Deploying and Managing OpenShift Operators

Deploying and managing OpenShift Operators is a crucial part of utilizing this technology to its full potential. Operators are software that automate the management of complex applications and services, and they need to be deployed and managed carefully.

To deploy an Operator, you need to create a catalog source that points to the Operator's repository. This catalog source is then used to install and manage the Operator.

Once an Operator is deployed, it needs to be managed to ensure it runs smoothly and efficiently. This involves monitoring its performance, updating its configuration, and resolving any issues that may arise.

Operators can be managed using the OpenShift console or the CLI. The console provides a user-friendly interface for managing Operators, while the CLI offers more advanced options for automating management tasks.

Installing operators in OpenShift is a straightforward process. You can find operators in the OperatorHub, accessible from the web UI of your OpenShift cluster, under Operators -> OperatorHub.

To install an operator, simply click the Install button and select an update channel, installation mode, and update approval. Once installed, the operator should be visible in Operators -> Installed Operators.

You can also install a specific version of an operator by editing its Subscription and specifying the version to be installed. This will prevent automatic updates, and you'll need to manually approve any future updates.

Installing from OperatorHub is a straightforward process that allows you to discover and install operators directly from the OpenShift web console. You can access OperatorHub from the Operators -> OperatorHub menu.

To install an operator, simply click the Install button and select an update channel, installation mode, and update approval. The installation mode options include specific or all namespaces, and update approval can be set to automatic or manual.

Once installed, the operator will be visible in the Operators -> Installed Operators menu. You can verify the installation by checking the logs in any pods in the openshift-operators project on the Workloads -> Pods page.

Here are the general steps to install an operator from OperatorHub:

Note: It's recommended to use the stable channel for seamless upgrades, and to prefer manual approval for production environments.

EDB Postgres for Kubernetes' CSV owns some predefined cluster roles that can be used by customer-facing users and service accounts.

These cluster roles are deployed by OLM and include a role for full administration, editing, viewing, and viewing the actual CRD.

Cluster roles are not a security threat, but rather the recommended way to define templates for roles in OpenShift.

You can verify the list of predefined cluster roles by running a command.

Here are the predefined cluster roles:

These cluster roles can be used in conjunction with ClusterRoleBinding objects for global permissions or with RoleBinding objects for local permissions.

Kubernetes Operators manage applications by extending the Kubernetes Controllers and Resources concept. This concept involves K8S resources, such as Pods and ConfigMaps, being managed by controllers like Deployments and ReplicaSets using Kubernetes APIs and tools like kubectl.

Kubernetes uses declarative APIs, which means controllers observe the current state, analyze it against the desired state, and act to meet that desired state. This process is idempotent, meaning it can be repeated without causing unintended consequences.

To create and manage apps in a Kubernetes way, you need to create a Custom Resource Definition (CRD) and a custom resource for your app. This allows Kubernetes to understand your app.

A custom controller, also known as a Kubernetes Operator, is created to observe, analyze, and act on your app. This controller has the human knowledge to manage the application defined by the CR.

There are three types of Operator SDKs, each with varying scopes of management for the Operators created.

OLM operators can rely on other OLM operators designated as dependent operators.

These dependent operators are automatically included when installing an operator with dependencies.

Trilio recognizes all dependent operators and ensures their inclusion in the backup, along with their custom resources.

It follows a reverse sequence during the restoration process, starting with the restoration of dependent operators and their custom resources.

In cases where a particular operator is already present in the cluster, Trilio skips those operators and focuses on restoring their custom resources.

This seamless alignment with existing operators ensures a smooth restoration process.

OLM is a crucial component of your cluster, responsible for deploying resources defined in ClusterServiceVersion on a namespace.

To create a backup for an OLM operator, you'll need to generate a Backup Plan at the application level and pick the operator along with its custom resources.

OLM operators can be backed up in their native form, but this requires defining an application-level backup plan, as namespace backup doesn't support OLM backups in their native form.

The OLM Operator deploys the resources defined in ClusterServiceVersion present on the namespace.

To backup OLM operators, you'll need to select the operator in the Backup Plan's operator section, which will then display both the custom resources associated with it and any dependent operators it installs.

By choosing the custom resources you wish to incorporate into your backup, you can create a sample Backup Plan that will backup the OLM operators in their native form.

OLM operators can rely on other OLM operators designated as dependent operators, which are automatically included when installing an operator with dependencies.

This means that if you have an operator that depends on another operator, both operators will be installed together.

OLM dependency resolution is a complex process, but fortunately, the official documentation provides detailed insights into how it works.

Trilio, a reliable backup solution, recognizes all dependent operators linked to an operator and ensures their inclusion in the backup.

During the restoration process, Trilio follows a reverse sequence, starting with the restoration of dependent operators and their custom resources.

This approach ensures that the dependent operators are restored before the parent operator, which is essential for a smooth restoration process.

In cases where a particular operator is already present in the cluster, Trilio detects this presence and skips restoring that operator, instead focusing on restoring its custom resources.