Handling a few specific namespaces

[Mekk]

At the moment reloader is either global (with elevated cluster-level permissions) or single-namespace-local.

It would be nice if single reloader instance could also handle a few specific namespaces (without possessing cluster-level permissions, target scenario is the situation when cluster-level permissions are unavailable but a few related namespaces are in use together).

Technically (as I understand) it would require some changes in code (so - for example - KUBERNETES_NAMESPACE could specify a few space separated namespaces and then app would check each of them in turn) and in charts (so permissions to all those namespaces are appropriately granted to sa in use – and of course so there exist chart parameter like watchNamespaces).

The whole thing is not very important (setting up a few single-namespace reloaders isn't that problematic or costly) but would save some admin effort (one reloader instance to install, one reloader instance to monitor, one reloader instance to upgrade…).

[faizanahmad055]

@Mekk You can still do the specific namespaces. Please check the namespace selector flag. But in this case, you still need cluster level permissions. But if your use case is different, we also welcome contributions in the form of PRs.

[PapaNappa]

I also have the same use-case. Our cluster team does not want to install reloader globally with cluster-level permissions. So we want to go ahead and install it in our namespaces only. The best solution for us would be to install it in a single namespace (watchGlobally: false), and give it role-bindings to all of our other namespaces as well. Then, we set namespaceSelector such that it only watches our namespaces. You say this is currently not possible with watchGlobally: false and it will ignore the namespace selector in this case?