CAP Operator Manager

1: Installation

1.1: Kyma Cluster
1.2: Local Cluster

2: Resources

3: Support

CAP Operator Manager is an operator based on Kyma lifecycle manager to install the CAP Operator. This operator uses component-operator-runtime framework to manage it’s lifecycle.

workflow

1 - Installation

How to install CAP Operator using CAP Operator Manager

This page provides an overview of available methods to install the CAP Operator on a Kubernetes cluster using CAP Operator Manager.

1.1 - Kyma Cluster

How to install CAP Operator in a Kyma cluster

Warning

The CAP Operator module is currently available only on SAP Internal Kyma clusters. To install it elsewhere, follow the guide here

The CAP Operator is available in both fast and regular release channels.

To enable the CAP Operator module in your Kyma cluster, refer to Add and Delete a Kyma Module.

1.2 - Local Cluster

How to install CAP Operator using CAP Operator Manager in a local cluster

Install CAP Operator Manager

To install the latest version of CAP Operator Manager, please execute the following command:

kubectl apply -f https://github.com/SAP/cap-operator-lifecycle/releases/latest/download/manager_manifest.yaml

This would create a namespace cap-operator-system with CAP Operator Manager installed.

cap-op-man-install

Install CAP Operator using CAP Operator Manager

Once the CAP Operator Manager is running, you can install the CAP operator by executing the following command:

kubectl apply -n cap-operator-system -f https://github.com/SAP/cap-operator-lifecycle/releases/latest/download/manager_default_CR.yaml

This would work only if the ingressGatewayLabels in your clusters match the following values:

  ingressGatewayLabels:
    - name: istio
      value: ingressgateway
    - name: app
      value: istio-ingressgateway

If not, you must manually create the CAPOperator resource by applying the below yaml to the cap-operator-system namespace after filling in the ingressGatewayLabels values from your cluster.

apiVersion: operator.sme.sap.com/v1alpha1
kind: CAPOperator
metadata:
  name: cap-operator
spec:
  subscriptionServer:
    subDomain: cap-op
  ingressGatewayLabels:
    - name: <<--Label Name-->>
      value: <<--Label Value-->>
    - name: <<--Label Name-->>
      value: <<--Label Value-->>

Once the CAPOperator resource is created, the CAP Operator Manager will start installing the CAP Operator in the namespace. Once the resource is ready, you can see the CAP Operator Pods running in the namespace.

cap-op-man-cr-ready

CAP Operator Pods:

cap-op-pods

2 - Resources

How to configure the CAP Operator Manager resources

CAP Operator Manager uses resource CAPOperator to install the CAP Operator. The CAPOperator resource has the following attributes -

subscriptionServer.subDomain string - Subdomain of the CAP Operator subscription Server
subscriptionServer.certificateManager string - Certificate manager which can be set to either Gardener or CertManager, with the default value being Gardener
subscriptionServer.certificateConfig.gardener - Configuration for Gardener certificates, applicable only if subscriptionServer.certificateManager is set to Gardener. This allows you to specify the issuerName and issuerNamespace.
subscriptionServer.certificateConfig.certManager - Configuration for CertManager certificates, applicable only if subscriptionServer.certificateManager is set to CertManager. This allows you to specify the issuerGroup, issuerKind and issuerName.
dnsTarget string - Public ingress URL for the cluster Load Balancer
ingressGatewayLabels - Labels used to identify the istio ingress-gateway component and its corresponding namespace. Usually {“app”:“istio-ingressgateway”,“istio”:“ingressgateway”}
controller.detailedOperationalMetrics bool - Optionally enable detailed opertational metrics for the controller by setting this to true
controller.versionMonitoring.prometheusAddress string - URL of the Prometheus server from which metrics related to managed application versions can be queried
controller.versionMonitoring.metricsEvaluationInterval - The duration (example 2h) after which versions are evaluated for deletion; based on specified workload metrics
controller.versionMonitoring.promClientAcquireRetryDelay - The duration (example 10m) to wait before retrying to acquire Prometheus client and verify connection, after a failed attempt
controller.volumes - Optionally specify list of additional volumes for the controller pod(s)
controller.volumeMounts - Optionally specify list of additional volumeMounts for the controller container(s)
monitoring.enabled bool - Optionally enable Prometheus monitoring for all components
webhook.certificateManager string - Certificate manager which can be set to either Default or CertManager, with the default value being Default
webhook.certificateConfig.certManager - Configuration for CertManager certificates, applicable only if webhook.certificateManager is set to CertManager. This allows you to specify the issuerGroup, issuerKind and issuerName.

The below example shows a fully configured CAPOperator resource:

apiVersion: operator.sme.sap.com/v1alpha1
kind: CAPOperator
metadata:
  name: cap-operator
spec:
  subscriptionServer:
    subDomain: cap-op
    certificateManager: Gardener
    certificateConfig:
      gardener:
        issuerName: "gardener-issuer-name"
        issuerNamespace: "gardener-issuer-namespace"
  ingressGatewayLabels:
    - name: istio
      value: ingressgateway
    - name: app
      value: istio-ingressgateway
  monitoring:
    enabled: true
  controller:
    detailedOperationalMetrics: true
    versionMonitoring:
      prometheusAddress: "http://prometheus-operated.monitoring.svc.cluster.local:9090" # <-- example of a Prometheus server running inside the same cluster
      promClientAcquireRetryDelay: "2h"
      metricsEvaluationInterval: "30m"
  webhook:
    certificateManager: CertManager
    certificateConfig:
      certManager:
        issuerGroup: "certManager-issuer-group"
        issuerKind: "certManager-issuer-kind"
        issuerName: "certManager-issuer-name"

Here, we will automatically determine the cluster shoot domain and install the CAP Operator by setting the subscription server domain and the DNS Target. The DNS target is derived using the ingressGatewayLabels. For the above example, if the determined the cluster shoot domain is test.stage.kyma.ondemand.com, then the domain will be set as cap-op.test.stage.kyma.ondemand.com by default.

Note: The length of the domain should be less than 64 characters. Depending up on your cluster shoot domain, please choose a length appropriate subdomain.

The user can also maintain the DNS Target manually. In such cases, we will take over the value as it is. The user can maintain the DNS Target as shown below:

apiVersion: operator.sme.sap.com/v1alpha1
kind: CAPOperator
metadata:
  name: cap-operator
spec:
  subscriptionServer:
    subDomain: cap-op
  dnsTarget: public-ingress-custom.test.stage.kyma.ondemand.com

3 - Support

How to get support and how to reach out

Bugs

To report a bug, please create an issue.

See anything missing? Please let us know or raise a PR.

Communication Channels

Reach out to the project team and the project community via the following communication channels:

Issues: GitHub
Email: CAP Operator