From a044b29ece3b95ea75107f13d59442e76d7b8d6c Mon Sep 17 00:00:00 2001 From: John Mazzitelli Date: Fri, 11 Feb 2022 11:51:52 -0500 Subject: [PATCH] make namespace access more clear (#511) --- content/en/docs/Configuration/namespace-management.md | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/content/en/docs/Configuration/namespace-management.md b/content/en/docs/Configuration/namespace-management.md index 55b9355f0..e8d5082a6 100644 --- a/content/en/docs/Configuration/namespace-management.md +++ b/content/en/docs/Configuration/namespace-management.md @@ -35,16 +35,18 @@ spec: - mycorp_.* ``` +Note that the namespaces declared here (including any regex expressions) are evaluated and discovered at install time. Namespaces that do not exist at the time of install but are created later in the future will not be accessible by Kiali. For Kiali to be given access to namespaces created in the future, you must edit the Kiali CR and update the `accessible_namespaces` setting to include the new namespaces. The one exception is if you set `accessible_namespaces` to the special value `["**"]` - in that case, all namespaces (including any namespaces created in the future) will be accessible to Kiali. + {{% alert color="warning" %}} As you can see in the example, the namespace where Kiali is installed must be listed as accessible (often, but not always, the same namespace as Istio). {{% /alert %}} This configuration accepts the special pattern `accessible_namespaces: ["**"]` -which denotes that Kiali is given access to all namespaces in the cluster. +which denotes that Kiali is given access to all namespaces in the cluster, including any namespaces created in the future. {{% alert color="warning" %}} -If you install the operator using the [Helm Charts]({{< ref "/docs/installation/installation-guide/install-with-helm#install-with-operator" >}}), +If you install the operator using the [Helm Charts]({{< ref "/docs/installation/installation-guide/install-with-helm#install-with-operator" >}}), to be able to use the special pattern `accessible_namespaces: ["**"]`, you must specify the `--set clusterRoleCreator=true` flag when invoking `helm install`.