Onboarding your Operator
This tutorial walks you through how to onboard a sample Node-RED Operator to your private catalog in IBM Cloud®. You can onboard an Operator or Operator bundle by using a TGZ file. By completing this tutorial, you learn how to import the Operator, configure the deployment, license, and other details, and validate that the Operator can be installed on a Red Hat OpenShift cluster.
Before you begin
-
Upload your Operator and application images to IBM Cloud® Container Registry.
-
Upload your source code to your repository.
Use the latest release of the sample Node-RED Operator as an example of how to set up your directory structure.
-
Make sure you're assigned the IBM Cloud Identity and Access Management (IAM) editor role on the Catalog Management and Partner Center - Sell services. See Assigning access to account management services for more information.
For Operator bundles, you also need the following IBM Cloud Identity and Access Management (IAM) roles.
- Administrator on all account management services and all IAM services
- Editor on the software instance service
- Editor on the IBM Cloud Container Registry service
- Administrator on the Red Hat OpenShift on IBM Cloud cluster
Make sure that you use the same account to access IBM Cloud Container Registry and to create the Red Hat OpenShift on IBM Cloud cluster.
Import your Operator
-
In the IBM Cloud console, click the Navigation Menu icon
> Partner Center > My products.
-
Select the product that you're onboarding.
-
From the Software page, click Import a version.
-
Choose Operator from GitHub repository as your deployment method.
-
Confirm that Public repository is set as the repository type.
-
Enter
https://github.com/IBM-Cloud/operator-bundle-sample/archive/refs/tags/v0.0.3.tar.gz
as your source URL. -
Enter the software version in the format of major version, minor version, and revision, for example,
1.0.0
.Enter the version of your software and not the version of your Operator. For example, you might be using Operator version 1.3.0 to install software version 3.1.1.
-
Click Add version.
Review your version details
From the Configure version tab, you can review your version details. After you review your version details, click Next.
Set an image pull secret
When you create your Red Hat® OpenShift® on IBM Cloud® cluster, the cluster includes an IAM service ID that is given reader access to IBM Cloud Container Registry. The service ID credentials are authenticated in a nonexpiring service ID API key that is stored in image pull secrets in your cluster. As part of configuring the deployment details, you set a pull secret that's used to access and pull your images from the private IBM Cloud Container Registry repository.
- From the Set an image pull secret section, click Add image pull secret.
- Enter the name and value of the image pull secret.
- Click Update.
- From the Image pull secret name list, select the image pull secret that you just added.
- Click Next.
Set the license requirements
If users are required to accept any license agreements beyond the IBM Cloud Services Agreement, provide the URL to each agreement.
- From the Add license agreements tab, click Add license.
- Enter the name and URL, and click Add license.
- After you enter all additional license agreements, click Next.
Review your readme file
When users install the software, they can view product information by clicking the Readme link. The information in the Readme link is generated from the readme file that you uploaded to your source repository.
- From the Edit readme tab, click the Edit icon
.
- Preview how the information in the readme file is displayed to users when they install the Operator.
- If you need to make changes, edit the information in the source code and import the updated code file to your private catalog.
- Click Save.
- Click Next.
Validate the software version
-
From the Validate product tab, select the target cluster and project, and click Next.
-
Configure your Schematics workspace by entering the name of your workspace, selecting a resource group, selecting a Schematics region, and optionally adding tags. Then, click Next.
You can accept the default options that are displayed for your workspace name and resource group.
-
Click Validate.
Manage compliance
You can add profiles and controls to your software to prove that it meets security and compliance requirements. You must use Security and Compliance Center to scan the resources created during validation.
Only profiles and controls that are supported by the Security and Compliance Center and validated by Security and Compliance Center scans appear in the catalog.
Run a Security and Compliance Center scan
When you claim profiles and controls, you must evaluate the resources that were created during validation to ensure compliance. To run a scan, complete the following steps:
- In the IBM Cloud console, click the Menu icon
> Security and Compliance to access Security and Compliance Center.
- In the navigation, click Profile.
- Click the Overflow menu in the row of the profile that you want to evaluate and select Run scan.
- Click Run scan.
After your scan completes, you can return to your private catalog to continue the onboarding process.
Adding compliance controls
Add the profiles and controls that you want to claim.
- In the Manage compliance section of your product, select Add claims.
- Select the profile that you want to add.
- Choose to add the entire profile or a subset of controls.
- If you choose an entire profile, continue to the next step. If you choose to add a subset of controls, select the controls that you want to add.
- Click Add.
Applying Security and Compliance Center scans
Add the scans that you previously ran in the Security and Compliance Center. Security and Compliance Center scans determine adherence to regulatory controls. For more information, see Running a scan on demand.
- Click Add scan.
- Select the profile that you used for the evaluation.
- Select the Security and Compliance Center scan.
- Click Apply scan.
- Click Next.
Review requirements
You must complete validation and any other requirements to publish your operator.
Next steps
Go to Partner Center and submit your request to publish your Operator to the IBM Cloud catalog.