restrict manager resource cache to only operator namespace

Signed-off-by: Leela Venkaiah G <[email protected]>

cmd/main.go

@@ -19,6 +19,7 @@ package main
 import (
 	"crypto/tls"
 	"flag"
+	"fmt"
 	"os"
 
 	// Import all Kubernetes client auth plugins (e.g. Azure, GCP, OIDC, etc.)
@@ -29,6 +30,7 @@ import (
 	utilruntime "k8s.io/apimachinery/pkg/util/runtime"
 	clientgoscheme "k8s.io/client-go/kubernetes/scheme"
 	ctrl "sigs.k8s.io/controller-runtime"
+	"sigs.k8s.io/controller-runtime/pkg/cache"
 	"sigs.k8s.io/controller-runtime/pkg/healthz"
 	"sigs.k8s.io/controller-runtime/pkg/log/zap"
 	metricsserver "sigs.k8s.io/controller-runtime/pkg/metrics/server"
@@ -94,6 +96,11 @@ func main() {
 		TLSOpts: tlsOpts,
 	})
 
+	operatorNamespace, err := getOperatorNamespace()
+	if err != nil {
+		setupLog.Error(err, "manager requires namespace to be registered for caching resources")
+		os.Exit(1)
+	}
 	mgr, err := ctrl.NewManager(ctrl.GetConfigOrDie(), ctrl.Options{
 		Scheme: scheme,
 		Metrics: metricsserver.Options{
@@ -116,6 +123,9 @@ func main() {
 		// if you are doing or is intended to do any operation such as perform cleanups
 		// after the manager stops then its usage might be unsafe.
 		// LeaderElectionReleaseOnCancel: true,
+		Cache: cache.Options{
+			DefaultNamespaces: map[string]cache.Config{operatorNamespace: {}},
+		},
 	})
 	if err != nil {
 		setupLog.Error(err, "unable to start manager")
@@ -160,3 +170,14 @@ func main() {
 		os.Exit(1)
 	}
 }
+
+// getOperatorNamespace returns the Namespace the operator should be watching for changes
+func getOperatorNamespace() (string, error) {
+	var operatorNamespaceEnvVar = "OPERATOR_NAMESPACE"
+
+	ns := os.Getenv(operatorNamespaceEnvVar)
+	if ns == "" {
+		return "", fmt.Errorf("%s must be set", operatorNamespaceEnvVar)
+	}
+	return ns, nil
+}