hierarchical-namespaces

hierarchical-namespaces copied to clipboard

I would like to suggest an alternative way of selecting which namespaces to enable HNC for by a label instead of the --excluded-namespace and --included-namespace-regex.

We create namespaces from a Terraform module, but only want to enable HNC for a subset of all our namespaces. For me it would feel most intuitive to add a toggle to the Terraform module which adds a label to the namespace (e.g. hnc.x-k8s.io/enabled = "true"). The HNC would be installed with a flag like --include-namespaces-by-label. So the controller would only pick up the namespaces with the label and ignore all others.

Please consider this for future development.

EDIT: I just found the hnc.x-k8s.io/included-namespace label, which basically does what I want, except that it can't be used manually (meaning separately from the include/exclude flags) , from what I understand.

EDIT2:

I tried combining --included-namespace-regex="" with manually setting hnc.x-k8s.io/included-namespace: "true" on a namespace which resulted in:

Could not create subnamespace anchor.
Reason: admission webhook "subnamespaceanchors.hnc.x-k8s.io" denied the request: subnamespaceanchors.hnc.x-k8s.io "test" is forbidden: cannot create a subnamespace in the unmanaged namespace "test" (does not match the regex set by the HNC administrator: `^""$`)

So I really would love to have some kind of --include-namespaces-by-labelflag for the controller, that changes this behaviour.