You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@flink.apache.org by "Biao Geng (Jira)" <ji...@apache.org> on 2022/04/07 07:49:00 UTC

[jira] [Created] (FLINK-27109) The naming pattern of ClusterRole in Flink K8s operator should consider namespace

Biao Geng created FLINK-27109:
---------------------------------

             Summary: The naming pattern of ClusterRole in Flink K8s operator should consider namespace
                 Key: FLINK-27109
                 URL: https://issues.apache.org/jira/browse/FLINK-27109
             Project: Flink
          Issue Type: Improvement
          Components: Kubernetes Operator
            Reporter: Biao Geng


As the [doc|https://kubernetes.io/docs/reference/access-authn-authz/rbac/#clusterrole-example] of k8s said, ClusterRole is one kind of non-namespaced resource. 
In our helm chart, we now define the ClusterRole with name 'flink-operator' and the namespace field in metadata will be omitted. As a result, if a user wants to install multiple flink-kubernetes-operator in different namespace, the ClusterRole 'flink-operator' will be created multiple times. 
Errors like
{quote}Error: INSTALLATION FAILED: rendered manifests contain a resource that already exists. Unable to continue with install: ClusterRole "flink-operator" in namespace "" exists and cannot be imported into the current release: invalid ownership metadata; annotation validation error: key "meta.helm.sh/release-namespace" must equal "c-8725bcef1dc84d6f": current value is "default"
{quote}
will be thrown.

One solution could be adding the namespace as a postfix in the name of ClusterRole.
Another possible solution is to add if else check to avoid creating existed resource.



--
This message was sent by Atlassian Jira
(v8.20.1#820001)