Chapter 6. Open Liberty Operator
Operators are extensions to Kubernetes that are customized to automate tasks beyond the initial automation that Kubernetes or OpenShift provides. The Open Liberty Operator helps you deploy and manage applications on Kubernetes-based clusters.
6.1. What is the Open Liberty Operator?
When you deploy an application with the Open Liberty Operator, the operator watches Open Liberty resources and compares the current state of resources to the state of resources that you configured. When a discrepancy exists between the current state of resources and the state that you configured, the operator creates, updates, or deletes Kubernetes resources to return to the state that you configured. These Kubernetes resources might include deployments, services, or routes. Without the operator, you must manually create deployments, services, routes, and other Kubernetes resources, which can involve a time-consuming learning curve. With the operator, you can specify details for your application, including your application image, service port, and whether to expose the application outside the cluster. Then, the operator creates and manages all Kubernetes resources. Now, you manage only a single
OpenLibertyApplication resource instead of many resources. In addition, the operator continuously monitors the events that are related to the application in the cluster and takes necessary actions to synchronize data and resources. Because the operator helps you manage Kubernetes resources, you can focus on your application while the operator handles many of the cloud deployment details.
The Open Liberty Operator is based on the Runtime Component Operator, which is a generic operator that can be imported into runtime-specific operators to provide standardized enterprise capabilities. As such, common functionality exists between these two operators, such as the use of image streams and the ability to run multiple instances of your application for high availability. When you use the Open Liberty Operator, the operator container and controller are deployed to a Kubernetes pod, and the operator listens for incoming resources with the
kind: OpenLibertyApplication statement. When you create an
OpenLibertyApplication custom resource (CR), the operator manages the Kubernetes resources that the application needs to run on your cluster.
6.2. Operator capabilities
The Open Liberty Operator has a capability level of five, which means that it has the highest level of enterprise capabilities, including the following capabilities:
High availability that’s provided by horizontal auto-scaling
You can configure horizontal auto-scaling to create and delete instances of your application based on resource consumption. This ability to run multiple instances of your application and auto-scale them means that your application is made highly available.
Enhanced deployment management
With the Open Liberty Operator, you can more easily manage applications that are deployed to Kubernetes. For example, in the operator deployment file, you can specify an image stream in the
applicationImagefield. Then, after you upload a new container tag for a new version of an application, the operator updates the application on a rolling basis.
Automated service binding
The operator automates updates of binding information among applications, meaning that it connects applications and maintains information about whether a particular application produces or consumes a service. With this information, the operator automatically handles Kubernetes-level details, including creating and injecting Kubernetes Secrets, so that your applications can connect to required services without interruption.
Single sign-on (SSO) delegation
With Open Liberty, you can delegate SSO authentication to external providers. The Open Liberty Operator enables easier configuration and management of SSO information for your applications.
OpenShift Serverless (Knative) integration
You can integrate the operator with Knative. When the operator is integrated with Knative, you deploy your serverless runtime component by using a single toggle. The operator converts all of its generated resources into Knative resources, which allows your pod to automatically scale to zero when it’s idle.
Kubernetes Application Navigator (kAppNav) integration
The operator can automatically configure integration with kAppNav. With this integration, you can monitor resources of your application and receive alerts when the health status of a component changes. From an integrated pane, you can also access operations-focused capabilities, such as enabling trace for a component and viewing Kibana or Grafana dashboards.
OpenShift certificate management integration
The operator takes advantage of the cert-manager tool, if it’s installed on the Kubernetes cluster. The cert-manager tool allows the operator to automatically provision Transport Layer Security (TLS) certificates for pods and routes. Certificates are mounted into containers from a Kubernetes Secret so that the certificates are automatically refreshed when they’re updated.
6.3. Serviceability and observability with the Open Liberty Operator
You can enable persistence for your application by specifying only the size of storage and where you want the storage to be mounted. Then, the operator creates and manages the storage claim for you. An advanced mode is available that allows the configuration of extra details of the persistent volume claim. You can also configure and use a single storage for serviceability-related operations, such as gathering server memory dumps and server traces. For more information about gathering server memory dumps and server traces, see Day-2 operations.
After you configure the operator, you can integrate Open Liberty with logging and monitoring tools for observability in the Kubernetes cluster. You can select different types of Open Liberty data that you want to monitor. To visualize and track logging events, deploy one of the provided Open Liberty Kibana dashboards. You can monitor Open Liberty metrics by using MicroProfile Metrics, Prometheus, and Grafana to gather, scrape, and visualize metric data. You can also enable MicroProfile Health to perform liveness checks and readiness checks so that Kubernetes can check the health of your containers.
6.4. Operator installation and configuration
You can install the Open Liberty Operator from OperatorHub for use on Kubernetes or OpenShift. The operator is also available as a Red Hat-certified operator from OpenShift Container Platform (OCP). The Open Liberty Operator documentation provides details about configuring the operator, including basic configuration, Custom Resource Definition (CRD) parameters, Open Liberty console logging environment variables, and persistent storage specifications.