update use of namespaces in chart

[rptaylor]

To ensure Helm releases are installed in the desired namespace it is important to always specify the release namespace: helm install -n <namespace>.
This MR fixes the chart so it will follow this approach (which is the standard way since I think Helm 3 at least), instead of using a value to control the namespace.

If you helm install without -n it is the same as using kubectl without -n, it should use the default namespace configured in the current context of your kubeconfig. However the current non-standard behaviour of the chart (which I would argue is a bug) overrides this to end up in kube-system instead of whatever your current default is - IF the user doesn't specify it with -n (but you really should).

Actually the more serious bug is that the current values-based namespace selection could potentially prevent the standard release-based namespace selection mechanism from working at all, so a user doing the right thing (helm install -n mynamespace) would potentially end up with the helm release details going in the right namespace and the k8s objects going in the wrong namespace, I am not sure how that would work.

fix #60

Also:

• There is no such thing as a namespace for a ClusterRoleBinding, k8s ignores it. Remove 'default'
• There is no reason to be granting RBAC privileges to the default service account in the default namespace, removed

[rptaylor]

Here are my tests:

$ helm -n amd-device-plugin install --create-namespace  -f ~/amd-values.yaml  amd-device-plugin   ~/amd-k8s-device-plugin/helm/amd-gpu/
NAME: amd-device-plugin
LAST DEPLOYED: Fri Apr 19 21:36:48 2024
NAMESPACE: amd-device-plugin
STATUS: deployed
REVISION: 1
TEST SUITE: None
NOTES:
amd-gpu-device-plugin-daemonset deployed in namespace 'amd-device-plugin'
amd-gpu-labeller-daemonset deployed in namespace 'amd-device-plugin'

# daemonsets end up in the right namespace as expected
$ kubectl -n amd-device-plugin get daemonset
NAME                              DESIRED   CURRENT   READY   UP-TO-DATE   AVAILABLE   NODE SELECTOR                                                                                                                     AGE
amd-gpu-device-plugin-daemonset   0         0         0       0            0           feature.node.kubernetes.io/pci-0300_1002.present=true,feature.node.kubernetes.io/pci-1002.present=true,kubernetes.io/arch=amd64   4m13s
amd-gpu-labeller-daemonset        0         0         0       0            0           feature.node.kubernetes.io/pci-0300_1002.present=true,feature.node.kubernetes.io/pci-1002.present=true,kubernetes.io/arch=amd64   4m13s


# this confirms that the RBAC works correctly
$ kubectl auth can-i get nodes --as=system:serviceaccount:amd-device-plugin:default   
Warning: resource 'nodes' is not namespace scoped
yes

[rptaylor]

@y2kenny can you please take a look?

[rptaylor]

@y2kenny Sorry to bother but have you had a chance to take a look?

[y2kenny]

Hi @rptaylor, sorry for the delay. I see that some of the changes replace .Values.namespace with .Release.Namespace while in other places .Values.namespace is removed entirely. Can you tell me the reason behind the inconsistency?

[y2kenny]

oh wait... I think you explained it in your note. Never mind.