diff --git a/controllers/keda/kedacontroller_controller.go b/controllers/keda/kedacontroller_controller.go index 2604454ba..52a015d1e 100644 --- a/controllers/keda/kedacontroller_controller.go +++ b/controllers/keda/kedacontroller_controller.go @@ -324,7 +324,7 @@ func sortMetricsResources(resources *[]unstructured.Unstructured) []unstructured func (r *KedaControllerReconciler) installSA(logger logr.Logger, instance *kedav1alpha1.KedaController) error { logger.Info("Reconciling KEDA ServiceAccount") - transforms := []mf.Transformer{mf.InjectOwner(instance)} + transforms := []mf.Transformer{transform.InjectOwner(instance)} if len(instance.Spec.ServiceAccount.Annotations) > 0 { transforms = append(transforms, transform.AddServiceAccountAnnotations(instance.Spec.ServiceAccount.Annotations, r.Scheme)) @@ -352,7 +352,7 @@ func (r *KedaControllerReconciler) installSA(logger logr.Logger, instance *kedav func (r *KedaControllerReconciler) installController(ctx context.Context, logger logr.Logger, instance *kedav1alpha1.KedaController) error { logger.Info("Reconciling KEDA Controller deployment") transforms := []mf.Transformer{ - mf.InjectOwner(instance), + transform.InjectOwner(instance), transform.ReplaceWatchNamespace(instance.Spec.WatchNamespace, "keda-operator", r.Scheme, logger), } @@ -465,7 +465,7 @@ func (r *KedaControllerReconciler) installMetricsServer(ctx context.Context, log logger.Info("Reconciling KEDA Metrics Server Deployment") transforms := []mf.Transformer{ - mf.InjectOwner(instance), + transform.InjectOwner(instance), } // Use alternate image spec if env var set @@ -740,7 +740,7 @@ func (r *KedaControllerReconciler) ensureMetricsServerAuditLogPolicyConfigMap(ct func (r *KedaControllerReconciler) installAdmissionWebhooks(ctx context.Context, logger logr.Logger, instance *kedav1alpha1.KedaController) error { logger.Info("Reconciling KEDA Admission Webhooks deployment") transforms := []mf.Transformer{ - mf.InjectOwner(instance), + transform.InjectOwner(instance), transform.ReplaceWatchNamespace(instance.Spec.WatchNamespace, "keda-admission-webhooks", r.Scheme, logger), } diff --git a/controllers/keda/transform/transform.go b/controllers/keda/transform/transform.go index 96b9a7efc..0bd3b45e7 100644 --- a/controllers/keda/transform/transform.go +++ b/controllers/keda/transform/transform.go @@ -1096,3 +1096,17 @@ func EnsureAuditLogMount(pvc string, path string, scheme *runtime.Scheme) mf.Tra return nil } } + +// InjectOwner creates a Transformer which adds an OwnerReference +// pointing to `owner`, but only if the object is in the same namespace as `owner` +func InjectOwner(owner mf.Owner) mf.Transformer { + f := mf.InjectOwner(owner) // This is just a wrapper around manifestival.InjectOwner + return func(u *unstructured.Unstructured) error { + // Since the controller is namespaced, it can only have namespace-scoped dependants in the same namespace + // https://kubernetes.io/docs/concepts/overview/working-with-objects/owners-dependents/ + if u.GetNamespace() == owner.GetNamespace() { + return f(u) + } + return nil + } +}