Create Your Own Operator Images

How to create Operator and dynamic admission controller images for your environment.

The Operator and dynamic admission controller binaries are statically linked so have no external dependencies on any libraries. The standard Kubernetes images are based on scratch containers that contain no operating system base image at all. This is a security measure to prevent anyone gaining shell access to the container running anything other than the Operator. This protects against attacks where an actor can download and execute an illegal binary.

There may, however, be times however when you need to create your own images to satisfy corporate policy. This guide describes how to create your own container images.

Creating a Dynamic Admission Controller Image

In an empty directory, create the following Dockerfile.

FROM couchbase/admission-controller:2.0.0 as official (1)
FROM scratch (2)
COPY --from=official /usr/local/bin/couchbase-operator-admission /usr/local/bin/ (3)
1 Define a source container from the official image. There are no differences between OpenShift and Kubernetes binaries, so we use the Kubernetes ones here for simplicity.
2 Define the base image you wish to use. scratch is the default and contains nothing.
3 Copy the static binary from the official image to your custom one.

To build and tag the image run the following:

$ docker build . -t my-company/couchbase-operator-admission:2.0.0

You may use any combination of tag you wish.

Creating an Operator Image

In an empty directory, create the following Dockerfile.

FROM couchbase/operator:2.0.0 as official (1)
FROM scratch (2)
COPY --from=official /usr/local/bin/couchbase-operator /usr/local/bin/ (3)
1 Define a source container from the official image. There are no differences between OpenShift and Kubernetes binaries, so we use the Kubernetes ones her e for simplicity.
2 Define the base image you wish to use. scratch is the default and contains nothing.
3 Copy the static binary from the official image to your custom one.

To build and tag the image run the following:

$ docker build . -t my-company/couchbase-operator:2.0.0

You may use any combination of tag you wish.

Using the Custom Images

When installing the Operator with cbopcfg you can specify the images to use. Consider the following command that uses the images we created in the prior steps:

$ cbopcfg -operator-image my-company/couchbase-operator:2.0.0 -dynamic-admission-controller-image my-company/couchbase-operator-admission:2.0.0 | kubectl create -f -