Certified Operator Build Guide
Search…
Certified Operator Build Guide
Introduction
What is an Operator?
Pre-Requisites
Helm Operators
Building a Helm Operator
Ansible Operators
Building an Ansible Operator
Golang Operator Gotcha's
Writing to the Status Subresource
OpenShift Deployment
Operator Metadata
Installing an OpenShift Environment
Deploying onto OpenShift
Troubleshooting and Resources
Creating an Ansible Role From a Helm Chart
Security Context Constraints
Connect Metadata Test Results
Red Hat Marketplace Requirements
Appendix
What if I've already published a Community Operator?
Community Operators
AWS OpenShift 4 Cluster Quick Start Guide
Using Third Party Network Operators with OpenShift
Bundle Maintenance After Migration
Frequently Asked Questions (FAQ)
Multi-Arch Operator Certification
Powered By GitBook
Red Hat Marketplace Requirements
A walk through of the changes required to enable your operator to work in an offline environment. This is also a technical requirement for Red Hat Marketplace.

Helm Operators

Update your Helm chart

Make sure your Helm chart only references the values file for images. Each image should be a single value (it can't be split into repository and tag, for example).
values.yaml
1
containers:
2
- name: {{ template "etcd.fullname" . }}
3
image: "{{ .Values.image.image }}"
4
imagePullPolicy: "{{ .Values.image.pullPolicy }}"
Copied!
A great way to find all the parts of your helm chart that will need to be updated is to recursively search your project's template folder for "image:"
1
$ grep -r 'image:' ./helm-charts/etcd/templates/*
2
./helm-charts/etcd/templates/statefulset.yaml: image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
Copied!
Here we see that the image is split into two values - repository and tag. This won't work because we need to have a single variable to override. Replace this line with a new, single variable:
1
$ grep -r 'image:' ./helm-charts/etcd/templates/*
2
./helm-charts/etcd/templates/statefulset.yaml: image: "{{ .Values.image.image }}"
Copied!
Don't forget to add this new value to your Values.yaml file!

Override the image variable

In the watches.yaml file, add a field for overrideValues. It should contain each variable from the values.yaml file that corresponds to an image, and should be set to the environment variable you want to use.
watches.yaml
1
overrideValues:
2
image.image: $RELATED_IMAGE_STATEFULSET
Copied!
NOTE: the variable name MUST follow the pattern RELATED_IMAGE_. There is code looking for that string in your operator.
Using operator-sdk version 0.14.0 or later, build the updated operator image, and skip down to the last section​

Ansible Operators

Update your Ansible role

Make sure your role is using environment variables for images instead of hard-coded or regular variables. If it's not, update it:
tasks/main.yaml
1
containers:
2
- name: mongodb
3
image: "{{ 'dbImage' | quote }}"
Copied!
Above you can see a reference to a image that's defined in the role's defaults/main.yaml file with an option to override it in values/main.yaml. Instead, use Ansible's lookup module to reference an environment variable and remove the variable from defaults/main.yaml to avoid confusion:
tasks/main.yaml
1
containers:
2
- name: mongodb
3
image: "{{ lookup('env','RELATED_IMAGE_DB') | quote }}"
Copied!
NOTE: Your environment variables need to follow the RELATED_IMAGE_ format, as there is code looking for this pattern.
Build your updated operator image, and skip down to the last section​

Golang Operators

You can find an example Go operator here.
Make sure your code is using environment variables for any images your operator uses (any image except the operator itself).
1
func newPodsForCR(cr *noopv1alpha1.UBINoOp) []*corev1.Pod {
2
ubiImg := os.Getenv("RELATED_IMAGE_UBI_MINIMAL")
3
}
Copied!
Build your updated operator image, and skip down to the last section​

All Operators (Helm, Ansible or Golang)

Define the environment variables

In the CSV and operator.yaml files, declare the variable and set to a default value.
clusterserviceversion.yaml
1
spec:
2
containers:
3
- env:
4
- name: WATCH_NAMESPACE
5
valueFrom:
6
fieldRef:
7
fieldPath: metadata.annotations['olm.targetNamespaces']
8
- name: POD_NAME
9
valueFrom:
10
fieldRef:
11
fieldPath: metadata.name
12
- name: OPERATOR_NAME
13
value: ectd-helm
14
15
#This is the new environment variable
16
- name: RELATED_IMAGE_STATEFULSET
17
value: k8s.gcr.io/etcd-amd64:3.2.26
18
#The operator image itself doesn't change
19
image: quay.io/dhoover103/etcd-helm-operator:v0.0.1
20
​
Copied!
You may now use external image registries if desired. You are not required to host all images in the Red Hat Connect internal image registry as was the previous practice for Red Hat Marketplace integration.

Entitled Registry

If you want to use the entitled registry for Red Hat Marketplace, your images must be hosted in registry.connect.redhat.com.
You will need to scan your operator with the docker images using registry.marketplace.redhat.com/rhm , replacing all your image references to use this docker registry.
From there, apply an ImageContentSourcePolicy to point registry.marketplace.redhat.com/rhm to registry.connect.redhat.com . This will allow the marketplace operator to use the entitled registry and properly replace the image strings.

Other things to watch for

If you're in the habit of using the "latest" tag for your images, make sure you specify it. Because of how the automation is written that picks up these images, we need a tag to be present.
Make sure you aren't overwriting the image in your CR (and by extension in the alm-examples field of the CSV). The best way to handle this is removing the field from the CR/alm-examples.
Troubleshooting and Resources - Previous
Connect Metadata Test Results
Next - Appendix
What if I've already published a Community Operator?
Last modified 1mo ago
Copy link
Contents
Helm Operators
Update your Helm chart
Override the image variable
Ansible Operators
Update your Ansible role
Golang Operators
All Operators (Helm, Ansible or Golang)
Define the environment variables
Entitled Registry
Other things to watch for