CDK8s+: Adopt namespace from Role in RoleBindingย #2796
Description
Description of the feature or enhancement:
When constructing a RoleBinding, it should adopt the same namespace as the passed Role, unless specifically specified.
Use Case:
I just had a quite annoying issue, basically (within a Chart with namespace my-ns):
const roleSrc = new Role(this, "role", { metadata: { namespace: "other-ns" } });
roleSrc.allow(["get", "list", "watch"], ApiResource.SECRETS);
new RoleBinding(this, "rb", {
role: roleSrc,
}).addSubjects(sa);Currently, the RoleBinding gets the namespace from the parent Chart; my-ns. However, it needed to by in other-ns, as that is where the Role was.
This is easily worked around by just adding a metadata: { namespace: "other-ns" } } to the RoleBinding, but it's a quite annoying thing to debug.
Proposed Solution:
AFAIK matching Role and RoleBinding always have to be in the same namespace. As the namespace of the Role is known (at least in my case) the RoleBinding should be able to take it instead of defaulting to the Chart namespace (unless of course it is overridden in metadata).
Other:
- ๐ I may be able to implement this feature request
-
โ ๏ธ This feature might incur a breaking change
This is a ๐ Feature Request