Merge pull request #282 from kannon92/default-namespace

Use the namespace of the service account
kubernetes-sigs · Dec 16, 2024 · 6c9c29a · 6c9c29a
2 parents 4cf14ac + bdf3085
commit 6c9c29a
Show file tree

Hide file tree

Showing 4 changed files with 18 additions and 33 deletions.
diff --git a/cmd/main.go b/cmd/main.go
@@ -36,6 +36,7 @@ import (
 	leaderworkersetv1 "sigs.k8s.io/lws/api/leaderworkerset/v1"
 	"sigs.k8s.io/lws/pkg/cert"
 	"sigs.k8s.io/lws/pkg/controllers"
+	"sigs.k8s.io/lws/pkg/utils"
 	"sigs.k8s.io/lws/pkg/webhooks"
 	//+kubebuilder:scaffold:imports
 )
@@ -58,7 +59,6 @@ func main() {
 		probeAddr   string
 		qps         float64
 		burst       int
-		namespace   string
 
 		// leader election
 		enableLeaderElection     bool
@@ -91,7 +91,6 @@ func main() {
 			"'endpoints', 'configmaps', 'leases', 'endpointsleases' and 'configmapsleases'")
 	flag.StringVar(&leaderElectionID, "leader-elect-resource-name", "b8b2488c.x-k8s.io",
 		"The name of resource object that is used for locking during leader election. ")
-	flag.StringVar(&namespace, "namespace", "lws-system", "The namespace that is used to deploy leaderWorkerSet controller")
 
 	opts := zap.Options{
 		Development: true,
@@ -104,6 +103,7 @@ func main() {
 	kubeConfig := ctrl.GetConfigOrDie()
 	kubeConfig.QPS = float32(qps)
 	kubeConfig.Burst = burst
+	namespace := utils.GetOperatorNamespace()
 
 	mgr, err := ctrl.NewManager(kubeConfig, ctrl.Options{
 		Scheme:                     scheme,

diff --git a/config/default/manager_auth_proxy_patch.yaml b/config/default/manager_auth_proxy_patch.yaml
@@ -36,5 +36,4 @@ spec:
         - "--health-probe-bind-address=:8081"
         - "--metrics-bind-address=127.0.0.1:8080"
         - "--leader-elect"
-        - "--namespace=lws-system"
         - "--zap-log-level=2"
diff --git a/docs/setup/install.md b/docs/setup/install.md
@@ -67,36 +67,6 @@ To uninstall LeaderWorkerSet, run the following command:
 make undeploy
 ```
 
-# Install in a different namespace
-
-To install the leaderWorkerSet controller in a different namespace rather than `lws-system`, you should first:
-
-```sh
-git clone https://github.com/kubernetes-sigs/lws.git
-cd lws
-```
-
-Then change the [kustomization.yaml](../../config/default/kustomization.yaml) _namespace_ field as:
-
-```yaml
-namespace: <your-namespace>
-```
-
-You should change the [manager_auth_proxy_patch.yaml](../../config/default/manager_auth_proxy_patch.yaml) as well:
-
-```yaml
-- name: manager
-  args:
-  - "--namespace=<your-namespace>"
-```
-
-Finally run:
-
-```
-IMAGE_REGISTRY=<registry>/<project> make image-push deploy
-```
-
-
 # Optional: Use cert manager instead of internal cert
 The webhooks use an internal certificate by default. However, if you wish to use cert-manager (which
 supports cert rotation), instead of internal cert, you can by performing the following steps.

diff --git a/pkg/utils/utils.go b/pkg/utils/utils.go
@@ -19,13 +19,19 @@ package utils
 import (
 	"crypto/sha1"
 	"encoding/hex"
+	"os"
+	"strings"
 
 	appsv1 "k8s.io/api/apps/v1"
 	corev1 "k8s.io/api/core/v1"
 
 	leaderworkerset "sigs.k8s.io/lws/api/leaderworkerset/v1"
 )
 
+const (
+	defaultNamespace = "lws-system"
+)
+
 // Sha1Hash accepts an input string and returns the 40 character SHA1 hash digest of the input string.
 func Sha1Hash(s string) string {
 	h := sha1.New()
@@ -70,3 +76,13 @@ func SortByIndex[T appsv1.StatefulSet | corev1.Pod | int](indexFunc func(T) (int
 
 	return result
 }
+
+// GetOperatorNamespace will pick the namespace based on the serviceaccount
+func GetOperatorNamespace() string {
+	if data, err := os.ReadFile("/var/run/secrets/kubernetes.io/serviceaccount/namespace"); err == nil {
+		if ns := strings.TrimSpace(string(data)); len(ns) > 0 {
+			return ns
+		}
+	}
+	return defaultNamespace
+}