Skip to content

Properly set scope based on $WATCH_NAMESPACE

Mitchell Nielsen requested to merge properly-namespace-gitlab-operator into master

Summary

Updates the getWatchNamespace function and implementation in main() to properly find and set the scope on the manager following the docs: https://sdk.operatorframework.io/docs/building-operators/golang/operator-scope/#configuring-watch-namespaces-dynamically

Also adds a patch to the Manager Deployment to expose WATCH_NAMESPACE environment variable with the current namespace by default. There is a note in the documentation that this is the default, and if cluster-wide scope is desired, that patch can be disabled.

Details

The goal is to hopefully address problems we've seen in CI where simultaneous MR pipelines unintentionally interact with each other, and can cause failures.

At the time of opening the MR, only one namespace can be set. Wanted to note that these docs explain how to support multiple namespace in a comma-separated list. Can be a follow-up item if we see a use case for that.

Closes #209 (closed)

Related to #210 (closed)

Testing

Namespace-scoped

  1. Follow the normal installation procedure (because the default is for namespace-scope - up for discussion of course).
  2. Check the logs for the controller manager and observe the beginning of the logs: 
    INFO    setup    setting operator scope    {"scope": "namespace"}
  3. Submit a GitLab CR to gitlab-system namespace and some other namespace like default
  4. Confirm in the controller manager logs that it is not attempting to reconcile the CR in the other namespace

Cluster-scoped

  1. Comment out the namespace_scope.yaml patch in config/manager/kustomization.yaml
  2. Follow the normal installation procedure
  3. Check the logs for the manager and observe the beginning of the logs: 
    INFO    setup    unable to get WATCH_NAMESPACE, the manager will watch and manage resources in all namespaces
INFO    setup    setting operator scope    {"scope": "cluster"}
  4. Submit a GitLab CR to gitlab-system namespace and some other namespace like default
  5. Confirm in the controller manager logs that it is attempting to reconcile the CR in the other namespace: 
    INFO    controllers.GitLab    Reconciling GitLab    {"gitlab": "default/gitlabdefault"}
Edited by Mitchell Nielsen

Merge request reports