Hatchet charts attempt to apply two `hatchet-config-writer` role bindings

[WoodyWoodsta]

In the new charts 0.6.3, the hatchet-config-writer rolebinding is needed for both the engine quickstart jobs and the api quickstart jobs, each of which have a separate service account. However, since the rolebinding name is hardcoded, it means that each instance of the chart overwrites the generated rolebinding of the previous.

This should never have worked during testing.

[abelanger5]

Hi @WoodyWoodsta, we set setupJob.enabled=false in hatchet-stack, as the job should only be run by hatchet-api: https://github.com/hatchet-dev/hatchet-charts/blob/main/charts/hatchet-stack/values.yaml#L63. hatchet-config-writer is only enabled if setupJob is also enabled: https://github.com/hatchet-dev/hatchet-charts/blob/65e555ddc7757c775c0f3b2c088d9d77054b141b/charts/hatchet-api/templates/setup-job.yaml#L1.

It sounds like you're running hatchet-api as two separate Helm releases? I'd definitely recommend using the default values of hatchet-stack as a starting point if that's the case (though I understand that the upgrade path is problematic here).

I'll make a PR later today to remove the hardcoding of the rolebinding name.

[WoodyWoodsta]

Ah I see that now. It wasn't 100% clear that only one of the charts needed the setup job.

Yes, we use the hatchet-api charts directly because we needed slightly finer control over parameters which weren't possible with the stack chart.

Thanks for the help!