Restrict operator to single watched namespace via env var
This commit is contained in:
Sergey Dudoladov
parent
f194a2ae5a
commit
74fa7b9492
|
|
@ -97,18 +97,34 @@ func (c *Controller) initOperatorConfig() {
|
|||
c.logger.Infoln("no ConfigMap specified. Loading default values")
|
||||
}
|
||||
|
||||
// env var takes priority over the same param from the operator ConfigMap
|
||||
watchedNamespace := os.Getenv("WATCHED_NAMESPACE")
|
||||
if watchedNamespace != "" {
|
||||
c.logger.Infof("Watch the %q namespace specified in the env variable WATCHED_NAMESPACE\n", watchedNamespace)
|
||||
configMapData["watched_namespace"] = watchedNamespace
|
||||
// by default, the operator listens to all namespaces
|
||||
// by setting the env variable, one can restrict the operator to a single namespace
|
||||
watchedNamespace, isPresentInEnv := os.LookupEnv("WATCHED_NAMESPACE")
|
||||
if isPresentInEnv {
|
||||
// special case: v1.NamespaceAll currently also evaluates to the empty string
|
||||
// so when the env var is set to the empty string, use the default ns
|
||||
// since the meaning of this env var is only one namespace
|
||||
if watchedNamespace == "" {
|
||||
c.logger.Infof("The WATCHED_NAMESPACE env var evaluates to the empty string, falling back to watching the 'default' namespace.\n", watchedNamespace)
|
||||
configMapData["watched_namespace"] = v1.NamespaceDefault
|
||||
} else {
|
||||
c.logger.Infof("Watch the %q namespace specified in the env variable WATCHED_NAMESPACE\n", watchedNamespace)
|
||||
configMapData["watched_namespace"] = watchedNamespace
|
||||
}
|
||||
|
||||
} else {
|
||||
c.logger.Infof("Watch all namespaces. Set the WATCHED_NAMESPACE env var to restrict to a single namespace.\n", watchedNamespace)
|
||||
configMapData["watched_namespace"] = v1.NamespaceAll
|
||||
}
|
||||
|
||||
if configMapData["watched_namespace"] == "" {
|
||||
c.logger.Infoln("No namespace to watch specified. Fall back to watching the 'default' namespace.")
|
||||
configMapData["watched_namespace"] = v1.NamespaceDefault
|
||||
}
|
||||
/*
|
||||
// env var takes priority over the same param from the operator ConfigMap
|
||||
|
||||
if configMapData["watched_namespace"] == "" {
|
||||
c.logger.Infoln("No namespace to watch specified. Fall back to watching the 'default' namespace.")
|
||||
configMapData["watched_namespace"] = v1.NamespaceDefault
|
||||
}
|
||||
*/
|
||||
if c.config.NoDatabaseAccess {
|
||||
configMapData["enable_database_access"] = "false"
|
||||
}
|
||||
|
|
|
|||
|
|
@ -80,7 +80,7 @@ func (c *Controller) moveMasterPodsOffNode(node *v1.Node) {
|
|||
opts := metav1.ListOptions{
|
||||
LabelSelector: labels.Set(c.opConfig.ClusterLabels).String(),
|
||||
}
|
||||
podList, err := c.KubeClient.Pods("").List(opts)
|
||||
podList, err := c.KubeClient.Pods(c.opConfig.WatchedNamespace).List(opts)
|
||||
if err != nil {
|
||||
c.logger.Errorf("could not fetch list of the pods: %v", err)
|
||||
return
|
||||
|
|
|
|||
|
|
@ -17,7 +17,7 @@ func (c *Controller) podListFunc(options metav1.ListOptions) (runtime.Object, er
|
|||
TimeoutSeconds: options.TimeoutSeconds,
|
||||
}
|
||||
|
||||
return c.KubeClient.Pods("").List(opts)
|
||||
return c.KubeClient.Pods(c.opConfig.WatchedNamespace).List(opts)
|
||||
}
|
||||
|
||||
func (c *Controller) podWatchFunc(options metav1.ListOptions) (watch.Interface, error) {
|
||||
|
|
@ -27,7 +27,7 @@ func (c *Controller) podWatchFunc(options metav1.ListOptions) (watch.Interface,
|
|||
TimeoutSeconds: options.TimeoutSeconds,
|
||||
}
|
||||
|
||||
return c.KubeClient.Pods("").Watch(opts)
|
||||
return c.KubeClient.Pods(c.opConfig.WatchedNamespace).Watch(opts)
|
||||
}
|
||||
|
||||
func (c *Controller) dispatchPodEvent(clusterName spec.NamespacedName, event spec.PodEvent) {
|
||||
|
|
|
|||
|
|
@ -46,7 +46,7 @@ func (c *Controller) clusterListFunc(options metav1.ListOptions) (runtime.Object
|
|||
|
||||
req := c.KubeClient.CRDREST.
|
||||
Get().
|
||||
Namespace("").
|
||||
Namespace(c.opConfig.WatchedNamespace).
|
||||
Resource(constants.CRDResource).
|
||||
VersionedParams(&options, metav1.ParameterCodec)
|
||||
|
||||
|
|
|
|||
|
|
@ -67,7 +67,7 @@ type Config struct {
|
|||
Resources
|
||||
Auth
|
||||
Scalyr
|
||||
WatchedNamespace string `name:"watched_namespace"`
|
||||
WatchedNamespace string `name:"watched_namespace"` // may be v1.NamespaceAll, meaning watch all namespaces
|
||||
EtcdHost string `name:"etcd_host" default:"etcd-client.default.svc.cluster.local:2379"`
|
||||
DockerImage string `name:"docker_image" default:"registry.opensource.zalan.do/acid/spiloprivate-9.6:1.2-p4"`
|
||||
ServiceAccountName string `name:"service_account_name" default:"operator"`
|
||||
|
|
|
|||
Loading…
Reference in New Issue