Hello, I would like to create new namespaces using ServiceAccount. Althought I am able to create a new namespace in the classic way using kubectl without SA, it is not possible to create it using SA. Probably the only way now is to enable it with ClusterRoleBinding. I am pretty sure, it used to work before and think it could be related to this patch: https://github.com/rancher/rancher/security/advisories/GHSA-8vhc-hwhc-cpj4.

web@scipion-portal-scipo-797f496796-zzxq7:/srv/scipo$ ./kubectl create -f test-ns.yaml
Error from server (Forbidden): error when creating "test-ns.yaml": namespaces is forbidden: User "system:serviceaccount:scipion-portal-ns:scipion-portal-sa" cannot create resource "namespaces" in API group "" at the cluster scope: RBAC: <http://clusterrole.rbac.authorization.k8s.io|clusterrole.rbac.authorization.k8s.io> "fleet-content" not found

Is it possible for a user to grant SA the "create namespace" permission? Thank you