It should be possible to run sc add-gcp-broker on a cluster that already has catalog installed and where sc install was not run. It looks like the following resources are assumed to exist:
service-catalog namespace
controller-manager service account and associated roles/rolebindings
As a start, lazily creating these if they don't already exist is sufficient. Longer term, the oauth controller should run under a distinct service account with a lower level of privilege than the controller-manager service account.
It should be possible to run
sc add-gcp-brokeron a cluster that already has catalog installed and wheresc installwas not run. It looks like the following resources are assumed to exist:service-catalognamespacecontroller-managerservice account and associated roles/rolebindingsAs a start, lazily creating these if they don't already exist is sufficient. Longer term, the oauth controller should run under a distinct service account with a lower level of privilege than the
controller-managerservice account.