Using single namespace install missing batch.jobs RBAC permission

When installing ray operator with the following settings
```
singleNamespaceInstall: true
rbacEnable: true
crNamespacedRbacEnable: true
watchNamespace:
- xxx
```
we get the error
```
E1122 16:36:19.205328       1 reflector.go:138] go/pkg/mod/k8s.io/client-go@v0.23.0/tools/cache/reflector.go:167: Failed to watch *v1.Job: failed to list *v1.Job: jobs.batch is forbidden: User "system:serviceaccount:default:kuberay-operator" cannot list resource "jobs" in API group "batch" in the namespace "xxx"
```
I believe this is due to missing rules from 
https://github.com/ray-project/kuberay-helm/blob/main/helm-chart/kuberay-operator/templates/multiple_namespaces_role.yaml

The `batch.jobs` RBAC permission is present in the cluster role equivalent here
https://github.com/ray-project/kuberay-helm/blob/07463a11e78d934f850f0b4ab20cf3b17803b86c/helm-chart/kuberay-operator/templates/role.yaml#L10-L21

	- apiGroups:
	- batch
	resources:
	- jobs
	verbs:
	- create
	- delete
	- get
	- list
	- patch
	- update
	- watch

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Using single namespace install missing batch.jobs RBAC permission #26

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Using single namespace install missing batch.jobs RBAC permission #26

Description

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions