You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: README.md
+26Lines changed: 26 additions & 0 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -543,6 +543,32 @@ spec:
543
543
544
544
If a schedule is not provided, synchronization will occur only when the object is reconciled by the platform.
545
545
546
+
## Accessing Secrets and ConfigMaps in Other Namespaces
547
+
548
+
By default, the operator monitors resources in the namespace that it has been deployed within. This is defined by setting the `WATCH_NAMESPACE` environment variable. Support is available for accessing ConfigMaps and Secrets in other namespaces so that existing resources may be utilized as desired.
549
+
550
+
To enable the operator to access resources across multiple, set the environment variable with a comma separate list of namespaces that include the namespace the operator is deployed within and any additional namespaces that are desired.
551
+
552
+
To make use of this feature when deploying through the Operator Lifecycle Manager, set the following configuration on the `Subscription` resource:
553
+
554
+
```yaml
555
+
apiVersion: operators.coreos.com/v1alpha1
556
+
kind: Subscription
557
+
metadata:
558
+
name: group-sync-operator
559
+
namespace: group-sync-operator
560
+
spec:
561
+
channel: alpha
562
+
installPlanApproval: Automatic
563
+
name: group-sync-operator
564
+
source: community-operators
565
+
sourceNamespace: openshift-marketplace
566
+
config:
567
+
env:
568
+
- name: WATCH_NAMESPACE
569
+
value: "<comma separated list of namespaces>"
570
+
```
571
+
546
572
## Deploying the Operator
547
573
548
574
This is a namespace level operator that you can deploy in any namespace. However, `group-sync-operator` is recommended.
- description: Name represents the name of the provider
575
580
displayName: Name of the Provider
576
581
path: providers[0].name
@@ -615,8 +620,9 @@ spec:
615
620
path: providers[0].okta.extractLoginUsername
616
621
x-descriptors:
617
622
- urn:alm:descriptor:com.tectonic.ui:text
618
-
- description: GroupLimit is the maximum number of groups that are requested from OKTA per request. Multiple requests will be made using pagination if you have more groups than this limit.
619
-
Default is "1000"
623
+
- description: GroupLimit is the maximum number of groups that are requested
624
+
from OKTA per request. Multiple requests will be made using pagination
625
+
if you have more groups than this limit. Default is "1000"
620
626
displayName: Group Limit
621
627
path: providers[0].okta.groupLimit
622
628
x-descriptors:
@@ -632,16 +638,17 @@ spec:
632
638
path: providers[0].okta.profileKey
633
639
x-descriptors:
634
640
- urn:alm:descriptor:com.tectonic.ui:text
641
+
- description: Prune Whether to prune groups that are no longer in OKTA. Default
0 commit comments