Home

Install Open Liberty Operator Development driver (for testing and demo purposes only)

Note: This driver is for internal testing and demo purposes only. For production use, refer to the instructions here

Update your OpenShift cluster with a global pull secret for the cp.stg.icr.io entitled registry:

Get an entitlement key to the IBM Entitled Container Fulfillment Registry. Log in to MyIBM Container Software Library with the IBMid and password that are associated with the entitled software. Click on 'View library' on the left and it should show that you have entitlement for 'all' IBM software. Follow the process under Obtaining a staging entitlement key if you are not able to access the library or you don't have entitlement to 'all' IBM software.
In the Entitlement keys section, select Copy key to copy the entitlement key to the clipboard.
Use the console to configure the global pull secret with entitled registry (cp.stg.icr.io) credentials.
In the console, click Workloads > Secrets and select the openshift-config namespace.
Find the existing pull-secret secret.
Select Edit Secret.
Click Add Credentials to add an entry for the entitled registry. Specify cp.stg.icr.io as the registry server address, cp as the username, and the entitlement key that you obtained in the previous step as the password.

To install the Operator using Operator Lifecycle Manager (OLM). Skip 2.1, 2.2 and 2.3 and follow step 3 if you want to use the kustomize-based install option:

2.1. Create ImageContentSourcePolicy for mirroring (this is needed because Operator artifacts are built with production registry reference, but until we GA the images would only be in the staging registry):

apiVersion: operator.openshift.io/v1alpha1
kind: ImageContentSourcePolicy
metadata:
   name: mirror-config
spec:
   repositoryDigestMirrors:
   - mirrors:
     - cp.stg.icr.io/cp
     source: cp.icr.io/cp
   - mirrors:
     - cp.stg.icr.io/cp
     source: icr.io/cpopen
   - mirrors:
     - cp.stg.icr.io/cp
     source: icr.io/appcafe

(To apply the resources, create a file and then copy and paste the contents above on your oc enabled system and run oc apply -f <fileName>)

2.2. Add the CatalogSource for Open Liberty Operator:

apiVersion: operators.coreos.com/v1alpha1
kind: CatalogSource
metadata:
  name: olo-catalog
  namespace: openshift-marketplace
spec:
  displayName: Open Liberty 1.4.0-rc.3
  image: 'icr.io/appcafe/open-liberty-operator-catalog@sha256:862b5d13d923077fd6dfb99a0cc642468c6aa9c1081e4ee4c6ab9f9af37d0082'
  sourceType: grpc

2.3. Install or Upgrade the Open Liberty Operator via OperatorHub:

2.3.1. To Install the Open Liberty Operator:

From the OpenShift UI, click on Operators and then OperatorHub
In the search box type open liberty. Sometimes it takes a few minutes for the CatalogSource to be loaded by OCP. The operator won't show up until the CatalogSource is loaded.
Select the Open Liberty operator and click Install
Complete the install with the default options

2.3.2. To Upgrade the Open Liberty Operator:

Uninstall the OLO Operator
Go to Administration > CustomResourceDefinitions
Find CatalogSource
Click on Instances and find olo-catalog
Either update image SHA value from wiki or just delete olo-catalog instance and recreate from the wiki page with the latest sha value
Complete the install with the default options

Alternative install options:

To install the Operator using kubectl, use the artifacts in https://github.com/OpenLiberty/open-liberty-operator/tree/deploy-1.4.0-rc/internal/deploy/kubectl
To install the Operator using kustomize, use the artifacts in https://github.com/OpenLiberty/open-liberty-operator/tree/deploy-1.4.0-rc/internal/deploy/kustomize/daily

Create custom resources (CRs) to deploy applications and to gather trace/dump:

Sample CRs are available from the OpenShift UI as well as in this folder
Follow the documentation at https://github.com/OpenLiberty/open-liberty-operator/blob/main/doc/user-guide-v1.adoc

New features in 1.4.0

Password Encryption support

To enable the password encryption support:

Create a Secret named wlp-password-encryption-key in the same namespace as the OpenLibertyApplication CR instance. Within the secret, the encryption key must be specified using passwordEncryptionKey. Note that the encryption key will be shared by all CR instances, that enable password encryption, in the namespace.

apiVersion: v1
kind: Secret
metadata:
  name: wlp-password-encryption-key
type: Opaque
stringData:
  passwordEncryptionKey: randomkey

Set .spec.managePasswordEncryption to true in the CR.

spec:
  managePasswordEncryption: true

The Operator will handle mounting the encryption key into the app and enable the necessary Liberty server configuration to use it.

LTPA support from 1.3 should continue to work as before. When .spec.manageLTPA is enabled with .spec.managePasswordEncryption, then the password of the LTPA key will also be encrypted with the specified key by the Operator.

Configure DNS

DNS can be configured in OpenLibertyApplication CR using the new fields:

.spec.dns.config: The DNS Config for the application pod.
.spec.dns.policy: The DNS Policy for the application pod. Defaults to ClusterFirst.

Example:

spec:
  dns:
    config:
      nameservers:
        - 8.8.8.8
        - 1.1.1.1
    policy: None

Refer to the Kubernetes documentation for general information on DNS Config and DNS Policy.

Tolerations

Tolerations can be configured in OpenLibertyApplication CR using the new field:

.spec.dns.tolerations: Tolerations to be added to application pods. Tolerations allow the scheduler to schedule pods on nodes with matching taints.

Example:

spec:
  tolerations:
  - key: "key1"
    operator: "Equal"
    value: "value1"

Refer to the Kubernetes documentation for general information on Taints and Tolerations.

Provide feedback

Saved searches