Kubernetes Initialization Tasks - Generated Role

[efuturetoday]

Description

Currently, it is not possible to deploy multiple Quarkus applications within the same Kubernetes namespace when the init-tasks feature is enabled. This is because the framework generates a Role named view-jobs without providing options to modify the name or disable it entirely. Since Kubernetes does not allow two Roles with the same name in a namespace, deploying multiple applications is not feasible under these conditions.

I attempted to change the Role's name by setting the following property in application.properties:
quarkus.kubernetes.rbac.roles.view-jobs.name=service-one-view-jobs

However, the generated Kubernetes resource does not reflect the modified name. Instead, it adds an additional Role with the provided name (service-one-view-jobs):

---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
  labels:
    app.kubernetes.io/name: service-one
    app.kubernetes.io/version: 1.0.0
  name: service-one-view-jobs
---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
  labels:
    app.kubernetes.io/name: service-one
    app.kubernetes.io/version: 1.0.0
  name: view-jobs
rules:
  - apiGroups:
      - batch
    resources:
      - jobs
    verbs:
      - get

Is there any workaround for this issue? Based on the source code, it seems there is no built-in way to customize the Role name or disable RBAC entirely.

Implementation ideas

• Introduce a setting, to turn off rbac generation for the init-task
• Prefix role name with application name
• Provide setting to set the role name
• Make sure the role can be modified through quarkus.kubernetes.rbac.roles.

[quarkus-bot]

/cc @geoand (kubernetes), @iocanel (kubernetes)