Skip to content

Add support for the namespaces feature #331

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
jfrancoa merged 2 commits into from
Jun 17, 2026
+46 −0
Merged

Add support for the namespaces feature #331

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
dd22f00
Add support for the namespaces feature
jfrancoa May 20, 2026
e370a2c
Enforce REPLICATION_MAXIMUM_FACTOR=1 when namespaces is enabled
jfrancoa May 28, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
32 changes: 32 additions & 0 deletions .cicd/test.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -450,5 +450,37 @@ function check_creates_template() {
check_no_setting "--set collectionExport.enabled=true" "name: EXPORT_PARALLELISM"
check_setting_has_value "--set collectionExport.enabled=true --set collectionExport.envconfig.EXPORT_PARALLELISM=4" "name: EXPORT_PARALLELISM" "value: \"4\""

# Namespaces feature tests
# Default (namespaces disabled): none of the namespaces-coupled envs should be templated.
# REPLICATION_MAXIMUM_FACTOR is only forced by the namespaces block, so it must be absent by default.
check_no_setting "" "name: NAMESPACES_ENABLED"
check_no_setting "" "name: DISABLE_GRAPHQL"
check_no_setting "" "name: REPLICATION_MAXIMUM_FACTOR"
check_no_setting "--set namespaces.enabled=false" "name: NAMESPACES_ENABLED"
check_no_setting "--set namespaces.enabled=false" "name: DISABLE_GRAPHQL"
check_no_setting "--set namespaces.enabled=false" "name: REPLICATION_MAXIMUM_FACTOR"
# Namespaces enabled: flag emits all required envs. The server fatals on startup unless
# REPLICATION_MAXIMUM_FACTOR=1 when NAMESPACES_ENABLED=true, so the chart pins it to "1".
check_setting_has_value "--set namespaces.enabled=true" "name: NAMESPACES_ENABLED" "value: \"true\""
check_setting_has_value "--set namespaces.enabled=true" "name: DISABLE_GRAPHQL" "value: \"true\""
check_setting_has_value "--set namespaces.enabled=true" "name: REPLICATION_MAXIMUM_FACTOR" "value: \"1\""
# The pinned REPLICATION_MAXIMUM_FACTOR=1 is rendered after the generic env loop, so it overrides
# any user-supplied env.REPLICATION_MAXIMUM_FACTOR (Kubernetes keeps the last duplicate env entry).
check_setting_has_value "--set namespaces.enabled=true --set env.REPLICATION_MAXIMUM_FACTOR=3" "name: REPLICATION_MAXIMUM_FACTOR" "value: \"1\""
Comment on lines +467 to +469
# Namespaces enabled end-to-end: flag + apikey + RBAC (configured via the chart's
# authentication/authorization values) must render cleanly together.
_settingNamespacesFull="--set namespaces.enabled=true --set authentication.apikey.enabled=true --set authentication.apikey.allowed_keys[0]=admin-key --set authentication.apikey.users[0]=admin --set authorization.rbac.enabled=true --set authorization.rbac.root_users[0]=admin"
check_setting_has_value "$_settingNamespacesFull" "name: NAMESPACES_ENABLED" "value: \"true\""
check_setting_has_value "$_settingNamespacesFull" "name: DISABLE_GRAPHQL" "value: \"true\""
check_setting_has_value "$_settingNamespacesFull" "name: REPLICATION_MAXIMUM_FACTOR" "value: \"1\""
check_string_existence "$_settingNamespacesFull" "allowed_keys:"
check_string_existence "$_settingNamespacesFull" "admin-key"
check_string_existence "$_settingNamespacesFull" "root_users:"
# OIDC namespace/global principal claims must propagate to the weaviate-config ConfigMap when set.
_settingOidcClaims="--set authentication.oidc.namespace_claim=weaviate_namespace --set authentication.oidc.global_principal_claim=weaviate_global --set authentication.oidc.skip_client_id_check=true"
check_string_existence "$_settingOidcClaims" "namespace_claim: weaviate_namespace"
check_string_existence "$_settingOidcClaims" "global_principal_claim: weaviate_global"
check_string_existence "$_settingOidcClaims" "skip_client_id_check: true"

echo "Tests successful."
)
8 changes: 8 additions & 0 deletions weaviate/templates/weaviateStatefulset.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -512,6 +512,14 @@ spec:
{{- end }}
{{- end }}
{{- end }}
{{- if index .Values "namespaces" "enabled" }}
- name: NAMESPACES_ENABLED
value: "true"
- name: DISABLE_GRAPHQL
value: "true"
- name: REPLICATION_MAXIMUM_FACTOR
value: "1"
Comment on lines +515 to +521
{{- end }}
- name: CLUSTER_JOIN
value: {{ .Values.service.name }}-headless.{{ .Release.Namespace }}.svc.{{ .Values.clusterDomain }}
ports:
Expand Down
6 changes: 6 additions & 0 deletions weaviate/values.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -274,6 +274,9 @@ authentication:
# username_claim: ''
# groups_claim: ''
# client_id: ''
# skip_client_id_check: false
# namespace_claim: ''
# global_principal_claim: ''

authorization:
rbac:
Expand All @@ -296,6 +299,9 @@ query_defaults:
limit: 100
debug: false

# Enable namespaces support in the weaviate cluster. Once enabled, the cluster can't be migrated to a non-namespaced cluster and vice versa.
namespaces:
enabled: false

# Insert any custom environment variables or envSecrets by putting the exact name
# and desired value into the settings below. Any env name passed will be automatically
Expand Down
Loading