Hi, I have a requirement where in a single kubernetes cluster multiple teams can have separate scylla operator deployments and their own management. I am trying to make the operator namespace scoped but not finding any such namespaces to watch switch in the crd. Any inputs related to the same would be helpful.
Hi,
it is not possible to install the operator as a regular user. CRDs are not namespaced but cluster scoped and managed by cluster administrators. Hence the operator (or any operator based on CRDs) is not a regular app but more of a cluster extension. Plus the CRD needs to be in sync with the operator version (±1) so you can’t really handle the CRD and the operator deployment independently.
That said the operator is multitenant, so your teams can create ScyllaClusters independently, just as they do say for Deployments or StatefulSets.
Regards,
Tomas
The k8s cluster is managed by our own so we have the ability to deploy CRDs. But we still want the operator scope to be limited within namespaces of each team. I agree that a single operator can manage all the scylla clusters independently but the requirement is to let the teams deploy their own operator + scylla cluster in their own namespace with one time admin role for the CRD installations for each team.
CRDs have the option to be namespace scoped according to CRD Scope | Operator SDK.
This “scope” field is also present in all the scylla CRDs: NodeConfig, ScyllaCluster, ScyllaOperatorConfig, ScyllaDBMonitoring with value as Cluster. Can’t this be changed to Namespaced?
CRDs have the option to be namespace scoped according
CustomResourceDefinitions are always cluster scoped.
This “scope” field is also present in all the scylla CRDs: NodeConfig, ScyllaCluster, ScyllaOperatorConfig, ScyllaDBMonitoring with value as Cluster.
Custom Resources can be both, but that’s not relevant to my point about CRDs.
Got it.
But again suppose we have the rights to deploy the CRDs with admin permission since that’s a one time activity. Then we want the scylla CRs to be namespace scoped and only require roles instead of clusterroles. Is that possible?
since that’s a one time activity
not at all, the CRD has to be kept in sync with the operator binary/version and updated. It is also why the idea of namespaced scoped operator with cluster scoped CustomResourceDefinition lacks ground.
Then we want the scylla CRs to be namespace scoped
the ones related to the operator are rightfully cluster scoped as there can be only one operator. the ones that users use, like ScyllaCluster, are namespace scoped.
Is that possible?
no
That’s only if and when the team wants to update the operator, and if so that will be very less often and can be handled with the help of the cluster admins.
So again the question remains what stops from giving an option to deploy the operator as namespace/list of namespaces scoped and not only one in the whole cluster?