Merge pull request #6 from Prajithp/master

added option to watch namespaces
TheYkk · Feb 13, 2021 · b9fab61 · b9fab61
2 parents a61b09b + 8757836
commit b9fab61
Show file tree

Hide file tree

Showing 2 changed files with 24 additions and 7 deletions.
diff --git a/Readme.md b/Readme.md
@@ -40,7 +40,17 @@ spec:
 # Triggers
  - When update config or secret
  - When create config or secret
-
+
+# Watching Namespaces
+
+synator Operator installs with cluster wide permissions, however you can optionally control which namespaces it watches by by setting the WATCH_NAMESPACE environment variable.
+
+`WATCH_NAMESPACE` can be omitted entirely, or a comma separated list of k8s namespaces.
+
+- `WATCH_NAMESPACE=""` will watch for resources across the entire cluster.
+- `WATCH_NAMESPACE="foo"` will watch for resources in the foo namespace.
+- `WATCH_NAMESPACE="foo,bar"` will watch for resources in the foo and bar namespace.
+
 # Build and deploy
 Build docker image
 

diff --git a/handlers.py b/handlers.py
@@ -1,9 +1,16 @@
 import kopf
 import kubernetes
+import os
 
+WATCH_NAMESPACE = os.getenv('WATCH_NAMESPACE', "")
+all_namespaces  = WATCH_NAMESPACE.split(',')
+def watch_namespace(namespace, **_):
+    if WATCH_NAMESPACE == "" or namespace in all_namespaces:
+        return True
+    return False
 
-@kopf.on.create('', 'v1', 'secrets', annotations={'synator/sync': 'yes'})
-@kopf.on.update('', 'v1', 'secrets', annotations={'synator/sync': 'yes'})
+@kopf.on.create('', 'v1', 'secrets', annotations={'synator/sync': 'yes'}, when=watch_namespace)
+@kopf.on.update('', 'v1', 'secrets', annotations={'synator/sync': 'yes'}, when=watch_namespace)
 def update_secret(body, meta, spec, status, old, new, diff, **kwargs):
     api = kubernetes.client.CoreV1Api()
     namespace_response = api.list_namespace()
@@ -25,8 +32,8 @@ def update_secret(body, meta, spec, status, old, new, diff, **kwargs):
             api.create_namespaced_secret(ns, secret)
 
 
-@kopf.on.create('', 'v1', 'configmaps', annotations={'synator/sync': 'yes'})
-@kopf.on.update('', 'v1', 'configmaps', annotations={'synator/sync': 'yes'})
+@kopf.on.create('', 'v1', 'configmaps', annotations={'synator/sync': 'yes'}, when=watch_namespace)
+@kopf.on.update('', 'v1', 'configmaps', annotations={'synator/sync': 'yes'}, when=watch_namespace)
 def updateConfigMap(body, meta, spec, status, old, new, diff, **kwargs):
     api = kubernetes.client.CoreV1Api()
     namespace_response = api.list_namespace()
@@ -109,7 +116,7 @@ def newNamespace(spec, name, meta, logger, **kwargs):
 
 # Reload Pod when update configmap or secret
 
-@kopf.on.update('', 'v1', 'configmaps')
+@kopf.on.update('', 'v1', 'configmaps', when=watch_namespace)
 def reload_pod_config(body, meta, spec, status, old, new, diff, **kwargs):
     # Get namespace
     ns = meta.namespace
@@ -124,7 +131,7 @@ def reload_pod_config(body, meta, spec, status, old, new, diff, **kwargs):
                 api.delete_namespaced_pod(pod.metadata.name, pod.metadata.namespace)
 
 
-@kopf.on.update('', 'v1', 'secrets')
+@kopf.on.update('', 'v1', 'secrets', when=watch_namespace)
 def reload_pod_secret(body, meta, spec, status, old, new, diff, **kwargs):
     # Get namespace
     ns = meta.namespace