Add namespace

cmd/main.go

@@ -40,6 +40,7 @@ import (
 	unifiv1beta1 "github.com/vegardengen/unifi-network-operator/api/v1beta1"
 	"github.com/vegardengen/unifi-network-operator/internal/controller"
 	"github.com/vegardengen/unifi-network-operator/internal/unifi"
+	"github.com/vegardengen/unifi-network-operator/internal/config"
 	// +kubebuilder:scaffold:imports
 )
 
@@ -203,6 +204,8 @@ func main() {
 		os.Exit(1)
 	}
 
+       configLoader := config.NewConfigLoader(mgr.GetClient())
+
 	// Unifi client
 	setupLog.Info("Setting up UniFi client")
 	unifiClient, err := unifi.CreateUnifiClient()
@@ -216,6 +219,7 @@ func main() {
 		Client:      mgr.GetClient(),
 		Scheme:      mgr.GetScheme(),
 		UnifiClient: unifiClient,
+		ConfigLoader: configLoader,
 	}).SetupWithManager(mgr); err != nil {
 		setupLog.Error(err, "unable to create controller", "controller", "Networkconfiguration")
 		os.Exit(1)
@@ -224,6 +228,7 @@ func main() {
 		Client: mgr.GetClient(),
 		Scheme: mgr.GetScheme(),
 		UnifiClient: unifiClient,
+		ConfigLoader: configLoader,
 	}).SetupWithManager(mgr); err != nil {
 		setupLog.Error(err, "unable to create controller", "controller", "FirewallZone")
 		os.Exit(1)
@@ -231,6 +236,8 @@ func main() {
 	if err = (&controller.FirewallRuleReconciler{
 		Client: mgr.GetClient(),
 		Scheme: mgr.GetScheme(),
+		UnifiClient: unifiClient,
+		ConfigLoader: configLoader,
 	}).SetupWithManager(mgr); err != nil {
 		setupLog.Error(err, "unable to create controller", "controller", "FirewallRule")
 		os.Exit(1)
@@ -241,6 +248,7 @@ func main() {
 		Client:      mgr.GetClient(),
 		Scheme:      mgr.GetScheme(),
 		UnifiClient: unifiClient,
+		ConfigLoader: configLoader,
 	}).SetupWithManager(mgr); err != nil {
 		setupLog.Error(err, "unable to create controller", "controller", "FirewallGroup")
 		os.Exit(1)

config/rbac/role.yaml

@@ -4,6 +4,13 @@ kind: ClusterRole
 metadata:
   name: manager-role
 rules:
+- apiGroups:
+  - ""
+  resources:
+  - configmaps
+  verbs:
+  - get
+  - list
 - apiGroups:
   - ""
   resources:

internal/config/config.go

@@ -1,50 +1,45 @@
 package config
 
 import (
-	"context"
+    "context"
-	"fmt"
+    "sync"
 
-	corev1 "k8s.io/api/core/v1"
+    corev1 "k8s.io/api/core/v1"
-	"k8s.io/apimachinery/pkg/types"
+    "k8s.io/apimachinery/pkg/types"
-	"sigs.k8s.io/controller-runtime/pkg/client"
+    "sigs.k8s.io/controller-runtime/pkg/client"
 )
 
-type OperatorConfig struct {
+type ConfigLoaderType struct {
-	DefaultNamespace string
+    Client client.Client
+
+    mu      sync.Mutex
+    loaded  bool
+    config  *corev1.ConfigMap
+    err     error
 }
 
-type ConfigLoader struct {
+func NewConfigLoader(k8sClient client.Client) *ConfigLoaderType {
-	Client    client.Client
+    return &ConfigLoaderType{Client: k8sClient}
-	Name      string
-	Namespace string
 }
 
-func New(client client.Client, name, namespace string) *ConfigLoader {
+func (c *ConfigLoaderType) GetConfig(ctx context.Context, name string) (*corev1.ConfigMap, error) {
-	return &ConfigLoader{
+    c.mu.Lock()
-		Client:    client,
+    defer c.mu.Unlock()
-		Name:      name,
+
-		Namespace: namespace,
+    if c.loaded {
-	}
+        return c.config, c.err
-}
+    }
-
+
-func (cl *ConfigLoader) Load(ctx context.Context) (*OperatorConfig, error) {
+    cm := &corev1.ConfigMap{}
-	cm := &corev1.ConfigMap{}
+    err := c.Client.Get(ctx, types.NamespacedName{
-	err := cl.Client.Get(ctx, types.NamespacedName{
+        Name:      name,
-		Name:      cl.Name,
+        Namespace: "unifi-network-operator-system",
-		Namespace: cl.Namespace,
+    }, cm)
-	}, cm)
+
-	if err != nil {
+    c.loaded = true
-		return nil, fmt.Errorf("failed to load configmap: %w", err)
+    c.config = cm
-	}
+    c.err = err
-
+
-	cfg := &OperatorConfig{
+    return cm, err
-		DefaultNamespace: "default", // fallback
-	}
-
-	if val, ok := cm.Data["defaultNamespace"]; ok && val != "" {
-		cfg.DefaultNamespace = val
-	}
-
-	return cfg, nil
 }
 

internal/controller/firewallgroup_controller.go

@@ -48,13 +48,14 @@ type FirewallGroupReconciler struct {
 	client.Client
 	Scheme      *runtime.Scheme
 	UnifiClient *unifi.UnifiClient
-	OperatorConfig   *config.OperatorConfig
+	ConfigLoader *config.ConfigLoaderType
 }
 
 // +kubebuilder:rbac:groups=unifi.engen.priv.no,resources=firewallgroups,verbs=get;list;watch;create;update;patch;delete
 // +kubebuilder:rbac:groups=unifi.engen.priv.no,resources=firewallgroups/status,verbs=get;update;patch
 // +kubebuilder:rbac:groups=unifi.engen.priv.no,resources=firewallgroups/finalizers,verbs=update
 // +kubebuilder:rbac:groups="",resources=services,verbs=list;get;watch
+// +kubebuilder:rbac:groups="",resources=configmaps,verbs=list;get
 
 // Reconcile is part of the main kubernetes reconciliation loop which aims to
 // move the current state of the cluster closer to the desired state.
@@ -68,6 +69,15 @@ type FirewallGroupReconciler struct {
 
 func (r *FirewallGroupReconciler) Reconcile(ctx context.Context, req reconcile.Request) (reconcile.Result, error) {
 	log := log.FromContext(ctx)
+	
+	cfg, err := r.ConfigLoader.GetConfig(ctx, "unifi-operator-config")
+        if err != nil {
+            return ctrl.Result{}, err
+        }
+
+        defaultNs := cfg.Data["defaultNamespace"]
+	log.Info(defaultNs)
+
 	var nwObj unifiv1beta1.FirewallGroup
 	if err := r.Get(ctx, req.NamespacedName, &nwObj); err != nil {
 		return reconcile.Result{}, client.IgnoreNotFound(err)
@@ -172,7 +182,7 @@ func (r *FirewallGroupReconciler) Reconcile(ctx context.Context, req reconcile.R
 	nwObj.Status.LastSyncTime = &currentTime
 	nwObj.Status.SyncedWithUnifi = true
 
-	err := r.UnifiClient.Reauthenticate()
+	err = r.UnifiClient.Reauthenticate()
 	if err != nil {
 		return reconcile.Result{}, err
 	}

internal/controller/firewallrule_controller.go

@@ -34,12 +34,13 @@ type FirewallRuleReconciler struct {
 	client.Client
 	Scheme *runtime.Scheme
 	UnifiClient      *unifi.UnifiClient
-	OperatorConfig   *config.OperatorConfig
+	ConfigLoader *config.ConfigLoaderType
 }
 
 // +kubebuilder:rbac:groups=unifi.engen.priv.no,resources=firewallrules,verbs=get;list;watch;create;update;patch;delete
 // +kubebuilder:rbac:groups=unifi.engen.priv.no,resources=firewallrules/status,verbs=get;update;patch
 // +kubebuilder:rbac:groups=unifi.engen.priv.no,resources=firewallrules/finalizers,verbs=update
+// +kubebuilder:rbac:groups="",resources=configmaps,verbs=list;get
 
 // Reconcile is part of the main kubernetes reconciliation loop which aims to
 // move the current state of the cluster closer to the desired state.
@@ -51,10 +52,18 @@ type FirewallRuleReconciler struct {
 // For more details, check Reconcile and its Result here:
 // - https://pkg.go.dev/sigs.k8s.io/controller-runtime@v0.20.2/pkg/reconcile
 func (r *FirewallRuleReconciler) Reconcile(ctx context.Context, req ctrl.Request) (ctrl.Result, error) {
-	_ = log.FromContext(ctx)
+	log := log.FromContext(ctx)
 
 	// TODO(user): your logic here
 
+	cfg, err := r.ConfigLoader.GetConfig(ctx, "unifi-operator-config")
+        if err != nil {
+            return ctrl.Result{}, err
+        }
+
+        defaultNs := cfg.Data["defaultNamespace"]
+	log.Info(defaultNs)
+
 	return ctrl.Result{}, nil
 }
 

internal/controller/firewallzone_controller.go

@@ -38,7 +38,7 @@ type FirewallZoneReconciler struct {
 	client.Client
 	Scheme      *runtime.Scheme
 	UnifiClient *unifi.UnifiClient
-	OperatorConfig   *config.OperatorConfig
+	ConfigLoader *config.ConfigLoaderType
 }
 
 func toKubeName(input string) string {
@@ -66,6 +66,7 @@ func toKubeName(input string) string {
 // +kubebuilder:rbac:groups=unifi.engen.priv.no,resources=firewallzones,verbs=get;list;watch;create;update;patch;delete
 // +kubebuilder:rbac:groups=unifi.engen.priv.no,resources=firewallzones/status,verbs=get;update;patch
 // +kubebuilder:rbac:groups=unifi.engen.priv.no,resources=firewallzones/finalizers,verbs=update
+// +kubebuilder:rbac:groups="",resources=configmaps,verbs=list;get
 
 // Reconcile is part of the main kubernetes reconciliation loop which aims to
 // move the current state of the cluster closer to the desired state.
@@ -79,8 +80,15 @@ func toKubeName(input string) string {
 func (r *FirewallZoneReconciler) Reconcile(ctx context.Context, req ctrl.Request) (ctrl.Result, error) {
 	log := log.FromContext(ctx)
 
+	cfg, err := r.ConfigLoader.GetConfig(ctx, "unifi-operator-config")
+        if err != nil {
+            return ctrl.Result{}, err
+        }
+
+        defaultNs := cfg.Data["defaultNamespace"]
+
 	var fwzCRDs unifiv1beta1.FirewallZoneList
-	_ = r.List(ctx, &fwzCRDs, client.InNamespace(r.OperatorConfig.DefaultNamespace))
+	_ = r.List(ctx, &fwzCRDs, client.InNamespace(defaultNs))
 
 	firewall_zones, err := r.UnifiClient.Client.ListFirewallZones(context.Background(), r.UnifiClient.SiteID)
 	if err != nil {
@@ -113,7 +121,7 @@ func (r *FirewallZoneReconciler) Reconcile(ctx context.Context, req ctrl.Request
 			zoneCRD := &unifiv1beta1.FirewallZone {
 				ObjectMeta : ctrl.ObjectMeta {
 				   Name: toKubeName(unifizone.Name),
-			  	   Namespace: r.OperatorConfig.DefaultNamespace,
+			  	   Namespace: defaultNs,
 			   	},
 				Spec: unifiv1beta1.FirewallZoneSpec {
 					Name : unifizone.Name,

internal/controller/networkconfiguration_controller.go

@@ -35,12 +35,13 @@ type NetworkconfigurationReconciler struct {
 	client.Client
 	Scheme      *runtime.Scheme
 	UnifiClient *unifi.UnifiClient
-	OperatorConfig   *config.OperatorConfig
+	ConfigLoader *config.ConfigLoaderType
 }
 
 // +kubebuilder:rbac:groups=unifi.engen.priv.no,resources=networkconfigurations,verbs=get;list;watch;create;update;patch;delete
 // +kubebuilder:rbac:groups=unifi.engen.priv.no,resources=networkconfigurations/status,verbs=get;update;patch
 // +kubebuilder:rbac:groups=unifi.engen.priv.no,resources=networkconfigurations/finalizers,verbs=update
+// +kubebuilder:rbac:groups="",resources=configmaps,verbs=list;get
 
 // Reconcile is part of the main kubernetes reconciliation loop which aims to
 // move the current state of the cluster closer to the desired state.
@@ -53,6 +54,13 @@ type NetworkconfigurationReconciler struct {
 // - https://pkg.go.dev/sigs.k8s.io/controller-runtime@v0.20.2/pkg/reconcile
 func (r *NetworkconfigurationReconciler) Reconcile(ctx context.Context, req ctrl.Request) (ctrl.Result, error) {
 	log := log.FromContext(ctx)
+	cfg, err := r.ConfigLoader.GetConfig(ctx, "unifi-operator-config")
+        if err != nil {
+            return ctrl.Result{}, err
+        }
+
+        defaultNs := cfg.Data["defaultNamespace"]
+	log.Info(defaultNs)
 
 	var networkCRDs unifiv1.NetworkconfigurationList
 	if err := r.List(ctx, &networkCRDs); err != nil {
@@ -105,14 +113,6 @@ func (r *NetworkconfigurationReconciler) Reconcile(ctx context.Context, req ctrl
 
 // SetupWithManager sets up the controller with the Manager.
 func (r *NetworkconfigurationReconciler) SetupWithManager(mgr ctrl.Manager) error {
-	ctx := context.Background()
-	cfgLoader := config.New(mgr.GetClient(), "unifi-operator-config", "unifi-network-operator-system")
-
-	cfg, err := cfgLoader.Load(ctx)
-	if err != nil {
-		return err
-	}
-	r.OperatorConfig = cfg
 	return ctrl.NewControllerManagedBy(mgr).
 		For(&unifiv1.Networkconfiguration{}).
 		Named("networkconfiguration").