[
https://issues.apache.org/jira/browse/FLINK-27109?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Biao Geng updated FLINK-27109:
------------------------------
Summary: Improve the creation of ClusterRole in Flink K8s operator (was:
The naming pattern of ClusterRole in Flink K8s operator should consider
namespace)
> Improve the creation of ClusterRole in Flink K8s operator
> ---------------------------------------------------------
>
> Key: FLINK-27109
> URL: https://issues.apache.org/jira/browse/FLINK-27109
> Project: Flink
> Issue Type: Improvement
> Components: Kubernetes Operator
> Reporter: Biao Geng
> Priority: Major
>
> As the
> [doc|https://kubernetes.io/docs/reference/access-authn-authz/rbac/#clusterrole-example]
> of k8s said, ClusterRole is one kind of non-namespaced resource.
> In our helm chart, we now define the ClusterRole with name 'flink-operator'
> and the namespace field in metadata will be omitted. As a result, if a user
> wants to install multiple flink-kubernetes-operator in different namespace,
> the ClusterRole 'flink-operator' will be created multiple times.
> Errors like
> {quote}Error: INSTALLATION FAILED: rendered manifests contain a resource that
> already exists. Unable to continue with install: ClusterRole "flink-operator"
> in namespace "" exists and cannot be imported into the current release:
> invalid ownership metadata; annotation validation error: key
> "meta.helm.sh/release-namespace" must equal "c-8725bcef1dc84d6f": current
> value is "default"
> {quote}
> will be thrown.
> One solution could be adding the namespace as a postfix in the name of
> ClusterRole.
> Another possible solution is to add if else check to avoid creating existed
> resource.
--
This message was sent by Atlassian Jira
(v8.20.1#820001)
