You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Describe the bug
When installing the chart as a dependency for a different chart which is namespace scoped, the replicator ServiceAccount is created on the desired namespace, however the ClusterRoleBinding still references the ServiceAccount in a default namespace.
To Reproduce
Add Kubernetes-replicator as a subchart for a different, namespace-scoped helm chart.
Expected behavior
The ClusterRoleBinding should reference kubernetes-replicator ServiceAccount in the correct namespace. Alternately, force the creation of the ServiceAccount on the default namespace.
Environment:
Kubernetes version: 1.19
kubernetes-replicator version: 2.7.3
Logs from kubernetes-replicator pod (private information omitted between <>) :
E0703 07:49:34.929843 1 reflector.go:138] pkg/mod/k8s.io/client-go@v0.22.4/tools/cache/reflector.go:167: Failed to watch *v1.Secret: failed to list *v1.Secret: secrets is forbidden: User "system:serviceaccount:<custom_namespace>:<release_name>-kubernetes-replicator" cannot list resource "secrets" in API group "" at the cluster scope
The text was updated successfully, but these errors were encountered:
There has not been any activity to this issue in the last 14 days. It will automatically be closed after 7 more days. Remove the stale label to prevent this.
Closing as the problem relies with the fact that you cannot specify namespace for sub-charts in Chart.yaml, therefore helmfile should be used. helm/helm#5358
Describe the bug
When installing the chart as a dependency for a different chart which is namespace scoped, the replicator ServiceAccount is created on the desired namespace, however the ClusterRoleBinding still references the ServiceAccount in a default namespace.
To Reproduce
Add Kubernetes-replicator as a subchart for a different, namespace-scoped helm chart.
Expected behavior
The ClusterRoleBinding should reference kubernetes-replicator ServiceAccount in the correct namespace. Alternately, force the creation of the ServiceAccount on the default namespace.
Environment:
Logs from kubernetes-replicator pod (private information omitted between <>) :
E0703 07:49:34.929843 1 reflector.go:138] pkg/mod/k8s.io/client-go@v0.22.4/tools/cache/reflector.go:167: Failed to watch *v1.Secret: failed to list *v1.Secret: secrets is forbidden: User "system:serviceaccount:<custom_namespace>:<release_name>-kubernetes-replicator" cannot list resource "secrets" in API group "" at the cluster scope
The text was updated successfully, but these errors were encountered: