IBM Software Hub operators

The IBM Software Hub control plane and services are installed using operators, which simplify the process of upgrading and scaling software on Red Hat® OpenShift® Container Platform.

Overview of operators

An operator is a custom Kubernetes controller. A controller implements a control loop that continually watches the state of specific objects on your cluster and makes adjustments as needed to ensure that the objects are running as expected.

Tip: The Red Hat OpenShift: Operators Framework video from Red Hat provides a high-level explanation of operators. (This video is also available on YouTube: https://www.youtube.com/watch?v=LymzLHRbQdk.)

Each component of IBM Software Hub includes an operator that is responsible for managing that component. For example, the control plane has a dedicated operator, and each service has a dedicated operator.

Each component also has its own custom resource definition (CRD) that describes the service. The CRD is a resource that is identified by the kind attribute. When you create a custom resource (CR) to install a component, you must specify the kind of resource that you are creating. For example, the IBM Knowledge Catalog service defines the WKC resource. When you create a CR with kind: WKC, you install the IBM Knowledge Catalog service. After you install the service, the IBM Knowledge Catalog operator monitors and manages the WKC resources that are associated with an instance of IBM Software Hub.

The resources that an operator manages are also called operands.

Some operators reference another operator or interact with the operands that are managed by another operator. For example, the IBM Knowledge Catalog service has a dependency on components such as:
  • Common core services
  • Db2U

The IBM Knowledge Catalog instantiates custom resources for these components, which are then managed by the Common core services operator and the Db2U operator respectively.

Operator Lifecycle Manager

IBM Software Hub leverages Operator Lifecycle Manager (OLM) to install, update, and manage operators. OLM defines the several custom resource definitions (CRDs), including but not limited to:
  • Catalog sources
  • Subscriptions
  • Install plans
  • Cluster service versions
  • Operator groups
The cpd-cli manage apply-olm command abstracts the complexity of creating and maintaining operators. Most users don't need to be familiar with OLM concepts to successfully install and manage IBM Software Hub because the cpd-cli manage apply-olm command creates and updates the operators for you.
Tip: The cpd-cli manage apply-olm command includes --preview option that you can use if you want to understand the oc commands that the cpd-cli manage apply-olm command will run on your behalf.

Catalog source

Resource name
CatalogSource or catsrc
Description
A catalog source is a way to introduce new software or new versions of software to the cluster. A catalog source is a repository of operator versions (as specified by a cluster service version), custom resource definitions (CRDs), and packages that comprise an application. The information provided by the catalog source enables OLM to discover and install operators and their dependencies.
The IBM Software Hub perspective
The cpd-cli manage apply-olm command automatically creates the appropriate catalog source for each specified component.

The catalog sources are created in the operators project for the instance.

The catalog sources are tied to the release of IBM Software Hub that you install. For example, there are specific catalogs for the 5.3.0 release.

Subscription

Resource name
Subscription or sub
Description
An operator subscription provides the following information to OLM:
  • The name of the operator
  • The location to install the operator
  • The channel to subscribe to
  • The install plan approval mechanism to use
  • The catalog source to use
The IBM Software Hub perspective
The cpd-cli manage apply-olm command automatically creates the subscriptions for any operators that are required by the specified components.

The subscriptions are created in the operators project for the instance.

Install plan

Resource name
InstallPlan or ip
Description
When an operator subscription is created, OLM creates an install plan that describes the set of resources, such as the cluster service version and the operator deployment, that must be created to install or upgrade the operator.

When you create an operator, you specify approval strategy for the install plan:

Automatic
When a subscription includes installPlanApproval: Automatic and a newer cluster service version (CSV) is detected, OLM automatically approves the install plan and installs or upgrades the operator.
Manual
When a subscription includes installPlanApproval: Manual and a newer CSV is detected, OLM creates a request for an administrator to approve the install plan. After an administrator approves the request, OLM installs or upgrades the operator.
The IBM Software Hub perspective
To simplify the installation experience, all IBM Software Hub operators are created with installPlanApproval: Automatic. This ensures that the cpd-cli manage apply-olm can create or update all of the required operators.

Cluster service version (CSV)

Resource name
ClusterServiceVersion or csv
Description
A cluster service version (CSV) represents a specific version of an operator. The information provided by the CSV enables OLM to:
  • Understand the custom resources that the operator manages or depends on
  • Introduce the custom resource definition (CRD), if it doesn't exist
  • Set up the operator's service accounts
  • Start up the operator deployment
  • Keep the operator running safely on the cluster
  • Understand how updates should be applied when new versions of the operator are available on the cluster
The IBM Software Hub perspective
The cpd-cli manage apply-olm automatically creates the appropriate CSVs for the specified components.

The CSVs are created in the operators project for the instance.

Operator group

Resource name
OperatorGroup or og
Description
An operator group enables OLM to provide limited support for simultaneously installing different variations of an operator on a cluster. When OLM detects a newer CSV, it uses the operator group to determine where to create role bindings that grant the operator specific permissions.
The IBM Software Hub perspective
IBM Software Hub operators are installed once per instance of IBM Software Hub and use InstallModeType: ownNamespace .

The cpd-cli manage apply-olm automatically creates the required operator groups in the appropriate projects.

The cpd-cli manage apply-olm also updates or creates the required NamespaceScope object, which enables the operators project for an instance of IBM Software Hub to watch the project where you install the IBM Software Hub platform and services.

Location of the operators

Each instance of IBM Software Hub on the cluster has its own set of operators to support the private topology. The operators are installed in the operators project for the instance. The operators watch only the projects that are associated with the instance.

The private topology enforces a strict separation between the Red Hat OpenShift projects (namespaces) that are managed by the operators. The operators in the operators project are granted role-based access control (RBAC) only on the projects that are associated with the instance.

The operator group and the NamespaceScope object are the mechanism by which the strict separation of the projects in the private topology is enforced.