From f43b9265705b640197f45b1bd88d1543804b6b5d Mon Sep 17 00:00:00 2001 From: Louis Taylor Date: Thu, 5 Apr 2018 14:32:29 +0100 Subject: [PATCH 1/6] Remove controller --namespace option --- cmd/controller/app/controller.go | 14 +++++++++----- cmd/controller/app/options/options.go | 7 ------- 2 files changed, 9 insertions(+), 12 deletions(-) diff --git a/cmd/controller/app/controller.go b/cmd/controller/app/controller.go index aad96e829..14f6c2d01 100644 --- a/cmd/controller/app/controller.go +++ b/cmd/controller/app/controller.go @@ -28,7 +28,11 @@ import ( kubeinformers "k8s.io/client-go/informers" ) -const controllerAgentName = "cert-manager-controller" +const ( + controllerAgentName = "cert-manager-controller" + + defaultNamespace = "" +) func Run(opts *options.ControllerOptions, stopCh <-chan struct{}) { ctx, kubeCfg, err := buildControllerContext(opts) @@ -120,8 +124,8 @@ func buildControllerContext(opts *options.ControllerOptions) (*controller.Contex // If it is specified, all operations relating to ClusterIssuer resources // should be disabled and thus we don't need to also create factories for // the --cluster-resource-namespace. - sharedInformerFactory := informers.NewFilteredSharedInformerFactory(intcl, time.Second*30, opts.Namespace, nil) - kubeSharedInformerFactory := kubeinformers.NewFilteredSharedInformerFactory(cl, time.Second*30, opts.Namespace, nil) + sharedInformerFactory := informers.NewFilteredSharedInformerFactory(intcl, time.Second*30, defaultNamespace, nil) + kubeSharedInformerFactory := kubeinformers.NewFilteredSharedInformerFactory(cl, time.Second*30, defaultNamespace, nil) return &controller.Context{ Client: cl, CMClient: intcl, @@ -134,13 +138,13 @@ func buildControllerContext(opts *options.ControllerOptions) (*controller.Contex Recorder: recorder, KubeSharedInformerFactory: kubeSharedInformerFactory, SharedInformerFactory: sharedInformerFactory, - Namespace: opts.Namespace, + Namespace: defaultNamespace, ClusterResourceNamespace: opts.ClusterResourceNamespace, ACMEHTTP01SolverImage: opts.ACMEHTTP01SolverImage, ClusterIssuerAmbientCredentials: opts.ClusterIssuerAmbientCredentials, IssuerAmbientCredentials: opts.IssuerAmbientCredentials, }), - Namespace: opts.Namespace, + Namespace: defaultNamespace, ClusterResourceNamespace: opts.ClusterResourceNamespace, }, kubeCfg, nil } diff --git a/cmd/controller/app/options/options.go b/cmd/controller/app/options/options.go index eabf792bf..8c37d5163 100644 --- a/cmd/controller/app/options/options.go +++ b/cmd/controller/app/options/options.go @@ -11,7 +11,6 @@ import ( type ControllerOptions struct { APIServerHost string - Namespace string ClusterResourceNamespace string LeaderElect bool @@ -28,7 +27,6 @@ type ControllerOptions struct { const ( defaultAPIServerHost = "" - defaultNamespace = "" defaultClusterResourceNamespace = "kube-system" defaultLeaderElect = true @@ -48,7 +46,6 @@ var ( func NewControllerOptions() *ControllerOptions { return &ControllerOptions{ APIServerHost: defaultAPIServerHost, - Namespace: defaultNamespace, ClusterResourceNamespace: defaultClusterResourceNamespace, LeaderElect: defaultLeaderElect, LeaderElectionNamespace: defaultLeaderElectionNamespace, @@ -64,13 +61,9 @@ func (s *ControllerOptions) AddFlags(fs *pflag.FlagSet) { fs.StringVar(&s.APIServerHost, "master", defaultAPIServerHost, ""+ "Optional apiserver host address to connect to. If not specified, autoconfiguration "+ "will be attempted.") - fs.StringVar(&s.Namespace, "namespace", defaultNamespace, ""+ - "Optional namespace to monitor resources within. This can be used to limit the scope "+ - "of cert-manager to a single namespace. If not specified, all namespaces will be watched") fs.StringVar(&s.ClusterResourceNamespace, "cluster-resource-namespace", defaultClusterResourceNamespace, ""+ "Namespace to store resources owned by cluster scoped resources such as ClusterIssuer in. "+ "This must be specified if ClusterIssuers are enabled.") - fs.BoolVar(&s.LeaderElect, "leader-elect", true, ""+ "If true, cert-manager will perform leader election between instances to ensure no more "+ "than one instance of cert-manager operates at a time") From 783d8b6a894441d989c0946b334e851e4dd1d1e5 Mon Sep 17 00:00:00 2001 From: Louis Taylor Date: Thu, 5 Apr 2018 14:44:47 +0100 Subject: [PATCH 2/6] Remove ingress-shim --namespace option --- cmd/ingress-shim/app.go | 10 +++++++--- cmd/ingress-shim/options/options.go | 7 ------- 2 files changed, 7 insertions(+), 10 deletions(-) diff --git a/cmd/ingress-shim/app.go b/cmd/ingress-shim/app.go index 9b2ecf898..48b2f7d71 100644 --- a/cmd/ingress-shim/app.go +++ b/cmd/ingress-shim/app.go @@ -26,7 +26,11 @@ import ( kubeinformers "k8s.io/client-go/informers" ) -const controllerAgentName = "ingress-shim-controller" +const ( + controllerAgentName = "ingress-shim-controller" + + defaultNamespace = "" +) func Run(opts *options.ControllerOptions, stopCh <-chan struct{}) { ctrl, kubeCfg, err := buildController(opts, stopCh) @@ -105,8 +109,8 @@ func buildController(opts *options.ControllerOptions, stopCh <-chan struct{}) (* // If it is specified, all operations relating to ClusterIssuer resources // should be disabled and thus we don't need to also create factories for // the --cluster-resource-namespace. - sharedInformerFactory := informers.NewFilteredSharedInformerFactory(intcl, time.Second*30, opts.Namespace, nil) - kubeSharedInformerFactory := kubeinformers.NewFilteredSharedInformerFactory(cl, time.Second*30, opts.Namespace, nil) + sharedInformerFactory := informers.NewFilteredSharedInformerFactory(intcl, time.Second*30, defaultNamespace, nil) + kubeSharedInformerFactory := kubeinformers.NewFilteredSharedInformerFactory(cl, time.Second*30, defaultNamespace, nil) ctrl := controller.New( sharedInformerFactory.Certmanager().V1alpha1().Certificates(), kubeSharedInformerFactory.Extensions().V1beta1().Ingresses(), diff --git a/cmd/ingress-shim/options/options.go b/cmd/ingress-shim/options/options.go index 1e81c67a7..611a7a409 100644 --- a/cmd/ingress-shim/options/options.go +++ b/cmd/ingress-shim/options/options.go @@ -10,7 +10,6 @@ import ( type ControllerOptions struct { APIServerHost string - Namespace string LeaderElect bool LeaderElectionNamespace string @@ -26,7 +25,6 @@ type ControllerOptions struct { const ( defaultAPIServerHost = "" - defaultNamespace = "" defaultLeaderElect = true defaultLeaderElectionNamespace = "kube-system" @@ -43,7 +41,6 @@ const ( func NewControllerOptions() *ControllerOptions { return &ControllerOptions{ APIServerHost: defaultAPIServerHost, - Namespace: defaultNamespace, LeaderElect: defaultLeaderElect, LeaderElectionNamespace: defaultLeaderElectionNamespace, LeaderElectionLeaseDuration: defaultLeaderElectionLeaseDuration, @@ -60,10 +57,6 @@ func (s *ControllerOptions) AddFlags(fs *pflag.FlagSet) { fs.StringVar(&s.APIServerHost, "master", defaultAPIServerHost, ""+ "Optional apiserver host address to connect to. If not specified, autoconfiguration "+ "will be attempted.") - fs.StringVar(&s.Namespace, "namespace", defaultNamespace, ""+ - "Optional namespace to monitor resources within. This can be used to limit the scope "+ - "of ingress-annotation-controller to a single namespace. If not specified, all namespaces will be watched.") - fs.BoolVar(&s.LeaderElect, "leader-elect", true, ""+ "If true, ingress-annotation-controller will perform leader election between instances to ensure no more "+ "than one instance of cert-manager operates at a time.") From 3733bf2b742ef2f55d3678c134db6925b0d6cdcf Mon Sep 17 00:00:00 2001 From: Louis Taylor Date: Fri, 6 Apr 2018 10:24:10 +0100 Subject: [PATCH 3/6] controller: FilteredSharedInformer -> SharedInformer --- cmd/controller/app/controller.go | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/cmd/controller/app/controller.go b/cmd/controller/app/controller.go index 14f6c2d01..9790d41ab 100644 --- a/cmd/controller/app/controller.go +++ b/cmd/controller/app/controller.go @@ -124,8 +124,8 @@ func buildControllerContext(opts *options.ControllerOptions) (*controller.Contex // If it is specified, all operations relating to ClusterIssuer resources // should be disabled and thus we don't need to also create factories for // the --cluster-resource-namespace. - sharedInformerFactory := informers.NewFilteredSharedInformerFactory(intcl, time.Second*30, defaultNamespace, nil) - kubeSharedInformerFactory := kubeinformers.NewFilteredSharedInformerFactory(cl, time.Second*30, defaultNamespace, nil) + sharedInformerFactory := informers.NewSharedInformerFactory(intcl, time.Second*30) + kubeSharedInformerFactory := kubeinformers.NewSharedInformerFactory(cl, time.Second*30) return &controller.Context{ Client: cl, CMClient: intcl, From 1dece103d390ba4d94662073399d190fe3d429ce Mon Sep 17 00:00:00 2001 From: Louis Taylor Date: Fri, 6 Apr 2018 10:25:26 +0100 Subject: [PATCH 4/6] ingress-shim: FilteredSharedInformer -> SharedInformer --- cmd/ingress-shim/app.go | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/cmd/ingress-shim/app.go b/cmd/ingress-shim/app.go index 48b2f7d71..6a65409eb 100644 --- a/cmd/ingress-shim/app.go +++ b/cmd/ingress-shim/app.go @@ -109,8 +109,8 @@ func buildController(opts *options.ControllerOptions, stopCh <-chan struct{}) (* // If it is specified, all operations relating to ClusterIssuer resources // should be disabled and thus we don't need to also create factories for // the --cluster-resource-namespace. - sharedInformerFactory := informers.NewFilteredSharedInformerFactory(intcl, time.Second*30, defaultNamespace, nil) - kubeSharedInformerFactory := kubeinformers.NewFilteredSharedInformerFactory(cl, time.Second*30, defaultNamespace, nil) + sharedInformerFactory := informers.NewSharedInformerFactory(intcl, time.Second*30) + kubeSharedInformerFactory := kubeinformers.NewSharedInformerFactory(cl, time.Second*30) ctrl := controller.New( sharedInformerFactory.Certmanager().V1alpha1().Certificates(), kubeSharedInformerFactory.Extensions().V1beta1().Ingresses(), From 0961e241741ab980bb0e0dc8fa42e8f70bc6ae14 Mon Sep 17 00:00:00 2001 From: Louis Taylor Date: Fri, 6 Apr 2018 11:20:24 +0100 Subject: [PATCH 5/6] Remove namespace from more places --- cmd/controller/app/controller.go | 19 +------------------ pkg/controller/certificates/controller.go | 6 +----- pkg/controller/context.go | 3 --- pkg/issuer/context.go | 3 --- 4 files changed, 2 insertions(+), 29 deletions(-) diff --git a/cmd/controller/app/controller.go b/cmd/controller/app/controller.go index 9790d41ab..d8ac30a99 100644 --- a/cmd/controller/app/controller.go +++ b/cmd/controller/app/controller.go @@ -22,7 +22,6 @@ import ( intscheme "github.com/jetstack/cert-manager/pkg/client/clientset/versioned/scheme" informers "github.com/jetstack/cert-manager/pkg/client/informers/externalversions" "github.com/jetstack/cert-manager/pkg/controller" - "github.com/jetstack/cert-manager/pkg/controller/clusterissuers" "github.com/jetstack/cert-manager/pkg/issuer" "github.com/jetstack/cert-manager/pkg/util/kube" kubeinformers "k8s.io/client-go/informers" @@ -43,15 +42,7 @@ func Run(opts *options.ControllerOptions, stopCh <-chan struct{}) { run := func(_ <-chan struct{}) { var wg sync.WaitGroup - var controllers = make(map[string]controller.Interface) for n, fn := range controller.Known() { - if ctx.Namespace != "" && n == clusterissuers.ControllerName { - glog.Infof("Skipping ClusterIssuer controller as cert-manager is scoped to a single namespace") - continue - } - controllers[n] = fn(ctx) - } - for n, fn := range controllers { wg.Add(1) go func(n string, fn controller.Interface) { defer wg.Done() @@ -62,7 +53,7 @@ func Run(opts *options.ControllerOptions, stopCh <-chan struct{}) { if err != nil { glog.Fatalf("error running %s controller: %s", n, err.Error()) } - }(n, fn) + }(n, fn(ctx)) } glog.V(4).Infof("Starting shared informer factory") ctx.SharedInformerFactory.Start(stopCh) @@ -118,12 +109,6 @@ func buildControllerContext(opts *options.ControllerOptions) (*controller.Contex eventBroadcaster.StartRecordingToSink(&corev1.EventSinkImpl{Interface: cl.CoreV1().Events("")}) recorder := eventBroadcaster.NewRecorder(scheme.Scheme, v1.EventSource{Component: controllerAgentName}) - // We only create SharedInformerFactories for the --namespace specified to - // watch. If this namespace is blank (i.e. the default, watch all - // namespaces) then the factories will watch all namespaces. - // If it is specified, all operations relating to ClusterIssuer resources - // should be disabled and thus we don't need to also create factories for - // the --cluster-resource-namespace. sharedInformerFactory := informers.NewSharedInformerFactory(intcl, time.Second*30) kubeSharedInformerFactory := kubeinformers.NewSharedInformerFactory(cl, time.Second*30) return &controller.Context{ @@ -138,13 +123,11 @@ func buildControllerContext(opts *options.ControllerOptions) (*controller.Contex Recorder: recorder, KubeSharedInformerFactory: kubeSharedInformerFactory, SharedInformerFactory: sharedInformerFactory, - Namespace: defaultNamespace, ClusterResourceNamespace: opts.ClusterResourceNamespace, ACMEHTTP01SolverImage: opts.ACMEHTTP01SolverImage, ClusterIssuerAmbientCredentials: opts.ClusterIssuerAmbientCredentials, IssuerAmbientCredentials: opts.IssuerAmbientCredentials, }), - Namespace: defaultNamespace, ClusterResourceNamespace: opts.ClusterResourceNamespace, }, kubeCfg, nil } diff --git a/pkg/controller/certificates/controller.go b/pkg/controller/certificates/controller.go index c0d9a4010..f27018237 100644 --- a/pkg/controller/certificates/controller.go +++ b/pkg/controller/certificates/controller.go @@ -233,14 +233,10 @@ const ( func init() { controllerpkg.Register(ControllerName, func(ctx *controllerpkg.Context) controllerpkg.Interface { - var clusterIssuerInformer cminformers.ClusterIssuerInformer - if ctx.Namespace == "" { - clusterIssuerInformer = ctx.SharedInformerFactory.Certmanager().V1alpha1().ClusterIssuers() - } return New( ctx.SharedInformerFactory.Certmanager().V1alpha1().Certificates(), ctx.SharedInformerFactory.Certmanager().V1alpha1().Issuers(), - clusterIssuerInformer, + ctx.SharedInformerFactory.Certmanager().V1alpha1().ClusterIssuers(), ctx.KubeSharedInformerFactory.Core().V1().Secrets(), ctx.KubeSharedInformerFactory.Extensions().V1beta1().Ingresses(), ctx.Client, diff --git a/pkg/controller/context.go b/pkg/controller/context.go index 9052b2d7e..e6113abb5 100644 --- a/pkg/controller/context.go +++ b/pkg/controller/context.go @@ -32,9 +32,6 @@ type Context struct { // instances IssuerFactory issuer.Factory - // Namespace is a namespace to operate within. This should be used when - // constructing SharedIndexInformers for the informer factory. - Namespace string // ClusterResourceNamespace is the namespace to store resources created by // non-namespaced resources (e.g. ClusterIssuer) in. ClusterResourceNamespace string diff --git a/pkg/issuer/context.go b/pkg/issuer/context.go index 3b56d8715..df632bcde 100644 --- a/pkg/issuer/context.go +++ b/pkg/issuer/context.go @@ -28,9 +28,6 @@ type Context struct { // instances SharedInformerFactory informers.SharedInformerFactory - // Namespace is a namespace to operate within. This should be used when - // constructing SharedIndexInformers for the informer factory. - Namespace string // ClusterResourceNamespace is the namespace to store resources created by // non-namespaced resources (e.g. ClusterIssuer) in. ClusterResourceNamespace string From 4dd1d02e90b7d2a856c3adec372eebff3e0b29ba Mon Sep 17 00:00:00 2001 From: Louis Taylor Date: Fri, 6 Apr 2018 17:45:20 +0100 Subject: [PATCH 6/6] Remove defaultNamespace --- cmd/controller/app/controller.go | 6 +----- cmd/ingress-shim/app.go | 6 +----- 2 files changed, 2 insertions(+), 10 deletions(-) diff --git a/cmd/controller/app/controller.go b/cmd/controller/app/controller.go index d8ac30a99..4f8e8ec61 100644 --- a/cmd/controller/app/controller.go +++ b/cmd/controller/app/controller.go @@ -27,11 +27,7 @@ import ( kubeinformers "k8s.io/client-go/informers" ) -const ( - controllerAgentName = "cert-manager-controller" - - defaultNamespace = "" -) +const controllerAgentName = "cert-manager-controller" func Run(opts *options.ControllerOptions, stopCh <-chan struct{}) { ctx, kubeCfg, err := buildControllerContext(opts) diff --git a/cmd/ingress-shim/app.go b/cmd/ingress-shim/app.go index 6a65409eb..6e8f178ca 100644 --- a/cmd/ingress-shim/app.go +++ b/cmd/ingress-shim/app.go @@ -26,11 +26,7 @@ import ( kubeinformers "k8s.io/client-go/informers" ) -const ( - controllerAgentName = "ingress-shim-controller" - - defaultNamespace = "" -) +const controllerAgentName = "ingress-shim-controller" func Run(opts *options.ControllerOptions, stopCh <-chan struct{}) { ctrl, kubeCfg, err := buildController(opts, stopCh)