-
Notifications
You must be signed in to change notification settings - Fork 477
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add multiple namespaces in the operator #673
Changes from all commits
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -49,6 +49,7 @@ func (ReadConfig) Read(hasEnv ftypes.HasEnv) (BootstrapConfig, error) { | |
|
||
cfg.DefaultFunctionNamespace = ftypes.ParseString(hasEnv.Getenv("function_namespace"), "default") | ||
cfg.ProfilesNamespace = ftypes.ParseString(hasEnv.Getenv("profiles_namespace"), cfg.DefaultFunctionNamespace) | ||
cfg.ClusterRole = ftypes.ParseBoolValue(hasEnv.Getenv("cluster_role"), false) | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Do we want to think about this internal as "cluster role" or something else, like multiple_namespaces, single_namespace? There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Internally would make sense to rename the variable for more friendly experience for the developer, on the other hand this code revolves around kubernetes so I believe developers should be aware of what ClusterRole is |
||
|
||
cfg.HTTPProbe = httpProbe | ||
cfg.SetNonRootUser = setNonRootUser | ||
|
@@ -105,6 +106,8 @@ type BootstrapConfig struct { | |
ProfilesNamespace string | ||
// FaaSConfig contains the configuration for the FaaSProvider | ||
FaaSConfig ftypes.FaaSConfig | ||
// ClusterRole determines whether the operator should have cluster wide access | ||
ClusterRole bool | ||
} | ||
|
||
// Fprint pretty-prints the config with the stdlib logger. One line per config value. | ||
|
@@ -128,5 +131,6 @@ func (c BootstrapConfig) Fprint(verbose bool) { | |
log.Printf("LivenessProbeInitialDelaySeconds: %d\n", c.LivenessProbeInitialDelaySeconds) | ||
log.Printf("LivenessProbeTimeoutSeconds: %d\n", c.LivenessProbeTimeoutSeconds) | ||
log.Printf("LivenessProbePeriodSeconds: %d\n", c.LivenessProbePeriodSeconds) | ||
log.Printf("ClusterRole: %v\n", c.ClusterRole) | ||
} | ||
} |
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -22,7 +22,7 @@ func MakeNamespacesLister(defaultNamespace string, clientset kubernetes.Interfac | |
return func(w http.ResponseWriter, r *http.Request) { | ||
log.Println("Query namespaces") | ||
|
||
res := list(defaultNamespace, clientset) | ||
res := ListNamespaces(defaultNamespace, clientset) | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Did this go to being a public function (capital letter) so that it could be used elsewhere? There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Yes, I use it in the |
||
|
||
out, _ := json.Marshal(res) | ||
w.Header().Set("Content-Type", "application/json") | ||
|
@@ -63,7 +63,7 @@ func NewNamespaceResolver(defaultNamespace string, kube kubernetes.Interface) Na | |
r.Body = ioutil.NopCloser(bytes.NewBuffer(body)) | ||
} | ||
|
||
allowedNamespaces := list(defaultNamespace, kube) | ||
allowedNamespaces := ListNamespaces(defaultNamespace, kube) | ||
ok := findNamespace(req.Namespace, allowedNamespaces) | ||
if !ok { | ||
return req.Namespace, fmt.Errorf("unable to manage secrets within the %s namespace", req.Namespace) | ||
|
@@ -73,7 +73,8 @@ func NewNamespaceResolver(defaultNamespace string, kube kubernetes.Interface) Na | |
} | ||
} | ||
|
||
func list(defaultNamespace string, clientset kubernetes.Interface) []string { | ||
// ListNamespaces lists all namespaces annotated with openfaas true | ||
func ListNamespaces(defaultNamespace string, clientset kubernetes.Interface) []string { | ||
listOptions := metav1.ListOptions{} | ||
namespaces, err := clientset.CoreV1().Namespaces().List(context.TODO(), listOptions) | ||
|
||
|
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -3,16 +3,19 @@ package server | |
import ( | ||
"encoding/json" | ||
"net/http" | ||
|
||
"github.com/openfaas/faas-netes/pkg/handlers" | ||
"k8s.io/client-go/kubernetes" | ||
) | ||
|
||
func makeListNamespaceHandler(defaultNamespace string) func(http.ResponseWriter, *http.Request) { | ||
func makeListNamespaceHandler(defaultNamespace string, clientset kubernetes.Interface) func(http.ResponseWriter, *http.Request) { | ||
return func(w http.ResponseWriter, r *http.Request) { | ||
res := handlers.ListNamespaces(defaultNamespace, clientset) | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Where did There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Well this function is literally taken from On another note I could have just reuse There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Please add it at the top, for belt-and-braces There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Good point, will add in both places |
||
|
||
defer r.Body.Close() | ||
|
||
res, _ := json.Marshal([]string{defaultNamespace}) | ||
out, _ := json.Marshal(res) | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. please catch and at least log the error here There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Agreed, even if it's the same elsewhere There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. I delayed the response here, I also agree |
||
w.Header().Set("Content-Type", "application/json") | ||
|
||
w.WriteHeader(http.StatusOK) | ||
w.Write(res) | ||
w.Write(out) | ||
} | ||
} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Given that we have shared code now, would it make sense to have that namespaceScope set even when we're not using the operator?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I did this as precaution for the feature, otherwise we can merge those, I would need to test the case before doing this though