Internal - Kubernetes : namespace-scoped deployments
Prepare the cluster - Admin side
Deploy the helm chart using our instructions, and use the following values :
prefix: element-operator
clusterDeployment: true
deployCrds: true
deployCrdRoles: true
deployManager: false
Namespace-scoped role
In the namespace where the ESS deployment will happen, to give a user permissions to deploy ESS, please create the following role and roles bindings :
User role :
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: ess-additional
rules:
- apiGroups:
- apiextensions.k8s.io
resources:
- customresourcedefinitions
verbs:
- list
- watch
- get
- apiGroups:
- project.openshift.io
resources:
- projects
verbs:
- get
- list
- watch
User roles bindings :
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: ess-additional
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: ess-additional
subjects:
<role subjects which maps to the user or its groups>
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: ess
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: edit
subjects:
<role subjects which maps to the user or its groups>
In the installer UI, on the cluster configuration screen, the user can now use the following values :
- skipOperatorSetup: unchecked
- skipUpdaterSetup: unchecked
- skipElementCrdsSetup: checked
- clusterDeployment: unchecked
- kubeContextName:
- namespaces:
- createNamespaces: unchecked
- operator:
- updater: <same as operator, namespace to deploy ess>
- elementDeployment: <same as operator, namespace to deploy ess>