search

open-policy-agent / kube-mgmt

Sidecar for managing OPA instances in Kubernetes.
Apache License 2.0
235 stars 105 forks source link

skip setting ignore namespace fieldSelector on cluster scoped resources. #198

Closed bjhaid closed 1 year ago

bjhaid commented 1 year ago

fixes https://github.com/open-policy-agent/kube-mgmt/issues/195

prior to this patch, when a kube-mgmt is configured to replicate cluster scoped resources client-go fails with:

W0328 20:56:18.838009       1 reflector.go:324]
k8s.io/client-go@v0.23.8/tools/cache/reflector.go:167: failed to list
*unstructured.Unstructured: field label not supported:
metadata.namespace
E0328 20:56:18.838180       1 reflector.go:138]
k8s.io/client-go@v0.23.8/tools/cache/reflector.go:167: Failed to watch
*unstructured.Unstructured: failed to list *unstructured.Unstructured:
field label not supported: metadata.namespace

similar reproducer with kubectl is as below:

kubectl get ns --field-selector metadata.namespace!=foo

Error from server (BadRequest): Unable to find "/v1,
Resource=namespaces" that match label selector "", field selector
"metadata.namespace!=foo": field label not supported: metadata.namespace

This patch guards the setting of the fieldselector to only namespaced resources.

bjhaid commented 1 year ago

@eshepelyuk when can we get this released? Thanks!

eshepelyuk commented 1 year ago

@eshepelyuk when can we get this released? Thanks!

Released 8.1.1