watch-namespace-selector: add watchNamespaceSelector

Signed-off-by: nakof <[email protected]>

config/crd/bases/logging.banzaicloud.io_loggings.yaml

@@ -17762,6 +17762,29 @@ spec:
                     - enabled
                     type: object
                 type: object
+              watchNamespaceSelector:
+                properties:
+                  matchExpressions:
+                    items:
+                      properties:
+                        key:
+                          type: string
+                        operator:
+                          type: string
+                        values:
+                          items:
+                            type: string
+                          type: array
+                      required:
+                      - key
+                      - operator
+                      type: object
+                    type: array
+                  matchLabels:
+                    additionalProperties:
+                      type: string
+                    type: object
+                type: object
               watchNamespaces:
                 items:
                   type: string

config/samples/logging_logging_watchNamespaceSelector.yaml

@@ -0,0 +1,12 @@
+apiVersion: logging.banzaicloud.io/v1beta1
+kind: Logging
+metadata:
+  name: defaultlogging
+spec:
+  fluentd:
+    disablePvc: true
+  fluentbit: {}
+  controlNamespace: default
+  watchNamespaceSelector:
+    matchLabels:
+      a: b

docs/configuration/crds/v1beta1/logging_types.md

@@ -74,6 +74,14 @@ Limit namespaces to watch Flow and Output custom resources.
 
 Default: -
 
+### watchNamespaceSelector (*metav1.LabelSelector, optional) {#loggingspec-watchnamespaceselector}
+
+WatchNamespaceSelector is a LabelSelector to find matching namespaces to watch as in WatchNamespaceses.
+
+Note: This setting is mutually exclusive with watchNamespaces
+
+Default: -
+
 ### controlNamespace (string, required) {#loggingspec-controlnamespace}
 
 Namespace for cluster wide configuration resources like ClusterFlow and ClusterOutput. This should be a protected namespace from regular users. Resources like fluentbit and fluentd will run in this namespace as well. 

pkg/resources/model/repository.go

@@ -22,6 +22,7 @@ import (
 	"emperror.dev/errors"
 	"github.com/go-logr/logr"
 	corev1 "k8s.io/api/core/v1"
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"sigs.k8s.io/controller-runtime/pkg/client"
 
 	"github.com/kube-logging/logging-operator/pkg/sdk/logging/api/v1beta1"
@@ -63,9 +64,18 @@ func (r LoggingResourceRepository) LoggingResourcesFor(ctx context.Context, logg
 	errs = errors.Append(errs, err)
 
 	watchNamespaces := logging.Spec.WatchNamespaces
+	nsLabelSelector := logging.Spec.WatchNamespaceSelector
 	if len(watchNamespaces) == 0 {
 		var nsList corev1.NamespaceList
-		if err := r.Client.List(ctx, &nsList); err != nil {
+		selector, err := metav1.LabelSelectorAsSelector(nsLabelSelector)
+		if err != nil {
+			errs = errors.Append(errs, errors.WrapIf(err, "error in watchNamespaceSelector"))
+			return
+		}
+		nsListOptions := &client.ListOptions{
+			LabelSelector: selector,
+		}
+		if err := r.Client.List(ctx, &nsList, nsListOptions); err != nil {
 			errs = errors.Append(errs, errors.WrapIf(err, "listing namespaces"))
 			return
 		}

pkg/sdk/logging/api/v1beta1/logging_types.go

@@ -65,6 +65,8 @@ type LoggingSpec struct {
 	GlobalFilters []Filter `json:"globalFilters,omitempty"`
 	// Limit namespaces to watch Flow and Output custom resources.
 	WatchNamespaces []string `json:"watchNamespaces,omitempty"`
+	// WatchNamespaceSelector is a LabelSelector to find matching namespaces to watch as in WatchNamespaces
+	WatchNamespaceSelector *metav1.LabelSelector `json:"watchNamespaceSelector,omitempty"`
 	// Cluster domain name to be used when templating URLs to services (default: "cluster.local").
 	ClusterDomain *string `json:"clusterDomain,omitempty"`
 	// Namespace for cluster wide configuration resources like CLusterFlow and ClusterOutput.