Kubernetes : namespace-scoped deployments

Prepare the cluster - Admin side

Deploy the helm chart see Getting Started with the Enterprise Helm Charts, and use the following values :

prefix: element-operator
clusterDeployment: true
deployCrds: true
deployCrdRoles: true
deployManager: false

Namespace-scoped role

In the namespace where the ESS deployment will happen, to give a user permissions to deploy ESS, please create the following role and roles bindings :

User role :

apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
  name: ess-additional
rules:
- apiGroups:
  - apiextensions.k8s.io
  resources:
  - customresourcedefinitions
  verbs:
  - list
  - watch
  - get
- apiGroups:
    - project.openshift.io
  resources:
    - projects
  verbs:
    - get
    - list
    - watch

User roles bindings :

apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
  name: ess-additional
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: Role
  name: ess-additional
subjects:
<role subjects which maps to the user or its groups>

apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
  name: ess
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: edit
subjects:
<role subjects which maps to the user or its groups>

In the installer UI, on the cluster configuration screen, the user can now use the following values :

• skipOperatorSetup: unchecked
• skipUpdaterSetup: unchecked
• skipElementCrdsSetup: checked
• clusterDeployment: unchecked
• kubeContextName:
• namespaces:
  • createNamespaces: unchecked
  • operator:
  • updater: <same as operator, namespace to deploy ess>
  • elementDeployment: <same as operator, namespace to deploy ess>