helm: explicitly set metadata.namespace to .Release.Namespace on all namespaced resources

[eyalzek]

Summary

Without an explicit namespace in resource metadata, Kustomize's namespace transformer cannot reliably override the target namespace when this chart is applied via a Kustomization. The transformer matches on metadata.namespace being present; resources that omit it are skipped.

This PR adds namespace: {{ .Release.Namespace }} (or {{ $.Release.Namespace }} inside range loops where . is rebound) to the metadata section of every namespaced resource in both the dagster chart and the dagster-user-deployments subchart.

Affected templates (28 files):

• Deployments: deployment-daemon, deployment-flower, deployment-celery-queues, _deployment-webserver.tpl, deployment-user
• Services: service-flower, _service-webserver.tpl, service-user
• ConfigMaps: configmap-instance, configmap-workspace, configmap-env-*, configmap-celery, configmap-env-shared, configmap-env-user
• Secrets: secret-postgres, secret-celery-config
• RBAC: role, rolebinding (both charts)
• ServiceAccounts (both charts)
• Ingress
• Job: job-instance-migrate

References

• Kustomize namespace transformer behaviour: fix: Propagate Namespace correctly to Helm kubernetes-sigs/kustomize#5940

[greptile-apps]

Greptile Summary

This PR adds namespace: {{ .Release.Namespace }} to the metadata section of every namespaced Kubernetes resource in both the dagster chart and the dagster-user-deployments subchart. The motivation is to ensure Kustomize's namespace transformer can reliably override the target namespace, since the transformer only rewrites resources that already carry metadata.namespace.

• 28 templates updated across Deployments, Services, ConfigMaps, Secrets, RBAC (Role/RoleBinding), ServiceAccounts, Ingress, and a migration Job — covering all namespaced resources in both charts.
• Files rendered inside range loops correctly use $.Release.Namespace (root context) while top-level templates use .Release.Namespace; the _deployment-webserver.tpl and _service-webserver.tpl helpers are called with an explicit dict that includes "Release" .Release, so .Release.Namespace resolves correctly in that context.

Confidence Score: 5/5

Safe to merge — purely additive one-line change per resource that has no runtime impact in standard Helm deployments and correctly enables Kustomize namespace transformer support.

All 28 changed files receive an identical, mechanical addition of a single metadata field. Files inside range loops correctly use $.Release.Namespace, helpers called with an explicit dict correctly use .Release.Namespace, and no cluster-scoped resources (ClusterRole, ClusterRoleBinding, PersistentVolume) were touched. The existing Python-based Helm schema tests continue to pass since none of them assert on the absence of metadata.namespace.

No files require special attention. The _deployment-webserver.tpl and _service-webserver.tpl helpers warrant a quick look since they are called with a manually constructed context dict, but the dict explicitly carries Release so .Release.Namespace resolves correctly.

Important Files Changed

Filename	Overview
helm/dagster/charts/dagster-user-deployments/templates/deployment-user.yaml	Adds namespace inside range loop; correctly uses $.Release.Namespace
helm/dagster/templates/helpers/_deployment-webserver.tpl	Adds namespace to webserver Deployment helper; .Release.Namespace resolves correctly since callers pass Release via explicit dict
helm/dagster/templates/helpers/_service-webserver.tpl	Adds namespace to webserver Service helper; same correct context passing as _deployment-webserver.tpl
helm/dagster/templates/role.yaml	Adds namespace to Role resource; namespace-scoped resource, correct
helm/dagster/templates/ingress.yaml	Adds namespace to Ingress resource; namespace-scoped resource, correct
helm/dagster/templates/job-instance-migrate.yaml	Adds namespace to migration Job; namespace-scoped resource, correct
helm/dagster/templates/deployment-celery-queues.yaml	Adds namespace inside range loop over worker queues; correctly uses $.Release.Namespace
helm/dagster/charts/dagster-user-deployments/templates/configmap-env-user.yaml	Adds namespace inside range loop; correctly uses $.Release.Namespace

Flowchart

%%{init: {'theme': 'neutral'}}%%
flowchart TD
    A[helm template / kustomize build] --> B{metadata.namespace present?}
    B -- No, before this PR --> C[Kustomize namespace transformer SKIPS resource]
    B -- Yes, after this PR --> D[Kustomize namespace transformer rewrites namespace]
    D --> E[Resource deployed to correct namespace]
    C --> F[Resource deployed to default or wrong namespace]

    subgraph Changed Resources
        G[Deployments x5]
        H[Services x4]
        I[ConfigMaps x9]
        J[Secrets x2]
        K[RBAC Role + RoleBinding x4]
        L[ServiceAccounts x2]
        M[Ingress x1]
        N[Job migrate x1]
    end

    D --> G & H & I & J & K & L & M & N

Loading

_{Reviews (1): Last reviewed commit: "helm: explicitly set metadata.namespace ..." | Re-trigger Greptile}