From d8ae6e419efada43360bbb7388d3fbd9d473428a Mon Sep 17 00:00:00 2001 From: Ryu Sato Date: Sat, 28 Dec 2024 23:49:08 +0900 Subject: [PATCH] set database namespace to match watch namespace by default --- .../community-operator/templates/_helpers.tpl | 13 +++++++++++ .../templates/database_roles.yaml | 22 ++++++++++++------- charts/community-operator/values.yaml | 9 +++----- 3 files changed, 30 insertions(+), 14 deletions(-) diff --git a/charts/community-operator/templates/_helpers.tpl b/charts/community-operator/templates/_helpers.tpl index 4dd44305..417ef003 100644 --- a/charts/community-operator/templates/_helpers.tpl +++ b/charts/community-operator/templates/_helpers.tpl @@ -10,3 +10,16 @@ Operator's watch namespaces {{- $namespaces | toYaml }} {{- end }} {{- end }} + +{{/* +Database namespaces +*/}} +{{- define "community-operator.database.namespaces" -}} + {{- $defaultNamespaces := include "community-operator.watchNamespaces" . | fromYamlArray }} + {{- $namespaces := default $defaultNamespaces .Values.database.namespaces }} + {{- if has "*" $namespaces }} + {{- list | toYaml }} + {{- else }} + {{- $namespaces | toYaml }} + {{- end }} +{{- end }} diff --git a/charts/community-operator/templates/database_roles.yaml b/charts/community-operator/templates/database_roles.yaml index b5662ff6..7debec48 100644 --- a/charts/community-operator/templates/database_roles.yaml +++ b/charts/community-operator/templates/database_roles.yaml @@ -1,16 +1,20 @@ +{{- $databaseNamespaces := include "community-operator.database.namespaces" . | fromYamlArray }} +{{- $databaseName := $.Values.database.name }} +{{- range $namespace := $databaseNamespaces }} + --- apiVersion: v1 kind: ServiceAccount metadata: - name: {{ .Values.database.name }} - namespace: {{ if .Values.database.namespace }} {{ .Values.database.namespace }} {{ else }} {{ .Release.Namespace }} {{ end }} + name: {{ $databaseName }} + namespace: {{ $namespace }} --- apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: - name: {{ .Values.database.name }} - namespace: {{ if .Values.database.namespace }} {{ .Values.database.namespace }} {{ else }} {{ .Release.Namespace }} {{ end }} + name: {{ $databaseName }} + namespace: {{ $namespace }} rules: - apiGroups: - "" @@ -31,12 +35,14 @@ rules: kind: RoleBinding apiVersion: rbac.authorization.k8s.io/v1 metadata: - name: {{ .Values.database.name }} - namespace: {{ if .Values.database.namespace }} {{ .Values.database.namespace }} {{ else }} {{ .Release.Namespace }} {{ end }} + name: {{ $databaseName }} + namespace: {{ $namespace }} subjects: - kind: ServiceAccount - name: {{ .Values.database.name }} + name: {{ $databaseName }} roleRef: kind: Role - name: {{ .Values.database.name }} + name: {{ $databaseName }} apiGroup: rbac.authorization.k8s.io + +{{- end }} \ No newline at end of file diff --git a/charts/community-operator/values.yaml b/charts/community-operator/values.yaml index 92069876..087f1a53 100644 --- a/charts/community-operator/values.yaml +++ b/charts/community-operator/values.yaml @@ -53,14 +53,11 @@ operator: ## Operator's database database: name: mongodb-database - # set this to the namespace where you would like - # to deploy the MongoDB database, - # Note if the database namespace is not same - # as the operator namespace, - # make sure to set "watchNamespace" to "*" + # If "watchNamespaces" is set to ["*"], + # then set the database namespaces # to ensure that the operator has the # permission to reconcile resources in other namespaces - # namespace: mongodb-database + # namespaces: ["mongodb-database"] agent: name: mongodb-agent-ubi