Getting started with Operator SDK for Helm-based Operators

The Operator SDK includes options for generating an Operator project that leverages existing Helm charts to deploy Kubernetes resources as a unified application, without having to write any Go code.

To demonstrate the basics of setting up and running an Helm-based Operator using tools and libraries provided by the Operator SDK, Operator developers can build an example Helm-based Operator for Nginx and deploy it to a cluster.

Prerequisites

  • Operator SDK CLI installed

  • OpenShift CLI (oc) 4+ installed

  • Logged into an OKD 4 cluster with oc with an account that has cluster-admin permissions

  • To allow the cluster to pull the image, the repository where you push your image must be set as public, or you must configure an image pull secret

Additional resources

Creating and deploying Helm-based Operators

You can build and deploy a simple Helm-based Operator for Nginx by using the Operator SDK.

Procedure

  1. Create a project.

    1. Create your project directory:

      1. $ mkdir nginx-operator
    2. Change into the project directory:

      1. $ cd nginx-operator
    3. Run the operator-sdk init command with the helm plugin to initialize the project:

      1. $ operator-sdk init \
      2. --plugins=helm
  2. Create an API.

    Create a simple Nginx API:

    1. $ operator-sdk create api \
    2. --group demo \
    3. --version v1 \
    4. --kind Nginx

    This API uses the built-in Helm chart boilerplate from the helm create command.

  3. Build and push the Operator image.

    Use the default Makefile targets to build and push your Operator. Set IMG with a pull spec for your image that uses a registry you can push to:

    1. $ make docker-build docker-push IMG=<registry>/<user>/<image_name>:<tag>
  4. Run the Operator.

    1. Install the CRD:

      1. $ make install
    2. Deploy the project to the cluster. Set IMG to the image that you pushed:

      1. $ make deploy IMG=<registry>/<user>/<image_name>:<tag>
  5. Add a security context constraint (SCC).

    The Nginx service account requires privileged access to run in OKD. Add the following SCC to the service account for the nginx-sample pod:

    1. $ oc adm policy add-scc-to-user \
    2. anyuid system:serviceaccount:nginx-operator-system:nginx-sample
  6. Create a sample custom resource (CR).

    1. Create a sample CR:

      1. $ oc apply -f config/samples/demo_v1_nginx.yaml \
      2. -n nginx-operator-system
    2. Watch for the CR to reconcile the Operator:

      1. $ oc logs deployment.apps/nginx-operator-controller-manager \
      2. -c manager \
      3. -n nginx-operator-system
  7. Delete a CR.

    Delete a CR by running the following command:

    1. $ oc delete -f config/samples/demo_v1_nginx -n nginx-operator-system
  8. Clean up.

    Run the following command to clean up the resources that have been created as part of this procedure:

    1. $ make undeploy

Next steps