Namespace vs Cluster Scoped Operators
In this post, we will see the difference between writing a namespace scoped vs cluster scoped operator. Also, help you to migrate from namespace scoped operator to cluster scoped operator with an example.
What is a namespace with the context of Kubernetes?
A namespace allows dividing resources, polices, authorization & a boundary for cluster objects
Namespace-scoped
Where the operator is defined within the boundary of a namespace with the flexibility to handle upgrades without impacting others.
- Watch objects within that namespace
- Role and RoleBinding for RBAC policies for accessing the resource.
Cluster-scoped
Operators which promotes re-usability & serves the purpose to manage defined resource across the cluster.
- Watch all namespaces in a cluster
- ClusterRole and ClusterRoleBinding: RBAC policies for authorizing cluster objects
Migration guide: namespace to cluster scoped
I have generated two operators: namespace-scope-op & cluster-scope-op using operator-sdk. I’ll make changes to the cluster-scope operator and show the difference with namespace & cluster scope.
$ operator-sdk new namespace-scope-op
$ operator-sdk new cluster-scope-op