Auto Import

[lcasavola]

hello @hcavarsan , how do you? do you rembemer me? Few times ago I asked the possibility to import a local config.json in a restricted environment ( a cluster restricted to his own namespace) . Before your implementations the import failed because the k8s context had no roles to get,list namespaces. Now I discovered a feature I was not aware of : the auto import trhough k8s annotation mechanism, cool! But in my case the problem is still the same : by clicking on auto import button I can choose the context but than the import fails. Could you , as in the other cases I requested a fix for, avoid to perform a "get namespace" request ? Luca

[hcavarsan]

hey @lcasavola

thanks for reaching out again. i’ll take a look, but from what i recall, the list namespace permission is needed because the tool has to scan all namespaces and services to find which ones have the annotation. i’ll check if there’s a way to filter only within the permitted namespace or something like that and update the issue once i have more info!

[hcavarsan]

@lcasavola i check alll the code and the issues in kubernetes repo, and unfortunately, the auto-import feature is designed to automatically discover all annotated services across the cluster, which inherently requires the ability to list namespaces. This is a fundamental requirement because:

1. The feature needs to scan all accessible namespaces to find services with the kftray.app/enabled=true annotation
2. Kubernetes RBAC doesn't provide a way to selectively list only specific namespaces - it's either all or none

For your use case, I would recommend continue using the manual import method where you explicitly specify the namespace and service

The auto-discovery feature cannot work without namespace listing permissions, as this would defeat its primary purpose of automatic service discovery.

Let me know if you need any clarification or would like to discuss alternative approaches.