Install the Operator on OpenShift
This guide walks through the recommended procedure for installing the Couchbase Autonomous Operator on a Red Hat OpenShift project.
If you are looking to upgrade an existing installation of the Operator, see Upgrading the Autonomous Operator.
Download the Operator package and unpack it on the same computer where you normally run
The Operator package contains YAML configuration files and command-line tools that you will use to install the Operator.
After you unpack the download, the resulting directory will be titled something like
All commands in this guide are run as a system administrator account; they require the creation of cluster scoped resources or the granting of roles to service accounts (privilege escalation).
It may be tempting to use the container images hosted on Docker Hub as they are dramatically smaller, and more secure, than those offered for use on the Red Hat Container Catalog. However, it is a Red Hat requirement for OpenShift users that Red Hat Container Catalog images be used. Use of Kubernetes images hosted on Docker Hub are not guaranteed to work, and are not supported, on the OpenShift platform.
The first step in installing the Operator is to install the custom resource definitions (CRD) that describe the Couchbase resource types. This can be achieved with the following command:
$ oc create -f crd.yaml
The operator is composed of two components; a per-cluster dynamic admission controller (DAC) and a per-namespace Operator. Refer to the operator architecture document for additional information on what is required and security considerations.
If you use the Openshift Marketplace UI to deploy the Couchbase Autonomous Operator, the dynamic admission controller (DAC) will not be deployed.
It is recommended that you use the
The DAC and Operator will be installed into the current project/namespace selected by the
Ensure you have created and selected the correct namespace to install into.
The Red Hat container catalog requires that deployments have login credentials that allow access to container images; these are provided by a secret:
$ oc create secret docker-registry rh-catalog --docker-server=registry.connect.redhat.com \ --docker-username=<rhel-username> --docker-password=<rhel-password> --docker-email=<docker-email>
This command uses 3rd party resources and is subject to change. Consult the documentation provided by Red Hat for up to date instructions.
The following command will install both the DAC and the Operator in the current project:
$ bin/cao create admission --image-pull-secret rh-catalog $ bin/cao create operator --image-pull-secret rh-catalog
Alternatively, you may wish to install just the DAC in the
$ oc project camelot $ bin/cao create admission --image-pull-secret rh-catalog
And then install just the Operator into the
$ oc project asgard $ bin/cao create operator --image-pull-secret rh-catalog
For further installation options please see the
cao reference manual.
You can use the following command to check on the status of the deployments:
$ oc get deployments NAME READY UP-TO-DATE AVAILABLE AGE couchbase-operator 1/1 1 1 8s couchbase-operator-admission 1/1 1 1 8s
The Operator is ready to deploy
CouchbaseCluster resources when both the DAC and Operator deployments are fully ready and available.
By default on an OpenShift platform, users will not have permissions to create and modify Couchbase custom resources. We provide a cluster role that can be installed once and referenced by any number of user accounts. To install the role:
$ oc create -f cluster-role-user.yaml
To associate the role with a user
merlin in the namespace
camelot use the following command:
$ oc create rolebinding merlin-couchbasecluster --namespace camelot --user merlin --clusterrole couchbasecluster
You can now login as the user
merlin and manage Couchbase resources in the
Uninstalling the DAC and Operator is the reverse of the installation process:
If you are performing an uninstall in order to upgrade the Operator to a newer version, do not delete the CRDs as this is only relevant for a full uninstall. Failure to do so will result in the deletion of all Couchbase clusters.
$ bin/cao delete operator $ bin/cao delete admission $ oc delete -f crd.yaml