Skip to content

backend scoping is not honored #309

Description

@mjudeikis

While testing more complex cases, I noticed this:

Scenario:

  1. Consumer operates on namespaced CRDs - cowboys and cluster-scoped CRDs - sheriffs
  2. Backend is set to consumer-scope=namespaced and cluster-scoped-isolation=prefixed

When binding namespaced CRD - backend will create namespace kube-bind-<identity>-<consumer-namespace> in the provider cluster. Objects will be created in that namespace. Same with claims.

When binding cluster-scoped CRD - NOT SUPPORTED. TODO: Add condition on konnector side to tell this is the case. <------ THIS IS NOT THE CASE. It does not work

We had a regression in UI, which showed cluster-scoped CRDs for binding. This bubbled up the issue that if the backend is configured to namespace isolation, you can still bind cluster-scoped CRDs. This is not good.

See: https://kubernetes.slack.com/archives/C046PRXNJ4W/p1757934564794029

Metadata

Metadata

Assignees

No one assigned

    Labels

    bugSomething isn't working

    Type

    Fields

    No fields configured for Bug.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions