[Spark] Support spark-operator on multi-namespace deployments

[alxtkr77]

Summary

• Admin namespace holds CRDs + ClusterRole with no running pods (replicas=0), each user namespace runs its own spark-operator controller with a namespace-scoped RoleBinding to the shared ClusterRole
• Adds CE-level spark config section to decouple ConfigMap rendering from subchart enablement
• Adds spark-controller-rbac.yaml CE template that creates RoleBinding → ClusterRole + leader election RBAC in user namespaces
• Updates admin/non-admin/cluster-ip values files with spark-operator split configuration
• Adds multi-ns Kind test command validating admin + 2 user namespaces with RBAC and functional SparkApplication checks
• Bumps chart version to 0.11.0-rc10

Test plan

• make helm-lint passes (including new check-version-bump target)
• helm template renders correctly for single-NS, admin, and non-admin modes
• tests/kind-test.sh full — single-NS regression with spark webhook mutation checks
• tests/kind-test.sh multi-ns — admin/user split with RBAC and functional SparkApplication checks
• Manual validation on vmdev10ig4 cluster

🤖 Generated with Claude Code

[Copilot]

Pull request overview

This PR implements multi-namespace deployment support for spark-operator, enabling a split architecture where an admin namespace hosts shared cluster resources (CRDs, ClusterRole, webhook) while user namespaces run their own controller pods with namespace-scoped access via RoleBindings.

Changes:

• Decouples spark ConfigMap rendering from spark-operator subchart enablement via new spark.enabled configuration
• Adds CE-level RBAC template for user namespaces that creates RoleBinding to shared ClusterRole plus leader election permissions
• Implements comprehensive Kind-based multi-namespace testing with admin + 2 user namespace validation including RBAC and functional SparkApplication checks

Reviewed changes

Copilot reviewed 9 out of 9 changed files in this pull request and generated 1 comment.

Show a summary per file

File	Description
tests/kind-test.sh	Adds multi-ns test mode with admin/user chart installation functions, webhook mutation verification helper, and comprehensive RBAC/functionality validation across 3 namespaces
charts/mlrun-ce/values.yaml	Introduces spark.enabled config to control CE-level spark resources independently from spark-operator subchart
charts/mlrun-ce/templates/spark-operator/spark-controller-rbac.yaml	New template that creates RoleBinding to shared ClusterRole and leader election RBAC when controller.rbac.create is false (user namespace mode)
charts/mlrun-ce/templates/config/mlrun-spark-config.yaml	Updates condition from spark-operator.enabled to spark.enabled for proper multi-ns ConfigMap rendering
charts/mlrun-ce/non_admin_installation_values.yaml	Configures spark-operator for user namespace: controller replicas=1, rbac.create=false, webhook disabled
charts/mlrun-ce/non_admin_cluster_ip_installation_values.yaml	Same user namespace spark-operator config as non_admin file but with ClusterIP services
charts/mlrun-ce/admin_installation_values.yaml	Configures spark-operator for admin namespace: controller replicas=0, webhook enabled, ClusterRole creation
charts/mlrun-ce/Chart.yaml	Bumps version from 0.11.0-rc9 to 0.11.0-rc10
Makefile	Adds check-version-bump target with proper rc version handling and integrates it into helm-lint workflow

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.