Namespace vs Cluster Scoped Operators

In this post, we will see the difference between writing a namespace scoped vs cluster scoped operator. Also, help you to migrate from namespace scoped operator to cluster scoped operator with an example.

What is a namespace with the context of Kubernetes?

A namespace allows dividing resources, polices, authorization & a boundary for cluster objects

Namespace-scoped

Where the operator is defined within the boundary of a namespace with the flexibility to handle upgrades without impacting others.

• Watch objects within that namespace
• Role and RoleBinding for RBAC policies for accessing the resource.

Cluster-scoped

Operators which promotes re-usability & serves the purpose to manage defined resource across the cluster.

• Watch all namespaces in a cluster
• ClusterRole and ClusterRoleBinding: RBAC policies for authorizing cluster objects

Migration guide: namespace to cluster scoped

I have generated two operators: namespace-scope-op & cluster-scope-op using operator-sdk. I’ll make changes to the cluster-scope operator and show the difference with namespace & cluster scope.

$ operator-sdk new namespace-scope-op
$ operator-sdk new cluster-scope-op