Install the Operator on OpenShift

    +
    This guide walks through the recommended procedure for installing the Couchbase Autonomous Operator on a Red Hat OpenShift project.

    If you are looking to upgrade an existing installation of the Operator, see Upgrading the Autonomous Operator.

    Prerequisites

    Download the Operator package and unpack it on the same computer where you normally run oc. The Operator package contains YAML configuration files and command-line tools that you will use to install the Operator.

    After you unpack the download, the resulting directory will be titled something like couchbase-autonomous-operator-openshift.x.x-linux_x86_64. Make sure to cd into this directory before you run the commands in this guide.

    All commands in this guide are run as a system administrator account; they require the creation of cluster scoped resources or the granting of roles to service accounts (privilege escalation).

    Install the CRD

    The first step in installing the Operator is to install the custom resource definitions (CRD) that describe the Couchbase resource types. This can be achieved with the following command:

    $ oc create -f crd.yaml

    Install the Operator

    The operator is composed of two components; a per-cluster dynamic admission controller (DAC) and a per-namespace Operator. Refer to the operator architecture document for additional information on what is required and security considerations.

    The DAC and Operator will be installed into the current project/namespace selected by the oc command. Ensure you have created and selected the correct namespace to install into.

    The Red Hat container catalog requires that deployments have login credentials that allow access to container images; these are provided by a secret:

    $ oc create secret docker-registry rh-catalog --docker-server=registry.connect.redhat.com \
      --docker-username=<rhel-username> --docker-password=<rhel-password> --docker-email=<docker-email>

    This command uses 3rd party resources and is subject to change. Consult the documentation provided by Red Hat for up to date instructions.

    The following command will install both the DAC and the Operator in the default namespace:

    $ bin/cbopcfg generate admission --image-pull-secret rh-catalog | oc create -f -
    $ bin/cbopcfg generate operator --image-pull-secret rh-catalog | oc create -f -

    Custom Installation

    Alternatively, you may wish to install just the DAC in the camelot namespace:

    $ bin/cbopcfg generate admission --namespace camelot --image-pull-secret rh-catalog | oc create -f -

    And then install just the Operator into the asgard namespace:

    $ bin/cbopcfg generate operator --namespace asgard --image-pull-secret rh-catalog | oc create -f -

    For further installation options please see the cbopcfg reference manual.

    Check the Status of the Operator

    You can use the following command to check on the status of the deployments:

    $ oc get deployments
    NAME                           READY   UP-TO-DATE   AVAILABLE   AGE
    couchbase-operator             1/1     1            1           8s
    couchbase-operator-admission   1/1     1            1           8s

    The Operator is ready to deploy CouchbaseCluster resources when both the DAC and Operator deployments are fully ready and available.

    Verifying the Dynamic Admission Controller

    In the latest versions of Kubernetes (kubectl 1.18 or higher), you can perform a dry run create command to validate the DAC is functioning correctly:

    $ oc create --dry-run=server -f - <<EOF
    apiVersion: couchbase.com/v2
    kind: CouchbaseBucket
    metadata:
      name: test
    EOF
    couchbasebucket.couchbase.com/test created (server dry run)

    The previous command depends on the DAC to provide defaulting for resource attributes, this in turn allows the resource to pass schema validation.

    If the DAC is not installed or not functioning, you can expect an error such as:

    The CouchbaseBucket "test" is invalid: spec: Required value

    Installing User Permissions

    By default on an OpenShift platform, users will not have permissions to create and modify Couchbase custom resources. We provide a cluster role that can be installed once and referenced by any number of user accounts. To install the role:

    $ oc create -f cluster-role-user.yaml

    To associate the role with a user merlin in the namespace camelot use the following command:

    $ oc create rolebinding merlin-couchbasecluster --namespace camelot --user merlin --clusterrole couchbasecluster

    You can now login as the user merlin and manage Couchbase resources in the camelot namespace.

    Uninstalling the Operator

    Uninstalling the DAC and Operator is the reverse of the installation process:

    If you are performing an uninstall in order to upgrade the Operator to a newer version, do not delete the CRDs as this is only relevant for a full uninstall. Failure to do so will result in the deletion of all Couchbase clusters.

    $ bin/cbopcfg generate operator | oc delete -f -
    $ bin/cbopcfg generate admission | oc delete -f -
    $ oc delete -f crd.yaml