Remove namespace on dnsProviderSecretRef to force same namespace as M…

…anagedZone
Kuadrant · Dec 8, 2023 · 4abe0e9 · 4abe0e9
1 parent ee86457
commit 4abe0e9
Show file tree

Hide file tree

Showing 11 changed files with 4 additions and 20 deletions.
diff --git a/config/local-setup/controller/aws/managed_zone.yaml b/config/local-setup/controller/aws/managed_zone.yaml
@@ -8,5 +8,3 @@ spec:
   description: "Dev Managed Zone"
   dnsProviderSecretRef:
     name: mgc-aws-credentials
-    namespace: multi-cluster-gateways
-
diff --git a/config/local-setup/controller/gcp/managed_zone.yaml b/config/local-setup/controller/gcp/managed_zone.yaml
@@ -8,5 +8,3 @@ spec:
   description: "Dev Managed Zone"
   dnsProviderSecretRef:
     name: mgc-gcp-credentials
-    namespace: multi-cluster-gateways
-
diff --git a/config/policy-controller/crd/bases/kuadrant.io_managedzones.yaml b/config/policy-controller/crd/bases/kuadrant.io_managedzones.yaml
@@ -63,11 +63,8 @@ spec:
                 properties:
                   name:
                     type: string
-                  namespace:
-                    type: string
                 required:
                 - name
-                - namespace
                 type: object
               domainName:
                 description: Domain name of this ManagedZone

diff --git a/docs/demos/dns-policy/resources/managedzone_jm.hcpapps.net.yaml b/docs/demos/dns-policy/resources/managedzone_jm.hcpapps.net.yaml
@@ -9,5 +9,3 @@ spec:
   description: "jm.hcpapps.net managed domain"
   dnsProviderSecretRef:
     name: mgc-aws-credentials
-    namespace: multi-cluster-gateways
-    type: AWS
diff --git a/docs/dnspolicy/dnspolicy.md b/docs/dnspolicy/dnspolicy.md
@@ -117,7 +117,6 @@ spec:
   description: "apps.hcpapps.net managed domain"
   dnsProviderSecretRef:
     name: my-aws-credentials
-    namespace: <ManagedZone Namespace>
 ```
 
 The managed zone references a secret containing the external DNS provider services credentials.

diff --git a/docs/how-to/multicluster-loadbalanced-dnspolicy.md b/docs/how-to/multicluster-loadbalanced-dnspolicy.md
@@ -62,7 +62,6 @@ spec:
   description: "apps.hcpapps.net managed domain"
   dnsProviderSecretRef:
     name: my-aws-credentials
-    namespace: multi-cluster-gateways
 ```
 
 ## DNSPolicy creation and attachment

diff --git a/docs/installation/control-plane-installation.md b/docs/installation/control-plane-installation.md
@@ -149,7 +149,6 @@ spec:
   description: "Dev Managed Zone"
   dnsProviderSecretRef:
     name: mgc-aws-credentials
-    namespace: multi-cluster-gateways
 EOF
 ```
 #### GCP
@@ -167,7 +166,6 @@ spec:
   description: "Dev Managed Zone"
   dnsProviderSecretRef:
     name: mgc-gcp-credentials
-    namespace: multi-cluster-gateways
 EOF
 ```
 

diff --git a/docs/managed-zone.md b/docs/managed-zone.md
@@ -45,7 +45,6 @@ spec:
   description: "My Managed Zone"
   dnsProviderSecretRef:
     name: my-aws-credentials
-    namespace: multicluster-gateway-controller-system
 EOF
 ```
 
@@ -66,7 +65,6 @@ spec:
   description: "My Managed Zone"
   dnsProviderSecretRef:
     name: my-aws-credentials
-    namespace: multicluster-gateway-controller-system
 EOF
 ```
 
@@ -75,6 +73,8 @@ EOF
 This is a reference to secret containing the credentials and other configuration for accessing your dns provider
 [dnsProvider](/docs/dnspolicy/dns-provider.md)
 
+**Note:** the Secret referenced in the `dnsProviderSecretRef` field must be in the same namespace as the ManagedZone.
+
 **Note:** as an `id` was specified, the Managed Gateway Controller will not re-create this zone, nor will it delete it if this `ManagedZone` is deleted.
 
 ### Current limitations

diff --git a/hack/.deployUtils b/hack/.deployUtils
@@ -361,7 +361,6 @@ spec:
   description: "Dev Managed Zone"
   dnsProviderSecretRef:
     name: ${KIND_CLUSTER_PREFIX}aws-credentials
-    namespace: multicluster-gateway-controller-system
 EOF
 }
 
@@ -398,7 +397,6 @@ spec:
   description: "Dev Managed Zone"
   dnsProviderSecretRef:
     name: ${KIND_CLUSTER_PREFIX}gcp-credentials
-    namespace: multicluster-gateway-controller-system
 EOF
 }
 

diff --git a/pkg/apis/v1alpha1/managedzone_types.go b/pkg/apis/v1alpha1/managedzone_types.go
@@ -46,8 +46,7 @@ type ManagedZoneSpec struct {
 
 type SecretRef struct {
 	//+required
-	Namespace string `json:"namespace"`
-	Name      string `json:"name"`
+	Name string `json:"name"`
 }
 
 // ManagedZoneStatus defines the observed state of a Zone

diff --git a/pkg/dns/dnsprovider/dnsProvider.go b/pkg/dns/dnsprovider/dnsProvider.go
@@ -33,7 +33,7 @@ func (p *providerFactory) DNSProviderFactory(ctx context.Context, managedZone *v
 	providerSecret := &v1.Secret{
 		ObjectMeta: metav1.ObjectMeta{
 			Name:      managedZone.Spec.SecretRef.Name,
-			Namespace: managedZone.Spec.SecretRef.Namespace,
+			Namespace: managedZone.Namespace, // must be in same namespace as ManagedZone
 		}}
 
 	if err := p.Client.Get(ctx, client.ObjectKeyFromObject(providerSecret), providerSecret); err != nil {