SGTM. Let's create an issue to track this. Chao Zhang <tok...@apache.org> 于2021年10月4日周一 下午12:29写道:
> Hi, there > > Currently, the filtering mechanism for apisix-ingress-controller to > decide the watching namespace is quite simple, > it just uses a namespace allow list, people just need to fill the list > with the desired namespaces. > > However, the allow list is not quite flexible, first of all, the > apisix-ingress-controller has to be restarted since we don't > watch the changes of configuration (e.g. ConfigMap in Kubernetes, or > local files); On the other hand, in some cases, > users have a lot of namespaces but only a few of them SHOULD NOT be > watched, in such a case, only an allowlist > cannot figure out the problem. It seems that if we have a blocklist > for namespaces, then it can work well but still we'll > introduce some other complexities, like the precedence between these > two lists, how to resolve the conflicts, and so on. > > Here I'd like to propose to use a native way to solve this problem, > let's just use the label selector to decide the watching > namespaces, desired namespaces can be attached with some labels and we > configure a selector for apisix-ingress-controller > so it knows which namespaces are filtered out and others are reserved > (and should be watched continuously). > > A simple case is just like this: > > We have 3 namespaces and their labels are: > > 1. namespace: foo, labels: customer=foo,plan=basic > 2. namespace: baz, labels: customer=baz,plan=pro > 3. namespaces: bar, labels: customer=bar,plan=pro > > Let's say the label selector of apisix-ingress-controller is > plan=basic, then the first namespace foo will be filtered out. Another > benefit of > using the label selector is that the adjustment is dynamic, a > namespace can be filtered in/out at a different time if the labels > change. > > Best regards > Chao Zhang > > https://github.com/tokers >
