Kubernetes Operator
Operators are software extensions to Kubernetes that use custom resources to manage applications and their components. Operators follow Kubernetes principles, notably the control loop.
The IBM Verify Identity Access operator
provides lifecycle management of the Verify Identity Access lightweight worker containers.
The operator manages the deployment of these lightweight IBM Verify Identity Access worker containers, and also
control the rolling restart of these containers when a configuration snapshot is updated, as
illustrated in the following figure:
Some points to note about the figure:
- The configuration snapshot is ‘owned’ by an external entity (for example configuration container) but is cached by the operator controller.
- When an administrator publishes a new configuration snapshot by using the configuration container, the LMI can automatically send the snapshot to the operator controller. The publishing of the snapshot can also potentially be a manual step.
- When a new configuration snapshot is uploaded, the operator controller performs a rolling restart on all deployments that it created.
- The worker containers pull the configuration snapshot from the operator controller during bootstrapping.
- The Kubernetes Secret holds authentication information that is used to control access to the snapshot. It is automatically created when the controller is first deployed and is populated with random credentials.
For more information about the installation and usage of the operator, see the associated GitHub project readme file https://github.com/IBM-Security/verify-access-operator/blob/master/README.md.