Kubernetes : namespace-scoped deployments
Non-admin deployment
Prepare the cluster - Admin side
Deploy the helm chart with the following values :
prefix: element-operator
clusterDeployment: true
deployCrds: true
deployCrdRoles: true
deployManager: false
Namespace-scoped role
User role :
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: ess-additional
rules:
- apiGroups:
- apiextensions.k8s.io
resources:
- customresourcedefinitions
verbs:
- list
- watch
- get
- apiGroups:
- project.openshift.io
resources:
- projects
verbs:
- get
- list
- watch
User roles bindings :
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: ess-additional
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: ess-additional
subjects:
<role subjects>
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: ess
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: edit
subjects:
<role subjects>
In the installer UI, on the cluster configuration screen, have the following values :
- skipOperatorSetup: unchecked
- skipUpdaterSetup: unchecked
- skipElementCrdsSetup: checked
- clusterDeployment: unchecked
- kubeContextName:
- namespaces:
- createNamespaces: unchecked
- operator:
- updater: <same as operator, namespace to deploy ess>
- elementDeployment: <same as operator, namespace to deploy ess>