Date
1 - 19 of 19
Operator Framework questions
Gareth Rushgrove
Thanks for the presentation, I had a few questions and thought I'd
kick things off here.
1. Compatibility
Terminology wise, checking this is still the canonical definition from
a concept point of view?
https://kubernetes.io/docs/concepts/extend-kubernetes/operator/
I know there are several tools which help build operators
(kubebuilder, KUDO, kopf etc.), I wanted to ask about compatibility.
From a developers point of view these are all different obviously, but
what about from an end users perspective?
2. Relationship to Operator Hub
Chris also mentioned the intent to move the Operator Hub to CNCF in
https://github.com/cncf/toc/pull/303. Do you see that being under the
Operator Framework project, or under a standalone project? I think
that's interesting given the generic nature of Operators (as I
understand them above) and the Operator Framework as a specific tool.
For instance, can a kopf operator be added to Operator Hub today?
3. Relationship to Helm
As Helm is a fairly well established CNCF project, I'd be interested
in the relationship between the Operator Framework and Helm. How
involved are the Helm maintainers in the integration with the Operator
Framework?
Regarding the Operator Hub point as well. One thing I feel we should
strive to avoid plays out in my mind like:
User: Where do I find applications I can install on my Kubernetes cluster?
Helpful internet person (HIP): Why type of applications are you using?
User: ?
HIP: Helm or Operators?
User: ?
HIP: Never-mind, do to Helm Hub and Operator Hub
User: Thanks! I presume these come from two different organisations?
HIP: Oh, no, both are CNCF projects
I know their are benefits to different tools and approaches under the
CNCF banner, but when it comes to generic descriptions (Applications!)
and end user distribution it's probably worth a conversation between
multiple projects.
Thanks
Gareth
--
Gareth Rushgrove
@garethr
devopsweekly.com
garethr.dev
kick things off here.
1. Compatibility
Terminology wise, checking this is still the canonical definition from
a concept point of view?
https://kubernetes.io/docs/concepts/extend-kubernetes/operator/
I know there are several tools which help build operators
(kubebuilder, KUDO, kopf etc.), I wanted to ask about compatibility.
From a developers point of view these are all different obviously, but
what about from an end users perspective?
2. Relationship to Operator Hub
Chris also mentioned the intent to move the Operator Hub to CNCF in
https://github.com/cncf/toc/pull/303. Do you see that being under the
Operator Framework project, or under a standalone project? I think
that's interesting given the generic nature of Operators (as I
understand them above) and the Operator Framework as a specific tool.
For instance, can a kopf operator be added to Operator Hub today?
3. Relationship to Helm
As Helm is a fairly well established CNCF project, I'd be interested
in the relationship between the Operator Framework and Helm. How
involved are the Helm maintainers in the integration with the Operator
Framework?
Regarding the Operator Hub point as well. One thing I feel we should
strive to avoid plays out in my mind like:
User: Where do I find applications I can install on my Kubernetes cluster?
Helpful internet person (HIP): Why type of applications are you using?
User: ?
HIP: Helm or Operators?
User: ?
HIP: Never-mind, do to Helm Hub and Operator Hub
User: Thanks! I presume these come from two different organisations?
HIP: Oh, no, both are CNCF projects
I know their are benefits to different tools and approaches under the
CNCF banner, but when it comes to generic descriptions (Applications!)
and end user distribution it's probably worth a conversation between
multiple projects.
Thanks
Gareth
--
Gareth Rushgrove
@garethr
devopsweekly.com
garethr.dev
Daniel Messer
Hi Gareth,
sorry for the late reply - responding inline. Thanks for the questions - keep them coming!
On Wed, Oct 9, 2019 at 6:22 PM Gareth Rushgrove <gareth@...> wrote:
Thanks for the presentation, I had a few questions and thought I'd
kick things off here.
1. Compatibility
Terminology wise, checking this is still the canonical definition from
a concept point of view?
https://kubernetes.io/docs/concepts/extend-kubernetes/operator/
I know there are several tools which help build operators
(kubebuilder, KUDO, kopf etc.), I wanted to ask about compatibility.
From a developers point of view these are all different obviously, but
what about from an end users perspective?
I think this definition is still valid. An Operator is a custom controller with its own CRDs serving as the user interface (exceptions exist).
The Framework is designed to be open to the way the Operator itself is built. The packaging format and OLM don't depend on the SDK.
However there is of course good integration between the SDK and OLM.
2. Relationship to Operator Hub
Chris also mentioned the intent to move the Operator Hub to CNCF in
https://github.com/cncf/toc/pull/303. Do you see that being under the
Operator Framework project, or under a standalone project? I think
that's interesting given the generic nature of Operators (as I
understand them above) and the Operator Framework as a specific tool.
For instance, can a kopf operator be added to Operator Hub today?
It is under the Framework: https://github.com/operator-framework/operatorhub.io
And yes, a kopf operator, or a kubebuilder operator, or KUDO or something entirely custom can be added to this. They enabling part is the packaging format that drives the indexing and visual display.
3. Relationship to Helm
As Helm is a fairly well established CNCF project, I'd be interested
in the relationship between the Operator Framework and Helm. How
involved are the Helm maintainers in the integration with the Operator
Framework?
The Operator SDK project maintainers collaborate with the Helm maintainers, primarily on the Helm-based Operator pattern the SDK provides.
Helm in general focusses on Day 1 operations: bundle & install using an external tool. Operators include that and put emphasis on Day 2 operations: orchestrated updates, complex re-configuration without re-deploying from scratch, backup / restore, failover / failback, etc with kubectl. Helm serves stateless applications very well, that can be entirely maintained using the built-in functionality in k8s. Operators serve those too but provide an evolution to templating package manifests by extending the built-in k8s functionality, thus enabling k8s to run stateful applications and advanced, distributed systems.
Regarding the Operator Hub point as well. One thing I feel we should
strive to avoid plays out in my mind like:
User: Where do I find applications I can install on my Kubernetes cluster?
Helpful internet person (HIP): Why type of applications are you using?
User: ?
HIP: Helm or Operators?
User: ?
HIP: Never-mind, do to Helm Hub and Operator Hub
User: Thanks! I presume these come from two different organisations?
HIP: Oh, no, both are CNCF projects
I get this sentiment. I think it's important to point out that Operators and Applications are different concepts. I'd like to think of Operators as managed service providers to get managed instances of applications. So the question a user would be asking instead: do I want to enable my cluster to serve me that application and manage it or do I want to run it myself?
I know their are benefits to different tools and approaches under the
CNCF banner, but when it comes to generic descriptions (Applications!)
and end user distribution it's probably worth a conversation between
multiple projects.
Yes, agreed!
Thanks
Gareth
--
Gareth Rushgrove
@garethr
devopsweekly.com
garethr.dev
Daniel Messer
He / Him / His
Product Manager OpenShift
Wankelstrasse 5
70563 Stuttgart
 |
Gareth Rushgrove
On Fri, 11 Oct 2019 at 13:08, Daniel Messer <dmesser@...> wrote:
Hi Gareth,sorry for the late reply - responding inline. Thanks for the questions - keep them coming!On Wed, Oct 9, 2019 at 6:22 PM Gareth Rushgrove <gareth@...> wrote:Thanks for the presentation, I had a few questions and thought I'd
kick things off here.
1. Compatibility
Terminology wise, checking this is still the canonical definition from
a concept point of view?
https://kubernetes.io/docs/concepts/extend-kubernetes/operator/
I know there are several tools which help build operators
(kubebuilder, KUDO, kopf etc.), I wanted to ask about compatibility.
From a developers point of view these are all different obviously, but
what about from an end users perspective?
I think this definition is still valid. An Operator is a custom controller with its own CRDs serving as the user interface (exceptions exist).The Framework is designed to be open to the way the Operator itself is built. The packaging format and OLM don't depend on the SDK.However there is of course good integration between the SDK and OLM.
2. Relationship to Operator Hub
Chris also mentioned the intent to move the Operator Hub to CNCF in
https://github.com/cncf/toc/pull/303. Do you see that being under the
Operator Framework project, or under a standalone project? I think
that's interesting given the generic nature of Operators (as I
understand them above) and the Operator Framework as a specific tool.
For instance, can a kopf operator be added to Operator Hub today?
It is under the Framework: https://github.com/operator-framework/operatorhub.ioAnd yes, a kopf operator, or a kubebuilder operator, or KUDO or something entirely custom can be added to this. They enabling part is the packaging format that drives the indexing and visual display.
Are there any examples of non-operator-framework operators on Operator Hub today?
3. Relationship to Helm
As Helm is a fairly well established CNCF project, I'd be interested
in the relationship between the Operator Framework and Helm. How
involved are the Helm maintainers in the integration with the Operator
Framework?
The Operator SDK project maintainers collaborate with the Helm maintainers, primarily on the Helm-based Operator pattern the SDK provides.Helm in general focusses on Day 1 operations: bundle & install using an external tool. Operators include that and put emphasis on Day 2 operations: orchestrated updates, complex re-configuration without re-deploying from scratch, backup / restore, failover / failback, etc with kubectl. Helm serves stateless applications very well, that can be entirely maintained using the built-in functionality in k8s. Operators serve those too but provide an evolution to templating package manifests by extending the built-in k8s functionality, thus enabling k8s to run stateful applications and advanced, distributed systems.Regarding the Operator Hub point as well. One thing I feel we should
strive to avoid plays out in my mind like:
User: Where do I find applications I can install on my Kubernetes cluster?
Helpful internet person (HIP): Why type of applications are you using?
User: ?
HIP: Helm or Operators?
User: ?
HIP: Never-mind, do to Helm Hub and Operator Hub
User: Thanks! I presume these come from two different organisations?
HIP: Oh, no, both are CNCF projectsI get this sentiment. I think it's important to point out that Operators and Applications are different concepts. I'd like to think of Operators as managed service providers to get managed instances of applications. So the question a user would be asking instead: do I want to enable my cluster to serve me that application and manage it or do I want to run it myself?
Thanks for the answers.
I think it's fine for producers of applications to appreciate those technical different concerns, but nearly no end user is doing to ask such a complex question - they just want to run (say) MySQL.
I definitely think it would be good to talk about application stores in general in the SIG, and include folks from Helm and other operator developer tooling. I'd love to hear from maintainers of Helm and other operator tools what they think.
Gareth
I know their are benefits to different tools and approaches under the
CNCF banner, but when it comes to generic descriptions (Applications!)
and end user distribution it's probably worth a conversation between
multiple projects.Yes, agreed!
Thanks
Gareth
--
Gareth Rushgrove
@garethr
devopsweekly.com
garethr.dev
--Daniel Messer
He / Him / His
Product Manager OpenShift
Wankelstrasse 5
70563 Stuttgart
Daniel Messer
On Sat, Oct 12, 2019 at 11:24 AM Gareth Rushgrove <gareth@...> wrote:
On Fri, 11 Oct 2019 at 13:08, Daniel Messer <dmesser@...> wrote:Hi Gareth,sorry for the late reply - responding inline. Thanks for the questions - keep them coming!On Wed, Oct 9, 2019 at 6:22 PM Gareth Rushgrove <gareth@...> wrote:Thanks for the presentation, I had a few questions and thought I'd
kick things off here.
1. Compatibility
Terminology wise, checking this is still the canonical definition from
a concept point of view?
https://kubernetes.io/docs/concepts/extend-kubernetes/operator/
I know there are several tools which help build operators
(kubebuilder, KUDO, kopf etc.), I wanted to ask about compatibility.
From a developers point of view these are all different obviously, but
what about from an end users perspective?
I think this definition is still valid. An Operator is a custom controller with its own CRDs serving as the user interface (exceptions exist).The Framework is designed to be open to the way the Operator itself is built. The packaging format and OLM don't depend on the SDK.However there is of course good integration between the SDK and OLM.
2. Relationship to Operator Hub
Chris also mentioned the intent to move the Operator Hub to CNCF in
https://github.com/cncf/toc/pull/303. Do you see that being under the
Operator Framework project, or under a standalone project? I think
that's interesting given the generic nature of Operators (as I
understand them above) and the Operator Framework as a specific tool.
For instance, can a kopf operator be added to Operator Hub today?
It is under the Framework: https://github.com/operator-framework/operatorhub.ioAnd yes, a kopf operator, or a kubebuilder operator, or KUDO or something entirely custom can be added to this. They enabling part is the packaging format that drives the indexing and visual display.Are there any examples of non-operator-framework operators on Operator Hub today?
There are lots of Operators that are not written with the SDK there. Every Operator on OperatorHub.io however is packaged for OLM to enable the visual display, versioning and install instructions.
Examples are Strimzi Kafka, Synposys, AWS Service Operator or Spark.
3. Relationship to Helm
As Helm is a fairly well established CNCF project, I'd be interested
in the relationship between the Operator Framework and Helm. How
involved are the Helm maintainers in the integration with the Operator
Framework?
The Operator SDK project maintainers collaborate with the Helm maintainers, primarily on the Helm-based Operator pattern the SDK provides.Helm in general focusses on Day 1 operations: bundle & install using an external tool. Operators include that and put emphasis on Day 2 operations: orchestrated updates, complex re-configuration without re-deploying from scratch, backup / restore, failover / failback, etc with kubectl. Helm serves stateless applications very well, that can be entirely maintained using the built-in functionality in k8s. Operators serve those too but provide an evolution to templating package manifests by extending the built-in k8s functionality, thus enabling k8s to run stateful applications and advanced, distributed systems.Regarding the Operator Hub point as well. One thing I feel we should
strive to avoid plays out in my mind like:
User: Where do I find applications I can install on my Kubernetes cluster?
Helpful internet person (HIP): Why type of applications are you using?
User: ?
HIP: Helm or Operators?
User: ?
HIP: Never-mind, do to Helm Hub and Operator Hub
User: Thanks! I presume these come from two different organisations?
HIP: Oh, no, both are CNCF projectsI get this sentiment. I think it's important to point out that Operators and Applications are different concepts. I'd like to think of Operators as managed service providers to get managed instances of applications. So the question a user would be asking instead: do I want to enable my cluster to serve me that application and manage it or do I want to run it myself?Thanks for the answers.I think it's fine for producers of applications to appreciate those technical different concerns, but nearly no end user is doing to ask such a complex question - they just want to run (say) MySQL.
I think there are nuances here. For a development environment that may be true, but for someone who's responsible for running a production workload based on MySQL it's going to make a big difference whether they end up being responsible for the entire database lifecycle or can defer that to a piece of software or a service.
I definitely think it would be good to talk about application stores in general in the SIG, and include folks from Helm and other operator developer tooling. I'd love to hear from maintainers of Helm and other operator tools what they think.Gareth
I know their are benefits to different tools and approaches under the
CNCF banner, but when it comes to generic descriptions (Applications!)
and end user distribution it's probably worth a conversation between
multiple projects.Yes, agreed!
Thanks
Gareth
--
Gareth Rushgrove
@garethr
devopsweekly.com
garethr.dev
--Daniel Messer
He / Him / His
Product Manager OpenShift
Wankelstrasse 5
70563 Stuttgart
Daniel Messer
He / Him / His
Product Manager OpenShift
Wankelstrasse 5
70563 Stuttgart
|
Gareth Rushgrove
On Mon, 14 Oct 2019 at 09:38, Daniel Messer <dmesser@...> wrote:
On Sat, Oct 12, 2019 at 11:24 AM Gareth Rushgrove <gareth@...> wrote:On Fri, 11 Oct 2019 at 13:08, Daniel Messer <dmesser@...> wrote:Hi Gareth,sorry for the late reply - responding inline. Thanks for the questions - keep them coming!On Wed, Oct 9, 2019 at 6:22 PM Gareth Rushgrove <gareth@...> wrote:Thanks for the presentation, I had a few questions and thought I'd
kick things off here.
1. Compatibility
Terminology wise, checking this is still the canonical definition from
a concept point of view?
https://kubernetes.io/docs/concepts/extend-kubernetes/operator/
I know there are several tools which help build operators
(kubebuilder, KUDO, kopf etc.), I wanted to ask about compatibility.
From a developers point of view these are all different obviously, but
what about from an end users perspective?
I think this definition is still valid. An Operator is a custom controller with its own CRDs serving as the user interface (exceptions exist).The Framework is designed to be open to the way the Operator itself is built. The packaging format and OLM don't depend on the SDK.However there is of course good integration between the SDK and OLM.
2. Relationship to Operator Hub
Chris also mentioned the intent to move the Operator Hub to CNCF in
https://github.com/cncf/toc/pull/303. Do you see that being under the
Operator Framework project, or under a standalone project? I think
that's interesting given the generic nature of Operators (as I
understand them above) and the Operator Framework as a specific tool.
For instance, can a kopf operator be added to Operator Hub today?
It is under the Framework: https://github.com/operator-framework/operatorhub.ioAnd yes, a kopf operator, or a kubebuilder operator, or KUDO or something entirely custom can be added to this. They enabling part is the packaging format that drives the indexing and visual display.Are there any examples of non-operator-framework operators on Operator Hub today?There are lots of Operators that are not written with the SDK there. Every Operator on OperatorHub.io however is packaged for OLM to enable the visual display, versioning and install instructions.Examples are Strimzi Kafka, Synposys, AWS Service Operator or Spark.
3. Relationship to Helm
As Helm is a fairly well established CNCF project, I'd be interested
in the relationship between the Operator Framework and Helm. How
involved are the Helm maintainers in the integration with the Operator
Framework?
The Operator SDK project maintainers collaborate with the Helm maintainers, primarily on the Helm-based Operator pattern the SDK provides.Helm in general focusses on Day 1 operations: bundle & install using an external tool. Operators include that and put emphasis on Day 2 operations: orchestrated updates, complex re-configuration without re-deploying from scratch, backup / restore, failover / failback, etc with kubectl. Helm serves stateless applications very well, that can be entirely maintained using the built-in functionality in k8s. Operators serve those too but provide an evolution to templating package manifests by extending the built-in k8s functionality, thus enabling k8s to run stateful applications and advanced, distributed systems.Regarding the Operator Hub point as well. One thing I feel we should
strive to avoid plays out in my mind like:
User: Where do I find applications I can install on my Kubernetes cluster?
Helpful internet person (HIP): Why type of applications are you using?
User: ?
HIP: Helm or Operators?
User: ?
HIP: Never-mind, do to Helm Hub and Operator Hub
User: Thanks! I presume these come from two different organisations?
HIP: Oh, no, both are CNCF projectsI get this sentiment. I think it's important to point out that Operators and Applications are different concepts. I'd like to think of Operators as managed service providers to get managed instances of applications. So the question a user would be asking instead: do I want to enable my cluster to serve me that application and manage it or do I want to run it myself?Thanks for the answers.I think it's fine for producers of applications to appreciate those technical different concerns, but nearly no end user is doing to ask such a complex question - they just want to run (say) MySQL.I think there are nuances here. For a development environment that may be true, but for someone who's responsible for running a production workload based on MySQL it's going to make a big difference whether they end up being responsible for the entire database lifecycle or can defer that to a piece of software or a service.
Agreed. That's not the issue I'm flagging. My issue is forcing that decision on a user up-front, before they pick the workload. Irrespective of the implementation detail, the end user wants to run this application on Kubernetes.
So
a1. I want to install MySQL
a2. Visits application store from CNCF
a3. Oh, there are several options
a4. Reads tradeoffs
a5 Installs
vs
b1. I want to install MySQL
b2. Finds one particular app store
b3. Installs
vs
c1. I want to install MySQL
c2. Knows about Helm and Operators SDK and other things that
c3. Finds multiple app stores, and chooses the right one
c4. Installs
Basically, I don't think building anything that relies on c2 above is sensible from a user perspective. It's taking something that should be an implementation detail (in my view) like which tool was used to build the application, and making it both something the user needs to care about and something they hit quickly.
From an application publishers point of view, it will also result in only one outcome (if both storefronts succeed); projects are expected to build and publish for both.
From a new project looking to build application tooling for Kubernetes it also introduces a new barrier to entry. They are probably expected to have their own appstore too. Not only is this work for the project, it compounds the end user discovery and application publisher issues above.
Note this isn't about the Operator SDK, but given the Operator Hub is in scope of the Operator Framework, it appears to be the framework submitted to the TOC https://github.com/cncf/toc/pull/303.
Personally I think having multiple appstores is hard to resist. But having multiple appstores under CNCF might be easier to resist. What would good look like for users more than individual projects?
I'd love to hear others opinions on this matter, either on this thread, Slack or maybe some time during the SIG call?
Gareth
I definitely think it would be good to talk about application stores in general in the SIG, and include folks from Helm and other operator developer tooling. I'd love to hear from maintainers of Helm and other operator tools what they think.Gareth
I know their are benefits to different tools and approaches under the
CNCF banner, but when it comes to generic descriptions (Applications!)
and end user distribution it's probably worth a conversation between
multiple projects.Yes, agreed!
Thanks
Gareth
--
Gareth Rushgrove
@garethr
devopsweekly.com
garethr.dev
--Daniel Messer
He / Him / His
Product Manager OpenShift
Wankelstrasse 5
70563 Stuttgart
Daniel Messer
He / Him / His
Product Manager OpenShift
Wankelstrasse 5
70563 Stuttgart
Jay Pipes
On Mon, 2019-10-14 at 10:17 +0100, Gareth Rushgrove wrote:
counterproductive. Is there a reason why they cannot be separated?
In my mind, *how* a k8s application is built (Operator SDK) is a
different thing than *where* that application is published (Operator
Hub).
Best,
-jay
Note this isn't about the Operator SDK, but given the Operator Hub isI agree that tying the Operator SDK and Operator Hub together is
in scope of the Operator Framework, it appears to be the framework
submitted to the TOC https://github.com/cncf/toc/pull/303.
counterproductive. Is there a reason why they cannot be separated?
In my mind, *how* a k8s application is built (Operator SDK) is a
different thing than *where* that application is published (Operator
Hub).
Best,
-jay
Daniel Messer
Agree with that Jay. The connection comes more from the OLM side since this is where the metadata format is defined that drives the OperatorHub.io index.
On Mon, Oct 14, 2019 at 4:18 PM Jay Pipes <jaypipes@...> wrote:
On Mon, 2019-10-14 at 10:17 +0100, Gareth Rushgrove wrote:
> Note this isn't about the Operator SDK, but given the Operator Hub is
> in scope of the Operator Framework, it appears to be the framework
> submitted to the TOC https://github.com/cncf/toc/pull/303.
I agree that tying the Operator SDK and Operator Hub together is
counterproductive. Is there a reason why they cannot be separated?
In my mind, *how* a k8s application is built (Operator SDK) is a
different thing than *where* that application is published (Operator
Hub).
Best,
-jay
--
Daniel Messer
He / Him / His
Product Manager OpenShift
Wankelstrasse 5
70563 Stuttgart
|
Gareth Rushgrove
On Mon, 14 Oct 2019 at 16:36, Daniel Messer <dmesser@...> wrote:
https://github.com/operator-framework/operator-lifecycle-manager
This sounds like OperatorHub requires Operators to use OLM?
Are there any examples, or is it possible, for a Kudo (or other
operator tooling) to use OLM?
I agree with Jay, separating how apps are build from where they are
published would appear important here, otherwise we're going to have
them coupled and we'll have one app store per toolkit before we know
it.
Gareth
--
Gareth Rushgrove
@garethr
garethr.dev
devopsweekly.com
I presume OLM is Operator Lifecycle Manager?
Agree with that Jay. The connection comes more from the OLM side since this is where the metadata format is defined that drives the OperatorHub.io index.
https://github.com/operator-framework/operator-lifecycle-manager
This sounds like OperatorHub requires Operators to use OLM?
Are there any examples, or is it possible, for a Kudo (or other
operator tooling) to use OLM?
I agree with Jay, separating how apps are build from where they are
published would appear important here, otherwise we're going to have
them coupled and we'll have one app store per toolkit before we know
it.
Gareth
On Mon, Oct 14, 2019 at 4:18 PM Jay Pipes <jaypipes@...> wrote:
On Mon, 2019-10-14 at 10:17 +0100, Gareth Rushgrove wrote:Note this isn't about the Operator SDK, but given the Operator Hub isI agree that tying the Operator SDK and Operator Hub together is
in scope of the Operator Framework, it appears to be the framework
submitted to the TOC https://github.com/cncf/toc/pull/303.
counterproductive. Is there a reason why they cannot be separated?
In my mind, *how* a k8s application is built (Operator SDK) is a
different thing than *where* that application is published (Operator
Hub).
Best,
-jay
--
Daniel Messer
He / Him / His
Product Manager OpenShift
Red Hat GmbH
Wankelstrasse 5
70563 Stuttgart
dmesser@...
--
Gareth Rushgrove
@garethr
garethr.dev
devopsweekly.com
Matt Farina
Sorry I am late to the thread. I just noticed the content.
The proposal notes that the Operator Hub website is the one for the Operator Framework. Given the conversation here, is the plan to keep that or change that? I'm not suggesting anything. Just asking for clarification.
Helm in general focusses on Day 1 operations: bundle & install using an external tool. Operators include that and put emphasis on Day 2 operations: orchestrated updates, complex re-configuration without re-deploying from scratch, backup / restore, failover / failback, etc with kubectl. Helm serves stateless applications very well, that can be entirely maintained using the built-in functionality in k8s. Operators serve those too but provide an evolution to templating package manifests by extending the built-in k8s functionality, thus enabling k8s to run stateful applications and advanced, distributed systems.
This doesn't accurately share the details, intent, or use of Helm. For example, Helm can serve quite a bit of day 2 and works fine for many stateful apps (I know from experience). I'm not going to go into a lot of detail because many people don't tend to read long emails. There must be a better place to have a talk like that.
It also raises questions, for me, about who we (CNCF contributors) think the end users are, what their needs are, what their on-boarding experience looks like, and numerous other things. Is anyone capturing details on end-users anywhere for the CNCF?
a1. I want to install MySQLa2. Visits application store from CNCFa3. Oh, there are several optionsa4. Reads tradeoffsa5 Installs
I think a4 is going to be really tricky. I've spent countless hours discussing Helm, operators, on-boarding people to Kubernetes, automating the things, UX, and how all of this fits together. One thing I've observed is some folks with an opinion that their way is right and others are wrong. It's a philosophy discussion involving a certain amount of belief. How do we get well written tradeoffs when this is going around? But, I have found there are tradeoffs for different ways to install and operate applications.
- Matt Farina
On Mon, Oct 14, 2019, at 11:51 AM, Gareth Rushgrove wrote:
On Mon, 14 Oct 2019 at 16:36, Daniel Messer <dmesser@...> wrote:>> Agree with that Jay. The connection comes more from the OLM side since this is where the metadata format is defined that drives the OperatorHub.io index.>I presume OLM is Operator Lifecycle Manager?https://github.com/operator-framework/operator-lifecycle-managerThis sounds like OperatorHub requires Operators to use OLM?Are there any examples, or is it possible, for a Kudo (or otheroperator tooling) to use OLM?I agree with Jay, separating how apps are build from where they arepublished would appear important here, otherwise we're going to havethem coupled and we'll have one app store per toolkit before we knowit.Gareth>> On Mon, Oct 14, 2019 at 4:18 PM Jay Pipes <jaypipes@...> wrote:>>>> On Mon, 2019-10-14 at 10:17 +0100, Gareth Rushgrove wrote:>> > Note this isn't about the Operator SDK, but given the Operator Hub is>> > in scope of the Operator Framework, it appears to be the framework>> > submitted to the TOC https://github.com/cncf/toc/pull/303.>>>> I agree that tying the Operator SDK and Operator Hub together is>> counterproductive. Is there a reason why they cannot be separated?>>>> In my mind, *how* a k8s application is built (Operator SDK) is a>> different thing than *where* that application is published (Operator>> Hub).>>>> Best,>> -jay>>>>> -->> Daniel Messer>> He / Him / His>> Product Manager OpenShift>> Red Hat GmbH>> Wankelstrasse 5>> 70563 Stuttgart>> dmesser@...--Gareth Rushgrove@garethrgarethr.devdevopsweekly.com
Michael Hrivnak
On Mon, Oct 14, 2019 at 11:51 AM Gareth Rushgrove <gareth@...> wrote:
On Mon, 14 Oct 2019 at 16:36, Daniel Messer <dmesser@...> wrote:
>
> Agree with that Jay. The connection comes more from the OLM side since this is where the metadata format is defined that drives the OperatorHub.io index.
>
I presume OLM is Operator Lifecycle Manager?
https://github.com/operator-framework/operator-lifecycle-manager
Yes.
This sounds like OperatorHub requires Operators to use OLM?
Yes. OLM is a package manager for operators, and it specifies a packaging format. Operator Hub uses that same package format.
Are there any examples, or is it possible, for a Kudo (or other
operator tooling) to use OLM?
When we talk about Operators, we are referring to the concept originally described in this post from 2016: https://coreos.com/blog/introducing-operators.html
In sum, an operator has three parts:
1. One or more CRDs that represent the desired vs actual state of a specific application. Example: a "MySQL" CRD.
2. Controllers that reconcile those CRDs.
3. Operation knowledge; anything a human might do (install, upgrade, scale, backup, repair, refresh, rebalance, reshard, vacuum, failover, ...) gets automated as logic in a controller.
Kudo has a very different pattern. It runs a single set of controllers, as "cluster-admin", that own a set of kudo-specific CRDs. That is kudo's out-of-the-box "Universal Operator", before you've installed an application-specific operator. If you then made a mysql operator with kudo, there would not be a new CRD, and there would not be a new controller.
OLM can be the package manager for almost anything that has CRDs, controllers, and RBAC policy. It does not matter how you created those things. You could probably even use OLM to install kudo itself. If you use operator-sdk, it offers some features that may help you package up assets for use with OLM, but you're under no obligation to use it.
I agree with Jay, separating how apps are build from where they are
published would appear important here, otherwise we're going to have
them coupled and we'll have one app store per toolkit before we know
it.
How they are built matters because you end up with very different APIs and lifecycle management features. Operators, helm charts, "kudo operators", and other similar things each have fundamental differences in what they are capable of and how they get used, based on which pattern they are following. The "app store" is merely the discovery mechanism; how many different tools will a cluster owner want to be involved in managing and upgrading the workloads on their cluster? Different cluster owners will have different tolerances, but many will want to standardize on one mechanism for controlling what versions of software are running in their cluster.
Michael Hrivnak
Principal Software Engineer, RHCERed Hat
Jay Pipes
On Mon, 2019-10-14 at 16:41 -0400, Michael Hrivnak wrote:
lifecycle management from the operator-sdk is critical.
Perhaps a developer would like to use the operator-sdk to develop their
Operator, but provide a non-OLM way of packaging that code. Decoupling
the SDK from the method of packaging and managing the code that is
produced by the SDK seems to enable that, no?
Best,
-jay
The "app store" is merely theAgreed. This is why I think separating the method of discovery and
discovery mechanism; how many different tools will a cluster owner
want to be involved in managing and upgrading the workloads on their
cluster? Different cluster owners will have different tolerances, but
many will want to standardize on one mechanism for controlling what
versions of software are running in their cluster.
lifecycle management from the operator-sdk is critical.
Perhaps a developer would like to use the operator-sdk to develop their
Operator, but provide a non-OLM way of packaging that code. Decoupling
the SDK from the method of packaging and managing the code that is
produced by the SDK seems to enable that, no?
Best,
-jay
Michael Hrivnak
On Mon, Oct 14, 2019 at 4:50 PM Jay Pipes <jaypipes@...> wrote:
On Mon, 2019-10-14 at 16:41 -0400, Michael Hrivnak wrote:
> The "app store" is merely the
> discovery mechanism; how many different tools will a cluster owner
> want to be involved in managing and upgrading the workloads on their
> cluster? Different cluster owners will have different tolerances, but
> many will want to standardize on one mechanism for controlling what
> versions of software are running in their cluster.
Agreed. This is why I think separating the method of discovery and
lifecycle management from the operator-sdk is critical.
Creating an operator and creating its packaging are at least logically separate, even if one tool can do both things. When you create an operator with operator-sdk, it does not have any packaging unless you explicitly run "operator-sdk olm-catalog gen-csv" with some arguments. Adding OLM packaging is optional and does not happen by default.
Perhaps a developer would like to use the operator-sdk to develop their
Operator, but provide a non-OLM way of packaging that code. Decoupling
the SDK from the method of packaging and managing the code that is
produced by the SDK seems to enable that, no?
This is already easy to do. To start, after you've made an operator with operator-sdk, you can install it manually by running "kubectl create -f" on a few of the manifests that operator-sdk creates for you. They just contain the CRD, RBAC resources, and a Deployment. You could then turn those manifests into a helm chart that installs your operator, or use any other tool you choose.
Michael Hrivnak
Principal Software Engineer, RHCERed Hat
Matt Farina
Please excuse my ignorance on some of this software. I have a number of questions now that I'm starting to look around.
OLM is a package manager for operators
Out of curiosity, why create another package manager? What features are missing from Helm? If some feature was missing I'd love to talk about it to learn the context and assumptions around it.
When I start to look at OLM I see things like Install Plans and Subscriptions. This looks a lot like Kubernetes Service Catalog. Is there any kind of write-up comparing the two?
You can do a lot with operators. If OLM has a lot of similarities to Service Catalog and has a bit of that intent in mind, what about the use cases aren't related to the service catalog type setup?
Should I ask these questions over on the TOC issue instead?
Thanks,
Matt
On Mon, Oct 14, 2019, at 6:03 PM, Michael Hrivnak wrote:
On Mon, Oct 14, 2019 at 4:50 PM Jay Pipes <jaypipes@...> wrote:On Mon, 2019-10-14 at 16:41 -0400, Michael Hrivnak wrote:> The "app store" is merely the> discovery mechanism; how many different tools will a cluster owner> want to be involved in managing and upgrading the workloads on their> cluster? Different cluster owners will have different tolerances, but> many will want to standardize on one mechanism for controlling what> versions of software are running in their cluster.Agreed. This is why I think separating the method of discovery andlifecycle management from the operator-sdk is critical.Creating an operator and creating its packaging are at least logically separate, even if one tool can do both things. When you create an operator with operator-sdk, it does not have any packaging unless you explicitly run "operator-sdk olm-catalog gen-csv" with some arguments. Adding OLM packaging is optional and does not happen by default.Perhaps a developer would like to use the operator-sdk to develop theirOperator, but provide a non-OLM way of packaging that code. Decouplingthe SDK from the method of packaging and managing the code that isproduced by the SDK seems to enable that, no?This is already easy to do. To start, after you've made an operator with operator-sdk, you can install it manually by running "kubectl create -f" on a few of the manifests that operator-sdk creates for you. They just contain the CRD, RBAC resources, and a Deployment. You could then turn those manifests into a helm chart that installs your operator, or use any other tool you choose.--Michael Hrivnak
Principal Software Engineer, RHCERed Hat
Daniel Messer
On Tue, Oct 15, 2019 at 1:39 AM Matt Farina <matt@...> wrote:
Please excuse my ignorance on some of this software. I have a number of questions now that I'm starting to look around.OLM is a package manager for operatorsOut of curiosity, why create another package manager? What features are missing from Helm? If some feature was missing I'd love to talk about it to learn the context and assumptions around it.
There are a bunch of Operator lifecycle aspects, mainly around CRDs, that OLM takes care of so you don't have to. E.g. what happens when you attempt to install an Operator and there is already a CRD on cluster installed - is it safe to proceed? Is there maybe another Operator already present owning these CRDs? How would you discover this relationship?
What happens when a CRD gets an update, e.g. in a new version of a CRD or a versioned CRD? Does this break existing workloads?
Such as dependent Operators: in order to drive developers to work towards API (as they do with Kubernetes) it would be nice to express a dependency on another Operators' CRDs, not the Operator itself.
Operators are meant to be used by end user to drive value - so there needs to be an on-cluster mechanism to discover which Operators with which services are available. Since these users are usually not cluster-admins, there should be a safe way to do that without these privileges.
Operators also support the concept of watching N namespaces while being installed in a different namespace. This is a configuration that prevents privilege escalation where you'd normally just be able to hijack the potentially very privileged ServiceAccount that got deployed in your namespace. This configuration needs to be expressed in some standardized way.
OLM also comes with a first-class concept of automatic over-the-air updates of Operators in the background as part of regularly updated catalogs. This is due to long-lived nature of Operator workloads themselves.
Hope this sheds some lights of the intentions of OLM. It is a package manager as well, but primarily it provides the additional guardrails needed in order to deploy, discovery and run Operators from a central point on cluster. I think it's worth pursuing designs where the packaging format of helm can be re-used, though. The use case is different though, since Operators are not regular applications but behave more like kernel extensions.
When I start to look at OLM I see things like Install Plans and Subscriptions. This looks a lot like Kubernetes Service Catalog. Is there any kind of write-up comparing the two?You can do a lot with operators. If OLM has a lot of similarities to Service Catalog and has a bit of that intent in mind, what about the use cases aren't related to the service catalog type setup?Should I ask these questions over on the TOC issue instead?Thanks,MattOn Mon, Oct 14, 2019, at 6:03 PM, Michael Hrivnak wrote:On Mon, Oct 14, 2019 at 4:50 PM Jay Pipes <jaypipes@...> wrote:On Mon, 2019-10-14 at 16:41 -0400, Michael Hrivnak wrote:> The "app store" is merely the> discovery mechanism; how many different tools will a cluster owner> want to be involved in managing and upgrading the workloads on their> cluster? Different cluster owners will have different tolerances, but> many will want to standardize on one mechanism for controlling what> versions of software are running in their cluster.Agreed. This is why I think separating the method of discovery andlifecycle management from the operator-sdk is critical.Creating an operator and creating its packaging are at least logically separate, even if one tool can do both things. When you create an operator with operator-sdk, it does not have any packaging unless you explicitly run "operator-sdk olm-catalog gen-csv" with some arguments. Adding OLM packaging is optional and does not happen by default.Perhaps a developer would like to use the operator-sdk to develop theirOperator, but provide a non-OLM way of packaging that code. Decouplingthe SDK from the method of packaging and managing the code that isproduced by the SDK seems to enable that, no?This is already easy to do. To start, after you've made an operator with operator-sdk, you can install it manually by running "kubectl create -f" on a few of the manifests that operator-sdk creates for you. They just contain the CRD, RBAC resources, and a Deployment. You could then turn those manifests into a helm chart that installs your operator, or use any other tool you choose.--Michael Hrivnak
Principal Software Engineer, RHCERed Hat
Daniel Messer
He / Him / His
Product Manager OpenShift
Wankelstrasse 5
70563 Stuttgart
|
Matt Farina
Daniel, thanks for the added color. I have more questions...
Operators are meant to be used by end user to drive value - so there needs to be an on-cluster mechanism to discover which Operators with which services are available.
This and some of the other comments sounds similar to a service catalog along with elements of OLM (e.g., the metering and chargeback operators). I'm curious how much of the service catalog ideals are tied to all of this.
If you don't mind, I'd like to look at a couple examples that's are different.
WordPress is an all to common example so I'll use that. Let's say someone is operating a WorPress as a service site. A customer comes along to their UI and signs up for a new site. Their web app tells an operator in Kubernetes to create a new site. When that site is ready it's shared with the new customer. The lifecycle of this WordPress site is managed by the operator while the UI, billing, and other elements are handled by customer facing applications.
For a second example, what if someone needs just one instance of an application but they want that instance to be fully managed. That includes failure handling that is usually encoded in a run book.
How would these examples fit with the Operator SDK and OLM?
There are a bunch of Operator lifecycle aspects, mainly around CRDs, that OLM takes care of so you don't have to. E.g. what happens when you attempt to install an Operator and there is already a CRD on cluster installed - is it safe to proceed? Is there maybe another Operator already present owning these CRDs? How would you discover this relationship?What happens when a CRD gets an update, e.g. in a new version of a CRD or a versioned CRD? Does this break existing workloads?
The the details documented on this anywhere? I would love to read them. For example, let's assume you have two of these WordPress operators/controllers running in a cluster. They are namespace scoped and do not overlap. How do you handle the CRD being cluster scoped? How do upgrades of the CRD work to make sure it works for all operators/controllers? Or, are some assumptions made that situations like this will not occur?
If you have some time I would appreciate digging into these forms of situations. This is in part because people need guidance on working with CRDs and some of that falls into Kubernetes SIG Apps domain where I spend some of my time.
Thanks,
Matt Farina
On Tue, Oct 15, 2019, at 5:39 AM, Daniel Messer wrote:
On Tue, Oct 15, 2019 at 1:39 AM Matt Farina <matt@...> wrote:Please excuse my ignorance on some of this software. I have a number of questions now that I'm starting to look around.OLM is a package manager for operatorsOut of curiosity, why create another package manager? What features are missing from Helm? If some feature was missing I'd love to talk about it to learn the context and assumptions around it.There are a bunch of Operator lifecycle aspects, mainly around CRDs, that OLM takes care of so you don't have to. E.g. what happens when you attempt to install an Operator and there is already a CRD on cluster installed - is it safe to proceed? Is there maybe another Operator already present owning these CRDs? How would you discover this relationship?What happens when a CRD gets an update, e.g. in a new version of a CRD or a versioned CRD? Does this break existing workloads?Such as dependent Operators: in order to drive developers to work towards API (as they do with Kubernetes) it would be nice to express a dependency on another Operators' CRDs, not the Operator itself.Operators are meant to be used by end user to drive value - so there needs to be an on-cluster mechanism to discover which Operators with which services are available. Since these users are usually not cluster-admins, there should be a safe way to do that without these privileges.Operators also support the concept of watching N namespaces while being installed in a different namespace. This is a configuration that prevents privilege escalation where you'd normally just be able to hijack the potentially very privileged ServiceAccount that got deployed in your namespace. This configuration needs to be expressed in some standardized way.OLM also comes with a first-class concept of automatic over-the-air updates of Operators in the background as part of regularly updated catalogs. This is due to long-lived nature of Operator workloads themselves.Hope this sheds some lights of the intentions of OLM. It is a package manager as well, but primarily it provides the additional guardrails needed in order to deploy, discovery and run Operators from a central point on cluster. I think it's worth pursuing designs where the packaging format of helm can be re-used, though. The use case is different though, since Operators are not regular applications but behave more like kernel extensions.When I start to look at OLM I see things like Install Plans and Subscriptions. This looks a lot like Kubernetes Service Catalog. Is there any kind of write-up comparing the two?You can do a lot with operators. If OLM has a lot of similarities to Service Catalog and has a bit of that intent in mind, what about the use cases aren't related to the service catalog type setup?Should I ask these questions over on the TOC issue instead?Thanks,MattOn Mon, Oct 14, 2019, at 6:03 PM, Michael Hrivnak wrote:On Mon, Oct 14, 2019 at 4:50 PM Jay Pipes <jaypipes@...> wrote:On Mon, 2019-10-14 at 16:41 -0400, Michael Hrivnak wrote:> The "app store" is merely the> discovery mechanism; how many different tools will a cluster owner> want to be involved in managing and upgrading the workloads on their> cluster? Different cluster owners will have different tolerances, but> many will want to standardize on one mechanism for controlling what> versions of software are running in their cluster.Agreed. This is why I think separating the method of discovery andlifecycle management from the operator-sdk is critical.Creating an operator and creating its packaging are at least logically separate, even if one tool can do both things. When you create an operator with operator-sdk, it does not have any packaging unless you explicitly run "operator-sdk olm-catalog gen-csv" with some arguments. Adding OLM packaging is optional and does not happen by default.Perhaps a developer would like to use the operator-sdk to develop theirOperator, but provide a non-OLM way of packaging that code. Decouplingthe SDK from the method of packaging and managing the code that isproduced by the SDK seems to enable that, no?This is already easy to do. To start, after you've made an operator with operator-sdk, you can install it manually by running "kubectl create -f" on a few of the manifests that operator-sdk creates for you. They just contain the CRD, RBAC resources, and a Deployment. You could then turn those manifests into a helm chart that installs your operator, or use any other tool you choose.--Michael Hrivnak
Principal Software Engineer, RHCERed Hat
--
Daniel Messer
He / Him / His
Product Manager OpenShift
Wankelstrasse 5
70563 Stuttgart
|
Li, Xiang
I am an early engineer on the operator idea, and drove the inception of SDK/OLM etc. at CoreOS .
OperatorHub is designed to be operator first, which means the users need to understand the operator details, and to discover operator itself, then the CRD/services. I feel one thing we should try is not to first discover operator but first to discover the CRD (the resource which describes the actual service), and then verify (or install) the corresponding operator (through Helm or whatever popular package manager). That might be what most users need I guess.
------------------------------------------------------------------From:Matt Farina <matt@...>Sent At:2019 Oct. 15 (Tue.) 07:36To:Daniel Messer <dmesser@...>; cncf-sig-app-delivery <cncf-sig-app-delivery@...>Subject:Re: [cncf-sig-app-delivery] Operator Framework questionsDaniel, thanks for the added color. I have more questions...Operators are meant to be used by end user to drive value - so there needs to be an on-cluster mechanism to discover which Operators with which services are available.This and some of the other comments sounds similar to a service catalog along with elements of OLM (e.g., the metering and chargeback operators). I'm curious how much of the service catalog ideals are tied to all of this.If you don't mind, I'd like to look at a couple examples that's are different.WordPress is an all to common example so I'll use that. Let's say someone is operating a WorPress as a service site. A customer comes along to their UI and signs up for a new site. Their web app tells an operator in Kubernetes to create a new site. When that site is ready it's shared with the new customer. The lifecycle of this WordPress site is managed by the operator while the UI, billing, and other elements are handled by customer facing applications.For a second example, what if someone needs just one instance of an application but they want that instance to be fully managed. That includes failure handling that is usually encoded in a run book.How would these examples fit with the Operator SDK and OLM?There are a bunch of Operator lifecycle aspects, mainly around CRDs, that OLM takes care of so you don't have to. E.g. what happens when you attempt to install an Operator and there is already a CRD on cluster installed - is it safe to proceed? Is there maybe another Operator already present owning these CRDs? How would you discover this relationship?What happens when a CRD gets an update, e.g. in a new version of a CRD or a versioned CRD? Does this break existing workloads?The the details documented on this anywhere? I would love to read them. For example, let's assume you have two of these WordPress operators/controllers running in a cluster. They are namespace scoped and do not overlap. How do you handle the CRD being cluster scoped? How do upgrades of the CRD work to make sure it works for all operators/controllers? Or, are some assumptions made that situations like this will not occur?If you have some time I would appreciate digging into these forms of situations. This is in part because people need guidance on working with CRDs and some of that falls into Kubernetes SIG Apps domain where I spend some of my time.Thanks,Matt FarinaOn Tue, Oct 15, 2019, at 5:39 AM, Daniel Messer wrote:On Tue, Oct 15, 2019 at 1:39 AM Matt Farina <matt@...> wrote:Please excuse my ignorance on some of this software. I have a number of questions now that I'm starting to look around.OLM is a package manager for operatorsOut of curiosity, why create another package manager? What features are missing from Helm? If some feature was missing I'd love to talk about it to learn the context and assumptions around it.There are a bunch of Operator lifecycle aspects, mainly around CRDs, that OLM takes care of so you don't have to. E.g. what happens when you attempt to install an Operator and there is already a CRD on cluster installed - is it safe to proceed? Is there maybe another Operator already present owning these CRDs? How would you discover this relationship?What happens when a CRD gets an update, e.g. in a new version of a CRD or a versioned CRD? Does this break existing workloads?Such as dependent Operators: in order to drive developers to work towards API (as they do with Kubernetes) it would be nice to express a dependency on another Operators' CRDs, not the Operator itself.Operators are meant to be used by end user to drive value - so there needs to be an on-cluster mechanism to discover which Operators with which services are available. Since these users are usually not cluster-admins, there should be a safe way to do that without these privileges.Operators also support the concept of watching N namespaces while being installed in a different namespace. This is a configuration that prevents privilege escalation where you'd normally just be able to hijack the potentially very privileged ServiceAccount that got deployed in your namespace. This configuration needs to be expressed in some standardized way.OLM also comes with a first-class concept of automatic over-the-air updates of Operators in the background as part of regularly updated catalogs. This is due to long-lived nature of Operator workloads themselves.Hope this sheds some lights of the intentions of OLM. It is a package manager as well, but primarily it provides the additional guardrails needed in order to deploy, discovery and run Operators from a central point on cluster. I think it's worth pursuing designs where the packaging format of helm can be re-used, though. The use case is different though, since Operators are not regular applications but behave more like kernel extensions.When I start to look at OLM I see things like Install Plans and Subscriptions. This looks a lot like Kubernetes Service Catalog. Is there any kind of write-up comparing the two?You can do a lot with operators. If OLM has a lot of similarities to Service Catalog and has a bit of that intent in mind, what about the use cases aren't related to the service catalog type setup?Should I ask these questions over on the TOC issue instead?Thanks,MattOn Mon, Oct 14, 2019, at 6:03 PM, Michael Hrivnak wrote:On Mon, Oct 14, 2019 at 4:50 PM Jay Pipes <jaypipes@...> wrote:On Mon, 2019-10-14 at 16:41 -0400, Michael Hrivnak wrote:> The "app store" is merely the> discovery mechanism; how many different tools will a cluster owner> want to be involved in managing and upgrading the workloads on their> cluster? Different cluster owners will have different tolerances, but> many will want to standardize on one mechanism for controlling what> versions of software are running in their cluster.Agreed. This is why I think separating the method of discovery andlifecycle management from the operator-sdk is critical.Creating an operator and creating its packaging are at least logically separate, even if one tool can do both things. When you create an operator with operator-sdk, it does not have any packaging unless you explicitly run "operator-sdk olm-catalog gen-csv" with some arguments. Adding OLM packaging is optional and does not happen by default.Perhaps a developer would like to use the operator-sdk to develop theirOperator, but provide a non-OLM way of packaging that code. Decouplingthe SDK from the method of packaging and managing the code that isproduced by the SDK seems to enable that, no?This is already easy to do. To start, after you've made an operator with operator-sdk, you can install it manually by running "kubectl create -f" on a few of the manifests that operator-sdk creates for you. They just contain the CRD, RBAC resources, and a Deployment. You could then turn those manifests into a helm chart that installs your operator, or use any other tool you choose.--Michael Hrivnak
Principal Software Engineer, RHCERed Hat
--Daniel Messer
He / Him / His
Product Manager OpenShift
Wankelstrasse 5
70563 Stuttgart
Erin Boyd
HI Matt,
So interesting that you bring up the service catalog. Do we have a feel for the service catalog usage? One thing about it is that the API is built off of CFF rather than Kube, so there is a fundamental difference there. Also, I assume we want to shepherd more projects in this space (besides Helm) to negate the possibility of it being a king maker, right?
Just trying to understand when doing a comparison if that is meant to just highlight intentional differences to give further choices or to say we already have something that works and we don't need something else.
Thanks,
Erin
On Tue, Oct 15, 2019 at 8:33 AM Matt Farina <matt@...> wrote:
Daniel, thanks for the added color. I have more questions...Operators are meant to be used by end user to drive value - so there needs to be an on-cluster mechanism to discover which Operators with which services are available.This and some of the other comments sounds similar to a service catalog along with elements of OLM (e.g., the metering and chargeback operators). I'm curious how much of the service catalog ideals are tied to all of this.If you don't mind, I'd like to look at a couple examples that's are different.WordPress is an all to common example so I'll use that. Let's say someone is operating a WorPress as a service site. A customer comes along to their UI and signs up for a new site. Their web app tells an operator in Kubernetes to create a new site. When that site is ready it's shared with the new customer. The lifecycle of this WordPress site is managed by the operator while the UI, billing, and other elements are handled by customer facing applications.For a second example, what if someone needs just one instance of an application but they want that instance to be fully managed. That includes failure handling that is usually encoded in a run book.How would these examples fit with the Operator SDK and OLM?There are a bunch of Operator lifecycle aspects, mainly around CRDs, that OLM takes care of so you don't have to. E.g. what happens when you attempt to install an Operator and there is already a CRD on cluster installed - is it safe to proceed? Is there maybe another Operator already present owning these CRDs? How would you discover this relationship?What happens when a CRD gets an update, e.g. in a new version of a CRD or a versioned CRD? Does this break existing workloads?The the details documented on this anywhere? I would love to read them. For example, let's assume you have two of these WordPress operators/controllers running in a cluster. They are namespace scoped and do not overlap. How do you handle the CRD being cluster scoped? How do upgrades of the CRD work to make sure it works for all operators/controllers? Or, are some assumptions made that situations like this will not occur?If you have some time I would appreciate digging into these forms of situations. This is in part because people need guidance on working with CRDs and some of that falls into Kubernetes SIG Apps domain where I spend some of my time.Thanks,Matt FarinaOn Tue, Oct 15, 2019, at 5:39 AM, Daniel Messer wrote:On Tue, Oct 15, 2019 at 1:39 AM Matt Farina <matt@...> wrote:Please excuse my ignorance on some of this software. I have a number of questions now that I'm starting to look around.OLM is a package manager for operatorsOut of curiosity, why create another package manager? What features are missing from Helm? If some feature was missing I'd love to talk about it to learn the context and assumptions around it.There are a bunch of Operator lifecycle aspects, mainly around CRDs, that OLM takes care of so you don't have to. E.g. what happens when you attempt to install an Operator and there is already a CRD on cluster installed - is it safe to proceed? Is there maybe another Operator already present owning these CRDs? How would you discover this relationship?What happens when a CRD gets an update, e.g. in a new version of a CRD or a versioned CRD? Does this break existing workloads?Such as dependent Operators: in order to drive developers to work towards API (as they do with Kubernetes) it would be nice to express a dependency on another Operators' CRDs, not the Operator itself.Operators are meant to be used by end user to drive value - so there needs to be an on-cluster mechanism to discover which Operators with which services are available. Since these users are usually not cluster-admins, there should be a safe way to do that without these privileges.Operators also support the concept of watching N namespaces while being installed in a different namespace. This is a configuration that prevents privilege escalation where you'd normally just be able to hijack the potentially very privileged ServiceAccount that got deployed in your namespace. This configuration needs to be expressed in some standardized way.OLM also comes with a first-class concept of automatic over-the-air updates of Operators in the background as part of regularly updated catalogs. This is due to long-lived nature of Operator workloads themselves.Hope this sheds some lights of the intentions of OLM. It is a package manager as well, but primarily it provides the additional guardrails needed in order to deploy, discovery and run Operators from a central point on cluster. I think it's worth pursuing designs where the packaging format of helm can be re-used, though. The use case is different though, since Operators are not regular applications but behave more like kernel extensions.When I start to look at OLM I see things like Install Plans and Subscriptions. This looks a lot like Kubernetes Service Catalog. Is there any kind of write-up comparing the two?You can do a lot with operators. If OLM has a lot of similarities to Service Catalog and has a bit of that intent in mind, what about the use cases aren't related to the service catalog type setup?Should I ask these questions over on the TOC issue instead?Thanks,MattOn Mon, Oct 14, 2019, at 6:03 PM, Michael Hrivnak wrote:On Mon, Oct 14, 2019 at 4:50 PM Jay Pipes <jaypipes@...> wrote:On Mon, 2019-10-14 at 16:41 -0400, Michael Hrivnak wrote:> The "app store" is merely the> discovery mechanism; how many different tools will a cluster owner> want to be involved in managing and upgrading the workloads on their> cluster? Different cluster owners will have different tolerances, but> many will want to standardize on one mechanism for controlling what> versions of software are running in their cluster.Agreed. This is why I think separating the method of discovery andlifecycle management from the operator-sdk is critical.Creating an operator and creating its packaging are at least logically separate, even if one tool can do both things. When you create an operator with operator-sdk, it does not have any packaging unless you explicitly run "operator-sdk olm-catalog gen-csv" with some arguments. Adding OLM packaging is optional and does not happen by default.Perhaps a developer would like to use the operator-sdk to develop theirOperator, but provide a non-OLM way of packaging that code. Decouplingthe SDK from the method of packaging and managing the code that isproduced by the SDK seems to enable that, no?This is already easy to do. To start, after you've made an operator with operator-sdk, you can install it manually by running "kubectl create -f" on a few of the manifests that operator-sdk creates for you. They just contain the CRD, RBAC resources, and a Deployment. You could then turn those manifests into a helm chart that installs your operator, or use any other tool you choose.--Michael Hrivnak
Principal Software Engineer, RHCERed Hat
--Daniel Messer
He / Him / His
Product Manager OpenShift
Wankelstrasse 5
70563 Stuttgart
Matt Farina
Erin,
I apologize for the confusion from my language. I was more interested in the concept of a service catalog rather than the specific Kubernetes implementation. The major public clouds have services that you can signup for with their API. It's the same idea.
I've seen operators that are used for purposes other than those for a service catalog like service. I've also explored the idea of CRDs and operators for use as a method to build a service catalog like service. So much so that there is a KEP somewhere about it.
I'm curious about the support for the different types of use cases from the Operator SDK, OLM, and the supporting tooling that's proposed to go into the CNCF. Is the Operator SDK + tools driving solely towards that service catalog style use case or are there more use cases it's going for?
I could be misreading into what OLM does which is why I'm asking.
Thanks,
Matt Farina
On Wed, Oct 16, 2019, at 2:40 PM, Erin Boyd wrote:
HI Matt,So interesting that you bring up the service catalog. Do we have a feel for the service catalog usage? One thing about it is that the API is built off of CFF rather than Kube, so there is a fundamental difference there. Also, I assume we want to shepherd more projects in this space (besides Helm) to negate the possibility of it being a king maker, right?Just trying to understand when doing a comparison if that is meant to just highlight intentional differences to give further choices or to say we already have something that works and we don't need something else.Thanks,ErinOn Tue, Oct 15, 2019 at 8:33 AM Matt Farina <matt@...> wrote:Daniel, thanks for the added color. I have more questions...Operators are meant to be used by end user to drive value - so there needs to be an on-cluster mechanism to discover which Operators with which services are available.This and some of the other comments sounds similar to a service catalog along with elements of OLM (e.g., the metering and chargeback operators). I'm curious how much of the service catalog ideals are tied to all of this.If you don't mind, I'd like to look at a couple examples that's are different.WordPress is an all to common example so I'll use that. Let's say someone is operating a WorPress as a service site. A customer comes along to their UI and signs up for a new site. Their web app tells an operator in Kubernetes to create a new site. When that site is ready it's shared with the new customer. The lifecycle of this WordPress site is managed by the operator while the UI, billing, and other elements are handled by customer facing applications.For a second example, what if someone needs just one instance of an application but they want that instance to be fully managed. That includes failure handling that is usually encoded in a run book.How would these examples fit with the Operator SDK and OLM?There are a bunch of Operator lifecycle aspects, mainly around CRDs, that OLM takes care of so you don't have to. E.g. what happens when you attempt to install an Operator and there is already a CRD on cluster installed - is it safe to proceed? Is there maybe another Operator already present owning these CRDs? How would you discover this relationship?What happens when a CRD gets an update, e.g. in a new version of a CRD or a versioned CRD? Does this break existing workloads?The the details documented on this anywhere? I would love to read them. For example, let's assume you have two of these WordPress operators/controllers running in a cluster. They are namespace scoped and do not overlap. How do you handle the CRD being cluster scoped? How do upgrades of the CRD work to make sure it works for all operators/controllers? Or, are some assumptions made that situations like this will not occur?If you have some time I would appreciate digging into these forms of situations. This is in part because people need guidance on working with CRDs and some of that falls into Kubernetes SIG Apps domain where I spend some of my time.Thanks,Matt FarinaOn Tue, Oct 15, 2019, at 5:39 AM, Daniel Messer wrote:On Tue, Oct 15, 2019 at 1:39 AM Matt Farina <matt@...> wrote:Please excuse my ignorance on some of this software. I have a number of questions now that I'm starting to look around.OLM is a package manager for operatorsOut of curiosity, why create another package manager? What features are missing from Helm? If some feature was missing I'd love to talk about it to learn the context and assumptions around it.There are a bunch of Operator lifecycle aspects, mainly around CRDs, that OLM takes care of so you don't have to. E.g. what happens when you attempt to install an Operator and there is already a CRD on cluster installed - is it safe to proceed? Is there maybe another Operator already present owning these CRDs? How would you discover this relationship?What happens when a CRD gets an update, e.g. in a new version of a CRD or a versioned CRD? Does this break existing workloads?Such as dependent Operators: in order to drive developers to work towards API (as they do with Kubernetes) it would be nice to express a dependency on another Operators' CRDs, not the Operator itself.Operators are meant to be used by end user to drive value - so there needs to be an on-cluster mechanism to discover which Operators with which services are available. Since these users are usually not cluster-admins, there should be a safe way to do that without these privileges.Operators also support the concept of watching N namespaces while being installed in a different namespace. This is a configuration that prevents privilege escalation where you'd normally just be able to hijack the potentially very privileged ServiceAccount that got deployed in your namespace. This configuration needs to be expressed in some standardized way.OLM also comes with a first-class concept of automatic over-the-air updates of Operators in the background as part of regularly updated catalogs. This is due to long-lived nature of Operator workloads themselves.Hope this sheds some lights of the intentions of OLM. It is a package manager as well, but primarily it provides the additional guardrails needed in order to deploy, discovery and run Operators from a central point on cluster. I think it's worth pursuing designs where the packaging format of helm can be re-used, though. The use case is different though, since Operators are not regular applications but behave more like kernel extensions.When I start to look at OLM I see things like Install Plans and Subscriptions. This looks a lot like Kubernetes Service Catalog. Is there any kind of write-up comparing the two?You can do a lot with operators. If OLM has a lot of similarities to Service Catalog and has a bit of that intent in mind, what about the use cases aren't related to the service catalog type setup?Should I ask these questions over on the TOC issue instead?Thanks,MattOn Mon, Oct 14, 2019, at 6:03 PM, Michael Hrivnak wrote:On Mon, Oct 14, 2019 at 4:50 PM Jay Pipes <jaypipes@...> wrote:On Mon, 2019-10-14 at 16:41 -0400, Michael Hrivnak wrote:> The "app store" is merely the> discovery mechanism; how many different tools will a cluster owner> want to be involved in managing and upgrading the workloads on their> cluster? Different cluster owners will have different tolerances, but> many will want to standardize on one mechanism for controlling what> versions of software are running in their cluster.Agreed. This is why I think separating the method of discovery andlifecycle management from the operator-sdk is critical.Creating an operator and creating its packaging are at least logically separate, even if one tool can do both things. When you create an operator with operator-sdk, it does not have any packaging unless you explicitly run "operator-sdk olm-catalog gen-csv" with some arguments. Adding OLM packaging is optional and does not happen by default.Perhaps a developer would like to use the operator-sdk to develop theirOperator, but provide a non-OLM way of packaging that code. Decouplingthe SDK from the method of packaging and managing the code that isproduced by the SDK seems to enable that, no?This is already easy to do. To start, after you've made an operator with operator-sdk, you can install it manually by running "kubectl create -f" on a few of the manifests that operator-sdk creates for you. They just contain the CRD, RBAC resources, and a Deployment. You could then turn those manifests into a helm chart that installs your operator, or use any other tool you choose.--Michael Hrivnak
Principal Software Engineer, RHCERed Hat
--Daniel Messer
He / Him / His
Product Manager OpenShift
Wankelstrasse 5
70563 Stuttgart
Erin Boyd
Hi All,
Just seeing where the operator framework is in the pipeline.
I missed the TOC meeting yesterday as I'm at a work meeting all week so apologies in advance if it was discussed then.
Erin
On Wed, Oct 16, 2019, 2:57 PM Matt Farina <matt@...> wrote:
Erin,I apologize for the confusion from my language. I was more interested in the concept of a service catalog rather than the specific Kubernetes implementation. The major public clouds have services that you can signup for with their API. It's the same idea.I've seen operators that are used for purposes other than those for a service catalog like service. I've also explored the idea of CRDs and operators for use as a method to build a service catalog like service. So much so that there is a KEP somewhere about it.I'm curious about the support for the different types of use cases from the Operator SDK, OLM, and the supporting tooling that's proposed to go into the CNCF. Is the Operator SDK + tools driving solely towards that service catalog style use case or are there more use cases it's going for?I could be misreading into what OLM does which is why I'm asking.Thanks,Matt FarinaOn Wed, Oct 16, 2019, at 2:40 PM, Erin Boyd wrote:HI Matt,So interesting that you bring up the service catalog. Do we have a feel for the service catalog usage? One thing about it is that the API is built off of CFF rather than Kube, so there is a fundamental difference there. Also, I assume we want to shepherd more projects in this space (besides Helm) to negate the possibility of it being a king maker, right?Just trying to understand when doing a comparison if that is meant to just highlight intentional differences to give further choices or to say we already have something that works and we don't need something else.Thanks,ErinOn Tue, Oct 15, 2019 at 8:33 AM Matt Farina <matt@...> wrote:Daniel, thanks for the added color. I have more questions...Operators are meant to be used by end user to drive value - so there needs to be an on-cluster mechanism to discover which Operators with which services are available.This and some of the other comments sounds similar to a service catalog along with elements of OLM (e.g., the metering and chargeback operators). I'm curious how much of the service catalog ideals are tied to all of this.If you don't mind, I'd like to look at a couple examples that's are different.WordPress is an all to common example so I'll use that. Let's say someone is operating a WorPress as a service site. A customer comes along to their UI and signs up for a new site. Their web app tells an operator in Kubernetes to create a new site. When that site is ready it's shared with the new customer. The lifecycle of this WordPress site is managed by the operator while the UI, billing, and other elements are handled by customer facing applications.For a second example, what if someone needs just one instance of an application but they want that instance to be fully managed. That includes failure handling that is usually encoded in a run book.How would these examples fit with the Operator SDK and OLM?There are a bunch of Operator lifecycle aspects, mainly around CRDs, that OLM takes care of so you don't have to. E.g. what happens when you attempt to install an Operator and there is already a CRD on cluster installed - is it safe to proceed? Is there maybe another Operator already present owning these CRDs? How would you discover this relationship?What happens when a CRD gets an update, e.g. in a new version of a CRD or a versioned CRD? Does this break existing workloads?The the details documented on this anywhere? I would love to read them. For example, let's assume you have two of these WordPress operators/controllers running in a cluster. They are namespace scoped and do not overlap. How do you handle the CRD being cluster scoped? How do upgrades of the CRD work to make sure it works for all operators/controllers? Or, are some assumptions made that situations like this will not occur?If you have some time I would appreciate digging into these forms of situations. This is in part because people need guidance on working with CRDs and some of that falls into Kubernetes SIG Apps domain where I spend some of my time.Thanks,Matt FarinaOn Tue, Oct 15, 2019, at 5:39 AM, Daniel Messer wrote:On Tue, Oct 15, 2019 at 1:39 AM Matt Farina <matt@...> wrote:Please excuse my ignorance on some of this software. I have a number of questions now that I'm starting to look around.OLM is a package manager for operatorsOut of curiosity, why create another package manager? What features are missing from Helm? If some feature was missing I'd love to talk about it to learn the context and assumptions around it.There are a bunch of Operator lifecycle aspects, mainly around CRDs, that OLM takes care of so you don't have to. E.g. what happens when you attempt to install an Operator and there is already a CRD on cluster installed - is it safe to proceed? Is there maybe another Operator already present owning these CRDs? How would you discover this relationship?What happens when a CRD gets an update, e.g. in a new version of a CRD or a versioned CRD? Does this break existing workloads?Such as dependent Operators: in order to drive developers to work towards API (as they do with Kubernetes) it would be nice to express a dependency on another Operators' CRDs, not the Operator itself.Operators are meant to be used by end user to drive value - so there needs to be an on-cluster mechanism to discover which Operators with which services are available. Since these users are usually not cluster-admins, there should be a safe way to do that without these privileges.Operators also support the concept of watching N namespaces while being installed in a different namespace. This is a configuration that prevents privilege escalation where you'd normally just be able to hijack the potentially very privileged ServiceAccount that got deployed in your namespace. This configuration needs to be expressed in some standardized way.OLM also comes with a first-class concept of automatic over-the-air updates of Operators in the background as part of regularly updated catalogs. This is due to long-lived nature of Operator workloads themselves.Hope this sheds some lights of the intentions of OLM. It is a package manager as well, but primarily it provides the additional guardrails needed in order to deploy, discovery and run Operators from a central point on cluster. I think it's worth pursuing designs where the packaging format of helm can be re-used, though. The use case is different though, since Operators are not regular applications but behave more like kernel extensions.When I start to look at OLM I see things like Install Plans and Subscriptions. This looks a lot like Kubernetes Service Catalog. Is there any kind of write-up comparing the two?You can do a lot with operators. If OLM has a lot of similarities to Service Catalog and has a bit of that intent in mind, what about the use cases aren't related to the service catalog type setup?Should I ask these questions over on the TOC issue instead?Thanks,MattOn Mon, Oct 14, 2019, at 6:03 PM, Michael Hrivnak wrote:On Mon, Oct 14, 2019 at 4:50 PM Jay Pipes <jaypipes@...> wrote:On Mon, 2019-10-14 at 16:41 -0400, Michael Hrivnak wrote:> The "app store" is merely the> discovery mechanism; how many different tools will a cluster owner> want to be involved in managing and upgrading the workloads on their> cluster? Different cluster owners will have different tolerances, but> many will want to standardize on one mechanism for controlling what> versions of software are running in their cluster.Agreed. This is why I think separating the method of discovery andlifecycle management from the operator-sdk is critical.Creating an operator and creating its packaging are at least logically separate, even if one tool can do both things. When you create an operator with operator-sdk, it does not have any packaging unless you explicitly run "operator-sdk olm-catalog gen-csv" with some arguments. Adding OLM packaging is optional and does not happen by default.Perhaps a developer would like to use the operator-sdk to develop theirOperator, but provide a non-OLM way of packaging that code. Decouplingthe SDK from the method of packaging and managing the code that isproduced by the SDK seems to enable that, no?This is already easy to do. To start, after you've made an operator with operator-sdk, you can install it manually by running "kubectl create -f" on a few of the manifests that operator-sdk creates for you. They just contain the CRD, RBAC resources, and a Deployment. You could then turn those manifests into a helm chart that installs your operator, or use any other tool you choose.--Michael Hrivnak
Principal Software Engineer, RHCERed Hat
--Daniel Messer
He / Him / His
Product Manager OpenShift
Wankelstrasse 5
70563 Stuttgart
--