Expected Behavior

Kubernetes authorization manager should rely only on Roles and RoleBindings defined in the namespace of the Feast service.

Current Behavior

Kubernetes authorization manager also fetches ClusterRoles which means that the Feast service must be granted cluster-wide privileges to inspect these instances.

Steps to reproduce

Install a Feast service in Kubernetes and enable the kubernetes authorization module.

Possible Solution

Use only Roles and RoleBindings defined in the namespace of the Feast service.