gloo icon indicating copy to clipboard operation
gloo copied to clipboard

Watch Namespaces based on labels and label selectors

Open DuncanDoyle opened this issue 10 months ago • 4 comments

Gloo Edge Product

Enterprise

Gloo Edge Version

1.16.4

Is your feature request related to a problem? Please describe.

In GE, we currently either watch all namespaces, or we watch the namespaces configured in the watchNamespaces configuration. This is a very static setup. In a development environment, where you might use a namespace per PR, a more dynamic way of configuring which namespaces are being watched would provide the required flexibility (otherwise the GE config would need to be constantly updated).

Note that we need to watch namespaces if we want to route to K8S services in Upstreams using EDS (i.e. using kube Kubernetes UpstreamSpec: https://docs.solo.io/gloo-edge/1.7.23/reference/api/github.com/solo-io/gloo/projects/gloo/api/v1/upstream.proto.sk/), as Gloo needs to be able to access the K8S endpoints in those namespaces.

Describe the solution you'd like

Use K8S label selectors and labels on namespaces to dynamically add namespaces to GEs watchNamespaces.

Describe alternatives you've considered

Regex based namespace selectors.

Additional Context

No response

Related Issues:

  • [ ] https://github.com/solo-io/gloo/issues/6871
  • [ ] https://github.com/solo-io/gloo/issues/5530
  • [x] https://github.com/solo-io/solo-projects/issues/5898
  • [ ] https://github.com/solo-io/gloo/issues/5868

┆Issue is synchronized with this Asana task by Unito

DuncanDoyle avatar Mar 26 '24 18:03 DuncanDoyle

@sam-heilbron to look at this issue for scope/estimation.

nrjpoddar avatar Jul 02 '24 19:07 nrjpoddar

is this for tenancy? or for RBAC? i believe watch namespaces being a list allows us to use Roles instead of ClusterRoles

yuval-k avatar Aug 15 '24 18:08 yuval-k

This is for tenancy. If edge is installed with global.glooRbac.namespaced enabled, it uses Roles instead of ClusterRoles

davidjumani avatar Aug 20 '24 02:08 davidjumani

cc @davidjumani internal slack ref

sam-heilbron avatar Aug 22 '24 12:08 sam-heilbron

Zendesk ticket #3965 has been linked to this issue.

soloio-bot avatar Aug 30 '24 08:08 soloio-bot

This is in OSS v1.18.0-beta24 and v1.17.9 It will be in Enterprise v1.18.0-beta2 and v1.17.3 when released

davidjumani avatar Oct 01 '24 19:10 davidjumani