operator framework - openshift...helm sdk ansible sdk go sdk helm chart ansible playbooks, roles...
TRANSCRIPT
![Page 1: Operator Framework - OpenShift...Helm SDK Ansible SDK Go SDK Helm Chart Ansible Playbooks, Roles & APBs Build operators from Helm chart, without any coding Build operators from Ansible](https://reader035.vdocuments.mx/reader035/viewer/2022062508/5fe9fc0e7c053147b15c50fc/html5/thumbnails/1.jpg)
Operator Framework
Rob SzumskiProduct Manager, OpenShift
1
![Page 2: Operator Framework - OpenShift...Helm SDK Ansible SDK Go SDK Helm Chart Ansible Playbooks, Roles & APBs Build operators from Helm chart, without any coding Build operators from Ansible](https://reader035.vdocuments.mx/reader035/viewer/2022062508/5fe9fc0e7c053147b15c50fc/html5/thumbnails/2.jpg)
2
A broad ecosystem of workloadsOperator-backed services allow for a
SaaS experience on your own infrastructure
Relational DBs
NoSQL DBs
Storage
Messaging
Security
Monitoring
AL/ML
Big Data
DevOps
![Page 3: Operator Framework - OpenShift...Helm SDK Ansible SDK Go SDK Helm Chart Ansible Playbooks, Roles & APBs Build operators from Helm chart, without any coding Build operators from Ansible](https://reader035.vdocuments.mx/reader035/viewer/2022062508/5fe9fc0e7c053147b15c50fc/html5/thumbnails/3.jpg)
3
Embed ops knowledge from the
experts
Operator v1.1.2 DeploymentsStatefulSetsAutoscalers
SecretsConfig maps
OPERATOR BASICS
![Page 4: Operator Framework - OpenShift...Helm SDK Ansible SDK Go SDK Helm Chart Ansible Playbooks, Roles & APBs Build operators from Helm chart, without any coding Build operators from Ansible](https://reader035.vdocuments.mx/reader035/viewer/2022062508/5fe9fc0e7c053147b15c50fc/html5/thumbnails/4.jpg)
4
● Operator SDK - Allows developers to build, package and test an Operator based on your expertise without requiring all the knowledge of Kubernetes API complexities
● Operator Lifecycle Manager - Helps you to deploy, and update, and generally manage the lifecycle of all of the Operators (and their associated services) running across your clusters
● OperatorHub.io - Publishing platform for Kubernetes Operators, allows for easy discovery and install of Operators using a graphical user interface
![Page 5: Operator Framework - OpenShift...Helm SDK Ansible SDK Go SDK Helm Chart Ansible Playbooks, Roles & APBs Build operators from Helm chart, without any coding Build operators from Ansible](https://reader035.vdocuments.mx/reader035/viewer/2022062508/5fe9fc0e7c053147b15c50fc/html5/thumbnails/5.jpg)
Build Operators for your appsBROAD ECOSYSTEM OF WORKLOADS
Generally AvailableProduct Manager: Daniel Messer
Ansible SDKHelm SDK Go SDK
Helm Chart Ansible Playbooks,Roles & APBs
Build operators from Helm chart, without any
coding
Build operators from Ansible playbooks and
APBs
Build advanced operators for full lifecycle
management
OPERATORSDK
![Page 6: Operator Framework - OpenShift...Helm SDK Ansible SDK Go SDK Helm Chart Ansible Playbooks, Roles & APBs Build operators from Helm chart, without any coding Build operators from Ansible](https://reader035.vdocuments.mx/reader035/viewer/2022062508/5fe9fc0e7c053147b15c50fc/html5/thumbnails/6.jpg)
6
Operator Capability Model
![Page 7: Operator Framework - OpenShift...Helm SDK Ansible SDK Go SDK Helm Chart Ansible Playbooks, Roles & APBs Build operators from Helm chart, without any coding Build operators from Ansible](https://reader035.vdocuments.mx/reader035/viewer/2022062508/5fe9fc0e7c053147b15c50fc/html5/thumbnails/7.jpg)
Red Hat Certified OperatorsBROAD ECOSYSTEM OF WORKLOADS
Generally AvailableProduct Manager: Daniel Messer
STORAGE
SECURITY
DATABASE
DATA SERVICES
APM
DEVOPS
![Page 8: Operator Framework - OpenShift...Helm SDK Ansible SDK Go SDK Helm Chart Ansible Playbooks, Roles & APBs Build operators from Helm chart, without any coding Build operators from Ansible](https://reader035.vdocuments.mx/reader035/viewer/2022062508/5fe9fc0e7c053147b15c50fc/html5/thumbnails/8.jpg)
OperatorHub data sourcesBROAD ECOSYSTEM OF WORKLOADS
Generally AvailableProduct Manager: Daniel Messer
Operator Metadata from quay.io● Backend for all default sources, cluster needs to be online● Supplies Red Hat Operators, ISV Operators and Community
Operator● Custom sources supported in customer-owned quay.io
namespaces
Operator Metadata in container images● Already used internally used by OLM● Operator package data is served from a SQlite database,
bundled up in a container image● Custom sources supported in customer-owned image registries● Cluster can be disconnected / air-gapped
Package namee.g. prometheus
Channel namee.g. stable
Operator Bundle 1
Operator Bundle 2
Channel namee.g. tech-preview
Operator Bundle 3
...
Operator Package Metadata
![Page 9: Operator Framework - OpenShift...Helm SDK Ansible SDK Go SDK Helm Chart Ansible Playbooks, Roles & APBs Build operators from Helm chart, without any coding Build operators from Ansible](https://reader035.vdocuments.mx/reader035/viewer/2022062508/5fe9fc0e7c053147b15c50fc/html5/thumbnails/9.jpg)
Operator SDKBROAD ECOSYSTEM OF WORKLOADS
Generally AvailableProduct Manager: Daniel Messer
Helm-based Operator● Support for Helm 2.14
○ Helm 3 Support under investigation● SDK automatically generates RBAC for your chart
Ansible-based Operator● Support for Prometheus Metrics● Uses UBI base-image● Molecule-based e2e testing
Golang-based Operator● Supporting Kubernetes 1.14● Remove $GOPATH dependency● Go module support● Support for Prometheus Metrics● Generate OpenAPI spec
Framework Integration● Single command to install / uninstall OLM:
operatork-sdk alpha olm [install|status|uninstall]
![Page 10: Operator Framework - OpenShift...Helm SDK Ansible SDK Go SDK Helm Chart Ansible Playbooks, Roles & APBs Build operators from Helm chart, without any coding Build operators from Ansible](https://reader035.vdocuments.mx/reader035/viewer/2022062508/5fe9fc0e7c053147b15c50fc/html5/thumbnails/10.jpg)
10
Next 3 months More than 9 monthsNext 3-9 months
OPERATOR SDK ROADMAP
Upstream compatibilityObjectives: - a single upstream effort for Golang Operators
Features: - Kubebuilder CLI support - Kubebuilder project layout compatibility
Stage: Development
Framework integrationObjectives: - OLM / SDK integrationFeatures: - install OLM from SDK CLI - run Operator with OLM from SDK CLIStage: Prototype
Operator SDK 1.0Objectives: - Stable interfaces and high project maturity
Features: - Helm v3 Operator / Ansible 1.0 Operator - Kubebuilder Integration - scorecard v2 / custom functional tests - stable OLM integration
Stage: Planning
Increase Language supportObjectives: - allow more people to write Operators
Features: - Java SDK - Python SDK
Stage: Discovery
SDK Developer ExperienceObjectives: - incrementally mature Operators - quick development feedback loop
Features: - modular Operator (mix helm/ansible/go) - skaffold integration
Stage: Discovery
![Page 11: Operator Framework - OpenShift...Helm SDK Ansible SDK Go SDK Helm Chart Ansible Playbooks, Roles & APBs Build operators from Helm chart, without any coding Build operators from Ansible](https://reader035.vdocuments.mx/reader035/viewer/2022062508/5fe9fc0e7c053147b15c50fc/html5/thumbnails/11.jpg)
11
● Official online catalog on catalog.redhat.com● Community catalog on operatorhub.io● OperatorHub on cluster accessible to admins ● Discovery/install of all optional components
and apps● Upstream and downstream content● ISV partners will support their Operators
Red Hat ProductsISV PartnersCommunity
TYPES OF OPERATORS
OPERATOR HUB ROADMAP
![Page 12: Operator Framework - OpenShift...Helm SDK Ansible SDK Go SDK Helm Chart Ansible Playbooks, Roles & APBs Build operators from Helm chart, without any coding Build operators from Ansible](https://reader035.vdocuments.mx/reader035/viewer/2022062508/5fe9fc0e7c053147b15c50fc/html5/thumbnails/12.jpg)
12
OPERATOR HUB ROADMAP
CSV Bundle Editor for Operator developers
![Page 13: Operator Framework - OpenShift...Helm SDK Ansible SDK Go SDK Helm Chart Ansible Playbooks, Roles & APBs Build operators from Helm chart, without any coding Build operators from Ansible](https://reader035.vdocuments.mx/reader035/viewer/2022062508/5fe9fc0e7c053147b15c50fc/html5/thumbnails/13.jpg)
4.1 Static Dependency ResolutionBROAD ECOSYSTEM OF WORKLOADS
Generally AvailableProduct Manager: Daniel Messer
YourOperator v1.1.2
requires
requires
Jaeger Operatorjaeger.jaegertracing.io/v1
CockroachDB Operatorcockroachdb.charts.helm.k8s.io/v1alpha1
resolves to
resolves to
Operator Framework Dependency Graphs
![Page 14: Operator Framework - OpenShift...Helm SDK Ansible SDK Go SDK Helm Chart Ansible Playbooks, Roles & APBs Build operators from Helm chart, without any coding Build operators from Ansible](https://reader035.vdocuments.mx/reader035/viewer/2022062508/5fe9fc0e7c053147b15c50fc/html5/thumbnails/14.jpg)
4.2 Automated Dependency ResolutionBROAD ECOSYSTEM OF WORKLOADS
Generally AvailableProduct Manager: Daniel Messer
YourOperator v1.1.2
requires
requires
Jaeger Operatorjaeger.jaegertracing.io/v1
CockroachDB Operatorcockroachdb.charts.helm.k8s.io/v1alpha1
resolves to
resolves to
Operator Framework Dependency Graphs
OPERATOR
LIFECYCLE MANAGER
installed by
installed by
![Page 15: Operator Framework - OpenShift...Helm SDK Ansible SDK Go SDK Helm Chart Ansible Playbooks, Roles & APBs Build operators from Helm chart, without any coding Build operators from Ansible](https://reader035.vdocuments.mx/reader035/viewer/2022062508/5fe9fc0e7c053147b15c50fc/html5/thumbnails/15.jpg)
15
BROAD ECOSYSTEM OF WORKLOADS
Product Manager: Daniel Messer Generally Available
Allow regular users to install Operators
● In 4.1: only users carrying cluster-admin roles are allowed to install Operators
● In 4.2: administrators can delegate install to users
○ cluster-admin select namespaces in which namespace admins can install operators self-sufficiently
○ cluster-admin defines ServiceAccount in this namespace
○ all installed Operators in this namespace get equal or lower permissions of this ServiceAccount
■ RBAC is typically limited to this namespace
OperatorGroup
ServiceAccount
SA Role
OperatorRole
cannot be greater thanNamespace /
Project
![Page 16: Operator Framework - OpenShift...Helm SDK Ansible SDK Go SDK Helm Chart Ansible Playbooks, Roles & APBs Build operators from Helm chart, without any coding Build operators from Ansible](https://reader035.vdocuments.mx/reader035/viewer/2022062508/5fe9fc0e7c053147b15c50fc/html5/thumbnails/16.jpg)
16
BROAD ECOSYSTEM OF WORKLOADS
Product Manager: Daniel Messer
Singleton CRs & Auto-create CRs from single click
Useful for: Serverless, Metering, Service Mesh, Pipelines, Logging, Container Storage & more
1. Install into a specific namespace from CSV
2. Automatically create an Operand instance
3. Hooks into OpenShift Console are installed/configured
a. If RH product, navigation shows up
b. Configure custom dashboards
c. Configure external links and banners
d. Register new CLIs in the downloads area
*Single click*
![Page 17: Operator Framework - OpenShift...Helm SDK Ansible SDK Go SDK Helm Chart Ansible Playbooks, Roles & APBs Build operators from Helm chart, without any coding Build operators from Ansible](https://reader035.vdocuments.mx/reader035/viewer/2022062508/5fe9fc0e7c053147b15c50fc/html5/thumbnails/17.jpg)
17
BROAD ECOSYSTEM OF WORKLOADS
Product Manager: Daniel Messer
Simplified Object Model
CSV + Subscription + InstallPlanapiVersion: operatorframework.io/v1alpha1kind: Operatormetadata: ...
1. Unlocks ability to install specific version (not latest)2. Directly install Operator outside of OperatorHub
a. bypass catalogs, OperatorGroups, etc3. Easier onboarding and building of Operator releases
single Operator object
Split CSV into new bundle format
Kubernetes objects:Deployment/StatefulSet, Roles, RoleBindings, custom SCCs
Metadata:icon, channels, related images,CR examples,
![Page 18: Operator Framework - OpenShift...Helm SDK Ansible SDK Go SDK Helm Chart Ansible Playbooks, Roles & APBs Build operators from Helm chart, without any coding Build operators from Ansible](https://reader035.vdocuments.mx/reader035/viewer/2022062508/5fe9fc0e7c053147b15c50fc/html5/thumbnails/18.jpg)
18
BROAD ECOSYSTEM OF WORKLOADS
Product Manager: Daniel Messer
New Operator Bundle FormatStreamlined developer UX for getting an Operator running without hassle of a central catalog
$ operator-sdk bundle init --type=registry --bundle-folder=0.1.0
$ tree testtest├── 0.1.0│ ├── testbackup.crd.yaml│ ├── testcluster.crd.yaml│ ├── testoperator.v0.1.0.csv.yaml│ └── testrestore.crd.yaml
$ podman build .$ podman push quay.io/test/test-operator:v0.1.0
$ kubectl apply -f -apiVersion: operators.operatorframework.io/v2alpha1kind: Operatormetadata: name: test-operatorspec: bundle:
image:
quay.io/test/test-operator:v0.1.0
1. Build with CLI 2. Push to Registry 3. Pull & start Operator
Working with kubebuilder & others upstream to standardize this format.
Certified/Community catalogs will also use this format.
![Page 19: Operator Framework - OpenShift...Helm SDK Ansible SDK Go SDK Helm Chart Ansible Playbooks, Roles & APBs Build operators from Helm chart, without any coding Build operators from Ansible](https://reader035.vdocuments.mx/reader035/viewer/2022062508/5fe9fc0e7c053147b15c50fc/html5/thumbnails/19.jpg)
19
Next 3 months More than 9 months
SimplificationObjectives: - simplify API surface - simplify shipping Operators and catalogs
Features: - new top-level Operator object - singleton CR / auto-create CRs - observability of Operators - Operator bundles as container images - Operator catalogs as container images
Stage: Development
Next 3-9 months
Leverage upstream technologiesObjectives: - get more upstream acceptance - simplify shipping Operator update
Features: - support Helm charts as packaging format for Operators - Operators can ship/customize any k8s object - implicit updates path through semver - allow to depend on Operator by version
Stage: Discovery
OPERATOR LIFECYCLE MANAGER ROADMAP
Platform integrationFeatures: - Platform coordinates with OLM in order to anticipate breaking updates - First-class support for Webhooks
Stage: Design
New OLM interaction modelObjectives: - simplify using Operators - OLM can manage applications
Features: - Operators scale to zero - Fine grained Operator discoverability - OLM participates in application management - kubectl plugin
Stage: Discovery
![Page 20: Operator Framework - OpenShift...Helm SDK Ansible SDK Go SDK Helm Chart Ansible Playbooks, Roles & APBs Build operators from Helm chart, without any coding Build operators from Ansible](https://reader035.vdocuments.mx/reader035/viewer/2022062508/5fe9fc0e7c053147b15c50fc/html5/thumbnails/20.jpg)
Console Customization for Clusters
Generally Available
Console Customization built with CRDsCluster admins will be given the ability to customize certain aspects of the web console for all cluster users.
Customizations include:
● Links - ConsoleLinks CRD○ Help Menu, User Menu, Application Menu
● Notifications - ConsoleNotifications CRD○ Top, Bottom, Top and Bottom
● Branding - Console-Config ConfigMap○ Logo, About
● Command Lines - ConsoleCLIDownload CRD○ Add your own Command lines
● External Log Links - ConsoleExternalLogLinks CRD
Product Manager: Ali Mobrem
EXTENDING THE CONSOLE
![Page 21: Operator Framework - OpenShift...Helm SDK Ansible SDK Go SDK Helm Chart Ansible Playbooks, Roles & APBs Build operators from Helm chart, without any coding Build operators from Ansible](https://reader035.vdocuments.mx/reader035/viewer/2022062508/5fe9fc0e7c053147b15c50fc/html5/thumbnails/21.jpg)
EXTENDING THE CONSOLE
Expose Third Party App Console for Operator-backed Services
Expose Operator-backed serviceConsole through console CRD
Easily integrate/onboard third-party user interfaces in order to develop, administer, and configure Operator-backed services.
Product Manager: Ali Mobrem
![Page 22: Operator Framework - OpenShift...Helm SDK Ansible SDK Go SDK Helm Chart Ansible Playbooks, Roles & APBs Build operators from Helm chart, without any coding Build operators from Ansible](https://reader035.vdocuments.mx/reader035/viewer/2022062508/5fe9fc0e7c053147b15c50fc/html5/thumbnails/22.jpg)
Enhanced Declarative UI for Operator-backed Services
Declarative dynamic UI for creating/mutating the CustomResources managed by the Operators
● Generic creation form is generated/validated based on OpenAPIV3Schema
● Operator Lifecycle Manager (OLM) descriptors override the generic form generated by the OpenAPIV3Schema with advanced custom widgets
● A set of new widgets associated with the specDescriptors:- podAntiAffinity- radioButton- advanced- fieldGroup- arrayFieldGroup
- text- number- password- fieldGroup - checkbox
- k8sResourcePrefix- updateStrategy- imagePullPolicy- nodeAffinity- podAffinity
Product Manager: Tony Wu
EXTENDING THE CONSOLE
![Page 23: Operator Framework - OpenShift...Helm SDK Ansible SDK Go SDK Helm Chart Ansible Playbooks, Roles & APBs Build operators from Helm chart, without any coding Build operators from Ansible](https://reader035.vdocuments.mx/reader035/viewer/2022062508/5fe9fc0e7c053147b15c50fc/html5/thumbnails/23.jpg)
Reduce friction for deploying operator backed applications
● Rich UI for creating and mutating the app instances
Reusable UI widgets
● New Operators get UIs without touching openshift/console codebase at all
Extending the Console
● ISVs can built their own UI widgets and contribute back
Create/Edit View for Operator-backed Services
Product Manager: Tony Wu
EXTENDING THE CONSOLE
![Page 24: Operator Framework - OpenShift...Helm SDK Ansible SDK Go SDK Helm Chart Ansible Playbooks, Roles & APBs Build operators from Helm chart, without any coding Build operators from Ansible](https://reader035.vdocuments.mx/reader035/viewer/2022062508/5fe9fc0e7c053147b15c50fc/html5/thumbnails/24.jpg)
24
BROAD ECOSYSTEM OF WORKLOADS
Product Manager: Daniel Messer Generally Available
Proxy Support
OpenShift 4.2 Cluster
OPERATORLIFECYCLE MANAGER
Pod
spec: containers: - name: my-container image: ... env: - name: HTTP_PROXY value: "..." - name: HTTPS_PROXY value: "..."
Cluster Proxy Config
Operator
![Page 25: Operator Framework - OpenShift...Helm SDK Ansible SDK Go SDK Helm Chart Ansible Playbooks, Roles & APBs Build operators from Helm chart, without any coding Build operators from Ansible](https://reader035.vdocuments.mx/reader035/viewer/2022062508/5fe9fc0e7c053147b15c50fc/html5/thumbnails/25.jpg)
App Binding with Operator-backed services
25
● Inject (bind) credentials and configs into applications.
● Manages the binding between a PodSpec-compliant workload and an operator-backed service.
● Via label selectors or resource references and the ServiceBindingRequest
● Supported by Topology View in Dev Console.
● Available as optional install from OperatorHub
apiVersion: apps.openshift.io/v1alpha1kind: ServiceBindingRequestmetadata: name: binding-request namespace: service-binding-demospec: applicationSelector: matchLabels: connects-to: postgres environment: demo group: apps.openshift.io version: v1 resource: deploymentconfigs backingServiceSelector: group: postgresql.baiju.dev version: v1alpha1 kind: Database
resourceRef: db-demo
![Page 26: Operator Framework - OpenShift...Helm SDK Ansible SDK Go SDK Helm Chart Ansible Playbooks, Roles & APBs Build operators from Helm chart, without any coding Build operators from Ansible](https://reader035.vdocuments.mx/reader035/viewer/2022062508/5fe9fc0e7c053147b15c50fc/html5/thumbnails/26.jpg)
26
Operators in Action PanelBuilders, Users and Maintainers
Piyush Nimbalkar (Portworx)Evan Pease (Couchbase)
Simon Croome (StorageOS)Peter Hack (Dynatrace)
Jason Mimick (MongoDB)