This is the multi-page printable view of this section. Click here to print.

Return to the regular view of this page.

CAP Operator Manager

CAP Operator Manager is an operator based on Kyma lifecycle manager to install the CAP Operator. This operator uses component-operator-runtime framework to manage it’s lifecycle.

workflow

1 - Installation

How to install CAP Operator using CAP Operator Manager

This page provides an overview of available methods to install the CAP Operator on a Kubernetes cluster using CAP Operator Manager.

1.1 - Kyma Cluster

How to install CAP Operator in a Kyma cluster

The CAP Operator is available as a Community module in Kyma clusters.

To enable the CAP Operator module in your Kyma cluster, follow these steps:

  1. Open the Kyma Console, navigate to the Modules section, and click the Add button within Community Modules list.

    community-module-1

  2. Click the Add button in the Source YAMLs section to load the list of community modules.

    community-module-2

  3. In the dialog that opens, you can see the list of available community modules and click the Add button.

    community-module-3

  4. Select the CAP Operator module and click the Add button.

    community-module-4

  5. Wait for the automatic installation of the CAP Operator components into the cap-operator-system namespace to complete.

    community-module-5

1.2 - Local Cluster

How to install CAP Operator using CAP Operator Manager in a local cluster

Install CAP Operator Manager

To install the latest version of CAP Operator Manager, please execute the following command:

kubectl apply -f https://github.com/SAP/cap-operator-lifecycle/releases/latest/download/manager_manifest.yaml

This would create a namespace cap-operator-system with CAP Operator Manager installed.

cap-op-man-install

Install CAP Operator using CAP Operator Manager

Once the CAP Operator Manager is running, you can install the CAP operator by executing the following command:

kubectl apply -n cap-operator-system -f https://github.com/SAP/cap-operator-lifecycle/releases/latest/download/manager_default_CR.yaml

This would work only if the ingressGatewayLabels in your clusters match the following values:

  ingressGatewayLabels:
    - name: istio
      value: ingressgateway
    - name: app
      value: istio-ingressgateway

If not, you must manually create the CAPOperator resource by applying the below yaml to the cap-operator-system namespace after filling in the ingressGatewayLabels values from your cluster.

apiVersion: operator.sme.sap.com/v1alpha1
kind: CAPOperator
metadata:
  name: cap-operator
spec:
  subscriptionServer:
    subDomain: cap-op
  ingressGatewayLabels:
    - name: <<--Label Name-->>
      value: <<--Label Value-->>
    - name: <<--Label Name-->>
      value: <<--Label Value-->>

Once the CAPOperator resource is created, the CAP Operator Manager will start installing the CAP Operator in the namespace. Once the resource is ready, you can see the CAP Operator Pods running in the namespace.

cap-op-man-cr-ready

CAP Operator Pods:

cap-op-pods

2 - Resources

How to configure the CAP Operator Manager resources

CAP Operator Manager uses resource CAPOperator to install the CAP Operator. The CAPOperator resource has the following attributes -

  • subscriptionServer.subDomain string - Subdomain of the CAP Operator subscription Server
  • subscriptionServer.certificateManager string - Certificate manager which can be set to either Gardener or CertManager, with the default value being Gardener
  • subscriptionServer.certificateConfig.gardener - Configuration for Gardener certificates, applicable only if subscriptionServer.certificateManager is set to Gardener. This allows you to specify the issuerName and issuerNamespace.
  • subscriptionServer.certificateConfig.certManager - Configuration for CertManager certificates, applicable only if subscriptionServer.certificateManager is set to CertManager. This allows you to specify the issuerGroup, issuerKind and issuerName.
  • dnsTarget string - Public ingress URL for the cluster Load Balancer
  • ingressGatewayLabels - Labels used to identify the istio ingress-gateway component and its corresponding namespace. Usually {“app”:“istio-ingressgateway”,“istio”:“ingressgateway”}
  • controller.detailedOperationalMetrics bool - Optionally enable detailed opertational metrics for the controller by setting this to true
  • controller.versionMonitoring.prometheusAddress string - URL of the Prometheus server from which metrics related to managed application versions can be queried
  • controller.versionMonitoring.metricsEvaluationInterval - The duration (example 2h) after which versions are evaluated for deletion; based on specified workload metrics
  • controller.versionMonitoring.promClientAcquireRetryDelay - The duration (example 10m) to wait before retrying to acquire Prometheus client and verify connection, after a failed attempt
  • controller.volumes - Optionally specify list of additional volumes for the controller pod(s)
  • controller.volumeMounts - Optionally specify list of additional volumeMounts for the controller container(s)
  • monitoring.enabled bool - Optionally enable Prometheus monitoring for all components
  • monitoring.serviceMonitorSelectorLabels - Optionally specify the labels that Prometheus will use to select the ServiceMonitors
  • monitoring.grafana.dashboard.configMapLabels - Optionally specify the labels used to select ConfigMaps containing dashboards in Grafana
  • webhook.certificateManager string - Certificate manager which can be set to either Default or CertManager, with the default value being Default
  • webhook.certificateConfig.certManager - Configuration for CertManager certificates, applicable only if webhook.certificateManager is set to CertManager. This allows you to specify the issuerGroup, issuerKind and issuerName.

The below example shows a fully configured CAPOperator resource:

apiVersion: operator.sme.sap.com/v1alpha1
kind: CAPOperator
metadata:
  name: cap-operator
spec:
  subscriptionServer:
    subDomain: cap-op
    certificateManager: Gardener
    certificateConfig:
      gardener:
        issuerName: "gardener-issuer-name"
        issuerNamespace: "gardener-issuer-namespace"
  ingressGatewayLabels:
    - name: istio
      value: ingressgateway
    - name: app
      value: istio-ingressgateway
  monitoring:
    enabled: true
    serviceMonitorSelectorLabels:
      release: "prometheus-operator"
    grafana:
      dashboard:
        configMapLabels:
          grafana_dashboard: "1"
  controller:
    detailedOperationalMetrics: true
    versionMonitoring:
      prometheusAddress: "http://prometheus-operated.monitoring.svc.cluster.local:9090" # <-- example of a Prometheus server running inside the same cluster
      promClientAcquireRetryDelay: "2h"
      metricsEvaluationInterval: "30m"
  webhook:
    certificateManager: CertManager
    certificateConfig:
      certManager:
        issuerGroup: "certManager-issuer-group"
        issuerKind: "certManager-issuer-kind"
        issuerName: "certManager-issuer-name"

Here, we will automatically determine the cluster shoot domain and install the CAP Operator by setting the subscription server domain and the DNS Target. The DNS target is derived using the ingressGatewayLabels. For the above example, if the determined the cluster shoot domain is test.stage.kyma.ondemand.com, then the domain will be set as cap-op.test.stage.kyma.ondemand.com by default.

Note: The length of the domain should be less than 64 characters. Depending up on your cluster shoot domain, please choose a length appropriate subdomain.

The user can also maintain the DNS Target manually. In such cases, we will take over the value as it is. The user can maintain the DNS Target as shown below:

apiVersion: operator.sme.sap.com/v1alpha1
kind: CAPOperator
metadata:
  name: cap-operator
spec:
  subscriptionServer:
    subDomain: cap-op
  dnsTarget: public-ingress-custom.test.stage.kyma.ondemand.com

3 - Migrate to Kyma Community Module (Optional)

How to migrate CAP Operator installed via Helm or Manifest to the Kyma Community Module without deleting your deployed applications.

This page provides an overview of the steps required to migrate the CAP Operator installed via Helm or Manifest to the Kyma Community Module without deleting your deployed applications.

Helm Installation

If you have installed the CAP Operator using Helm, please follow the steps below to migrate to the Kyma Community Module:

  1. Uninstall the CAP Operator Helm release using the following command:
helm uninstall cap-operator -n cap-operator-system

Note: The release name and namespace may vary based on your installation. Please ensure to use the correct release name and namespace in the command.

  1. Install the CAP Operator using the Kyma Community Module by following the instructions in the Kyma Cluster Installation Documentation.

Manifest Installation (Using CAP Operator Manager)

If you have installed the CAP Operator using a manifest, please follow the steps below to migrate to the Kyma Community Module:

  1. Add the annotation operator.sme.sap.com/retain-resources="true" to the CAPOperator resource to ensure that your deployed applications are not deleted during the migration process. You can do this by running the following command:
kubectl annotate capoperator cap-operator operator.sme.sap.com/retain-resources="true"
  1. Wait till the annotation is applied and the CAPOperator resource is ready.

  2. Delete the CAPOperator resource using the following command:

kubectl delete -f https://github.com/SAP/cap-operator-lifecycle/releases/latest/download/manager_default_CR.yaml
  1. Delete all the resources created by the manifest installation using the following command:
kubectl delete -f https://github.com/SAP/cap-operator-lifecycle/releases/latest/download/manager_manifest.yaml
  1. Install the CAP Operator using the Kyma Community Module by following the instructions in the Kyma Cluster Installation Documentation.

4 - Support

How to get support and how to reach out

Bugs

To report a bug, please create an issue.

See anything missing? Please let us know or raise a PR.

Communication Channels

Reach out to the project team and the project community via the following communication channels:

5 - Reference

API reference

Packages:

operator.sme.sap.com/v1alpha1

Package v1alpha1 contains API Schema definitions for the operator v1alpha1 API group

Resource Types:

    CAPOperator

    CAPOperator is the Schema for the CAPOperators API

    FieldDescription
    metadata
    Kubernetes meta/v1.ObjectMeta
    Refer to the Kubernetes API documentation for the fields of the metadata field.
    spec
    CAPOperatorSpec


    subscriptionServer
    SubscriptionServer

    SubscriptionServer specification

    dnsTarget
    string

    Public ingress URL for the cluster Load Balancer

    ingressGatewayLabels
    []NameValue

    Labels used to identify the istio ingress-gateway component and its corresponding namespace. Usually {“app”:“istio-ingressgateway”,“istio”:“ingressgateway”}

    controller
    Controller

    Controller specification

    monitoring
    Monitoring

    Monitoring specification

    webhook
    Webhook

    Webhook specification

    status
    CAPOperatorStatus

    CAPOperatorSpec

    (Appears on: CAPOperator)

    CAPOperatorSpec defines the desired state of CAPOperator

    FieldDescription
    subscriptionServer
    SubscriptionServer

    SubscriptionServer specification

    dnsTarget
    string

    Public ingress URL for the cluster Load Balancer

    ingressGatewayLabels
    []NameValue

    Labels used to identify the istio ingress-gateway component and its corresponding namespace. Usually {“app”:“istio-ingressgateway”,“istio”:“ingressgateway”}

    controller
    Controller

    Controller specification

    monitoring
    Monitoring

    Monitoring specification

    webhook
    Webhook

    Webhook specification

    CAPOperatorStatus

    (Appears on: CAPOperator)

    FieldDescription
    Status
    github.com/sap/component-operator-runtime/pkg/component.Status

    (Members of Status are embedded into this type.)

    add other fields to status subresource here

    CertManager

    (Appears on: CertificateConfig)

    FieldDescription
    issuerName
    string

    Issuer name

    issuerKind
    string

    Issuer kind

    issuerGroup
    string

    Issuer group

    CertificateConfig

    (Appears on: SubscriptionServer, Webhook)

    FieldDescription
    gardener
    Gardener

    Gardener configuration

    certManager
    CertManager

    CertManager configuration

    CertificateManager (string alias)

    (Appears on: SubscriptionServer, Webhook)

    Supported values are Gardener, CertManager, or Default For the subscription server, it can be either Gardener or CertManager, while for the webhook, it can be either Default or CertManager

    CommonConfig

    (Appears on: Controller, SubscriptionServer, Webhook)

    Common aspects for Controller, SubscriptionServer and Webhook

    FieldDescription
    replicas
    int32

    Number of replicas

    resources
    Kubernetes core/v1.ResourceRequirements

    Resource Requirements configuration

    nodeSelector
    map[string]string

    Node selector

    affinity
    Kubernetes core/v1.Affinity

    Affinity settings

    tolerations
    []Kubernetes core/v1.Toleration

    Tolerations

    priorityClassName
    string

    Priority class name

    topologySpreadConstraints
    []Kubernetes core/v1.TopologySpreadConstraint

    Topology spread constraints

    podSecurityContext
    Kubernetes core/v1.PodSecurityContext

    Pod Security context

    securityContext
    Kubernetes core/v1.SecurityContext

    Security context

    volumes
    []Kubernetes core/v1.Volume

    Optionally specify list of additional volumes for the controller pod(s)

    volumeMounts
    []Kubernetes core/v1.VolumeMount

    Optionally specify list of additional volumeMounts for the controller container(s)

    Controller

    (Appears on: CAPOperatorSpec)

    FieldDescription
    CommonConfig
    CommonConfig

    (Members of CommonConfig are embedded into this type.)

    detailedOperationalMetrics
    bool

    Optionally enable detailed opertational metrics for the controller by setting this to true

    maxConcurrentReconciles
    MaxConcurrentReconciles

    Configuration of maximum number of concurrent reconciles for the resources managed by the controller

    versionMonitoring
    VersionMonitoring

    Version monitoring configuration

    Duration (string alias)

    (Appears on: VersionMonitoring)

    Duration is a valid time duration that can be parsed by Prometheus Supported units: y, w, d, h, m, s, ms Examples: 30s, 1m, 1h20m15s, 15d

    Gardener

    (Appears on: CertificateConfig)

    FieldDescription
    issuerName
    string

    Issuer name

    issuerNamespace
    string

    Issuer namespace

    Grafana

    (Appears on: Monitoring)

    FieldDescription
    dashboard
    GrafanaDashboard

    Dashboard configuration

    GrafanaDashboard

    (Appears on: Grafana)

    FieldDescription
    configMapLabels
    map[string]string

    Labels for selecting ConfigMaps with dashboards in Grafana

    MaxConcurrentReconciles

    (Appears on: Controller)

    FieldDescription
    capApplication
    string

    Maximum number of concurrent reconciles for the cap application

    capApplicationVersion
    string

    Maximum number of concurrent reconciles for the cap application version

    capTenant
    string

    Maximum number of concurrent reconciles for the cap tenant

    capTenantOperation
    string

    Maximum number of concurrent reconciles for the cap tenant operation

    domain
    string

    Maximum number of concurrent reconciles for the domain

    clusterDomain
    string

    Maximum number of concurrent reconciles for the cluster domain

    Monitoring

    (Appears on: CAPOperatorSpec)

    FieldDescription
    enabled
    bool

    Optionally enable Prometheus monitoring for all components

    serviceMonitorSelectorLabels
    map[string]string

    Prometheus service monitor selector labels

    grafana
    Grafana

    Grafana configuration

    NameValue

    (Appears on: CAPOperatorSpec)

    Generic Name/Value configuration

    FieldDescription
    name
    string
    value
    string

    SubscriptionServer

    (Appears on: CAPOperatorSpec)

    FieldDescription
    CommonConfig
    CommonConfig

    (Members of CommonConfig are embedded into this type.)

    subDomain
    string
    certificateManager
    CertificateManager

    Certificate manager which can be either Gardener or CertManager

    certificateConfig
    CertificateConfig

    Certificate configuration

    VersionMonitoring

    (Appears on: Controller)

    FieldDescription
    prometheusAddress
    string

    URL of the Prometheus server from which metrics related to managed application versions can be queried

    metricsEvaluationInterval
    Duration

    The duration (example 2h) after which versions are evaluated for deletion; based on specified workload metrics

    promClientAcquireRetryDelay
    Duration

    The duration (example 10m) to wait before retrying to acquire Prometheus client and verify connection, after a failed attempt

    Webhook

    (Appears on: CAPOperatorSpec)

    FieldDescription
    CommonConfig
    CommonConfig

    (Members of CommonConfig are embedded into this type.)

    certificateManager
    CertificateManager

    Certificate manager which can be either Default or CertManager

    certificateConfig
    CertificateConfig

    Certificate configuration


    Generated with gen-crd-api-reference-docs .