tplavcic
commented
1 month ago Hi @dfry ! I have opened a ticket in our Jira about this here: https://perconadev.atlassian.net/browse/K8SPG-585 So we will address is no later then next operator release.
Closed dfry closed 1 month ago
tplavcic
commented
1 month ago Hi @dfry ! I have opened a ticket in our Jira about this here: https://perconadev.atlassian.net/browse/K8SPG-585 So we will address is no later then next operator release.
dfry
commented
1 month ago Thanks @tplavcic ,
Another thing worth mentioning is that it seems that the logic within the helm templates regarding watching all namespaces seems to be not working. When all namespaces are watched, the permissions granted via k8s RBAC don't work correctly. I can open another issue if you want. But is seems that the other Percona operator charts function fine in this regard, so maybe following the same pattern across all the charts would be the best strategy.
Cheers
tplavcic
commented
1 month ago Thanks for info! I will check it out and open a ticket for it since I don't want to mix two things here. Yes, we do try to have it consistent between all operators, but PG is a bit different so need to check it out, but if there's a bug it needs to be fixed anyway.
tplavcic
commented
1 month ago @dfry , can you be more specific about When all namespaces are watched, the permissions granted via k8s RBAC don't work correctly - because I just tried it and it seems to work for me and I don't see some issues.
So I'm wondering what am I missing? I just set watchAllNamespaces: true and didn't change anything else, deployed operator in one namespace and PG cluster in another.
tplavcic
commented
1 month ago I have merged the fix for adding namespace reference to the templates so it is available now in the newest versions of the charts. I will close this issue, but since I cannot currently reproduce the issue with cluster wide role please open a new one and try to provide some info about what exactly is wrong. Thank you for valuable feedback!
dfry
commented
1 month ago thanks @tplavcic , I will reproduce the issue on my side and open another issue with some logs/configs.
The Percona Helm Chart should follow the same pattern as the other operator helm charts regarding setting the namespace:
namespace: {{ .Release.Namespace }}as is shown in the pxc operator example here: https://github.com/percona/percona-helm-charts/blob/878d860ab641e628b48d39725444bd33b3dd6322/charts/pxc-operator/templates/deployment.yaml#L5C3-L5C38
By contrast the postgresql operator helm chart templates have no namespace reference, here is an example: https://github.com/percona/percona-helm-charts/blob/878d860ab641e628b48d39725444bd33b3dd6322/charts/pg-operator/templates/deployment.yaml#L3
This becomes an issue when installing via kustomize and should be changed in any case for the sake of consistency.