Skip to content

Cluster Configuration

Creating Namespace and Roles

calrissian executes CWL workflows by running steps as Pods in a kubernetes cluster.

To support this requirement, we create a role with the necessary privileges and bind it to a service account.

Create the Namespace

NAMESPACE_NAME=calrissian-demo-project
kubectl create namespace "$NAMESPACE_NAME"

Create the Roles and RoleBindings

kubectl --namespace="$NAMESPACE_NAME" create role pod-manager-role \
  --verb=create,patch,delete,list,watch --resource=pods
kubectl --namespace="$NAMESPACE_NAME" create role log-reader-role \
  --verb=get,list --resource=pods/log
kubectl --namespace="$NAMESPACE_NAME" create rolebinding pod-manager-default-binding \
  --role=pod-manager-role --serviceaccount=${NAMESPACE_NAME}:default
kubectl --namespace="$NAMESPACE_NAME" create rolebinding log-reader-default-binding \
  --role=log-reader-role --serviceaccount=${NAMESPACE_NAME}:default