Skip to content

namespace override while running make deploy #5148

New issue
New issue
Open
Open
namespace override while running make deploy#5148
Labels
kind/bugCategorizes issue or PR as related to a bug.kind/documentationCategorizes issue or PR as related to documentation.
@AlirezaPourchali

Description

@AlirezaPourchali
AlirezaPourchali
opened on Oct 27, 2025

What broke? What's expected?

There is an issue when calling make deploy, the issue is that the config/default/kustomization.yaml file.
it includes:

# Adds namespace to all resources.
namespace: xxxx

when you run make deploy it overrides all the namespaces as expected but it will cause issues when you are using some namespace based resources like the rbac.

Reproducing this issue

i have these markers in my controller

// +kubebuilder:rbac:groups=apps,namespace=infrastructure,resources=deployments,verbs=get;list;watch;update;patch
// +kubebuilder:rbac:groups="",namespace=users,resources=secrets,verbs=get;

the rbac files that get generated via make manifests are fine too, but when you run make deploy this happens:

/home/alireza/playground/authelia/osiris/bin/kustomize build config/default
Error: namespace transformation produces ID conflict: [{"apiVersion":"rbac.authorization.k8s.io/v1","kind":"Role","metadata":{"annotations":{"internal.config.kubernetes.io/previousKinds":"Role","internal.config.kubernetes.io/previousNames":"manager-role","internal.config.kubernetes.io/previousNamespaces":"infrastructure"},"name":"manager-role","namespace":"users"},"rules":[{"apiGroups":["apps"],"resources":["deployments"],"verbs":["get","list","patch","update","watch"]}]} {"apiVersion":"rbac.authorization.k8s.io/v1","kind":"Role","metadata":{"name":"manager-role","namespace":"users"},"rules":[{"apiGroups":[""],"resources":["secrets"],"verbs":["get"]}]}]

it happens because of the override and the other role for infrastructure namespace goes to the users namespace.
some work arounds are:

  1. remove the namespace override in the config/default/kustomization.yaml and apply namespace to everything manually or make a transformers file that transforms the namespaces for specific resources
  2. change every role name to be unique (still goes to the wrong namespace)

or any other solution that im missing, i would be happy to work on a solution.

KubeBuilder (CLI) Version

4.9.0

PROJECT version

3

Plugin versions

layout:
- go.kubebuilder.io/v4

Other versions

No response

Extra Labels

/kind documentation

Metadata

Metadata

Assignees

No one assigned

    Labels

    kind/bugCategorizes issue or PR as related to a bug.kind/documentationCategorizes issue or PR as related to documentation.

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions