IBM Cloud Docs
Onboarding a Certified Operator from a Red Hat registry

Onboarding a Certified Operator from a Red Hat registry

This tutorial walks you through how to onboard a sample Operator bundle from a Red Hat® registry to your account. By completing this tutorial, you learn how to create a private catalog in your account, import the Operator bundle, and validate that it can be installed on a Red Hat OpenShift on IBM Cloud cluster.

Before you begin

  1. Verify that you're using a Pay-As-You-Go or Subscription account. See Viewing your account type for more details.
  2. Go to the Red Hat OperatorHub to confirm that your Operator bundle exists in the Red Hat Certified registry.
  3. Create your Red Hat OpenShift on IBM Cloud cluster.
  4. Upload your Operator bundle and application images to IBM Cloud Container Registry.
  5. Verify that you're assigned the following IBM Cloud Identity and Access Management (IAM). See Assigning access to account management services and Managing access to resources for more information.
    • Administrator on all account management services and all IAM-enabled services
    • Editor on the catalog management service
    • Editor on the software instance service
    • Editor on the IBM Cloud Container Registry service
    • Administrator on the Red Hat OpenShift on IBM Cloud cluster

Make sure that you use the same account to access IBM Cloud Container Registry and to create the Red Hat OpenShift on IBM Cloud cluster.

Create a private catalog

Private catalogs provide a way for you to make your own products available to users in your account.

  1. Go to Manage > Catalogs in the IBM Cloud console, and click Create a catalog.
  2. Select Product default as the catalog type.
  3. Enter the name of your catalog, for example, Sample Operator Bundle.
  4. Select No products to exclude all products in the IBM Cloud® catalog from your catalog.
  5. Click Create.

Import your Operator bundle

  1. On the Private products page, click Add.
  2. Select Operator from Red Hat registry as your deployment method.
  3. Select Certified as your Red Hat repository.
  4. Select your Operator bundle. For example, for the purposes of this tutorial, you can select Add a Cluster Operator as your Operator.
  5. Select the Operator bundle version that you would like to import.
  6. Enter the software version that the Operator bundle installs in the format of major version, minor version, and revision. For example, you can use Operator version 1.0.0 to install software version 2.0.0.
  7. Click Add version.

Review the version details

  1. From the Version list table, click the row that contains your operator.
  2. Review your version details from the Review the version details section. There are no actions that you need to take. When you are ready to move on, click Next.

Add end user license agreements

If users are required to accept any license agreements beyond the IBM Cloud Services Agreement, provide the URL to each agreement.

  1. In the Version list table, click the row that contains your Operator bundle.
  2. Click Add license agreements > Add.
  3. Enter the name and URL of the license agreement, and click Update.
  4. After entering all additional license agreements, click Next.

Review your readme file

When users install the software, they can select the link to your readme file to view product information. The information in the Readme link is generated from the readme file information in the Edit readme tab.

  1. From the Edit readme tab, click the Edit icon Edit icon.
  2. Preview how the information in the readme file will be displayed to users when they install the Operator bundle.
  3. If you need to make changes, edit the information in the source file and import the updated Operator bundle to your private catalog.
  4. Click Next.

Validate your Operator bundle

Validate that the Operator bundle can be successfully installed on the target Red Hat OpenShift on IBM Cloud cluster.

  1. Click Validate product

  2. Select the Update channel to receive version updates from.

  3. Select whether you want to apply updates automatically or manually.

  4. Select the target cluster and project, and click Next.

  5. Enter the name of your Schematics workspace, select a resource group, select a Schematics region, and click Next.

    In the Tags field, you can enter a name of a specific tag to attach to your Operator. Tags provide a way to organize, track usage costs, and manage access to the resources in your account.

  6. Click Validate.

Manage compliance

You can add profiles and controls to your software to prove that it meets security and compliance requirements. You must use Security and Compliance Center to scan the resources created during validation.

Only profiles and controls that are supported by the Security and Compliance Center and validated by Security and Compliance Center scans appear in the catalog.

Run a Security and Compliance Center scan

When you claim profiles and controls, you must evaluate the resources that were created during validation to ensure compliance. To run a scan, complete the following steps:

  1. In the IBM Cloud console, click the Menu icon Menu icon > Security and Compliance to access Security and Compliance Center.
  2. In the navigation, click Profile.
  3. Click the Overflow menu in the row of the profile that you want to evaluate and select Run scan.
  4. Click Run scan.

After your scan completes, you can return to your private catalog to continue the onboarding process.

Adding compliance controls

Add the profiles and controls that you want to claim.

  1. In the Manage compliance section of your product, select Add claims.
  2. Select the profile that you want to add.
  3. Choose to add the entire profile or a subset of controls.
  4. If you choose an entire profile, continue to the next step. If you choose to add a subset of controls, select the controls that you want to add.
  5. Click Add.

Applying Security and Compliance Center scans

Add the scans that you previously ran in the Security and Compliance Center. Security and Compliance Center scans determine adherence to regulatory controls. For more information, see Scanning your resources.

  1. Click Add scan.
  2. Select the profile that you used for the evaluation.
  3. Select the Security and Compliance Center scan.
  4. Click Apply scan.
  5. Click Next.

Review requirements

You must complete validation and any other requirements to publish to your account.

Next steps

After you onboard and validate your Operator bundle, you're ready to publish it to your account. From the Actions menu, select Publish to account. As a result, the Operator bundle is available only to users who have access to the Sample Operator Bundle private catalog in your account.