Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Unable to deploy eventing in different namespace because of hardcoded namespace #8407

Open
eloo-abi opened this issue Jan 14, 2025 · 3 comments · May be fixed by #8425
Open

Unable to deploy eventing in different namespace because of hardcoded namespace #8407

eloo-abi opened this issue Jan 14, 2025 · 3 comments · May be fixed by #8425
Labels
good first issue Denotes an issue ready for a new contributor, according to the "help wanted" guidelines. help wanted Denotes an issue that needs help from a contributor. Must meet "help wanted" guidelines. kind/bug Categorizes issue or PR as related to a bug.

Comments

@eloo-abi
Copy link

eloo-abi commented Jan 14, 2025
edited
Loading

Describe the bug
Hi, it looks like its not possible to deploy and operate knative eventing in a different namespace using IMC because the service account is harded here:
https://github.com/knative/eventing/blob/main/pkg/apis/messaging/v1/in_memory_channel_validation.go#L29C7-L29C31

const eventingControllerSAName = "system:serviceaccount:knative-eventing:eventing-controller"

This const is afterwards used for the validation checkSubsciberSpecAuthChanged.

I guess the best would be to use the SYSTEM_NAMESPACE env here in the eventingControllerSAName.

Expected behavior
I can deploy knative eventing in any namespace and configure it properly

To Reproduce

  • Deploy knative eventing in a different namespace (e.g. knative-random)
  • Deploy a basic example with source, channel, subscription and service like this
apiVersion: sources.knative.dev/v1
kind: PingSource
metadata:
  name: test-ping-source
  namespace: knative-random

spec:
  schedule: "*/1 * * * *"
  contentType: "application/json"
  data: '{"message": "Hello world!"}'
  sink:
    ref:
      apiVersion: messaging.knative.dev/v1
      kind: InMemoryChannel
      name: foo
---
apiVersion: serving.knative.dev/v1
kind: Service
metadata:
  name: event-display
  namespace: knative-random
spec:
  template:
    spec:
      containers:
        - image: gcr.io/knative-releases/knative.dev/eventing-contrib/cmd/event_display:latest
---
apiVersion: messaging.knative.dev/v1
kind: InMemoryChannel
metadata:
  name: foo
  namespace: knative-random

---
apiVersion: messaging.knative.dev/v1
kind: Subscription
metadata:
  name: my-subscription
  namespace: knative-random
spec:
  channel:
    apiVersion: messaging.knative.dev/v1
    kind: InMemoryChannel
    name: foo
  subscriber:
    ref:
      apiVersion: serving.knative.dev/v1
      kind: Service
      name: event-display
  • Check the eventing-controller logs
  • See errors like this
admission webhook \"validation.inmemorychannel.eventing.knative.dev\" denied the request: validation failed: Channel.Spec.Subscribers changed by user system:serviceaccount:knative-system:eventing-controller which was not the system:serviceaccount:knative-eventing:eventing-controller service account

 **Knative release version**
1.16

 **Additional context**
Add any other context about the problem here such as proposed priority
@eloo-abi eloo-abi added the kind/bug Categorizes issue or PR as related to a bug. label Jan 14, 2025
@pierDipi
Copy link
Member

pierDipi commented Jan 22, 2025
edited
Loading

Would you be interested in contributing this bug fix?

In this case, we would need to use system.Namespace() instead of the hardcoded knative-eventing in that constant (and make it a variable) https://github.com/knative/eventing/blob/28c489edcdfc4fe7aa4cdff30bfe9a15dd0255f9/pkg/apis/messaging/v1/in_memory_channel_validation.go#L29C7-L29C31

@pierDipi
Copy link
Member

/good-first-issue

@knative-prow Knative Prow
Copy link

knative-prow bot commented Jan 22, 2025

@pierDipi:
This request has been marked as suitable for new contributors.

Please ensure the request meets the requirements listed here.

If this request no longer meets these requirements, the label can be removed
by commenting with the /remove-good-first-issue command.

In response to this:

/good-first-issue

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

@knative-prow knative-prow bot added good first issue Denotes an issue ready for a new contributor, according to the "help wanted" guidelines. help wanted Denotes an issue that needs help from a contributor. Must meet "help wanted" guidelines. labels Jan 22, 2025
@vaidikcode vaidikcode linked a pull request Jan 23, 2025 that will close this issue
Open
5 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
good first issue Denotes an issue ready for a new contributor, according to the "help wanted" guidelines. help wanted Denotes an issue that needs help from a contributor. Must meet "help wanted" guidelines. kind/bug Categorizes issue or PR as related to a bug.
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Fix hardcoded knative-eventing namespace in eventingControllerSAName vaidikcode/eventing
2 participants
@pierDipi @eloo-abi