OpenShift is a powerful platform for managing containerized applications, but its lifecycle can be complex. OpenShift provides a robust set of features for deploying, scaling, and managing applications in a containerized environment.
The OpenShift lifecycle can be broken down into several key stages, including planning, deployment, scaling, and maintenance. Each stage requires careful consideration to ensure the smooth operation of applications.
Planning is a critical stage in the OpenShift lifecycle, as it involves defining the architecture and infrastructure requirements for the application. This includes selecting the right containerization technology, such as Docker, and designing the application's network topology.
OpenShift provides a range of tools and features to support the deployment stage, including the ability to deploy applications from a variety of sources, such as Git repositories and Docker registries.
What Is OpenShift Lifecycle
OpenShift Lifecycle is a comprehensive platform for managing the entire life cycle of containerized applications. It supports multiple cloud environments.
OpenShift provides a flexible and scalable architecture, with a built-in CI/CD pipeline that automates testing, deployment, and scaling of applications. This allows developers to focus on writing code rather than managing infrastructure.
OpenShift's lifecycle stages include planning, deployment, scaling, and monitoring, which are all crucial for ensuring the smooth operation of containerized applications.
Definitions
OpenShift Lifecycle has its own way of referring to different types of releases. These are called major releases, minor releases, and patch releases.
A major release is simply referred to as an X-release, and it follows the format of X.y.z. For example, "Major release 5" would be 5.y.z.
The format for minor releases, or Y-releases, is x.Y.z. So, "Minor release 4" would be 4.4.z.
Patch releases, or Z-releases, follow the format of x.y.Z. For instance, "Patch release 14 of minor release 5" would be 4.5.14.
Here's a quick summary of the three types of releases:
Life Cycle Dates
OpenShift Lifecycle dates are a crucial aspect to consider when working with the platform. Each version of OpenShift has a specific lifecycle that includes general availability and end of life dates.
The general availability date marks when a new version becomes available for use, while the end of life date indicates when the version will no longer be supported. This means that it's essential to plan ahead and ensure you're using a supported version of OpenShift.
Here's a breakdown of the lifecycle dates for some of the recent versions of OpenShift:
It's clear that OpenShift's lifecycle dates are carefully planned and communicated to ensure a smooth transition between versions.
Architecture and Versions
Red Hat OpenShift (RHOS) has a robust architecture that's worth understanding. RHOS sits on top of the Infrastructure Layer, which can be a Bare Metal server, a Virtual machine, or any Cloud provider that supports RHOS.
The Operating System Layer, typically Red Hat Enterprise Linux (RHEL) or Linux CoreOS, manages the kernel-level processes needed to run applications or services. This layer provides a solid foundation for RHOS.
The Orchestration Layer is where Kubernetes comes in, fundamentally managing the orchestration of services and applications. RHOS uses a specific approach to orchestration, setting the standard for how Kubernetes is implemented.
Here's a quick rundown of the supported major versions of RHOS: Major versions (X.y.z) are supported for one year following the release of a subsequent major version or the retirement of the product.For example, version 4 would be allowed to continue running on managed clusters for 12 months after version 5 is released, until December 31.
Architectural Overview
RHOS sits on top of the Infrastructure Layer, which can be a Bare Metal server, a Virtual machine, or any Cloud provider that supports RHOS, giving you a lot of deployment options.
The Operating System Layer manages the RHOS, and Red Hat Enterprise Linux, or RHEL, and now Linux CoreOS, as of RHOS v4, are the most often used OSs used.
Kubernetes is the software that manages the orchestration of services and applications, and RHOS uses a specific approach on how it approaches orchestration using Kubernetes.
Red Hat OpenShift is essentially a "flavor" of Kubernetes or an opinionated version of Kubernetes, adding a new level of options for Application lifecycle management.
RHOS gives you access to tools like Jenkins, Source-to-Image (S2I), Ansible Automations, and more.
The RHOS architecture is designed to be flexible, allowing you to deploy it on a variety of infrastructure, from Bare Metal to Cloud providers.
RHOS uses Red Hat Enterprise Linux, or RHEL, and Linux CoreOS as its Operating System, providing a solid foundation for its operations.
Kubernetes is the backbone of RHOS, managing the orchestration of services and applications, and RHOS sets the standard and approach on how it's implemented.
RHOS adds a new level of options for Application lifecycle management, including tools like Jenkins, Source-to-Image (S2I), and Ansible Automations.
The RHOS architecture is designed to be scalable, allowing you to easily add or remove resources as needed.
RHOS uses Kubernetes to manage the orchestration of services and applications, providing a robust and flexible solution.
RHOS gives you access to a wide range of tools and features, including Jenkins, Source-to-Image (S2I), and Ansible Automations, making it a powerful platform for application development and deployment.
Major Versions (X.Y.Z)
Major versions of OpenShift Dedicated, such as version 4, are supported for one year following the release of a subsequent major version or the retirement of the product. This means you have 12 months to upgrade or migrate your clusters to a newer version.
For example, if version 5 were made available on OpenShift Dedicated on January 1, version 4 would be allowed to continue running on managed clusters until December 31. After this time, clusters would need to be upgraded or migrated to version 5.
You can plan your upgrades and migrations accordingly, taking into account the one-year support window for major versions.
Installation and Upgrade
To install an Operator, a cluster administrator or a user with Operator installation permissions must create a Subscription object that represents the intent to subscribe to a stream of available versions of the Operator from a catalog source.
The subscription then creates an InstallPlan object to facilitate the installation of the resources for the Operator. The install plan must be approved according to one of two approval strategies: Automatic or Manual.
If the subscription's spec.installPlanApproval field is set to Automatic, the install plan is approved automatically. If it's set to Manual, the install plan must be manually approved by a cluster administrator or user with proper permissions.
Here are the steps to approve an install plan:
- If the subscriptionโs spec.installPlanApproval field is set to Automatic, the install plan is approved automatically.
- If the subscriptionโs spec.installPlanApproval field is set to Manual, the install plan must be manually approved by a cluster administrator or user with proper permissions.
After the install plan is approved, Operator Lifecycle Manager (OLM) creates the specified resources and installs the Operator in the namespace that is specified by the subscription.
Installation Policy
Red Hat recommends installing the latest support release, but you have the flexibility to install any supported release.
You're not locked into the latest version, as OpenShift Dedicated supports installation of any supported release.
The installation policy allows for flexibility in choosing the right release for your needs.
Red Hat's recommendation is to install the latest support release, but you have the freedom to choose another supported release.
Mandatory Upgrades
Mandatory upgrades are a crucial aspect of maintaining a secure and stable OpenShift Container Platform cluster. If a critical or important CVE is identified, customers must upgrade to the next supported patch release within two business days.
In extreme circumstances, Red Hat will notify customers that they have two business days to schedule or manually update their cluster to the latest, secure patch release. If an update is not performed after this time, Red Hat will automatically update the cluster to mitigate potential security breaches or instability.
Red Hat might temporarily delay an automated update if requested by a customer through a support case. This shows that Red Hat is willing to work with customers to ensure a smooth upgrade process.
Here's a summary of the mandatory upgrade process:
In some cases, Red Hat will automatically update the cluster to the latest, secure patch release if an update is not performed after two business days. This is done to prevent potential security breaches or instability.
Deploy Source
Deploying a catalog source is a crucial step in making your applications visible in Operator Hub. A catalog source is a CRD that points to a catalog index image.
You'll need to create a catalog source yaml file that points to the catalog index image. This image is what ties your applications to the Operator Hub.
To deploy the catalog source, you'll need to create a yaml file under the openshift-marketplace namespace. This is where OLM is typically deployed, but you can choose a different namespace if needed.
Each catalog has its own operator or pod, which is responsible for managing the applications it contains. This operator will run in the openshift-operators namespace for cluster-wide operators.
After deploying the catalog source, your applications will show up in Operator Hub, where they can be installed by users.
Install Plan
To create an install plan, you need to define a set of resources that Operator Lifecycle Manager (OLM) will create to install or upgrade an Operator to a specific version. This version is defined by a cluster service version (CSV).
An InstallPlan object describes this set of resources. To get started, a cluster administrator or a user with Operator installation permissions must create a Subscription object, which represents the intent to subscribe to a stream of available versions of an Operator from a catalog source.
The subscription then creates an InstallPlan object to facilitate the installation of the resources for the Operator. This is a crucial step, as it enables the installation process to proceed.
The install plan must be approved according to one of two approval strategies: Automatic or Manual. If the subscription's spec.installPlanApproval field is set to Automatic, the install plan is approved automatically. If it's set to Manual, the install plan must be manually approved by a cluster administrator or user with proper permissions.
Here are the approval strategies:
After the install plan is approved, OLM creates the specified resources and installs the Operator in the namespace that is specified by the subscription.
Topology Aware Manager Installation on Hub Cluster
To install the Topology Aware Lifecycle Manager on your Hub Cluster, you'll need to access the Openshift Web Console. From there, navigate to Operators --> OperatorHub.
To find the Topology Aware Lifecycle Manager, simply search for GitOps and click on the "Topology Aware Lifecycle Manager" provided by Red Hat.
Next, create the bare-metal secret. Since my environment is libvirt/redfish, any username/password combination will work. I used test/test and encoded it with base64.
Cluster Service Version
A Cluster Service Version (CSV) is a YAML manifest that represents a specific version of a running Operator on an OKD cluster.
This CSV is created from Operator metadata that assists Operator Lifecycle Manager (OLM) in running the Operator safely on the cluster.
OLM requires this metadata to ensure the Operator can be kept running safely and to provide information about how updates should be applied as new versions are published.
A CSV includes metadata that accompanies an Operator container image, such as its name, version, description, labels, repository link, and logo.
It also includes technical information required to run the Operator, such as custom resources (CRs) it manages or depends on, RBAC rules, cluster requirements, and install strategies.
To create a CSV, you need the deployment scaffolding, which are the objects and CRDs that your Operator requires. These are created automatically when using the operator-sdk to create an application under the deploy directory.
The generate csv command will create an olm_catalog/cars-operator/manifests directory, where you'll find the 'clusterserviceversion' yaml, but you'll want to edit and add more information to it.
If you want to add an icon to your Operator in Operator Hub, the image needs to be a base64 bit stream inside the CSV.
Sources
- https://dev.to/ibmdeveloper/red-hat-openshift-1001-what-is-red-hat-openshift-and-why-does-it-matter-64n
- https://docs.openshift.com/dedicated/osd_architecture/osd_policy/osd-life-cycle.html
- https://docs.okd.io/latest/operators/understanding/olm/olm-understanding-olm.html
- https://myopenshiftblog.com/managing-ocp-infrastructures-using-gitops-part-3/
- https://keithtenzer.com/openshift/openshift-operator-lifecycle-management-guide-integrating-operators-in-olm-part-iv/
Featured Images: pexels.com