detect in-cluster namespace by default, --system-namespace takes prec…

…edence if set

Signed-off-by: Joe Lanford <[email protected]>

cmd/core/main.go

@@ -85,7 +85,7 @@ func main() {
 	flag.StringVar(&httpExternalAddr, "http-external-address", "http://localhost:8080", "The external address at which the http server is reachable.")
 	flag.StringVar(&bundleCAFile, "bundle-ca-file", "", "The file containing the certificate authority for connecting to bundle content servers.")
 	flag.StringVar(&probeAddr, "health-probe-bind-address", ":8081", "The address the probe endpoint binds to.")
-	flag.StringVar(&systemNamespace, "system-namespace", util.DefaultSystemNamespace, "Configures the namespace that gets used to deploy system resources.")
+	flag.StringVar(&systemNamespace, "system-namespace", "", "Configures the namespace that gets used to deploy system resources.")
 	flag.StringVar(&unpackImage, "unpack-image", util.DefaultUnpackImage, "Configures the container image that gets used to unpack Bundle contents.")
 	flag.StringVar(&baseUploadManagerURL, "base-upload-manager-url", "", "The base URL from which to fetch uploaded bundles.")
 	flag.BoolVar(&enableLeaderElection, "leader-elect", false,
@@ -117,10 +117,13 @@ func main() {
 	dependentSelector := labels.NewSelector().Add(*dependentRequirement)
 
 	cfg := ctrl.GetConfigOrDie()
-	systemNs := util.PodNamespace(systemNamespace)
+	if systemNamespace == "" {
+		systemNamespace = util.PodNamespace()
+	}
+
 	systemNsCluster, err := cluster.New(cfg, func(opts *cluster.Options) {
 		opts.Scheme = scheme
-		opts.Namespace = systemNs
+		opts.Namespace = systemNamespace
 	})
 	if err != nil {
 		setupLog.Error(err, "unable to create system namespace cluster")
@@ -215,7 +218,7 @@ func main() {
 		os.Exit(1)
 	}
 
-	unpacker, err := source.NewDefaultUnpacker(systemNsCluster, systemNs, unpackImage, baseUploadManagerURL, rootCAs)
+	unpacker, err := source.NewDefaultUnpacker(systemNsCluster, systemNamespace, unpackImage, baseUploadManagerURL, rootCAs)
 	if err != nil {
 		setupLog.Error(err, "unable to setup bundle unpacker")
 		os.Exit(1)
@@ -230,12 +233,12 @@ func main() {
 	cfgGetter := helmclient.NewActionConfigGetter(mgr.GetConfig(), mgr.GetRESTMapper(), mgr.GetLogger())
 	acg := helmclient.NewActionClientGetter(cfgGetter)
 	commonBDProvisionerOptions := []bundledeployment.Option{
-		bundledeployment.WithReleaseNamespace(systemNs),
+		bundledeployment.WithReleaseNamespace(systemNamespace),
 		bundledeployment.WithActionClientGetter(acg),
 		bundledeployment.WithStorage(bundleStorage),
 	}
 
-	if err := bundle.SetupWithManager(mgr, systemNsCluster.GetCache(), systemNs, append(
+	if err := bundle.SetupWithManager(mgr, systemNsCluster.GetCache(), systemNamespace, append(
 		commonBundleProvisionerOptions,
 		bundle.WithProvisionerID(plain.ProvisionerID),
 		bundle.WithHandler(bundle.HandlerFunc(plain.HandleBundle)),
@@ -244,7 +247,7 @@ func main() {
 		os.Exit(1)
 	}
 
-	if err := bundle.SetupWithManager(mgr, systemNsCluster.GetCache(), systemNs, append(
+	if err := bundle.SetupWithManager(mgr, systemNsCluster.GetCache(), systemNamespace, append(
 		commonBundleProvisionerOptions,
 		bundle.WithProvisionerID(registry.ProvisionerID),
 		bundle.WithHandler(bundle.HandlerFunc(registry.HandleBundle)),

cmd/helm/main.go

@@ -79,7 +79,7 @@ func main() {
 	flag.StringVar(&probeAddr, "health-probe-bind-address", ":8081", "The address the probe endpoint binds to.")
 	flag.StringVar(&unpackImage, "unpack-image", util.DefaultUnpackImage, "Configures the container image that gets used to unpack Bundle contents.")
 	flag.StringVar(&baseUploadManagerURL, "base-upload-manager-url", "", "The base URL from which to fetch uploaded bundles.")
-	flag.StringVar(&systemNamespace, "system-namespace", util.DefaultSystemNamespace, "Configures the namespace that gets used to deploy system resources.")
+	flag.StringVar(&systemNamespace, "system-namespace", "", "Configures the namespace that gets used to deploy system resources.")
 	flag.BoolVar(&enableLeaderElection, "leader-elect", false,
 		"Enable leader election for controller manager. "+
 			"Enabling this will ensure there is only one active controller manager.")
@@ -107,10 +107,12 @@ func main() {
 	dependentSelector := labels.NewSelector().Add(*dependentRequirement)
 
 	cfg := ctrl.GetConfigOrDie()
-	systemNs := util.PodNamespace(systemNamespace)
+	if systemNamespace == "" {
+		systemNamespace = util.PodNamespace()
+	}
 	systemNsCluster, err := cluster.New(cfg, func(opts *cluster.Options) {
 		opts.Scheme = scheme
-		opts.Namespace = systemNs
+		opts.Namespace = systemNamespace
 	})
 	if err != nil {
 		setupLog.Error(err, "unable to create system namespace cluster")
@@ -197,7 +199,7 @@ func main() {
 		os.Exit(1)
 	}
 
-	unpacker, err := source.NewDefaultUnpacker(systemNsCluster, systemNs, unpackImage, baseUploadManagerURL, rootCAs)
+	unpacker, err := source.NewDefaultUnpacker(systemNsCluster, systemNamespace, unpackImage, baseUploadManagerURL, rootCAs)
 	if err != nil {
 		setupLog.Error(err, "unable to setup bundle unpacker")
 		os.Exit(1)
@@ -212,12 +214,12 @@ func main() {
 	cfgGetter := helmclient.NewActionConfigGetter(mgr.GetConfig(), mgr.GetRESTMapper(), mgr.GetLogger())
 	acg := helmclient.NewActionClientGetter(cfgGetter)
 	commonBDProvisionerOptions := []bundledeployment.Option{
-		bundledeployment.WithReleaseNamespace(systemNs),
+		bundledeployment.WithReleaseNamespace(systemNamespace),
 		bundledeployment.WithActionClientGetter(acg),
 		bundledeployment.WithStorage(bundleStorage),
 	}
 
-	if err := bundle.SetupWithManager(mgr, systemNsCluster.GetCache(), systemNs, append(
+	if err := bundle.SetupWithManager(mgr, systemNsCluster.GetCache(), systemNamespace, append(
 		commonBundleProvisionerOptions,
 		bundle.WithProvisionerID(helm.ProvisionerID),
 		bundle.WithHandler(bundle.HandlerFunc(helm.HandleBundle)),

cmd/webhooks/main.go

@@ -52,7 +52,7 @@ func main() {
 	var rukpakVersion bool
 	flag.StringVar(&metricsAddr, "metrics-bind-address", ":8080", "The address the metric endpoint binds to.")
 	flag.StringVar(&probeAddr, "health-probe-bind-address", ":8081", "The address the probe endpoint binds to.")
-	flag.StringVar(&systemNamespace, "system-namespace", util.DefaultSystemNamespace, "Configures the namespace that gets used to deploy system resources.")
+	flag.StringVar(&systemNamespace, "system-namespace", "", "Configures the namespace that gets used to deploy system resources.")
 	flag.BoolVar(&rukpakVersion, "version", false, "Displays rukpak version information")
 	opts := zap.Options{
 		Development: true,
@@ -69,10 +69,12 @@ func main() {
 	setupLog.Info("starting up the rukpak webhooks", "git commit", version.String())
 
 	cfg := ctrl.GetConfigOrDie()
-	systemNs := util.PodNamespace(systemNamespace)
+	if systemNamespace == "" {
+		systemNamespace = util.PodNamespace()
+	}
 	mgr, err := ctrl.NewManager(cfg, ctrl.Options{
 		Scheme:                 scheme,
-		Namespace:              systemNs,
+		Namespace:              systemNamespace,
 		MetricsBindAddress:     metricsAddr,
 		Port:                   9443,
 		HealthProbeBindAddress: probeAddr,
@@ -84,7 +86,7 @@ func main() {
 
 	if err = (&webhook.Bundle{
 		Client:          mgr.GetClient(),
-		SystemNamespace: systemNs,
+		SystemNamespace: systemNamespace,
 	}).SetupWebhookWithManager(mgr); err != nil {
 		setupLog.Error(err, "unable to create webhook", "webhook", rukpakv1alpha1.BundleKind)
 		os.Exit(1)

internal/util/util.go

@@ -319,14 +319,14 @@ func SortBundlesByCreation(bundles *rukpakv1alpha1.BundleList) {
 	})
 }
 
-// GetPodNamespace checks whether the controller is running in a Pod vs.
+// PodNamespace checks whether the controller is running in a Pod vs.
 // being run locally by inspecting the namespace file that gets mounted
 // automatically for Pods at runtime. If that file doesn't exist, then
-// return the @defaultNamespace namespace parameter.
-func PodNamespace(defaultNamespace string) string {
+// return DefaultSystemNamespace.
+func PodNamespace() string {
 	namespace, err := os.ReadFile("/var/run/secrets/kubernetes.io/serviceaccount/namespace")
 	if err != nil {
-		return defaultNamespace
+		return DefaultSystemNamespace
 	}
 	return string(namespace)
 }