You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Using the aerospike-kubernetes-operator helm chart, by default, the user needs to specify a list of watchNamespaces, which is used by the operator as the environement variable WATCH_NAMESPACE.
This implies the creation of some rbac manifests, Clusterrole, Clusterrolebinding and serviceAccount that needs to be create in the target "watched" namespace.
This process has a major drawback, which is the fact that the watched namespace needs to exist before the deployment/update of the operator.
This process is really not convenient in a context where a user (like me :) ) needs to create multiple clusters in different namespaces, since for each new cluster we have to :
Create the target namespace
Update the watchNamespaces in the aerospike-kubernetes-operator helm release and redeploy the operator
Deploy the aerospike-cluster helm release in the target namespace.
this definitely doesn't fits with most of the deployment process, especially where the operators are managed by a team, and another team deploys the aerospike clusters.
Proposal
it would be great if the operator chart could have a watchAllNamespaces boolean value that could be activated, which would give all the necessary permissions.
a quick alternative solution would be to move the cluster rbac creation to aerospike-cluster helm chart, and set the WATCH_NAMESPACE to "" by default, which means the operator will target all the namespaces as stated here
This way we won't have to redeploy the operator every time we want to deploy a new cluster. But there are probably some breaking changes with this method, that's why I'm keeping this PR as a draft.
Do you have any ideas on how to solve this ?
The text was updated successfully, but these errors were encountered:
Context
Using the
aerospike-kubernetes-operator
helm chart, by default, the user needs to specify a list ofwatchNamespaces
, which is used by the operator as the environement variableWATCH_NAMESPACE
.This implies the creation of some rbac manifests,
Clusterrole
,Clusterrolebinding
andserviceAccount
that needs to be create in the target "watched" namespace.This process has a major drawback, which is the fact that the watched namespace needs to exist before the deployment/update of the operator.
This process is really not convenient in a context where a user (like me :) ) needs to create multiple clusters in different namespaces, since for each new cluster we have to :
this definitely doesn't fits with most of the deployment process, especially where the operators are managed by a team, and another team deploys the aerospike clusters.
Proposal
it would be great if the operator chart could have a
watchAllNamespaces
boolean value that could be activated, which would give all the necessary permissions.a quick alternative solution would be to move the cluster rbac creation to
aerospike-cluster
helm chart, and set theWATCH_NAMESPACE
to""
by default, which means the operator will target all the namespaces as stated hereThis is done in this draft PR
This way we won't have to redeploy the operator every time we want to deploy a new cluster. But there are probably some breaking changes with this method, that's why I'm keeping this PR as a draft.
Do you have any ideas on how to solve this ?
The text was updated successfully, but these errors were encountered: