feat: support yurt-manager work in specified namespace

Signed-off-by: ricky <yricky509@gmail.com>
openyurtio · Apr 13, 2023 · 632e001 · 632e001
1 parent 4f62983
commit 632e001
Show file tree

Hide file tree

Showing 8 changed files with 31 additions and 16 deletions.
diff --git a/charts/openyurt/templates/yurt-manager-auto-generated.yaml b/charts/openyurt/templates/yurt-manager-auto-generated.yaml
@@ -729,7 +729,7 @@ webhooks:
   clientConfig:
     service:
       name: webhook-service
-      namespace: kube-system
+      namespace: {{ .Release.Namespace | quote }}
       path: /mutate-raven-openyurt-io-v1alpha1-gateway
   failurePolicy: Fail
   name: mutate.raven.v1alpha1.gateway.openyurt.io
@@ -749,7 +749,7 @@ webhooks:
   clientConfig:
     service:
       name: webhook-service
-      namespace: kube-system
+      namespace: {{ .Release.Namespace | quote }}
       path: /mutate-apps-openyurt-io-v1beta1-nodepool
   failurePolicy: Fail
   name: m.v1beta1.nodepool.kb.io
@@ -777,7 +777,7 @@ webhooks:
   clientConfig:
     service:
       name: webhook-service
-      namespace: kube-system
+      namespace: {{ .Release.Namespace | quote }}
       path: /validate-raven-openyurt-io-v1alpha1-gateway
   failurePolicy: Fail
   name: validate.raven.v1alpha1.gateway.openyurt.io
@@ -797,7 +797,7 @@ webhooks:
   clientConfig:
     service:
       name: webhook-service
-      namespace: kube-system
+      namespace: {{ .Release.Namespace | quote }}
       path: /validate-apps-openyurt-io-v1beta1-nodepool
   failurePolicy: Fail
   name: v.v1beta1.nodepool.kb.io
@@ -818,7 +818,7 @@ webhooks:
   clientConfig:
     service:
       name: webhook-service
-      namespace: kube-system
+      namespace: {{ .Release.Namespace | quote }}
       path: /validate-core-openyurt-io-v1-pod
   failurePolicy: Fail
   name: validate.core.v1.pod.openyurt.io

diff --git a/charts/openyurt/templates/yurt-manager.yaml b/charts/openyurt/templates/yurt-manager.yaml
@@ -2,7 +2,7 @@ apiVersion: v1
 kind: ServiceAccount
 metadata:
   name: yurt-manager
-  namespace: kube-system
+  namespace: {{ .Release.Namespace | quote }}
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRoleBinding
@@ -15,14 +15,14 @@ roleRef:
 subjects:
 - kind: ServiceAccount
   name: yurt-manager
-  namespace: kube-system
+  namespace: {{ .Release.Namespace | quote }}
 ---
 
 apiVersion: v1
 kind: Service
 metadata:
   name: yurt-manager-webhook-service
-  namespace: kube-system
+  namespace: {{ .Release.Namespace | quote }}
 spec:
   ports:
     - port: 443
@@ -37,7 +37,7 @@ metadata:
   labels:
     {{- include "yurt-manager.labels" . | nindent 4 }}
   name: yurt-manager
-  namespace: "kube-system"
+  namespace: {{ .Release.Namespace | quote }}
 spec:
   replicas: {{ .Values.yurtManager.replicas }}
   selector:

diff --git a/cmd/yurt-manager/app/manager.go b/cmd/yurt-manager/app/manager.go
@@ -193,7 +193,7 @@ func Run(c *config.CompletedConfig, stopCh <-chan struct{}) error {
 
 	// +kubebuilder:scaffold:builder
 	setupLog.Info("initialize webhook")
-	if err := webhook.Initialize(ctx, cfg); err != nil {
+	if err := webhook.Initialize(ctx, cfg, c); err != nil {
 		setupLog.Error(err, "unable to initialize webhook")
 		os.Exit(1)
 	}

diff --git a/hack/make-rules/kustomize_to_chart.sh b/hack/make-rules/kustomize_to_chart.sh
@@ -261,6 +261,8 @@ EOF
     append_note $yurt_manager_templatefile
 
     kubectl kustomize ${output_default_dir} >> $yurt_manager_templatefile
+
+    sed "s/namespace: kube-system/namespace: {{ .Release.Namespace | quote }}/g" $yurt_manager_templatefile > tmpfile && mv tmpfile $yurt_manager_templatefile
 }
 
 

diff --git a/pkg/controller/gateway/gateway/gateway_controller.go b/pkg/controller/gateway/gateway/gateway_controller.go
@@ -66,6 +66,10 @@ func Add(c *appconfig.CompletedConfig, mgr manager.Manager) error {
 	if !utildiscovery.DiscoverGVK(controllerKind) {
 		return nil
 	}
+	// init global variables
+	cfg := c.ComponentConfig.Generic
+	ravenv1alpha1.ServiceNamespacedName.Namespace = cfg.WorkingNamespace
+
 	return add(mgr, newReconciler(c, mgr))
 }
 

diff --git a/pkg/webhook/server.go b/pkg/webhook/server.go
@@ -28,6 +28,7 @@ import (
 	"sigs.k8s.io/controller-runtime/pkg/manager"
 	"sigs.k8s.io/controller-runtime/pkg/webhook/admission"
 
+	"github.com/openyurtio/openyurt/cmd/yurt-manager/app/config"
 	webhookcontroller "github.com/openyurtio/openyurt/pkg/webhook/util/controller"
 	"github.com/openyurtio/openyurt/pkg/webhook/util/health"
 )
@@ -77,8 +78,8 @@ type GateFunc func() (enabled bool)
 // +kubebuilder:rbac:groups=admissionregistration.k8s.io,resources=validatingwebhookconfigurations,verbs=get;list;watch;update;patch
 // +kubebuilder:rbac:groups=apiextensions.k8s.io,resources=customresourcedefinitions,verbs=get;list;watch;update;patch
 
-func Initialize(ctx context.Context, cfg *rest.Config) error {
-	c, err := webhookcontroller.New(cfg, WebhookHandlerPath)
+func Initialize(ctx context.Context, cfg *rest.Config, cc *config.CompletedConfig) error {
+	c, err := webhookcontroller.New(cfg, WebhookHandlerPath, cc)
 	if err != nil {
 		return err
 	}

diff --git a/pkg/webhook/util/controller/webhook_controller.go b/pkg/webhook/util/controller/webhook_controller.go
@@ -36,6 +36,7 @@ import (
 	"k8s.io/client-go/util/workqueue"
 	"k8s.io/klog/v2"
 
+	"github.com/openyurtio/openyurt/cmd/yurt-manager/app/config"
 	extclient "github.com/openyurtio/openyurt/pkg/client"
 	webhookutil "github.com/openyurtio/openyurt/pkg/webhook/util"
 	"github.com/openyurtio/openyurt/pkg/webhook/util/configuration"
@@ -48,7 +49,6 @@ const (
 )
 
 var (
-	namespace  = webhookutil.GetNamespace()
 	secretName = webhookutil.GetSecretName()
 
 	uninit   = make(chan struct{})
@@ -69,7 +69,9 @@ type Controller struct {
 	queue workqueue.RateLimitingInterface
 }
 
-func New(cfg *rest.Config, handlers map[string]struct{}) (*Controller, error) {
+func New(cfg *rest.Config, handlers map[string]struct{}, cc *config.CompletedConfig) (*Controller, error) {
+	webhookutil.SetNamespace(cc.ComponentConfig.Generic.WorkingNamespace)
+
 	c := &Controller{
 		kubeClient: extclient.GetGenericClientWithName("webhook-controller").KubeClient,
 		handlers:   handlers,
@@ -78,7 +80,7 @@ func New(cfg *rest.Config, handlers map[string]struct{}) (*Controller, error) {
 
 	c.informerFactory = informers.NewSharedInformerFactory(c.kubeClient, 0)
 
-	secretInformer := coreinformers.New(c.informerFactory, namespace, nil).Secrets()
+	secretInformer := coreinformers.New(c.informerFactory, webhookutil.GetNamespace(), nil).Secrets()
 	admissionRegistrationInformer := admissionregistrationinformers.New(c.informerFactory, v1.NamespaceAll, nil)
 
 	secretInformer.Informer().AddEventHandler(cache.ResourceEventHandlerFuncs{

diff --git a/pkg/webhook/util/util.go b/pkg/webhook/util/util.go
@@ -30,12 +30,18 @@ const (
 	ValidatingWebhookConfigurationName = "yurt-manager-validating-webhook-configuration"
 )
 
+var namespace = "kube-system"
+
 func GetHost() string {
 	return os.Getenv("WEBHOOK_HOST")
 }
 
 func GetNamespace() string {
-	return "kube-system"
+	return namespace
+}
+
+func SetNamespace(ns string) {
+	namespace = ns
 }
 
 func GetSecretName() string {
-Original file line number
+Diff line change
@@ Expand Up / @@ -261,6 +261,8 @@ EOF @@
         append_note $yurt_manager_templatefile
         kubectl kustomize ${output_default_dir} >> $yurt_manager_templatefile
+        sed "s/namespace: kube-system/namespace: {{ .Release.Namespace | quote }}/g" $yurt_manager_templatefile > tmpfile && mv tmpfile $yurt_manager_templatefile
     }
@@ Expand Down @@