From f0316fa39f7107e7d13fc9e861b884ce26a8e3cb Mon Sep 17 00:00:00 2001 From: Jonathan Knight Date: Mon, 13 Mar 2023 15:42:15 +0300 Subject: [PATCH] Enhance the Helm chart to make it easier to install the Operator into, and monitor a single namespace (#587) --- docs/installation/01_installation.adoc | 37 ++++++++++++- .../templates/deployment.yaml | 8 ++- helm-charts/coherence-operator/values.yaml | 7 +++ pkg/operator/operator.go | 8 +-- test/e2e/helm/helm_test.go | 54 +++++++++++++++++++ 5 files changed, 107 insertions(+), 7 deletions(-) diff --git a/docs/installation/01_installation.adoc b/docs/installation/01_installation.adoc index 6eb504d8..0a80cb9b 100644 --- a/docs/installation/01_installation.adoc +++ b/docs/installation/01_installation.adoc @@ -301,12 +301,45 @@ To set the watch namespaces when installing with helm set the `watchNamespaces` ---- helm install \ --namespace \ - --set watchNamespaces=payments,catalog,customers <1> + --set watchNamespaces=payments,catalog,customers \ + coherence-operator \ + coherence/coherence-operator +---- + +The `payments`, `catalog` and `customers` namespaces will be watched by the Operator. + +==== Set the Watch Namespace to the Operator's Install Namespace + +When installing the Operator using the Helm chart, there is a convenience value that can be set if the +Operator should only monitor the same namespace that it is installed into. +By setting the `onlySameNamespace` value to `true` the watch namespace will be set to the installation namespace. +If the `onlySameNamespace` value is set to `true` then any value set for the `watchNamespaces` value will be ignored. + +For example, the command below will set `onlySameNamespace` to true, and the Operator will be installed into, +and only monitor the `coh-testing` namespace. + +[source,bash] +---- +helm install \ + --namespace coh-testing \ + --set onlySameNamespace=true \ + coherence-operator \ + coherence/coherence-operator +---- + +In the example below, the `onlySameNamespace` is set to true, so the Operator will be installed into, +and only monitor the `coh-testing` namespace. Even though the `watchNamespaces` value is set, it will be ignored. + +[source,bash] +---- +helm install \ + --namespace coh-testing \ + --set watchNamespaces=payments,catalog,customers \ + --set onlySameNamespace=true \ coherence-operator \ coherence/coherence-operator ---- -<1> The `payments`, `catalog` and `customers` namespaces will be watched by the Operator. == Set the Operator Image diff --git a/helm-charts/coherence-operator/templates/deployment.yaml b/helm-charts/coherence-operator/templates/deployment.yaml index 43bdf348..676c75ef 100644 --- a/helm-charts/coherence-operator/templates/deployment.yaml +++ b/helm-charts/coherence-operator/templates/deployment.yaml @@ -132,10 +132,14 @@ spec: - name: OPERATOR_IMAGE value: {{ .Values.defaultCoherenceUtilsImage | quote }} - name: WATCH_NAMESPACE -{{- if .Values.clusterRoles }} - value: {{ .Values.watchNamespaces | quote }} +{{- if .Values.onlySameNamespace }} + value: {{ .Release.Namespace | quote }} {{- else }} +{{- if .Values.clusterRoles }} + value: {{ .Values.watchNamespaces | quote }} +{{- else }} value: {{ .Release.Namespace | quote }} +{{- end }} {{- end }} image: {{ .Values.image }} ports: diff --git a/helm-charts/coherence-operator/values.yaml b/helm-charts/coherence-operator/values.yaml index b58a72b4..5b2c9d40 100644 --- a/helm-charts/coherence-operator/values.yaml +++ b/helm-charts/coherence-operator/values.yaml @@ -155,6 +155,13 @@ livenessProbe: # ref: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ resources: +# onlySameNamespace is a flag to indicate that the Operator should only monitor and control +# Coherence clusters in the same namespace that it is installed into. +# If this flag is set to true, any watchNamespaces value will be ignored, as this +# will automatically be set to the same namespace the Operator is installed into. +# The default is false, the Operator will monitor all namespaces +onlySameNamespace: false + # clusterRoles controls whether the Helm chart will create RBAC ClusterRole and bindings for the Operator # These are required if the Operator will watch multiple namespaces. # If set to false then the Operator will only watch the namespace it is deployed into. diff --git a/pkg/operator/operator.go b/pkg/operator/operator.go index 5bac45fc..810893fe 100644 --- a/pkg/operator/operator.go +++ b/pkg/operator/operator.go @@ -1,5 +1,5 @@ /* - * Copyright (c) 2019, 2022, Oracle and/or its affiliates. + * Copyright (c) 2019, 2023, Oracle and/or its affiliates. * Licensed under the Universal Permissive License v 1.0 as shown at * http://oss.oracle.com/licenses/upl. */ @@ -73,6 +73,9 @@ const ( FlagWebhookSecret = "webhook-secret" FlagWebhookService = "webhook-service" + // EnvVarWatchNamespace is the environment variable to use to set the watch namespace(s) + EnvVarWatchNamespace = "WATCH_NAMESPACE" + // OCI Node Labels // LabelOciNodeFaultDomain is the OCI Node label for the fault domain. @@ -385,10 +388,9 @@ func GetWatchNamespace() []string { // WatchNamespaceEnvVar is the constant for env variable WATCH_NAMESPACE // which specifies the Namespace to watch. // An empty value means the operator is running with cluster scope. - var watchNamespaceEnvVar = "WATCH_NAMESPACE" var watches []string - ns, found := os.LookupEnv(watchNamespaceEnvVar) + ns, found := os.LookupEnv(EnvVarWatchNamespace) if !found || ns == "" || strings.TrimSpace(ns) == "" { return watches } diff --git a/test/e2e/helm/helm_test.go b/test/e2e/helm/helm_test.go index cd585acd..3e92fd86 100644 --- a/test/e2e/helm/helm_test.go +++ b/test/e2e/helm/helm_test.go @@ -13,6 +13,7 @@ import ( coh "github.com/oracle/coherence-operator/api/v1" "github.com/oracle/coherence-operator/pkg/operator" "github.com/oracle/coherence-operator/test/e2e/helper" + "github.com/oracle/coherence-operator/test/e2e/helper/matchers" appsv1 "k8s.io/api/apps/v1" corev1 "k8s.io/api/core/v1" "k8s.io/apimachinery/pkg/api/errors" @@ -140,6 +141,59 @@ func TestDisableWebhooks(t *testing.T) { g.Expect(c.Args).Should(ContainElements("operator", "--enable-leader-election", "--enable-webhook=false")) } +func TestSetOnlySameNamespace(t *testing.T) { + g := NewGomegaWithT(t) + result, err := helmInstall("--set", "onlySameNamespace=true") + g.Expect(err).NotTo(HaveOccurred()) + g.Expect(result).NotTo(BeNil()) + + dep := &appsv1.Deployment{} + err = result.Get("coherence-operator", dep) + g.Expect(err).NotTo(HaveOccurred()) + + c := findContainer("manager", dep) + g.Expect(c).NotTo(BeNil()) + + ns := helper.GetTestNamespace() + g.Expect(c.Env).NotTo(BeNil()) + g.Expect(c.Env).To(matchers.HaveEnvVar(corev1.EnvVar{Name: operator.EnvVarWatchNamespace, Value: ns})) +} + +func TestSetOnlySameNamespaceIgnoresWatchNamespaces(t *testing.T) { + g := NewGomegaWithT(t) + result, err := helmInstall("--set", "watchNamespaces=foo", "--set", "onlySameNamespace=true") + g.Expect(err).NotTo(HaveOccurred()) + g.Expect(result).NotTo(BeNil()) + + dep := &appsv1.Deployment{} + err = result.Get("coherence-operator", dep) + g.Expect(err).NotTo(HaveOccurred()) + + c := findContainer("manager", dep) + g.Expect(c).NotTo(BeNil()) + + ns := helper.GetTestNamespace() + g.Expect(c.Env).NotTo(BeNil()) + g.Expect(c.Env).To(matchers.HaveEnvVar(corev1.EnvVar{Name: operator.EnvVarWatchNamespace, Value: ns})) +} + +func TestSetWatchNamespaces(t *testing.T) { + g := NewGomegaWithT(t) + result, err := helmInstall("--set", "watchNamespaces=foo") + g.Expect(err).NotTo(HaveOccurred()) + g.Expect(result).NotTo(BeNil()) + + dep := &appsv1.Deployment{} + err = result.Get("coherence-operator", dep) + g.Expect(err).NotTo(HaveOccurred()) + + c := findContainer("manager", dep) + g.Expect(c).NotTo(BeNil()) + + g.Expect(c.Env).NotTo(BeNil()) + g.Expect(c.Env).To(matchers.HaveEnvVar(corev1.EnvVar{Name: operator.EnvVarWatchNamespace, Value: "foo"})) +} + func TestBasicHelmInstall(t *testing.T) { g := NewGomegaWithT(t) cmd, err := createHelmCommand()