feat: add namespace filtering and rewrite README#322
Merged
Conversation
Add support for restricting the controller to watch only specific namespaces via a comma-separated list. Secrets in namespaces outside the list are filtered at the watch predicate level and never trigger reconciliation. Configuration: - ALLOWED_NAMESPACES env var (e.g. "team-a,team-b,production") - allowedNamespaces Helm value (already existed, now wired to env var) - Empty value means all namespaces (backward compatible) Implementation: - AllowedNamespaces field on Config struct - parseNamespaceList() handles trimming, empty entries, edge cases - IsNamespaceAllowed() method for clean predicate checks - Watch predicate extended to filter by namespace alongside naming - Helm deployment template passes ALLOWED_NAMESPACES env var - 13 test cases covering parsing and namespace allow/deny logic README rewrite: - Clear problem/solution narrative - Full configuration reference tables (env vars, Helm values, CLI flags) - Document all features: namespace filtering, GC, ignore labels, take-along labels, auto label copy, namespaced names, Rancher support, Prometheus metrics - Updated development section and roadmap Signed-off-by: dntosas <ntosas@gmail.com>
dntosas
force-pushed
the
feat/namespaces
branch
from
d6d7a03 to
21476d8
Compare
Update Go toolchain across go.mod, Makefile, CI workflows, release workflow, and README.
… duplicate PR runs - Pin golangci-lint to v2.8.0 (built with Go 1.25 support; v2.1.6 was built with Go 1.24 and rejected Go 1.25 targets). - Bump goreleaser-action from v5 to v6 (latest). - Restrict push trigger to main branch only so PRs don't run CI twice (once from push, once from pull_request). - chart-releaser-action v1.7.0 already at latest.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Add support for restricting the controller to watch only specific
namespaces via a comma-separated list. Secrets in namespaces outside
the list are filtered at the watch predicate level and never trigger
reconciliation.
Configuration:
Implementation:
README rewrite:
take-along labels, auto label copy, namespaced names, Rancher
support, Prometheus metrics