Skip to content

Commit 108f3c3

Browse files
kacpersawkacpersaw
committed
Apply review suggestions
1 parent 8e5b570 commit 108f3c3

File tree

2 files changed

+47
-12
lines changed

2 files changed

+47
-12
lines changed

helm/templates/service.yaml

Lines changed: 45 additions & 11 deletions
Original file line numberDiff line numberDiff line change
@@ -1,21 +1,45 @@
1-
apiVersion: rbac.authorization.k8s.io/v1
2-
kind: ClusterRole
3-
metadata:
4-
name: coder-logstream-kube-role
5-
rules:
1+
{{- define "coder-logstream-kube.rules" -}}
62
- apiGroups: [""]
73
resources: ["pods", "events"]
84
verbs: ["get", "watch", "list"]
95
- apiGroups: ["apps"]
106
resources: ["replicasets", "events"]
117
verbs: ["get", "watch", "list"]
8+
{{- end -}}
9+
10+
{{- if .Values.namespaces }}
11+
{{- range .Values.namespaces }}
1212
---
13-
apiVersion: v1
14-
kind: ServiceAccount
13+
apiVersion: rbac.authorization.k8s.io/v1
14+
kind: Role
1515
metadata:
16-
name: {{ .Values.serviceAccount.name | quote }}
17-
annotations: {{ toYaml .Values.serviceAccount.annotations | nindent 4 }}
18-
labels: {{ toYaml .Values.serviceAccount.labels | nindent 4 }}
16+
name: coder-logstream-kube-role
17+
namespace: {{ . }}
18+
rules:
19+
{{ include "coder-logstream-kube.rules" . | nindent 2 }}
20+
---
21+
apiVersion: rbac.authorization.k8s.io/v1
22+
kind: RoleBinding
23+
metadata:
24+
name: coder-logstream-kube-rolebinding
25+
namespace: {{ . }}
26+
roleRef:
27+
apiGroup: rbac.authorization.k8s.io
28+
kind: Role
29+
name: coder-logstream-kube-role
30+
subjects:
31+
- kind: ServiceAccount
32+
name: {{ $.Values.serviceAccount.name | quote }}
33+
namespace: {{ $.Release.Namespace }}
34+
{{- end }}
35+
{{- else }}
36+
---
37+
apiVersion: rbac.authorization.k8s.io/v1
38+
kind: ClusterRole
39+
metadata:
40+
name: coder-logstream-kube-role
41+
rules:
42+
{{ include "coder-logstream-kube.rules" . | nindent 2 }}
1943
---
2044
apiVersion: rbac.authorization.k8s.io/v1
2145
kind: ClusterRoleBinding
@@ -29,6 +53,14 @@ subjects:
2953
- kind: ServiceAccount
3054
name: {{ .Values.serviceAccount.name | quote }}
3155
namespace: {{ .Release.Namespace }}
56+
{{- end }}
57+
---
58+
apiVersion: v1
59+
kind: ServiceAccount
60+
metadata:
61+
name: {{ .Values.serviceAccount.name | quote }}
62+
annotations: {{ toYaml .Values.serviceAccount.annotations | nindent 4 }}
63+
labels: {{ toYaml .Values.serviceAccount.labels | nindent 4 }}
3264
---
3365
apiVersion: apps/v1
3466
kind: Deployment
@@ -76,8 +108,10 @@ spec:
76108
env:
77109
- name: CODER_URL
78110
value: {{ .Values.url }}
111+
{{- if .Values.namespaces }}
79112
- name: CODER_NAMESPACES
80-
value: {{ if .Values.namespaces }}{{ join "," .Values.namespaces }}{{ else }}{{ end }}
113+
value: {{ join "," .Values.namespaces }}
114+
{{- end }}
81115
{{- if .Values.image.sslCertFile }}
82116
- name: SSL_CERT_FILE
83117
value: {{ .Values.image.sslCertFile }}

logger.go

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -106,7 +106,8 @@ type podEventLogger struct {
106106
lq *logQueuer
107107
}
108108

109-
// init starts the informer factory and registers event handlers.
109+
// initNamespace starts the informer factory and registers event handlers for a given namespace.
110+
// If provided namespace is empty, it will start the informer factory and register event handlers for all namespaces.
110111
func (p *podEventLogger) initNamespace(namespace string) error {
111112
// We only track events that happen after the reporter starts.
112113
// This is to prevent us from sending duplicate events.

0 commit comments

Comments
 (0)