Add namespace flag

Signed-off-by: kerthcet <[email protected]>

cmd/main.go

@@ -58,6 +58,7 @@ func main() {
 		probeAddr   string
 		qps         float64
 		burst       int
+		namespace   string
 
 		// leader election
 		enableLeaderElection         bool
@@ -93,6 +94,7 @@ func main() {
 		"The name of resource object that is used for locking during leader election. ")
 	flag.StringVar(&leaderElectResourceNamespace, "leader-elect-resource-namespace", "lws-system",
 		"The namespace of resource object that is used for locking during leader election.")
+	flag.StringVar(&namespace, "namespace", "lws-system", "The namespace that is used to deploy leaderWorkerSet controller")
 
 	opts := zap.Options{
 		Development: true,
@@ -137,7 +139,7 @@ func main() {
 
 	certsReady := make(chan struct{})
 
-	if err = cert.CertsManager(mgr, certsReady); err != nil {
+	if err = cert.CertsManager(mgr, namespace, certsReady); err != nil {
 		setupLog.Error(err, "unable to setup cert rotation")
 		os.Exit(1)
 	}

config/default/manager_auth_proxy_patch.yaml

@@ -36,3 +36,4 @@ spec:
         - "--health-probe-bind-address=:8081"
         - "--metrics-bind-address=127.0.0.1:8080"
         - "--leader-elect"
+        - "--namespace=lws-system"

docs/setup/install.md

@@ -67,9 +67,39 @@ To uninstall LeaderWorkerSet, run the following command:
 make undeploy
 ```
 
+# Install in a different namespace
+
+To install the leaderWorkerSet controller in a different namespace rather than `lws-system`, you should first:
+
+```sh
+git clone https://github.com/kubernetes-sigs/lws.git
+cd lws
+```
+
+Then change the [kustomization.yaml](../../config/default/kustomization.yaml) _namespace_ field as:
+
+```yaml
+namespace: <your-namespace>
+```
+
+You should change the [manager_auth_proxy_patch.yaml](../../config/default/manager_auth_proxy_patch.yaml) as well:
+
+```yaml
+- name: manager
+  args:
+  - "--namespace=<your-namespace>"
+```
+
+Finally run:
+
+```
+IMAGE_REGISTRY=<registry>/<project> make image-push deploy
+```
+
+
 # Optional: Use cert manager instead of internal cert
 The webhooks use an internal certificate by default. However, if you wish to use cert-manager (which
-supports cert rotation), instead of internal cert, you can by performing the following steps. 
+supports cert rotation), instead of internal cert, you can by performing the following steps.
 
 First, install cert-manager on your cluster by running the following command:
 

pkg/cert/cert.go

@@ -24,26 +24,25 @@ import (
 const (
 	serviceName             = "lws-webhook-service"
 	secretName              = "lws-webhook-server-cert"
-	secretNamespace         = "lws-system"
 	certDir                 = "/tmp/k8s-webhook-server/serving-certs"
 	validateWebhookConfName = "lws-validating-webhook-configuration"
 	mutatingWebhookConfName = "lws-mutating-webhook-configuration"
 	caName                  = "lws-ca"
 	caOrg                   = "lws"
 )
 
-// dnsName is the format of <service name>.<namespace>.svc
-var dnsName = fmt.Sprintf("%s.%s.svc", serviceName, secretNamespace)
-
 //+kubebuilder:rbac:groups="",resources=secrets,verbs=get;list;watch;update
 //+kubebuilder:rbac:groups="admissionregistration.k8s.io",resources=mutatingwebhookconfigurations,verbs=get;list;watch;update
 //+kubebuilder:rbac:groups="admissionregistration.k8s.io",resources=validatingwebhookconfigurations,verbs=get;list;watch;update
 
 // CertsManager creates certs for webhooks.
-func CertsManager(mgr ctrl.Manager, setupFinish chan struct{}) error {
+func CertsManager(mgr ctrl.Manager, namespace string, setupFinish chan struct{}) error {
+	// dnsName is the format of <service name>.<namespace>.svc
+	var dnsName = fmt.Sprintf("%s.%s.svc", serviceName, namespace)
+
 	return cert.AddRotator(mgr, &cert.CertRotator{
 		SecretKey: types.NamespacedName{
-			Namespace: secretNamespace,
+			Namespace: namespace,
 			Name:      secretName,
 		},
 		CertDir:        certDir,