Installing an Operator from a catalog in OLM 1.0 (Technology Preview)

Installing an Operator from a catalog in OLM 1.0 (Technology Preview)

Cluster administrators can add catalogs, or curated collections of Operators and Kubernetes extensions, to their clusters. Operator authors publish their products to these catalogs. When you add a catalog to your cluster, you have access to the versions, patches, and over-the-air updates of the Operators and extensions that are published to the catalog.

In the current Technology Preview release of Operator Lifecycle Manager (OLM) 1.0, you manage catalogs and Operators declaratively from the CLI using custom resources (CRs).

OLM 1.0 is a Technology Preview feature only. Technology Preview features are not supported with Red Hat production service level agreements (SLAs) and might not be functionally complete. Red Hat does not recommend using them in production. These features provide early access to upcoming product features, enabling customers to test functionality and provide feedback during the development process.

For more information about the support scope of Red Hat Technology Preview features, see Technology Preview Features Support Scope.

Prerequisites

Access to an OKD cluster using an account with cluster-admin permissions

For OKD 4.14, documented procedures for OLM 1.0 are CLI-based only. Alternatively, administrators can create and view related objects in the web console by using normal methods, such as the Import YAML and Search pages. However, the existing OperatorHub and Installed Operators pages do not yet display OLM 1.0 components.

The TechPreviewNoUpgrades feature set enabled on the cluster

Enabling the TechPreviewNoUpgrade feature set cannot be undone and prevents minor version updates. These feature sets are not recommended on production clusters.
The OpenShift CLI (oc) installed on your workstation

Additional resources

Enabling features using feature gates

About catalogs in OLM 1.0

You can discover installable content by querying a catalog for Kubernetes extensions, such as Operators and controllers, by using the catalogd component. Catalogd is a Kubernetes extension that unpacks catalog content for on-cluster clients and is part of the Operator Lifecycle Manager (OLM) 1.0 suite of microservices. Currently, catalogd unpacks catalog content that is packaged and distributed as container images.

Additional resources

File-based catalogs

Red Hat-provided Operator catalogs in OLM 1.0

Operator Lifecycle Manager (OLM) 1.0 does not include Red Hat-provided Operator catalogs by default. If you want to add a Red Hat-provided catalog to your cluster, create a custom resource (CR) for the catalog and apply it to the cluster. The following custom resource (CR) examples show how to create a catalog resources for OLM 1.0.

If you want to use a catalog that is hosted on a secure registry, such as Red Hat-provided Operator catalogs from registry.redhat.io, you must have a pull secret scoped to the openshift-catalogd namespace. For more information, see “Creating a pull secret for catalogs hosted on a secure registry”.

Example Red Hat Operators catalog

apiVersion: catalogd.operatorframework.io/v1alpha1
kind: Catalog
metadata:
  name: redhat-operators
spec:
  source:
    type: image
    image:
      ref: registry.redhat.io/redhat/redhat-operator-index:v4
      pullSecret: <pull_secret_name>

Example Certified Operators catalog

apiVersion: catalogd.operatorframework.io/v1alpha1
kind: Catalog
metadata:
  name: certified-operators
spec:
  source:
    type: image
    image:
      ref: registry.redhat.io/redhat/certified-operator-index:v4
      pullSecret: <pull_secret_name>

Example Community Operators catalog

apiVersion: catalogd.operatorframework.io/v1alpha1
kind: Catalog
metadata:
  name: community-operators
spec:
  source:
    type: image
    image:
      ref: registry.redhat.io/redhat/community-operator-index:v4
      pullSecret: <pull_secret_name>

The following command adds a catalog to your cluster:

Command syntax

$ oc apply -f <catalog_name>.yaml (1)

1	Specifies the catalog CR, such as `redhat-operators.yaml`.

Additional resources

Creating a pull secret for catalogs hosted on a secure registry

Currently, catalogd cannot read global pull secrets from OKD clusters. Catalogd can read references to secrets only in the namespace where it is deployed.

Prerequisites

Login credentials for the secure registry
Docker or Podman installed on your workstation

Procedure

If you already have a .dockercfg file with login credentials for the secure registry, create a pull secret by running the following command:

$ oc create secret generic <pull_secret_name> \
    --from-file=.dockercfg=<file_path>/.dockercfg \
    --type=kubernetes.io/dockercfg \
    --namespace=openshift-catalogd

Example command

$ oc create secret generic redhat-cred \
    --from-file=.dockercfg=/home/<username>/.dockercfg \
    --type=kubernetes.io/dockercfg \
    --namespace=openshift-catalogd

If you already have a $HOME/.docker/config.json file with login credentials for the secured registry, create a pull secret by running the following command:

$ oc create secret generic <pull_secret_name> \
    --from-file=.dockerconfigjson=<file_path>/.docker/config.json \
    --type=kubernetes.io/dockerconfigjson \
    --namespace=openshift-catalogd

Example command

$ oc create secret generic redhat-cred \
    --from-file=.dockerconfigjson=/home/<username>/.docker/config.json \
    --type=kubernetes.io/dockerconfigjson \
    --namespace=openshift-catalogd

If you do not have a Docker configuration file with login credentials for the secure registry, create a pull secret by running the following command:

$ oc create secret docker-registry <pull_secret_name> \
    --docker-server=<registry_server> \
    --docker-username=<username> \
    --docker-password=<password> \
    --docker-email=<email> \
    --namespace=openshift-catalogd

Example command

$ oc create secret docker-registry redhat-cred \
    --docker-server=registry.redhat.io \
    --docker-username=username \
    --docker-password=password \
    --docker-email=user@example.com \
    --namespace=openshift-catalogd

Adding a catalog to a cluster

To add a catalog to a cluster, create a catalog custom resource (CR) and apply it to the cluster.

Prerequisites

If you want to use a catalog that is hosted on a secure registry, such as Red Hat-provided Operator catalogs from registry.redhat.io, you must have a pull secret scoped to the openshift-catalogd namespace. For more information, see “Creating a pull secret for catalogs hosted on a secure registry”.

Procedure

Create a catalog custom resource (CR), similar to the following example:

Example redhat-operators.yaml

apiVersion: catalogd.operatorframework.io/v1alpha1
kind: Catalog
metadata:
  name: redhat-operators
spec:
  source:
    type: image
    image:
      ref: registry.redhat.io/redhat/redhat-operator-index:v4 (1)
      pullSecret: <pull_secret_name> (2)

1	Specify the catalog’s image in the `spec.source.image` field.
2	If your catalog is hosted on a secure registry, such as `registry.redhat.io`, you must create a pull secret scoped to the `openshift-catalog` namespace.

Add the catalog to your cluster by running the following command:

$ oc apply -f redhat-operators.yaml

Example output

catalog.catalogd.operatorframework.io/redhat-operators created

Verification

Run the following commands to verify the status of your catalog:

Check if you catalog is available by running the following command:
```
$ oc get catalog
```
Example output
```
NAME                  AGE
redhat-operators      20s
```

Check the status of your catalog by running the following command:

$ oc describe catalog

Example output

Name:         redhat-operators
Namespace:
Labels:       <none>
Annotations:  <none>
API Version:  catalogd.operatorframework.io/v1alpha1
Kind:         Catalog
Metadata:
  Creation Timestamp:  2024-01-10T16:18:38Z
  Finalizers:
    catalogd.operatorframework.io/delete-server-cache
  Generation:        1
  Resource Version:  57057
  UID:               128db204-49b3-45ee-bfea-a2e6fc8e34ea
Spec:
  Source:
    Image:
      Pull Secret:  redhat-cred
      Ref:          registry.redhat.io/redhat/redhat-operator-index:v4.15
    Type:           image
Status: (1)
  Conditions:
    Last Transition Time:  2024-01-10T16:18:55Z
    Message:
    Reason:                UnpackSuccessful (2)
    Status:                True
    Type:                  Unpacked
  Content URL:             http://catalogd-catalogserver.openshift-catalogd.svc/catalogs/redhat-operators/all.json
  Observed Generation:     1
  Phase:                   Unpacked (3)
  Resolved Source:
    Image:
      Last Poll Attempt:  2024-01-10T16:18:51Z
      Ref:                registry.redhat.io/redhat/redhat-operator-index:v4.15
      Resolved Ref:       registry.redhat.io/redhat/redhat-operator-index@sha256:7b536ae19b8e9f74bb521c4a61e5818e036ac1865a932f2157c6c9a766b2eea5 (4)
    Type:                 image
Events:                   <none>

1	Describes the status of the catalog.
2	Displays the reason the catalog is in the current state.
3	Displays the phase of the installation process.
4	Displays the image reference of the catalog.

Additional resources

Creating a pull secret for catalogs hosted on a secure registry

Finding Operators to install from a catalog

After you add a catalog to your cluster, you can query the catalog to find Operators and extensions to install. Before you can query catalogs, you must port forward the catalog server service.

Prerequisite

You have added a catalog to your cluster.
You have installed the jq CLI tool.

Procedure

Port foward the catalog server service in the openshift-catalogd namespace by running the following command:
```
$ oc -n openshift-catalogd port-forward svc/catalogd-catalogserver 8080:80
```

Download the catalog’s JSON file locally by running the following command:

$ curl -L http://localhost:8080/catalogs/<catalog_name>/all.json \
  -C - -o /<path>/<catalog_name>.json

Example command

$ curl -L http://localhost:8080/catalogs/redhat-operators/all.json \
  -C - -o /home/<username>/catalogs/rhoc.json

Get a list of the Operators and extensions from the local catalog file by running the following command:

$ jq -s '.[] | select(.schema == "olm.package") | .name' \
  /<path>/<filename>.json

Example command

$ jq -s '.[] | select(.schema == "olm.package") | .name' \
  /home/<username>/catalogs/rhoc.json

Example output

NAME                                                        AGE
"3scale-operator"
"advanced-cluster-management"
"amq-broker-rhel8"
"amq-online"
"amq-streams"
"amq7-interconnect-operator"
"ansible-automation-platform-operator"
"ansible-cloud-addons-operator"
"apicast-operator"
"aws-efs-csi-driver-operator"
"aws-load-balancer-operator"
"bamoe-businessautomation-operator"
"bamoe-kogito-operator"
"bare-metal-event-relay"
"businessautomation-operator"
...

Inspect the contents of an Operator or extension’s metadata by running the following command:

$ jq -s '.[] | select( .schema == "olm.package") | \
  select( .name == "<package_name>")' <catalog_name>.json

Example command

$ jq -s '.[] | select( .schema == "olm.package") | \
  select( .name == "serverless-operator")' rhoc.json

Example output

{
  "defaultChannel": "stable",
  "icon": {
    "base64data": "PHN2ZyB4bWxu..."
    "mediatype": "image/svg+xml"
  },
  "name": "serverless-operator",
  "schema": "olm.package"
}

Common catalog queries

You can query catalogs by using the jq CLI tool.

Query Request

Table 1. Common package queries
Query	Request
Available packages in a catalog	`$ jq -s ‘.[] \| select( .schema == “olm.package”) \| \` `.name’ <catalog_name>.json`
Package metadata	`$ jq -s ‘.[] \| select( .schema == “olm.package”) \| \` `select( .name == “<package_name>”)’ <catalog_name>.json`
Catalog blobs in a package	`$ jq -s ‘.[] \| select( .package == “<package_name>”)’ \` `<catalog_name>.json`

Available packages in a catalog

$ jq -s ‘.[] | select( .schema == “olm.package”) | \
  .name’ <catalog_name>.json

Package metadata

$ jq -s ‘.[] | select( .schema == “olm.package”) | \
  select( .name == “<package_name>”)’ <catalog_name>.json

Catalog blobs in a package

$ jq -s ‘.[] | select( .package == “<package_name>”)’ \
  <catalog_name>.json

Query Request

Table 2. Common channel queries
Query	Request
Channels in a package	`$ jq -s ‘.[] \| select( .schema == “olm.channel” ) \| \` `select( .package == “<package_name>”) \| .name’ \` `<catalog_name>.json`
Latest version in a channel Upgrade path	`$ jq -s ‘.[] \| select( .schema == “olm.channel” ) \| \` `select ( .name == “<channel>”) \| \` `select( .package == “<package_name>”)’ \` `<catalog_name>.json`

Channels in a package

$ jq -s ‘.[] | select( .schema == “olm.channel” ) | \
  select( .package == “<package_name>”) | .name’ \
  <catalog_name>.json

Latest version in a channel
Upgrade path

$ jq -s ‘.[] | select( .schema == “olm.channel” ) | \
  select ( .name == “<channel>”) | \
  select( .package == “<package_name>”)’ \
  <catalog_name>.json

Query Request

Table 3. Common bundle queries
Query	Request
Bundles in a package	`$ jq -s ‘.[] \| select( .schema == “olm.bundle” ) \| \` `select( .package == “<package_name>”) \| .name’ \` `<catalog_name>.json`
Bundle dependencies Available APIs	`$ jq -s ‘.[] \| select( .schema == “olm.bundle” ) \| \` `select ( .name == “<bundle_name>”) \| \` `select( .package == “<package_name>”)’ \` `<catalog_name>.json`

Bundles in a package

$ jq -s ‘.[] | select( .schema == “olm.bundle” ) | \
  select( .package == “<package_name>”) | .name’ \
  <catalog_name>.json

Bundle dependencies
Available APIs

$ jq -s ‘.[] | select( .schema == “olm.bundle” ) | \
  select ( .name == “<bundle_name>”) | \
  select( .package == “<package_name>”)’ \
  <catalog_name>.json

About target versions in OLM 1.0

In Operator Lifecycle Manager (OLM) 1.0, cluster administrators set the target version of an Operator declaratively in the Operator’s custom resource (CR).

If you specify a channel in the Operator’s CR, OLM 1.0 installs the latest release from the specified channel. When updates are published to the specified channel, OLM 1.0 automatically updates to the latest release from the channel.

Example CR with a specified channel

apiVersion: operators.operatorframework.io/v1alpha1
kind: Operator
metadata:
  name: quay-example
spec:
  packageName: quay-operator
  channel: stable-3.8 (1)

1	Installs the latest release published to the specified channel. Updates to the channel are automatically installed.

If you specify the Operator’s target version in the CR, OLM 1.0 installs the specified version. When the target version is specified in the Operator’s CR, OLM 1.0 does not change the target version when updates are published to the catalog.

If you want to update the version of the Operator that is installed on the cluster, you must manually update the Operator’s CR. Specifying a Operator’s target version pins the Operator’s version to the specified release.

Example CR with the target version specified

apiVersion: operators.operatorframework.io/v1alpha1
kind: Operator
metadata:
  name: quay-example
spec:
  packageName: quay-operator
  version: 3.8.12 (1)

1	Specifies the target version. If you want to update the version of the Operator that is installed on the cluster, you must manually update this field the Operator’s CR to the desired target version.

If you want to change the installed version of an Operator, edit the Operator’s CR to the desired target version.

In previous versions of OLM, Operator authors could define upgrade edges to prevent you from updating to unsupported versions. In its current state of development, OLM 1.0 does not enforce upgrade edge definitions. You can specify any version of an Operator, and OLM 1.0 attempts to apply the update.

You can inspect an Operator’s catalog contents, including available versions and channels, by running the following command:

Command syntax

$ oc get package <catalog_name>-<package_name> -o yaml

After you create or update a CR, create or configure the Operator by running the following command:

Command syntax

$ oc apply -f <extension_name>.yaml

Troubleshooting

If you specify a target version or channel that does not exist, you can run the following command to check the status of your Operator:

$ oc get operator.operators.operatorframework.io <operator_name> -o yaml

Example output

apiVersion: operators.operatorframework.io/v1alpha1
kind: Operator
metadata:
  annotations:
    kubectl.kubernetes.io/last-applied-configuration: |
      {"apiVersion":"operators.operatorframework.io/v1alpha1","kind":"Operator","metadata":{"annotations":{},"name":"quay-example"},"spec":{"packageName":"quay-operator","version":"999.99.9"}}
  creationTimestamp: "2023-10-19T18:39:37Z"
  generation: 3
  name: quay-example
  resourceVersion: "51505"
  uid: 2558623b-8689-421c-8ed5-7b14234af166
spec:
  packageName: quay-operator
  version: 999.99.9
status:
  conditions:
  - lastTransitionTime: "2023-10-19T18:50:34Z"
    message: package 'quay-operator' at version '999.99.9' not found
    observedGeneration: 3
    reason: ResolutionFailed
    status: "False"
    type: Resolved
  - lastTransitionTime: "2023-10-19T18:50:34Z"
    message: installation has not been attempted as resolution failed
    observedGeneration: 3
    reason: InstallationStatusUnknown
    status: Unknown
    type: Installed

Updating an Operator

You can update your Operator by manually editing your Operator’s custom resource (CR) and applying the changes.

Prerequisites

You have a catalog installed.
You have an Operator installed.

Procedure

Inspect your Operator’s package contents to find which channels and versions are available for updating by running the following command:
```
$ oc get package <catalog_name>-<package_name> -o yaml
```
Example command
```
$ oc get package redhat-operators-quay-operator -o yaml
```

Edit your Operator’s CR to update the version to 3.9.1, as shown in the following example:

Example test-operator.yaml CR

apiVersion: operators.operatorframework.io/v1alpha1
kind: Operator
metadata:
  name: quay-example
spec:
  packageName: quay-operator
  version: 3.9.1 (1)

1	Update the version to `3.9.1`

Apply the update to the cluster by running the following command:

$ oc apply -f test-operator.yaml

Example output

operator.operators.operatorframework.io/quay-example configured

You can patch and apply the changes to your Operator’s version from the CLI by running the following command:

$ oc patch operator.operators.operatorframework.io/quay-example -p \
  ‘{“spec”:{“version”:”3.9.1”}}’ \
  —type=merge

Example output

operator.operators.operatorframework.io/quay-example patched

Verification

Verify that the channel and version updates have been applied by running the following command:

$ oc get operator.operators.operatorframework.io/quay-example -o yaml

Example output

apiVersion: operators.operatorframework.io/v1alpha1
kind: Operator
metadata:
  annotations:
    kubectl.kubernetes.io/last-applied-configuration: |
      {"apiVersion":"operators.operatorframework.io/v1alpha1","kind":"Operator","metadata":{"annotations":{},"name":"quay-example"},"spec":{"packageName":"quay-operator","version":"3.9.1"}}
  creationTimestamp: "2023-10-19T18:39:37Z"
  generation: 2
  name: quay-example
  resourceVersion: "47423"
  uid: 2558623b-8689-421c-8ed5-7b14234af166
spec:
  packageName: quay-operator
  version: 3.9.1 (1)
status:
  conditions:
  - lastTransitionTime: "2023-10-19T18:39:37Z"
    message: resolved to "registry.redhat.io/quay/quay-operator-bundle@sha256:4864bc0d5c18a84a5f19e5e664b58d3133a2ac2a309c6b5659ab553f33214b09"
    observedGeneration: 2
    reason: Success
    status: "True"
    type: Resolved
  - lastTransitionTime: "2023-10-19T18:39:46Z"
    message: installed from "registry.redhat.io/quay/quay-operator-bundle@sha256:4864bc0d5c18a84a5f19e5e664b58d3133a2ac2a309c6b5659ab553f33214b09"
    observedGeneration: 2
    reason: Success
    status: "True"
    type: Installed
  installedBundleResource: registry.redhat.io/quay/quay-operator-bundle@sha256:4864bc0d5c18a84a5f19e5e664b58d3133a2ac2a309c6b5659ab553f33214b09
  resolvedBundleResource: registry.redhat.io/quay/quay-operator-bundle@sha256:4864bc0d5c18a84a5f19e5e664b58d3133a2ac2a309c6b5659ab553f33214b09

1	Verify that the version is updated to `3.9.1`.

Deleting an Operator

You can delete an Operator and its custom resource definitions (CRDs) by deleting the Operator’s custom resource (CR).

Prerequisites

You have a catalog installed.
You have an Operator installed.

Procedure

Delete an Operator and its CRDs by running the following command:

$ oc delete operator.operators.operatorframework.io quay-example

Example output

operator.operators.operatorframework.io "quay-example" deleted

Verification

Run the following commands to verify that your Operator and its resources were deleted:
- Verify the Operator is deleted by running the following command:
```
$ oc get operator.operators.operatorframework.io
```
  Example output
```
No resources found
```
- Verify that the Operator’s system namespace is deleted by running the following command:
```
$ oc get ns quay-operator-system
```
  Example output
```
Error from server (NotFound): namespaces "quay-operator-system" not found
```