Install the Operator on OpenShift
This guide walks through the recommended procedure for installing the Couchbase Autonomous Operator on a Red Hat OpenShift project.
If you are looking to upgrade an existing installation of the Operator, see Upgrading the Autonomous Operator.
Download the Operator package and unpack it on the same computer where you normally run
The Operator package contains YAML configuration files and command-line tools that you will use to install the Operator.
After you unpack the download, the resulting directory will be titled something like
All commands in this guide are run as a system administrator account; they require the creation of cluster scoped resources or the granting of roles to service accounts (privilege escalation).
It may be tempting to use the container images hosted on Docker Hub as they are dramatically smaller, and more secure, than those offered for use on the Red Hat Container Catalog. However, it is a Red Hat requirement for OpenShift users that Red Hat Container Catalog images be used. Use of Kubernetes images hosted on Docker Hub are not guaranteed to work, and are not supported, on the OpenShift platform.
Install the CRD
The first step in installing the Operator is to install the custom resource definitions (CRD) that describe the Couchbase resource types. This can be achieved with the following command:
$ oc create -f crd.yaml
Install the Operator
The operator is composed of two components; a per-cluster dynamic admission controller (DAC) and a per-namespace Operator. Refer to the operator architecture document for additional information on what is required and security considerations.
The DAC and Operator will be installed into the current project/namespace selected by the
Ensure you have created and selected the correct namespace to install into.
The Red Hat container catalog requires that deployments have login credentials that allow access to container images; these are provided by a secret:
$ oc create secret docker-registry rh-catalog --docker-server=registry.connect.redhat.com \ --docker-username=<rhel-username> --docker-password=<rhel-password> --docker-email=<docker-email>
This command uses 3rd party resources and is subject to change. Consult the documentation provided by Red Hat for up to date instructions.
The following command will install both the DAC and the Operator in the current project:
$ bin/cbopcfg create admission --image-pull-secret rh-catalog $ bin/cbopcfg create operator --image-pull-secret rh-catalog
Alternatively, you may wish to install just the DAC in the
$ oc project camelot $ bin/cbopcfg create admission --image-pull-secret rh-catalog
And then install just the Operator into the
$ oc project asgard $ bin/cbopcfg create operator --image-pull-secret rh-catalog
For further installation options please see the cbopcfg reference manual.
Check the Status of the Operator
You can use the following command to check on the status of the deployments:
$ oc get deployments NAME READY UP-TO-DATE AVAILABLE AGE couchbase-operator 1/1 1 1 8s couchbase-operator-admission 1/1 1 1 8s
The Operator is ready to deploy
CouchbaseCluster resources when both the DAC and Operator deployments are fully ready and available.
Verifying the Dynamic Admission Controller
In the latest versions of Kubernetes (
kubectl 1.18 or higher), you can perform a dry run create command to validate the DAC is functioning correctly:
$ oc create --dry-run=server -f - <<EOF apiVersion: couchbase.com/v2 kind: CouchbaseBucket metadata: name: test EOF couchbasebucket.couchbase.com/test created (server dry run)
The previous command depends on the DAC to provide defaulting for resource attributes, this in turn allows the resource to pass schema validation.
If the DAC is not installed or not functioning, you can expect an error such as:
The CouchbaseBucket "test" is invalid: spec: Required value
Installing User Permissions
By default on an OpenShift platform, users will not have permissions to create and modify Couchbase custom resources. We provide a cluster role that can be installed once and referenced by any number of user accounts. To install the role:
$ oc create -f cluster-role-user.yaml
To associate the role with a user
merlin in the namespace
camelot use the following command:
$ oc create rolebinding merlin-couchbasecluster --namespace camelot --user merlin --clusterrole couchbasecluster
You can now login as the user
merlin and manage Couchbase resources in the
Uninstalling the Operator
Uninstalling the DAC and Operator is the reverse of the installation process:
If you are performing an uninstall in order to upgrade the Operator to a newer version, do not delete the CRDs as this is only relevant for a full uninstall. Failure to do so will result in the deletion of all Couchbase clusters.
$ bin/cbopcfg delete operator $ bin/cbopcfg delete admission $ oc delete -f crd.yaml