DnPlas
commented
2 years ago Hi @Barteus, thanks for the PR. This workaround happens to work just fine, the role in that ServiceAccount has permissions to manipulate all resources, but it is intended to allow the workload (spark operator) to manipulate all these resources, not really targeted at individual users. The better approach would be to have RBAC for each user in their own namespace, which is something we are still discussing (whether to create that manually or via charm code).
Extended README with the instruction on how to copy the service account to the new namespace. Workaround for the issue: https://github.com/canonical/spark-operator/issues/15