Modify nsq and postgres backup restore namespace creation (#511)

Author: AnnaSchreiner

control-plane/roles/nsq/README.md

@@ -4,30 +4,31 @@ Deploys [nsq](https://nsq.io/) in a standalone configuration.
 
 The admin console can be reached by using port-forwarding:
 
-```
+```bash
 kubectl port-forward -n metal-control-plane svc/nsqadmin 4171
 ```
 
 Adding nsqadmin as a sidecar into the nsqd pod was the only reasonable way to make the admin console work properly in this setup. This is because we enforce certificate authentication via the TCP port but do not use encrypted communication for in-cluster traffic via the HTTP endpoints, which nsadmin does not really like.
 
 ## Variables
 
-This role uses variables from [control-plane-defaults](/control-plane). So, make sure you define them adequately as well.
-
-You can look up all the default values of this role [here](defaults/main.yaml).
-
-| Name                             | Mandatory | Description                                                                                                                        |
-| -------------------------------- | --------- | ---------------------------------------------------------------------------------------------------------------------------------- |
-| nsq_image_name                   | yes       | Image name of nsq                                                                                                                  |
-| nsq_image_tag                    | yes       | Image version of nsq                                                                                                               |
-| nsq_set_resource_limits          |           | Deploys nsq with or without resource limits (possibly disable for development environments)                                        |
-| nsq_nsqd_resources               |           | The kubernetes resources for the actual nsqd container                                                                             |
-| nsq_nsq_lookupd_resources        |           | The kubernetes resources for the actual nsq lookupd container                                                                      |
-| nsq_log_level                    |           | The nsq log level                                                                                                                  |
-| nsq_broadcast_address            |           | The nsq broadcast address                                                                                                          |
-| nsq_nsqd_data_size               |           | The size of the nsqd data volume (used when memory cache is full)                                                                  |
-| nsq_tls_enabled                  |           | Enables TLS for nsq                                                                                                                |
-| nsq_certs_client_key             |           | The nsq certificate client key as a string                                                                                         |
-| nsq_certs_client_cert            |           | The nsq client certificate as a string                                                                                             |
-| nsq_certs_ca_cert                |           | The nsq ca certificate as a string                                                                                                 |
-| nsq_image_pull_policy            |           | Image pull policy (defaults to IfNotPresent)                                                                                       |
+This role uses variables from [control-plane-defaults](/control-plane/roles/defaults/defaults/main.yaml). So, make sure you define them adequately as well.
+
+You can look up all the default values of this role in the [defaults folder](defaults/main.yaml).
+
+| Name                      | Mandatory | Description                                                                                 |
+| ------------------------- | --------- | ------------------------------------------------------------------------------------------- |
+| nsq_image_name            | yes       | Image name of nsq                                                                           |
+| nsq_image_tag             | yes       | Image version of nsq                                                                        |
+| nsq_namespace             |           | The deployment's target namespace                                                           |
+| nsq_set_resource_limits   |           | Deploys nsq with or without resource limits (possibly disable for development environments) |
+| nsq_nsqd_resources        |           | The kubernetes resources for the actual nsqd container                                      |
+| nsq_nsq_lookupd_resources |           | The kubernetes resources for the actual nsq lookupd container                               |
+| nsq_log_level             |           | The nsq log level                                                                           |
+| nsq_broadcast_address     |           | The nsq broadcast address                                                                   |
+| nsq_nsqd_data_size        |           | The size of the nsqd data volume (used when memory cache is full)                           |
+| nsq_tls_enabled           |           | Enables TLS for nsq                                                                         |
+| nsq_certs_client_key      |           | The nsq certificate client key as a string                                                  |
+| nsq_certs_client_cert     |           | The nsq client certificate as a string                                                      |
+| nsq_certs_ca_cert         |           | The nsq ca certificate as a string                                                          |
+| nsq_image_pull_policy     |           | Image pull policy (defaults to IfNotPresent)                                                |

control-plane/roles/nsq/defaults/main.yaml

@@ -1,4 +1,6 @@
 ---
+nsq_namespace: "{{ metal_control_plane_namespace }}"
+
 nsq_image_pull_policy: "{{ metal_control_plane_image_pull_policy }}"
 
 nsq_set_resource_limits: true

control-plane/roles/nsq/tasks/main.yaml

@@ -10,7 +10,18 @@
       - nsq_image_name is defined
       - nsq_image_tag is defined
 
+- name: Create namespace
+  k8s:
+    state: present
+    definition:
+      apiVersion: v1
+      kind: Namespace
+      metadata:
+        name: "{{ nsq_namespace }}"
+        labels:
+          name: "{{ nsq_namespace }}"
+
 - name: Deploy nsq
   k8s:
     definition: "{{ lookup('template', 'nsq.yaml') }}"
-    namespace: "{{ metal_control_plane_namespace }}"
+    namespace: "{{ nsq_namespace }}"

control-plane/roles/nsq/templates/nsq.yaml

@@ -1,11 +1,3 @@
----
-apiVersion: v1
-kind: Namespace
-metadata:
-  name: "{{ metal_control_plane_namespace }}"
-  labels:
-    app: "metal-stack-control-plane"
-    name: "{{ metal_control_plane_namespace }}"
 {% if nsq_registry_auth_enabled %}
 ---
 apiVersion: v1

control-plane/roles/postgres-backup-restore/tasks/main.yml

@@ -14,6 +14,17 @@
       - postgres_backup_restore_sidecar_encryption_key is none or postgres_backup_restore_sidecar_encryption_key | length == 32
       - postgres_backup_restore_sidecar_provider in ["local", "gcp", "s3"]
 
+- name: Create namespace
+  k8s:
+    state: present
+    definition:
+      apiVersion: v1
+      kind: Namespace
+      metadata:
+        name: "{{ postgres_namespace }}"
+        labels:
+          name: "{{ postgres_namespace }}"
+
 - name: Deploy postgres (backup-restore)
   k8s:
     definition: "{{ lookup('template', 'postgres.yaml') }}"

control-plane/roles/postgres-backup-restore/templates/postgres.yaml

@@ -1,11 +1,3 @@
----
-apiVersion: v1
-kind: Namespace
-metadata:
-  name: "{{ metal_control_plane_namespace }}"
-  labels:
-    app: "metal-stack-control-plane"
-    name: "{{ metal_control_plane_namespace }}"
 {% if postgres_registry_auth_enabled %}
 ---
 apiVersion: v1