diff --git a/.github/workflows/deploy.yaml b/.github/workflows/deploy.yaml index 7000f8549..7c0a9c09f 100644 --- a/.github/workflows/deploy.yaml +++ b/.github/workflows/deploy.yaml @@ -32,6 +32,15 @@ jobs: - [EMQX, emqx, "config/samples/emqx/v2beta1/emqx-slim.yaml"] - [EMQX, emqx, "config/samples/emqx/v2beta1/emqx-full.yaml"] + single_namespace: + - false + include: + - install: helm + emqx: [EMQX, emqx, "config/samples/emqx/v2beta1/emqx-slim.yaml"] + single_namespace: true + - install: helm + emqx: [EMQX, emqx, "config/samples/emqx/v2beta1/emqx-full.yaml"] + single_namespace: true steps: - run: minikube start @@ -63,6 +72,7 @@ jobs: helm install emqx-operator deploy/charts/emqx-operator \ --set image.tag=${{ github.sha }} \ --set development=true \ + --set singleNamespace=${{ matrix.single_namespace }} \ --namespace emqx-operator-system \ --create-namespace - name: Check operator diff --git a/Dockerfile b/Dockerfile index bfb69eb75..5e54635dc 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,5 +1,5 @@ # Build the manager binary -FROM golang:1.22 as builder +FROM golang:1.22 AS builder WORKDIR /workspace # Copy the Go Modules manifests diff --git a/deploy/charts/emqx-operator/README.md b/deploy/charts/emqx-operator/README.md index cbb6df28d..31f9e7814 100644 --- a/deploy/charts/emqx-operator/README.md +++ b/deploy/charts/emqx-operator/README.md @@ -34,6 +34,7 @@ The following table lists the configurable parameters of the cert-manager chart | Parameter | Description | Default | | --------- | ----------- | ------- | | `skipCRDs` | If `true`, skips installing CRDs | `false` | +| `singleNamespace` | If true, the operator will watch only the namespace where it is deployed. If false, the operator will watch all namespaces. | `false` | | `development` | Development configures the logger to use a Zap development config (stacktraces on warnings, no sampling), otherwise a Zap production config will be used (stacktraces on errors, sampling). | `false` | | `image.repository` | Image repository | `emqx/emqx-operator-controller` | | `image.tag` | Image tag | `{{RELEASE_VERSION}}` | diff --git a/deploy/charts/emqx-operator/templates/controller-manager-rbac.yaml b/deploy/charts/emqx-operator/templates/controller-manager-rbac.yaml index 173d5f40b..b6abad0b8 100644 --- a/deploy/charts/emqx-operator/templates/controller-manager-rbac.yaml +++ b/deploy/charts/emqx-operator/templates/controller-manager-rbac.yaml @@ -16,9 +16,16 @@ imagePullSecrets: {{- end }} --- apiVersion: rbac.authorization.k8s.io/v1 +{{ if .Values.singleNamespace }} +kind: RoleBinding +metadata: + name: {{ include "emqx-operator.fullname" . }}-manager-rolebinding + namespace: {{ .Release.Namespace }} +{{- else }} kind: ClusterRoleBinding metadata: name: {{ include "emqx-operator.fullname" . }}-manager-rolebinding +{{- end }} roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole @@ -29,10 +36,16 @@ subjects: namespace: {{ .Release.Namespace }} --- apiVersion: rbac.authorization.k8s.io/v1 +{{ if .Values.singleNamespace }} +kind: Role +metadata: + name: {{ include "emqx-operator.fullname" . }}-manager-role + namespace: {{ .Release.Namespace }} +{{- else }} kind: ClusterRole metadata: - creationTimestamp: null name: {{ include "emqx-operator.fullname" . }}-manager-role +{{- end }} rules: - apiGroups: - "" diff --git a/deploy/charts/emqx-operator/templates/controller-manager.yaml b/deploy/charts/emqx-operator/templates/controller-manager.yaml index b69a5c27c..5688b5cfa 100644 --- a/deploy/charts/emqx-operator/templates/controller-manager.yaml +++ b/deploy/charts/emqx-operator/templates/controller-manager.yaml @@ -51,6 +51,13 @@ spec: - containerPort: 9443 name: webhook-server protocol: TCP + {{- if .Values.singleNamespace }} + env: + - name: WATCH_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + {{- end }} readinessProbe: httpGet: path: /readyz diff --git a/deploy/charts/emqx-operator/values.yaml b/deploy/charts/emqx-operator/values.yaml index 1c6e87675..da36eb7fb 100644 --- a/deploy/charts/emqx-operator/values.yaml +++ b/deploy/charts/emqx-operator/values.yaml @@ -4,6 +4,9 @@ skipCRDs: false +## If true, the operator will watch only the namespace where it is deployed. If false, the operator will watch all namespaces. +singleNamespace: false + # Development configures the logger to use a Zap development config # (stacktraces on warnings, no sampling), otherwise a Zap production # config will be used (stacktraces on errors, sampling). diff --git a/main.go b/main.go index c3e81fcb7..295fc4077 100644 --- a/main.go +++ b/main.go @@ -102,6 +102,9 @@ func main() { LeaderElectionID: "19fd6fcc.emqx.io", LeaseDuration: ptr.To(time.Second * 30), RenewDeadline: ptr.To(time.Second * 20), + // Cache: cache.Options{ + // DefaultNamespaces: map[string]cache.Config{getWatchNamespace(): {}}, + // }, }) if err != nil { setupLog.Error(err, "unable to start manager") @@ -173,3 +176,17 @@ func main() { os.Exit(1) } } + +// // getWatchNamespace returns the Namespace the operator should be watching for changes +// func getWatchNamespace() string { +// // WatchNamespaceEnvVar is the constant for env variable WATCH_NAMESPACE +// // which specifies the Namespace to watch. +// // An empty value means the operator is running with cluster scope. +// var watchNamespaceEnvVar = "WATCH_NAMESPACE" + +// ns, found := os.LookupEnv(watchNamespaceEnvVar) +// if !found { +// return metav1.NamespaceAll +// } +// return ns +// } diff --git a/sidecar/reloader/Dockerfile b/sidecar/reloader/Dockerfile index 606d25472..a1a79fc3f 100644 --- a/sidecar/reloader/Dockerfile +++ b/sidecar/reloader/Dockerfile @@ -1,5 +1,5 @@ # Build the manager binary -FROM golang:1.18.3 as builder +FROM golang:1.18.3 AS builder WORKDIR /workspace # Copy the Go Modules manifests