You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Hi, I'am using the operator extensivly on semi-prod clusters and for development.
Last week I stumbled over a situation where I wished me a namespace scoped deployment of the operator rather then the current cluster wide approach.
We run multiple instances of a stack seperated by namespace. The downside of the current implementation is that the same operator credentials are needed, or the BW User needs to have access to all credentials.
Having namespace scoped environments enables a user to manage its own namespace.
I tested it locally by installing the operator to a single namespace, using roles instead of clusterroles and by editing the start command in the dockerfile. That simply did the job.
In reality one namespace per instance/customer might be too much (and seems to complicate the installation). So listening on multiple namespaces, but not all, might be the better approach.
I tested it locally and its relativly simple to do.
prefix the serviceaccount, clusterrole and clusterrolebindings (maybe with the first watched namespace)
use a entrypoint script instead of hard coded start params to use environment variables to let the operator just watch on specific namespaces
What do you think about it?
The text was updated successfully, but these errors were encountered:
Hi, I'am using the operator extensivly on semi-prod clusters and for development.
Last week I stumbled over a situation where I wished me a namespace scoped deployment of the operator rather then the current cluster wide approach.
We run multiple instances of a stack seperated by namespace. The downside of the current implementation is that the same operator credentials are needed, or the BW User needs to have access to all credentials.
Having namespace scoped environments enables a user to manage its own namespace.
I tested it locally by installing the operator to a single namespace, using roles instead of clusterroles and by editing the start command in the dockerfile. That simply did the job.
In reality one namespace per instance/customer might be too much (and seems to complicate the installation). So listening on multiple namespaces, but not all, might be the better approach.
I tested it locally and its relativly simple to do.
What do you think about it?
The text was updated successfully, but these errors were encountered: