weiguoqiang/cert-manager
1
0
Fork 0
Code Issues Pull Requests Actions 2 Packages Projects Releases Wiki Activity

Add --namespace flag

Browse Source 
Signed-off-by: Louis Taylor <louis@kragniz.eu>
This commit is contained in:
Louis Taylor 2019-01-09 17:50:28 +00:00
parent 4da8dabf3e
commit bbda87b3c8
5 changed files with 29 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
cmd/controller/app/BUILD.bazel
View File

@ -11,6 +11,7 @@ go_library(
"//pkg/client/clientset/versioned/scheme:go_default_library",
"//pkg/client/informers/externalversions:go_default_library",
"//pkg/controller:go_default_library",
"//pkg/controller/clusterissuers:go_default_library",
"//pkg/issuer/acme/dns/util:go_default_library",
"//pkg/metrics:go_default_library",
"//pkg/util:go_default_library",

14
cmd/controller/app/controller.go
View File

@ -23,7 +23,7 @@ import (
"time"
"github.com/golang/glog"
"k8s.io/api/core/v1"
v1 "k8s.io/api/core/v1"
"k8s.io/apimachinery/pkg/api/resource"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
"k8s.io/client-go/kubernetes"
@ -39,6 +39,7 @@ import (
intscheme "github.com/jetstack/cert-manager/pkg/client/clientset/versioned/scheme"
informers "github.com/jetstack/cert-manager/pkg/client/informers/externalversions"
"github.com/jetstack/cert-manager/pkg/controller"
"github.com/jetstack/cert-manager/pkg/controller/clusterissuers"
dnsutil "github.com/jetstack/cert-manager/pkg/issuer/acme/dns/util"
"github.com/jetstack/cert-manager/pkg/metrics"
"github.com/jetstack/cert-manager/pkg/util"
@ -69,6 +70,12 @@ func Run(opts *options.ControllerOptions, stopCh <-chan struct{}) {
continue
}
// don't run clusterissuers controller if scoped to a single namespace
if ctx.Namespace != "" && n == clusterissuers.ControllerName {
glog.Infof("Skipping ClusterIssuer controller as cert-manager is scoped to a single namespace")
continue
}
wg.Add(1)
go func(n string, fn controller.Interface) {
defer wg.Done()
@ -163,14 +170,15 @@ func buildControllerContext(opts *options.ControllerOptions) (*controller.Contex
eventBroadcaster.StartRecordingToSink(&corev1.EventSinkImpl{Interface: cl.CoreV1().Events("")})
recorder := eventBroadcaster.NewRecorder(scheme.Scheme, v1.EventSource{Component: controllerAgentName})
sharedInformerFactory := informers.NewSharedInformerFactory(intcl, time.Second*30)
kubeSharedInformerFactory := kubeinformers.NewSharedInformerFactory(cl, time.Second*30)
sharedInformerFactory := informers.NewFilteredSharedInformerFactory(intcl, time.Second*30, opts.Namespace, nil)
kubeSharedInformerFactory := kubeinformers.NewFilteredSharedInformerFactory(cl, time.Second*30, opts.Namespace, nil)
return &controller.Context{
Client: cl,
CMClient: intcl,
Recorder: recorder,
KubeSharedInformerFactory: kubeSharedInformerFactory,
SharedInformerFactory: sharedInformerFactory,
Namespace: opts.Namespace,
ACMEOptions: controller.ACMEOptions{
HTTP01SolverImage: opts.ACMEHTTP01SolverImage,
HTTP01SolverResourceRequestCPU: HTTP01SolverResourceRequestCPU,

6
cmd/controller/app/options/options.go
View File

@ -36,6 +36,7 @@ import (
type ControllerOptions struct {
APIServerHost string
ClusterResourceNamespace string
Namespace string
LeaderElect bool
LeaderElectionNamespace string
@ -71,6 +72,7 @@ type ControllerOptions struct {
const (
defaultAPIServerHost = ""
defaultClusterResourceNamespace = "kube-system"
defaultNamespace = ""
defaultLeaderElect = true
defaultLeaderElectionNamespace = "kube-system"
@ -112,6 +114,7 @@ func NewControllerOptions() *ControllerOptions {
return &ControllerOptions{
APIServerHost: defaultAPIServerHost,
ClusterResourceNamespace: defaultClusterResourceNamespace,
Namespace: defaultNamespace,
LeaderElect: defaultLeaderElect,
LeaderElectionNamespace: defaultLeaderElectionNamespace,
LeaderElectionLeaseDuration: defaultLeaderElectionLeaseDuration,
@ -138,6 +141,9 @@ func (s *ControllerOptions) AddFlags(fs *pflag.FlagSet) {
fs.StringVar(&s.ClusterResourceNamespace, "cluster-resource-namespace", defaultClusterResourceNamespace, ""+
"Namespace to store resources owned by cluster scoped resources such as ClusterIssuer in. "+
"This must be specified if ClusterIssuers are enabled.")
fs.StringVar(&s.Namespace, "namespace", defaultNamespace, ""+
"If set, this limits the scope of cert-manager to a single namespace. "+
"If not specified, all namespaces will be watched")
fs.BoolVar(&s.LeaderElect, "leader-elect", true, ""+
"If true, cert-manager will perform leader election between instances to ensure no more "+
"than one instance of cert-manager operates at a time")

11
pkg/controller/certificates/controller.go
View File

@ -77,10 +77,13 @@ func New(ctx *controllerpkg.Context) *Controller {
ctrl.issuerLister = issuerInformer.Lister()
ctrl.syncedFuncs = append(ctrl.syncedFuncs, issuerInformer.Informer().HasSynced)
clusterIssuerInformer := ctrl.SharedInformerFactory.Certmanager().V1alpha1().ClusterIssuers()
clusterIssuerInformer.Informer().AddEventHandler(&controllerpkg.BlockingEventHandler{WorkFunc: ctrl.handleGenericIssuer})
ctrl.clusterIssuerLister = clusterIssuerInformer.Lister()
ctrl.syncedFuncs = append(ctrl.syncedFuncs, clusterIssuerInformer.Informer().HasSynced)
// if scoped to a single namespace
if ctx.Namespace == "" {
clusterIssuerInformer := ctrl.SharedInformerFactory.Certmanager().V1alpha1().ClusterIssuers()
clusterIssuerInformer.Informer().AddEventHandler(&controllerpkg.BlockingEventHandler{WorkFunc: ctrl.handleGenericIssuer})
ctrl.clusterIssuerLister = clusterIssuerInformer.Lister()
ctrl.syncedFuncs = append(ctrl.syncedFuncs, clusterIssuerInformer.Informer().HasSynced)
}
secretsInformer := ctrl.KubeSharedInformerFactory.Core().V1().Secrets()
secretsInformer.Informer().AddEventHandler(&controllerpkg.BlockingEventHandler{WorkFunc: ctrl.handleSecretResource})

4
pkg/controller/context.go
View File

@ -47,6 +47,10 @@ type Context struct {
// instances
SharedInformerFactory informers.SharedInformerFactory
// Namespace is the namespace to operate within.
// If unset, operates on all namespaces
Namespace string
IssuerOptions
ACMEOptions
IngressShimOptions