Allow the option to run kubechecks in namespaced scope

Signed-off-by: Abhi Kapoor <[email protected]>
zapier · Dec 7, 2024 · a9c9a0a · a9c9a0a
1 parent 1092924
commit a9c9a0a
Show file tree

Hide file tree

Showing 4 changed files with 14 additions and 1 deletion.
diff --git a/charts/kubechecks/values.yaml b/charts/kubechecks/values.yaml
@@ -4,6 +4,7 @@ commonLabels: {}
 configMap:
   create: false
   env: {}
+  # KUBECHECKS_ALLOWED_NAMESPACES: default,namespace-a
   # KUBECHECKS_ARGOCD_API_INSECURE: "false"
   # KUBECHECKS_ARGOCD_API_PATH_PREFIX: /
   # KUBECHECKS_ARGOCD_API_NAMESPACE: argocd

diff --git a/cmd/root.go b/cmd/root.go
@@ -118,6 +118,7 @@ func init() {
 	stringFlag(flags, "replan-comment-msg", "comment message which re-triggers kubechecks on PR.",
 		newStringOpts().
 			withDefault("kubechecks again"))
+	stringSliceFlag(flags, "allowed-namespaces", "Run Kubechecks in namespaced scope instead of cluster scope by specifying the namespaces to monitor.")
 
 	panicIfError(viper.BindPFlags(flags))
 	setupLogOutput()

diff --git a/pkg/config/config.go b/pkg/config/config.go
@@ -67,6 +67,7 @@ type ServerConfig struct {
 	WorstPreupgradeState pkg.CommitState `mapstructure:"worst-preupgrade-state"`
 
 	// misc
+	AllowedNamespaces        []string      `mapstructure:"allowed-namespaces"`
 	FallbackK8sVersion       string        `mapstructure:"fallback-k8s-version"`
 	LabelFilter              string        `mapstructure:"label-filter"`
 	LogLevel                 zerolog.Level `mapstructure:"log-level"`

diff --git a/pkg/events/check.go b/pkg/events/check.go
@@ -4,6 +4,7 @@ import (
 	"context"
 	"fmt"
 	"reflect"
+	"slices"
 	"strings"
 	"sync"
 	"sync/atomic"
@@ -291,7 +292,16 @@ func (ce *CheckEvent) Process(ctx context.Context) error {
 	ce.logger.Info().Msgf("adding %d apps to the queue", len(ce.affectedItems.Applications))
 	// Produce apps onto channel
 	for _, app := range ce.affectedItems.Applications {
-		ce.queueApp(app)
+		if len(ce.ctr.Config.AllowedNamespaces) > 0 {
+			ns := strings.Split(ce.ctr.Config.AllowedNamespaces[0], ",")
+			if slices.Contains(ns, app.Spec.Destination.Namespace) {
+				ce.queueApp(app)
+			} else {
+				ce.logger.Info().Msgf("skipping app %s, namespace %s not allowed", app.Name, app.Spec.Destination.Namespace)
+			}
+		} else {
+			ce.queueApp(app)
+		}
 	}
 
 	ce.wg.Wait()