aerospike-kubernetes-operator
aerospike-kubernetes-operator copied to clipboard
aerospike
Support for watching all namespaces in helm charts
Context
Using the aerospike-kubernetes-operator helm chart, by default, the user needs to specify a list of watchNamespaces, which is used by the operator as the environement variable WATCH_NAMESPACE.
This implies the creation of some rbac manifests, Clusterrole, Clusterrolebinding and serviceAccount that needs to be create in the target "watched" namespace.
This process has a major drawback, which is the fact that the watched namespace needs to exist before the deployment/update of the operator.
This process is really not convenient in a context where a user (like me :) ) needs to create multiple clusters in different namespaces, since for each new cluster we have to :
- Create the target namespace
- Update the watchNamespaces in the aerospike-kubernetes-operator helm release and redeploy the operator
- Deploy the aerospike-cluster helm release in the target namespace.
this definitely doesn't fits with most of the deployment process, especially where the operators are managed by a team, and another team deploys the aerospike clusters.
Proposal
it would be great if the operator chart could have a watchAllNamespaces boolean value that could be activated, which would give all the necessary permissions.
a quick alternative solution would be to move the cluster rbac creation to aerospike-cluster helm chart, and set the WATCH_NAMESPACE to "" by default, which means the operator will target all the namespaces as stated here
This is done in this draft PR
This way we won't have to redeploy the operator every time we want to deploy a new cluster. But there are probably some breaking changes with this method, that's why I'm keeping this PR as a draft.
Do you have any ideas on how to solve this ?
