While testing more complex cases, I noticed this:
Scenario:
- Consumer operates on namespaced CRDs - cowboys and cluster-scoped CRDs - sheriffs
- Backend is set to
consumer-scope=namespaced and cluster-scoped-isolation=prefixed
When binding namespaced CRD - backend will create namespace kube-bind-<identity>-<consumer-namespace> in the provider cluster. Objects will be created in that namespace. Same with claims.
When binding cluster-scoped CRD - NOT SUPPORTED. TODO: Add condition on konnector side to tell this is the case. <------ THIS IS NOT THE CASE. It does not work
We had a regression in UI, which showed cluster-scoped CRDs for binding. This bubbled up the issue that if the backend is configured to namespace isolation, you can still bind cluster-scoped CRDs. This is not good.
See: https://kubernetes.slack.com/archives/C046PRXNJ4W/p1757934564794029
While testing more complex cases, I noticed this:
Scenario:
consumer-scope=namespacedandcluster-scoped-isolation=prefixedWhen binding namespaced CRD - backend will create namespace
kube-bind-<identity>-<consumer-namespace>in the provider cluster. Objects will be created in that namespace. Same with claims.When binding cluster-scoped CRD - NOT SUPPORTED. TODO: Add condition on konnector side to tell this is the case. <------ THIS IS NOT THE CASE. It does not work
We had a regression in UI, which showed cluster-scoped CRDs for binding. This bubbled up the issue that if the backend is configured to
namespaceisolation, you can still bind cluster-scoped CRDs. This is not good.See: https://kubernetes.slack.com/archives/C046PRXNJ4W/p1757934564794029