diff --git a/docs/CHANGELOG.md b/docs/CHANGELOG.md
index 5dd580c70..e5d125a2b 100644
--- a/docs/CHANGELOG.md
+++ b/docs/CHANGELOG.md
@@ -71,6 +71,7 @@ aliases:
* FEATURE: [vmprobe](https://docs.victoriametrics.com/operator/resources/vmprobe/): added `spec.targets.kubernetes` property, that allows to configure probe for `ingress`, `pod` and `service` roles. See [#1078](https://github.com/VictoriaMetrics/operator/issues/1078) and [#1716](https://github.com/VictoriaMetrics/operator/issues/1716).
* FEATURE: [vmscrapeconfig](https://docs.victoriametrics.com/operator/resources/vmscrapeconfig/): added nomad_sd_config support. See [#1809](https://github.com/VictoriaMetrics/operator/issues/1809).
* FEATURE: [vmoperator](https://docs.victoriametrics.com/operator/): support VPA for vmcluster, vtcluster, vlcluster and vmauth. See [#1795](https://github.com/VictoriaMetrics/operator/issues/1795). Thanks to the @dctrwatson for the pull request [#1803](https://github.com/VictoriaMetrics/operator/pull/1803).
+* FEATURE: [vmoperator](https://docs.victoriametrics.com/operator/): introduce `EXCLUDE_NAMESPACE` environment variable that accepts comma-separated list of environment variables that are excluded by operator. See [#1289](https://github.com/VictoriaMetrics/operator/issues/1289)
* BUGFIX: [vmagent](https://docs.victoriametrics.com/operator/resources/vmagent/): previously the operator requested `nodes/proxy` RBAC permissions even though vmagent did not use them; now this permission is no longer required, reducing the default privilege footprint for users running vmagent. See [#1753](https://github.com/VictoriaMetrics/operator/issues/1753).
* BUGFIX: [vmalert](https://docs.victoriametrics.com/operator/resources/vmalert/): throw error if no notifiers found. See [#1757](https://github.com/VictoriaMetrics/operator/issues/1757).
diff --git a/docs/env.md b/docs/env.md
index 2d9c7773d..e767eda6f 100644
--- a/docs/env.md
+++ b/docs/env.md
@@ -8,6 +8,7 @@
| VM_GATEWAY_API_ENABLED: `false` # |
| VM_VPA_API_ENABLED: `false` # |
| WATCH_NAMESPACE: `-` #
Defines a list of namespaces to be watched by operator. Operator don't perform any cluster wide API calls if namespaces not empty. In case of empty list it performs only clusterwide api calls. |
+| EXCLUDE_NAMESPACE: `-` #
Defines a list of namespaces to exclude from being watched by operator. |
| VM_CONTAINERREGISTRY: `-` #
container registry name prefix, e.g. docker.io |
| VM_CUSTOMCONFIGRELOADERIMAGE: `-` #
Deprecated: use VM_CONFIG_RELOADER_IMAGE instead |
| VM_PSPAUTOCREATEENABLED: `false` # |
diff --git a/internal/config/config.go b/internal/config/config.go
index ac974930c..3503891ec 100644
--- a/internal/config/config.go
+++ b/internal/config/config.go
@@ -110,6 +110,9 @@ type BaseOperatorConf struct {
// In case of empty list it performs only clusterwide api calls.
WatchNamespaces []string `default:"" env:"WATCH_NAMESPACE"`
+ // Defines a list of namespaces to exclude from being watched by operator.
+ ExcludeNamespaces []string `default:"" env:"EXCLUDE_NAMESPACE"`
+
// container registry name prefix, e.g. docker.io
ContainerRegistry string `default:"" env:"VM_CONTAINERREGISTRY"`
// Deprecated: use VM_CONFIG_RELOADER_IMAGE instead
@@ -639,6 +642,14 @@ func (boc *BaseOperatorConf) ResyncAfterDuration() time.Duration {
// Validate - validates config on best effort.
func (boc BaseOperatorConf) validate() error {
+ if len(boc.ExcludeNamespaces) > 0 && len(boc.WatchNamespaces) > 0 {
+ return fmt.Errorf("both WATCH_NAMESPACE and EXCLUDE_NAMESPACE cannot be defined simultaneously")
+ }
+ for _, ns := range boc.ExcludeNamespaces {
+ if !validNamespaceRegex.MatchString(ns) {
+ return fmt.Errorf("namespace=%q doesn't match regex=%q", ns, validNamespaceRegex.String())
+ }
+ }
for _, ns := range boc.WatchNamespaces {
if !validNamespaceRegex.MatchString(ns) {
return fmt.Errorf("namespace=%q doesn't match regex=%q", ns, validNamespaceRegex.String())
diff --git a/internal/controller/operator/factory/k8stools/client_utils.go b/internal/controller/operator/factory/k8stools/client_utils.go
index 180dc2040..b84dd9369 100644
--- a/internal/controller/operator/factory/k8stools/client_utils.go
+++ b/internal/controller/operator/factory/k8stools/client_utils.go
@@ -14,6 +14,8 @@ import (
"k8s.io/apimachinery/pkg/util/strategicpatch"
"k8s.io/apimachinery/pkg/util/validation"
"sigs.k8s.io/controller-runtime/pkg/client"
+
+ "github.com/VictoriaMetrics/operator/internal/config"
)
var invalidDNS1123Characters = regexp.MustCompile("[^-a-z0-9]+")
@@ -105,8 +107,15 @@ func UpdatePodAnnotations(ctx context.Context, rclient client.Client, selector m
return nil
}
-// ListObjectsByNamespace performs object list for given namespaces
-func ListObjectsByNamespace[T any, PT listing[T]](ctx context.Context, rclient client.Client, nss []string, collect func(PT), opts ...client.ListOption) error {
+// ListObjects performs object list for namespaces limited by WATCH_NAMESPACE and EXCLUDE_NAMESPACE values
+func ListObjects[T any, PT listing[T]](ctx context.Context, rclient client.Client, collect func(PT), opts ...client.ListOption) error {
+ cfg := config.MustGetBaseConfig()
+ nss := cfg.WatchNamespaces
+ return listObjectsByNamespace(ctx, rclient, nss, collect, opts...)
+}
+
+// listObjectsByNamespace performs object list for given namespaces
+func listObjectsByNamespace[T any, PT listing[T]](ctx context.Context, rclient client.Client, nss []string, collect func(PT), opts ...client.ListOption) error {
dst := PT(new(T))
if len(nss) == 0 {
if err := rclient.List(ctx, dst, opts...); err != nil {
diff --git a/internal/controller/operator/factory/k8stools/selectors.go b/internal/controller/operator/factory/k8stools/selectors.go
index 9b4999e1f..7a0438568 100644
--- a/internal/controller/operator/factory/k8stools/selectors.go
+++ b/internal/controller/operator/factory/k8stools/selectors.go
@@ -56,7 +56,7 @@ func VisitSelected[T any, PT listing[T]](ctx context.Context, rclient client.Cli
}
nss := dnsr.namespaces
// namespaces could still be empty and it's ok
- return ListObjectsByNamespace(ctx, rclient, nss, cb, opts)
+ return listObjectsByNamespace(ctx, rclient, nss, cb, opts)
}
type discoverNamespacesResponse struct {
diff --git a/internal/controller/operator/factory/vmalert/vmalert.go b/internal/controller/operator/factory/vmalert/vmalert.go
index e14e8acab..b422d8f99 100644
--- a/internal/controller/operator/factory/vmalert/vmalert.go
+++ b/internal/controller/operator/factory/vmalert/vmalert.go
@@ -687,7 +687,6 @@ func discoverNotifiersIfNeeded(ctx context.Context, rclient client.Client, cr *v
if cr.Spec.Notifier != nil {
cr.Spec.Notifiers = append(cr.Spec.Notifiers, *cr.Spec.Notifier)
}
- cfg := config.MustGetBaseConfig()
// trim notifiers with non-empty notifier Selector
var cnt int
for i := range cr.Spec.Notifiers {
@@ -703,7 +702,7 @@ func discoverNotifiersIfNeeded(ctx context.Context, rclient client.Client, cr *v
if err != nil {
return fmt.Errorf("cannot convert notifier selector as ListOptions: %w", err)
}
- if err := k8stools.ListObjectsByNamespace(ctx, rclient, cfg.WatchNamespaces, func(l *vmv1beta1.VMAlertmanagerList) {
+ if err := k8stools.ListObjects(ctx, rclient, func(l *vmv1beta1.VMAlertmanagerList) {
for _, item := range l.Items {
if !item.DeletionTimestamp.IsZero() || (n.Selector.Namespace != nil && !n.Selector.Namespace.IsMatch(&item)) {
continue
diff --git a/internal/controller/operator/vmagent_controller.go b/internal/controller/operator/vmagent_controller.go
index 0bbcc3d33..0492ff501 100644
--- a/internal/controller/operator/vmagent_controller.go
+++ b/internal/controller/operator/vmagent_controller.go
@@ -151,14 +151,14 @@ func (*VMAgentReconciler) IsDisabled(_ *config.BaseOperatorConf, _ sets.Set[stri
return false
}
-func collectVMAgentScrapes(l logr.Logger, ctx context.Context, rclient client.Client, watchNamespaces []string, instance client.Object) (err error) {
+func collectVMAgentScrapes(l logr.Logger, ctx context.Context, rclient client.Client, instance client.Object) (err error) {
if build.IsControllerDisabled("VMAgent") && agentReconcileLimit.Throttle() {
return nil
}
agentSync.Lock()
defer agentSync.Unlock()
var objects vmv1beta1.VMAgentList
- if err = k8stools.ListObjectsByNamespace(ctx, rclient, watchNamespaces, func(dst *vmv1beta1.VMAgentList) {
+ if err = k8stools.ListObjects(ctx, rclient, func(dst *vmv1beta1.VMAgentList) {
objects.Items = append(objects.Items, dst.Items...)
}); err != nil {
err = fmt.Errorf("cannot list VMAgents for %T: %w", instance, err)
diff --git a/internal/controller/operator/vmalertmanagerconfig_controller.go b/internal/controller/operator/vmalertmanagerconfig_controller.go
index 215d600af..075162b24 100644
--- a/internal/controller/operator/vmalertmanagerconfig_controller.go
+++ b/internal/controller/operator/vmalertmanagerconfig_controller.go
@@ -39,15 +39,13 @@ type VMAlertmanagerConfigReconciler struct {
client.Client
Log logr.Logger
OriginScheme *runtime.Scheme
- BaseConf *config.BaseOperatorConf
}
// Init implements crdController interface
-func (r *VMAlertmanagerConfigReconciler) Init(rclient client.Client, l logr.Logger, sc *runtime.Scheme, cf *config.BaseOperatorConf) {
+func (r *VMAlertmanagerConfigReconciler) Init(rclient client.Client, l logr.Logger, sc *runtime.Scheme, _ *config.BaseOperatorConf) {
r.Client = rclient
r.Log = l.WithName("controller.VMAlertmanagerConfig")
r.OriginScheme = sc
- r.BaseConf = cf
}
// Scheme implements interface.
@@ -82,7 +80,7 @@ func (r *VMAlertmanagerConfigReconciler) Reconcile(ctx context.Context, req ctrl
alertmanagerSync.Lock()
defer alertmanagerSync.Unlock()
var objects vmv1beta1.VMAlertmanagerList
- if err = k8stools.ListObjectsByNamespace(ctx, r.Client, r.BaseConf.WatchNamespaces, func(dst *vmv1beta1.VMAlertmanagerList) {
+ if err = k8stools.ListObjects(ctx, r.Client, func(dst *vmv1beta1.VMAlertmanagerList) {
objects.Items = append(objects.Items, dst.Items...)
}); err != nil {
err = fmt.Errorf("cannot list vmalertmanagers for vmalertmanagerconfig: %w", err)
diff --git a/internal/controller/operator/vmnodescrape_controller.go b/internal/controller/operator/vmnodescrape_controller.go
index 4849768a5..0369bbbd3 100644
--- a/internal/controller/operator/vmnodescrape_controller.go
+++ b/internal/controller/operator/vmnodescrape_controller.go
@@ -36,15 +36,13 @@ type VMNodeScrapeReconciler struct {
client.Client
Log logr.Logger
OriginScheme *runtime.Scheme
- BaseConf *config.BaseOperatorConf
}
// Init implements crdController interface
-func (r *VMNodeScrapeReconciler) Init(rclient client.Client, l logr.Logger, sc *runtime.Scheme, cf *config.BaseOperatorConf) {
+func (r *VMNodeScrapeReconciler) Init(rclient client.Client, l logr.Logger, sc *runtime.Scheme, _ *config.BaseOperatorConf) {
r.Client = rclient
r.Log = l.WithName("controller.VMNodeScrape")
r.OriginScheme = sc
- r.BaseConf = cf
}
// Scheme implements interface.
@@ -76,11 +74,11 @@ func (r *VMNodeScrapeReconciler) Reconcile(ctx context.Context, req ctrl.Request
return
}
- if err = collectVMAgentScrapes(l, ctx, r.Client, r.BaseConf.WatchNamespaces, &instance); err != nil {
+ if err = collectVMAgentScrapes(l, ctx, r.Client, &instance); err != nil {
return
}
- if err = collectVMSingleScrapes(l, ctx, r.Client, r.BaseConf.WatchNamespaces, &instance); err != nil {
+ if err = collectVMSingleScrapes(l, ctx, r.Client, &instance); err != nil {
return
}
diff --git a/internal/controller/operator/vmpodscrape_controller.go b/internal/controller/operator/vmpodscrape_controller.go
index 0403fcd4f..427489042 100644
--- a/internal/controller/operator/vmpodscrape_controller.go
+++ b/internal/controller/operator/vmpodscrape_controller.go
@@ -36,15 +36,13 @@ type VMPodScrapeReconciler struct {
client.Client
Log logr.Logger
OriginScheme *runtime.Scheme
- BaseConf *config.BaseOperatorConf
}
// Init implements crdController interface
-func (r *VMPodScrapeReconciler) Init(rclient client.Client, l logr.Logger, sc *runtime.Scheme, cf *config.BaseOperatorConf) {
+func (r *VMPodScrapeReconciler) Init(rclient client.Client, l logr.Logger, sc *runtime.Scheme, _ *config.BaseOperatorConf) {
r.Client = rclient
r.Log = l.WithName("controller.VMPodScrape")
r.OriginScheme = sc
- r.BaseConf = cf
}
// Scheme implements interface.
@@ -74,10 +72,10 @@ func (r *VMPodScrapeReconciler) Reconcile(ctx context.Context, req ctrl.Request)
err = &parsingError{instance.Spec.ParsingError, "vmpodscrape"}
return
}
- if err = collectVMAgentScrapes(l, ctx, r.Client, r.BaseConf.WatchNamespaces, &instance); err != nil {
+ if err = collectVMAgentScrapes(l, ctx, r.Client, &instance); err != nil {
return
}
- if err = collectVMSingleScrapes(l, ctx, r.Client, r.BaseConf.WatchNamespaces, &instance); err != nil {
+ if err = collectVMSingleScrapes(l, ctx, r.Client, &instance); err != nil {
return
}
return
diff --git a/internal/controller/operator/vmprobe_controller.go b/internal/controller/operator/vmprobe_controller.go
index d07db4c2d..67a76210a 100644
--- a/internal/controller/operator/vmprobe_controller.go
+++ b/internal/controller/operator/vmprobe_controller.go
@@ -36,15 +36,13 @@ type VMProbeReconciler struct {
client.Client
Log logr.Logger
OriginScheme *runtime.Scheme
- BaseConf *config.BaseOperatorConf
}
// Init implements crdController interface
-func (r *VMProbeReconciler) Init(rclient client.Client, l logr.Logger, sc *runtime.Scheme, cf *config.BaseOperatorConf) {
+func (r *VMProbeReconciler) Init(rclient client.Client, l logr.Logger, sc *runtime.Scheme, _ *config.BaseOperatorConf) {
r.Client = rclient
r.Log = l.WithName("controller.VMProbe")
r.OriginScheme = sc
- r.BaseConf = cf
}
// Scheme implements interface.
@@ -74,10 +72,10 @@ func (r *VMProbeReconciler) Reconcile(ctx context.Context, req ctrl.Request) (re
err = &parsingError{instance.Spec.ParsingError, "vmprobescrape"}
return
}
- if err = collectVMAgentScrapes(l, ctx, r.Client, r.BaseConf.WatchNamespaces, &instance); err != nil {
+ if err = collectVMAgentScrapes(l, ctx, r.Client, &instance); err != nil {
return
}
- if err = collectVMSingleScrapes(l, ctx, r.Client, r.BaseConf.WatchNamespaces, &instance); err != nil {
+ if err = collectVMSingleScrapes(l, ctx, r.Client, &instance); err != nil {
return
}
return
diff --git a/internal/controller/operator/vmrule_controller.go b/internal/controller/operator/vmrule_controller.go
index 7ab942896..1662c6f5d 100644
--- a/internal/controller/operator/vmrule_controller.go
+++ b/internal/controller/operator/vmrule_controller.go
@@ -39,15 +39,13 @@ type VMRuleReconciler struct {
client.Client
Log logr.Logger
OriginScheme *runtime.Scheme
- BaseConf *config.BaseOperatorConf
}
// Init implements crdController interface
-func (r *VMRuleReconciler) Init(rclient client.Client, l logr.Logger, sc *runtime.Scheme, cf *config.BaseOperatorConf) {
+func (r *VMRuleReconciler) Init(rclient client.Client, l logr.Logger, sc *runtime.Scheme, _ *config.BaseOperatorConf) {
r.Client = rclient
r.Log = l.WithName("controller.VMRule")
r.OriginScheme = sc
- r.BaseConf = cf
}
// Scheme implements interface.
@@ -85,7 +83,7 @@ func (r *VMRuleReconciler) Reconcile(ctx context.Context, req ctrl.Request) (res
alertSync.Lock()
defer alertSync.Unlock()
var objects vmv1beta1.VMAlertList
- if err = k8stools.ListObjectsByNamespace(ctx, r.Client, r.BaseConf.WatchNamespaces, func(dst *vmv1beta1.VMAlertList) {
+ if err = k8stools.ListObjects(ctx, r.Client, func(dst *vmv1beta1.VMAlertList) {
objects.Items = append(objects.Items, dst.Items...)
}); err != nil {
err = fmt.Errorf("cannot list vmalerts for vmrule: %w", err)
diff --git a/internal/controller/operator/vmscrapeconfig_controller.go b/internal/controller/operator/vmscrapeconfig_controller.go
index 061de25d4..7eb98eb42 100644
--- a/internal/controller/operator/vmscrapeconfig_controller.go
+++ b/internal/controller/operator/vmscrapeconfig_controller.go
@@ -36,15 +36,13 @@ type VMScrapeConfigReconciler struct {
client.Client
Log logr.Logger
OriginScheme *runtime.Scheme
- BaseConf *config.BaseOperatorConf
}
// Init implements crdController interface
-func (r *VMScrapeConfigReconciler) Init(rclient client.Client, l logr.Logger, sc *runtime.Scheme, cf *config.BaseOperatorConf) {
+func (r *VMScrapeConfigReconciler) Init(rclient client.Client, l logr.Logger, sc *runtime.Scheme, _ *config.BaseOperatorConf) {
r.Client = rclient
r.Log = l.WithName("controller.VMScrapeConfig")
r.OriginScheme = sc
- r.BaseConf = cf
}
// Scheme implements interface.
@@ -74,10 +72,10 @@ func (r *VMScrapeConfigReconciler) Reconcile(ctx context.Context, req ctrl.Reque
err = &parsingError{instance.Spec.ParsingError, "vmscrapeconfig"}
return
}
- if err = collectVMAgentScrapes(l, ctx, r.Client, r.BaseConf.WatchNamespaces, &instance); err != nil {
+ if err = collectVMAgentScrapes(l, ctx, r.Client, &instance); err != nil {
return
}
- if err = collectVMSingleScrapes(l, ctx, r.Client, r.BaseConf.WatchNamespaces, &instance); err != nil {
+ if err = collectVMSingleScrapes(l, ctx, r.Client, &instance); err != nil {
return
}
return
diff --git a/internal/controller/operator/vmservicescrape_controller.go b/internal/controller/operator/vmservicescrape_controller.go
index b68744cc8..02249e179 100644
--- a/internal/controller/operator/vmservicescrape_controller.go
+++ b/internal/controller/operator/vmservicescrape_controller.go
@@ -36,15 +36,13 @@ type VMServiceScrapeReconciler struct {
client.Client
Log logr.Logger
OriginScheme *runtime.Scheme
- BaseConf *config.BaseOperatorConf
}
// Init implements crdController interface
-func (r *VMServiceScrapeReconciler) Init(rclient client.Client, l logr.Logger, sc *runtime.Scheme, cf *config.BaseOperatorConf) {
+func (r *VMServiceScrapeReconciler) Init(rclient client.Client, l logr.Logger, sc *runtime.Scheme, _ *config.BaseOperatorConf) {
r.Client = rclient
r.Log = l.WithName("controller.VMServiceScrape")
r.OriginScheme = sc
- r.BaseConf = cf
}
// Scheme implements interface.
@@ -74,10 +72,10 @@ func (r *VMServiceScrapeReconciler) Reconcile(ctx context.Context, req ctrl.Requ
err = &parsingError{instance.Spec.ParsingError, "vmservicescrape"}
return
}
- if err = collectVMAgentScrapes(l, ctx, r.Client, r.BaseConf.WatchNamespaces, &instance); err != nil {
+ if err = collectVMAgentScrapes(l, ctx, r.Client, &instance); err != nil {
return
}
- if err = collectVMSingleScrapes(l, ctx, r.Client, r.BaseConf.WatchNamespaces, &instance); err != nil {
+ if err = collectVMSingleScrapes(l, ctx, r.Client, &instance); err != nil {
return
}
return
diff --git a/internal/controller/operator/vmsingle_controller.go b/internal/controller/operator/vmsingle_controller.go
index 347457d8e..8c4b6949b 100644
--- a/internal/controller/operator/vmsingle_controller.go
+++ b/internal/controller/operator/vmsingle_controller.go
@@ -143,7 +143,7 @@ func (*VMSingleReconciler) IsDisabled(_ *config.BaseOperatorConf, _ sets.Set[str
return false
}
-func collectVMSingleScrapes(l logr.Logger, ctx context.Context, rclient client.Client, watchNamespaces []string, instance client.Object) (err error) {
+func collectVMSingleScrapes(l logr.Logger, ctx context.Context, rclient client.Client, instance client.Object) (err error) {
if build.IsControllerDisabled("VMSingle") && vmsingleReconcileLimit.Throttle() {
return nil
}
@@ -151,7 +151,7 @@ func collectVMSingleScrapes(l logr.Logger, ctx context.Context, rclient client.C
defer vmsingleSync.Unlock()
var objects vmv1beta1.VMSingleList
- if err = k8stools.ListObjectsByNamespace(ctx, rclient, watchNamespaces, func(dst *vmv1beta1.VMSingleList) {
+ if err = k8stools.ListObjects(ctx, rclient, func(dst *vmv1beta1.VMSingleList) {
objects.Items = append(objects.Items, dst.Items...)
}); err != nil {
err = fmt.Errorf("cannot list VMSingles for %T: %w", instance, err)
diff --git a/internal/controller/operator/vmstaticscrape_controller.go b/internal/controller/operator/vmstaticscrape_controller.go
index 4578191f8..400c56ef2 100644
--- a/internal/controller/operator/vmstaticscrape_controller.go
+++ b/internal/controller/operator/vmstaticscrape_controller.go
@@ -19,15 +19,13 @@ type VMStaticScrapeReconciler struct {
client.Client
Log logr.Logger
OriginScheme *runtime.Scheme
- BaseConf *config.BaseOperatorConf
}
// Init implements crdController interface
-func (r *VMStaticScrapeReconciler) Init(rclient client.Client, l logr.Logger, sc *runtime.Scheme, cf *config.BaseOperatorConf) {
+func (r *VMStaticScrapeReconciler) Init(rclient client.Client, l logr.Logger, sc *runtime.Scheme, _ *config.BaseOperatorConf) {
r.Client = rclient
r.Log = l.WithName("controller.VMStaticScrape")
r.OriginScheme = sc
- r.BaseConf = cf
}
// Scheme implements interface.
@@ -53,10 +51,10 @@ func (r *VMStaticScrapeReconciler) Reconcile(ctx context.Context, req ctrl.Reque
err = &parsingError{instance.Spec.ParsingError, "vmstaticscrape"}
return
}
- if err = collectVMAgentScrapes(l, ctx, r.Client, r.BaseConf.WatchNamespaces, &instance); err != nil {
+ if err = collectVMAgentScrapes(l, ctx, r.Client, &instance); err != nil {
return
}
- if err = collectVMSingleScrapes(l, ctx, r.Client, r.BaseConf.WatchNamespaces, &instance); err != nil {
+ if err = collectVMSingleScrapes(l, ctx, r.Client, &instance); err != nil {
return
}
return
diff --git a/internal/controller/operator/vmuser_controller.go b/internal/controller/operator/vmuser_controller.go
index e54b7b2f4..513c2816b 100644
--- a/internal/controller/operator/vmuser_controller.go
+++ b/internal/controller/operator/vmuser_controller.go
@@ -42,15 +42,13 @@ type VMUserReconciler struct {
client.Client
Log logr.Logger
OriginScheme *runtime.Scheme
- BaseConf *config.BaseOperatorConf
}
// Init implements crdController interface
-func (r *VMUserReconciler) Init(rclient client.Client, l logr.Logger, sc *runtime.Scheme, cf *config.BaseOperatorConf) {
+func (r *VMUserReconciler) Init(rclient client.Client, l logr.Logger, sc *runtime.Scheme, _ *config.BaseOperatorConf) {
r.Client = rclient
r.Log = l.WithName("controller.VMUser")
r.OriginScheme = sc
- r.BaseConf = cf
}
// Scheme implements interface.
@@ -96,7 +94,7 @@ func (r *VMUserReconciler) Reconcile(ctx context.Context, req ctrl.Request) (res
authSync.Lock()
defer authSync.Unlock()
var objects vmv1beta1.VMAuthList
- if err = k8stools.ListObjectsByNamespace(ctx, r.Client, r.BaseConf.WatchNamespaces, func(dst *vmv1beta1.VMAuthList) {
+ if err = k8stools.ListObjects(ctx, r.Client, func(dst *vmv1beta1.VMAuthList) {
objects.Items = append(objects.Items, dst.Items...)
}); err != nil {
err = fmt.Errorf("cannot list vmauths for vmuser: %w", err)
diff --git a/internal/manager/manager.go b/internal/manager/manager.go
index b84baad4f..f8727c6bf 100644
--- a/internal/manager/manager.go
+++ b/internal/manager/manager.go
@@ -24,6 +24,7 @@ import (
corev1 "k8s.io/api/core/v1"
metav1 "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1"
k8serrors "k8s.io/apimachinery/pkg/api/errors"
+ "k8s.io/apimachinery/pkg/fields"
"k8s.io/apimachinery/pkg/runtime"
utilruntime "k8s.io/apimachinery/pkg/util/runtime"
"k8s.io/apimachinery/pkg/util/sets"
@@ -225,12 +226,20 @@ func RunManager(ctx context.Context) error {
setupLog.Info("registering Components.")
var watchNsCacheByName map[string]cache.Config
- if len(baseConfig.WatchNamespaces) > 0 {
+ var excludeNsField fields.Selector
+ switch {
+ case len(baseConfig.WatchNamespaces) > 0:
setupLog.Info("operator configured with watching for subset of namespaces, cluster wide access is disabled", "namespaces", strings.Join(baseConfig.WatchNamespaces, ","))
watchNsCacheByName = make(map[string]cache.Config)
for _, ns := range baseConfig.WatchNamespaces {
watchNsCacheByName[ns] = cache.Config{}
}
+ case len(baseConfig.ExcludeNamespaces) > 0:
+ var nsSelectors []fields.Selector
+ for _, ns := range baseConfig.ExcludeNamespaces {
+ nsSelectors = append(nsSelectors, fields.OneTermNotEqualSelector("metadata.namespace", ns))
+ }
+ excludeNsField = fields.AndSelectors(nsSelectors...)
}
reconcile.Init(baseConfig, *statusUpdateTTL)
@@ -256,7 +265,8 @@ func RunManager(ctx context.Context) error {
LeaseDuration: leaderElectLeaseDuration,
RenewDeadline: leaderElectRenewDeadline,
Cache: cache.Options{
- DefaultNamespaces: watchNsCacheByName,
+ DefaultNamespaces: watchNsCacheByName,
+ DefaultFieldSelector: excludeNsField,
},
Client: client.Options{
Cache: co,