Install Mission Control with Helm using separate cluster resources

This guide shows you how to install Mission Control in environments where you must manage cluster-scoped resources separately from the main installation. Use this approach when:

  • Different teams manage cluster-level resources and application deployments

  • You need to apply cluster-scoped resources with elevated privileges

  • You want more control over the installation process

Prerequisites

Before you begin, ensure you have:

  • A Kubernetes cluster with admin access

  • Helm v3.14.0 - v3.18.0 installed

  • Access to the Mission Control container registry

Install Mission Control

To install Mission Control with Helm using separate cluster resources, complete these steps:

  1. Add the Mission Control cluster objects Helm repository:

    helm repo add mc-cluster-obj https://helm.k8ssandra.io/mission-control
helm repo update

  2. Install the cluster-scoped resources using the cluster objects chart:

    helm install mc-cluster-obj mc-cluster-obj/mc-cluster-obj \
  -n NAMESPACE \
  --create-namespace \
  --set targetReleaseName=RELEASE_NAME \
  --set targetNamespace=NAMESPACE

    Replace the following parameters:

    • RELEASE_NAME: The name for your release. The release name cannot include mission-control. Using a release name that includes mission-control causes naming conflicts.

    • NAMESPACE: The namespace where you want to install Mission Control

      This step creates the namespace and installs all cluster-scoped resources, including Custom Resource Definitions (CRDs), ClusterRoles, ClusterRoleBindings, and other cluster-scoped resources.

  3. Log in to the Mission Control container registry:

    helm registry login registry.replicated.com --username USERNAME --password PASSWORD

    Replace the following:

    • USERNAME: The Helm registry username

    • PASSWORD: The Helm registry password

  4. Install Mission Control using Helm with cluster-scoped resources disabled:

    helm install RELEASE_NAME oci://registry.replicated.com/mission-control/stable/mission-control \
  --namespace NAMESPACE \
  --set global.clusterScopedResources=false \
  --set dex.rbac.createClusterScoped=false \
  --set kube-state-metrics.rbac.create=false \
  --skip-crds \
  --no-hooks

    Replace the following:

    • RELEASE_NAME: The name for your release. The release name cannot include mission-control. Using a release name that includes mission-control causes naming conflicts. The name must match the targetReleaseName used in step 2.

    • NAMESPACE: The namespace where you want to install Mission Control. The namespace must match the targetNamespace used in step 2.

      You must use the same release name for the data plane installation as you used for the control plane installation. This ensures proper communication and resource management between the planes.

      Key parameters:

    • global.clusterScopedResources=false: Disables creation of cluster-scoped resources.

    • dex.rbac.createClusterScoped=false: Prevents Dex from creating cluster-scoped RBAC resources.

    • kube-state-metrics.rbac.create=false: Prevents kube-state-metrics from creating RBAC resources.

    • --skip-crds: Skips CRD installation since you already applied them.

    • --no-hooks: Skips hooks that might try to create cluster-scoped resources.

    • --namespace: Target installation namespace. This must match the namespace created in step 2.

  5. Verify that Mission Control is running correctly:

    kubectl get pods -n NAMESPACE

    Replace NAMESPACE with the namespace where you installed Mission Control.

Configure additional options

You can customize the installation by creating a values file with additional settings, for example:

# values.yaml
global:
  clusterScopedResources: false

dex:
  rbac:
    createClusterScoped: false

kube-state-metrics:
  rbac:
    create: false

# Add other customizations as needed

Then use this file during installation:

helm install RELEASE_NAME oci://registry.replicated.com/mission-control/stable/mission-control \
  --namespace NAMESPACE \
  -f values.yaml \
  --skip-crds \
  --no-hooks

Replace the following:

  • RELEASE_NAME: The name for your release. The release name cannot include mission-control. Using a release name that includes mission-control causes naming conflicts.

  • NAMESPACE: The namespace where you want to install Mission Control

Upgrade Mission Control with separate cluster resources

When upgrading Mission Control with separate cluster resources, you must upgrade the cluster-scoped resources first, then update the Helm chart. This ensures that all resources stay in sync.

  1. Update the cluster objects repository and upgrade the cluster-scoped resources:

    helm repo update
helm upgrade mc-cluster-obj mc-cluster-obj/mc-cluster-obj \
  -n NAMESPACE \
  --set targetReleaseName=RELEASE_NAME \
  --set targetNamespace=NAMESPACE

    Replace the following:

    • RELEASE_NAME: The name for your release. The release name cannot include mission-control. Using a release name that includes mission-control causes naming conflicts.

    • NAMESPACE: The namespace where you installed Mission Control

  2. Upgrade the Helm release with cluster-scoped resources disabled:

    helm upgrade RELEASE_NAME oci://registry.replicated.com/mission-control/stable/mission-control \
  --namespace NAMESPACE \
  --set global.clusterScopedResources=false \
  --set dex.rbac.createClusterScoped=false \
  --set kube-state-metrics.rbac.create=false \
  --skip-crds \
  --no-hooks

    Replace the following:

    • RELEASE_NAME: The name for your release. The release name cannot include mission-control. Using a release name that includes mission-control causes naming conflicts.

    • NAMESPACE: The namespace where you installed Mission Control

      The following arguments are important to successfully applying the upgrade:

    • global.clusterScopedResources=false: Disables creation of cluster-scoped resources.

    • dex.rbac.createClusterScoped=false: Prevents Dex from creating cluster-scoped RBAC resources.

    • kube-state-metrics.rbac.create=false: Prevents kube-state-metrics from creating RBAC resources.

    • --skip-crds: Skips CRD installation since you already applied them.

    • --no-hooks: Skips hooks that might try to create cluster-scoped resources.

  3. Verify the upgrade by checking the cluster-scoped resources:

    kubectl get crds | grep missioncontrol
kubectl get clusterroles | grep mission-control
kubectl get clusterrolebindings | grep mission-control

Troubleshoot installation issues

If you encounter problems during installation:

  1. Verify that all cluster-scoped resources were applied correctly:

    kubectl get crds | grep missioncontrol
kubectl get clusterroles | grep mission-control
kubectl get clusterrolebindings | grep mission-control

  2. Check the Mission Control operator logs:

    kubectl logs -n NAMESPACE -l app.kubernetes.io/name=mission-control

    Replace NAMESPACE with the namespace where you installed Mission Control.

  3. Ensure all required namespaces exist:

    kubectl get namespace NAMESPACE

    Replace NAMESPACE with the name of the namespace where you installed Mission Control.

Security best practices

When managing cluster-scoped resources:

  • Use a GitOps workflow to manage the cluster-scoped resources.

  • Review and update the cluster-scoped resources regularly.

  • Apply the principle of least privilege when assigning permissions.

Was this helpful?

Give Feedback

How can we improve the documentation?

© Copyright IBM Corporation 2026 | Privacy policy | Terms of use Manage Privacy Choices

Apache, Apache Cassandra, Cassandra, Apache Tomcat, Tomcat, Apache Lucene, Apache Solr, Apache Hadoop, Hadoop, Apache Pulsar, Pulsar, Apache Spark, Spark, Apache TinkerPop, TinkerPop, Apache Kafka and Kafka are either registered trademarks or trademarks of the Apache Software Foundation or its subsidiaries in Canada, the United States and/or other countries. Kubernetes is the registered trademark of the Linux Foundation.

General Inquiries: Contact IBM