Skip to content

Commit

Permalink
Operator can watch a configurable set of namespaces
Browse files Browse the repository at this point in the history
  • Loading branch information
amuraru committed Jul 6, 2020
1 parent 72fd1b8 commit 4eb4c99
Show file tree
Hide file tree
Showing 2 changed files with 20 additions and 4 deletions.
5 changes: 3 additions & 2 deletions charts/zookeeper-operator/values.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -27,8 +27,9 @@ serviceAccount:
crd:
create: true

## Specifies which namespace the Operator should watch over.
## An empty string means all namespaces.
## Specifies which namespace(s) the Operator should watch over.
## Default: An empty string means all namespaces.
## Multiple namespaces can be configured using a comma separated list of namespaces
watchNamespace: ""

## Operator pod resources
Expand Down
19 changes: 17 additions & 2 deletions cmd/manager/main.go
Original file line number Diff line number Diff line change
Expand Up @@ -16,6 +16,7 @@ import (
"fmt"
"os"
"runtime"
"strings"

"github.com/operator-framework/operator-sdk/pkg/k8sutil"
"github.com/operator-framework/operator-sdk/pkg/leader"
Expand All @@ -25,6 +26,7 @@ import (
"github.com/pravega/zookeeper-operator/pkg/version"
_ "k8s.io/client-go/plugin/pkg/client/auth/gcp"
_ "k8s.io/client-go/plugin/pkg/client/auth/oidc"
"sigs.k8s.io/controller-runtime/pkg/cache"
"sigs.k8s.io/controller-runtime/pkg/client/config"
"sigs.k8s.io/controller-runtime/pkg/manager"
logf "sigs.k8s.io/controller-runtime/pkg/runtime/log"
Expand Down Expand Up @@ -63,11 +65,24 @@ func main() {
os.Exit(0)
}

namespace, err := k8sutil.GetWatchNamespace()
namespaces, err := k8sutil.GetWatchNamespace()
if err != nil {
log.Error(err, "failed to get watch namespace")
os.Exit(1)
}
//When operator is started to watch resources in a specific set of namespaces, we use the MultiNamespacedCacheBuilder cache.
//In this scenario, it is also suggested to restrict the provided authorization to this namespace by replacing the default
//ClusterRole and ClusterRoleBinding to Role and RoleBinding respectively
//For further information see the kubernetes documentation about
//Using [RBAC Authorization](https://kubernetes.io/docs/reference/access-authn-authz/rbac/).
managerWatchCache := (cache.NewCacheFunc)(nil)
if namespaces != "" {
ns := strings.Split(namespaces, ",")
for i := range ns {
ns[i] = strings.TrimSpace(ns[i])
}
managerWatchCache = cache.MultiNamespacedCacheBuilder(ns)
}

// Get a config to talk to the apiserver
cfg, err := config.GetConfig()
Expand All @@ -80,7 +95,7 @@ func main() {
leader.Become(context.TODO(), "zookeeper-operator-lock")

// Create a new Cmd to provide shared dependencies and start components
mgr, err := manager.New(cfg, manager.Options{Namespace: namespace})
mgr, err := manager.New(cfg, manager.Options{NewCache: managerWatchCache})
if err != nil {
log.Error(err, "")
os.Exit(1)
Expand Down

0 comments on commit 4eb4c99

Please sign in to comment.