fluxcd · stefanprodan · Jan 24, 2019 · Jan 15, 2019 · Jan 15, 2019 · Jan 15, 2019
diff --git a/CHANGELOG-helmop.md b/CHANGELOG-helmop.md
@@ -1,3 +1,10 @@
+## 0.5.4 (TBA)
+
+### Improvements
+
+ - Add option to limit the Helm operator to a single namespace
+   [weaveworks/flux#1664](https://github.com/weaveworks/flux/pull/1664)
+
 ## 0.5.3 (2019-01-14)
 
 ### Improvements

diff --git a/chart/flux/CHANGELOG.md b/chart/flux/CHANGELOG.md
@@ -1,3 +1,10 @@
+## 0.6.1 (TBA)
+
+### Improvements
+
+ - Add option to limit the Helm operator to a single namespace
+   [weaveworks/flux#1664](https://github.com/weaveworks/flux/pull/1664)
+
 ## 0.6.0 (2019-01-14)
 
 **Note** To fix the connectivity problems between Flux and memcached we've changed the 

diff --git a/chart/flux/README.md b/chart/flux/README.md
@@ -238,6 +238,7 @@ The following tables lists the configurable parameters of the Weave Flux chart a
 | `helmOperator.chartsSyncInterval` | Interval at which to check for changed charts | `3m`
 | `helmOperator.extraEnvs` | Extra environment variables for the Helm operator pod | `[]`
 | `helmOperator.logReleaseDiffs` | Helm operator should log the diff when a chart release diverges (possibly insecure) | `false`
+| `helmOperator.namespace` | If set, this limits the scope to a single namespace. If not specified, all namespaces will be watched | `None`
 | `helmOperator.tillerNamespace` | Namespace in which the Tiller server can be found | `kube-system`
 | `helmOperator.tls.enable` | Enable TLS for communicating with Tiller | `false`
 | `helmOperator.tls.verify` | Verify the Tiller certificate, also enables TLS when set to true | `false`

diff --git a/chart/flux/templates/helm-operator-deployment.yaml b/chart/flux/templates/helm-operator-deployment.yaml
@@ -87,6 +87,9 @@ spec:
         - --charts-sync-interval={{ .Values.helmOperator.chartsSyncInterval }}
         - --update-chart-deps={{ .Values.helmOperator.updateChartDeps }}
         - --log-release-diffs={{ .Values.helmOperator.logReleaseDiffs }}
+        {{- if .Values.helmOperator.namespace }}
+        - --namespace={{ .Values.helmOperator.namespace }}
+        {{- end }}
         - --tiller-namespace={{ .Values.helmOperator.tillerNamespace }}
         {{- if .Values.helmOperator.tls.enable }}
         - --tiller-tls-enable={{ .Values.helmOperator.tls.enable }}

diff --git a/chart/flux/values.yaml b/chart/flux/values.yaml
@@ -21,6 +21,8 @@ helmOperator:
   repository: quay.io/weaveworks/helm-operator
   tag: 0.5.3
   pullPolicy: IfNotPresent
+  # Limit the operator scope to a single namespace
+  namespace:
   # Update dependencies for charts
   updateChartDeps: true
   # Log the diff when a chart release diverges

diff --git a/cmd/helm-operator/main.go b/cmd/helm-operator/main.go
@@ -33,6 +33,7 @@ var (
 
 	kubeconfig *string
 	master     *string
+	namespace  *string
 
 	tillerIP        *string
 	tillerPort      *string
@@ -76,6 +77,7 @@ func init() {
 
 	kubeconfig = fs.String("kubeconfig", "", "path to a kubeconfig; required if out-of-cluster")
 	master = fs.String("master", "", "address of the Kubernetes API server; overrides any value in kubeconfig; required if out-of-cluster")
+	namespace = fs.String("namespace", "", "if set, this limits the scope to a single namespace; if not specified, all namespaces will be watched")
 
 	listenAddr = fs.StringP("listen", "l", ":3030", "Listen address where /metrics and API will be served")
 
@@ -92,7 +94,7 @@ func init() {
 
 	chartsSyncInterval = fs.Duration("charts-sync-interval", 3*time.Minute, "period on which to reconcile the Helm releases with HelmRelease resources")
 	logReleaseDiffs = fs.Bool("log-release-diffs", false, "log the diff when a chart release diverges; potentially insecure")
-	updateDependencies = fs.Bool("update-chart-deps", true, "Update chart dependencies before installing/upgrading a release")
+	updateDependencies = fs.Bool("update-chart-deps", true, "update chart dependencies before installing/upgrading a release")
 
 	_ = fs.Duration("git-poll-interval", 0, "")
 	gitTimeout = fs.Duration("git-timeout", 20*time.Second, "duration after which git operations time out")
@@ -171,18 +173,19 @@ func main() {
 
 	// The status updater, to keep track the release status for each
 	// HelmRelease. It runs as a separate loop for now.
-	statusUpdater := status.New(ifClient, kubeClient, helmClient)
+	statusUpdater := status.New(ifClient, kubeClient, helmClient, *namespace)
 	go statusUpdater.Loop(shutdown, log.With(logger, "component", "annotator"))
 
 	// release instance is needed during the sync of Charts changes and during the sync of HelmRelease changes
 	rel := release.New(log.With(logger, "component", "release"), helmClient)
 	chartSync := chartsync.New(log.With(logger, "component", "chartsync"),
 		chartsync.Polling{Interval: *chartsSyncInterval},
 		chartsync.Clients{KubeClient: *kubeClient, IfClient: *ifClient},
-		rel, chartsync.Config{LogDiffs: *logReleaseDiffs, UpdateDeps: *updateDependencies, GitTimeout: *gitTimeout})
+		rel, chartsync.Config{LogDiffs: *logReleaseDiffs, UpdateDeps: *updateDependencies, GitTimeout: *gitTimeout}, *namespace)
 	chartSync.Run(shutdown, errc, shutdownWg)
 
-	ifInformerFactory := ifinformers.NewSharedInformerFactory(ifClient, 30*time.Second)
+	nsOpt := ifinformers.WithNamespace(*namespace)
+	ifInformerFactory := ifinformers.NewSharedInformerFactoryWithOptions(ifClient, 30*time.Second, nsOpt)
 	fhrInformer := ifInformerFactory.Flux().V1beta1().HelmReleases()
 
 	// start FluxRelease informer

diff --git a/integrations/helm/chartsync/chartsync.go b/integrations/helm/chartsync/chartsync.go
@@ -106,8 +106,8 @@ type clone struct {
 }
 
 type ChartChangeSync struct {
-	logger log.Logger
 	Polling
+	logger     log.Logger
 	kubeClient kubernetes.Clientset
 	ifClient   ifclientset.Clientset
 	release    *release.Release
@@ -117,9 +117,11 @@ type ChartChangeSync struct {
 
 	clonesMu sync.Mutex
 	clones   map[string]clone
+
+	namespace string
 }
 
-func New(logger log.Logger, polling Polling, clients Clients, release *release.Release, config Config) *ChartChangeSync {
+func New(logger log.Logger, polling Polling, clients Clients, release *release.Release, config Config, namespace string) *ChartChangeSync {
 	return &ChartChangeSync{
 		logger:     logger,
 		Polling:    polling,
@@ -129,6 +131,7 @@ func New(logger log.Logger, polling Polling, clients Clients, release *release.R
 		config:     config.WithDefaults(),
 		mirrors:    git.NewMirrors(),
 		clones:     make(map[string]clone),
+		namespace:  namespace,
 	}
 }
 
@@ -403,6 +406,11 @@ func (chs *ChartChangeSync) DeleteRelease(fhr fluxv1beta1.HelmRelease) {
 
 // getNamespaces gets current kubernetes cluster namespaces
 func (chs *ChartChangeSync) getNamespaces() ([]string, error) {
+	if chs.namespace != "" {
+		return []string{chs.namespace}, nil
+	}
+
+	// if no namespace scope is set then get all namespaces in the cluster
 	var ns []string
 	nso, err := chs.kubeClient.CoreV1().Namespaces().List(metav1.ListOptions{})
 	if err != nil {

diff --git a/integrations/helm/status/status.go b/integrations/helm/status/status.go
@@ -35,13 +35,15 @@ type Updater struct {
 	fluxhelm   fluxclientset.Interface
 	kube       kube.Interface
 	helmClient *helm.Client
+	namespace  string
 }
 
-func New(fhrClient fluxclientset.Interface, kubeClient kube.Interface, helmClient *helm.Client) *Updater {
+func New(fhrClient fluxclientset.Interface, kubeClient kube.Interface, helmClient *helm.Client, namespace string) *Updater {
 	return &Updater{
 		fluxhelm:   fhrClient,
 		kube:       kubeClient,
 		helmClient: helmClient,
+		namespace:  namespace,
 	}
 }
 
@@ -56,14 +58,23 @@ bail:
 			break bail
 		case <-ticker.C:
 		}
-		// Look up HelmReleases
-		namespaces, err := a.kube.CoreV1().Namespaces().List(metav1.ListOptions{})
-		if err != nil {
-			logErr = err
-			break bail
+		namespaces := []string{}
+		if a.namespace != "" {
+			namespaces = append(namespaces, a.namespace)
+		} else {
+			all, err := a.kube.CoreV1().Namespaces().List(metav1.ListOptions{})
+			if err != nil {
+				logErr = err
+				break bail
+			}
+			for _, ns := range all.Items {
+				namespaces = append(namespaces, ns.Name)
+			}
 		}
-		for _, ns := range namespaces.Items {
-			fhrClient := a.fluxhelm.FluxV1beta1().HelmReleases(ns.Name)
+
+		// Look up HelmReleases
+		for _, ns := range namespaces {
+			fhrClient := a.fluxhelm.FluxV1beta1().HelmReleases(ns)
 			fhrs, err := fhrClient.List(metav1.ListOptions{})
 			if err != nil {
 				logErr = err
@@ -80,7 +91,7 @@ bail:
 				if status.GetCode().String() != fhr.Status.ReleaseStatus {
 					err := UpdateReleaseStatus(fhrClient, fhr, releaseName, status.GetCode().String())
 					if err != nil {
-						logger.Log("namespace", ns.Name, "resource", fhr.Name, "err", err)
+						logger.Log("namespace", ns, "resource", fhr.Name, "err", err)
 						continue
 					}
 				}

diff --git a/site/helm-operator.md b/site/helm-operator.md
@@ -12,6 +12,7 @@ helm-operator requires setup and offers customization though a multitude of flag
 |------------------------------|-------------------------------|---------|
 |--kubeconfig                  |                               | Path to a kubeconfig. Only required if out-of-cluster. |
 |--master                      |                               | The address of the Kubernetes API server. Overrides any value in kubeconfig. Only required if out-of-cluster. |
+|--namespace                   |                               | If set, this limits the scope to a single namespace. if not specified, all namespaces will be watched. |
 |                              |                               | **Tiller options** |
 |--tiller-ip                   |                               | Tiller IP address. Only required if out-of-cluster. |
 |--tiller-port                 |                               | Tiller port. |