Certified Operator Build Guide
  • Introduction
  • What is an Operator?
  • Pre-Requisites
  • Helm Operators
    • Building a Helm Operator
      • Using a Single Image Variable (Red Hat Marketplace)
      • Dockerfile Requirements
      • Update the Controller Manager
      • Building and Pushing Image
  • Ansible Operators
    • Building an Ansible Operator
      • Using a Single Image Variable (Red Hat Marketplace)
      • Dockerfile Requirements
      • Update the Controller Manager
      • Building and Pushing Image
  • Golang Operator Gotcha's
    • Writing to the Status Subresource
  • OpenShift Deployment
    • Operator Metadata
      • Update CRDs from v1beta1
      • Creating the Metadata Bundle
      • Adjusting the ClusterServiceVersion
      • Reviewing your Metadata Bundle
      • Metadata Bundle Image
        • Managing OpenShift Versions
    • Installing an OpenShift Environment
    • Deploying onto OpenShift
  • Troubleshooting and Resources
    • Creating an Ansible Role From a Helm Chart
    • Security Context Constraints
    • Connect Metadata Test Results
    • Red Hat Marketplace Requirements
  • Appendix
    • What if I've already published a Community Operator?
      • Consuming Applications from RHCC
      • Applying Security Context Constraints
      • Choosing a Unique Package Name
      • Assembling the Metadata Bundle
    • Community Operators
    • AWS OpenShift 4 Cluster Quick Start Guide
    • Using Third Party Network Operators with OpenShift
      • Appendix A - CNI Operator Manifests
      • Appendix B - Cluster Network Status
      • Appendix C - Operator Group Manifest
      • Appendix D - Subscription Manifest
    • Bundle Maintenance After Migration
    • Frequently Asked Questions (FAQ)
    • Multi-Arch Operator Certification
      • Glossary of Terms
      • Requirements and Limitations
      • Building a Multi-Arch Operator Image
      • Scanning and Publishing
      • Updating the Bundle Image
Powered by GitBook
On this page
  • Before getting started
  • Creating an index image
  • Create the CatalogSource
  • Create OperatorGroup
  • Create a Subscription
  • Updating an existing index image
  • Run the Scorecard test
  1. OpenShift Deployment

Deploying onto OpenShift

This section is to help you verify that the operator deploys successfully from the metadata bundle onto OpenShift using the Operator Lifecycle Manager (OLM).

PreviousInstalling an OpenShift EnvironmentNextCreating an Ansible Role From a Helm Chart

Last updated 3 years ago

Before getting started

Install the tool

Creating an index image

You can create an index image using the opm CLI.

  1. Start a new index:

    $ opm index add \
    --bundles quay.io/<namespace>/wordpress-operator:v0.0.1 \
    --tag quay.io/<namespace>/wordpress-operator-index:latest

  2. Push the index image to a registry:

    $ podman push quay.io/<namespace>/wordpress-operator-index:latest

Be sure to make your quay.io repositories for the bundle image and the index image public. You can can change this in the settings in quay.io

Create the CatalogSource

  1. In your OpenShift environment create a catalog source in the openshift-marketplace namespace.

test-operator-catalogsource.yaml
apiVersion: operators.coreos.com/v1alpha1
kind: CatalogSource
metadata:
  name: my-test-operators
  namespace: openshift-marketplace
spec:
  sourceType: grpc
  image: quay.io/<namespace>/wordpress-operator-index:latest
  displayName: Test Operators
  publisher: Red Hat Partner
  updateStrategy:
    registryPoll:
      interval: 5m
$ oc create -f test-operator-catalogsource.yaml

2. You can verify the catalogsource has been created by running the following command:

$ oc -n openshift-marketplace get catalogsource

You should see the following output:

NAME                  DISPLAY               TYPE   PUBLISHER   AGE
certified-operators   Certified Operators   grpc   Red Hat     12d
community-operators   Community Operators   grpc   Red Hat     12d
my-test-operators     Test Operators        grpc   Red Hat     30s
redhat-marketplace    Red Hat Marketplace   grpc   Red Hat     12d
redhat-operators      Red Hat Operators     grpc   Red Hat     12d

3. Once you have confirmed the catalogsource exists, run the following command to verify it's associated pod is successfully running. This verifies that the index image has been successfully pulled down from the repository.

$ oc -n openshift-marketplace get pods

You should see the following output:

NAME                                    READY   STATUS    RESTARTS   AGE
certified-operators-59b6bc7fbc-rzzwq    1/1     Running   0          12d
community-operators-5f89b4787d-ljvfb    1/1     Running   0          12d
marketplace-operator-5c84994668-927b6   1/1     Running   0          12d
my-test-operators-##########-#####      1/1     Running   0          12d
redhat-marketplace-86cc645bb6-8crdl     1/1     Running   0          12d
redhat-operators-5877478c4f-4ffs2       1/1     Running   0          12d

4. Verify that the operator package has been successfully added:

$ oc get packagemanifests | grep “Test Operators”

Create OperatorGroup

  1. Create a namespace for your project

 $ oc new-project test-operator

2. Create the OperatorGroup

test-operatorgroup.yaml
apiVersion: operators.coreos.com/v1alpha2
kind: OperatorGroup
metadata:
  name: my-group
  namespace: test-operator
spec:
  targetNamespaces:
    - test-operator
$ oc create -f test-operatorgroup.yaml

3. Verify you have a working operatorgroup within the namespace you created:

$ oc get og

You should see the following output:

NAMESPACE                              NAME                           AGE
test-operator                          my-group                       30s

Create a Subscription

test-subscription.yaml
apiVersion: operators.coreos.com/v1alpha1
kind: Subscription
metadata:
  name: test-subscription
spec:
  channel: alpha
  installPlanApproval: Automatic
  name: wordpress-operator
  source: my-test-operators
  sourceNamespace: openshift-marketplace
$ oc create -f test-subscription.yaml

Verify the subscription is created within your namespace:

$ oc get sub -n test-operator

You should see the following output:

NAMESPACE             NAME                              PACKAGE                           SOURCE                CHANNEL
test-operator         test-subscription                 wordpress-operator                test-operators        stable

The creation of the subscription should trigger the creation of the InstallPlan and CSV.

$ oc get installplan -n test-operator
$ oc get csv -n test-operator

You should see something similar to this output:

NAMESPACE                                          NAME                             DISPLAY                                 VERSION   REPLACES   PHASE
test-operator                                      wordpress-operator.v0.0.1        Wordpress Operator                      0.0.1                Succeeded

Verify your operator is running in the namespace:

$ oc get pods -n test-operator

Updating an existing index image

You can update an existing index image with a new operator bundle version using the opm CLI.

  1. Update the existing index:

    $ opm index add \
    --bundles quay.io/<namespace>/wordpress-operator:v0.0.2 \
    --from-index quay.io/<namespace>/wordpress-operator-index:latest \
    --tag quay.io/<namespace>/wordpress-operator-index:latest

  2. Push the updated index image:

    $ podman push quay.io/<namespace>/wordpress-operator-index:latest

  3. After OLM polls the index image at its specified interval, we should eventually see a new installplan for our new operator bundle version

    $ oc get installplan -n test-operator

Run the Scorecard test

The Operator Scorecard is a testing utility included in the operator-sdk binary that guides users towards operator best practices by checking the correctness of their operators and CSVs. With your operator deployed via OLM, you can run the operator-sdk scorecard utility to create a CR which will trigger the operator and monitor what occurs. In order to certify you must pass the first two Basic Tests: Spec Block Exists, and Status Block Exists. Passing the third basic test (Writing into CRs has an effect) requires adding the scorecard-proxy container to the operator deployment, which is not desired in a production operator and is therefore not required for certification.

In order to run scorecard locally against your operator deployed via OLM please refer to

operator package manager (OPM)
this section of the upstream documentation