feat: initial draft for multi namespaces

Author: vknabel

controllers/deployment/controller.go

@@ -31,7 +31,7 @@ func SetupWithManager(log logr.Logger, recorder record.EventRecorder, mgr ctrl.M
 		lastSetCreation: map[string]time.Time{},
 	})
 
-	return ctrl.NewControllerManagedBy(mgr).
+	controller := ctrl.NewControllerManagedBy(mgr).
 		For(
 			&v2.FirewallDeployment{},
 			builder.WithPredicates(
@@ -57,9 +57,13 @@ func SetupWithManager(log logr.Logger, recorder record.EventRecorder, mgr ctrl.M
 					),
 				),
 			),
-		).
-		WithEventFilter(predicate.NewPredicateFuncs(controllers.SkipOtherNamespace(c.GetSeedNamespace()))).
-		Complete(g)
+		)
+
+	if c.GetSeedNamespace() != "" {
+		controller = controller.WithEventFilter(predicate.NewPredicateFuncs(controllers.SkipOtherNamespace(c.GetSeedNamespace())))
+	}
+
+	return controller.Complete(g)
 }
 
 func SetupWebhookWithManager(log logr.Logger, mgr ctrl.Manager, c *config.ControllerConfig) error {

controllers/deployment/infrastructure_status.go

@@ -27,7 +27,7 @@ func (c *controller) updateInfrastructureStatus(r *controllers.Ctx[*v2.FirewallD
 	})
 
 	err := c.c.GetSeedClient().Get(r.Ctx, client.ObjectKey{
-		Namespace: c.c.GetSeedNamespace(),
+		Namespace: r.Target.Namespace,
 		Name:      infrastructureName,
 	}, infraObj)
 	if err != nil {
@@ -129,7 +129,7 @@ func (c *controller) updateInfrastructureStatus(r *controllers.Ctx[*v2.FirewallD
 	})
 
 	err = c.c.GetSeedClient().Get(r.Ctx, client.ObjectKey{
-		Namespace: c.c.GetSeedNamespace(),
+		Namespace: r.Target.Namespace,
 		Name:      "acl",
 	}, aclObj)
 	if err != nil {
@@ -150,6 +150,7 @@ func (c *controller) updateInfrastructureStatus(r *controllers.Ctx[*v2.FirewallD
 }
 
 func extractInfrastructureNameFromSeedNamespace(namespace string) (string, bool) {
+	// TODO: is this safe to not skip in the future?
 	if !strings.HasPrefix(namespace, "shoot--") {
 		return "", false
 	}

controllers/deployment/reconcile.go

@@ -83,7 +83,7 @@ func (c *controller) Reconcile(r *controllers.Ctx[*v2.FirewallDeployment]) error
 		r.Log.Info("swapped latest set to shortest distance", "distance", v2.FirewallShortestDistance)
 	}
 
-	infrastructureName, ok := extractInfrastructureNameFromSeedNamespace(c.c.GetSeedNamespace())
+	infrastructureName, ok := extractInfrastructureNameFromSeedNamespace(r.Target.Namespace)
 	if ok {
 		var ownedFirewalls []*v2.Firewall
 		for _, set := range ownedSets {

controllers/firewall/controller.go

@@ -88,7 +88,7 @@ func SetupWithManager(log logr.Logger, recorder record.EventRecorder, mgr ctrl.M
 		}),
 	})
 
-	return ctrl.NewControllerManagedBy(mgr).
+	controller := ctrl.NewControllerManagedBy(mgr).
 		For(
 			&v2.Firewall{},
 			builder.WithPredicates(
@@ -99,9 +99,13 @@ func SetupWithManager(log logr.Logger, recorder record.EventRecorder, mgr ctrl.M
 			),
 		).
 		// don't think about owning the firewall monitor here, it's in the shoot cluster, we cannot watch two clusters with controller-runtime
-		Named("Firewall").
-		WithEventFilter(predicate.NewPredicateFuncs(controllers.SkipOtherNamespace(c.GetSeedNamespace()))).
-		Complete(g)
+		Named("Firewall")
+
+	if c.GetSeedNamespace() != "" {
+		controller = controller.WithEventFilter(predicate.NewPredicateFuncs(controllers.SkipOtherNamespace(c.GetSeedNamespace())))
+	}
+
+	return controller.Complete(g)
 }
 
 func SetupWebhookWithManager(log logr.Logger, mgr ctrl.Manager, c *config.ControllerConfig) error {

controllers/generic_controller.go

@@ -74,7 +74,7 @@ func (g *GenericController[O]) logger(req ctrl.Request) logr.Logger {
 }
 
 func (g GenericController[O]) Reconcile(ctx context.Context, req ctrl.Request) (ctrl.Result, error) {
-	if req.Namespace != g.namespace { // should already be filtered out through predicate, but we will check anyway
+	if g.namespace != "" && req.Namespace != g.namespace { // should already be filtered out through predicate, but we will check anyway
 		return ctrl.Result{}, nil
 	}
 

controllers/monitor/controller.go

@@ -22,17 +22,21 @@ func SetupWithManager(log logr.Logger, mgr ctrl.Manager, c *config.ControllerCon
 		c:   c,
 	}).WithoutStatus()
 
-	return ctrl.NewControllerManagedBy(mgr).
+	controller := ctrl.NewControllerManagedBy(mgr).
 		For(&v2.FirewallMonitor{},
 			builder.WithPredicates(
 				predicate.Not(
 					v2.AnnotationRemovedPredicate(v2.RollSetAnnotation),
 				),
 			),
 		).
-		Named("FirewallMonitor").
-		WithEventFilter(predicate.NewPredicateFuncs(controllers.SkipOtherNamespace(c.GetShootNamespace()))).
-		Complete(g)
+		Named("FirewallMonitor")
+
+	if c.GetSeedNamespace() != "" {
+		controller = controller.WithEventFilter(predicate.NewPredicateFuncs(controllers.SkipOtherNamespace(c.GetSeedNamespace())))
+	}
+
+	return controller.Complete(g)
 }
 
 func (c *controller) New() *v2.FirewallMonitor {

controllers/monitor/reconcile.go

@@ -37,7 +37,7 @@ func (c *controller) updateFirewallStatus(r *controllers.Ctx[*v2.FirewallMonitor
 	fw := &v2.Firewall{
 		ObjectMeta: metav1.ObjectMeta{
 			Name:      r.Target.Name,
-			Namespace: c.c.GetSeedNamespace(),
+			Namespace: r.Target.Namespace,
 		},
 	}
 	err := c.c.GetSeedClient().Get(r.Ctx, client.ObjectKeyFromObject(fw), fw)
@@ -72,7 +72,7 @@ func (c *controller) rollSetAnnotation(r *controllers.Ctx[*v2.FirewallMonitor])
 	fw := &v2.Firewall{
 		ObjectMeta: metav1.ObjectMeta{
 			Name:      r.Target.Name,
-			Namespace: c.c.GetSeedNamespace(),
+			Namespace: r.Target.Namespace,
 		},
 	}
 

controllers/set/controller.go

@@ -26,7 +26,7 @@ func SetupWithManager(log logr.Logger, recorder record.EventRecorder, mgr ctrl.M
 		c:        c,
 	})
 
-	return ctrl.NewControllerManagedBy(mgr).
+	controller := ctrl.NewControllerManagedBy(mgr).
 		For(
 			&v2.FirewallSet{},
 			builder.WithPredicates(
@@ -47,9 +47,13 @@ func SetupWithManager(log logr.Logger, recorder record.EventRecorder, mgr ctrl.M
 					),
 				),
 			),
-		).
-		WithEventFilter(predicate.NewPredicateFuncs(controllers.SkipOtherNamespace(c.GetSeedNamespace()))).
-		Complete(g)
+		)
+
+	if c.GetSeedNamespace() != "" {
+		controller = controller.WithEventFilter(predicate.NewPredicateFuncs(controllers.SkipOtherNamespace(c.GetSeedNamespace())))
+	}
+
+	return controller.Complete(g)
 }
 
 func SetupWebhookWithManager(log logr.Logger, mgr ctrl.Manager, c *config.ControllerConfig) error {

controllers/update/controller.go

@@ -34,16 +34,20 @@ func SetupWithManager(log logr.Logger, recorder record.EventRecorder, mgr ctrl.M
 		imageCache: newImageCache(c.GetMetal()),
 	}).WithoutStatus()
 
-	return ctrl.NewControllerManagedBy(mgr).
+	controller := ctrl.NewControllerManagedBy(mgr).
 		For(
 			&v2.FirewallDeployment{},
 			builder.WithPredicates(
 				v2.AnnotationAddedPredicate(v2.MaintenanceAnnotation),
 			),
 		).
-		Named("FirewallDeployment").
-		WithEventFilter(predicate.NewPredicateFuncs(controllers.SkipOtherNamespace(c.GetSeedNamespace()))).
-		Complete(g)
+		Named("FirewallDeployment")
+
+	if c.GetSeedNamespace() != "" {
+		controller = controller.WithEventFilter(predicate.NewPredicateFuncs(controllers.SkipOtherNamespace(c.GetSeedNamespace())))
+	}
+
+	return controller.Complete(g)
 }
 
 func (c *controller) New() *v2.FirewallDeployment {