Open Sriteja-Tadakaluru opened 4 months ago
There are a couple of issues we need to consider here.
Firstly, Kubernetes does not support ownership across namespace boundaries, so it's difficult to see how ASO could support a TrafficManagerProfile in N2 referencing a ResourceGroup in N1 as it's owner. Not to say that it's impossible, just that we'd be working against the way Kubernetes does things.
Secondly, while other kinds of references across namespace boundaries are possible, there are RBAC issues to contend with, making this surprisingly unsimple.
We'll revisit this as part of our planning.
Another thought, you can always use a direct ARM reference instead of using Group/Kind/Name.
Using Trafficmanagerprofile or storageaccount should be able to refer the resourcegroup which was created in the other namespaces. For example, if there are 2namespaces N1 and N2...where RG is deployed in N1 namespace and the trafficmanagerprofile in N2 namespace should be able to locate RG in N1 namespace. This would allow more control over to the admin and also end user should be able to use the resources without any additional RG definitions.