add gitlab managed and secured namespaces

f26dbe33 · Edmund Ochieng · ef6a2ba4 · f26dbe33 · f26dbe33
Commit f26dbe33 authored Sep 14, 2020 by Edmund Ochieng
Hide whitespace changes
Inline Side-by-side

Showing with 52 additions and 0 deletions

config/rbac/role.yaml config/rbac/role.yaml +12 -0

controllers/gitlab_controller.go controllers/gitlab_controller.go +40 -0

No files found.
--- a/config/rbac/role.yaml
+++ b/config/rbac/role.yaml
@@ -138,6 +138,18 @@ rules:
  - patch
  - update
  - watch
+- apiGroups:
+  - ""
+  resources:
+  - namespaces
+  verbs:
+  - create
+  - delete
+  - get
+  - list
+  - patch
+  - update
+  - watch
 - apiGroups:
  - ""
  resources:

--- a/controllers/gitlab_controller.go
+++ b/controllers/gitlab_controller.go
@@ -56,6 +56,7 @@ type GitLabReconciler struct {
 // +kubebuilder:rbac:groups=apps.gitlab.com,resources=gitlabs/status,verbs=get;update;patch
 // +kubebuilder:rbac:groups=apps,resources=deployments,verbs=get;list;watch;create;update;patch;delete
 // +kubebuilder:rbac:groups=apps,resources=statefulsets,verbs=get;list;watch;create;update;patch;delete
+// +kubebuilder:rbac:groups=core,resources=namespaces,verbs=get;list;watch;create;update;patch;delete
 // +kubebuilder:rbac:groups=core,resources=secrets,verbs=get;list;watch;create;update;patch;delete
 // +kubebuilder:rbac:groups=core,resources=configmaps,verbs=get;list;watch;create;update;patch;delete
 // +kubebuilder:rbac:groups=core,resources=services,verbs=get;list;watch;create;update;patch;delete
@@ -83,6 +84,10 @@ func (r *GitLabReconciler) Reconcile(req ctrl.Request) (ctrl.Result, error) {
 		return ctrl.Result{}, err
 	}

+	if err := r.reconcileNamespaces(ctx); err != nil {
+		return ctrl.Result{}, err
+	}
+
 	if err := r.reconcileConfigMaps(gitlab); err != nil {
 		return ctrl.Result{}, err
 	}
@@ -689,3 +694,38 @@ func (r *GitLabReconciler) reconcileHPA(ctx context.Context, deployment *appsv1.

 	return nil
 }
+
+func (r *GitLabReconciler) reconcileNamespaces(ctx context.Context) error {
+	secured := &corev1.Namespace{
+		ObjectMeta: metav1.ObjectMeta{
+			Name: "gitlab-secured-apps",
+		},
+	}
+
+	if err := r.createNamespace(ctx, secured); err != nil {
+		return err
+	}
+
+	managed := &corev1.Namespace{
+		ObjectMeta: metav1.ObjectMeta{
+			Name: "gitlab-managed-apps",
+		},
+	}
+
+	return r.createNamespace(ctx, managed)
+}
+
+func (r *GitLabReconciler) createNamespace(ctx context.Context, namespace *corev1.Namespace) error {
+	found := &corev1.Namespace{}
+	err := r.Get(ctx, types.NamespacedName{Name: namespace.Name}, found)
+	if err != nil {
+		// create namespace if doesnt exist
+		if errors.IsNotFound(err) {
+			return r.Create(ctx, namespace)
+		}
+
+		return err
+	}
+
+	return nil
+}