Restrict operator to single watched namespace via env var
This commit is contained in:
Sergey Dudoladov
parent
f194a2ae5a
commit
74fa7b9492
|
|
@ -97,18 +97,34 @@ func (c *Controller) initOperatorConfig() {
|
||||||
c.logger.Infoln("no ConfigMap specified. Loading default values")
|
c.logger.Infoln("no ConfigMap specified. Loading default values")
|
||||||
}
|
}
|
||||||
|
|
||||||
// env var takes priority over the same param from the operator ConfigMap
|
// by default, the operator listens to all namespaces
|
||||||
watchedNamespace := os.Getenv("WATCHED_NAMESPACE")
|
// by setting the env variable, one can restrict the operator to a single namespace
|
||||||
if watchedNamespace != "" {
|
watchedNamespace, isPresentInEnv := os.LookupEnv("WATCHED_NAMESPACE")
|
||||||
c.logger.Infof("Watch the %q namespace specified in the env variable WATCHED_NAMESPACE\n", watchedNamespace)
|
if isPresentInEnv {
|
||||||
configMapData["watched_namespace"] = watchedNamespace
|
// special case: v1.NamespaceAll currently also evaluates to the empty string
|
||||||
|
// so when the env var is set to the empty string, use the default ns
|
||||||
|
// since the meaning of this env var is only one namespace
|
||||||
|
if watchedNamespace == "" {
|
||||||
|
c.logger.Infof("The WATCHED_NAMESPACE env var evaluates to the empty string, falling back to watching the 'default' namespace.\n", watchedNamespace)
|
||||||
|
configMapData["watched_namespace"] = v1.NamespaceDefault
|
||||||
|
} else {
|
||||||
|
c.logger.Infof("Watch the %q namespace specified in the env variable WATCHED_NAMESPACE\n", watchedNamespace)
|
||||||
|
configMapData["watched_namespace"] = watchedNamespace
|
||||||
|
}
|
||||||
|
|
||||||
|
} else {
|
||||||
|
c.logger.Infof("Watch all namespaces. Set the WATCHED_NAMESPACE env var to restrict to a single namespace.\n", watchedNamespace)
|
||||||
|
configMapData["watched_namespace"] = v1.NamespaceAll
|
||||||
}
|
}
|
||||||
|
|
||||||
if configMapData["watched_namespace"] == "" {
|
/*
|
||||||
c.logger.Infoln("No namespace to watch specified. Fall back to watching the 'default' namespace.")
|
// env var takes priority over the same param from the operator ConfigMap
|
||||||
configMapData["watched_namespace"] = v1.NamespaceDefault
|
|
||||||
}
|
|
||||||
|
|
||||||
|
if configMapData["watched_namespace"] == "" {
|
||||||
|
c.logger.Infoln("No namespace to watch specified. Fall back to watching the 'default' namespace.")
|
||||||
|
configMapData["watched_namespace"] = v1.NamespaceDefault
|
||||||
|
}
|
||||||
|
*/
|
||||||
if c.config.NoDatabaseAccess {
|
if c.config.NoDatabaseAccess {
|
||||||
configMapData["enable_database_access"] = "false"
|
configMapData["enable_database_access"] = "false"
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -80,7 +80,7 @@ func (c *Controller) moveMasterPodsOffNode(node *v1.Node) {
|
||||||
opts := metav1.ListOptions{
|
opts := metav1.ListOptions{
|
||||||
LabelSelector: labels.Set(c.opConfig.ClusterLabels).String(),
|
LabelSelector: labels.Set(c.opConfig.ClusterLabels).String(),
|
||||||
}
|
}
|
||||||
podList, err := c.KubeClient.Pods("").List(opts)
|
podList, err := c.KubeClient.Pods(c.opConfig.WatchedNamespace).List(opts)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
c.logger.Errorf("could not fetch list of the pods: %v", err)
|
c.logger.Errorf("could not fetch list of the pods: %v", err)
|
||||||
return
|
return
|
||||||
|
|
|
||||||
|
|
@ -17,7 +17,7 @@ func (c *Controller) podListFunc(options metav1.ListOptions) (runtime.Object, er
|
||||||
TimeoutSeconds: options.TimeoutSeconds,
|
TimeoutSeconds: options.TimeoutSeconds,
|
||||||
}
|
}
|
||||||
|
|
||||||
return c.KubeClient.Pods("").List(opts)
|
return c.KubeClient.Pods(c.opConfig.WatchedNamespace).List(opts)
|
||||||
}
|
}
|
||||||
|
|
||||||
func (c *Controller) podWatchFunc(options metav1.ListOptions) (watch.Interface, error) {
|
func (c *Controller) podWatchFunc(options metav1.ListOptions) (watch.Interface, error) {
|
||||||
|
|
@ -27,7 +27,7 @@ func (c *Controller) podWatchFunc(options metav1.ListOptions) (watch.Interface,
|
||||||
TimeoutSeconds: options.TimeoutSeconds,
|
TimeoutSeconds: options.TimeoutSeconds,
|
||||||
}
|
}
|
||||||
|
|
||||||
return c.KubeClient.Pods("").Watch(opts)
|
return c.KubeClient.Pods(c.opConfig.WatchedNamespace).Watch(opts)
|
||||||
}
|
}
|
||||||
|
|
||||||
func (c *Controller) dispatchPodEvent(clusterName spec.NamespacedName, event spec.PodEvent) {
|
func (c *Controller) dispatchPodEvent(clusterName spec.NamespacedName, event spec.PodEvent) {
|
||||||
|
|
|
||||||
|
|
@ -46,7 +46,7 @@ func (c *Controller) clusterListFunc(options metav1.ListOptions) (runtime.Object
|
||||||
|
|
||||||
req := c.KubeClient.CRDREST.
|
req := c.KubeClient.CRDREST.
|
||||||
Get().
|
Get().
|
||||||
Namespace("").
|
Namespace(c.opConfig.WatchedNamespace).
|
||||||
Resource(constants.CRDResource).
|
Resource(constants.CRDResource).
|
||||||
VersionedParams(&options, metav1.ParameterCodec)
|
VersionedParams(&options, metav1.ParameterCodec)
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -67,7 +67,7 @@ type Config struct {
|
||||||
Resources
|
Resources
|
||||||
Auth
|
Auth
|
||||||
Scalyr
|
Scalyr
|
||||||
WatchedNamespace string `name:"watched_namespace"`
|
WatchedNamespace string `name:"watched_namespace"` // may be v1.NamespaceAll, meaning watch all namespaces
|
||||||
EtcdHost string `name:"etcd_host" default:"etcd-client.default.svc.cluster.local:2379"`
|
EtcdHost string `name:"etcd_host" default:"etcd-client.default.svc.cluster.local:2379"`
|
||||||
DockerImage string `name:"docker_image" default:"registry.opensource.zalan.do/acid/spiloprivate-9.6:1.2-p4"`
|
DockerImage string `name:"docker_image" default:"registry.opensource.zalan.do/acid/spiloprivate-9.6:1.2-p4"`
|
||||||
ServiceAccountName string `name:"service_account_name" default:"operator"`
|
ServiceAccountName string `name:"service_account_name" default:"operator"`
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue