Is your feature request related to a problem? Please describe.
Currently, only --namespace-whitelist and --namespace-blacklist startup parameters are supported to restrict which namespaces HAProxy Ingress Controller watches. This requires administrators to manually enumerate allowed namespaces by name. In clusters with many or dynamically changing namespaces, or in multi-tenant environments, this maintenance becomes tedious and error-prone.
Describe the solution you'd like
Add support for dynamic namespace selection via a Kubernetes label selector, exposed as a new startup parameter:
--namespace-label-selector=team=backend
When this option is configured, the controller should watch namespaces matching the selector and dynamically add or remove per-namespace informers when matching namespaces appear, disappear, or stop matching the selector.
This option is mutually exclusive with --namespace-whitelist and --namespace-blacklist.
If either --namespace-whitelist or --namespace-blacklist is configured, --namespace-label-selector should be ignored and the existing whitelist/blacklist behavior should remain unchanged.
Expected behavior
- With only
--namespace-label-selector configured:
- Watch namespaces matching the selector.
- Automatically pick up newly created or updated namespaces that match.
- Stop watching namespaces that no longer match.
- With
--namespace-whitelist or --namespace-blacklist configured:
- Preserve the existing whitelist/blacklist behavior.
- Ignore
--namespace-label-selector.
Describe alternatives you've considered
- Manually updating namespace whitelist, which is not scalable.
- Giving up on namespace scoping, which is not secure in many scenarios.
- Running multiple controller instances, which adds operational overhead.
Additional context
This is similar in spirit to ingress-nginx's namespace label selector support:
https://kubernetes.github.io/ingress-nginx/user-guide/controller-operations/namespace-label-selector/
This feature would improve operational flexibility for large or dynamic clusters while preserving the existing whitelist/blacklist semantics.
Is your feature request related to a problem? Please describe.
Currently, only
--namespace-whitelistand--namespace-blackliststartup parameters are supported to restrict which namespaces HAProxy Ingress Controller watches. This requires administrators to manually enumerate allowed namespaces by name. In clusters with many or dynamically changing namespaces, or in multi-tenant environments, this maintenance becomes tedious and error-prone.Describe the solution you'd like
Add support for dynamic namespace selection via a Kubernetes label selector, exposed as a new startup parameter:
When this option is configured, the controller should watch namespaces matching the selector and dynamically add or remove per-namespace informers when matching namespaces appear, disappear, or stop matching the selector.
This option is mutually exclusive with
--namespace-whitelistand--namespace-blacklist.If either
--namespace-whitelistor--namespace-blacklistis configured,--namespace-label-selectorshould be ignored and the existing whitelist/blacklist behavior should remain unchanged.Expected behavior
--namespace-label-selectorconfigured:--namespace-whitelistor--namespace-blacklistconfigured:--namespace-label-selector.Describe alternatives you've considered
Additional context
This is similar in spirit to ingress-nginx's namespace label selector support:
https://kubernetes.github.io/ingress-nginx/user-guide/controller-operations/namespace-label-selector/
This feature would improve operational flexibility for large or dynamic clusters while preserving the existing whitelist/blacklist semantics.