Comments (20)
I had the same problem. Supporting multiple namespaces would be great.
from application-gateway-kubernetes-ingress.
Did you specify watchNamespace in ingress controller's helm config ?
kubernetes:
watchNamespace: "scaleredis"
from application-gateway-kubernetes-ingress.
@akshaysngupta nice catch !! We probably need to introduce the ability to watch multiple namespaces.
@LirazRom as @akshaysngupta mentioned by default we only listen to the default
namespace.
from application-gateway-kubernetes-ingress.
from application-gateway-kubernetes-ingress.
@LirazRom yes. Just reinstall the controller using Helm, with the right watchNamespace
.
from application-gateway-kubernetes-ingress.
I tried your suggestion @asridharan but now I get the following error:
I1105 16:39:45.444266 1 main.go:60] Creating authorizer from MSI
F1105 16:39:45.724724 1 main.go:97] Error creating informers, namespace [mynamespace] is not found: namespaces "mynamespace" is forbidden: User "system:serviceaccount:default:appgatewayv2-ingress-azure" cannot get namespaces in the namespace "mynamespace"
from application-gateway-kubernetes-ingress.
@AndreasM009 could you elaborate a bit more: You reinstalled with the watchNamepsace
to mynamespace
and the controller failed to listen to that namespace? Also, is this an RBAC enabled cluster? The service account that we create for the ingress controller during helm installation should have privileges to view all the namespaces. @akshaysngupta could you kindly take a look a this?
from application-gateway-kubernetes-ingress.
Exactly, I reinstalled with watchNamespace
to mynamespace
. It is an RBAC enabled cluster.
from application-gateway-kubernetes-ingress.
I'm hitting this same problem with rbac enabled 1.11.3. Without RBAC watching the another namespace works fine.
When I provision the cluster as RBAC etc and set helm configuration to rbac=true, I can see cluster role created for the deployment with 'All namespaces' but still it gives the same error 'Forbidded ... cannot get namespace in namespaces'.
from application-gateway-kubernetes-ingress.
@piizei @AndreasM009 @LirazRom apologize on the delay in looking into this. A bunch of us are out on vaccation and there is some holiday readiness going on our end because of which the response here is slow. Please bear with us as we try to get to it in the next week or so.
from application-gateway-kubernetes-ingress.
@piizei @AndreasM009 @LirazRom
Could you update your helm charts to the latest and give this a try?
@akshaysngupta just committed a fix #74
from application-gateway-kubernetes-ingress.
I can confirm that now it works 🥇
from application-gateway-kubernetes-ingress.
Awesome !! Thanks @akshaysngupta for fixing this !!
from application-gateway-kubernetes-ingress.
@asridharan sorry for the delay. I can confirm that it works now, if you specify the namespace to listen on in the configuration. Thx. Is it possible to specify multiple namespaces?
from application-gateway-kubernetes-ingress.
@AndreasM009 thanks. We currently don't support multiple namespaces, but lets create an enhancement issue for this and we can take it up. As you can see we are backed up a little on the issues, but we should be able to get traction on the enhancements after the holidays.
from application-gateway-kubernetes-ingress.
@asridharan I can't see an enhancement for watching multiple namespaces, this would be really useful functionality, did this ever get created?
from application-gateway-kubernetes-ingress.
As of last weekend the gateway now also supports listening to multiple namespaces. See #113 for more details.
from application-gateway-kubernetes-ingress.
Thanks all much for all the information provided here.
Can some one suggest me please how I can deploy AGIC to different namespace instead of deploying to default namespace?
Presently deploy of AGIC is failing due to the resource quota related error "must specify limits.cpu,limits.memory,requests.cpu,requests.memory"
I have cloned the AGIC repo, updated the resources for the container, still the pod is not getting created.
Is the same is not supported.
Please provide your thoughts.
Regards,
Aruna Kumar Roula
from application-gateway-kubernetes-ingress.
Hey @LirazRom @akshaysngupta, i'm currently experiencing similar issues. I'm not quite sure what needs to be where. Meaning I'm not sure if I should put the controller in the same namespace as my deployments (for my app). And the ingress itself? And what about the the aad-pod-identity? it places itself in the default namespace by default, but doesn't this means that my deployments and pods (for my app) should be in the default workspace also?
TL;DR there are multiple resources that need to be deployed in the cluster. How do all of them relate to namespaces?
Thank you
from application-gateway-kubernetes-ingress.
@ksanchez15 You can deploy AGIC and AAD Pod identity in any namespace you like. They look at all resources on a cluster level.
So, you can deploy your apps in dev
/test
/prod
namespace. Even the ingress resource can be in their respective namespace. dev
namespace will contain the dev
related ingresses and so forth.
from application-gateway-kubernetes-ingress.
Related Issues (20)
- Public IP HTTPS fails when creating private IP HTTPS ingress HOT 3
- AGIC is cannot list resource "azureapplicationgatewayrewrites" in API group "appgw.ingress.azure.io" at the cluster scope HOT 15
- From ingress annotations, which one helps create backend pool in app gateway
- AGIC does not create dedicated pool & target for shared App Gateway HOT 1
- appgw support - Monitor managed Prometheus
- ingress appgw pod - forced restart necessary to create listener etc. for new frontend ip HOT 1
- [Help request] How to redirect from non-www to www site
- How to remove "defaulthttpsetting" because it raises security issue
- az cli command from install guide evaluates with empty value
- Unable to create AzureIngressProhibitedTarget on AKS HOT 2
- AGIC is wiping out my backend pools
- Terraform wipes out AGIC's backends on each deploy HOT 4
- 502 Bad Gateway and unhealthy probe in AGIC AppGW HOT 2
- AAD Pod Identity - archived and is no longer maintained. HOT 3
- Need to cretae a Application Gateway WAF policy resource lock enable policy
- Dualstack annotation
- ProhibitedTargets has incorrect path requirement HOT 1
- `appgw.ingress.kubernetes.io/appgw-ssl-profile` does not allow predefined ssl profiles HOT 1
- Application gateway redirects to value set in backend-hostname (used for SSL)
- OOM Killed ingress-appgw-deployment HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from application-gateway-kubernetes-ingress.