Open sergiimk opened 4 years ago
Hi @sergiimk
I see you point, we could improve this to monitor only namespaces defined with --namespace-whitelist
.
This would certainly help k8s API.
I'll put it in roadmap and notify you when we change this.
hi, is there any update on this please?
Our company operates k8s in a highly multi-tenant fasion where each team/project have isolated namespaces running their own ingress controllers. There is no cluster-global ingress controller deployment and most users don't have permissions to create cluster-scoped resources or access cluster scope APIs.
We are currently using
nginx-ingress
that provides --watch-namespace and --force-namespace-isolation options, but would like to migrate to haproxy as it served us well pre-k8s.However even when using whitelists feature to restrict haproxy controller to one namespace (as suggested in #105) it still hits the cluster-scoped APIs and fails with:
Would it make sense to use only namespace-scoped event APIs when namespace whitelist is provided?
Controller listening for all events even when namespace whitelist is provided is also a scalability concern for us, as we deploy hundreds of instances which put a lot of pressure on the k8s API.