[GitHub] [camel-k] christophd commented on a diff in pull request #3400: fix(#3390): Fix Knative addressable resolver cluster role binding

Thu, 30 Jun 2022 00:50:04 -0700 


christophd commented on code in PR #3400:
URL: https://github.com/apache/camel-k/pull/3400#discussion_r910714729


##########
pkg/install/knative.go:
##########
@@ -32,45 +32,45 @@ import (
 
 const knativeAddressableResolverClusterRoleName = "addressable-resolver"
 
-// BindKnativeAddressableResolverClusterRole binds the Knative Addressable 
resolver aggregated ClusterRole
+// BindKnativeAddressableResolverClusterRole binds the Knative addressable 
resolver aggregated ClusterRole
 // to the operator ServiceAccount.
-func BindKnativeAddressableResolverClusterRole(ctx context.Context, c 
kubernetes.Interface, namespace string) error {
+func BindKnativeAddressableResolverClusterRole(ctx context.Context, c 
kubernetes.Interface, global bool, operatorNamespace string) error {
        if isKnative, err := knative.IsInstalled(ctx, c); err != nil {
                return err
        } else if !isKnative {
                return nil
        }
-       if namespace != "" {
-               return applyAddressableResolverRoleBinding(ctx, c, namespace)
+       if global {
+               return applyAddressableResolverClusterRoleBinding(ctx, c, 
operatorNamespace)
        }
-       return applyAddressableResolverClusterRoleBinding(ctx, c, namespace)
+       return applyAddressableResolverRoleBinding(ctx, c, operatorNamespace)
 }
 
-func applyAddressableResolverRoleBinding(ctx context.Context, c 
kubernetes.Interface, namespace string) error {
-       rb := rbacv1ac.RoleBinding(fmt.Sprintf("%s-addressable-resolver", 
serviceAccountName), namespace).
+func applyAddressableResolverRoleBinding(ctx context.Context, c 
kubernetes.Interface, operatorNamespace string) error {
+       rb := rbacv1ac.RoleBinding(fmt.Sprintf("%s-addressable-resolver", 
serviceAccountName), operatorNamespace).

Review Comment:
   This may be a really rare edge case where a local operator is watching 
another foreign namespace. Not sure of this construct where WATCH_NAMESPACE and 
operator namespace are different even works. In fact the operator leader lease 
is then missing in this foreign namespace and other operators may also 
reconcile resources because of this.



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]

Reply via email to