137 lines
6.9 KiB
Plaintext
137 lines
6.9 KiB
Plaintext
---
|
|
title: Install operators
|
|
exercise: 3
|
|
date: '2024-08-27'
|
|
tags: ['openshift','containers','kubernetes','disconnected']
|
|
draft: false
|
|
authors: ['default']
|
|
summary: "Operators?!? 🤔 - Think app store for Kubernetes 🌟"
|
|
---
|
|
|
|
The disconnected OpenShift cluster you have been allocated is the result of a standard installation using the IPI install method, and does not have any post installation features added.
|
|
|
|
In a broad sense many OpenShift features are added via [Operators](https://www.redhat.com/en/technologies/cloud-computing/openshift/what-are-openshift-operators). Operators automate the creation, configuration, and management of instances of Kubernetes-native applications. Operators can provide automation at every level of the stack—from managing the parts that make up the platform all the way to applications that are provided as a managed service.
|
|
|
|
In the previous exercise we mirrored some new operator bundles into our disconnected network. In this exercise we'll install those operators and explore the features they provide us via [Custom Resource Definitions](https://kubernetes.io/docs/concepts/extend-kubernetes/api-extension/custom-resources) they provide.
|
|
|
|
> Note: For some trivia, Red Hat created and open sourced the [Operator Framework](https://github.com/operator-framework), then later contributed the project to the Cloud Native Computing Foundation in 2021, ensuring all organisations can benefit from our experience building and supporting operator driven clusters since ~2016.
|
|
>
|
|
> 
|
|
|
|
|
|
## 3.1 - Installing compliance operator
|
|
|
|
First up let's install the [Red Hat OpenShift Compliance Operator](https://docs.openshift.com/container-platform/4.14/security/compliance_operator/co-overview.html).
|
|
|
|
For some brief context the Compliance Operator assists platform teams by automating the inspection of numerous technical implementations and compares those against certain aspects of industry standards. For our purposes today that industry standard will be **NIST 800-53**.
|
|
|
|
The Compliance Operator assesses compliance of both the Kubernetes API resources of OpenShift Container Platform, as well as the nodes running the cluster. The Compliance Operator uses [OpenSCAP](https://www.open-scap.org), a NIST-certified tool, to scan and enforce security policies provided by the content.
|
|
|
|
To install the operator we can use either the OpenShift Web Console, or the terminal with `oc` cli. In this workshop we will install the operator with the Web Console using our vnc browser tab. Thanks to our previous exercise mirroring content and making it available via the cluster disconnected OperatorHub catalogs we can enjoy the same user experience to install the operator as if our cluster was fully connected.
|
|
|
|
1. Open your vnc browser tab and return to the OpenShift Web Console browser tab you opened in the previous exercise.
|
|
2. Click on the **Compliance Operator** in **OperatorHub** to open the right hand panel, then click the blue **Install** button at the top of the panel.
|
|
3. On the install details screen stick with all the default values and simply click **Install**
|
|
4. After a short wait the Compliance Operator will be installed and ready for use 🎉
|
|
|
|
<Zoom>
|
|
| |
|
|
|:-----------------------------------------------------------------------------:|
|
|
| *Install OpenShift Compliance Operator* |
|
|
</Zoom>
|
|
|
|
With the Compliance Operator installed feel free to explore which new Custom Resources the Operator makes available. We'll return to these in future exercises to begin using them.
|
|
|
|
|
|
## 3.2 - Installing the rhacs operator
|
|
|
|
Next up we'll install the [Red Hat Advanced Cluster Security](https://www.redhat.com/en/technologies/cloud-computing/openshift/advanced-cluster-security-kubernetes) Operator.
|
|
|
|
Red Hat Advanced Cluster Security (RHACS) has direct integration with the Compliance Operator to provide a frontend user experience for running compliance scans along with viewing results.
|
|
|
|
To try the alternative operator installation method this time we will install the operator via the `oc` cli in our terminal.
|
|
|
|
Run the commands below in your terminal session to create the required `Namespace` and `Subscription` resources which will trigger the operator installation.
|
|
|
|
```bash
|
|
cat << EOF | oc apply --filename -
|
|
---
|
|
apiVersion: v1
|
|
kind: Namespace
|
|
metadata:
|
|
name: rhacs-operator
|
|
spec:
|
|
finalizers:
|
|
- kubernetes
|
|
|
|
---
|
|
apiVersion: operators.coreos.com/v1alpha1
|
|
kind: Subscription
|
|
metadata:
|
|
name: rhacs-operator
|
|
namespace: rhacs-operator
|
|
spec:
|
|
channel: stable
|
|
installPlanApproval: Automatic
|
|
name: rhacs-operator
|
|
source: cs-redhat-operator-index
|
|
sourceNamespace: openshift-marketplace
|
|
startingCSV: rhacs-operator.v4.5.1
|
|
EOF
|
|
```
|
|
|
|
If you check back on your web console, after a short wait the **Advanced Cluser Security for Kubernetes** operator should now show as `✅ Succeeded`.
|
|
|
|
<Zoom>
|
|
| |
|
|
|:-----------------------------------------------------------------------------:|
|
|
| *List of installed operators* |
|
|
</Zoom>
|
|
|
|
|
|
## 3.3 - Installing the developer hub operator
|
|
|
|
The final operator we will install for this workshop relates to [Red Hat Developer Hub](https://developers.redhat.com/rhdh/overview).
|
|
|
|
Red Hat Developer Hub is an Internal Developer Portal (IDP) based on the upstream [Backstage](https://backstage.io) project initially created at Spotify. With Red Hat Developer Hub combined with Red Hat OpenShift we can enable platform engineering teams to offer software templates and pre-architected and supported approaches to make life easier for development teams, ease onboarding and reduce friction and frustration.
|
|
|
|
We'll also install the Red Hat Developer Hub using the `oc` cli in our terminal. Run the commands below in your terminal session to create the required `Namespace` and `Subscription` resources which will trigger the operator installation.
|
|
|
|
```bash
|
|
cat << EOF | oc apply --filename -
|
|
---
|
|
apiVersion: v1
|
|
kind: Namespace
|
|
metadata:
|
|
name: rhdh-operator
|
|
spec:
|
|
finalizers:
|
|
- kubernetes
|
|
|
|
---
|
|
apiVersion: operators.coreos.com/v1alpha1
|
|
kind: Subscription
|
|
metadata:
|
|
name: rhdh
|
|
namespace: rhdh-operator
|
|
spec:
|
|
channel: fast
|
|
installPlanApproval: Automatic
|
|
name: rhdh
|
|
source: cs-redhat-operator-index
|
|
sourceNamespace: openshift-marketplace
|
|
startingCSV: rhdh-operator.v1.1.1
|
|
EOF
|
|
```
|
|
|
|
If you check back on your web console, after a short wait the **Red Hat Developer Hub** operator should now show as `✅ Succeeded`.
|
|
|
|
<Zoom>
|
|
| |
|
|
|:-----------------------------------------------------------------------------:|
|
|
| *List of installed operators* |
|
|
</Zoom>
|
|
|
|
If all three operators are now installed congratulations you are ready to move on to Exercise 3 🎉
|
|
|