Hey there! I'm new to Kubernetes and have a quick question. I recently deployed two instances of an app called Alloy for both logging and metrics monitoring using ArgoCD. However, I received a warning about a shared resource since both apps are trying to use the same `Alloy ClusterRole`. To fix this, I ended up manually deleting the ClusterRole from one of the deployments, but I'm worried about the potential consequences of doing this. Is it safe to have both apps share the same ClusterRole, or should I be doing something different?
2 Answers
When deploying multiple instances of the same app, you need to declare global resources like roles only once. I suggest checking the RBAC manifests of Alloy to see if you can define the role externally instead, avoiding the duplicate declarations that confuse tools like ArgoCD.
Yes, it's technically possible to have both apps use the same ClusterRole, but it's not the best practice. ArgoCD flagged it because it's managing two resources of the same name and doesn't like the conflict. Ideally, you should create separate service accounts and bind them to unique roles for each instance to avoid any issues down the line. This way, you can keep your deployments clean and avoid manual overrides that could lead to future headaches.
Got it! So, if I create a service account for each instance and bind them properly, I should be set? And just to clarify, should I avoid adding annotations to make the ClusterRole unique?