[
https://issues.apache.org/jira/browse/FLINK-26436?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17500057#comment-17500057
]
Gyula Fora commented on FLINK-26436:
------------------------------------
Got in touch with the operator sdk community, this is their answer:
{noformat}
The good thing is yes there is support for this, it's implemented. The bad
thing is it's not released yet.
We plan to do a quite big release (2.2.0) shortly - hopefull this or next week.
We are finishing some final issues. This release will already contain this.
What you can do in the current release is just create a new InformerEventSource
for every namespaces. Basically this is what anyways will be done for you in
the upcoming release, just will be hidden. The kubernetes API supports only
this possibilities. So there is no such thing to tell the websocket to send us
events from the list of namespaces. Therefore this is how it will end anyways
in the background, so having multiple informers and connections. But there will
be a nice API for it in 2.2.0 at least{noformat}
So we can have a temporary (but technically sound) fix now and can bump the
operator version once it is released with this feature
> SharedIndexInformer should respect watched namespaces
> -----------------------------------------------------
>
> Key: FLINK-26436
> URL: https://issues.apache.org/jira/browse/FLINK-26436
> Project: Flink
> Issue Type: Sub-task
> Components: Kubernetes Operator
> Reporter: Gyula Fora
> Assignee: Gyula Fora
> Priority: Major
>
> At the moment the the SharedIndexInformer for accessing jobmanager
> deployments watches resources in "anyNamespace" which requires clusterwide
> resources.
> We should change this so that it only monitors the watched namespaces when
> defined to allow for proper rbac settings in restriced environments.
> cc [~thw]
--
This message was sent by Atlassian Jira
(v8.20.1#820001)
