Skip to main content
Loading
Version: Operator 2.1.0

Install the Operator from OperatorHub

This procedure applies to:

note

For Kubernetes 1.23 version or later, Pod Security Admission (PSA) is enabled by default. Make sure the namespace where the Aerospike Operator is installed has either baseline or privileged Pod Security Standard level set. The restricted level is not supported by Aerospike. The default Pod Security Standard level in Kubernetes 1.23 is privileged. For more details, see Apply Pod Security Standards

Install the Operator Lifecycle Manager (OLM)โ€‹

Install OLM on your Kubernetes cluster with the command:

curl -sL https://github.com/operator-framework/operator-lifecycle-manager/releases/download/v0.21.2/install.sh | bash -s v0.21.2

Install the Aerospike Kubernetes Operatorโ€‹

kubectl create -f https://operatorhub.io/install/aerospike-kubernetes-operator.yaml

Verify the Operator is Runningโ€‹

Verify that the Operator's CSV is in the Succeeded phase.

$ kubectl get csv -n operators aerospike-kubernetes-operator.v2.1.0

This produces output similar to:

NAME                                   DISPLAY                         VERSION   REPLACES   PHASE
aerospike-kubernetes-operator.v2.1.0 Aerospike Kubernetes Operator 2.1.0 Succeeded

Check Operator Logsโ€‹

The Operator runs as two replicas by default, for higher availability. Run the following command to follow the logs for the Operator pods.

kubectl -n operators logs -f deployment/aerospike-operator-controller-manager manager

Sample output:

2022-06-16T19:09:58.058Z    INFO    controller-runtime.metrics  metrics server is starting to listen    {"addr": "127.0.0.1:8080"}
2022-06-16T19:09:58.062Z INFO setup Init aerospike-server config schemas

2022-06-16T19:09:58.071Z DEBUG schema-map Config schema added {"version": "4.7.0"}
2022-06-16T19:09:58.072Z INFO aerospikecluster-resource Registering mutating webhook to the webhook server
2022-06-16T19:09:58.073Z INFO controller-runtime.webhook registering webhook {"path": "/mutate-asdb-aerospike-com-v1beta1-aerospikecluster"}
2022-06-16T19:09:58.073Z INFO controller-runtime.builder skip registering a mutating webhook, admission.Defaulter interface is not implemented {"GVK": "asdb.aerospike.com/v1beta1, Kind=AerospikeCluster"}
2022-06-16T19:09:58.073Z INFO controller-runtime.builder Registering a validating webhook {"GVK": "asdb.aerospike.com/v1beta1, Kind=AerospikeCluster", "path": "/validate-asdb-aerospike-com-v1beta1-aerospikecluster"}
2022-06-16T19:09:58.073Z INFO controller-runtime.webhook registering webhook {"path": "/validate-asdb-aerospike-com-v1beta1-aerospikecluster"}
2022-06-16T19:09:58.074Z INFO setup Starting manager
I1015 19:09:58.074722 1 leaderelection.go:243] attempting to acquire leader lease aerospike/96242fdf.aerospike.com...

Grant permissions to the target namespacesโ€‹

The Operator is installed in the operators namespace and needs additional service accounts configured for the Kubernetes namespaces where the Aerospike clusters are created.

The procedure to use the namespace aerospike is as follows:

Create the namespaceโ€‹

Create the Kubernetes namespace if not already created:

kubectl create namespace aerospike

Create a service accountโ€‹

kubectl -n aerospike create serviceaccount aerospike-operator-controller-manager

Update the operator's ClusterRoleBindingโ€‹

Next, add this service account to the Operator's ClusterRoleBinding. To do this, run the following command:

kubectl edit clusterrolebindings.rbac.authorization.k8s.io $(kubectl get clusterrolebindings.rbac.authorization.k8s.io  | grep aerospike-kubernetes-operator | grep -v -- "-opera-" | grep -v -- "default-ns" | cut -f 1 -d " ")

This command launches an editor. Append the following lines to the subjects section:

  # A new entry for aerospike.
# Replace aerospike with your namespace
- kind: ServiceAccount
name: aerospike-operator-controller-manager
namespace: aerospike

Save and ensure that the changes are applied.

Here is a full example of the Operator's ClusterRoleBinding targeting the aerospike namespace.

apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
creationTimestamp: "2022-06-16T10:48:36Z"
labels:
olm.owner: aerospike-kubernetes-operator.v2.2.0
olm.owner.kind: ClusterServiceVersion
olm.owner.namespace: test
operators.coreos.com/aerospike-kubernetes-operator.test: ""
name: aerospike-kubernetes-operator.v2.2.0-74b946466d
resourceVersion: "51841234"
uid: be546dd5-b21e-4cc3-8a07-e2fe5fe5274c
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: aerospike-kubernetes-operator.v2.2.0-74b946466d
subjects:
- kind: ServiceAccount
name: aerospike-operator-controller-manager
namespace: operators

# New entry
- kind: ServiceAccount
name: aerospike-operator-controller-manager
namespace: aerospike