From 38d9d2ea0e727634453247eab4b655e3e145e20c Mon Sep 17 00:00:00 2001
From: Ian Martin <ian@imartin.net>
Date: Thu, 22 Apr 2021 01:22:31 -0600
Subject: [PATCH] Ambassador can watch multiple namespaces (#7516)

* Ambassador can watch multiple namespaces

* update variable name per PR review
---
 inventory/sample/group_vars/k8s-cluster/addons.yml            | 1 +
 roles/kubernetes-apps/ingress_controller/ambassador/README.md | 4 ++++
 .../ingress_controller/ambassador/defaults/main.yml           | 3 ++-
 .../ambassador/templates/deploy-ambassador.yml.j2             | 4 ++++
 4 files changed, 11 insertions(+), 1 deletion(-)

diff --git a/inventory/sample/group_vars/k8s-cluster/addons.yml b/inventory/sample/group_vars/k8s-cluster/addons.yml
index 73528c168..642ebea43 100644
--- a/inventory/sample/group_vars/k8s-cluster/addons.yml
+++ b/inventory/sample/group_vars/k8s-cluster/addons.yml
@@ -115,6 +115,7 @@ ingress_publish_status_address: ""
 ingress_ambassador_enabled: false
 # ingress_ambassador_namespace: "ambassador"
 # ingress_ambassador_version: "*"
+# ingress_ambassador_multi_namespaces: false
 
 # ALB ingress controller deployment
 ingress_alb_enabled: false
diff --git a/roles/kubernetes-apps/ingress_controller/ambassador/README.md b/roles/kubernetes-apps/ingress_controller/ambassador/README.md
index 3602aaa34..98637a216 100644
--- a/roles/kubernetes-apps/ingress_controller/ambassador/README.md
+++ b/roles/kubernetes-apps/ingress_controller/ambassador/README.md
@@ -29,6 +29,10 @@ versions of Ambassador as they become available.
   for specifying when the Operator should try to update the Ambassador API Gateway.
 - `ingress_ambassador_version` (defaulkt: `*`): SemVer rule for versions allowed for
   installation/updates.
+- `ingress_ambassador_multi_namespaces` (default `false`): By default, Ambassador will only
+  watch the `ingress_ambassador_namespace` namespace for `AmbassadorInstallation` CRD resources.
+  When set to `true`, this value will tell the Ambassador Operator to watch **all** namespaces
+  for CRDs. If you want to run multiple Ambassador ingress instances, set this to `true`.
 
 ## Ingress annotations
 
diff --git a/roles/kubernetes-apps/ingress_controller/ambassador/defaults/main.yml b/roles/kubernetes-apps/ingress_controller/ambassador/defaults/main.yml
index 5d8f48050..a71645a10 100644
--- a/roles/kubernetes-apps/ingress_controller/ambassador/defaults/main.yml
+++ b/roles/kubernetes-apps/ingress_controller/ambassador/defaults/main.yml
@@ -6,4 +6,5 @@ ingress_ambassador_replicas: 1
 ingress_ambassador_insecure_port: 80
 ingress_ambassador_secure_port: 443
 ingress_ambassador_extra_args: []
-ingress_ambassador_host_network: false
\ No newline at end of file
+ingress_ambassador_host_network: false
+ingress_ambassador_multi_namespaces: false
diff --git a/roles/kubernetes-apps/ingress_controller/ambassador/templates/deploy-ambassador.yml.j2 b/roles/kubernetes-apps/ingress_controller/ambassador/templates/deploy-ambassador.yml.j2
index 8cf4676d5..58fa32b4e 100644
--- a/roles/kubernetes-apps/ingress_controller/ambassador/templates/deploy-ambassador.yml.j2
+++ b/roles/kubernetes-apps/ingress_controller/ambassador/templates/deploy-ambassador.yml.j2
@@ -32,9 +32,13 @@ spec:
           imagePullPolicy: {{ k8s_image_pull_policy }}
           env:
             - name: WATCH_NAMESPACE
+              {%- if ingress_ambassador_multi_namespaces %}
+              value: ''
+              {%- else %}
               valueFrom:
                 fieldRef:
                   fieldPath: metadata.namespace
+              {%- end %}
             - name: POD_NAME
               valueFrom:
                 fieldRef:
-- 
GitLab