '{{ ansible_operator_meta.name }}-receptor-ca'
  namespace: '{{ ansible_operator_meta.namespace }}'
  labels:
-    app.kubernetes.io/name: '{{ ansible_operator_meta.name }}'
-    app.kubernetes.io/part-of: '{{ ansible_operator_meta.name }}'
-    app.kubernetes.io/managed-by: '{{ deployment_type }}-operator'
-    app.kubernetes.io/component: '{{ deployment_type }}'
-    app.kubernetes.io/operator-version: '{{ lookup("env", "OPERATOR_VERSION") }}'
+    {{ lookup("template", "../common/templates/labels/common.yaml.j2") | indent(width=4) | trim }}
 type: kubernetes.io/tls
 data:
  tls.crt: '{{ lookup('file', '{{ _receptor_ca_crt_file.path }}') | b64encode }}'
--- a/roles/installer/templates/secrets/receptor_work_signing_secret.yaml.j2
+++ b/roles/installer/templates/secrets/receptor_work_signing_secret.yaml.j2
@@ -5,11 +5,7 @@ metadata:
  name: '{{ ansible_operator_meta.name }}-receptor-work-signing'
  namespace: '{{ ansible_operator_meta.namespace }}'
  labels:
-    app.kubernetes.io/name: '{{ ansible_operator_meta.name }}'
-    app.kubernetes.io/part-of: '{{ ansible_operator_meta.name }}'
-    app.kubernetes.io/managed-by: '{{ deployment_type }}-operator'
-    app.kubernetes.io/component: '{{ deployment_type }}'
-    app.kubernetes.io/operator-version: '{{ lookup("env", "OPERATOR_VERSION") }}'
+    {{ lookup("template", "../common/templates/labels/common.yaml.j2") | indent(width=4) | trim }}
 data:
  work-private-key.pem: '{{ lookup('file', '{{ _receptor_work_signing_private_key_file.path }}') | b64encode }}'
  work-public-key.pem: '{{ lookup('file', '{{ _receptor_work_signing_public_key_file.path }}') | b64encode }}'
--- a/roles/installer/templates/secrets/secret_key.yaml.j2
+++ b/roles/installer/templates/secrets/secret_key.yaml.j2
@@ -5,10 +5,6 @@ metadata:
  name: '{{ ansible_operator_meta.name }}-secret-key'
  namespace: '{{ ansible_operator_meta.namespace }}'
  labels:
-    app.kubernetes.io/name: '{{ ansible_operator_meta.name }}'
-    app.kubernetes.io/part-of: '{{ ansible_operator_meta.name }}'
-    app.kubernetes.io/managed-by: '{{ deployment_type }}-operator'
-    app.kubernetes.io/component: '{{ deployment_type }}'
-    app.kubernetes.io/operator-version: '{{ lookup("env", "OPERATOR_VERSION") }}'
+    {{ lookup("template", "../common/templates/labels/common.yaml.j2") | indent(width=4) | trim }}
 stringData:
  secret_key: '{{ lookup('password', '/dev/null length=32 chars=ascii_letters,digits') }}'
--- a/roles/installer/templates/statefulsets/postgres.yaml.j2
+++ b/roles/installer/templates/statefulsets/postgres.yaml.j2
@@ -6,6 +6,7 @@ metadata:
  name: '{{ ansible_operator_meta.name }}-postgres-{{ supported_pg_version }}'
  namespace: '{{ ansible_operator_meta.namespace }}'
  labels:
+    {{ lookup("template", "../common/templates/labels/additional_labels.yaml.j2") | indent(width=4) | trim }}
    app.kubernetes.io/name: 'postgres-{{ supported_pg_version }}'
    app.kubernetes.io/instance: 'postgres-{{ supported_pg_version }}-{{ ansible_operator_meta.name }}'
    app.kubernetes.io/component: 'database'
@@ -27,6 +28,7 @@ spec:
  template:
    metadata:
      labels:
+        {{ lookup("template", "../common/templates/labels/additional_labels.yaml.j2") | indent(width=8) | trim }}
        app.kubernetes.io/name: 'postgres-{{ supported_pg_version }}'
        app.kubernetes.io/instance: 'postgres-{{ supported_pg_version }}-{{ ansible_operator_meta.name }}'
        app.kubernetes.io/component: 'database'
@@ -127,6 +129,7 @@ metadata:
  name: '{{ ansible_operator_meta.name }}-postgres-{{ supported_pg_version }}'
  namespace: '{{ ansible_operator_meta.namespace }}'
  labels:
+    {{ lookup("template", "../common/templates/labels/additional_labels.yaml.j2") | indent(width=4) | trim }}
    app.kubernetes.io/name: 'postgres-{{ supported_pg_version }}'
    app.kubernetes.io/instance: 'postgres-{{ supported_pg_version }}-{{ ansible_operator_meta.name }}'
    app.kubernetes.io/component: 'database'
--- a/roles/installer/templates/storage/persistent.yaml.j2
+++ b/roles/installer/templates/storage/persistent.yaml.j2
@@ -5,11 +5,7 @@ metadata:
  name: '{{ ansible_operator_meta.name }}-projects-claim'
  namespace: '{{ ansible_operator_meta.namespace }}'
  labels:
-    app.kubernetes.io/name: '{{ ansible_operator_meta.name }}'
-    app.kubernetes.io/part-of: '{{ ansible_operator_meta.name }}'
-    app.kubernetes.io/managed-by: '{{ deployment_type }}-operator'
-    app.kubernetes.io/component: '{{ deployment_type }}'
-    app.kubernetes.io/operator-version: '{{ lookup("env", "OPERATOR_VERSION") }}'
+    {{ lookup("template", "../common/templates/labels/common.yaml.j2") | indent(width=4) | trim }}
 spec:
  accessModes:
    - {{ projects_storage_access_mode }}
--- a/roles/restore/defaults/main.yml
+++ b/roles/restore/defaults/main.yml
@@ -26,6 +26,9 @@ restore_resource_requirements:
    cpu: "25m"
    memory: "32Mi"

+# Labels defined on the resource, which should be propagated to child resources
+additional_labels: []
+
 # Maintain some of the recommended `app.kubernetes.io/*` labels on the resource (self)
 set_self_labels: true
 ...
--- a/roles/restore/meta/main.yml
+++ b/roles/restore/meta/main.yml
@@ -24,7 +24,8 @@ galaxy_info:
    - restore
    - automation

-dependencies: []
+dependencies:
+  - role: common

 collections:
  - kubernetes.core
--- a/roles/restore/tasks/main.yml
+++ b/roles/restore/tasks/main.yml
@@ -10,12 +10,7 @@
      metadata:
        name: '{{ ansible_operator_meta.name }}'
        namespace: '{{ ansible_operator_meta.namespace }}'
-        labels:
-          app.kubernetes.io/name: '{{ ansible_operator_meta.name }}'
-          app.kubernetes.io/part-of: '{{ ansible_operator_meta.name }}'
-          app.kubernetes.io/managed-by: '{{ deployment_type }}-operator'
-          app.kubernetes.io/component: '{{ deployment_type }}'
-          app.kubernetes.io/operator-version: '{{ lookup("env", "OPERATOR_VERSION") }}'
+        labels: '{{ lookup("template", "../common/templates/labels/common.yaml.j2") | from_yaml }}'
  when: set_self_labels | bool

 - name: Look up details for this restore object
@@ -26,6 +21,16 @@
    namespace: "{{ ansible_operator_meta.namespace }}"
  register: this_restore

+- name: Build `additional_labels_items` labels from `additional_labels`
+  set_fact:
+    additional_labels_items: >-
+      {{ this_restore['resources'][0]['metadata']['labels']
+         | dict2items | selectattr('key', 'in', additional_labels)
+      }}
+  when:
+  - additional_labels | length
+  - this_restore['resources'][0]['metadata']['labels']
+
 - block:
    - include_tasks: init.yml

--- a/roles/restore/templates/management-pod.yml.j2
+++ b/roles/restore/templates/management-pod.yml.j2
@@ -5,11 +5,7 @@ metadata:
  name: {{ ansible_operator_meta.name }}-db-management
  namespace: {{ backup_pvc_namespace }}
  labels:
-    app.kubernetes.io/name: '{{ ansible_operator_meta.name }}'
-    app.kubernetes.io/part-of: '{{ ansible_operator_meta.name }}'
-    app.kubernetes.io/managed-by: '{{ deployment_type }}-operator'
-    app.kubernetes.io/component: '{{ deployment_type }}'
-    app.kubernetes.io/operator-version: '{{ lookup("env", "OPERATOR_VERSION") }}'
+    {{ lookup("template", "../common/templates/labels/common.yaml.j2") | indent(width=4) | trim }}
 spec:
  containers:
  - name: {{ ansible_operator_meta.name }}-db-management
--- a/roles/restore/templates/secrets.yml.j2
+++ b/roles/restore/templates/secrets.yml.j2
@@ -6,11 +6,7 @@ metadata:
  name: '{{ secrets[secret]['name'] }}'
  namespace: '{{ ansible_operator_meta.namespace }}'
  labels:
-    app.kubernetes.io/name: '{{ ansible_operator_meta.name }}'
-    app.kubernetes.io/part-of: '{{ ansible_operator_meta.name }}'
-    app.kubernetes.io/managed-by: '{{ deployment_type }}-operator'
-    app.kubernetes.io/component: '{{ deployment_type }}'
-    app.kubernetes.io/operator-version: '{{ lookup("env", "OPERATOR_VERSION") }}'
+    {{ lookup("template", "../common/templates/labels/common.yaml.j2") | indent(width=4) | trim }}
 type: '{{ secrets[secret]['type'] }}'
 stringData:
 {% for key, value in secrets[secret]['data'].items() %}