Receiver cannot reconcile ImageRepository resources in other namespaces #1217
Description
Hi, I have a question about Receiver.
Summary
Is it currently supported for a Receiver in one namespace to trigger reconciliation of ImageRepository resources that exist in other namespaces using resourceFilter and matchLabels? Or is the Receiver limited to searching only within its own namespace?
Background
In our cluster, we would like to trigger the reconciliation of multiple ImageRepository resources located in different namespaces from a single Receiver endpoint.
Concretely, the Receiver is placed in the flux-system namespace, while ImageRepository resources are expected to be created by developers across various namespaces.
Is it possible for a single Receiver endpoint to trigger the reconciliation of ImageRepository resources that exist in different namespaces by using resourceFilter?
Configuration
The Receiver is placed under flux-system as follows.
We specify the name in resourceFilter so that only specific ImageRepository objects are reconciled.
apiVersion: notification.toolkit.fluxcd.io/v1
kind: Receiver
metadata:
name: generic-receiver
namespace: flux-system
spec:
type: generic
secretRef:
name: webhook-token
resources:
- apiVersion: image.toolkit.fluxcd.io/v1
kind: ImageRepository
name: "*"
matchLabels:
registry-type: gcp
resourceFilter: "req.name.contains(res.metadata.name)"We have multiple ImageRepository resources, each placed in its own namespace. Below are two sample resources (actual clusters contain more). Note that each resource is in a separate namespace.
apiVersion: image.toolkit.fluxcd.io/v1
kind: ImageRepository
metadata:
name: sandbox-app
namespace: sandbox-app
labels:
registry-type: gcp
spec:
provider: gcp
image: asia-northeast1-docker.pkg.dev/sandbox-project/sandbox-app/app
interval: 30m
---
apiVersion: image.toolkit.fluxcd.io/v1
kind: ImageRepository
metadata:
name: sandbox-app-2
namespace: sandbox-app-2
labels:
registry-type: gcp
spec:
provider: gcp
image: asia-northeast1-docker.pkg.dev/sandbox-project/sandbox-app-2/app
interval: 30mThe incoming request looks like this (we plan to send this from our monorepo CI system):
$ curl -XPOST -H "Content-Type: application/json" \
-d '{"name": "sandbox-app"}' \
https://webhook-receiver.example.com/hook/hogehoge
Expected Behavior
Both sandbox-app and sandbox-app-2 ImageRepository resources should be reconciled, even though they exist in different namespaces.
Actual Behavior / Error
notification-controller-5df7f9bc66-m4b9l manager {"level":"info","ts":"2025-11-27T16:43:26.226Z","logger":"receiver-server","msg":"handling request: a8a902f2c58facb85b4997acde74ac3aa0a27764b068c9667d1xxxxxxxxxx"}
notification-controller-5df7f9bc66-m4b9l manager {"level":"error","ts":"2025-11-27T16:43:26.337Z","logger":"receiver-server","msg":"error annotating resources","reconciler kind":"Receiver","name":"generic-receiver","namespace":"flux-system","error":"no \"ImageRepository\" resources found with matching labels map[\"registry-type\":\"gcp\"]' in \"flux-system\" namespace"}
It appears that the controller is only searching the flux-system namespace, even though --watch-all-namespaces=true is enabled.
And, I tried adding the namespace: "*".
...
resources:
- apiVersion: image.toolkit.fluxcd.io/v1
kind: ImageRepository
name: "*"
namespace: "*"
matchLabels:
registry-type: gcp
resourceFilter: "req.name.contains(res.metadata.name)"However, the following error occurred:
notification-controller-8454968d77-m7lsx manager {"level":"error","ts":"2025-11-27T17:01:45.937Z","logger":"receiver-server","msg":"error annotating resources","reconciler kind":"Receiver","name":"generic-receiver","namespace":"flux-system","error":"no \"ImageRepository\" resources found with matching labels map[\"registry-type\":\"gcp\"]' in \"*\" namespace"}
Version and Controller Settings
notification-controller version: v1.7.4
Controller arguments include:
- --watch-all-namespaces=true
- --no-cross-namespace-refs=false