Operator Lifecycle Manager

Operator Lifecycle Manager

Observe the Operator Lifecycle Manager Custom Resource Definitons:

oc get crd | grep -E 'catalogsource|subscription|clusterserviceversion|packagemanifest|installplan|operatorgroup'

OLM is powered by controllers that reside within the openshift-operator-lifecycle-manager namespace as three Deployments (catalog-operator, olm-operator, and packageserver):

oc -n openshift-operator-lifecycle-manager get deploy
oc get catalogsources -n openshift-marketplace

Here is a brief summary of each CatalogSource:

  • Certified Operators:
    • All Certified Operators have passed Red Hat OpenShift Operator Certification, an offering under Red Hat Partner Connect, our technology partner program. In this program, Red Hat partners can certify their Operators for use on Red Hat OpenShift. With OpenShift Certified Operators, customers can benefit from validated, well-integrated, mature and supported Operators from Red Hat or partner ISVs in their hybrid cloud environments.

To view the Operators included in the Certified Operators CatalogSource, run the following:

oc get packagemanifests -l catalog=certified-operators
  • Community Operators:
    • With access to community Operators, customers can try out Operators at a variety of maturity levels. Delivering the OperatorHub community, Operators on OpenShift fosters iterative software development and deployment as Developers get self-service access to popular components like databases, message queues or tracing in a managed-service fashion on the platform. These Operators are maintained by relevant representatives in the operator-framework/community-operators GitHub repository.

To view the Operators included in the Community Operators CatalogSource, run the following:

oc get packagemanifests -l catalog=community-operators
  • Red Hat Operators:
    • These Operators are packaged, shipped, and supported by Red Hat.

To view the Operators included with the RedHat Operators CatalogSource, run the following:

oc get packagemanifests -l catalog=redhat-operators
  • Red Hat Marketplace:
    • Built in partnership by Red Hat and IBM, the Red Hat Marketplace helps organizations deliver enterprise software and improve workload portability. Learn more at marketplace.redhat.com.

To view the Operators included in the Red Hat Marketplace CatalogSource, run the following:

oc get packagemanifests -l catalog=redhat-marketplace

You can login to the openshift console by following the https link you get from the following:

oc get routes -A|grep console

You need need credentials to login:

username: kubeadmin
password: {{ provided by your instructor }}

The OLM panel appears in the Operators pane:

Let’s begin my creating a new project called myproject.

oc new-project myproject

We should first create an OperatorGroup (https://operator-framework.github.io/olm-book/docs/operator-scoping.html) to ensure Operators installed to this namespace will be capable of watching for Custom Resources within the myproject namespace:

cat > argocd-operatorgroup.yaml <<EOF
apiVersion: operators.coreos.com/v1
kind: OperatorGroup
  name: argocd-operatorgroup
  namespace: myproject
    - myproject

Create the OperatorGroup:

oc create -f argocd-operatorgroup.yaml

Verify the OperatorGroup has been successfully created:

oc get operatorgroup argocd-operatorgroup 

Create a Subscription manifest for the ArgoCD Operator (https://github.com/argoproj-labs/argocd-operator). Ensure the installPlanApproval is set to Manual. This will allow us to review the InstallPlan before choosing to install the Operator:

cat > argocd-subscription.yaml <<EOF
apiVersion: operators.coreos.com/v1alpha1
kind: Subscription
  name: argocd-operator
  namespace: myproject 
  channel: alpha
  installPlanApproval: Manual
  name: argocd-operator
  source: community-operators
  sourceNamespace: openshift-marketplace

Create the Subscription:

oc create -f argocd-subscription.yaml

Verify the Subscription was created:

oc get subscription

The creation of the subscription will also trigger OLM to automatically generate an InstallPlan:

oc get installplan
ARGOCD_INSTALLPLAN=`oc get installplan -o jsonpath={$.items[0].metadata.name}`
oc get installplan $ARGOCD_INSTALLPLAN -o yaml

Navigate to the Operators section of the UI and select the ArgoCD Operator under Installed Operators. Ensure you are scoped to the myproject namespace. You should click on the InstallPlan on the bottom right of the screen:

You can install the Operator by approving the InstallPlan via the OpenShift console or with the following command:

oc patch installplan $ARGOCD_INSTALLPLAN --type='json' -p '[{"op": "replace", "path": "/spec/approved", "value":true}]'

Once the InstallPlan is approved, you will see the newly provisioned ClusterServiceVersion, ClusterResourceDefinition, Role and RoleBindings, Service Accounts, and Argo-CD Operator Deployment.

oc get clusterserviceversion
oc get crd | grep argoproj.io

oc get sa | grep argocd

oc get roles | grep argocd

oc get rolebindings | grep argocd

oc get deployments

When the ArgoCD Operator is running, we can observe its logs by running the following:

ARGOCD_OPERATOR=`oc get pods -o jsonpath={$.items[0].metadata.name}`
oc logs $ARGOCD_OPERATOR -c manager

The ArgoCD Operator is now waiting for the creation of an ArgoCD Custom Resource within the myproject namespace.Let’s deploy our ArgoCD Server “operand” by creating the ArgoCD manifest via the CLI. You can also do this on the OpenShift console.

cat > argocd-cr.yaml <<EOF
apiVersion: argoproj.io/v1alpha1
kind: ArgoCD
  name: example-argocd
  namespace: myproject
    image: quay.io/ablock/dex
    openShiftOAuth: true
    version: openshift-connector
    policy: |
      g, system:cluster-admins, role:admin
      enabled: true

Create the ArgoCD Custom Resource:

oc create -f argocd-cr.yaml

The ArgoCD Operator should now begin to generate the ArgoCD Operand artifacts. This can take up to one minute:

oc get deployments
oc get secrets
oc get services
oc get routes
ARGOCD_ROUTE=`oc get routes example-argocd-server -o jsonpath={$.spec.host}`

Select Login via OpenShift to use OpenShift as our identity provider.
For more information on getting started with ArgoCD on OpenShift 4, check out this video.

You can easily uninstall your operator by first removing the ArgoCD Custom Resource:

oc delete argocd example-argocd

Removing the ArgoCD Custom Resource, should remove all of the Operator’s Operands:

oc get deployments

And then uninstalling the Operator:

oc delete -f argocd-subscription.yaml
ARGOCD_CSV=`oc get csv -o jsonpath={$.items[0].metadata.name}`
oc delete csv $ARGOCD_CSV

Once the Subscription and ClusterServiceVersion have been removed, the Operator and associated artifacts will be removed from the cluster:

oc get pods
oc get roles