Skip to main content

KOBIL Shift Operator deployment with limited project/namespace permission

Shift-Operator configuration and installation for existing ServiceAccount

Scope: Configuration for the KOBIL Shift-Operator metaconfiguration file "values.yaml" to allow deployment at limited permission with preallocated objects.

Necessary operations:

  • prepare for ServiceAccount/SA created prior to deployment
  • prepare for "role" and "rolebinding" configuration for the targeted SA
  • prepare for CRD-creation servicegroups.shift.kobil.com
  • edit the KOBIL Shift-Operator metaconfiguration-file "values.yaml" as appropriate
  • deploy the KOBIL Shift-Operator running helm install action

Prepare for ServiceAccount, role and rolebinding

  • Create a ServiceAccount for the targeted project/namespace with project admin rights:
    kubectl apply -n <shift-namespace> -f <sa-shift-operator>.yaml

Prepare for role and rolebinding

  • Assign role and rolebinding to the SA. Please make use of the KOBIL Shift-Operator Chart source ./templates/rbac.yaml (please download the KOBIL Shift-Operator Chart package) and edit (and template) as appropriate - then apply with project admin rights:
    kubectl apply -n <shift-namespace> -f ./yourcode/rbac.yaml

Prepare for CRD servicegroups.shift.kobil.com

  • Create the CRD using KOBIL Shift-Operator Chart source ./crds/shift.kobil.com.yaml with Cluster-Admin rights.
    kubectl apply -f ./crds/shift.kobil.com.yaml

Editing the KOBIL Shift-Operator metaconfiguration file "values.yaml"

  • You may pull the KOBIL Shift-Operator "values.yaml" directly by running command:
    helm show values kobil/shift-operator > ./shift-values.yaml

Editing the Shift-Operator "values.yaml" - major editing has to be done in the following sequence:

  • add the image pull secrets to the target namespace where KOBIL Shift-Operator and Shift will be deployed to.

  • set the credentials for the private KOBIL Chart repository. This is required as the KOBIL Shift-Operator will download KOBIL Shift sub-services Charts during KOBIL Shift deployment processing.

  • disable the "SA" and the "rbac" creation/processing (see pod.servcieAccount.create: false - plus set the pod.serviceAccount.name: "<name>" then; also use rbac.create: false)

  • Configure further parameters as needed Shift-Operator Configuration

Install KOBIL Shift-Operator with helm-option "--skip-crd"

  • As the KOBIL Shift CRD "servicegroup" is already present before running the helm install you have to use option "--skip-crd"
    helm install <shift-operator> -f ./oper-metaconfig kobil/shift-operator --skip-crd ...