Important: Do not install this operator directly. Only install this operator using the IBM Common Services Operator. For more information about installing this operator and other Common Services operators, see Installer documentation. If you are using this operator as part of an IBM Cloud Pak, see the documentation for that IBM Cloud Pak to learn more about how to install and use the operator service. For more information about IBM Cloud Paks, see IBM Cloud Paks that use Common Services.
The IBM Crossplane Operator installs an IBM modified version of Crossplane, an open source Kubernetes add-on that extends any cluster with the ability to provision and manage cloud infrastructure, services, and applications using kubectl, GitOps, or any tool that works with the Kubernetes API.
For more information about the available IBM Cloud Platform Common Services, see the IBM Knowledge Center.
Red Hat OpenShift Container Platform 4.6 or newer installed on one of the following platforms:
- Linux x86_64
- Linux on Power (ppc64le)
- Linux on IBM Z and LinuxONE
- 1.1.0, 1.2.0, 1.3.0, 1.4.0, 1.4.1, 1.5.0, 1.6.0, 1.7.0, 1.8.0, 1.8.1, 1.8.2, 1.8.3, 1.8.4, 1.8.5, 1.8.6, 1.9.0, 1.10.0, 1.11.0, 1.12.0, 1.12.1, 1.12.2, 1.12.3, 1.12.4, 1.12.5, 1.12.6, 1.12.7, 1.12.8, 1.12.9, 1.12.10, 1.12.11, 1.12.12, 1.12.13
Before you install this operator, you need to first install the operator dependencies and prerequisites:
-
For the list of operator dependencies, see the IBM Knowledge Center Common Services dependencies documentation.
-
For the list of prerequisites for installing the operator, see the IBM Knowledge Center Preparing to install services documentation.
To install the operator with the IBM Common Services Operator follow the the installation and configuration instructions within the IBM Knowledge Center.
- If you are using the operator as part of an IBM Cloud Pak, see the documentation for that IBM Cloud Pak. For a list of IBM Cloud Paks, see IBM Cloud Paks that use Common Services.
- If you are using the operator with an IBM Containerized Software, see the IBM Cloud Platform Common Services Knowledge Center Installer documentation.
The Platform API service requires running with the OpenShift Container Platform 4.x default restricted Security Context Constraints (SCCs).
To use a Custom SecurityContextConstraints definition:
- Create and customize the following
ibm-crossplane-scc
SCC
Custom SecurityContextConstraints definition:
apiVersion: security.openshift.io/v1
kind: SecurityContextConstraints
metadata:
annotations:
kubernetes.io/description: "This policy is the most restrictive for ibm-crossplane,
requiring pods to run with a non-root UID, and preventing pods from accessing the host.
The UID and GID will be bound by ranges specified at the Namespace level."
cloudpak.ibm.com/version: "1.1.0"
name: ibm-crossplane-scc
allowHostDirVolumePlugin: false
allowHostIPC: false
allowHostNetwork: false
allowHostPID: false
allowHostPorts: false
allowPrivilegeEscalation: true
allowPrivilegedContainer: false
allowedCapabilities: null
defaultAddCapabilities: null
fsGroup:
type: MustRunAs
groups:
- system:authenticated
priority: null
requiredDropCapabilities:
- KILL
- MKNOD
- SETUID
- SETGID
runAsUser:
type: MustRunAsRange
seLinuxContext:
type: MustRunAs
supplementalGroups:
type: RunAsAny
users: []
volumes:
- configMap
- downwardAPI
- emptyDir
- persistentVolumeClaim
- projected
- secret
- Add the
ibm-crossplane-scc
SCC toibm-crossplane
service account
# oc adm policy add-scc-to-user ibm-crossplane-scc -z ibm-ibm-crossplane-operand
- Restart the ibm-crossplane pods
# oc delete po -l app=ibm-crossplane
- Verify the SCC is applied
# oc describe po -l app=ibm-crossplane | grep scc
For more information about the OpenShift Container Platform Security Context Constraints, see Managing Security Context Constraints.
This operator does not persist any data. There is no backup and recovery procedure needed.
If, as a developer, you are looking to build and test this operator to try out and learn more about the operator and its capabilities, you can use the following developer guide. This guide provides commands for a quick install and initial validation for running the operator.
Important: The following developer guide is provided as-is and only for trial and education purposes. IBM and IBM Support does not provide any support for the usage of the operator with this developer guide. For the official supported install and usage guide for the operator, see the the IBM Knowledge Center documentation for your IBM Cloud Pak or for IBM Cloud Platform Common Services.
Use the following quick start commands for building and testing the operator:
- Build the bundle manifest to verify the CSV and the generated manifests
# make bundle
- Build the operator
# make build-dev
- Install the operator and deploy a sample CR
# make install
- Verify the installation in
ibm-common-services
namespace
# oc -n ibm-common-services get po
NAME READY STATUS RESTARTS AGE
ibm-crossplane-7d6ff947df-pvg5t 1/1 Running 0 25s
- Verify the ibm-crossplane-bedrock-shim configuration package is installed
# oc get pkg
NAME INSTALLED HEALTHY PACKAGE AGE
configuration.pkg.ibm.crossplane.io/ibm-crossplane-bedrock-shim-config True True icr.io/cpopen/cpfs/ibm-crossplane-bedrock-shim-config:1.8.7 59s
- Build the bundle manifest to verify the CSV and the generated manifests
# make bundle
- Build the operator
# make build
- Build multi-arch images
# make images
- Build the catalog source
# make build-catalog
- Install the operator
# oc project ibm-common-services
# make install-operator
- Verify the Crossplane installation and configuration package.
# oc -n ibm-common-services get po | grep crossplane
ibm-crossplane-5d4bb64b5b-nx8w6 1/1 Running 0 24s
# oc get pkg
NAME INSTALLED HEALTHY PACKAGE AGE
configuration.pkg.ibm.crossplane.io/ibm-crossplane-bedrock-shim-config True True icr.io/cpopen/cpfs/ibm-crossplane-bedrock-shim-config:1.8.7 59s
Use the following commands to debug the operator:
# oc get csv
# oc describe csv ibm-crossplane-operator.<version>
# oc get configurations
# oc get xrd
# oc get compositions
For example, for Kafka
# oc get kafkacomposites
For example, for Kafka
# oc get kafkaclaims
# oc describe po -l app=ibm-crossplane
# oc logs -f -l app=ibm-crossplane
If more than 1 replica is set and leader election is not enabled then controllers could conflict. Environment variable "LEADER_ELECTION" can be used to enable leader election process.' But this may only happen during the upgrade. Normal state assumes only one pod per cluster
Operator support install modes:
- OwnNamespace
- SingleNamespace more info
IBM Crossplane Operator does not support installation in:
- all namespaces
- multiple namespaces
For more instructions on how to run end-to-end testing with the Operand Deployment Lifecycle Manager, see ODLM guide.
Newer versions of IBM Crossplane are included in the Catalog Source and after starting the upgrade, IBM Crossplane Operator should automatically pick up new images and restart its pod. Existing services created by IBM Crossplane (for example Kafka) should remain unchanged after the upgrade.