Adding services by using Operators

Using Operators in clusters

Operators are available in your cluster by default and can be used to package, deploy, and update your apps.

Before you begin, check the status of any existing operators in your cluster. Resolve any issues before using operators to manage your apps.

1. To use operators, follow the Red Hat OpenShift documentation.
   • Adding Operators to a cluster
   • Deleting Operators from a cluster
   • Creating applications from installed Operators
   • Making your own custom Operator.
     • For help creating custom Operators, see the Operator SDK documentation, which includes a guide to build an operator that is based on a Helm chart.
     • To manage your custom Operator, see the Operator Lifecycle Manager documentation.
2. Review any custom steps to install an operator in your cluster.
   • To set up an OpenShift Container Platform Elasticsearch, Fluentd, and Kibana (EFK) stack, see installing the cluster logging operator.
3. If the operator uses a template with a build component that must pull an image from a private registry, the build might fail with an authentication error. To resolve this error, see Build error due to image pull authentication.

Adding the IBM Operator Catalog source to OperatorHub

You can add the IBM Operator Catalog as a source on OperatorHub by configuring a CatalogSource.

1. Create a YAML file specifying the catalog source.

   apiVersion: operators.coreos.com/v1alpha1
   kind: CatalogSource
   metadata:
     name: ibm-operator-catalog
     namespace: openshift-marketplace
   spec:
     displayName:  "IBM Operator Catalog"
     publisher: IBM
     sourceType: grpc
     image: icr.io/cpopen/ibm-operator-catalog:latest
     updateStrategy:
       registryPoll:
         interval: 45m
   

2. Apply the file to the cluster.

   kubectl apply -f <file_name>
   

Disabling OperatorHub and mirroring catalog source images to icr.io

You can disable and mirror the OperatorHub catalog source images by following the Operator Lifecycle Manager (OLM) on restricted networks documentation from Red Hat.

Mirroring OperatorHub is required to use operators with clusters that have private-only network configurations.

To understand why you might disable and mirror the catalog, consider the following scenarios.

• For private clusters: The Red Hat-provided OperatorHub source images require access to the registry.redhat.io and quay.io registries. If your cluster runs on a restricted network, such as in a VPC without a public gateway or classic worker nodes on only a private VLAN, these images are not accessible
• You want to restrict the catalog content that is available to your cluster users in OperatorHub.

Before you begin

• Make sure that you have the Manager service role to the cluster in all namespaces in IBM Cloud IAM.
• Install the opm command-line interface, including its prerequisite tools such as podman.
• Have a Red Hat account with credentials to pull images from the registry.redhat.io and quay.io registries, or use the default global pull secret.

To disable and mirror the OperatorHub source images:

1. Disable the catalog sources as described in Disabling the default OperatorHub sources.
2. Optional: Prune the catalog index to a select list of packages as described in Pruning an index image. You might prune the catalog to control what images your cluster users can install and to reduce the size of the images in your registry.
3. Mirror the catalog to your compatible registry, such as IBM Cloud Container Registry, as described in Mirroring an Operator catalog.

Getting support for Operators

You can open an IBM Cloud support ticket for issues about any operator installed from Operator Hub. If IBM support cannot resolve the issue or if the issue originates from outside of the IBM service, an issue is opened with Red Hat OpenShift.

Operator FAQ

Which Operators in the OpenShift OperatorHub are available for use in the Red Hat OpenShift on IBM Cloud service?

By default, Red Hat OpenShift on IBM Cloud includes the standard Red Hat OpenShift OperatorHub and its contents. For a list of Operators that are unsupported, see Unsupported features and operators in Red Hat OpenShift on IBM Cloud.

Is OpenShift Data Foundation available for Red Hat OpenShift on IBM Cloud?

Yes. However, ODF for IBM Cloud is available as a cluster add-on. There is no support for deploying the ODF operator via OperatorHub. For more information on the ODF add-on for storage, see Understanding OpenShift Data Foundation.

Are the IBM Cloud service level agreement terms impacted by the availability of OperatorHub items?

No. All OpenShift OperatorHub installable items are outside of the control of IBM Cloud and therefore do not impact the IBM Cloud service level agreement terms. If you install an Operator from OperatorHub and it impacts the viability of your cluster, IBM is not responsible and you cannot make a claim against the service level agreement. See the service level agreement terms for more information.

Who is responsible for the security of the operators that are available as a part of the OperatorHub?

Responsibility for the security of an operator depends on the operator type. For information on operator types, see About OperatorHub. Security for Red Hat, Certified, and Red Hat Marketplace operators is maintained by Red Hat OpenShift. Red Hat OpenShift is not responsible for security for Community or Custom operators, which are maintained and supported outside of Red Hat. Note that you can filter out different operator types in OperatorHub, or you can set the spec section of your OperatorHub configuration file to exclude certain operators, such as in the example below.

Spec:
  Sources:
    Disabled:  true
    Name:      community-operators