I have a Kubernetes cluster where I deployed CockroachDB in secure mode into a namespace dedicated to the data layer. I would like to access this from other namespaces but the issue I’ve run into is that the init-certs container doesn’t have permission to get the certs because the service account can’t be used cross-namespace.
I’ve gotten as far as to create a role and rolebinding in the service namespace that references the service account but I’m not entirely sure how to get the init container to use that instead of the service account (serviceAccountName).
I’m using this as the example to get this working: https://github.com/cockroachdb/cockroach/blob/master/cloud/kubernetes/example-app-secure.yaml
I would really like for my services to run in different namespaces than CockroachDB if at all possible!