Version: Operator 3.4.0

Install the Aerospike Kubernetes Operator on Red Hat OpenShift

Aerospike Kubernetes Operator is a RedHat Marketplace certified operator. It is available through the RedHat certified operators catalog.

You can install the Operator on your OpenShift cluster using any one of the following methods:

Web Console
Command Line

OpenShift web console

This is the procedure to install AKO on Red Hat OpenShift using the web console.

1. Find AKO in the catalog

Launch OpenShift web console. Using the Administrator view, navigate to Operators > OperatorHub. Search for Aerospike. Select the Marketplace version of the Aerospike Kubernetes Operator as shown:

2. Install AKO

A dialog appears describing the Operator as shown below. Click Install to install the Operator.

3. Configure AKO

Configure the Operator installation as shown:

note

Select openshift-operators as the namespace.

tip

Select Automatic for Upgrade Approval to automatically upgrade the Operator whenever upgrades are available.

4. Verify the installation

On successful installation, a message like the following appears:

Select View Operator to verify the Operator details. The details you see should be similar to the following example:

5. Configure the CLI

From a terminal, log in to the OpenShift cluster and ensure that the oc and kubectl commands connect to the correct OpenShift cluster.

6. Check AKO logs

AKO runs as two replicas by default, for higher availability. Run the following command to follow the logs for the AKO pods.

kubectl -n openshift-operators logs -f deployment/aerospike-operator-controller-manager manager

Output:

2023-08-01T09:07:03Z    INFO    setup   Init aerospike-server config schemas
2023-08-01T09:07:03Z    DEBUG   schema-map  Config schema added {"version": "4.3.0"}
2023-08-01T09:07:03Z    DEBUG   schema-map  Config schema added {"version": "4.5.2"}
2023-08-01T09:07:03Z    DEBUG   schema-map  Config schema added {"version": "5.6.0"}
2023-08-01T09:07:03Z    DEBUG   schema-map  Config schema added {"version": "4.5.0"}
2023-08-01T09:07:03Z    DEBUG   schema-map  Config schema added {"version": "5.2.0"}
2023-08-01T09:07:03Z    DEBUG   schema-map  Config schema added {"version": "5.4.0"}
2023-08-01T09:07:03Z    DEBUG   schema-map  Config schema added {"version": "4.0.0"}
2023-08-01T09:07:03Z    DEBUG   schema-map  Config schema added {"version": "4.7.0"}
2023-08-01T09:07:03Z    DEBUG   schema-map  Config schema added {"version": "6.0.0"}
2023-08-01T09:07:03Z    DEBUG   schema-map  Config schema added {"version": "5.7.0"}
2023-08-01T09:07:03Z    DEBUG   schema-map  Config schema added {"version": "4.1.0"}
2023-08-01T09:07:03Z    DEBUG   schema-map  Config schema added {"version": "5.1.0"}
2023-08-01T09:07:03Z    DEBUG   schema-map  Config schema added {"version": "4.5.1"}
2023-08-01T09:07:03Z    DEBUG   schema-map  Config schema added {"version": "4.6.0"}
2023-08-01T09:07:03Z    DEBUG   schema-map  Config schema added {"version": "5.0.0"}
2023-08-01T09:07:03Z    DEBUG   schema-map  Config schema added {"version": "6.1.0"}
2023-08-01T09:07:03Z    DEBUG   schema-map  Config schema added {"version": "6.2.0"}
2023-08-01T09:07:03Z    DEBUG   schema-map  Config schema added {"version": "6.4.0"}
2023-08-01T09:07:03Z    DEBUG   schema-map  Config schema added {"version": "6.3.0"}
2023-08-01T09:07:03Z    DEBUG   schema-map  Config schema added {"version": "4.2.0"}
2023-08-01T09:07:03Z    DEBUG   schema-map  Config schema added {"version": "4.5.3"}
2023-08-01T09:07:03Z    DEBUG   schema-map  Config schema added {"version": "5.5.0"}
2023-08-01T09:07:03Z    DEBUG   schema-map  Config schema added {"version": "5.3.0"}
2023-08-01T09:07:03Z    DEBUG   schema-map  Config schema added {"version": "4.3.1"}
2023-08-01T09:07:03Z    DEBUG   schema-map  Config schema added {"version": "4.4.0"}
2023-08-01T09:07:03Z    DEBUG   schema-map  Config schema added {"version": "4.8.0"}
2023-08-01T09:07:03Z    DEBUG   schema-map  Config schema added {"version": "4.9.0"}
2023-08-01T09:07:03Z    DEBUG   schema-map  Config schema added {"version": "7.0.0"}
2023-08-01T09:07:03Z    DEBUG   schema-map  Config schema added {"version": "7.1.0"}
2023-08-01T09:07:03Z    DEBUG   schema-map  Config schema added {"version": "7.2.0"}
2023-08-01T09:07:03Z    INFO    aerospikecluster-resource   Registering mutating webhook to the webhook server
2023-08-01T09:07:03Z    INFO    controller-runtime.webhook  Registering webhook {"path": "/mutate-asdb-aerospike-com-v1-aerospikecluster"}
2023-08-01T09:07:03Z    INFO    controller-runtime.builder  skip registering a mutating webhook, object does not implement admission.Defaulter or WithDefaulter wasn't called   {"GVK": "asdb.aerospike.com/v1, Kind=AerospikeCluster"}
2023-08-01T09:07:03Z    INFO    controller-runtime.builder  Registering a validating webhook    {"GVK": "asdb.aerospike.com/v1, Kind=AerospikeCluster", "path": "/validate-asdb-aerospike-com-v1-aerospikecluster"}
2023-08-01T09:07:03Z    INFO    controller-runtime.webhook  Registering webhook {"path": "/validate-asdb-aerospike-com-v1-aerospikecluster"}
2023-08-01T09:07:03Z    INFO    setup   Starting manager
2023-08-01T09:07:03Z    INFO    controller-runtime.webhook.webhooks Starting webhook server
2023-08-01T09:07:03Z    INFO    Starting server {"path": "/metrics", "kind": "metrics", "addr": "127.0.0.1:8080"}
2023-08-01T09:07:03Z    INFO    controller-runtime.certwatcher  Updated current TLS certificate
2023-08-01T09:07:03Z    INFO    Starting server {"kind": "health probe", "addr": "[::]:8081"}
I0801 09:07:03.213295       1 leaderelection.go:248] attempting to acquire leader lease operators/96242fdf.aerospike.com...
2023-08-01T09:07:03Z    INFO    controller-runtime.webhook  Serving webhook server  {"host": "", "port": 9443}
2023-08-01T09:07:03Z    INFO    controller-runtime.certwatcher  Starting certificate watcher

7. Grant permissions to the target namespaces

AKO is installed in the openshift-operators namespace. Grant additional permission (by configuring ServiceAccounts and RoleBindings/ClusterRoleBindings) for the target Kubernetes namespace where the Aerospike clusters are created.

There are two ways to grant permission for the target namespaces:

Using kubectl
Using akoctl plugin

Using kubectl

The procedure to use the namespace aerospike is as follows:

Create the namespace

Create the Kubernetes namespace if not already created:

kubectl create namespace aerospike

Create a service account

kubectl -n aerospike create serviceaccount aerospike-operator-controller-manager

Create RoleBinding/ClusterRoleBinding for Aerospike cluster

Next, create a RoleBinding or ClusterRoleBinding as per requirement to attach this service account to ClusterRole aerospike-cluster. This ClusterRole is created as part of AKO installation and grants Aerospike cluster permission to service account.

For using Kubernetes native Pod only network to connect to Aerospike cluster create RoleBinding:

kubectl -n aerospike create rolebinding aerospike-cluster --clusterrole=aerospike-cluster --serviceaccount=aerospike:aerospike-operator-controller-manager

For connecting to Aerospike cluster from outside Kubernetes create ClusterRoleBinding:

kubectl create clusterrolebinding aerospike-cluster --clusterrole=aerospike-cluster --serviceaccount=aerospike:aerospike-operator-controller-manager

tip

For attaching multiple service accounts of different namespaces in one go, add multiple --serviceaccount params in above command

Example: To attach service accounts of aerospike and aerospike1 namespace

kubectl create clusterrolebinding aerospike-cluster --clusterrole=aerospike-cluster --serviceaccount=aerospike:aerospike-operator-controller-manager --serviceaccount=aerospike1:aerospike-operator-controller-manager

If the required ClusterRoleBinding already exists in cluster, edit it to attach new service account:

kubectl edit clusterrolebinding aerospike-cluster

This command launches an editor. Append the following lines to the subjects section:

  # A new entry for aerospike.
  # Replace aerospike with your namespace
- kind: ServiceAccount
  name: aerospike-operator-controller-manager
  namespace: aerospike

Save and ensure that the changes are applied.

Using akoctl plugin

For instructions on installing the akoctl plugin, see akoctl installation.

The procedure to use the namespace aerospike is as follows:

For using Kubernetes native Pod only network to connect to Aerospike cluster grant namespace scope permission:

kubectl akoctl auth create -n aerospike --cluster-scope=false

For connecting to Aerospike cluster from outside Kubernetes grant cluster scope permission:

kubectl akoctl auth create -n aerospike

tip

For granting permission of multiple namespaces in one go, specify comma separated namespace list in -n param

Example: To grant permission for aerospike and aerospike1 namespace

kubectl akoctl auth create -n aerospike,aerospike1

OpenShift command line

This is the procedure to install AKO on Red Hat OpenShift using the command line tools.

1. Configure the CLI

From a terminal, log in to the OpenShift cluster and ensure that the oc and kubectl commands connect to the correct OpenShift cluster.

tip

The following instructions also work with the OpenShift command line tool oc

2. Ensure the AKO package is visible

Run the following command.

kubectl get packagemanifests aerospike-kubernetes-operator-rhmp -n openshift-marketplace

You will see output similar to:

Output:

NAME                                 CATALOG               AGE
aerospike-kubernetes-operator-rhmp   Red Hat Marketplace   22d

3. Create the AKO subscription

Create a file aerospike-kubernetes-operator.yaml with the following contents:

apiVersion: operators.coreos.com/v1alpha1
kind: Subscription
metadata:
  name: aerospike-kubernetes-operator-rhmp
  namespace: openshift-operators
spec:
  channel: stable
  installPlanApproval: Automatic
  name: aerospike-kubernetes-operator-rhmp
  source: redhat-marketplace
  sourceNamespace: openshift-marketplace
  startingCSV: aerospike-kubernetes-operator-rhmp.v3.4.0

tip

Set spec.installPlanApproval to Automatic in the aerospike-kubernetes-operator.yaml file to automatically upgrade the operator whenever upgrades are available.

Create this subscription using the following command:

kubectl apply -f aerospike-kubernetes-operator.yaml

4. Verify AKO is running

Verify that AKO's CSV is in the Succeeded phase.

$ kubectl get csv -n openshift-operators aerospike-kubernetes-operator-rhmp.v3.4.0

Check that the output is similar to the following:

NAME                                   DISPLAY                         VERSION   REPLACES   PHASE
aerospike-kubernetes-operator-rhmp.v3.4.0   Aerospike Kubernetes Operator   3.4.0                Succeeded

5. Check AKO logs

AKO runs as two replicas by default, for higher availability. Run the following command to follow the logs for the AKO pods.

kubectl -n openshift-operators logs -f deployment/aerospike-operator-controller-manager manager

Output:

2023-08-01T09:07:03Z    INFO    setup   Init aerospike-server config schemas
2023-08-01T09:07:03Z    DEBUG   schema-map  Config schema added {"version": "4.3.0"}
2023-08-01T09:07:03Z    DEBUG   schema-map  Config schema added {"version": "4.5.2"}
2023-08-01T09:07:03Z    DEBUG   schema-map  Config schema added {"version": "5.6.0"}
2023-08-01T09:07:03Z    DEBUG   schema-map  Config schema added {"version": "4.5.0"}
2023-08-01T09:07:03Z    DEBUG   schema-map  Config schema added {"version": "5.2.0"}
2023-08-01T09:07:03Z    DEBUG   schema-map  Config schema added {"version": "5.4.0"}
2023-08-01T09:07:03Z    DEBUG   schema-map  Config schema added {"version": "4.0.0"}
2023-08-01T09:07:03Z    DEBUG   schema-map  Config schema added {"version": "4.7.0"}
2023-08-01T09:07:03Z    DEBUG   schema-map  Config schema added {"version": "6.0.0"}
2023-08-01T09:07:03Z    DEBUG   schema-map  Config schema added {"version": "5.7.0"}
2023-08-01T09:07:03Z    DEBUG   schema-map  Config schema added {"version": "4.1.0"}
2023-08-01T09:07:03Z    DEBUG   schema-map  Config schema added {"version": "5.1.0"}
2023-08-01T09:07:03Z    DEBUG   schema-map  Config schema added {"version": "4.5.1"}
2023-08-01T09:07:03Z    DEBUG   schema-map  Config schema added {"version": "4.6.0"}
2023-08-01T09:07:03Z    DEBUG   schema-map  Config schema added {"version": "5.0.0"}
2023-08-01T09:07:03Z    DEBUG   schema-map  Config schema added {"version": "6.1.0"}
2023-08-01T09:07:03Z    DEBUG   schema-map  Config schema added {"version": "6.2.0"}
2023-08-01T09:07:03Z    DEBUG   schema-map  Config schema added {"version": "6.4.0"}
2023-08-01T09:07:03Z    DEBUG   schema-map  Config schema added {"version": "6.3.0"}
2023-08-01T09:07:03Z    DEBUG   schema-map  Config schema added {"version": "4.2.0"}
2023-08-01T09:07:03Z    DEBUG   schema-map  Config schema added {"version": "4.5.3"}
2023-08-01T09:07:03Z    DEBUG   schema-map  Config schema added {"version": "5.5.0"}
2023-08-01T09:07:03Z    DEBUG   schema-map  Config schema added {"version": "5.3.0"}
2023-08-01T09:07:03Z    DEBUG   schema-map  Config schema added {"version": "4.3.1"}
2023-08-01T09:07:03Z    DEBUG   schema-map  Config schema added {"version": "4.4.0"}
2023-08-01T09:07:03Z    DEBUG   schema-map  Config schema added {"version": "4.8.0"}
2023-08-01T09:07:03Z    DEBUG   schema-map  Config schema added {"version": "4.9.0"}
2023-08-01T09:07:03Z    DEBUG   schema-map  Config schema added {"version": "7.0.0"}
2023-08-01T09:07:03Z    DEBUG   schema-map  Config schema added {"version": "7.1.0"}
2023-08-01T09:07:03Z    DEBUG   schema-map  Config schema added {"version": "7.2.0"}
2023-08-01T09:07:03Z    INFO    aerospikecluster-resource   Registering mutating webhook to the webhook server
2023-08-01T09:07:03Z    INFO    controller-runtime.webhook  Registering webhook {"path": "/mutate-asdb-aerospike-com-v1-aerospikecluster"}
2023-08-01T09:07:03Z    INFO    controller-runtime.builder  skip registering a mutating webhook, object does not implement admission.Defaulter or WithDefaulter wasn't called   {"GVK": "asdb.aerospike.com/v1, Kind=AerospikeCluster"}
2023-08-01T09:07:03Z    INFO    controller-runtime.builder  Registering a validating webhook    {"GVK": "asdb.aerospike.com/v1, Kind=AerospikeCluster", "path": "/validate-asdb-aerospike-com-v1-aerospikecluster"}
2023-08-01T09:07:03Z    INFO    controller-runtime.webhook  Registering webhook {"path": "/validate-asdb-aerospike-com-v1-aerospikecluster"}
2023-08-01T09:07:03Z    INFO    setup   Starting manager
2023-08-01T09:07:03Z    INFO    controller-runtime.webhook.webhooks Starting webhook server
2023-08-01T09:07:03Z    INFO    Starting server {"path": "/metrics", "kind": "metrics", "addr": "127.0.0.1:8080"}
2023-08-01T09:07:03Z    INFO    controller-runtime.certwatcher  Updated current TLS certificate
2023-08-01T09:07:03Z    INFO    Starting server {"kind": "health probe", "addr": "[::]:8081"}
I0801 09:07:03.213295       1 leaderelection.go:248] attempting to acquire leader lease operators/96242fdf.aerospike.com...
2023-08-01T09:07:03Z    INFO    controller-runtime.webhook  Serving webhook server  {"host": "", "port": 9443}
2023-08-01T09:07:03Z    INFO    controller-runtime.certwatcher  Starting certificate watcher

6. Grant permissions to the target namespaces

The Operator is installed in the openshift-operators namespace. Grant additional permissions (by configuring ServiceAccounts and RoleBindings/ClusterRoleBindings) for the target Kubernetes namespace where the Aerospike clusters are created.

There are two ways to grant permission for the target namespaces:

Using kubectl
Using akoctl plugin

Using kubectl

The procedure to use the namespace aerospike is as follows:

Create the namespace

Create the Kubernetes namespace if not already created:

kubectl create namespace aerospike

Create a service account

kubectl -n aerospike create serviceaccount aerospike-operator-controller-manager

Create RoleBinding/ClusterRoleBinding for Aerospike cluster

For using Kubernetes native Pod only network to connect to Aerospike cluster create RoleBinding:

kubectl -n aerospike create rolebinding aerospike-cluster --clusterrole=aerospike-cluster --serviceaccount=aerospike:aerospike-operator-controller-manager

For connecting to Aerospike cluster from outside Kubernetes create ClusterRoleBinding:

kubectl create clusterrolebinding aerospike-cluster --clusterrole=aerospike-cluster --serviceaccount=aerospike:aerospike-operator-controller-manager

tip

For attaching multiple service accounts of different namespaces in one go, add multiple --serviceaccount params in above command

Example: To attach service accounts of aerospike and aerospike1 namespace

kubectl create clusterrolebinding aerospike-cluster --clusterrole=aerospike-cluster --serviceaccount=aerospike:aerospike-operator-controller-manager --serviceaccount=aerospike1:aerospike-operator-controller-manager

If the required ClusterRoleBinding already exists in cluster, edit it to attach new service account:

kubectl edit clusterrolebinding aerospike-cluster

This command launches an editor. Append the following lines to the subjects section:

  # A new entry for aerospike.
  # Replace aerospike with your namespace
- kind: ServiceAccount
  name: aerospike-operator-controller-manager
  namespace: aerospike

Save and ensure that the changes are applied.

Using akoctl plugin

For instructions on installing the akoctl plugin, see akoctl installation.

The procedure to use the namespace aerospike is as follows:

For using Kubernetes native Pod only network to connect to Aerospike cluster grant namespace scope permission:

kubectl akoctl auth create -n aerospike --cluster-scope=false

For connecting to Aerospike cluster from outside Kubernetes grant cluster scope permission:

kubectl akoctl auth create -n aerospike

tip

For granting permission of multiple namespaces in one go, specify comma separated namespace list in -n param

Example: To grant permission for aerospike and aerospike1 namespace

kubectl akoctl auth create -n aerospike,aerospike1

OpenShift web console​

1. Find AKO in the catalog​

2. Install AKO​

3. Configure AKO​

4. Verify the installation​

5. Configure the CLI​

6. Check AKO logs​

7. Grant permissions to the target namespaces​

Using kubectl​

Create the namespace​

Create a service account​

Create RoleBinding/ClusterRoleBinding for Aerospike cluster​

Using akoctl plugin​

OpenShift command line​

1. Configure the CLI​

2. Ensure the AKO package is visible​

3. Create the AKO subscription​

4. Verify AKO is running​

5. Check AKO logs​

6. Grant permissions to the target namespaces​

Using kubectl​

Create the namespace​

Create a service account​

Create RoleBinding/ClusterRoleBinding for Aerospike cluster​

Using akoctl plugin​

OpenShift web console

1. Find AKO in the catalog

2. Install AKO

3. Configure AKO

4. Verify the installation

5. Configure the CLI

6. Check AKO logs

7. Grant permissions to the target namespaces

Using kubectl

Create the namespace

Create a service account

Create RoleBinding/ClusterRoleBinding for Aerospike cluster

Using akoctl plugin

OpenShift command line

1. Configure the CLI

2. Ensure the AKO package is visible

3. Create the AKO subscription

4. Verify AKO is running

5. Check AKO logs

6. Grant permissions to the target namespaces

Using kubectl

Create the namespace

Create a service account

Create RoleBinding/ClusterRoleBinding for Aerospike cluster

Using akoctl plugin