Skip to content
This repository has been archived by the owner on May 24, 2023. It is now read-only.

operatorgroup's target namespaces no longer accepts own namespace #163

Closed
xelalexv opened this issue Oct 8, 2021 · 3 comments · Fixed by #178
Closed

operatorgroup's target namespaces no longer accepts own namespace #163

xelalexv opened this issue Oct 8, 2021 · 3 comments · Fixed by #178
Assignees
@lucacome

Comments

@xelalexv
Copy link

xelalexv commented Oct 8, 2021

So far, we have been using version 0.1.0, and in the OperatorGroup's targetNamespaces, we set the namespace where the operator is deployed:

apiVersion: operators.coreos.com/v1
kind: OperatorGroup
metadata:
  name: nginx-ingress
  namespace: nginx-ingress
spec:
  targetNamespaces:
  - nginx-ingress

We recently switched to 0.3.0, and with that get an error that own namespace is not supported (did not test 0.2.0). It seems that currently, we can only let the operator group be effective cluster-wide, which we do not want to do. We are running a multi-tenant environment (OpenShift 4.7), and want the operator to only pick up NginxIngressController instances from its own namespace. It would be great if the previous behavior could be restored.
@lucacome
Copy link
Member

Hi @xelalexv

I'm trying to understand your setup. Do you have multiple nginx-ingress-operator running in the same cluster, but in different namespaces?

IIRC the operator was always watching all the namespaces, no matter where it was installed and the new one behaves in the same way, but it can only be installed in the dedicated namespace.

@xelalexv
Copy link
Author

We deploy the nginx ingress controller operator once, using OLM. We then roll out a 3-replica nginx ingress controller instance by applying a corresponding NginxIngressController custom resource manifest in a designated namespace, to which only we as cluster operators have access. This nginx ingress controller instance will watch cluster wide.

We want to prevent everyone else in the cluster from rolling out additional nginx ingress controller instances. This should be achieved by letting the nginx ingress controller operator deployed via OLM watch for NginxIngressController custom resources exclusively in the designated namespace.

@lucacome
Copy link
Member

lucacome commented Dec 1, 2021

Hi @xelalexv

Thanks for the explanation and feedback.
From what I can see in the code, it seems like that the Operator was always watching all namespaces, the only difference is that now you can't select the namespace where you want to install it.

With that said, we'll be working on (properly) supporting the targetNamespaces option soon, stay tuned 🙂

@lucacome lucacome self-assigned this Dec 2, 2021
@lucacome lucacome mentioned this issue Dec 7, 2021
Merged
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees

@lucacome lucacome

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Add support for watching namespaces nginxinc/nginx-ingress-operator
2 participants
@lucacome @xelalexv