When running the service discovery there is the optional namespace selector. If you don't put a namespace in there my expectation is that it would look up the namespaces and perform the discover on those namespaces that the service account has access to. However the actual behavior is that it provides the namespaces, but the sd-cluster pods have an error and don't report the services for the namespaces that the service account has access to. Basically it doesn't fail gracefully.