From 1a69f8c3ad6e5663095b642cb883b5709674cc53 Mon Sep 17 00:00:00 2001
From: Samuel Liu <liupeng0518@gmail.com>
Date: Sat, 15 Jan 2022 04:58:26 +0800
Subject: [PATCH] parameterized snaphot controller namespaces (#8305)

* Parameterized snaphot controller namespaces

* add ns yml

* add docs

* namespace
---
 inventory/sample/group_vars/k8s_cluster/addons.yml     |  2 ++
 .../snapshots/snapshot-controller/defaults/main.yml    |  1 +
 .../snapshots/snapshot-controller/tasks/main.yml       |  1 +
 .../templates/rbac-snapshot-controller.yml.j2          | 10 +++++-----
 .../templates/snapshot-controller.yml.j2               |  2 +-
 .../snapshot-controller/templates/snapshot-ns.yml.j2   |  7 +++++++
 6 files changed, 17 insertions(+), 6 deletions(-)
 create mode 100644 roles/kubernetes-apps/snapshots/snapshot-controller/templates/snapshot-ns.yml.j2

diff --git a/inventory/sample/group_vars/k8s_cluster/addons.yml b/inventory/sample/group_vars/k8s_cluster/addons.yml
index 4d875e175d3..dd3fb83ba49 100644
--- a/inventory/sample/group_vars/k8s_cluster/addons.yml
+++ b/inventory/sample/group_vars/k8s_cluster/addons.yml
@@ -57,6 +57,8 @@ local_volume_provisioner_enabled: false
 # currently, setting cinder_csi_enabled=true would automatically enable the snapshot controller
 # Longhorn is an extenal CSI that would also require setting this to true but it is not included in kubespray
 # csi_snapshot_controller_enabled: false
+# csi snapshot namespace
+# snapshot_controller_namespace: kube-system
 
 # CephFS provisioner deployment
 cephfs_provisioner_enabled: false
diff --git a/roles/kubernetes-apps/snapshots/snapshot-controller/defaults/main.yml b/roles/kubernetes-apps/snapshots/snapshot-controller/defaults/main.yml
index 9c757fb60cc..c72dfb2441e 100644
--- a/roles/kubernetes-apps/snapshots/snapshot-controller/defaults/main.yml
+++ b/roles/kubernetes-apps/snapshots/snapshot-controller/defaults/main.yml
@@ -1,2 +1,3 @@
 ---
 snapshot_controller_replicas: 1
+snapshot_controller_namespace: kube-system
diff --git a/roles/kubernetes-apps/snapshots/snapshot-controller/tasks/main.yml b/roles/kubernetes-apps/snapshots/snapshot-controller/tasks/main.yml
index c76eec6a266..9b25c721eb3 100644
--- a/roles/kubernetes-apps/snapshots/snapshot-controller/tasks/main.yml
+++ b/roles/kubernetes-apps/snapshots/snapshot-controller/tasks/main.yml
@@ -5,6 +5,7 @@
     dest: "{{ kube_config_dir }}/{{ item.file }}"
     mode: 0644
   with_items:
+    - {name: snapshot-ns, file: snapshot-ns.yml}
     - {name: rbac-snapshot-controller, file: rbac-snapshot-controller.yml}
     - {name: snapshot-controller, file: snapshot-controller.yml}
   register: snapshot_controller_manifests
diff --git a/roles/kubernetes-apps/snapshots/snapshot-controller/templates/rbac-snapshot-controller.yml.j2 b/roles/kubernetes-apps/snapshots/snapshot-controller/templates/rbac-snapshot-controller.yml.j2
index 277b87b843e..9413376869a 100644
--- a/roles/kubernetes-apps/snapshots/snapshot-controller/templates/rbac-snapshot-controller.yml.j2
+++ b/roles/kubernetes-apps/snapshots/snapshot-controller/templates/rbac-snapshot-controller.yml.j2
@@ -9,7 +9,7 @@ apiVersion: v1
 kind: ServiceAccount
 metadata:
   name: snapshot-controller
-  namespace: kube-system
+  namespace: {{ snapshot_controller_namespace }}
 
 ---
 kind: ClusterRole
@@ -51,7 +51,7 @@ metadata:
 subjects:
   - kind: ServiceAccount
     name: snapshot-controller
-    namespace: kube-system
+    namespace: {{ snapshot_controller_namespace }}
 roleRef:
   kind: ClusterRole
   # change the name also here if the ClusterRole gets renamed
@@ -62,7 +62,7 @@ roleRef:
 kind: Role
 apiVersion: rbac.authorization.k8s.io/v1
 metadata:
-  namespace: kube-system
+  namespace: {{ snapshot_controller_namespace }}
   name: snapshot-controller-leaderelection
 rules:
 - apiGroups: ["coordination.k8s.io"]
@@ -74,11 +74,11 @@ kind: RoleBinding
 apiVersion: rbac.authorization.k8s.io/v1
 metadata:
   name: snapshot-controller-leaderelection
-  namespace: kube-system
+  namespace: {{ snapshot_controller_namespace }}
 subjects:
   - kind: ServiceAccount
     name: snapshot-controller
-    namespace: kube-system
+    namespace: {{ snapshot_controller_namespace }}
 roleRef:
   kind: Role
   name: snapshot-controller-leaderelection
diff --git a/roles/kubernetes-apps/snapshots/snapshot-controller/templates/snapshot-controller.yml.j2 b/roles/kubernetes-apps/snapshots/snapshot-controller/templates/snapshot-controller.yml.j2
index a18244bfde0..d17ffb368b4 100644
--- a/roles/kubernetes-apps/snapshots/snapshot-controller/templates/snapshot-controller.yml.j2
+++ b/roles/kubernetes-apps/snapshots/snapshot-controller/templates/snapshot-controller.yml.j2
@@ -10,7 +10,7 @@ kind: Deployment
 apiVersion: apps/v1
 metadata:
   name: snapshot-controller
-  namespace: kube-system
+  namespace: {{ snapshot_controller_namespace }}
 spec:
   replicas: {{ snapshot_controller_replicas }}
   selector:
diff --git a/roles/kubernetes-apps/snapshots/snapshot-controller/templates/snapshot-ns.yml.j2 b/roles/kubernetes-apps/snapshots/snapshot-controller/templates/snapshot-ns.yml.j2
new file mode 100644
index 00000000000..bb30d60e214
--- /dev/null
+++ b/roles/kubernetes-apps/snapshots/snapshot-controller/templates/snapshot-ns.yml.j2
@@ -0,0 +1,7 @@
+---
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: {{ snapshot_controller_namespace }}
+  labels:
+    name: {{ snapshot_controller_namespace }}