Install the Operator on OpenShift

      This guide walks through the recommended procedure for installing the Couchbase Autonomous Operator on a Red Hat OpenShift project.

      If you are looking to upgrade an existing installation of the Operator, see Upgrading the Autonomous Operator.


      Download the Operator package and unpack it on the same computer where you normally run oc. The Operator package contains YAML configuration files and command-line tools that you will use to install the Operator.

      After you unpack the download, the resulting directory will be titled something like couchbase-autonomous-operator-openshift.x.x-linux_x86_64. Make sure to cd into this directory before you run the commands in this guide.

      All commands in this guide are run as a system administrator account; they require the creation of cluster scoped resources or the granting of roles to service accounts (privilege escalation).

      It may be tempting to use the container images hosted on Docker Hub as they are dramatically smaller, and more secure, than those offered for use on the Red Hat Container Catalog. However, it is a Red Hat requirement for OpenShift users that Red Hat Container Catalog images be used. Use of Kubernetes images hosted on Docker Hub are not guaranteed to work, and are not supported, on the OpenShift platform.

      Install the CRD

      The first step in installing the Operator is to install the custom resource definitions (CRD) that describe the Couchbase resource types. This can be achieved with the following command:

      $ oc create -f crd.yaml

      Install the Operator

      The operator is composed of two components; a per-cluster dynamic admission controller (DAC) and a per-namespace Operator. Refer to the operator architecture document for additional information on what is required and security considerations.

      If you use the Openshift Marketplace UI to deploy the Couchbase Autonomous Operator, the dynamic admission controller (DAC) will not be deployed. It is recommended that you use the cao create admission command to deploy the DAC after installing the Operator.

      The DAC and Operator will be installed into the current project/namespace selected by the oc command. Ensure you have created and selected the correct namespace to install into.

      The Red Hat container catalog requires that deployments have login credentials that allow access to container images; these are provided by a secret:

      $ oc create secret docker-registry rh-catalog \
        --docker-username=<rhel-username> --docker-password=<rhel-password> --docker-email=<docker-email>

      This command uses 3rd party resources and is subject to change. Consult the documentation provided by Red Hat for up to date instructions.

      The following command will install both the DAC and the Operator in the current project:

      $ bin/cao create admission --image-pull-secret rh-catalog
      $ bin/cao create operator --image-pull-secret rh-catalog

      Custom Installation

      Alternatively, you may wish to install just the DAC in the camelot namespace:

      $ oc project camelot
      $ bin/cao create admission --image-pull-secret rh-catalog

      And then install just the Operator into the asgard namespace:

      $ oc project asgard
      $ bin/cao create operator --image-pull-secret rh-catalog

      For further installation options please see the cao reference manual.

      Check the Status of the Operator

      You can use the following command to check on the status of the deployments:

      $ oc get deployments
      NAME                           READY   UP-TO-DATE   AVAILABLE   AGE
      couchbase-operator             1/1     1            1           8s
      couchbase-operator-admission   1/1     1            1           8s

      The Operator is ready to deploy CouchbaseCluster resources when both the DAC and Operator deployments are fully ready and available.

      Installing User Permissions

      By default on an OpenShift platform, users will not have permissions to create and modify Couchbase custom resources. We provide a cluster role that can be installed once and referenced by any number of user accounts. To install the role:

      $ oc create -f cluster-role-user.yaml

      To associate the role with a user merlin in the namespace camelot use the following command:

      $ oc create rolebinding merlin-couchbasecluster --namespace camelot --user merlin --clusterrole couchbasecluster

      You can now login as the user merlin and manage Couchbase resources in the camelot namespace.

      Uninstalling the Operator

      Uninstalling the DAC and Operator is the reverse of the installation process:

      If you are performing an uninstall in order to upgrade the Operator to a newer version, do not delete the CRDs as this is only relevant for a full uninstall. Failure to do so will result in the deletion of all Couchbase clusters.

      $ bin/cao delete operator
      $ bin/cao delete admission
      $ oc delete -f crd.yaml