add role rbac and add add guide (ray-project#7091)

deploy/ray-operator/README.md

@@ -115,28 +115,39 @@ Below gives a guide for user to submit RayCluster step by step:
 kustomize build config/crd | kubectl apply -f -
 ```
 
-### Deploy controller in the configured Kubernetes cluster in ~/.kube/config
-* For this version controller will run in system namespace, which maybe can't be tolerated in production.  
+### Build manager docker image
+View Makefile for more command and info.
+```shell script
+make docker-build
+```
+
+### Push manager docker image to some docker repo
+View Makefile for more command and info.
+```shell script
+make docker-push
+```
+
+### Deploy the controller in the configured Kubernetes cluster in ~/.kube/config
+* For this version controller will run in ray-operator-system namespace, which maybe can't be tolerated in production.  
 * We will add more detailed RBAC file to control the namespace used in production, and the controller will run in that namespace to control the permission.  
-* Also we will provide the more detailed guide for user to run in a controlled way.
+* Also, we will provide the more detailed guide for user to run in a controlled way.
 ```shell script
-cd config/manager 
 kustomize build config/default | kubectl apply -f -
 ```
 
 ### Submit RayCluster to Kubernetes
 ```shell script
-kubectl create -f config/samples/ray_v1_raycluster.mini.yaml
+kubectl create -f config/samples/ray_v1_raycluster.mini.yaml -n ray-operator-system
 ```
 
 ### Apply RayCluster to Kubernetes
 ```shell script
-kubectl apply -f config/samples/ray_v1_raycluster.mini.yaml
+kubectl apply -f config/samples/ray_v1_raycluster.mini.yaml -n ray-operator-system
 ```
 
 ### Delete RayCluster to Kubernetes
 ```shell script
-kubectl delete -f config/samples/ray_v1_raycluster.mini.yaml
+kubectl delete -f config/samples/ray_v1_raycluster.mini.yaml -n ray-operator-system
 ```
 
 ### Build with bazel

deploy/ray-operator/config/rbac/role.yaml

@@ -0,0 +1,76 @@
+
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  creationTimestamp: null
+  name: manager-role
+rules:
+- apiGroups:
+  - ""
+  resources:
+  - events
+  verbs:
+  - create
+  - delete
+  - get
+  - list
+  - patch
+  - update
+  - watch
+- apiGroups:
+  - ""
+  resources:
+  - pods
+  verbs:
+  - create
+  - delete
+  - get
+  - list
+  - patch
+  - update
+  - watch
+- apiGroups:
+  - ""
+  resources:
+  - pods/status
+  verbs:
+  - create
+  - delete
+  - get
+  - list
+  - patch
+  - update
+  - watch
+- apiGroups:
+  - ""
+  resources:
+  - services
+  verbs:
+  - create
+  - delete
+  - get
+  - list
+  - patch
+  - update
+  - watch
+- apiGroups:
+  - ray.io
+  resources:
+  - RayClusters
+  verbs:
+  - create
+  - delete
+  - get
+  - list
+  - patch
+  - update
+  - watch
+- apiGroups:
+  - ray.io
+  resources:
+  - RayClusters/status
+  verbs:
+  - get
+  - patch
+  - update

deploy/ray-operator/controllers/raycluster_controller.go

@@ -51,6 +51,7 @@ type RayClusterReconciler struct {
 // +kubebuilder:rbac:groups=core,resources=pods,verbs=get;list;watch;create;update;patch;delete
 // +kubebuilder:rbac:groups=core,resources=pods/status,verbs=get;list;watch;create;update;patch;delete
 // +kubebuilder:rbac:groups=core,resources=services,verbs=get;list;watch;create;update;patch;delete
+
 func (r *RayClusterReconciler) Reconcile(request reconcile.Request) (reconcile.Result, error) {
 	_ = r.Log.WithValues("raycluster", request.NamespacedName)
 	log.Info("Reconciling RayCluster", "cluster name", request.Name)

deploy/ray-operator/go.mod

@@ -7,7 +7,6 @@ require (
 	github.com/go-logr/logr v0.1.0
 	github.com/onsi/ginkgo v1.6.0
 	github.com/onsi/gomega v1.4.2
-	golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2 // indirect
 	k8s.io/api v0.0.0-20190918195907-bd6ac527cfd2
 	k8s.io/apimachinery v0.0.0-20190817020851-f2f3a405f61d
 	k8s.io/client-go v0.0.0-20190918200256-06eb1244587a