Installing Kubernetes Operators

Overview

Welcome to Nova Control Plane's guide on managing Kubernetes Operators! Nova provides a simplified way to manage Kubernetes Operators across different clusters. This guide will walk you through the steps to install and manage Kubernetes Operators using Nova. We'll use the Prometheus Operator as an example, but the principles can be applied to other operators as well. This guide is based on the official Prometheus Operator documentation.

Note: The examples provided are for illustrative purposes. In a real-world setup, make sure to customize the SchedulePolicy, deployment, CRDs, and values according to your specific needs.

Prerequisites

Before proceeding, you'll need to set labels on the resources you're applying. We've created a Python helper script for this purpose. Save it as add_labels.py and make it executable with chmod +x add_labels.py.

Click here to view the script

#!/usr/bin/env python3
"""
add_labels.py

This script adds labels to Kubernetes resource YAML files. It supports three modes:
- "cluster": Adds labels only to cluster-scoped resources.
- "namespace": Adds labels only to namespace-scoped resources.
- "all": Adds labels to all resources.

Usage:
    add_labels.py mode label_key label_value < input.yaml > output.yaml

Dependencies:
    - PyYAML: A YAML parser for Python.

Author: Elotl Inc.
Date: 28.08.2023
"""

import sys
import yaml
import subprocess
import re
import argparse
from typing import List, Set, Union, Dict

CMD_FETCH_CLUSTER_RESOURCES = "kubectl api-resources --namespaced=false | awk '{print $NF}' | tail -n +2"

def preprocess_yaml(yaml_str: str) -> str:
    """Escape special characters in a YAML string."""
    lines = yaml_str.split("\n")
    for i, line in enumerate(lines):
        if re.match(r"^\s*-\s*=\s*$", line):
            lines[i] = line.replace("=", "\"=\"")
        elif re.match(r"^\s*-\s*=~\s*$", line):
            lines[i] = line.replace("=~", "\"=~\"")
    return "\n".join(lines)

def get_cluster_resources() -> Set[str]:
    """Fetch the list of cluster-scoped resources from the Kubernetes cluster."""
    try:
        cluster_resources = subprocess.check_output(CMD_FETCH_CLUSTER_RESOURCES, shell=True, text=True)
        return set(cluster_resources.strip().split("\n"))
    except subprocess.CalledProcessError:
        sys.stderr.write("Error fetching cluster-scoped resources. Make sure kubectl is installed and configured.\n")
        sys.exit(1)

def should_add_label(doc_kind: str, mode: str, cluster_resources: Set[str]) -> bool:
    """Determine if a label should be added based on the mode and kind of the resource."""
    return (
        mode == "all" or
        (mode == "cluster" and doc_kind in cluster_resources) or
        (mode == "namespace" and doc_kind not in cluster_resources)
    )

def add_labels(documents: List[Union[None, Dict]], mode: str, label_key: str, label_value: str) -> List[Union[None, Dict]]:
    """Add labels to Kubernetes YAML documents."""
    cluster_resources = get_cluster_resources() if mode != "all" else set()

    for doc in documents:
        if doc is None or 'kind' not in doc:
            continue
        doc.setdefault('metadata', {}).setdefault('labels', {})

        if should_add_label(doc['kind'], mode, cluster_resources):
            doc['metadata']['labels'][label_key] = label_value

    return documents

def main() -> None:
    """Main function."""
    parser = argparse.ArgumentParser(description='Add labels to Kubernetes YAML files.')
    parser.add_argument('mode', choices=['cluster', 'namespace', 'all'], help='Mode to apply labels. Can be "cluster", "namespace", or "all".')
    parser.add_argument('label_key', help='The key of the label to add.')
    parser.add_argument('label_value', help='The value of the label to add.')

    args = parser.parse_args()

    try:
        yaml_str = preprocess_yaml(sys.stdin.read())
        documents = list(yaml.safe_load_all(yaml_str))
        documents = add_labels(documents, args.mode, args.label_key, args.label_value)

        for doc in documents:
            if doc is not None:
                yaml.safe_dump(doc, sys.stdout, default_flow_style=False)
                print('---')
    except yaml.YAMLError as e:
        sys.stderr.write(f"YAML Error: {e}\n")
        sys.exit(1)
    except Exception as e:
        sys.stderr.write(f"Unexpected Error: {e}\n")
        sys.exit(1)

if __name__ == "__main__":
    main()

Steps to Install Operators

1. Define Your SchedulePolicy

Start by defining a SchedulePolicy tailored to your specific clusters and namespaces. This sets the stage for deploying your Operator.

apiVersion: policy.elotl.co/v1alpha1
kind: SchedulePolicy
metadata:
  name: prometheus-operator-policy
spec:
  namespaceSelector:
    matchLabels:
      kubernetes.io/metadata.name: default
  clusterSelector:
    matchLabels:
      kubernetes.io/metadata.name: wlc-1
  resourceSelectors:
    labelSelectors:
    - matchLabels:
        nova.elotl.co/policy: prometheus-operator-policy

Apply the policy:

kubectl create -f example-operator-policy.yaml

2. Install Prometheus Operator and Resources

Use the following one-liner to download, label, and apply all the necessary Prometheus Operator resources. This command uses a helper script, add_labels.sh, to add the appropriate labels for Nova management:

LATEST=$(curl -s https://api.github.com/repos/prometheus-operator/prometheus-operator/releases/latest | jq -cr .tag_name)
curl -sL https://github.com/prometheus-operator/prometheus-operator/releases/download/${LATEST}/bundle.yaml | \
  ./add_labels.py all nova.elotl.co/policy prometheus-operator-policy | \
  kubectl create -f -

3. Verify the Operator is Running

After applying the one-liner, you can verify that the Prometheus Operator is running successfully:

kubectl get deploy

Wait for the Prometheus Operator's to show running pods.

Congratulations! You've successfully installed the Prometheus Operator and its resources in your wlc-1 cluster using Nova, and all of this was done with a convenient one-liner.

4. Deploying Prometheus

Now we need to setup RBAC for our Prometheus and deploy Prometheus itself. First, save this as prom-rbac.yaml

apiVersion: v1
kind: ServiceAccount
metadata:
  labels:
    nova.elotl.co/policy: prometheus-operator-policy
  name: prometheus
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
  labels:
    nova.elotl.co/policy: prometheus-operator-policy
  name: prometheus
rules:
- apiGroups: [""]
  resources:
  - nodes
  - nodes/metrics
  - services
  - endpoints
  - pods
  verbs: ["get", "list", "watch"]
- apiGroups: [""]
  resources:
  - configmaps
  verbs: ["get"]
- apiGroups:
  - networking.k8s.io
  resources:
  - ingresses
  verbs: ["get", "list", "watch"]
- nonResourceURLs: ["/metrics"]
  verbs: ["get"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  labels:
    nova.elotl.co/policy: prometheus-operator-policy
  name: prometheus
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: prometheus
subjects:
- kind: ServiceAccount
  name: prometheus
  namespace: default

And run:

kubectl create -f prom-rbac.yaml

This will setup RBAC needed by Prometheus deployment.

With that out of the way, we can finally deploy Prometheus itself!

Save this as prometheus.yaml:

apiVersion: monitoring.coreos.com/v1
kind: Prometheus
metadata:
  labels:
    nova.elotl.co/policy: prometheus-operator-policy
  name: prometheus
spec:
  serviceAccountName: prometheus
  serviceMonitorSelector:
    matchLabels:
      team: frontend
  resources:
    requests:
      memory: 400Mi
  enableAdminAPI: false

Run:

kubectl create -f prometheus.yaml

And thats it! You now have a running Prometheus stack inside your wlc-1 cluster!

Learn more about our SchedulePolicies and how you can deploy operators across multiple clusters in our Tutorials section.

Reminder: Customize According to Your Needs

As mentioned before, the examples provided here are solely for illustrative purposes. For your specific needs, make sure to adapt the SchedulePolicy, Operator deployment, CRDs, and custom resources.