An inconsistency has been observed in how RBAC (Role-Based Access Control) is handled across different namespaces in the Kubernetes cluster. The following sequence of events has occurred:
Initially, a chart named fireworksapps at version v1-1-3 was deployed in the namespace fireworksapp-system. As expected, core-provider automatically created the necessary RBAC resources, including a ClusterRoleBinding.
Subsequently, another instance of the same chart was deployed in a new namespace. However, instead of creating new RBAC resources or updating the existing ones, core-provider left the RBAC configuration unchanged.
The issue arises because the ClusterRoleBinding continues to reference the ServiceAccount in the original namespace (fireworksapp-system) without acknowledging the newly deployed instance.
Steps to Reproduce:
Deploy the chart fireworksapps-v1-1-3-controller in namespace fireworksapp-system.
Verify that core-provider creates the RBAC resources correctly.
Deploy the same chart in a new namespace.
Check the ClusterRoleBinding - it should still reference the ServiceAccount in fireworksapp-system.
Expected Behavior:
core-provider should either:
Create new RBAC resources for each namespace deployment
Update existing RBAC resources to include ServiceAccounts from both namespaces
Description:
An inconsistency has been observed in how RBAC (Role-Based Access Control) is handled across different namespaces in the Kubernetes cluster. The following sequence of events has occurred:
Initially, a chart named
fireworksapps
at versionv1-1-3
was deployed in the namespacefireworksapp-system
. As expected, core-provider automatically created the necessary RBAC resources, including a ClusterRoleBinding.Subsequently, another instance of the same chart was deployed in a new namespace. However, instead of creating new RBAC resources or updating the existing ones, core-provider left the RBAC configuration unchanged.
The issue arises because the ClusterRoleBinding continues to reference the ServiceAccount in the original namespace (
fireworksapp-system
) without acknowledging the newly deployed instance.Steps to Reproduce:
fireworksapps-v1-1-3-controller
in namespacefireworksapp-system
.fireworksapp-system
.Expected Behavior:
core-provider should either: