-
|
Dear all, We would like to deploy a strimzi cluster to our kubernetes cluster. We would like to deploy the cluster and entity operator and the kafka cluster in our infra namespace and deploy all kafka topics in a seperate namespaces. The reasoning behind this comes from our test cluster. We have a lot of namespaces for testing purposes and would like to reduce the amount of running pods to a minimum. Whenever I set this up using helm charts I noticed that the cluster operator fails to start as the default clusterrole doesnt allow the service account to create all necessary roles/rolebindings/kafkatopics etc in the watched namespace. Whenever I add these permissions, everything seems to work fine. I am wondering if this pattern is supported at all? |
Beta Was this translation helpful? Give feedback.
Replies: 2 comments 2 replies
-
|
To be honest, you might need to provide more details on what exactly is the
This is not really supported. What you can do is:
That would be supported. However, please keep in mind that it is namespace B in singular. Neither the Topic nor the User operator can currently watch multiple namespaces. Assuming watching a single different namespace for Topics is the pattern, I do not think the Cluster Operator Helm Chart has any special support for it. If you instal the Cluster Operator to watch the whole cluster or mutiple namespace including the one with the topics, I think it should have the RBAC rights needed. However, if you installed it to watch only the namespace A and then try to deploy the Kafka cluster with Topic Operator watching namespace B, you would likely need to give it additional RBAC rights manually. That is mostly by design as the Cluster Operator Helm is not really designed to handle every single niche use-case. |
Beta Was this translation helpful? Give feedback.
-
Beta Was this translation helpful? Give feedback.

Right, this approach is not supported currently. There are issues opened for it: #1206 and #5895. But to be honest, they are unsolved for a long time and I'm not aware of anyone working on them. So, I would not wait for that. It is not completely simple with things such as ensuring the uniqueness etc.
Some alternative patterns that I know some users are using: