This is the multi-page printable view of this section. Click here to print.

Return to the regular view of this page.

Using Helm

How to deploy with Helm charts

To install CAP operator components, we recommend using the Helm chart that is published as an OCI package at oci://ghcr.io/sap/cap-operator-lifecycle/helm/cap-operator.

Installation

Create a namespace and install the Helm chart in that namespace by specifying the domain and the dnsTarget for your subscription server, either

  • As command line parameters:

    kubectl create namespace cap-operator-system
    helm upgrade -i -n cap-operator-system cap-operator oci://ghcr.io/sap/cap-operator-lifecycle/helm/cap-operator --set subscriptionServer.domain=cap-operator.<CLUSTER-DOMAIN> --set subscriptionServer.dnsTarget=public-ingress.<CLUSTER-DOMAIN>
    
  • Or as a YAML file with the values:

    kubectl create namespace cap-operator-system
    helm upgrade -i -n cap-operator-system cap-operator oci://ghcr.io/sap/cap-operator-lifecycle/helm/cap-operator -f my-cap-operator-values.yaml
    

    In this example, the provided values file, my-cap-operator-values.yaml, can have the following content:

    subscriptionServer:
      dnsTarget: public-ingress.<CLUSTER-DOMAIN>
      domain: cap-operator.<CLUSTER-DOMAIN>   
    

Optional steps

  • Enable Service Monitors for metrics emitted by controller and subscription server

    To enable Monitoring via metrics emitted by CAP Operator components, the following value can be specified:

    monitoring:
      enabled: true # <-- This enables creation of service monitors, for metrics emitted by the cap operator components
    

    Detailed operational metrics for the controller can be enabled with the following config:

    controller:
        detailedOperationalMetrics: true
    
  • Setup Prometheus Integration for Version Monitoring

    To use the Version Monitoring feature of the CAP Operator, a Prometheus server URL can be provided to the CAP Operator. When installing the CAP Operator using the Helm chart, the following values can be specified in the values:

    controller:
      versionMonitoring:
        prometheusAddress: "http://prometheus-operated.monitoring.svc.cluster.local:9090" # <-- example of a Prometheus server running inside the same cluster
        promClientAcquireRetryDelay: "2h"
        metricsEvaluationInterval: "30m" # <-- duration after which version metrics are evaluated
    

    When the controller is started, the operator will try to connect to the Prometheus server and fetch runtime information to verify the connection. If the connection is not successful, it will be retried after the duration specified as controller.versionMonitoring.promClientAcquireRetryDelay. Check default values for these attributes here.

1 - Helm Values

Discover all values supported by the latest CAP Operator helm chart

Values

KeyTypeDefaultDescription
image.tagstring""Default image tag (can be overwritten on component level)
image.pullPolicystring""Default image pull policy (can be overwritten on component level)
imagePullSecretslist[]Default image pull secrets (can be overwritten on component level)
podSecurityContextobject{}Default pod security content (can be overwritten on component level)
nodeSelectorobject{}Default node selector (can be overwritten on component level)
affinityobject{}Default affinity settings (can be overwritten on component level)
tolerationslist[]Default tolerations (can be overwritten on component level)
priorityClassNamestring""Default priority class (can be overwritten on component level)
topologySpreadConstraintslist[]Default topology spread constraints (can be overwritten on component level)
podLabelsobject{}Additional pod labels for all components
podAnnotationsobject{}Additional pod annotations for all components
monitoringobject{"enabled":false}Monitoring configuration for all components
monitoring.enabledboolfalseOptionally enable Prometheus monitoring for all components (disabled by default)
controller.replicasint1Replicas
controller.image.repositorystring"ghcr.io/sap/cap-operator/controller"Image repository
controller.image.tagstring""Image tag
controller.image.pullPolicystring""Image pull policy
controller.imagePullSecretslist[]Image pull secrets
controller.podLabelsobject{}Additional labels for controller pods
controller.podAnnotationsobject{}Additional annotations for controller pods
controller.podSecurityContextobject{}Pod security content
controller.nodeSelectorobject{}Node selector
controller.affinityobject{}Affinity settings
controller.tolerationslist[]Tolerations
controller.priorityClassNamestring""Priority class
controller.topologySpreadConstraintslist[]Topology spread constraints
controller.securityContextobject{}Security context
controller.resources.limits.memorystring"500Mi"Memory limit
controller.resources.limits.cpufloat0.2CPU limit
controller.resources.requests.memorystring"50Mi"Memory request
controller.resources.requests.cpufloat0.02CPU request
controller.volumeslist[]Optionally specify list of additional volumes for the controller pod(s)
controller.volumeMountslist[]Optionally specify list of additional volumeMounts for the controller container(s)
controller.dnsTargetstring""The dns target mentioned on the public ingress gateway service used in the cluster
controller.detailedOperationalMetricsboolfalseOptionally enable detailed opertational metrics for the controller by setting this to true
controller.versionMonitoring.prometheusAddressstring""The URL of the Prometheus server from which metrics related to managed application versions can be queried
controller.versionMonitoring.metricsEvaluationIntervalstring"1h"The duration (example 2h) after which versions are evaluated for deletion; based on specified workload metrics
controller.versionMonitoring.promClientAcquireRetryDelaystring"1h"The duration (example 10m) to wait before retrying to acquire Prometheus client and verify connection, after a failed attempt
subscriptionServer.replicasint1Replicas
subscriptionServer.image.repositorystring"ghcr.io/sap/cap-operator/server"Image repository
subscriptionServer.image.tagstring""Image tag
subscriptionServer.image.pullPolicystring""Image pull policy
subscriptionServer.imagePullSecretslist[]Image pull secrets
subscriptionServer.podLabelsobject{}Additional labels for subscription server pods
subscriptionServer.podAnnotationsobject{}Additional annotations for subscription server pods
subscriptionServer.podSecurityContextobject{}Pod security content
subscriptionServer.nodeSelectorobject{}Node selector
subscriptionServer.affinityobject{}Affinity settings
subscriptionServer.tolerationslist[]Tolerations
subscriptionServer.priorityClassNamestring""Priority class
subscriptionServer.topologySpreadConstraintslist[]Topology spread constraints
subscriptionServer.securityContextobject{}Security context
subscriptionServer.resources.limits.memorystring"200Mi"Memory limit
subscriptionServer.resources.limits.cpufloat0.1CPU limit
subscriptionServer.resources.requests.memorystring"20Mi"Memory request
subscriptionServer.resources.requests.cpufloat0.01CPU request
subscriptionServer.volumeslist[]Optionally specify list of additional volumes for the server pod(s)
subscriptionServer.volumeMountslist[]Optionally specify list of additional volumeMounts for the server container(s)
subscriptionServer.portint4000Service port
subscriptionServer.istioSystemNamespacestring"istio-system"The namespace in the cluster where istio system components are installed
subscriptionServer.ingressGatewayLabelsobject{"app":"istio-ingressgateway","istio":"ingressgateway"}Labels used to identify the istio ingress-gateway component
subscriptionServer.dnsTargetstring"public-ingress.clusters.cs.services.sap"The dns target mentioned on the public ingress gateway service used in the cluster
subscriptionServer.domainstring"cap-operator.clusters.cs.services.sap"The domain under which the cap operator subscription server would be available
subscriptionServer.certificateManagerstring"Gardener"Certificate manager which can be either Gardener or CertManager
subscriptionServer.certificateConfigobject{"certManager":{"issuerGroup":"","issuerKind":"","issuerName":""},"gardener":{"issuerName":"","issuerNamespace":""}}Certificate configuration
subscriptionServer.certificateConfig.gardenerobject{"issuerName":"","issuerNamespace":""}Optionally specify the corresponding certificate configuration
subscriptionServer.certificateConfig.gardener.issuerNamestring""Issuer name
subscriptionServer.certificateConfig.gardener.issuerNamespacestring""Issuer namespace
subscriptionServer.certificateConfig.certManagerobject{"issuerGroup":"","issuerKind":"","issuerName":""}Cert Manager configuration
subscriptionServer.certificateConfig.certManager.issuerGroupstring""Issuer group
subscriptionServer.certificateConfig.certManager.issuerKindstring""Issuer kind
subscriptionServer.certificateConfig.certManager.issuerNamestring""Issuer name
webhook.sidecarboolfalseSide car to mount admission review
webhook.replicasint1Replicas
webhook.image.repositorystring"ghcr.io/sap/cap-operator/web-hooks"Image repository
webhook.image.tagstring""Image tag
webhook.image.pullPolicystring""Image pull policy
webhook.imagePullSecretslist[]Image pull secrets
webhook.podLabelsobject{}Additional labels for validating webhook pods
webhook.podAnnotationsobject{}Additional annotations for validating webhook pods
webhook.podSecurityContextobject{}Pod security content
webhook.nodeSelectorobject{}Node selector
webhook.affinityobject{}Affinity settings
webhook.tolerationslist[]Tolerations
webhook.priorityClassNamestring""Priority class
webhook.topologySpreadConstraintslist[]Topology spread constraints
webhook.securityContextobject{}Security context
webhook.resources.limits.memorystring"200Mi"Memory limit
webhook.resources.limits.cpufloat0.1CPU limit
webhook.resources.requests.memorystring"20Mi"Memory request
webhook.resources.requests.cpufloat0.01CPU request
webhook.serviceobject{"port":443,"targetPort":1443,"type":"ClusterIP"}Service port
webhook.service.typestring"ClusterIP"Service type
webhook.service.portint443Service port
webhook.service.targetPortint1443Target port
webhook.certificateManagerstring"Default"Certificate manager which can be either Default or CertManager
webhook.certificateConfigobject{"certManager":{"issuerGroup":"","issuerKind":"","issuerName":""}}Optionally specify the corresponding certificate configuration
webhook.certificateConfig.certManager.issuerGroupstring""Issuer group
webhook.certificateConfig.certManager.issuerKindstring""Issuer kind
webhook.certificateConfig.certManager.issuerNamestring""Issuer name