Hi, there Currently, the filtering mechanism for apisix-ingress-controller to decide the watching namespace is quite simple, it just uses a namespace allow list, people just need to fill the list with the desired namespaces.
However, the allow list is not quite flexible, first of all, the apisix-ingress-controller has to be restarted since we don't watch the changes of configuration (e.g. ConfigMap in Kubernetes, or local files); On the other hand, in some cases, users have a lot of namespaces but only a few of them SHOULD NOT be watched, in such a case, only an allowlist cannot figure out the problem. It seems that if we have a blocklist for namespaces, then it can work well but still we'll introduce some other complexities, like the precedence between these two lists, how to resolve the conflicts, and so on. Here I'd like to propose to use a native way to solve this problem, let's just use the label selector to decide the watching namespaces, desired namespaces can be attached with some labels and we configure a selector for apisix-ingress-controller so it knows which namespaces are filtered out and others are reserved (and should be watched continuously). A simple case is just like this: We have 3 namespaces and their labels are: 1. namespace: foo, labels: customer=foo,plan=basic 2. namespace: baz, labels: customer=baz,plan=pro 3. namespaces: bar, labels: customer=bar,plan=pro Let's say the label selector of apisix-ingress-controller is plan=basic, then the first namespace foo will be filtered out. Another benefit of using the label selector is that the adjustment is dynamic, a namespace can be filtered in/out at a different time if the labels change. Best regards Chao Zhang https://github.com/tokers
