Routing to different namespace about application-gateway-kubernetes-ingress HOT 20 CLOSED

I had the same problem. Supporting multiple namespaces would be great.

from application-gateway-kubernetes-ingress.

Did you specify watchNamespace in ingress controller's helm config ?

kubernetes:
  watchNamespace: "scaleredis"

from application-gateway-kubernetes-ingress.

@akshaysngupta nice catch !! We probably need to introduce the ability to watch multiple namespaces.

@LirazRom as @akshaysngupta mentioned by default we only listen to the default namespace.

from application-gateway-kubernetes-ingress.

from application-gateway-kubernetes-ingress.

@LirazRom yes. Just reinstall the controller using Helm, with the right watchNamespace.

from application-gateway-kubernetes-ingress.

I tried your suggestion @asridharan but now I get the following error:

I1105 16:39:45.444266       1 main.go:60] Creating authorizer from MSI
F1105 16:39:45.724724       1 main.go:97] Error creating informers, namespace [mynamespace] is not found: namespaces "mynamespace" is forbidden: User "system:serviceaccount:default:appgatewayv2-ingress-azure" cannot get namespaces in the namespace "mynamespace"

from application-gateway-kubernetes-ingress.

@AndreasM009 could you elaborate a bit more: You reinstalled with the watchNamepsace to mynamespace and the controller failed to listen to that namespace? Also, is this an RBAC enabled cluster? The service account that we create for the ingress controller during helm installation should have privileges to view all the namespaces. @akshaysngupta could you kindly take a look a this?

from application-gateway-kubernetes-ingress.

Exactly, I reinstalled with watchNamespace to mynamespace. It is an RBAC enabled cluster.

from application-gateway-kubernetes-ingress.

I'm hitting this same problem with rbac enabled 1.11.3. Without RBAC watching the another namespace works fine.
When I provision the cluster as RBAC etc and set helm configuration to rbac=true, I can see cluster role created for the deployment with 'All namespaces' but still it gives the same error 'Forbidded ... cannot get namespace in namespaces'.

from application-gateway-kubernetes-ingress.

@piizei @AndreasM009 @LirazRom apologize on the delay in looking into this. A bunch of us are out on vaccation and there is some holiday readiness going on our end because of which the response here is slow. Please bear with us as we try to get to it in the next week or so.

from application-gateway-kubernetes-ingress.

@piizei @AndreasM009 @LirazRom
Could you update your helm charts to the latest and give this a try?

@akshaysngupta just committed a fix #74

from application-gateway-kubernetes-ingress.

I can confirm that now it works 🥇

from application-gateway-kubernetes-ingress.

Awesome !! Thanks @akshaysngupta for fixing this !!

from application-gateway-kubernetes-ingress.

@asridharan sorry for the delay. I can confirm that it works now, if you specify the namespace to listen on in the configuration. Thx. Is it possible to specify multiple namespaces?

from application-gateway-kubernetes-ingress.

@AndreasM009 thanks. We currently don't support multiple namespaces, but lets create an enhancement issue for this and we can take it up. As you can see we are backed up a little on the issues, but we should be able to get traction on the enhancements after the holidays.

from application-gateway-kubernetes-ingress.

@asridharan I can't see an enhancement for watching multiple namespaces, this would be really useful functionality, did this ever get created?

from application-gateway-kubernetes-ingress.

As of last weekend the gateway now also supports listening to multiple namespaces. See #113 for more details.

from application-gateway-kubernetes-ingress.

Thanks all much for all the information provided here.

Can some one suggest me please how I can deploy AGIC to different namespace instead of deploying to default namespace?

Presently deploy of AGIC is failing due to the resource quota related error "must specify limits.cpu,limits.memory,requests.cpu,requests.memory"

I have cloned the AGIC repo, updated the resources for the container, still the pod is not getting created.

Is the same is not supported.

Please provide your thoughts.

Regards,
Aruna Kumar Roula

from application-gateway-kubernetes-ingress.

Hey @LirazRom @akshaysngupta, i'm currently experiencing similar issues. I'm not quite sure what needs to be where. Meaning I'm not sure if I should put the controller in the same namespace as my deployments (for my app). And the ingress itself? And what about the the aad-pod-identity? it places itself in the default namespace by default, but doesn't this means that my deployments and pods (for my app) should be in the default workspace also?

TL;DR there are multiple resources that need to be deployed in the cluster. How do all of them relate to namespaces?

Thank you

from application-gateway-kubernetes-ingress.

@ksanchez15 You can deploy AGIC and AAD Pod identity in any namespace you like. They look at all resources on a cluster level.
So, you can deploy your apps in dev/test/prod namespace. Even the ingress resource can be in their respective namespace. dev namespace will contain the dev related ingresses and so forth.

from application-gateway-kubernetes-ingress.