diff --git a/extensions/kubernetes/vanilla/deployment/src/main/java/io/quarkus/kubernetes/deployment/AddNamespaceDecorator.java b/extensions/kubernetes/vanilla/deployment/src/main/java/io/quarkus/kubernetes/deployment/AddNamespaceDecorator.java index 3e04125891e8ec..f4a881e085b9af 100644 --- a/extensions/kubernetes/vanilla/deployment/src/main/java/io/quarkus/kubernetes/deployment/AddNamespaceDecorator.java +++ b/extensions/kubernetes/vanilla/deployment/src/main/java/io/quarkus/kubernetes/deployment/AddNamespaceDecorator.java @@ -1,29 +1,24 @@ package io.quarkus.kubernetes.deployment; +import java.util.List; import java.util.Objects; +import java.util.Set; +import java.util.stream.Collectors; -import io.dekorate.kubernetes.decorator.AddSidecarDecorator; import io.dekorate.kubernetes.decorator.Decorator; -import io.dekorate.kubernetes.decorator.NamedResourceDecorator; import io.dekorate.kubernetes.decorator.ResourceProvidingDecorator; -import io.fabric8.kubernetes.api.model.ObjectMeta; -import io.fabric8.kubernetes.api.model.ObjectMetaBuilder; +import io.fabric8.kubernetes.api.model.HasMetadata; +import io.fabric8.kubernetes.api.model.KubernetesListBuilder; -public class AddNamespaceDecorator extends NamedResourceDecorator { +public class AddNamespaceDecorator extends Decorator { + private final Set clusteredResources = Set.of("ClusterRoleBinding", "ClusterRole"); private final String namespace; public AddNamespaceDecorator(String namespace) { this.namespace = Objects.requireNonNull(namespace); } - @Override - public void andThenVisit(ObjectMetaBuilder builder, ObjectMeta resourceMeta) { - if (!builder.hasNamespace()) { - builder.withNamespace(namespace); - } - } - @Override public Class[] after() { return new Class[] { ResourceProvidingDecorator.class, AddSidecarDecorator.class }; @@ -43,4 +38,22 @@ public boolean equals(Object o) { public int hashCode() { return Objects.hash(namespace); } + + @Override + public void visit(KubernetesListBuilder list) { + List buildItems = list.buildItems() + .stream() + .filter(o -> o instanceof HasMetadata) + .peek(o -> { + if (eligibleForChangingNamespace(o)) { + o.setMetadata(o.getMetadata().edit().withNamespace(namespace).build()); + } + }).collect(Collectors.toList()); + + list.withItems(buildItems); + } + + private boolean eligibleForChangingNamespace(HasMetadata o) { + return o.getMetadata().getNamespace() == null && !clusteredResources.contains(o.getKind()); + } } diff --git a/integration-tests/kubernetes/quarkus-standard-way/src/test/java/io/quarkus/it/kubernetes/KubernetesWithRbacFullTest.java b/integration-tests/kubernetes/quarkus-standard-way/src/test/java/io/quarkus/it/kubernetes/KubernetesWithRbacFullTest.java index 83be5e5411d865..88da309588f08c 100644 --- a/integration-tests/kubernetes/quarkus-standard-way/src/test/java/io/quarkus/it/kubernetes/KubernetesWithRbacFullTest.java +++ b/integration-tests/kubernetes/quarkus-standard-way/src/test/java/io/quarkus/it/kubernetes/KubernetesWithRbacFullTest.java @@ -84,6 +84,7 @@ public void assertGeneratedResources() throws IOException { // secret-reader assertions ClusterRole secretReaderRole = getClusterRoleByName(kubernetesList, "secret-reader"); + assertThat(secretReaderRole.getMetadata().getNamespace()).isNull(); assertThat(secretReaderRole.getRules()).satisfiesOnlyOnce(r -> { assertThat(r.getApiGroups()).containsExactly(""); assertThat(r.getResources()).containsExactly("secrets"); @@ -111,6 +112,7 @@ public void assertGeneratedResources() throws IOException { assertEquals("Group", clusterSubject.getKind()); assertEquals("manager", clusterSubject.getName()); assertEquals("rbac.authorization.k8s.io", clusterSubject.getApiGroup()); + assertThat(clusterRoleBinding.getMetadata().getNamespace()).isNull(); } private int lastIndexOfKind(String content, String... kinds) {