It should be possible to run sc add-gcp-broker on a cluster that already has catalog installed and where sc install was not run. It looks like the following resources are assumed to exist:
service-catalog namespace
controller-manager service account and associated roles/rolebindings
As a start, lazily creating these if they don't already exist is sufficient. Longer term, the oauth controller should run under a distinct service account with a lower level of privilege than the controller-manager service account.
It should be possible to run
sc add-gcp-broker
on a cluster that already has catalog installed and wheresc install
was not run. It looks like the following resources are assumed to exist:service-catalog
namespacecontroller-manager
service account and associated roles/rolebindingsAs a start, lazily creating these if they don't already exist is sufficient. Longer term, the oauth controller should run under a distinct service account with a lower level of privilege than the
controller-manager
service account.