Helm chart RBAC broken since Jan 10 chart rebuild

[lukacsi]

Bug

Fresh helm install of dcontroller fails — the controller cannot start:

operators.dcontroller.io is forbidden: User "system:serviceaccount:dcontroller-system:dcontroller-account" 
cannot list resource "operators" in API group "dcontroller.io" at the cluster scope: 
RBAC: clusterrole.rbac.authorization.k8s.io "dcontroller-role" not found

Root Cause

config/rbac/role.yaml uses name: manager-role. With namePrefix: dcontroller in config/helm-base/kustomization.yaml, kustomize produces dcontrollermanager-role (no dash).

The ClusterRoleBinding in config/rbac/role_binding.yaml hardcodes roleRef.name: dcontroller-role, which doesn't match.

All other RBAC resources use the -prefix convention (-rolebinding, -account, -leader-election-role) which produces correct names with the namePrefix.

Timeline

• Oct 29 (6803f35): namePrefix: dcontroller introduced in kustomize pipeline
• Dec 9-19: Published chart packages still used previous all.yaml — worked fine
• Jan 10 (c8d3481 on gh-pages): Automated rebuild regenerated chart via kustomize — broke RBAC

Reproduction

helm repo add dcontroller https://l7mp.github.io/dcontroller/
helm repo update
helm install dcontroller dcontroller/dcontroller --create-namespace -n dcontroller-system
kubectl logs -n dcontroller-system -l app.kubernetes.io/name=dcontroller

Environment

• Chart version: 0.0.0 (latest from gh-pages)
• Kubernetes: v1.31.4+rke2r1
• Helm: v3.17