diff --git a/chart/values.global.yaml b/chart/values.global.yaml index b1fbb919..36a4c5a6 100644 --- a/chart/values.global.yaml +++ b/chart/values.global.yaml @@ -9,4 +9,5 @@ controllerManager: - --health-probe-bind-address=:8081 - --metrics-bind-address=127.0.0.1:8080 - --leader-elect + - --namespace=llmaz-system replicas: 1 \ No newline at end of file diff --git a/chart/values.yaml b/chart/values.yaml index cb984f7a..492c2b08 100644 --- a/chart/values.yaml +++ b/chart/values.yaml @@ -25,6 +25,7 @@ controllerManager: - --health-probe-bind-address=:8081 - --metrics-bind-address=127.0.0.1:8080 - --leader-elect + - --namespace=llmaz-system containerSecurityContext: allowPrivilegeEscalation: false capabilities: diff --git a/cmd/main.go b/cmd/main.go index 2cf095c9..c8f2727b 100644 --- a/cmd/main.go +++ b/cmd/main.go @@ -61,8 +61,11 @@ func main() { var metricsAddr string var enableLeaderElection bool var probeAddr string + var namespace string + flag.StringVar(&metricsAddr, "metrics-bind-address", ":8080", "The address the metric endpoint binds to.") flag.StringVar(&probeAddr, "health-probe-bind-address", ":8081", "The address the probe endpoint binds to.") + flag.StringVar(&namespace, "namespace", "llmaz-system", "The namespace of the llmaz to deploy") flag.BoolVar(&enableLeaderElection, "leader-elect", false, "Enable leader election for controller manager. "+ "Enabling this will ensure there is only one active controller manager.") @@ -99,7 +102,7 @@ func main() { certsReady := make(chan struct{}) - if err = cert.CertsManager(mgr, certsReady); err != nil { + if err = cert.CertsManager(mgr, namespace, certsReady); err != nil { setupLog.Error(err, "unable to setup cert rotation") os.Exit(1) } diff --git a/config/default/manager_auth_proxy_patch.yaml b/config/default/manager_auth_proxy_patch.yaml index 70c3437f..f6c1a596 100644 --- a/config/default/manager_auth_proxy_patch.yaml +++ b/config/default/manager_auth_proxy_patch.yaml @@ -37,3 +37,4 @@ spec: - "--health-probe-bind-address=:8081" - "--metrics-bind-address=127.0.0.1:8080" - "--leader-elect" + - "--namespace=llmaz-system" diff --git a/pkg/cert/cert.go b/pkg/cert/cert.go index 4ff77900..19fcb1d9 100644 --- a/pkg/cert/cert.go +++ b/pkg/cert/cert.go @@ -22,7 +22,6 @@ import ( ) const ( - secretNamespace = "llmaz-system" serviceName = "llmaz-webhook-service" secretName = "llmaz-webhook-server-cert" certDir = "/tmp/k8s-webhook-server/serving-certs" @@ -32,18 +31,17 @@ const ( caOrg = "llmaz" ) -// dnsName is the format of ..svc -var dnsName = fmt.Sprintf("%s.%s.svc", serviceName, secretNamespace) - //+kubebuilder:rbac:groups="",resources=secrets,verbs=get;list;watch;update //+kubebuilder:rbac:groups="admissionregistration.k8s.io",resources=mutatingwebhookconfigurations,verbs=get;list;watch;update //+kubebuilder:rbac:groups="admissionregistration.k8s.io",resources=validatingwebhookconfigurations,verbs=get;list;watch;update // CertsManager creates certs for webhooks. -func CertsManager(mgr ctrl.Manager, setupFinish chan struct{}) error { +func CertsManager(mgr ctrl.Manager, namespace string, setupFinish chan struct{}) error { + // dnsName is the format of ..svc + dnsName := fmt.Sprintf("%s.%s.svc", serviceName, namespace) return cert.AddRotator(mgr, &cert.CertRotator{ SecretKey: types.NamespacedName{ - Namespace: secretNamespace, + Namespace: namespace, Name: secretName, }, CertDir: certDir,