Onboarding an Operator from a GitHub repository
This tutorial walks you through how to onboard a sample Operator from a GitHub repository to your account. You can onboard an Operator bundle using a TGZ file or an Operator using a CSV file. By completing this tutorial, you learn how to create a private catalog, import your CSV or TGZ file, validate that it can be installed on a Red Hat OpenShift cluster, and make the Operator available to users who have access to your account.
Before you begin
-
Verify that you're using a Pay-As-You-Go or Subscription account. See Viewing your account type for more details.
-
Upload your Operator and application images to IBM Cloud® Container Registry.
-
Upload your source code to your GitHub repository.
Use the latest release of the sample Node-RED Operator as an example of how to set up your directory structure.
-
Make sure you're assigned the IBM Cloud Identity and Access Management (IAM) editor role on the catalog management service. See Assigning access to account management services for more information.
-
For Operator bundles, you also need the following IBM Cloud Identity and Access Management (IAM) roles.
- Administrator on all account management services and all IAM-enabled services
- Editor on the software instance service
- Editor on the IBM Cloud Container Registry service
- Administrator on the Red Hat OpenShift on IBM Cloud cluster
Make sure that you use the same account to access IBM Cloud Container Registry and to create the Red Hat OpenShift on IBM Cloud cluster.
Create a private catalog
- Go to Manage > Catalogs in the IBM Cloud console, and click Create a catalog.
- Select Product default as the catalog type.
- Enter the name of your catalog, for example,
Sample Operator
. - Select No products to exclude all products in the IBM Cloud® catalog from your catalog. For more information about how this affects which products are visible in the catalog, see Managing catalog settings.
- Click Create.
Import your Operator
-
On the Private products page, click Add.
-
Select Operator from GitHub repository as your deployment method.
-
Confirm that Public repository is selected as the repository type.
-
Enter
https://github.com/IBM-Cloud/operator-bundle-sample/archive/refs/tags/v0.0.3.tar.gz
as your source URL. -
Enter the software version in the format of major version, minor version, and revision, for example,
1.0.0
.Enter the version of your software and not the version of your Operator. For example, you might be using Operator version 1.3.0 to install software version 3.1.1.
-
Click Add product.
Review the version details
From the Configure version tab, you can review your version details. After you review your version details, click Next.
Set an image pull secret
When you create your Red Hat® OpenShift® on IBM Cloud® cluster, the cluster includes an IAM service ID that is given reader access to IBM Cloud Container Registry. The service ID credentials are authenticated in a non-expiring service ID API key that is stored in image pull secrets in your cluster. As part of configuring the deployment details, you set a pull secret that's used to access and pull your images from the private IBM Cloud Container Registry repository.
- From the Set an image pull secret section, click Add image pull secret.
- Enter the name and value of the image pull secret.
- Click Update.
- From the Image pull secret name list, select the image pull secret that you just added.
- Click Next.
Set the license requirements
If users are required to accept any license agreements beyond the IBM Cloud Services Agreement, provide the URL to each agreement. Or, if users can bring their own licenses, you can provide that URL as well.
- Click Add license agreements > Add.
- Enter the name and URL, and click Update.
- After entering all additional license agreements, click Next.
Review your readme file
When users access your Operator from your account, they can select the link to your readme file in your private catalog to view product information. The readme file information is automatically generated from the details in your TGZ or CSV file.
- From the Edit readme tab, click the Edit icon
.
- Preview how the information in the readme file will be displayed to users when they install the Operator.
- If you need to make changes, edit the information in your source and import the updated software to your private catalog.
- Click Next.
Validate the Operator
To publish the Operator to your account, you're required to validate that it can be successfully installed on the target Red Hat OpenShift cluster.
-
From the Validate product tab, select the target cluster and project, and click Next.
-
Enter the name of your Schematics workspace, select a resource group, select a Schematics region, and click Next.
In the Tags field, you can enter a name of a specific tag to attach to your Operator. Tags provide a way to organize, track usage costs, and manage access to the resources in your account.
-
Click Validate.
Manage compliance
You can add profiles and controls to your software to prove that it meets security and compliance requirements. You must use Security and Compliance Center to scan the resources created during validation.
Only profiles and controls that are supported by the Security and Compliance Center and validated by Security and Compliance Center scans appear in the catalog.
Run a Security and Compliance Center scan
When you claim profiles and controls, you must evaluate the resources that were created during validation to ensure compliance. To run a scan, complete the following steps:
- In the IBM Cloud console, click the Menu icon
> Security and Compliance to access Security and Compliance Center.
- In the navigation, click Profile.
- Click the Overflow menu in the row of the profile that you want to evaluate and select Run scan.
- Click Run scan.
After your scan completes, you can return to your private catalog to continue the onboarding process.
Adding compliance controls
Add the profiles and controls that you want to claim.
- In the Manage compliance section of your product, select Add claims.
- Select the profile that you want to add.
- Choose to add the entire profile or a subset of controls.
- If you choose an entire profile, continue to the next step. If you choose to add a subset of controls, select the controls that you want to add.
- Click Add.
Applying Security and Compliance Center scans
Add the scans that you previously ran in the Security and Compliance Center. Security and Compliance Center scans determine adherence to regulatory controls. For more information, see Scanning your resources.
- Click Add scan.
- Select the profile that you used for the evaluation.
- Select the Security and Compliance Center scan.
- Click Apply scan.
- Click Next.
Review requirements
You must complete validation and any other requirements to publish to your account.
Next steps
After you onboard and validate your Operator, you're ready to publish it to your account. From the Actions menu, select Publish to account. As a result, the Operator is available only to users who have access
to the Sample Operator
private catalog in your account.