Add check for watch_namespace before mutating Pod

Signed-off-by: Janario Oliveira <[email protected]>

Author: janario

internal/config/main.go

@@ -58,6 +58,7 @@ type Config struct {
 	openshiftRoutesAvailability         openshift.RoutesAvailability
 	labelsFilter                        []string
 	annotationsFilter                   []string
+	namespaces                          []string
 }
 
 // New constructs a new configuration based on the given options.
@@ -99,6 +100,7 @@ func New(opts ...Option) Config {
 		autoInstrumentationNginxImage:       o.autoInstrumentationNginxImage,
 		labelsFilter:                        o.labelsFilter,
 		annotationsFilter:                   o.annotationsFilter,
+		namespaces:                          o.namespaces,
 	}
 }
 
@@ -218,3 +220,8 @@ func (c *Config) LabelsFilter() []string {
 func (c *Config) AnnotationsFilter() []string {
 	return c.annotationsFilter
 }
+
+// Namespaces Returns the namespaces to be watched.
+func (c *Config) Namespaces() []string {
+	return c.namespaces
+}

internal/config/options.go

@@ -53,6 +53,7 @@ type options struct {
 	openshiftRoutesAvailability         openshift.RoutesAvailability
 	labelsFilter                        []string
 	annotationsFilter                   []string
+	namespaces                          []string
 }
 
 func WithAutoDetect(a autodetect.AutoDetect) Option {
@@ -219,3 +220,9 @@ func WithAnnotationFilters(annotationFilters []string) Option {
 		o.annotationsFilter = filters
 	}
 }
+
+func WithNamespaces(namespaces []string) Option {
+	return func(o *options) {
+		o.namespaces = namespaces
+	}
+}

internal/webhook/podmutation/webhookhandler.go

@@ -18,13 +18,14 @@ package podmutation
 import (
 	"context"
 	"encoding/json"
-	"net/http"
-
 	"github.com/go-logr/logr"
 	corev1 "k8s.io/api/core/v1"
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/types"
+	"net/http"
 	"sigs.k8s.io/controller-runtime/pkg/client"
 	"sigs.k8s.io/controller-runtime/pkg/webhook/admission"
+	"slices"
 
 	"github.com/open-telemetry/opentelemetry-operator/internal/config"
 )
@@ -88,7 +89,12 @@ func (p *podMutationWebhook) Handle(ctx context.Context, req admission.Request)
 		return res
 	}
 
-	for _, m := range p.podMutators {
+	var mutators []PodMutator
+	// mutate only in case the namespace is marked to be watched
+	if slices.Contains(p.config.Namespaces(), ns.Name) || slices.Contains(p.config.Namespaces(), metav1.NamespaceAll) {
+		mutators = p.podMutators
+	}
+	for _, m := range mutators {
 		pod, err = m.Mutate(ctx, ns, pod)
 		if err != nil {
 			res := admission.Errored(http.StatusInternalServerError, err)

main.go

@@ -19,6 +19,7 @@ import (
 	"crypto/tls"
 	"flag"
 	"fmt"
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"os"
 	"runtime"
 	"strings"
@@ -194,6 +195,21 @@ func main() {
 		os.Exit(1)
 	}
 
+	var watchNamespaces []string
+	var namespaces map[string]cache.Config
+	watchNamespace, found := os.LookupEnv("WATCH_NAMESPACE")
+	if found {
+		setupLog.Info("watching namespace(s)", "namespaces", watchNamespace)
+		namespaces = map[string]cache.Config{}
+		watchNamespaces = strings.Split(watchNamespace, ",")
+		for _, ns := range watchNamespaces {
+			namespaces[ns] = cache.Config{}
+		}
+	} else {
+		setupLog.Info("the env var WATCH_NAMESPACE isn't set, watching all namespaces")
+		watchNamespaces = []string{metav1.NamespaceAll}
+	}
+
 	cfg := config.New(
 		config.WithLogger(ctrl.Log.WithName("config")),
 		config.WithVersion(v),
@@ -215,24 +231,13 @@ func main() {
 		config.WithAutoDetect(ad),
 		config.WithLabelFilters(labelsFilter),
 		config.WithAnnotationFilters(annotationsFilter),
+		config.WithNamespaces(watchNamespaces),
 	)
 	err = cfg.AutoDetect()
 	if err != nil {
 		setupLog.Error(err, "failed to autodetect config variables")
 	}
 
-	var namespaces map[string]cache.Config
-	watchNamespace, found := os.LookupEnv("WATCH_NAMESPACE")
-	if found {
-		setupLog.Info("watching namespace(s)", "namespaces", watchNamespace)
-		namespaces = map[string]cache.Config{}
-		for _, ns := range strings.Split(watchNamespace, ",") {
-			namespaces[ns] = cache.Config{}
-		}
-	} else {
-		setupLog.Info("the env var WATCH_NAMESPACE isn't set, watching all namespaces")
-	}
-
 	// see https://github.com/openshift/library-go/blob/4362aa519714a4b62b00ab8318197ba2bba51cb7/pkg/config/leaderelection/leaderelection.go#L104
 	leaseDuration := time.Second * 137
 	renewDeadline := time.Second * 107