forked from fluxcd/flux
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Add --k8s-namespace-whitelist setting that specifies namespaces to wa…
…tch. Fixes fluxcd#1181 Currently, Flux expects to have access to all namespaces, even if no manifests in the repository reference another namespace, it will check all namespaces for controllers to update. This change adds a --k8s-namespace-whitelist setting which, if set, will restrict Flux to only watch the specified namespaces and ignore all others. Intended for clusters with large amounts of namespaces or restrictive RBAC policies. If provided Flux will only monitor workloads in the given namespaces. This significantly cuts the number of API calls made. An empty list (i.e. not provided) yields the usual behaviour.
- Loading branch information
Your Name
committed
Jul 3, 2018
1 parent
e0e6b70
commit 1ae7cd4
Showing
4 changed files
with
111 additions
and
11 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,62 @@ | ||
package kubernetes | ||
|
||
import ( | ||
apiv1 "k8s.io/api/core/v1" | ||
meta_v1 "k8s.io/apimachinery/pkg/apis/meta/v1" | ||
fakekubernetes "k8s.io/client-go/kubernetes/fake" | ||
"testing" | ||
"reflect" | ||
) | ||
|
||
func newNamespace(name string) *apiv1.Namespace { | ||
return &apiv1.Namespace{ | ||
ObjectMeta: meta_v1.ObjectMeta{ | ||
Name: name, | ||
}, | ||
TypeMeta: meta_v1.TypeMeta{ | ||
APIVersion: "v1", | ||
Kind: "Namespace", | ||
}, | ||
} | ||
} | ||
|
||
func testGetNamespaces(t *testing.T, namespace []string, expected []string) { | ||
clientset := fakekubernetes.NewSimpleClientset(newNamespace("default"), | ||
newNamespace("kube-system")) | ||
|
||
c := NewCluster(clientset, nil, nil, nil, nil, namespace) | ||
|
||
namespaces, err := c.getNamespaces() | ||
if err != nil { | ||
t.Errorf("The error should be nil, not: %s", err) | ||
} | ||
|
||
result := []string{} | ||
for _, namespace := range namespaces { | ||
result = append(result, namespace.ObjectMeta.Name) | ||
} | ||
|
||
if reflect.DeepEqual(result, expected) != true { | ||
t.Errorf("Unexpected namespaces: %v != %v.", result, expected) | ||
} | ||
} | ||
|
||
func TestGetNamespacesDefault(t *testing.T) { | ||
testGetNamespaces(t, []string{}, []string{"default","kube-system",}) | ||
} | ||
|
||
func TestGetNamespacesNamespacesIsNil(t *testing.T) { | ||
testGetNamespaces(t, nil, []string{"default","kube-system",}) | ||
} | ||
|
||
func TestGetNamespacesNamespacesSet(t *testing.T) { | ||
testGetNamespaces(t, []string{"default"}, []string{"default",}) | ||
} | ||
|
||
func TestGetNamespacesNamespacesSetDoesNotExist(t *testing.T) { | ||
testGetNamespaces(t, []string{"hello"}, []string{}) | ||
} | ||
|
||
func TestGetNamespacesNamespacesMultiple(t *testing.T) { | ||
testGetNamespaces(t, []string{"default","hello","kube-system"}, []string{"default","kube-system"}) | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters