tczekajlo · GoodOldJack12 · Jul 20, 2022 · Jul 20, 2022 · Jul 26, 2022 · Oct 28, 2022
diff --git a/controller/services/controller.go b/controller/services/controller.go
@@ -74,7 +74,7 @@ func (c *Controller) cacheConsulAgent() (map[string]*consul.Adapter, error) {
 			consulAgents[node.ObjectMeta.Name] = consulAgent
 		}
 	} else if c.cfg.Controller.RegisterMode == config.RegisterPodMode {
-		pods, err := c.clientset.CoreV1().Pods("").List(v1.ListOptions{
+		pods, err := c.clientset.CoreV1().Pods(c.namespace).List(v1.ListOptions{
 			LabelSelector: c.cfg.Controller.PodLabelSelector,
 		})
 		if err != nil {
@@ -266,7 +266,9 @@ func (c *Controller) nodeDelete(obj interface{}) error {
 
 // Watch watches events in K8S cluster
 func (c *Controller) Watch() {
-	go c.watchNodes()
+	if c.cfg.Controller.RegisterMode == config.RegisterNodeMode {
+		go c.watchNodes()
+	}
 	go c.watchServices()
 }
 
@@ -498,6 +500,8 @@ func (c *Controller) getNodesIPs() ([]string, error) {
 	var listOptions v1.ListOptions
 	if c.cfg.Controller.RegisterMode == config.RegisterNodeMode {
 		listOptions.LabelSelector = c.cfg.Controller.ConsulNodeSelector
+	}else{
+		return nil, nil
 	}
 	nodes, err := c.clientset.CoreV1().Nodes().List(listOptions)
 	if err != nil {

diff --git a/examples/out-of-cluster/config.yaml b/examples/out-of-cluster/config.yaml
@@ -17,5 +17,4 @@ data:
     register_source: "pod"
 kind: ConfigMap
 metadata:
-    name: kube-consul-register
-    namespace: default
+    name: kube-consul-register
diff --git a/examples/out-of-cluster/nginx.yaml b/examples/out-of-cluster/nginx.yaml
@@ -4,7 +4,6 @@ metadata:
   labels:
     run: nginx
   name: nginx
-  namespace: default
 spec:
   replicas: 1
   selector:

diff --git a/examples/out-of-cluster/nginx_multi_containers.yaml b/examples/out-of-cluster/nginx_multi_containers.yaml
@@ -4,8 +4,7 @@ metadata:
   labels:
     run: nginx
   name: nginx
-  namespace: default
-spec:
+  spec:
   replicas: 1
   selector:
     matchLabels:

diff --git a/examples/single-namespace/Readme.md b/examples/single-namespace/Readme.md
@@ -0,0 +1,7 @@
+# Single Namespace Example
+
+## Usage
+Configure the namespace in `consul-register.yaml`
+
+## Pittfalls
+Node mode is not supported in this example, because we're under the assumption that we cannot access resources outside of our own namespace, like nodes.
diff --git a/examples/single-namespace/config.yaml b/examples/single-namespace/config.yaml
@@ -0,0 +1,20 @@
+apiVersion: v1
+data:
+    consul_address: "localhost"
+    consul_port: "8500"
+    consul_scheme: "http"
+    consul_ca_file: ""
+    consul_cert_file: ""
+    consul_key_file: ""
+    consul_insecure_skip_verify: "false"
+    consul_token: ""
+    consul_timeout: "2s"
+    consul_container_name: "consul"
+    consul_node_selector: "consul=enabled"
+    pod_label_selector: ""
+    k8s_tag: "kubernetes"
+    register_mode: "single"
+    register_source: "pod"
+kind: ConfigMap
+metadata:
+    name: kube-consul-register
diff --git a/examples/single-namespace/consul-register.yaml b/examples/single-namespace/consul-register.yaml
@@ -0,0 +1,28 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: kube-consul-register
+spec:
+  replicas: 1
+  template:
+    metadata:
+      labels:
+        app: kube-consul-register
+    spec:
+      containers:
+      - name: kube-consul-register
+        # image: tczekajlo/kube-consul-register:0.1.4
+        image: goodoldjack12/kube-consul-register:dev0.0.3
+        imagePullPolicy: Always
+        resources:
+          requests:
+            cpu: 1
+            memory: 300Mi
+        args:
+        - -logtostderr=true
+        - -configmap=mynamespace/kube-consul-register
+        - -watch-namespace=mynamespace
+        - -in-cluster=true
+  selector:
+    matchLabels:
+      app: kube-consul-register
diff --git a/examples/single-namespace/nginx.yaml b/examples/single-namespace/nginx.yaml
@@ -0,0 +1,39 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  labels:
+    run: nginx
+  name: nginx
+spec:
+  replicas: 3
+  selector:
+    matchLabels:
+      run: nginx
+  strategy:
+    rollingUpdate:
+      maxSurge: 1
+      maxUnavailable: 1
+    type: RollingUpdate
+  template:
+    metadata:
+      labels:
+        run: nginx
+        production: "tag" # Would create `production` tag for service `nginx`. Instead of `production:tag`.
+      annotations:
+        consul.register/enabled: "true"
+        consul.register/service.name: "nginx"
+    spec:
+      containers:
+      - image: nginx
+        imagePullPolicy: Always
+        name: nginx
+        livenessProbe:
+          httpGet:
+            path: /
+            port: 80
+          initialDelaySeconds: 3
+          periodSeconds: 3
+        ports:
+        - containerPort: 80
+      restartPolicy: Always
+      terminationGracePeriodSeconds: 30
diff --git a/examples/single-namespace/rolebinding.yaml b/examples/single-namespace/rolebinding.yaml
@@ -0,0 +1,23 @@
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: pod-reader
+rules:
+- apiGroups: [""] # "" indicates the core API group
+  resources: ["pods", "configmaps"]
+  verbs: ["get", "watch", "list"]
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: podreader-default
+subjects:
+- kind: ServiceAccount
+  name: default
+  apiGroup: ""
+roleRef:
+  kind: Role #this must be Role or ClusterRole
+  name: view
+  apiGroup: rbac.authorization.k8s.io
+