Installing an Operator on OpenShift via Command Line: A Step-by-Step Guide

Installing an operator on OpenShift via the command line is a fundamental skill that enables administrators and developers to extend the functionality of their OpenShift clusters. Operators are powerful tools that automate the deployment, management, and scaling of complex applications and services within the OpenShift ecosystem.

In a vanilla Kubernetes cluster, the installation of an operator is typically accomplished using a Helm chart or Kustomize. However, OpenShift offers a more streamlined approach through its Marketplace, which provides a toolset that unlocks a series of advantageous features and benefits.

However, the Marketplace is primarily designed to be used within the OpenShift UI. Nevertheless, there are situations where developers may want to leverage the advantages of the Marketplace without relying on the UI. This scenario is quite common when building installation scripts or working on automation processes.

So, in this article we will explore how to make use of the power of the the OpenShift market place over command line, this will be done by making the installation of the RedHat AMQ Streams (RedHat distribution of strimizi) on a cluster, allowing the usage of the of the Kakfa on your cluster.

In this article, we will delve into harnessing the power of the OpenShift Marketplace through the command line interface (CLI). Using as use case the installation process of Red Hat AMQ Streams, which is a Red Hat distribution of Strimzi. This installation will enable you to leverage the capabilities of a Kafka Operator within your OpenShift cluster.

Marketplace

OpenShift market place

The OpenShift Marketplace is a centralized platform that provides users with a catalog of certified software and services that can be easily installed and integrated into OpenShift clusters. It offers a curated selection of applications, tools, and services from various vendors and partners. The main advantages of the usage of this tool are:

1. Centralized Catalog: The OpenShift Marketplace acts as a centralized catalog of certified operators, simplifying the discovery and selection process. Users can browse through a wide range of operators from various vendors, ensuring a diverse set of options to meet their specific needs.
2. Simplified Installation: The Marketplace streamlines the installation process by providing a seamless user experience. With just a few clicks, users can install operators directly from the Marketplace, eliminating the need for manual configuration and setup.
3. Version Control and Updates: The Marketplace keeps track of operator versions, making it easier to manage and update them. Users can conveniently access the latest versions and apply updates to their installed operators, ensuring they can leverage new features and bug fixes promptly.

By leveraging the command line interface (CLI), there are two key advantages that stand out: the first and the last. However, these advantages hold significant importance, particularly when it comes to the latter on the operation of the cluster, given that the last one ensures that periodic application of health and security patches to the operator.

Operator Installation Process

The installation of an operator typically involves two primary steps: adding an operator group and creating a subscription for the operator. These steps will provide OpenShift with the necessary information to make the installation of the operator.

Let’s examine these steps in more detail:

Operator Group

In the context of OpenShift an Operator Group is a CRD (custom resource definition) used to define a logical grouping of target namespaces where an operator should be installed and managed. It provides a way to control the scope and distribution of operators across different namespaces within an OpenShift cluster.

Here are some key aspects and uses of Operator Groups:

1. Namespace Scoping: An Operator Group allows you to specify the target namespaces where an operator should be installed and managed. This provides control over which namespaces have access to and are affected by the operator.
2. Cross-Namespace Deployment: Operator Groups support the deployment of operators across multiple namespaces. This is particularly useful when you want to share an operator’s functionality and resources among different projects or teams within the cluster.

Overall, an Operator Group is a powerful resource that helps control the installation, deployment, and management of operators within an OpenShift cluster. By defining target namespaces and access control policies, Operator Groups provide a flexible and scalable approach to organizing and distributing operators across different projects and teams.

Subscription

In the context of operators on OpenShift, a subscription is an essential Custom Resource Definition (CRD) that grants control over various aspects of the operator installation and lifecycle. When creating a subscription, it is crucial to consider the following key elements:

1. Catalog Choice: The subscription encompasses all the essential information required by the cluster to determine which operator to install and where to download it from. This will play a vital role in the installation process, providing crucial details such as: name, source and source namespace.
2. Subscription Update Process: it will determining whether the update process should be manual or automatic, as well as defining the update channel to be followed.

Installing

As mentioned in the introduction, the installation process will be based on installing AMQ Streams from the OpenShift Marketplace. To kickstart this process, we will begin by installing the operator group.

Operator Group

The initial step in installing the operator group is to create a file containing the contents of the Kafka operator group. We will refer to this file as “kafka_operator_group.yaml”.

# file kafka_operator_group.yaml
# this file will provide all the necessary information
# for the permitions and scope of the operator
apiVersion: operators.coreos.com/v1
kind: OperatorGroup
metadata:
  name: kafka-operator-group
  namespace: kafka
spec:
  targetNamespaces:
  - kafka

f you want to install the operator group in all namespaces, simply leave the spec section of the YAML file as an empty object {}.

# file kafka_operator_group.yaml
apiVersion: operators.coreos.com/v1
kind: OperatorGroup
metadata:
  name: kafka-operator-group
  namespace: kafka
spec: {}

Subscription

The second step of the installation process involves creating the Subscription Custom Resource Definition (CRD). As mentioned earlier, this file contains crucial information regarding which operator should be installed and the update plans associated with it. We will refer to this file as “kafka_subscrition.yaml”.

# kafka_subscrition.yaml
apiVersion: operators.coreos.com/v1alpha1
kind: Subscription
metadata:
  name: kafka-subscription
  namespace: kafka
spec:
  name: "$name"
  channel: $channel
  startingCSV: "$currentCSV"
  source: "$catalog_source"
  sourceNamespace: $catalog_source_namespace
  installPlanApproval: Automatic

As you can see, the Subscription CRD file contains several variables that need to be filled with specific values. To retrieve the necessary values for these variables, we will run some commands that provide a list of the values to be used.

Name

After obtaining the name of the operator that you intend to install, you can use the oc get packagemanifest command to retrieve the exact name of the operator. The follow command will give a way to filter the packages by name.

oc get packagemanifest -o json | jq '.items[].metadata.name' | grep amq

# this command will print the list of operators
# on this case:

# "amq-broker-rhel8" 
# "amq-streams" 
# "amq-online"
# "amq7-interconnect-operator"

Catalog source and Catalog Source Namespace

After acquiring the name of the operator (amq-streams), you can retrieve the catalog source using the following command:

oc get packagemanifest -o json |\
  jq '.items[] | select(.metadata.name=="amq-streams")' |\
  jq .status.catalogSource

The command provided above allows you to retrieve the list of catalog sources available for the operator. In this particular installation, we will select the “redhat-operators” catalog source. Once you have chosen the catalog source, the next step is to define the Catalog Source Namespace. You can acquire the possible options for the Catalog Source Namespace using the following command:

oc get packagemanifest -o json |\
  jq '.items[] | select(.metadata.name=="amq-streams") |\
  select(.status.catalogSource=="redhat-operators")' |\
  jq '.metadata.labels."catalog-namespace"'

Channel and Install Plan approval

The last variables to be defined are the channel and the install plan approval. To retrieve the channel, you can use the following command:

# define the channel
oc get packagemanifest -o json |\
  jq '.items[] | select(.metadata.name=="amq-streams") |\
  select(.status.catalogSource=="redhat-operators")' |\
  jq '.status.channels[].name'

# define the csv
oc get packagemanifest -o json |\
  jq '.items[] | select(.metadata.name=="amq-streams") |\
  select(.status.catalogSource=="redhat-operators")' |\
  jq 'select(.status.channels[].name=="stable")' |\
  jq '.status.channels[].currentCSV'

Meanwhile, the choice of Install Plan approval depends on your specific requirements. It is recommended to use the “Automatic” option as it ensures that your operator will always be updated to the latest stable version. However, this choice should be made with caution, considering the nature of the product or project.

In certain cases, it may be necessary to exercise more caution when it comes to updates. Depending on the requirements, you may need to control the timing of updates or have specific windows for applying them. In such situations, the “Manual” option can be selected to allow for more deliberate decision-making regarding the updates.

Application

After creating these two files, applying them to your cluster is a straightforward process. Once you have logged in to your cluster using the oc login command, follow these steps to apply the files:

# creating the operator group
oc apply -f kafka_operator_group.yaml

# creating the subscrition
oc apply -f kafka_subscrition.yaml

Conclusion

As we have seen, the installation of a script on OpenShift via the command line is a straightforward process. This is made possible due to the marketplace structure within an OpenShift cluster. As an additional bonus, I have created an interactive CLI tool available on my GitHub gist.

You can access the interactive CLI tool by following this link: GitHub Gist

Interative CLI for installation