Open wdw-jst opened 2 years ago
There has not been any activity to this issue in the last 14 days. It will automatically be closed after 7 more days. Remove the stale
label to prevent this.
Thanks for the report :+1: and sorry for the late response. ππ This might be one of these issues that are more complicated than they first appear. π€― Some thoughts:
ClusterRoleBinding
to grant access to all namespaces, granting access to a select subset of namespaces should also be possible using a ClusterRole
(or multiple Role
s in different namespaces) with different namespaced RoleBindings
.WATCH
and LIST
calls to the replicated resources (like the configmap replicator here), which still require cluster-wide access. To support multiple-namespaces, the replicator would need to be refactored to use multiple informers (one for each namespace), which would further complicate replication logic.Realistically, I don't see us finding the resources to implement a major change like this one anytime soon. However, PRs are always welcome. π
Is your feature request related to a problem? Please describe. We wanted to use kubernetes-replicator within a shared Kubernetes Cluster (Rancher), where creation of ClusterRole and ClusterRolebinding is not permitted. We use the following RBAC setup:
This should give the service account the permission to access the resources within our project.
We deploy the kubernetes-replicator into the same namespace
replicator
. However the container failed to start with erros likeThe message shows for other resources as well (namespaces, secrets, ...)
Describe the solution you'd like kubernetes-replicator to work in shared Kubernetes Cluser (e.g. Rancher, OpenShift) within scope of project.
Describe alternatives you've considered None
Additional context We also tried the same Role with a dedicated Kubernetes Cluster, also without success