|
# The KubeRay operator will watch the custom resources in the namespaces listed in the "watchNamespace" parameter. |
|
# watchNamespace: |
|
# - n1 |
|
# - n2 |
This is a very useful feature installing the operator, but kuberay-apiserver does not match this behavior when using
singleNamespaceInstall.
If we install apiserver, operator in namespace X and operator with watchNamespac [X, Y], trying to manage CRD in Y, the setup leads to
2023/11/22 16:56:17 could not list clusters rpc error: code = Unknown desc = List clusters failed.: List RayCluster failed in tsray: rayclusters.ray.io is forbidden: User "system:serviceaccount:default:kuberay-apiserver" cannot list resource "rayclusters" in API group "ray.io" in the namespace "Y"
Should we consider also installing the RBAC for CRD in kuberay-apiserver to a list of watchNamespace like kuberay-operator?
I'm happy to provide that PR if maintainers believe this is a reasonable request
kuberay-helm/helm-chart/kuberay-operator/values.yaml
Lines 76 to 79 in 07463a1
This is a very useful feature installing the operator, but kuberay-apiserver does not match this behavior when using
singleNamespaceInstall.If we install apiserver, operator in namespace
Xand operator with watchNamespac[X, Y], trying to manage CRD inY, the setup leads toShould we consider also installing the RBAC for CRD in
kuberay-apiserverto a list ofwatchNamespacelikekuberay-operator?I'm happy to provide that PR if maintainers believe this is a reasonable request