fix(rbac): do not create clusterrole for namespace deployment

[ChandonPierre]

A namespace scoped deployment should not create cluster scoped rbac.

[mloiseleur]

@ChandonPierre Thanks. You found an interesting way for rbac namespaced.

Would you please add test and some documentation in values.yaml ?

[ChandonPierre]

@ChandonPierre Thanks. You found an interesting way for rbac namespaced.

Would you please add test and some documentation in values.yaml ?

Updated!

[ChandonPierre]

This PR only works with traefik v3.0.0. Please update your if statements and your tests accordingly by adding something like: {{- if semverCompare "<3.0.0-0" (include "imageVersion" $) }}

Yes, you are correct. Updated to use the previous behavior on Traefik V2, and disable ingressclass lookup/ClusterRole when Traefik V3 and namespaced

[mloiseleur]

@ChandonPierre In its current form, this PR will be breaking for v3 users, using spec.ingressClassname with rbac.namespaced enabled. They will be forced to add annotations.

Wdyt about:

1. Introducing this new provider.kubernetesIngress.disableIngressClassLookup in values for v3 users
2. When both provider.kubernetesIngress.disableIngressClassLookup and rbac.namespaced are set, then it won't generate ClusterRole

[ChandonPierre]

@ChandonPierre In its current form, this PR will be breaking for v3 users, using spec.ingressClassname with rbac.namespaced enabled. They will be forced to add annotations.

Wdyt about:

1. Introducing this new provider.kubernetesIngress.disableIngressClassLookup in values for v3 users
2. When both provider.kubernetesIngress.disableIngressClassLookup and rbac.namespaced are set, then it won't generate ClusterRole

I would argue the previous behvaior was a bug, or at the very least, a misnomer.

But I agree not regressing existing functionality. Updated PR with the suggested behavior.