Prepare RBAC setup

Prepare for ServiceAccount, role and rolebinding

Create a ServiceAccount for the targeted project/namespace with project admin rights used for KOBIL Shift operator and KOBIL Shift deployment (sample: ci-user) - and set this in the KOBIL Shift Operator metaconfig file.

create service account
```
kubectl apply -n <shift-namespace> -f <sa-shift-operator>.yaml
```

Prepare for role and rolebinding

Assign role and rolebinding to the SA used for deployment. Please make use of the KOBIL Shift-Operator Chart source ./templates/rbac.yaml (please download the KOBIL Shift-Operator Chart package) and edit (and template) as appropriate - then apply with project admin rights:

apply role and rolebindings for SA
```
kubectl apply -n <shift-namespace> -f ./yourcode/rbac.yaml
```

Prepare for CRD `servicegroups.shift.kobil.com`

Create the CRD using KOBIL Shift-Operator Chart source ./crds/[shift.kobil.com](http://shift.kobil.com).yaml with Cluster-Admin rights to the targeted cluster environment:

create CRD for clustser
```
kubectl apply -f ./crds/shift.kobil.com.yaml
```

Sample configuration of manual RBAC setup

Find more details here: Sample RBAC configuration for KOBIL Shift deployment

Edit KOBIL Chart configuration and run deployment

Editing the KOBIL Shift-Operator metaconfiguration file "values.yaml"

You may pull the KOBIL Shift-Operator "values.yaml" directly by running command:

download metaconfig "values.yaml"

helm show values kobil/shift-operator > ./operator-shift-values.yaml

Editing the Shift-Operator "operator-shift-values.yaml" - major editing has to be done in the following sequence:

add the image pull secrets to the target namespace where KOBIL Shift-Operator and Shift will be deployed to.
set the credentials for the private KOBIL Chart repository. This is required as the KOBIL Shift-Operator will download KOBIL Shift sub-services Charts during KOBIL Shift deployment processing.
disable the "SA" and the "rbac" creation/processing - edit KOBIL Shift-Operator metaconfig to:

pod.service Account.create: false
[pod.serviceAccount.name](http://pod.serviceAccount.name): "<name>"   # here set the SA created in pre-deployment above`  
rbac.create: false

Configure further parameters as needed Shift-Operator Configuration

Install KOBIL Shift-Operator with helm-option "--skip-crd"

As the KOBIL Shift CRD "servicegroup" is already present before running the helm install you have to use option "--skip-crd" to avoid deployment warnings:

helm install operator

helm install <shift-operator> -f ./oper-metaconfig kobil/shift-operator --skip-crd ...

Prepare for ServiceAccount, role and rolebinding​

Prepare for role and rolebinding​

Prepare for CRD servicegroups.shift.kobil.com​

Sample configuration of manual RBAC setup​

Edit KOBIL Chart configuration and run deployment​

Editing the KOBIL Shift-Operator metaconfiguration file "values.yaml"​

Install KOBIL Shift-Operator with helm-option "--skip-crd"​