- Red Hat Operators
- Cloud Credential Operator
- Cluster Config Operator
- Cluster Authentication Operator
- Cluster Autoscaler Operator
- Cluster Image Registry Operator
- Cluster Machine Approver Operator
- Cluster Monitoring Operator
- Cluster Network Operator
- OpenShift Controller Manager Operator
- Cluster Samples Operator
- Cluster Storage Operator
- Cluster Version Operator
- Console Operator
- DNS Operator
- etcd cluster Operator
- Ingress Operator
- Kubernetes API Server Operator
- Kubernetes Controller Manager Operator
- Kubernetes Scheduler Operator
- Machine API Operator
- Machine Config Operator
- Marketplace Operator
- Node Tuning Operator
- Operator Lifecycle Manager Operators
- OpenShift API Server Operator
- Prometheus Operator
- vSphere Problem Detector Operator
- Windows Machine Config Operator
Red Hat Operators
Cloud Credential Operator
Purpose
The Cloud Credential Operator (CCO) manages cloud provider credentials as Kubernetes custom resource definitions (CRDs). The CCO syncs on CredentialsRequest
custom resources (CRs) to allow OKD components to request cloud provider credentials with the specific permissions that are required for the cluster to run.
By setting different values for the credentialsMode
parameter in the install-config.yaml
file, the CCO can be configured to operate in several different modes. If no mode is specified, or the credentialsMode
parameter is set to an empty string (""
), the CCO operates in its default mode.
Project
openshift-cloud-credential-operator
CRDs
credentialsrequests.cloudcredential.openshift.io
Scope: Namespaced
CR:
CredentialsRequest
Validation: Yes
Configuration objects
No configuration required.
Additional resources
Cluster Config Operator
Purpose
The Cluster Config Operator performs the following tasks related to config.openshift.io
:
Creates CRDs.
Renders the initial custom resources.
Handles migrations.
Project
Cluster Authentication Operator
Purpose
The Cluster Authentication Operator installs and maintains the Authentication
custom resource in a cluster and can be viewed with:
$ oc get clusteroperator authentication -o yaml
Project
cluster-authentication-operator
Cluster Autoscaler Operator
Purpose
The Cluster Autoscaler Operator manages deployments of the OpenShift Cluster Autoscaler using the cluster-api
provider.
Project
CRDs
ClusterAutoscaler
: This is a singleton resource, which controls the configuration autoscaler instance for the cluster. The Operator only responds to theClusterAutoscaler
resource nameddefault
in the managed namespace, the value of theWATCH_NAMESPACE
environment variable.MachineAutoscaler
: This resource targets a node group and manages the annotations to enable and configure autoscaling for that group, themin
andmax
size. Currently onlyMachineSet
objects can be targeted.
Cluster Image Registry Operator
Purpose
The Cluster Image Registry Operator manages a singleton instance of the OKD registry. It manages all configuration of the registry, including creating storage.
On initial start up, the Operator creates a default image-registry
resource instance based on the configuration detected in the cluster. This indicates what cloud storage type to use based on the cloud provider.
If insufficient information is available to define a complete image-registry
resource, then an incomplete resource is defined and the Operator updates the resource status with information about what is missing.
The Cluster Image Registry Operator runs in the openshift-image-registry
namespace and it also manages the registry instance in that location. All configuration and workload resources for the registry reside in that namespace.
Project
cluster-image-registry-operator
Cluster Machine Approver Operator
Purpose
The Cluster Machine Approver Operator automatically approves the CSRs requested for a new worker node after cluster installation.
For the control plane node, the |
Project
cluster-machine-approver-operator
Cluster Monitoring Operator
Purpose
The Cluster Monitoring Operator manages and updates the Prometheus-based cluster monitoring stack deployed on top of OKD.
Project
CRDs
alertmanagers.monitoring.coreos.com
Scope: Namespaced
CR:
alertmanager
Validation: Yes
prometheuses.monitoring.coreos.com
Scope: Namespaced
CR:
prometheus
Validation: Yes
prometheusrules.monitoring.coreos.com
Scope: Namespaced
CR:
prometheusrule
Validation: Yes
servicemonitors.monitoring.coreos.com
Scope: Namespaced
CR:
servicemonitor
Validation: Yes
Configuration objects
$ oc -n openshift-monitoring edit cm cluster-monitoring-config
Cluster Network Operator
Purpose
The Cluster Network Operator installs and upgrades the networking components on an OKD cluster.
OpenShift Controller Manager Operator
Purpose
The OpenShift Controller Manager Operator installs and maintains the OpenShiftControllerManager
custom resource in a cluster and can be viewed with:
$ oc get clusteroperator openshift-controller-manager -o yaml
The custom resource definitino (CRD) openshiftcontrollermanagers.operator.openshift.io
can be viewed in a cluster with:
$ oc get crd openshiftcontrollermanagers.operator.openshift.io -o yaml
Project
cluster-openshift-controller-manager-operator
Cluster Samples Operator
Purpose
The Cluster Samples Operator manages the sample image streams and templates stored in the openshift
namespace.
On initial start up, the Operator creates the default samples configuration resource to initiate the creation of the image streams and templates. The configuration object is a cluster scoped object with the key cluster
and type configs.samples
.
The image streams are the Fedora CoreOS (FCOS)-based OKD image streams pointing to images on registry.redhat.io
. Similarly, the templates are those categorized as OKD templates.
The Cluster Samples Operator deployment is contained within the openshift-cluster-samples-operator
namespace. On start up, the install pull secret is used by the image stream import logic in the internal registry and API server to authenticate with registry.redhat.io
. An administrator can create any additional secrets in the openshift
namespace if they change the registry used for the sample image streams. If created, those secrets contain the content of a config.json
for docker
needed to facilitate image import.
The image for the Cluster Samples Operator contains image stream and template definitions for the associated OKD release. After the Cluster Samples Operator creates a sample, it adds an annotation that denotes the OKD version that it is compatible with. The Operator uses this annotation to ensure that each sample matches the compatible release version. Samples outside of its inventory are ignored, as are skipped samples.
Modifications to any samples that are managed by the Operator are allowed as long as the version annotation is not modified or deleted. However, on an upgrade, as the version annotation will change, those modifications can get replaced as the sample will be updated with the newer version. The Jenkins images are part of the image payload from the installation and are tagged into the image streams directly.
The samples resource includes a finalizer, which cleans up the following upon its deletion:
Operator-managed image streams
Operator-managed templates
Operator-generated configuration resources
Cluster status resources
Upon deletion of the samples resource, the Cluster Samples Operator recreates the resource using the default configuration.
Project
Cluster Storage Operator
Purpose
The Cluster Storage Operator sets OKD cluster-wide storage defaults. It ensures a default storage class exists for OKD clusters.
Project
Configuration
No configuration is required.
Notes
The Cluster Storage Operator supports Amazon Web Services (AWS) and Red Hat OpenStack Platform (RHOSP).
The created storage class can be made non-default by editing its annotation, but the storage class cannot be deleted as long as the Operator runs.
Cluster Version Operator
Purpose
Project
Console Operator
Purpose
The Console Operator installs and maintains the OKD web console on a cluster.
Project
DNS Operator
Purpose
The DNS Operator deploys and manages CoreDNS to provide a name resolution service to pods that enables DNS-based Kubernetes Service discovery in OKD.
The Operator creates a working default deployment based on the cluster’s configuration.
The default cluster domain is
cluster.local
.Configuration of the CoreDNS Corefile or Kubernetes plug-in is not yet supported.
The DNS Operator manages CoreDNS as a Kubernetes daemon set exposed as a service with a static IP. CoreDNS runs on all nodes in the cluster.
Project
etcd cluster Operator
Purpose
The etcd cluster Operator automates etcd cluster scaling, enables etcd monitoring and metrics, and simplifies disaster recovery procedures.
Project
CRDs
etcds.operator.openshift.io
Scope: Cluster
CR:
etcd
Validation: Yes
Configuration objects
$ oc edit etcd cluster
Ingress Operator
Purpose
The Ingress Operator configures and manages the OKD router.
Project
CRDs
clusteringresses.ingress.openshift.io
Scope: Namespaced
CR:
clusteringresses
Validation: No
Configuration objects
Cluster config
Type Name:
clusteringresses.ingress.openshift.io
Instance Name:
default
View Command:
$ oc get clusteringresses.ingress.openshift.io -n openshift-ingress-operator default -o yaml
Notes
The Ingress Operator sets up the router in the openshift-ingress
project and creates the deployment for the router:
$ oc get deployment -n openshift-ingress
The Ingress Operator uses the clusterNetwork[].cidr
from the network/cluster
status to determine what mode (IPv4, IPv6, or dual stack) the managed ingress controller (router) should operate in. For example, if clusterNetwork
contains only a v6 cidr
, then the ingress controller operate in IPv6-only mode.
In the following example, ingress controllers managed by the Ingress Operator will run in IPv4-only mode because only one cluster network exists and the network is an IPv4 cidr
:
$ oc get network/cluster -o jsonpath='{.status.clusterNetwork[*]}'
Example output
map[cidr:10.128.0.0/14 hostPrefix:23]
Kubernetes API Server Operator
Purpose
The Kubernetes API Server Operator manages and updates the Kubernetes API server deployed on top of OKD. The Operator is based on the OKD library-go
framework and it is installed using the Cluster Version Operator (CVO).
Project
openshift-kube-apiserver-operator
CRDs
kubeapiservers.operator.openshift.io
Scope: Cluser
CR:
kubeapiserver
Validation: Yes
Configuration objects
$ oc edit kubeapiserver
Kubernetes Controller Manager Operator
Purpose
The Kubernetes Controller Manager Operator manages and updates the Kubernetes Controller Manager deployed on top of OKD. The Operator is based on OKD library-go
framework and it is installed via the Cluster Version Operator (CVO).
It contains the following components:
Operator
Bootstrap manifest renderer
Installer based on static pods
Configuration observer
By default, the Operator exposes Prometheus metrics through the metrics
service.
Project
cluster-kube-controller-manager-operator
Kubernetes Scheduler Operator
Purpose
The Kubernetes Scheduler Operator manages and updates the Kubernetes Scheduler deployed on top of OKD. The Operator is based on the OKD library-go
framework and it is installed with the Cluster Version Operator (CVO).
The Kubernetes Scheduler Operator contains the following components:
Operator
Bootstrap manifest renderer
Installer based on static pods
Configuration observer
By default, the Operator exposes Prometheus metrics through the metrics service.
Project
cluster-kube-scheduler-operator
Configuration
The configuration for the Kubernetes Scheduler is the result of merging:
a default configuration.
an observed configuration from the spec
schedulers.config.openshift.io
.
All of these are sparse configurations, invalidated JSON snippets which are merged to form a valid configuration at the end.
Machine API Operator
Purpose
The Machine API Operator manages the lifecycle of specific purpose custom resource definitions (CRD), controllers, and RBAC objects that extend the Kubernetes API. This declares the desired state of machines in a cluster.
Project
CRDs
MachineSet
Machine
MachineHealthCheck
Machine Config Operator
Purpose
The Machine Config Operator manages and applies configuration and updates of the base operating system and container runtime, including everything between the kernel and kubelet.
There are four components:
machine-config-server
: Provides Ignition configuration to new machines joining the cluster.machine-config-controller
: Coordinates the upgrade of machines to the desired configurations defined by aMachineConfig
object. Options are provided to control the upgrade for sets of machines individually.machine-config-daemon
: Applies new machine configuration during update. Validates and verifies the state of the machine to the requested machine configuration.machine-config
: Provides a complete source of machine configuration at installation, first start up, and updates for a machine.
Project
openshift-machine-config-operator
Marketplace Operator
Purpose
The Marketplace Operator is a conduit to bring off-cluster Operators to your cluster.
Project
Node Tuning Operator
Purpose
The Node Tuning Operator helps you manage node-level tuning by orchestrating the TuneD daemon. The majority of high-performance applications require some level of kernel tuning. The Node Tuning Operator provides a unified management interface to users of node-level sysctls and more flexibility to add custom tuning specified by user needs.
The Operator manages the containerized TuneD daemon for OKD as a Kubernetes daemon set. It ensures the custom tuning specification is passed to all containerized TuneD daemons running in the cluster in the format that the daemons understand. The daemons run on all nodes in the cluster, one per node.
Node-level settings applied by the containerized TuneD daemon are rolled back on an event that triggers a profile change or when the containerized TuneD daemon is terminated gracefully by receiving and handling a termination signal.
The Node Tuning Operator is part of a standard OKD installation in version 4.1 and later.
Project
Operator Lifecycle Manager Operators
Purpose
Operator Lifecycle Manager (OLM) helps users install, update, and manage the lifecycle of Kubernetes native applications (Operators) and their associated services running across their OKD clusters. It is part of the Operator Framework, an open source toolkit designed to manage Operators in an effective, automated, and scalable way.
Figure 1. Operator Lifecycle Manager workflow
OLM runs by default in OKD 4.8, which aids cluster administrators in installing, upgrading, and granting access to Operators running on their cluster. The OKD web console provides management screens for cluster administrators to install Operators, as well as grant specific projects access to use the catalog of Operators available on the cluster.
For developers, a self-service experience allows provisioning and configuring instances of databases, monitoring, and big data services without having to be subject matter experts, because the Operator has that knowledge baked into it.
CRDs
Operator Lifecycle Manager (OLM) is composed of two Operators: the OLM Operator and the Catalog Operator.
Each of these Operators is responsible for managing the custom resource definitions (CRDs) that are the basis for the OLM framework:
Resource | Short name | Owner | Description |
---|---|---|---|
|
| OLM | Application metadata: name, version, icon, required resources, installation, and so on. |
|
| Catalog | Calculated list of resources to be created to automatically install or upgrade a CSV. |
|
| Catalog | A repository of CSVs, CRDs, and packages that define an application. |
|
| Catalog | Used to keep CSVs up to date by tracking a channel in a package. |
|
| OLM | Configures all Operators deployed in the same namespace as the |
Each of these Operators is also responsible for creating the following resources:
Resource | Owner |
---|---|
| OLM |
| |
| |
| |
| Catalog |
|
OLM Operator
The OLM Operator is responsible for deploying applications defined by CSV resources after the required resources specified in the CSV are present in the cluster.
The OLM Operator is not concerned with the creation of the required resources; you can choose to manually create these resources using the CLI or using the Catalog Operator. This separation of concern allows users incremental buy-in in terms of how much of the OLM framework they choose to leverage for their application.
The OLM Operator uses the following workflow:
Watch for cluster service versions (CSVs) in a namespace and check that requirements are met.
If requirements are met, run the install strategy for the CSV.
A CSV must be an active member of an Operator group for the install strategy to run.
Catalog Operator
The Catalog Operator is responsible for resolving and installing cluster service versions (CSVs) and the required resources they specify. It is also responsible for watching catalog sources for updates to packages in channels and upgrading them, automatically if desired, to the latest available versions.
To track a package in a channel, you can create a Subscription
object configuring the desired package, channel, and the CatalogSource
object you want to use for pulling updates. When updates are found, an appropriate InstallPlan
object is written into the namespace on behalf of the user.
The Catalog Operator uses the following workflow:
Connect to each catalog source in the cluster.
Watch for unresolved install plans created by a user, and if found:
Find the CSV matching the name requested and add the CSV as a resolved resource.
For each managed or required CRD, add the CRD as a resolved resource.
For each required CRD, find the CSV that manages it.
Watch for resolved install plans and create all of the discovered resources for it, if approved by a user or automatically.
Watch for catalog sources and subscriptions and create install plans based on them.
Catalog Registry
The Catalog Registry stores CSVs and CRDs for creation in a cluster and stores metadata about packages and channels.
A package manifest is an entry in the Catalog Registry that associates a package identity with sets of CSVs. Within a package, channels point to a particular CSV. Because CSVs explicitly reference the CSV that they replace, a package manifest provides the Catalog Operator with all of the information that is required to update a CSV to the latest version in a channel, stepping through each intermediate version.
Additional resources
For more information, see the sections on understanding Operator Lifecycle Manager (OLM).
OpenShift API Server Operator
Purpose
The OpenShift API Server Operator installs and maintains the openshift-apiserver
on a cluster.
Project
CRDs
openshiftapiservers.operator.openshift.io
Scope: Cluster
CR:
openshiftapiserver
Validation: Yes
Prometheus Operator
Purpose
The Prometheus Operator for Kubernetes provides easy monitoring definitions for Kubernetes services and deployment and management of Prometheus instances.
Once installed, the Prometheus Operator provides the following features:
Create and Destroy: Easily launch a Prometheus instance for your Kubernetes namespace, a specific application or team easily using the Operator.
Simple Configuration: Configure the fundamentals of Prometheus like versions, persistence, retention policies, and replicas from a native Kubernetes resource.
Target Services via Labels: Automatically generate monitoring target configurations based on familiar Kubernetes label queries; no need to learn a Prometheus specific configuration language.
Project
vSphere Problem Detector Operator
Purpose
The vSphere Problem Detector Operator checks the cluster for common installation and misconfiguration issues.
Configuration
No configuration is required.
Notes
The Operator supports OKD installations on vSphere.
The Operator uses the
vsphere-cloud-credentials
to communicate with vSphere.The Operator performs checks that are related to storage.
Windows Machine Config Operator
Purpose
The Windows Machine Config Operator (WMCO) orchestrates the process of deploying and managing Windows workloads on a cluster. The WMCO configures Windows machines into compute nodes, enabling Windows container workloads to run in OKD clusters. This is done by creating a machine set that uses a Windows image with the Docker-formatted container runtime installed. The WMCO completes all necessary steps to configure the underlying Windows VM so that it can join the cluster as a compute node.