apisix-ingress-controller: bug: apisix-controller will watch all namespace when no namespaces match namespaceSelector

Issue description

I set namespace_selector: ["apisix.ingress=watching"] in conf.yaml before I start the apisix-ingress-controller. And there are no namespaces can match this label. So I think what we want is that the controller would not watch any namespaces. But in fact it watch all the exsiting namesapces(default/kube-system/kube-public…).

I check the code and find that it will list all the exsiting namespaces and put them all in watchingNamespaces when watchingNamespaces is empty.

Is it really what we want?

I think it can put all existing namespaces in watchingNamespaces only when the namespace_selector is empty. https://github.com/apache/apisix-ingress-controller/blob/1159522bf22181b67c2f075055894f488e9bc648/pkg/ingress/compare.go#L50-L64

Environment

  • your apisix-ingress-controller version (output of apisix-ingress-controller version --long):
  • your Kubernetes cluster version (output of kubectl version):
  • if you run apisix-ingress-controller in Bare-metal environment, also show your OS version (uname -a):

Minimal test code / Steps to reproduce

  1. set namespace_selector: ["apisix.ingress=watching"] which no namespaces can match this label.
  2. start controller.
  3. print all items in watchingNamespaces

Actual result

it can print all the exsiting namespaces’ name.

Error log

no error log

Expected result

no namespaces in watchingNamespaces

About this issue

  • Original URL
  • State: closed
  • Created 2 years ago
  • Comments: 16 (16 by maintainers)

Most upvoted comments

Thanks! I think this issue has been discussed before. cc @gxthrj @tokers @lingsamuel

+1
tao12345666333 on Mar 9, 2022
Read more comments on GitHub
← apisix-ingress-controller: ApisixTls status not updated
apisix-ingress-controller: bug: Ingress controller error: apisix/route.go:117 failed to list routes →