diff --git a/controller/api/public/grpc_server.go b/controller/api/public/grpc_server.go index 262a575ee..dd953b7d3 100644 --- a/controller/api/public/grpc_server.go +++ b/controller/api/public/grpc_server.go @@ -30,6 +30,7 @@ type ( k8sAPI *k8s.API controllerNamespace string ignoredNamespaces []string + singleNamespace bool } ) @@ -52,6 +53,7 @@ func newGrpcServer( k8sAPI *k8s.API, controllerNamespace string, ignoredNamespaces []string, + singleNamespace bool, ) *grpcServer { return &grpcServer{ prometheusAPI: promAPI, @@ -59,6 +61,7 @@ func newGrpcServer( k8sAPI: k8sAPI, controllerNamespace: controllerNamespace, ignoredNamespaces: ignoredNamespaces, + singleNamespace: singleNamespace, } } diff --git a/controller/api/public/grpc_server_test.go b/controller/api/public/grpc_server_test.go index c3d39eb2e..feeb95d98 100644 --- a/controller/api/public/grpc_server_test.go +++ b/controller/api/public/grpc_server_test.go @@ -243,6 +243,7 @@ spec: k8sAPI, "linkerd", []string{}, + false, ) k8sAPI.Sync() @@ -343,6 +344,7 @@ metadata: k8sAPI, "linkerd", []string{}, + false, ) k8sAPI.Sync() diff --git a/controller/api/public/http_server.go b/controller/api/public/http_server.go index 02ca07568..732ae35b9 100644 --- a/controller/api/public/http_server.go +++ b/controller/api/public/http_server.go @@ -247,6 +247,7 @@ func NewServer( k8sAPI *k8s.API, controllerNamespace string, ignoredNamespaces []string, + singleNamespace bool, ) *http.Server { baseHandler := &handler{ grpcServer: newGrpcServer( @@ -255,6 +256,7 @@ func NewServer( k8sAPI, controllerNamespace, ignoredNamespaces, + singleNamespace, ), } diff --git a/controller/api/public/stat_summary_test.go b/controller/api/public/stat_summary_test.go index bc2e75dc1..28f0ee25b 100644 --- a/controller/api/public/stat_summary_test.go +++ b/controller/api/public/stat_summary_test.go @@ -776,6 +776,7 @@ status: k8sAPI, "linkerd", []string{}, + false, ) _, err := fakeGrpcServer.StatSummary(context.TODO(), &exp.req) @@ -800,6 +801,7 @@ status: k8sAPI, "linkerd", []string{}, + false, ) invalidRequests := []statSumExpected{ diff --git a/controller/api/public/test_helper.go b/controller/api/public/test_helper.go index 3fd50173c..e12748448 100644 --- a/controller/api/public/test_helper.go +++ b/controller/api/public/test_helper.go @@ -281,6 +281,7 @@ func newMockGrpcServer(exp expectedStatRPC) (*mockProm, *grpcServer, error) { k8sAPI, "linkerd", []string{}, + false, ) k8sAPI.Sync() diff --git a/controller/api/public/top_routes.go b/controller/api/public/top_routes.go index acfdc83a7..ef92ad309 100644 --- a/controller/api/public/top_routes.go +++ b/controller/api/public/top_routes.go @@ -42,6 +42,10 @@ type resourceTable struct { func (s *grpcServer) TopRoutes(ctx context.Context, req *pb.TopRoutesRequest) (*pb.TopRoutesResponse, error) { log.Debugf("TopRoutes request: %+v", req) + if s.singleNamespace { + return topRoutesError(req, "Routes are not available in single-namespace mode"), nil + } + errRsp := validateRequest(req) if errRsp != nil { return errRsp, nil diff --git a/controller/cmd/proxy-api/main.go b/controller/cmd/proxy-api/main.go index 99cc1b382..3af752d80 100644 --- a/controller/cmd/proxy-api/main.go +++ b/controller/cmd/proxy-api/main.go @@ -7,6 +7,7 @@ import ( "syscall" "github.com/linkerd/linkerd2/controller/api/proxy" + spclient "github.com/linkerd/linkerd2/controller/gen/client/clientset/versioned" "github.com/linkerd/linkerd2/controller/k8s" "github.com/linkerd/linkerd2/pkg/admin" "github.com/linkerd/linkerd2/pkg/flags" @@ -32,34 +33,28 @@ func main() { log.Fatal(err.Error()) } - var k8sAPI *k8s.API + var spClient *spclient.Clientset + restrictToNamespace := "" + resources := []k8s.APIResource{k8s.Endpoint, k8s.Pod, k8s.RS, k8s.Svc} + if *singleNamespace { - k8sAPI = k8s.NewAPI( - k8sClient, - nil, - *controllerNamespace, - k8s.Endpoint, - k8s.Pod, - k8s.RS, - k8s.Svc, - ) + restrictToNamespace = *controllerNamespace } else { - spClient, err := k8s.NewSpClientSet(*kubeConfigPath) + spClient, err = k8s.NewSpClientSet(*kubeConfigPath) if err != nil { log.Fatal(err.Error()) } - k8sAPI = k8s.NewAPI( - k8sClient, - spClient, - "", - k8s.Endpoint, - k8s.Pod, - k8s.RS, - k8s.Svc, - k8s.SP, - ) + + resources = append(resources, k8s.SP) } + k8sAPI := k8s.NewAPI( + k8sClient, + spClient, + restrictToNamespace, + resources..., + ) + done := make(chan struct{}) server, lis, err := proxy.NewServer(*addr, *k8sDNSZone, *controllerNamespace, *enableTLS, *enableH2Upgrade, *singleNamespace, k8sAPI, done) diff --git a/controller/cmd/public-api/main.go b/controller/cmd/public-api/main.go index 65cc199ac..9b4405a9a 100644 --- a/controller/cmd/public-api/main.go +++ b/controller/cmd/public-api/main.go @@ -9,6 +9,7 @@ import ( "syscall" "github.com/linkerd/linkerd2/controller/api/public" + spclient "github.com/linkerd/linkerd2/controller/gen/client/clientset/versioned" "github.com/linkerd/linkerd2/controller/k8s" "github.com/linkerd/linkerd2/controller/tap" "github.com/linkerd/linkerd2/pkg/admin" @@ -41,24 +42,27 @@ func main() { if err != nil { log.Fatal(err.Error()) } - spClient, err := k8s.NewSpClientSet(*kubeConfigPath) - if err != nil { - log.Fatal(err.Error()) - } + + var spClient *spclient.Clientset restrictToNamespace := "" + resources := []k8s.APIResource{k8s.Deploy, k8s.Pod, k8s.RC, k8s.RS, k8s.Svc} + if *singleNamespace { restrictToNamespace = *controllerNamespace + } else { + spClient, err = k8s.NewSpClientSet(*kubeConfigPath) + if err != nil { + log.Fatal(err.Error()) + } + + resources = append(resources, k8s.SP) } + k8sAPI := k8s.NewAPI( k8sClient, spClient, restrictToNamespace, - k8s.Deploy, - k8s.Pod, - k8s.RC, - k8s.RS, - k8s.SP, - k8s.Svc, + resources..., ) prometheusClient, err := promApi.NewClient(promApi.Config{Address: *prometheusURL}) @@ -73,6 +77,7 @@ func main() { k8sAPI, *controllerNamespace, strings.Split(*ignoredNamespaces, ","), + *singleNamespace, ) k8sAPI.Sync() // blocks until caches are synced