SeldonIO · axsaucedo · Dec 9, 2019 · Nov 26, 2019 · Nov 27, 2019 · Nov 28, 2019
diff --git a/doc/source/examples/multiple_operators.nblink b/doc/source/examples/multiple_operators.nblink
@@ -0,0 +1,3 @@
+{
+  "path": "../../../notebooks/multiple_operators.ipynb"
+}
diff --git a/doc/source/reference/helm.md b/doc/source/reference/helm.md
@@ -7,6 +7,8 @@
 | ambassador.enabled | Whether to add Ambassador configuration to created services | true |
 | ambassador.singleNamespace | Allow creation of Ambassador paths that don't include namespace | false |
 | certManager.enabled | Whether to assume cert manager for certificates | false |
+| controllerId | The ID for the manager. Only for when you want manager to limit itself to resources labelled with same id. | '' |
+| crd.create | Whether to install the Custom Resource Definition | true |
 | engine.grpc.port | gRPC port | 5001 |
 | engine.image.name | Image to use for service orchestrator | ```<latest release image>``` |
 | engine.image.tag | Tag for service orchestrator | ```<latest release image>``` |

diff --git a/doc/source/workflow/install.md b/doc/source/workflow/install.md
@@ -125,3 +125,57 @@ If you have a AWS account you can install via the [AWS Marketplace](https://aws.
 ## Upgrading from Previous Versions
 
 See our [upgrading notes](../reference/upgrading.md)
+
+## Advanced Usage
+
+### Install Seldon Core in a single namespace
+
+You can install the Seldon Core Operator so it only manages resources in its namespace. An example to install in a namespace `seldon-ns1` is shown below:
+
+```bash
+kubectl create namespace seldon-ns1
+kubectl label namespace seldon-ns1 seldon.io/controller-id=seldon-ns1
+```
+
+We label the namespace with `seldon.io/controller-id=<namespace>` to ensure if there is a clusterwide Seldon Core Operator that it should ignore resources for this namespace.
+
+Install the Operator into the namespace:
+
+```bash
+helm install seldon-namespaced seldon-core-operator  --repo https://storage.googleapis.com/seldon-charts  \
+    --set singleNamespace=true \
+    --set image.pullPolicy=IfNotPresent \
+    --set usageMetrics.enabled=false \
+    --set crd.create=true \
+    --namespace seldon-ns1
+```
+
+We set `crd.create=true` to create the CRD. If you are installing a Seldon Core Operator after you have installed a previous Seldon Core Operator on the same cluster you will need to set `crd.create=false`.
+
+See the [multiple server example notebook](../examples/multiple_operators.html).
+
+### Label focused Seldon Core Operator
+
+You can install the Seldon Core Operator so it manages only SeldonDeployments with the label `seldon.io/controller-id` where the value of the label matches the controller-id of the running operator. An example for a namespace `seldon-id1` is shown below:
+
+```bash
+kubectl create namespace seldon-id1
+```
+
+To install the Operator run:
+
+
+```bash
+helm install seldon-controllerid seldon-core-operator  --repo https://storage.googleapis.com/seldon-charts  \
+    --set singleNamespace=false \
+    --set image.pullPolicy=IfNotPresent \
+    --set usageMetrics.enabled=false \
+    --set crd.create=true \
+    --set controllerId=seldon-id1 \
+    --namespace seldon-id1
+```
+
+We set `crd.create=true` to create the CRD. If you are installing a Seldon Core Operator after you have installed a previous Seldon Core Operator on the same cluster you will need to set `crd.create=false`.
+
+See the [multiple server example notebook](../examples/multiple_operators.html).
+
diff --git a/helm-charts/seldon-core-operator/templates/clusterrole_seldon-manager-role.yaml b/helm-charts/seldon-core-operator/templates/clusterrole_seldon-manager-role.yaml
@@ -1,3 +1,4 @@
+{{- if not .Values.singleNamespace }}
 {{- if .Values.rbac.create }}
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
@@ -8,8 +9,16 @@ metadata:
     app.kubernetes.io/instance: '{{ .Release.Name }}'
     app.kubernetes.io/name: '{{ include "seldon.name" . }}'
     app.kubernetes.io/version: '{{ .Chart.Version }}'
-  name: seldon-manager-role
+  name: seldon-manager-role-{{ .Release.Namespace }}
 rules:
+- apiGroups:
+  - ''
+  resources:
+  - namespaces
+  verbs:
+  - get
+  - list
+  - watch
 - apiGroups:
   - ''
   resources:
@@ -130,6 +139,14 @@ rules:
   - get
   - patch
   - update
+- apiGroups:
+  - v1
+  resources:
+  - namespaces
+  verbs:
+  - get
+  - list
+  - watch
 - apiGroups:
   - v1
   resources:
@@ -151,3 +168,4 @@ rules:
   - patch
   - update
 {{- end }}
+{{- end }}
diff --git a/helm-charts/seldon-core-operator/templates/clusterrole_seldon-manager-sas-role.yaml b/helm-charts/seldon-core-operator/templates/clusterrole_seldon-manager-sas-role.yaml
@@ -1,3 +1,4 @@
+{{- if not .Values.singleNamespace }}
 {{- if .Values.rbac.create }}
 {{- if .Values.rbac.configmap.create }}
 apiVersion: rbac.authorization.k8s.io/v1
@@ -9,7 +10,7 @@ metadata:
     app.kubernetes.io/instance: '{{ .Release.Name }}'
     app.kubernetes.io/name: '{{ include "seldon.name" . }}'
     app.kubernetes.io/version: '{{ .Chart.Version }}'
-  name: seldon-manager-sas-role
+  name: seldon-manager-sas-role-{{ .Release.Namespace }}
 rules:
 - apiGroups:
   - ''
@@ -37,3 +38,4 @@ rules:
   - watch
 {{- end }}
 {{- end }}
+{{- end }}
diff --git a/helm-charts/seldon-core-operator/templates/clusterrole_seldon-proxy-role.yaml b/helm-charts/seldon-core-operator/templates/clusterrole_seldon-proxy-role.yaml
diff --git a/helm-charts/seldon-core-operator/templates/clusterrole_seldon-spartakus-volunteer.yaml b/helm-charts/seldon-core-operator/templates/clusterrole_seldon-spartakus-volunteer.yaml
@@ -2,7 +2,7 @@
 apiVersion: rbac.authorization.k8s.io/v1beta1
 kind: ClusterRole
 metadata:
-  name: seldon-spartakus-volunteer
+  name: seldon-spartakus-volunteer-{{ .Release.Namespace }}
 rules:
 - apiGroups:
   - ''

diff --git a/...rts/seldon-core-operator/templates/clusterrolebinding_seldon-manager-css-rolebinding.yaml b/...rts/seldon-core-operator/templates/clusterrolebinding_seldon-manager-css-rolebinding.yaml
diff --git a/...-charts/seldon-core-operator/templates/clusterrolebinding_seldon-manager-rolebinding.yaml b/...-charts/seldon-core-operator/templates/clusterrolebinding_seldon-manager-rolebinding.yaml
@@ -1,3 +1,4 @@
+{{- if not .Values.singleNamespace }}
 {{- if .Values.rbac.create }}
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRoleBinding
@@ -7,13 +8,14 @@ metadata:
     app.kubernetes.io/instance: '{{ .Release.Name }}'
     app.kubernetes.io/name: '{{ include "seldon.name" . }}'
     app.kubernetes.io/version: '{{ .Chart.Version }}'
-  name: seldon-manager-rolebinding
+  name: seldon-manager-rolebinding-{{ .Release.Namespace }}
 roleRef:
   apiGroup: rbac.authorization.k8s.io
   kind: ClusterRole
-  name: seldon-manager-role
+  name: seldon-manager-role-{{ .Release.Namespace }}
 subjects:
 - kind: ServiceAccount
   name: '{{ .Values.serviceAccount.name }}'
   namespace: '{{ .Release.Namespace }}'
 {{- end }}
+{{- end }}
diff --git a/...rts/seldon-core-operator/templates/clusterrolebinding_seldon-manager-sas-rolebinding.yaml b/...rts/seldon-core-operator/templates/clusterrolebinding_seldon-manager-sas-rolebinding.yaml
@@ -1,3 +1,4 @@
+{{- if not .Values.singleNamespace }}
 {{- if .Values.rbac.create }}
 {{- if .Values.rbac.configmap.create }}
 apiVersion: rbac.authorization.k8s.io/v1
@@ -8,14 +9,15 @@ metadata:
     app.kubernetes.io/instance: '{{ .Release.Name }}'
     app.kubernetes.io/name: '{{ include "seldon.name" . }}'
     app.kubernetes.io/version: '{{ .Chart.Version }}'
-  name: seldon-manager-sas-rolebinding
+  name: seldon-manager-sas-rolebinding-{{ .Release.Namespace }}
 roleRef:
   apiGroup: rbac.authorization.k8s.io
   kind: ClusterRole
-  name: seldon-manager-sas-role
+  name: seldon-manager-sas-role-{{ .Release.Namespace }}
 subjects:
 - kind: ServiceAccount
   name: seldon-manager
   namespace: '{{ .Release.Namespace }}'
 {{- end }}
 {{- end }}
+{{- end }}
diff --git a/helm-charts/seldon-core-operator/templates/clusterrolebinding_seldon-proxy-rolebinding.yaml b/helm-charts/seldon-core-operator/templates/clusterrolebinding_seldon-proxy-rolebinding.yaml
diff --git a/...-charts/seldon-core-operator/templates/clusterrolebinding_seldon-spartakus-volunteer.yaml b/...-charts/seldon-core-operator/templates/clusterrolebinding_seldon-spartakus-volunteer.yaml
@@ -2,11 +2,11 @@
 apiVersion: rbac.authorization.k8s.io/v1beta1
 kind: ClusterRoleBinding
 metadata:
-  name: seldon-spartakus-volunteer
+  name: seldon-spartakus-volunteer-{{ .Release.Namespace }}
 roleRef:
   apiGroup: rbac.authorization.k8s.io
   kind: ClusterRole
-  name: seldon-spartakus-volunteer
+  name: seldon-spartakus-volunteer-{{ .Release.Namespace }}
 subjects:
 - kind: ServiceAccount
   name: seldon-spartakus-volunteer

diff --git a/...rator/templates/customresourcedefinition_seldondeployments.machinelearning.seldon.io.yaml b/...rator/templates/customresourcedefinition_seldondeployments.machinelearning.seldon.io.yaml
@@ -1,3 +1,4 @@
+{{- if .Values.crd.create }}
 apiVersion: apiextensions.k8s.io/v1beta1
 kind: CustomResourceDefinition
 metadata:
@@ -2949,3 +2950,4 @@ status:
     plural: ''
   conditions: []
   storedVersions: []
+{{- end }}
diff --git a/helm-charts/seldon-core-operator/templates/deployment_seldon-controller-manager.yaml b/helm-charts/seldon-core-operator/templates/deployment_seldon-controller-manager.yaml
@@ -33,13 +33,16 @@ spec:
       - args:
         - --enable-leader-election
         - --webhook-port={{ .Values.webhook.port }}
+        - '{{- if .Values.singleNamespace }}--namespace={{ .Release.Namespace }}{{- end }}'
         command:
         - /manager
         env:
         - name: POD_NAMESPACE
           valueFrom:
             fieldRef:
               fieldPath: metadata.namespace
+        - name: CONTROLLER_ID
+          value: '{{ .Values.controllerId }}'
         - name: AMBASSADOR_ENABLED
           value: '{{ .Values.ambassador.enabled }}'
         - name: AMBASSADOR_SINGLE_NAMESPACE