JWA doesn't have an RBAC rule for namespaces resources as other web apps do (e.g. VWA). This will result in an authorization error if JWA is deployed outside of Kubeflow (without the dashboard).
What steps did you take and what happened:
I observed that JWA doesn't have this rule and then I went through the code in order to figure out if it is needed and here is why it is needed:
JWA, when deployed outside of Kubeflow (no CentralDashboard present) implements lib-namespace-select component in its index page with namespaces URL /api/namespaces.
This component subscribes to the common backend service's getNamespaces() using the above namespaces URL.
This backend service (a service which frontend uses to contact the backend part of the WA) hits the backend at this API route which would require authorisation to perform this action.
Thus JWA would not be able to list namespaces resources.
andreyvelich
commented
2 weeks ago
/kind bug
JWA doesn't have an RBAC rule for
namespacesresources as other web apps do (e.g. VWA). This will result in an authorization error if JWA is deployed outside of Kubeflow (without the dashboard).What steps did you take and what happened: I observed that JWA doesn't have this rule and then I went through the code in order to figure out if it is needed and here is why it is needed:
lib-namespace-selectcomponent in its index page with namespaces URL/api/namespaces.Thus JWA would not be able to list namespaces resources.