Provide option for kubernetes to watch only a specific namespace (#433)

docs/k8s-deployment-cluster-role.yaml

@@ -0,0 +1,86 @@
+# used by ../skaffold.yaml
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: mc-router
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: services-watcher
+rules:
+  - apiGroups: [""]
+    resources: ["services"]
+    verbs: ["watch","list"]
+  - apiGroups: ["apps"]
+    resources: ["statefulsets"]
+    verbs: ["watch","list","get","update"]
+  - apiGroups: ["apps"]
+    resources: ["statefulsets/scale"]
+    verbs: ["get","update"]
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: mc-router-services-watcher
+subjects:
+  - kind: ServiceAccount
+    name: mc-router
+    namespace: default
+roleRef:
+  kind: ClusterRole
+  name: services-watcher
+  apiGroup: rbac.authorization.k8s.io
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  labels:
+    app: mc-router
+  name: mc-router-deployment
+spec:
+  selector:
+    matchLabels:
+      app: mc-router
+  strategy:
+    type: Recreate
+  template:
+    metadata:
+      labels:
+        app: mc-router
+    spec:
+      serviceAccountName: mc-router
+      containers:
+      - image: itzg/mc-router
+        name: mc-router
+        # Add "--auto-scale-up" here for https://github.com/itzg/mc-router/#auto-scale-up
+        args:
+          - --api-binding
+          - :8080
+          - --in-kube-cluster
+        ports:
+        - name: proxy
+          containerPort: 25565
+        - name: web
+          containerPort: 8080
+        resources:
+          requests:
+            memory: 50Mi
+            cpu: "100m"
+          limits:
+            memory: 100Mi
+            cpu: "250m"
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: mc-router
+spec:
+  selector:
+    app: mc-router
+  ports:
+    - protocol: TCP
+      port: 25565
+      targetPort: proxy
+  type: NodePort

docs/k8s-deployment.yaml

@@ -6,7 +6,7 @@ metadata:
   name: mc-router
 ---
 apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRole
+kind: Role
 metadata:
   name: services-watcher
 rules:
@@ -14,11 +14,14 @@ rules:
     resources: ["services"]
     verbs: ["watch","list"]
   - apiGroups: ["apps"]
-    resources: ["statefulsets", "statefulsets/scale"]
+    resources: ["statefulsets"]
     verbs: ["watch","list","get","update"]
+  - apiGroups: ["apps"]
+    resources: ["statefulsets/scale"]
+    verbs: ["get","update"]
 ---
 apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRoleBinding
+kind: RoleBinding
 metadata:
   name: mc-router-services-watcher
 subjects:
@@ -26,7 +29,7 @@ subjects:
     name: mc-router
     namespace: default
 roleRef:
-  kind: ClusterRole
+  kind: Role
   name: services-watcher
   apiGroup: rbac.authorization.k8s.io
 ---
@@ -35,7 +38,7 @@ kind: Deployment
 metadata:
   labels:
     app: mc-router
-  name: mc-router-deployment
+  name: mc-router
 spec:
   selector:
     matchLabels:
@@ -56,6 +59,11 @@ spec:
           - --api-binding
           - :8080
           - --in-kube-cluster
+        env:
+          - name: KUBE_NAMESPACE
+            valueFrom:
+              fieldRef:
+                fieldPath: metadata.namespace
         ports:
         - name: proxy
           containerPort: 25565