Solution Operator guidelines¶
An Operator is a method of packaging, deploying and managing a Kubernetes application. A Kubernetes application is an application that is both deployed on Kubernetes and managed using the Kubernetes APIs and
kubectl
tooling.
MetalK8s Solutions are a concept mostly centered around the Operator pattern. While there is no explicit requirements except the ones described below (see Requirements), we recommend using the Operator SDK as it will embed best practices from the Kubernetes community. We also include some Recommendations.
Requirements¶
Files¶
All Operator-related files except for the container images (see
OCI images) should be stored under /operator
in the ISO
archive. Those files should be organized as follows:
operator
└── deploy
├── crds
│ └── some_crd_name.yaml
├── operator.yaml
├── role.yaml
├── role_binding.yaml
└── service_account.yaml
Most of these files are generated when using the Operator SDK.
Todo
Specify each of them, include example (after #1060 is done).
Remember to note specificities about OCI_REPOSITORY_PREFIX
/ namespaces.
Think about using kustomize
(or kubectl apply -k
, though only
available from K8s 1.14).
Monitoring¶
MetalK8s does not handle the monitoring of a Solution application, which means:
the user, manually or through the Solution UI, should create
Service
andServiceMonitor
objects for each Operator instanceOperators should create
Service
andServiceMonitor
objects for each deployed component they own
The Prometheus Operator deployed by MetalK8s has cluster-scoped permissions,
and is able to read the aforementioned ServiceMonitor
objects
to set up monitoring of your application services.
Recommendations¶
Permissions¶
MetalK8s does not provide tools to deploy the Operator itself, so that users can have better control over which version runs where.
The best-practice encouraged here is to use namespace-scoped permissions for the Operator, instead of cluster-scoped.
This allows for better isolation between different application deployments from a single Solution, for instance when trying out a new version before affecting production machines, or when managing two independent application stacks.
Note
Future improvements to MetalK8s may include the addition of an “Operator for Operators”, such as the Operator Lifecycle Manager.