Restrict operator to single watched namespace via env var

pkg/controller/controller.go

@@ -97,18 +97,34 @@ func (c *Controller) initOperatorConfig() {
 		c.logger.Infoln("no ConfigMap specified. Loading default values")
 	}
 
-	// env var takes priority over the same param from the operator ConfigMap
+	// by default, the operator listens to all namespaces
-	watchedNamespace := os.Getenv("WATCHED_NAMESPACE")
+	// by setting the env variable, one can restrict the operator to a single namespace
-	if watchedNamespace != "" {
+	watchedNamespace, isPresentInEnv := os.LookupEnv("WATCHED_NAMESPACE")
+	if isPresentInEnv {
+		// special case: v1.NamespaceAll currently also evaluates to the empty string
+		// so when the env var is set to the empty string, use the default ns
+		// since the meaning of this env var is only one namespace
+		if watchedNamespace == "" {
+			c.logger.Infof("The WATCHED_NAMESPACE env var evaluates to the empty string, falling back to watching the 'default' namespace.\n", watchedNamespace)
+			configMapData["watched_namespace"] = v1.NamespaceDefault
+		} else {
 			c.logger.Infof("Watch the %q namespace specified in the env variable WATCHED_NAMESPACE\n", watchedNamespace)
 			configMapData["watched_namespace"] = watchedNamespace
 		}
 
+	} else {
+		c.logger.Infof("Watch all namespaces. Set the WATCHED_NAMESPACE env var  to restrict to a single namespace.\n", watchedNamespace)
+		configMapData["watched_namespace"] = v1.NamespaceAll
+	}
+
+	/*
+		// env var takes priority over the same param from the operator ConfigMap
+
 			if configMapData["watched_namespace"] == "" {
 				c.logger.Infoln("No namespace to watch specified. Fall back to watching the 'default' namespace.")
 				configMapData["watched_namespace"] = v1.NamespaceDefault
 			}
-
+	*/
 	if c.config.NoDatabaseAccess {
 		configMapData["enable_database_access"] = "false"
 	}

pkg/controller/node.go

@@ -80,7 +80,7 @@ func (c *Controller) moveMasterPodsOffNode(node *v1.Node) {
 	opts := metav1.ListOptions{
 		LabelSelector: labels.Set(c.opConfig.ClusterLabels).String(),
 	}
-	podList, err := c.KubeClient.Pods("").List(opts)
+	podList, err := c.KubeClient.Pods(c.opConfig.WatchedNamespace).List(opts)
 	if err != nil {
 		c.logger.Errorf("could not fetch list of the pods: %v", err)
 		return

pkg/controller/pod.go

@@ -17,7 +17,7 @@ func (c *Controller) podListFunc(options metav1.ListOptions) (runtime.Object, er
 		TimeoutSeconds:  options.TimeoutSeconds,
 	}
 
-	return c.KubeClient.Pods("").List(opts)
+	return c.KubeClient.Pods(c.opConfig.WatchedNamespace).List(opts)
 }
 
 func (c *Controller) podWatchFunc(options metav1.ListOptions) (watch.Interface, error) {
@@ -27,7 +27,7 @@ func (c *Controller) podWatchFunc(options metav1.ListOptions) (watch.Interface,
 		TimeoutSeconds:  options.TimeoutSeconds,
 	}
 
-	return c.KubeClient.Pods("").Watch(opts)
+	return c.KubeClient.Pods(c.opConfig.WatchedNamespace).Watch(opts)
 }
 
 func (c *Controller) dispatchPodEvent(clusterName spec.NamespacedName, event spec.PodEvent) {

pkg/controller/postgresql.go

@@ -46,7 +46,7 @@ func (c *Controller) clusterListFunc(options metav1.ListOptions) (runtime.Object
 
 	req := c.KubeClient.CRDREST.
 		Get().
-		Namespace("").
+		Namespace(c.opConfig.WatchedNamespace).
 		Resource(constants.CRDResource).
 		VersionedParams(&options, metav1.ParameterCodec)
 

pkg/util/config/config.go

@@ -67,7 +67,7 @@ type Config struct {
 	Resources
 	Auth
 	Scalyr
-	WatchedNamespace         string            `name:"watched_namespace"`
+	WatchedNamespace         string            `name:"watched_namespace"` // may be v1.NamespaceAll, meaning watch all namespaces
 	EtcdHost                 string            `name:"etcd_host" default:"etcd-client.default.svc.cluster.local:2379"`
 	DockerImage              string            `name:"docker_image" default:"registry.opensource.zalan.do/acid/spiloprivate-9.6:1.2-p4"`
 	ServiceAccountName       string            `name:"service_account_name" default:"operator"`