limit configmap list to specific namespace

Signed-off-by: l1b0k <[email protected]>
l1b0k · Dec 17, 2024 · d06d566 · d06d566
1 parent 495e3c0
commit d06d566
Show file tree

Hide file tree

Showing 3 changed files with 15 additions and 11 deletions.
diff --git a/daemon/builder.go b/daemon/builder.go
@@ -32,6 +32,7 @@ type NetworkServiceBuilder struct {
 	ctx            context.Context
 	configFilePath string
 	config         *daemon.Config
+	namespace      string
 	daemonMode     string
 	service        *networkService
 	aliyunClient   *client.OpenAPI
@@ -92,6 +93,10 @@ func (b *NetworkServiceBuilder) LoadGlobalConfig() *NetworkServiceBuilder {
 		b.service.enableIPv6 = true
 	}
 	b.config = globalConfig
+	b.namespace = os.Getenv("POD_NAMESPACE")
+	if b.namespace == "" {
+		b.namespace = "kube-system"
+	}
 
 	b.service.ipamType = globalConfig.IPAMType
 
@@ -103,7 +108,7 @@ func (b *NetworkServiceBuilder) InitK8S() *NetworkServiceBuilder {
 		return b
 	}
 	var err error
-	b.service.k8s, err = k8s.NewK8S(b.daemonMode, b.config)
+	b.service.k8s, err = k8s.NewK8S(b.daemonMode, b.config, b.namespace)
 	if err != nil {
 		b.err = fmt.Errorf("error init k8s: %w", err)
 		return b
@@ -397,7 +402,7 @@ func (b *NetworkServiceBuilder) PostInitForCRDV2() *NetworkServiceBuilder {
 	if b.err != nil {
 		return b
 	}
-	crdv2 := eni.NewCRDV2(b.service.k8s.NodeName())
+	crdv2 := eni.NewCRDV2(b.service.k8s.NodeName(), b.namespace)
 	mgr := eni.NewManager(0, 0, 0, 0, []eni.NetworkInterface{crdv2}, types.EniSelectionPolicy(b.config.EniSelectionPolicy), nil)
 
 	svc := b.RunENIMgr(b.ctx, mgr)

diff --git a/pkg/eni/crdv2.go b/pkg/eni/crdv2.go
@@ -56,7 +56,7 @@ type CRDV2 struct {
 	cacheSyncedCh chan struct{}
 }
 
-func NewCRDV2(nodeName string) *CRDV2 {
+func NewCRDV2(nodeName, namespace string) *CRDV2 {
 	restConfig := ctrl.GetConfigOrDie()
 
 	options := ctrl.Options{
@@ -113,6 +113,11 @@ func NewCRDV2(nodeName string) *CRDV2 {
 						return nil, fmt.Errorf("unexpected type %T", i)
 					},
 				},
+				&corev1.ConfigMap{}: {
+					Field: fields.SelectorFromSet(map[string]string{
+						"metadata.namespace": namespace,
+					}),
+				},
 			},
 			UnsafeDisableDeepCopy: nil,
 		},

diff --git a/pkg/k8s/k8s.go b/pkg/k8s/k8s.go
@@ -104,7 +104,7 @@ type Kubernetes interface {
 }
 
 // NewK8S return Kubernetes service by pod spec and daemon mode
-func NewK8S(daemonMode string, globalConfig *daemon.Config) (Kubernetes, error) {
+func NewK8S(daemonMode string, globalConfig *daemon.Config, namespace string) (Kubernetes, error) {
 	restConfig := ctrl.GetConfigOrDie()
 	restConfig.QPS = globalConfig.KubeClientQPS
 	restConfig.Burst = globalConfig.KubeClientBurst
@@ -124,12 +124,6 @@ func NewK8S(daemonMode string, globalConfig *daemon.Config) (Kubernetes, error)
 		return nil, fmt.Errorf("failed to get NODE_NAME")
 	}
 
-	daemonNamespace := os.Getenv("POD_NAMESPACE")
-	if len(daemonNamespace) == 0 {
-		daemonNamespace = "kube-system"
-		klog.Info("POD_NAMESPACE is not set in environment variables, use kube-system as default namespace")
-	}
-
 	node, err := getNode(context.Background(), c, nodeName)
 	if err != nil {
 		return nil, fmt.Errorf("error retrieving node spec for '%s': %w", nodeName, err)
@@ -162,7 +156,7 @@ func NewK8S(daemonMode string, globalConfig *daemon.Config) (Kubernetes, error)
 		mode:            daemonMode,
 		node:            node,
 		nodeName:        nodeName,
-		daemonNamespace: daemonNamespace,
+		daemonNamespace: namespace,
 		storage:         storage,
 		broadcaster:     broadcaster,
 		recorder:        recorder,