Allow the option to run kubechecks in namespaced scope

Signed-off-by: Abhi Kapoor <[email protected]>
zapier · Dec 7, 2024 · 532b9ae · 532b9ae
1 parent dd1ca0f
commit 532b9ae
Show file tree

Hide file tree

Showing 5 changed files with 15 additions and 2 deletions.
diff --git a/charts/kubechecks/Chart.yaml b/charts/kubechecks/Chart.yaml
@@ -1,7 +1,7 @@
 apiVersion: v2
 name: kubechecks
 description: A Helm chart for kubechecks
-version: 0.4.5
+version: 0.4.6
 type: application
 maintainers:
   - name: zapier
diff --git a/charts/kubechecks/values.yaml b/charts/kubechecks/values.yaml
@@ -4,6 +4,7 @@ commonLabels: {}
 configMap:
   create: false
   env: {}
+  # KUBECHECKS_ALLOWED_NAMESPACES: default,namespace-a
   # KUBECHECKS_ARGOCD_API_INSECURE: "false"
   # KUBECHECKS_ARGOCD_API_PATH_PREFIX: /
   # KUBECHECKS_ARGOCD_API_NAMESPACE: argocd

diff --git a/cmd/root.go b/cmd/root.go
@@ -109,6 +109,7 @@ func init() {
 	stringFlag(flags, "worst-hooks-state", "The worst state that can be returned from the hooks renderer.",
 		newStringOpts().
 			withDefault("panic"))
+	stringSliceFlag(flags, "allowed-namespaces", "Run Kubechecks in namespaced scope instead of cluster scope by specifying the namespaces to monitor.")
 
 	panicIfError(viper.BindPFlags(flags))
 	setupLogOutput()

diff --git a/pkg/config/config.go b/pkg/config/config.go
@@ -60,6 +60,7 @@ type ServerConfig struct {
 	WorstPreupgradeState pkg.CommitState `mapstructure:"worst-preupgrade-state"`
 
 	// misc
+	AllowedNamespaces        []string      `mapstructure:"allowed-namespaces"`
 	FallbackK8sVersion       string        `mapstructure:"fallback-k8s-version"`
 	LabelFilter              string        `mapstructure:"label-filter"`
 	LogLevel                 zerolog.Level `mapstructure:"log-level"`

diff --git a/pkg/events/check.go b/pkg/events/check.go
@@ -4,6 +4,7 @@ import (
 	"context"
 	"fmt"
 	"reflect"
+	"slices"
 	"strings"
 	"sync"
 	"sync/atomic"
@@ -286,7 +287,16 @@ func (ce *CheckEvent) Process(ctx context.Context) error {
 	ce.logger.Info().Msgf("adding %d apps to the queue", len(ce.affectedItems.Applications))
 	// Produce apps onto channel
 	for _, app := range ce.affectedItems.Applications {
-		ce.queueApp(app)
+		if len(ce.ctr.Config.AllowedNamespaces) > 0 {
+			ns := strings.Split(ce.ctr.Config.AllowedNamespaces[0], ",")
+			if slices.Contains(ns, app.Spec.Destination.Namespace) {
+				ce.queueApp(app)
+			} else {
+				ce.logger.Info().Msgf("skipping app %s, namespace %s not allowed", app.Name, app.Spec.Destination.Namespace)
+			}
+		} else {
+			ce.queueApp(app)
+		}
 	}
 
 	ce.wg.Wait()