Merge pull request #614 from NicolasLemince/master

Restricted namespace
keel-hq · Jun 14, 2021 · 15b177a · 15b177a
2 parents 421495f + 75be0ab
commit 15b177a
Show file tree

Hide file tree

Showing 2 changed files with 20 additions and 3 deletions.
diff --git a/constants/constants.go b/constants/constants.go
@@ -32,7 +32,7 @@ const (
 	EnvMattermostName     = "MATTERMOST_USERNAME"
 
 	// MS Teams webhook url, see https://docs.microsoft.com/en-us/microsoftteams/platform/webhooks-and-connectors/how-to/connectors-using#setting-up-a-custom-incoming-webhook
-	EnvTeamsWebhookUrl	= "TEAMS_WEBHOOK_URL"
+	EnvTeamsWebhookUrl = "TEAMS_WEBHOOK_URL"
 
 	// Mail notification settings
 	EnvMailTo         = "MAIL_TO"
@@ -54,3 +54,6 @@ const EnvTokenSecret = "TOKEN_SECRET"
 
 // KeelLogoURL - is a logo URL for bot icon
 const KeelLogoURL = "https://keel.sh/img/logo.png"
+
+// Env var to define a namespace that keel will scan - avoid scan over all the cluster -
+const EnvRestrictedNamespace = "RESTRICTED_NAMESPACE"
diff --git a/internal/k8s/watcher.go b/internal/k8s/watcher.go
@@ -1,15 +1,17 @@
 package k8s
 
 import (
+	"os"
 	"time"
 
+	"github.com/keel-hq/keel/constants"
 	"github.com/keel-hq/keel/internal/workgroup"
 	"github.com/sirupsen/logrus"
 
 	apps_v1 "k8s.io/api/apps/v1"
 	v1beta1 "k8s.io/api/batch/v1beta1"
-	"k8s.io/api/core/v1"
 
+	v1 "k8s.io/api/core/v1"
 	"k8s.io/apimachinery/pkg/fields"
 	"k8s.io/apimachinery/pkg/runtime"
 	"k8s.io/client-go/kubernetes"
@@ -37,7 +39,19 @@ func WatchCronJobs(g *workgroup.Group, client *kubernetes.Clientset, log logrus.
 }
 
 func watch(g *workgroup.Group, c cache.Getter, log logrus.FieldLogger, resource string, objType runtime.Object, rs ...cache.ResourceEventHandler) {
-	lw := cache.NewListWatchFromClient(c, resource, v1.NamespaceAll, fields.Everything())
+	//Check if the env var RESTRICTED_NAMESPACE is empty or equal to keel
+	// If equal to keel or empty, the scan will be over all the cluster
+	// If RESTRICTED_NAMESPACE is different than keel or empty, keel will scan in the defined namespace
+	namespaceScan := "keel"
+	if os.Getenv(constants.EnvRestrictedNamespace) == "keel" {
+		namespaceScan = v1.NamespaceAll
+	} else if os.Getenv(constants.EnvRestrictedNamespace) == "" {
+		namespaceScan = v1.NamespaceAll
+	} else {
+		namespaceScan = os.Getenv(constants.EnvRestrictedNamespace)
+	}
+
+	lw := cache.NewListWatchFromClient(c, resource, namespaceScan, fields.Everything())
 	sw := cache.NewSharedInformer(lw, objType, 30*time.Minute)
 	for _, r := range rs {
 		sw.AddEventHandler(r)