Enhance the Helm chart to make it easier to install the Operator into, and monitor a single namespace (#587)

thegridman · web-flow · commit f0316fa39f71 · 2023-03-13T15:42:15.000+03:00
diff --git a/docs/installation/01_installation.adoc b/docs/installation/01_installation.adoc
@@ -301,12 +301,45 @@ To set the watch namespaces when installing with helm set the `watchNamespaces`
 ----
 helm install  \
     --namespace <namespace> \
-    --set watchNamespaces=payments,catalog,customers <1>
+    --set watchNamespaces=payments,catalog,customers \
+    coherence-operator \
+    coherence/coherence-operator
+----
+
+The `payments`, `catalog` and `customers` namespaces will be watched by the Operator.
+
+==== Set the Watch Namespace to the Operator's Install Namespace
+
+When installing the Operator using the Helm chart, there is a convenience value that can be set if the
+Operator should only monitor the same namespace that it is installed into.
+By setting the `onlySameNamespace` value to `true` the watch namespace will be set to the installation namespace.
+If the `onlySameNamespace` value is set to `true` then any value set for the `watchNamespaces` value will be ignored.
+
+For example, the command below will set `onlySameNamespace` to true, and the Operator will be installed into,
+and only monitor the `coh-testing` namespace.
+
+[source,bash]
+----
+helm install  \
+    --namespace coh-testing \
+    --set onlySameNamespace=true \
+    coherence-operator \
+    coherence/coherence-operator
+----
+
+In the example below, the `onlySameNamespace` is set to true, so the Operator will be installed into,
+and only monitor the `coh-testing` namespace. Even though the `watchNamespaces` value is set, it will be ignored.
+
+[source,bash]
+----
+helm install  \
+    --namespace coh-testing \
+    --set watchNamespaces=payments,catalog,customers \
+    --set onlySameNamespace=true \
     coherence-operator \
     coherence/coherence-operator
 ----
 
-<1> The `payments`, `catalog` and `customers` namespaces will be watched by the Operator.
 
 == Set the Operator Image
 
diff --git a/helm-charts/coherence-operator/templates/deployment.yaml b/helm-charts/coherence-operator/templates/deployment.yaml
@@ -132,10 +132,14 @@ spec:
         - name: OPERATOR_IMAGE
           value: {{ .Values.defaultCoherenceUtilsImage | quote }}
         - name: WATCH_NAMESPACE
-{{- if .Values.clusterRoles }}
-          value: {{ .Values.watchNamespaces | quote }}
+{{- if .Values.onlySameNamespace }}
+          value: {{ .Release.Namespace | quote }}
 {{- else }}
+{{-   if .Values.clusterRoles }}
+          value: {{ .Values.watchNamespaces | quote }}
+{{-   else }}
           value: {{ .Release.Namespace | quote }}
+{{-   end }}
 {{- end }}
         image: {{ .Values.image }}
         ports:
diff --git a/helm-charts/coherence-operator/values.yaml b/helm-charts/coherence-operator/values.yaml
@@ -155,6 +155,13 @@ livenessProbe:
 # ref: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
 resources:
 
+# onlySameNamespace is a flag to indicate that the Operator should only monitor and control
+# Coherence clusters in the same namespace that it is installed into.
+# If this flag is set to true, any watchNamespaces value will be ignored, as this
+# will automatically be set to the same namespace the Operator is installed into.
+# The default is false, the Operator will monitor all namespaces
+onlySameNamespace: false
+
 # clusterRoles controls whether the Helm chart will create RBAC ClusterRole and bindings for the Operator
 # These are required if the Operator will watch multiple namespaces.
 # If set to false then the Operator will only watch the namespace it is deployed into.
diff --git a/pkg/operator/operator.go b/pkg/operator/operator.go
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2019, 2022, Oracle and/or its affiliates.
+ * Copyright (c) 2019, 2023, Oracle and/or its affiliates.
  * Licensed under the Universal Permissive License v 1.0 as shown at
  * http://oss.oracle.com/licenses/upl.
  */
@@ -73,6 +73,9 @@ const (
 	FlagWebhookSecret         = "webhook-secret"
 	FlagWebhookService        = "webhook-service"
 
+	// EnvVarWatchNamespace is the environment variable to use to set the watch namespace(s)
+	EnvVarWatchNamespace = "WATCH_NAMESPACE"
+
 	// OCI Node Labels
 
 	// LabelOciNodeFaultDomain is the OCI Node label for the fault domain.
@@ -385,10 +388,9 @@ func GetWatchNamespace() []string {
 	// WatchNamespaceEnvVar is the constant for env variable WATCH_NAMESPACE
 	// which specifies the Namespace to watch.
 	// An empty value means the operator is running with cluster scope.
-	var watchNamespaceEnvVar = "WATCH_NAMESPACE"
 	var watches []string
 
-	ns, found := os.LookupEnv(watchNamespaceEnvVar)
+	ns, found := os.LookupEnv(EnvVarWatchNamespace)
 	if !found || ns == "" || strings.TrimSpace(ns) == "" {
 		return watches
 	}
diff --git a/test/e2e/helm/helm_test.go b/test/e2e/helm/helm_test.go
@@ -13,6 +13,7 @@ import (
 	coh "github.com/oracle/coherence-operator/api/v1"
 	"github.com/oracle/coherence-operator/pkg/operator"
 	"github.com/oracle/coherence-operator/test/e2e/helper"
+	"github.com/oracle/coherence-operator/test/e2e/helper/matchers"
 	appsv1 "k8s.io/api/apps/v1"
 	corev1 "k8s.io/api/core/v1"
 	"k8s.io/apimachinery/pkg/api/errors"
@@ -140,6 +141,59 @@ func TestDisableWebhooks(t *testing.T) {
 	g.Expect(c.Args).Should(ContainElements("operator", "--enable-leader-election", "--enable-webhook=false"))
 }
 
+func TestSetOnlySameNamespace(t *testing.T) {
+	g := NewGomegaWithT(t)
+	result, err := helmInstall("--set", "onlySameNamespace=true")
+	g.Expect(err).NotTo(HaveOccurred())
+	g.Expect(result).NotTo(BeNil())
+
+	dep := &appsv1.Deployment{}
+	err = result.Get("coherence-operator", dep)
+	g.Expect(err).NotTo(HaveOccurred())
+
+	c := findContainer("manager", dep)
+	g.Expect(c).NotTo(BeNil())
+
+	ns := helper.GetTestNamespace()
+	g.Expect(c.Env).NotTo(BeNil())
+	g.Expect(c.Env).To(matchers.HaveEnvVar(corev1.EnvVar{Name: operator.EnvVarWatchNamespace, Value: ns}))
+}
+
+func TestSetOnlySameNamespaceIgnoresWatchNamespaces(t *testing.T) {
+	g := NewGomegaWithT(t)
+	result, err := helmInstall("--set", "watchNamespaces=foo", "--set", "onlySameNamespace=true")
+	g.Expect(err).NotTo(HaveOccurred())
+	g.Expect(result).NotTo(BeNil())
+
+	dep := &appsv1.Deployment{}
+	err = result.Get("coherence-operator", dep)
+	g.Expect(err).NotTo(HaveOccurred())
+
+	c := findContainer("manager", dep)
+	g.Expect(c).NotTo(BeNil())
+
+	ns := helper.GetTestNamespace()
+	g.Expect(c.Env).NotTo(BeNil())
+	g.Expect(c.Env).To(matchers.HaveEnvVar(corev1.EnvVar{Name: operator.EnvVarWatchNamespace, Value: ns}))
+}
+
+func TestSetWatchNamespaces(t *testing.T) {
+	g := NewGomegaWithT(t)
+	result, err := helmInstall("--set", "watchNamespaces=foo")
+	g.Expect(err).NotTo(HaveOccurred())
+	g.Expect(result).NotTo(BeNil())
+
+	dep := &appsv1.Deployment{}
+	err = result.Get("coherence-operator", dep)
+	g.Expect(err).NotTo(HaveOccurred())
+
+	c := findContainer("manager", dep)
+	g.Expect(c).NotTo(BeNil())
+
+	g.Expect(c.Env).NotTo(BeNil())
+	g.Expect(c.Env).To(matchers.HaveEnvVar(corev1.EnvVar{Name: operator.EnvVarWatchNamespace, Value: "foo"}))
+}
+
 func TestBasicHelmInstall(t *testing.T) {
 	g := NewGomegaWithT(t)
 	cmd, err := createHelmCommand()
