controlplane: split out SystemNamespaces

Signed-off-by: Dr. Stefan Schimanski <stefan.schimanski@gmail.com>
2025-08-03 01:06:27 +00:00 · 2024-04-27 10:01:47 +02:00 · 2024-04-27 10:01:47 +02:00 · 3daae717c3
commit 3daae717c3
parent 7b73ee018c
9 changed files with 16 additions and 6 deletions
--- a/cmd/kube-apiserver/app/options/options.go
+++ b/cmd/kube-apiserver/app/options/options.go
@ -22,6 +22,7 @@ import (
 	"strings"
 	"time"
 	v1 "k8s.io/api/core/v1"
 	utilnet "k8s.io/apimachinery/pkg/util/net"
 	cliflag "k8s.io/component-base/cli/flag"
@ -92,6 +93,8 @@ func NewServerRunOptions() *ServerRunOptions {
 		},
 	}
 	s.Options.SystemNamespaces = append(s.Options.SystemNamespaces, v1.NamespaceNodeLease)
 	return &s
 }
--- a/cmd/kube-apiserver/app/options/options_test.go
+++ b/cmd/kube-apiserver/app/options/options_test.go
@ -291,6 +291,7 @@ func TestAddFlags(t *testing.T) {
 				ConfigFile: "/var/run/kubernetes/tracing_config.yaml",
 			},
 			AggregatorRejectForwardingRedirects: true,
 			SystemNamespaces:                    []string{"kube-system", "kube-public", "default", "kube-node-lease"},
 		},
 		Extra: Extra{
--- a/cmd/kube-apiserver/app/server.go
+++ b/cmd/kube-apiserver/app/server.go
@ -239,6 +239,7 @@ func CreateKubeAPIServerConfig(opts options.CompletedOptions) (
 				EventTTL:                opts.EventTTL,
 				EnableLogsSupport:       opts.EnableLogsHandler,
 				ProxyTransport:          proxyTransport,
 				SystemNamespaces:        opts.SystemNamespaces,
 				ServiceAccountIssuer:        opts.ServiceAccountIssuer,
 				ServiceAccountMaxExpiration: opts.ServiceAccountTokenMaxExpiration,
--- a/pkg/controlplane/apiserver/config.go
+++ b/pkg/controlplane/apiserver/config.go
@ -76,6 +76,8 @@ type Extra struct {
 	ServiceAccountJWKSURI    string
 	ServiceAccountPublicKeys []interface{}
 	SystemNamespaces []string
 	VersionedInformers clientgoinformers.SharedInformerFactory
 }
--- a/pkg/controlplane/apiserver/options/options.go
+++ b/pkg/controlplane/apiserver/options/options.go
@ -24,6 +24,7 @@ import (
 	"strings"
 	"time"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	peerreconcilers "k8s.io/apiserver/pkg/reconcilers"
 	genericoptions "k8s.io/apiserver/pkg/server/options"
 	"k8s.io/apiserver/pkg/storage/storagebackend"
@ -83,6 +84,8 @@ type Options struct {
 	ServiceAccountTokenMaxExpiration time.Duration
 	ShowHiddenMetricsForVersion string
 	SystemNamespaces []string
 }
 // completedServerRunOptions is a private wrapper that enforces a call of Complete() before Run can be invoked.
@ -115,6 +118,7 @@ func NewOptions() *Options {
 		EnableLogsHandler:                   true,
 		EventTTL:                            1 * time.Hour,
 		AggregatorRejectForwardingRedirects: true,
 		SystemNamespaces:                    []string{metav1.NamespaceSystem, metav1.NamespacePublic, metav1.NamespaceDefault},
 	}
 	// Overwrite the default for storage data format.
--- a/pkg/controlplane/apiserver/options/options_test.go
+++ b/pkg/controlplane/apiserver/options/options_test.go
@ -277,6 +277,7 @@ func TestAddFlags(t *testing.T) {
 			ConfigFile: "/var/run/kubernetes/tracing_config.yaml",
 		},
 		AggregatorRejectForwardingRedirects: true,
 		SystemNamespaces:                    []string{"kube-system", "kube-public", "default"},
 	}
 	expected.Authentication.OIDC.UsernameClaim = "sub"
--- a/pkg/controlplane/controller/systemnamespaces/system_namespaces_controller.go
+++ b/pkg/controlplane/controller/systemnamespaces/system_namespaces_controller.go
@ -46,8 +46,7 @@ type Controller struct {
 }
 // NewController creates a new Controller to ensure system namespaces exist.
-func NewController(clientset kubernetes.Interface, namespaceInformer coreinformers.NamespaceInformer) *Controller {
+func NewController(systemNamespaces []string, clientset kubernetes.Interface, namespaceInformer coreinformers.NamespaceInformer) *Controller {
 	systemNamespaces := []string{metav1.NamespaceSystem, metav1.NamespacePublic, v1.NamespaceNodeLease, metav1.NamespaceDefault}
 	interval := 1 * time.Minute
 	return &Controller{
--- a/pkg/controlplane/controller/systemnamespaces/system_namespaces_controller_test.go
+++ b/pkg/controlplane/controller/systemnamespaces/system_namespaces_controller_test.go
@ -30,8 +30,6 @@ import (
 // Test_Controller validates the garbage collection logic for the apiserverleasegc controller.
 func Test_Controller(t *testing.T) {
 	systemNamespaces := []string{metav1.NamespaceSystem, metav1.NamespacePublic, v1.NamespaceNodeLease}
 	tests := []struct {
 		name       string
 		namespaces []string
@ -107,7 +105,8 @@ func Test_Controller(t *testing.T) {
 				namespaceInformer.Informer().GetIndexer().Add(obj)
 			}
-			controller := NewController(clientset, namespaceInformer)
+			systemNamespaces := []string{metav1.NamespaceSystem, metav1.NamespacePublic, v1.NamespaceNodeLease, metav1.NamespaceDefault}
 			controller := NewController(systemNamespaces, clientset, namespaceInformer)
 			clientset.PrependReactor("create", "namespaces", func(action k8stesting.Action) (bool, runtime.Object, error) {
 				create := action.(k8stesting.CreateAction)
--- a/pkg/controlplane/instance.go
+++ b/pkg/controlplane/instance.go
@ -465,7 +465,7 @@ func (c CompletedConfig) New(delegationTarget genericapiserver.DelegationTarget)
 	}
 	m.GenericAPIServer.AddPostStartHookOrDie("start-system-namespaces-controller", func(hookContext genericapiserver.PostStartHookContext) error {
-		go systemnamespaces.NewController(client, c.ControlPlane.Extra.VersionedInformers.Core().V1().Namespaces()).Run(hookContext.StopCh)
+		go systemnamespaces.NewController(c.ControlPlane.SystemNamespaces, client, c.ControlPlane.Extra.VersionedInformers.Core().V1().Namespaces()).Run(hookContext.StopCh)
 		return nil
 	})