Allow Namespaced Deployment (#51 by @bartmeuris)
The RBAC options of the Helm chart were adjusted as follows:
rbac.createclusterroletoggles the creation of the (global) cluster role. This is only necessary once, and only enable this on an internal "management" namespace, where all helm deploys are owner of all CRD's and cluster roles. Note that this will only create the cluster role ifrbac.createis also set.rbac.namespaced: this does a few things:- a
RoleBindingis created instead of aClusterRoleBinding - The
WATCH_NAMESPACEenv var is overridden to be the.Release.Namespace, so only this namespace (where the operator has permissions) is watched.
- a
Thanks to @bartmeuris for his PR #51.