when ServiceAccount is on a different namespace then default, the ClusterRoleBinding still references the default namespace #201
Labels
Comments
|
might be related to #13 |
|
There has not been any activity to this issue in the last 14 days. It will automatically be closed after 7 more days. Remove the |
|
@martin-helmich any chance to remove the stale label? :) |
|
Closing as the problem relies with the fact that you cannot specify namespace for sub-charts in Chart.yaml, therefore helmfile should be used. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Describe the bug
When installing the chart as a dependency for a different chart which is namespace scoped, the replicator ServiceAccount is created on the desired namespace, however the ClusterRoleBinding still references the ServiceAccount in a default namespace.
To Reproduce
Add Kubernetes-replicator as a subchart for a different, namespace-scoped helm chart.
Expected behavior
The ClusterRoleBinding should reference kubernetes-replicator ServiceAccount in the correct namespace. Alternately, force the creation of the ServiceAccount on the default namespace.
Environment:
Logs from kubernetes-replicator pod (private information omitted between <>) :
E0703 07:49:34.929843 1 reflector.go:138] pkg/mod/k8s.io/client-go@v0.22.4/tools/cache/reflector.go:167: Failed to watch *v1.Secret: failed to list *v1.Secret: secrets is forbidden: User "system:serviceaccount:<custom_namespace>:<release_name>-kubernetes-replicator" cannot list resource "secrets" in API group "" at the cluster scope
The text was updated successfully, but these errors were encountered: