We’re having some challenges with deploying argo-workflows in the same cluster on different namespaces.
At the beginning we were thinking that we can apply their CRDs once on the cluster, and then on every namespace to deploy the helm chart and pass a value to it in such a way that would disable the CRDs deployment,
it turns out that it’s not doable because that part in the helm chart is hardcoded, not templated and in a separate crds sub-folder (not under the templates folder).
Nowadays when each developer has its own local cluster we’re not experiencing this challenge, and. Could you advise how can we accomplish that technically?
Thanks,
David
Hi @davidcider , thanks for your questions. This is a common scenario when deploying third-party helm charts in Okteto.
The first part is about how to manage CRDs. You can use the helm install
--skip-crds
flag to skip the CRDs installation, and install the CRDs once cluster wide. Another alternative is to create a cluster role with access to CRDs endpoints, and grant developers access to this cluster role using our global cluster role feature.
The other point of friction is role bindings and service accounts. We recommend disabling service account/role bindings creation and using the default
service account. Okteto automatically configures the default
service account with access to the developer namespace.
Altogether, you can deploy argo-workflows using this values configuration:
crds:
install: false
createAggregateRoles: false
singleNamespace: true
workflow:
rbac:
create: false
controller:
rbac:
create: false
server:
serviceType: LoadBalancer
rbac:
create: false
serviceAccount:
create: false