Restrict monitored namespaces
This page discusses how to restrict the namespaces where the Keptn lifecycle-operator orchestrates the deployments.
For information about how to allocate Keptn resources across namespaces, see Namespaces and resources.
Default behavior
Keptn must be installed on its own namespace that does not run any other components, especially any application deployment.
By default, Keptn lifecycle orchestration is enabled for all namespaces except the followings:
kube-system
kube-public
kube-node-lease
cert-manager
keptn-system
(Keptn installation namespace)observability
monitoring
Custom namespace restriction
If you want to restrict Keptn to only some namespaces, you should:
- Allow those namespaces during installation
- Annotate those namespaces
To implement this:
-
Create a
values.yaml
file that lists the namespaces Keptn lifecycle orchestration should monitor: -
Add the values file to the helm installation command:
-
Annotate the namespaces where Keptn lifecycle orchestration is allowed by issuing the following command for each namespace:
Note Restricted allowed namespaces are configured at installation time. To add or remove Keptn allowed namespaces, you must modify the list of namespaces in your
values.yaml
file and rerun thehelm upgrade
command.