search

krateoplatformops / core-provider

0 stars 2 forks source link

Inconsistent RBAC Handling Across Namespaces #79

Closed matteogastaldello closed 1 day ago

matteogastaldello commented 2 days ago

Description:

An inconsistency has been observed in how RBAC (Role-Based Access Control) is handled across different namespaces in the Kubernetes cluster. The following sequence of events has occurred:

  1. Initially, a chart named fireworksapps at version v1-1-3 was deployed in the namespace fireworksapp-system. As expected, core-provider automatically created the necessary RBAC resources, including a ClusterRoleBinding.

  2. Subsequently, another instance of the same chart was deployed in a new namespace. However, instead of creating new RBAC resources or updating the existing ones, core-provider left the RBAC configuration unchanged.

The issue arises because the ClusterRoleBinding continues to reference the ServiceAccount in the original namespace (fireworksapp-system) without acknowledging the newly deployed instance.

Steps to Reproduce:

  1. Deploy the chart fireworksapps-v1-1-3-controller in namespace fireworksapp-system.
  2. Verify that core-provider creates the RBAC resources correctly.
  3. Deploy the same chart in a new namespace.
  4. Check the ClusterRoleBinding - it should still reference the ServiceAccount in fireworksapp-system.

Expected Behavior:

core-provider should either: