9. Manage OpenShift Operators Flashcards
- Install an operator
The Cluster Version Operator (CVO) installs and updates cluster operators as part of the OpenShift installation and update processes.
The CVO provides cluster operator status information as resources of the ClusterOperator type: oc get clusteroperator
Operator Lifecycle Manager (OLM) helps users to install and update operators in a cluster. Operators that the OLM manages are also known as add-on operators, in contrast with cluster operators that implement platform services.
Take a look in Operators documentation.
Install an operator
Installing Operators with the Web Console
The OpenShift web console provides anl interface to the Operator Lifecycle Manager (OLM). The OperatorHub page lists available operators and provides an interface for installing them.
The Install Operator Wizard:
Navigate to Operators → OperatorHub to display the list of available operators. The OperatorHub page displays operators, and has filters to locate operators.
Click an operator to display further information
Click Install to begin the Install Operator wizard
You can choose installation options in the Install Operator wizard.
Find out more in Installing from OperatorHub using the web console documentation.
Install Operators with the CLI
Installing Operators
To install an operator, you must perform the following steps:
Locate the operator to install.
Review the operator and its documentation for installation options and requirements.
Decide the update channel to use.
Decide the installation mode. For most operators, you should make them available to all namespaces.
Decide to deploy the operator workload to an existing namespace or to a new namespace.
Decide whether the Operator Lifecycle Manager (OLM) applies updates automatically, or requires an administrator to approve updates.
Create an operator group if needed for the installation mode.
Create a namespace for the operator workload if needed.
Create the operator subscription.
Review and test the operator installation.
Operator Resources
The OLM uses the following resource types:
Catalog source: Each catalog source resource references an operator repository. Periodically, the OLM examines the catalog sources in the cluster and retrieves information about the operators in each source.
Package manifest: The OLM creates a package manifest for each available operator. The package manifest contains the required information to install an operator, such as the available channels.
Operator group: Operator groups define how the OLM presents operators across namespaces.
Subscription: Cluster administrators create subscriptions to install operators.
Operator: The OLM creates operator resources to store information about installed operators.
Install plan: The OLM creates install plan resources as part of the installation and update process. When requiring approvals, administrators must approve install plans.
Cluster service version (CSV): Each version of an operator has a corresponding CSV. The CSV contains the information that the OLM requires to install the operator
When installing an operator, an administrator must create only the subscription and the operator group. The OLM generates all other resources automatically.
Install an Operator
Operators
# if the operator doesn’t require a specific namespace, USE openshift-operators
## otherwise create a new namespace, add labels/annotations if there are required by the operators
oc create ns myoperator-ns
# Determine whether you need to create an operator group. Operators use the operator group in their namespace.
## Operators monitor custom resources in the namespaces that the operator group targets.
## The openshift-operators namespace contains a “global-operators” operator group.
### to create a new Operatorgroup, use this manaifest
apiVersion: operators.coreos.com/v1
kind: OperatorGroup
metadata:
name: name
namespace: namespace # namespace where to create the resource
spec:
targetNamespaces: # list of namespaces that the operator monitors CRD
- namespace
### list all operatorGroup
oc get OperatorGroup -A
# create a subscription
## with the operator web-terminal as example
## oc get packagemanifests
NAME CATALOG AGE
odf-lvm-operator do280 Operator Catalog Red Hat 5d1h
web-terminal do280 Operator Catalog Red Hat 5d1
…
## describe web-terminal operator
oc describe packagemanifest web-terminal -n openshift-marketplace
…output omitted…
## create the subscription manifest
apiVersion: operators.coreos.com/v1alpha1
kind: Subscription
metadata:
name: web-terminal
namespace: openshift-operators # namespace for the operator workload
spec:
channel: fast # update channel from oc describe packagemanifest web-terminal -n openshift-marketplace
name: web-terminal # package manifest to subscribe to
source: do280-catalog-redhat # source catalog from the oc describe
installPlanApproval: Manual # install plan approval mode, either Automatic or Manual
sourceNamespace: openshift-marketplace
## Create the resource
oc create -f subscription.yaml
Full example with file-integrity-operator operator
oc get packagemanifests
NAME CATALOG AGE
web-terminal do280 Operator Catalog Red Hat 5d1h
file-integrity-operator do280 Operator Catalog Red Hat 5d1
c describe packagemanifest file-integrity-operator
…output omitted…
# creating namespace with some required labels
## create file namespace.yaml
apiVersion: v1
kind: Namespace
metadata:
labels:
openshift.io/cluster-monitoring: “true”
pod-security.kubernetes.io/enforce: privileged
name: openshift-file-integrity
oc create -f namespace.yaml
# Create an operator group in the operator namespace.
## operator-group.yaml
apiVersion: operators.coreos.com/v1
kind: OperatorGroup
metadata:
name: file-integrity-operator
namespace: openshift-file-integrity
spec:
targetNamespaces:
- openshift-file-integrity
oc create -f operator-group.yaml
# Create the subscription in the operator namespace
## create subscription.yaml
apiVersion: operators.coreos.com/v1alpha1
kind: Subscription
metadata:
name: file-integrity-operator
namespace: openshift-file-integrity
spec:
channel: “stable”
installPlanApproval: Manual
name: file-integrity-operator
source: do280-catalog-redhat
sourceNamespace: openshift-marketplace
oc create -f subscription.yaml
# Examine the operator resource that the OLM created.
oc describe operator file-integrity-operator
Name: file-integrity-operator.openshift-file-integrity
…output omitted…
Status:
Components:
Label Selector:
Match Expressions:
Key: operators.coreos.com/file-integrity-operator.openshift-file-integrity
Operator: Exists
Refs:
…output omitted…
Kind: InstallPlan
Name: install-4wsq6 # installplan to approve
Namespace: openshift-file-integrity
API Version: operators.coreos.com/v1alpha1
Conditions:
Last Transition Time: 2023-03-22T10:38:22Z
Message: all available catalogsources are healthy
Reason: AllCatalogSourcesHealthy
Status: False
Type: CatalogSourcesUnhealthy
Last Transition Time: 2023-03-22T10:38:21Z
Reason: RequiresApproval
Status: True
Type: InstallPlanPending # waiting for approval because we set installPlanApproval: Manual in subscription
Kind: Subscription
Name: file-integrity-operator
Namespace: openshift-file-integrity
Events: <none></none>
# Approve the installplan
## get installplan spec
oc get installplan -n openshift-file-integrity install-4wsq6 -o jsonpath=’{.spec}’
{“approval”:”Manual”,”approved”:false,”clusterServiceVersionNames”:[“file-integrity-operator.v1.0.0”],”generation”:1}
## approve the install
oc patch installplan install-pmh78 –type merge -p ‘{“spec”:{“approved”:true}}’ -n openshift-file-integrity
installplan.operators.coreos.com/install-pmh78 patched
# Examine the status again
oc describe operator file-integrity-operator
…output omitted…
Status:
Components:
Label Selector:
Match Expressions:
Key: operators.coreos.com/file-integrity-operator.openshift-file-integrity
Operator: Exists
Refs:
…output omitted…
Conditions:
Last Transition Time: 2023-01-26T18:21:03Z
Last Update Time: 2023-01-26T18:21:03Z
Message: install strategy completed with no errors
Reason: InstallSucceeded
Status: True
Type: Succeeded
Kind: ClusterServiceVersion
Name: file-integrity-operator.v1.0.0
Namespace: openshift-file-integrity
…output omitted…
# Examine the workloads in the openshift-file-integrity namespace.
oc get all -n openshift-file-integrity
# switch to the operator namespace/project
oc project openshift-file-integrity
oc get csv
- Delete an operator
To remove an operator from the cluster with the CLI , delete the subscription and cluster service version objects.
Uninstall an Operator
## Check the current version of the subscribed operator in the currentCSV field.
oc get sub <subscription-name> -o yaml | grep currentCSV
currentCSV: ...output omitted...</subscription-name>
# Delete the subscription object. Use the value obtained from the preceding command to delete the cluster service version object.
oc delete sub <subscription-name>
oc delete csv <currentCSV></currentCSV></subscription-name>
# if needed, delete operatorGroup