diff --git a/pkg/runtime/cache/account.go b/pkg/runtime/cache/account.go index 22a9c8e..812df66 100644 --- a/pkg/runtime/cache/account.go +++ b/pkg/runtime/cache/account.go @@ -57,7 +57,7 @@ func resourceMatchACKRoleAccountsConfigMap(raw interface{}) bool { func (c *AccountCache) Run(clientSet kubernetes.Interface, stopCh <-chan struct{}) { informer := informersv1.NewConfigMapInformer( clientSet, - currentNamespace, + ackSystemNamespace, informerResyncPeriod, k8scache.Indexers{}, ) diff --git a/pkg/runtime/cache/cache.go b/pkg/runtime/cache/cache.go index 5b5b0d4..cbf0bb4 100644 --- a/pkg/runtime/cache/cache.go +++ b/pkg/runtime/cache/cache.go @@ -14,33 +14,48 @@ package cache import ( - "os" "time" "github.com/go-logr/logr" + "github.com/jaypipes/envutil" kubernetes "k8s.io/client-go/kubernetes" ) const ( - // defaultNamespace is the default namespace to use if the environment - // variable NAMESPACE is not found. The NAMESPACE variable is injected - // using the kubernetes downward api. - defaultNamespace = "ack-system" + // envVarACKSystemNamespace is the string key for the environment variable + // storing the Kubernetes Namespace we use for ConfigMaps and other ACK + // system configuration needs. + envVarACKSystemNamespace = "ACK_SYSTEM_NAMESPACE" + + // envVarDeprecatedK8sNamespace is the string key for the old, deprecated + // environment variable storing the Kubernetes Namespace we use for + // ConfigMaps and other ACK system configuration needs. + envVarDeprecatedK8sNamespace = "K8S_NAMESPACE" + + // defaultACKSystemNamespace is the namespace we look up the CARM account + // map ConfigMap in if the environment variable ACK_SYSTEM_NAMESPACE is not + // found. + defaultACKSystemNamespace = "ack-system" // informerDefaultResyncPeriod is the period at which ShouldResync // is considered. + // NOTE(jaypipes): setting this to zero means we are telling the client-go + // caching system not to set up resyncs with an authoritative state source + // (i.e. a Kubernetes API server) on a periodic basis. informerResyncPeriod = 0 * time.Second ) -// currentNamespace is the namespace in which the current service -// controller Pod is running -var currentNamespace string +// ackSystemNamespace is the namespace in which we look up ACK system +// configuration (ConfigMaps, etc) +var ackSystemNamespace string func init() { - currentNamespace = os.Getenv("K8S_NAMESPACE") - if currentNamespace == "" { - currentNamespace = defaultNamespace - } + ackSystemNamespace = envutil.WithDefault( + envVarACKSystemNamespace, envutil.WithDefault( + envVarDeprecatedK8sNamespace, + defaultACKSystemNamespace, + ), + ) } // Caches is used to interact with the different caches diff --git a/pkg/runtime/cache/namespace.go b/pkg/runtime/cache/namespace.go index 44454d2..e147913 100644 --- a/pkg/runtime/cache/namespace.go +++ b/pkg/runtime/cache/namespace.go @@ -76,12 +76,13 @@ func NewNamespaceCache(log logr.Logger) *NamespaceCache { } } -// isIgnoredNamespace returns true if an object is of type corev1.Namespace -// and its metadata name is one of 'ack-system', 'kube-system' or 'kube-public' +// isIgnoredNamespace returns true if an object is of type corev1.Namespace and +// its metadata name is the ACK system namespace, 'kube-system' or +// 'kube-public' func isIgnoredNamespace(raw interface{}) bool { object, ok := raw.(*corev1.Namespace) return ok && - (object.ObjectMeta.Name == "ack-system" || + (object.ObjectMeta.Name == ackSystemNamespace || object.ObjectMeta.Name == "kube-system" || object.ObjectMeta.Name == "kube-public") } diff --git a/pkg/runtime/reconciler.go b/pkg/runtime/reconciler.go index 20b241e..7b2df57 100644 --- a/pkg/runtime/reconciler.go +++ b/pkg/runtime/reconciler.go @@ -111,7 +111,7 @@ func (r *reconciler) SecretValueFromReference( Name: ref.Name, } var secret corev1.Secret - if err := r.kc.Get(ctx, nsn, &secret); err != nil { + if err := r.apiReader.Get(ctx, nsn, &secret); err != nil { return "", ackerr.SecretNotFound }