Running the operator in namespace scoped mode

[achanda]

• Which image of the operator are you using?
  registry.opensource.zalan.do/acid/postgres-operator:v1.8.2-17-gb48034d7-dev
• Where do you run it - cloud or metal? Kubernetes or OpenShift?
  minikube, using run_operator_locally.sh
• Are you running Postgres Operator in production? [yes | no]
  no
• Type of issue? [Bug report, question, feature request, etc.]
  Question

Is there a way to run this operator in a single namespace mode so that it does not require cluster-wide permissions? I am aware of the watched_namespace setting. I tried setting that to a namespace that I created and ran the operator using the script as described above. But it still created a bunch of clusterrole and clusterrolebindings. I am looking for a k8s manifest that sets up the operator only with namespace scoped role and rolebindings.

[FxKu]

Have a look at my open PR #786 . There’s one open ToDo about syncing the roles and bindings. Maybe you want to give it a try.

[caniko]

How long till we get this, @FxKu? It is a very useful feature when we are operating within our own namespace in a shared cluster.

I am asking because it is absent from any of the milestones.

[vfauth]

We are also really interested in this, it is blocking in order to use Zalando's operator in a managed and shared cluster.