You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Is your feature request related to a problem?
As the loadbalancer controller's settings only allow the watch exact one OR all namespaces there can be the following situation:
We normally want to restrict the one watched namespace to our infrastructure namespaces, to avoid developers to be able to deploy ressources in their namespaces that create AWS ressources. But we still would like to have the possibility to create TargetGroupBindings for services that are outside of our infrastructure namespace - without the targetgroupbinding k8s ressource being outside of our infra namespace.
However, this is currently not possible as the kube api needs a namespace when getting requested for services - however a namespace is not configurable in the serviceRef so far: https://kubernetes-sigs.github.io/aws-load-balancer-controller/latest/guide/targetgroupbinding/spec/#elbv2.k8s.aws/v1beta1.ServiceReference
Describe the solution you'd like
A namespace can be added to the serviceRef and the controller can handle TargetGroupBindings that reference services in another namespace.
Describe alternatives you've considered
Alternatively it would work if the loadbalancer controller can be configured to watch more than one namespace (but not all).
The text was updated successfully, but these errors were encountered:
@lumoVWGS
We can change the controller to support watch multiple namespaces(shall be simple with the recent controller-runtime changes).
But i'm not sure how this can address your request of binding to a different namespace.
@M00nF1sh
thanks for the reply. The change you suggested would at least allow us to limit the watched namespaces to more than one namespace.
In our set up, this would allow us to watch two namespaces that are providing infrastructure, while omitting the application namespaces. So it is basically an either-or, that would solve our situation
Either
TargetGroupBindings that are deployed in the single watched infra namespace, can reference services in a second infrastructure namespace
or
Allowing the loadbalancer controller to be restricted to more than one namespace --> TargetGroupBindings can be deployed in to the second infrastructure namespace, referencing services in the same namespace. This while not opening all namespaces to be able to create AWS Loadbalancers by provisioning a service of type loadbalancer.
Is your feature request related to a problem?
As the loadbalancer controller's settings only allow the watch exact one OR all namespaces there can be the following situation:
We normally want to restrict the one watched namespace to our infrastructure namespaces, to avoid developers to be able to deploy ressources in their namespaces that create AWS ressources. But we still would like to have the possibility to create TargetGroupBindings for services that are outside of our infrastructure namespace - without the targetgroupbinding k8s ressource being outside of our infra namespace.
However, this is currently not possible as the kube api needs a namespace when getting requested for services - however a namespace is not configurable in the serviceRef so far:
https://kubernetes-sigs.github.io/aws-load-balancer-controller/latest/guide/targetgroupbinding/spec/#elbv2.k8s.aws/v1beta1.ServiceReference
Describe the solution you'd like
A namespace can be added to the serviceRef and the controller can handle TargetGroupBindings that reference services in another namespace.
Describe alternatives you've considered
Alternatively it would work if the loadbalancer controller can be configured to watch more than one namespace (but not all).
The text was updated successfully, but these errors were encountered: