IBM Cloud Pak for Data operators
The IBM Cloud Pak for Data control plane and services are installed using operators, which simplify the process of upgrading, scaling, and rolling back software on Red Hat® OpenShift® Container Platform.
Overview of operators
An operator is a custom Kubernetes controller. A controller implements a control loop that continually watches the state of specific objects on your cluster and makes adjustments as needed to keep the objects running in the desired state.
Each component of Cloud Pak for Data includes an operator that is responsible for managing that component. For example, there is an operator for the control plane and an operator for each service.
Each component also has its own custom resource definition (CRD) that describes the
service. The CRD is a resource that is identified by the kind
attribute. When you
create a custom resource (CR) to install a component, you must specify the
kind
of resource that you are creating. For example, the Watson™ Knowledge
Catalog service defines the
WKC
resource. When you create a CR with kind: WKC
, you install the
Watson Knowledge
Catalog service. After you
install service, the Watson Knowledge
Catalog
operator monitors and manages the WKC
resources on the cluster.
The resources that an operator manages are also called operands.
- Common core services
- Db2U
The Watson Knowledge Catalog instantiates custom resources for these components, which are then managed by the Common core services operator and the Db2U operator respectively.
Operator Lifecycle Manager
- Catalog sources
- Subscriptions
- Install plans
- Cluster service versions
- Operator groups
cpd-cli
manage
apply-olm
command abstracts the complexity of creating and
maintaining operators. Most users don't need to be familiar with OLM concepts to successfully install and
manage Cloud Pak for Data because the cpd-cli
manage
apply-olm
command creates and updates the operators for you.cpd-cli
manage
apply-olm
command includes --preview
option that you can use if you want to understand the
oc
commands that the cpd-cli
manage
apply-olm
command will run on your behalf.Catalog source
- Resource name
CatalogSource
orcatsrc
- Description
-
A catalog source is a way to introduce new software or new versions of software to the cluster. A catalog source is a repository of operator versions (as specified by a cluster service version), custom resource definitions (CRDs), and packages that comprise an application. The information provided by the catalog source enables OLM to discover and install operators and their dependencies.
- The Cloud Pak for Data perspective
- The
cpd-cli manage apply-olm
command automatically creates the appropriate catalog source for each specified component.The catalog sources are tied to the release of Cloud Pak for Data that you install. For example, there are specific catalogs for the 4.6.0 release.
Subscription
- Resource name
Subscription
orsub
- Description
-
An operator subscription provides the following information to OLM:
- The name of the operator
- The location to install the operator
- The channel to subscribe to
- The install plan approval mechanism to use
- The catalog source to use
- The Cloud Pak for Data perspective
- The
cpd-cli manage apply-olm
command automatically creates the subscriptions for any operators that are required by the specified components.
Install plan
- Resource name
InstallPlan
orip
- Description
- When an operator subscription is created, OLM creates an install plan that
describes the set of resources, such as the cluster service version and the operator deployment,
that must be created to install or upgrade the operator.
When you create an operator, you specify approval strategy for the install plan:
- Automatic
- When a subscription includes
installPlanApproval: Automatic
and a newer CSV is detected, OLM automatically approves the install plan and installs or upgrades the operator. - Manual
- When a subscription includes
installPlanApproval: Manual
and a newer CSV is detected, OLM creates a request for an administrator to approve the install plan. After an administrator approves the request, OLM installs or upgrades the operator.
- The Cloud Pak for Data perspective
- To simplify the installation experience, all Cloud Pak for Data operators are created with
installPlanApproval: Automatic
. This ensures that thecpd-cli manage apply-olm
can create or update all of the required operators.
Cluster service version (CSV)
- Resource name
ClusterServiceVersion
orcsv
- Description
-
A cluster service version (CSV) represents a specific version of an operator. The information provided by the CSV enables OLM to:
- Understand the custom resources that the operator manages or depends on
- Introduce the custom resource definition (CRD), if it doesn't exist
- Set up the operator's service accounts
- Start up the operator deployment
- Keep the operator running safely on the cluster
- Understand how updates should be applied when new versions of the operator are available on the cluster
- The Cloud Pak for Data perspective
- The
cpd-cli manage apply-olm
automatically creates the appropriate CSVs for the specified components.
Operator group
- Resource name
OperatorGroup
orog
- Description
- An operator group enables OLM to provide limited support for simultaneously installing different variations of an operator on a cluster. When OLM detects a newer CSV, it uses the operator group to determine where to create role bindings that grant the operator specific permissions.
- The Cloud Pak for Data perspective
- Cloud Pak for Data operators are installed once per
cluster using
InstallModeType: ownNamespace
.The operator group that the operators are included in depends on whether you choose an express installation or a specialized installation. For details, see Location of the operators.
The
cpd-cli manage apply-olm
automatically creates the required operator groups in the appropriate projects.The
cpd-cli manage apply-olm
also updates or creates the requiredNamespaceScope
object, which enables the operators project (namespace) to watch the project where you install the Cloud Pak for Data platform and services.
Location of the operators
The location of the Cloud Pak for Data operators depends on the type of installation that you choose.
Installation type | Operator location | Security considerations |
---|---|---|
Express | The Cloud Pak for Data operators are co-located
with the IBM
Cloud Pak foundational services operators in
the ibm-common-services project. |
An express installation does not enforce strict distinction
between Red Hat
OpenShift projects (namespaces)
that are managed by operators. Both the IBM Cloud Pak foundational services operators and the IBM Cloud Pak for Data operators watch any projects where IBM® Cloud Paks are installed. This means that all of the operators are granted RBAC to all of the projects where IBM Cloud Paks are installed even though it is unnecessary for the IBM Cloud Pak for Data operators to be granted permissions on projects where IBM Cloud Pak for Data is not installed. This might not be important if you don't plan to install other IBM Cloud Paks. |
Specialized | The IBM
Cloud Pak foundational services
operators are installed in one project, typically in the ibm-common-services project. The Cloud Pak for Data operators
are installed in their own project, such as |
A specialized installation also facilitates strict division
between Red Hat
OpenShift projects (namespaces):
|