set database namespace to match watch namespace by default

ryu-sato · ryu-sato · commit d8ae6e419efa · 2024-12-28T23:49:08.000+09:00
diff --git a/charts/community-operator/templates/_helpers.tpl b/charts/community-operator/templates/_helpers.tpl
@@ -10,3 +10,16 @@ Operator's watch namespaces
     {{- $namespaces | toYaml  }}
   {{- end }}
 {{- end }}
+
+{{/*
+Database namespaces
+*/}}
+{{- define "community-operator.database.namespaces" -}}
+  {{- $defaultNamespaces := include "community-operator.watchNamespaces" . | fromYamlArray }}
+  {{- $namespaces := default $defaultNamespaces .Values.database.namespaces }}
+  {{- if has "*" $namespaces }}
+    {{- list | toYaml }}
+  {{- else }}
+    {{- $namespaces | toYaml }}
+  {{- end }}
+{{- end }}
diff --git a/charts/community-operator/templates/database_roles.yaml b/charts/community-operator/templates/database_roles.yaml
@@ -1,16 +1,20 @@
+{{- $databaseNamespaces := include "community-operator.database.namespaces" . | fromYamlArray }}
+{{- $databaseName := $.Values.database.name }}
+{{- range $namespace := $databaseNamespaces }}
+
 ---
 apiVersion: v1
 kind: ServiceAccount
 metadata:
-  name: {{ .Values.database.name }}
-  namespace: {{ if .Values.database.namespace }} {{ .Values.database.namespace }} {{ else }} {{ .Release.Namespace }} {{ end }}
+  name: {{ $databaseName }}
+  namespace: {{ $namespace }}
 
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: Role
 metadata:
-  name: {{ .Values.database.name }}
-  namespace: {{ if .Values.database.namespace }} {{ .Values.database.namespace }} {{ else }} {{ .Release.Namespace }} {{ end }}
+  name: {{ $databaseName }}
+  namespace: {{ $namespace }}
 rules:
   - apiGroups:
       - ""
@@ -31,12 +35,14 @@ rules:
 kind: RoleBinding
 apiVersion: rbac.authorization.k8s.io/v1
 metadata:
-  name: {{ .Values.database.name }}
-  namespace: {{ if .Values.database.namespace }} {{ .Values.database.namespace }} {{ else }} {{ .Release.Namespace }} {{ end }}
+  name: {{ $databaseName }}
+  namespace: {{ $namespace }}
 subjects:
   - kind: ServiceAccount
-    name: {{ .Values.database.name }}
+    name: {{ $databaseName }}
 roleRef:
   kind: Role
-  name: {{ .Values.database.name }}
+  name: {{ $databaseName }}
   apiGroup: rbac.authorization.k8s.io
+
+{{- end }}
diff --git a/charts/community-operator/values.yaml b/charts/community-operator/values.yaml
@@ -53,14 +53,11 @@ operator:
 ## Operator's database
 database:
   name: mongodb-database
-  # set this to the namespace where you would like
-  # to deploy the MongoDB database,
-  # Note if the database namespace is not same
-  # as the operator namespace,
-  # make sure to set "watchNamespace" to "*"
+  # If "watchNamespaces" is set to ["*"],
+  # then set the database namespaces
   # to ensure that the operator has the
   # permission to reconcile resources in other namespaces
-  # namespace: mongodb-database
+  # namespaces: ["mongodb-database"]
 
 agent:
   name: mongodb-agent-ubi
