Adding services by using Operators
Red Hat OpenShift Operators provide additional functionality and extend the capabilities of a cluster. With operators, you can manage the lifecycle of the apps in your cluster, including third-party software and services that you integrate into your cluster from the OperatorHub. You can consistently install, update, and monitor system components by using operators or by making operators available to developers that work in specific projects or across projects.
Operators are a convenient way to add services to your cluster from community, third-party, your own, or other providers. Keep in mind that you are responsible for managing additional charges; understanding the operator's lifecycle, support timeline, and how the services operate in your cluster at any point; and for ensuring that any operators you use are compatible with the cluster version. If you have issues with an operator, work with the appropriate provider to troubleshoot the issue.
Using Operators in clusters
Operators are available in your cluster by default and can be used to package, deploy, and update your apps.
Before you begin, check the status of any existing operators in your cluster. Resolve any issues before using operators to manage your apps.
- To use operators, follow the Red Hat OpenShift documentation.
- Adding Operators to a cluster
- Deleting Operators from a cluster
- Creating applications from installed Operators
- Making your own custom Operator.
- For help creating custom Operators, see the Operator SDK documentation, which includes a guide to build an operator that is based on a Helm chart.
- To manage your custom Operator, see the Operator Lifecycle Manager documentation.
- Review any custom steps to install an operator in your cluster.
- If the operator uses a template with a build component that must pull an image from a private registry, the build might fail with an authentication error. To resolve this error, see Build error due to image pull authentication.
Adding the IBM Operator Catalog source to OperatorHub
You can add the IBM Operator Catalog as a source on OperatorHub by configuring a CatalogSource
.
- Create a YAML file specifying the catalog source.
apiVersion: operators.coreos.com/v1alpha1 kind: CatalogSource metadata: name: ibm-operator-catalog namespace: openshift-marketplace spec: displayName: "IBM Operator Catalog" publisher: IBM sourceType: grpc image: icr.io/cpopen/ibm-operator-catalog:latest updateStrategy: registryPoll: interval: 45m
- Apply the file to the cluster.
kubectl apply -f <file_name>
Disabling OperatorHub and mirroring catalog source images to icr.io
You can disable and mirror the OperatorHub catalog source images by following the Operator Lifecycle Manager (OLM) on restricted networks documentation from Red Hat.
Mirroring OperatorHub is required to use operators with clusters that have private-only network configurations.
To understand why you might disable and mirror the catalog, consider the following scenarios.
- For private clusters: The Red Hat-provided OperatorHub source images require access to the
registry.redhat.io
andquay.io
registries. If your cluster runs on a restricted network, such as in a VPC without a public gateway or classic worker nodes on only a private VLAN, these images are not accessible - You want to restrict the catalog content that is available to your cluster users in OperatorHub.
Before you begin
- Make sure that you have the Manager service role to the cluster in all namespaces in IBM Cloud IAM.
- Install the
opm
command-line interface, including its prerequisite tools such aspodman
. - Have a Red Hat account with credentials to pull images from the
registry.redhat.io
andquay.io
registries, or use the default global pull secret.
To disable and mirror the OperatorHub source images:
- Disable the catalog sources as described in Disabling the default OperatorHub sources.
- Optional: Prune the catalog index to a select list of packages as described in Pruning an index image. You might prune the catalog to control what images your cluster users can install and to reduce the size of the images in your registry.
- Mirror the catalog to your compatible registry, such as IBM Cloud Container Registry, as described in Mirroring an Operator catalog.
Getting support for Operators
You can open an IBM Cloud support ticket for issues about any operator installed from Operator Hub. If IBM support cannot resolve the issue or if the issue originates from outside of the IBM service, an issue is opened with Red Hat OpenShift.
Operator FAQ
- Which Operators in the OpenShift OperatorHub are available for use in the Red Hat OpenShift on IBM Cloud service?
- By default, Red Hat OpenShift on IBM Cloud includes the standard Red Hat OpenShift OperatorHub and its contents. For a list of Operators that are unsupported, see Unsupported features and operators in Red Hat OpenShift on IBM Cloud.
- Is OpenShift Data Foundation available for Red Hat OpenShift on IBM Cloud?
- Yes. However, ODF for IBM Cloud is available as a cluster add-on. There is no support for deploying the ODF operator via OperatorHub. For more information on the ODF add-on for storage, see Understanding OpenShift Data Foundation.
- Are the IBM Cloud service level agreement terms impacted by the availability of OperatorHub items?
- No. All OpenShift OperatorHub installable items are outside of the control of IBM Cloud and therefore do not impact the IBM Cloud service level agreement terms. If you install an Operator from OperatorHub and it impacts the viability of your cluster, IBM is not responsible and you cannot make a claim against the service level agreement. See the service level agreement terms for more information.
- Who is responsible for the security of the operators that are available as a part of the OperatorHub?
- Responsibility for the security of an operator depends on the operator type. For information on operator types, see About OperatorHub. Security for
Red Hat
,Certified
, andRed Hat Marketplace
operators is maintained by Red Hat OpenShift. Red Hat OpenShift is not responsible for security forCommunity
orCustom
operators, which are maintained and supported outside of Red Hat. Note that you can filter out different operator types in OperatorHub, or you can set the spec section of your OperatorHub configuration file to exclude certain operators, such as in the example below.Spec: Sources: Disabled: true Name: community-operators