Last modified March 6, 2022

Configure an app's target namespace via its App CR

Overview

At some point, you might want to add specific labels or annotations to an app’s target namespace to enable other tools such as linkerd or kiam. For example, to include all pods in a namespace in the linkerd service mesh. Or, to tell kiam you do allow Loki to get logs from pods running in this namespace. This feature enables you to add labels and annotations to the app’s target namespace via its App CR. This is simpler and easier than using other solutions such as triggering a Kubernetes job via a Helm hook.

Configuring labels / annotations

You can use .spec.namespaceConfig to configure the namespace metadata. You can set .spec.namespaceConfig.annotations and / or spec.namespaceConfig.labels and provide the values as a key/value map. App platform then ensures the namespace exists and has this metadata.

For example, if you want to add an annotation linked.io/inject: enabled to the target namespace loki1 add this to the app CR.

apiVersion: application.giantswarm.io/v1alpha1
kind: App
metadata:
  name: loki-app
  namespace: loki0
spec:
  catalog: giantswarm
  name: loki
  namespace: loki
  namespaceConfig:
    annotations:
      linkerd.io/inject: "enabled"

Now you can check the namespace and it will be the same as below.

apiVersion: v1
kind: Namespace
metadata:
  annotations:
    linkerd.io/inject: "enabled"
  name: loki

If you want to set labels on the namespace, use spec.namespaceConfig.labels.

apiVersion: application.giantswarm.io/v1alpha1
kind: App
metadata:
  name: kiam-app
  namespace: kiam0
spec:
  catalog: giantswarm
  name: kiam
  namespace: kiam
  namespaceConfig:
    labels:
      monitoring: "enabled"

Validation

The validation logic in app-admission-controller checks whether multiple app CRs are updating the same namespace with different values. The validation webhook will prevent the conflicting value from being added.