Kubernetes Plugin OLM Installation#

This guide provides step-by-step instructions for installing the EDA Connect Kubernetes plugin using Red Hat Operator Lifecycle Manager (OLM).

Prerequisites#

• All prerequisites from the Kubernetes Plugin Installation guide must be met
• EDA Kubernetes preparation steps (Service Account and Token) must be completed
• OLM enabled on your OpenShift cluster
• Access to the OpenShift cluster console

Installation Steps#

Step 1: Install the EDA OpenShift Operator through OLM#

Install the operator using the OpenShift console:

1. Log in to your OpenShift cluster console.

2. From the main menu, navigate to Operators → OperatorHub.

1. Type eda-openshift-operator in the All Items - Filter by keyword filter/search box.

2. Select the EDA OpenShift Operator tile when it displays. The EDA OpenShift Operator page displays.

3. Click Install.

4. Enter the namespace where the OLM should install the EDA OpenShift Operator on the OpenShift cluster. The default namespace is eda-connect-k8s-controller.

5. Scroll down and click Install.

Step 2: Configure a Pull Secret for the Controller Image#

If the EDA Connect OpenShift Plugin Controller image is hosted in a registry that requires authentication, create a Kubernetes secret for OpenShift to pull the image:

export PULL_TOKEN=<PULL_TOKEN>
kubectl create secret docker-registry eda-k8s-image-secret \
  --docker-server=ghcr.io/nokia-eda/eda-connect-k8s-controller \
  --docker-username=nokia-eda-bot \
  --docker-password=${PULL_TOKEN} \
  -n eda-connect-k8s-controller

Step 3: Create Controller Container Environment Secret#

Create a openshift-eda-connect-k8s-controller-env-secret.yaml file with the following content and update the fields as appropriate:

apiVersion: v1
kind: Secret
metadata:
  name: eda-connect-k8s-controller-env-secret # Do not change the name of this Secret
  namespace: <eda-connect-k8s> # Refers to the namespace where the OLM operator was installed
data:
  CONNECT_HOST: https://<EDA-k8s-cluster-ip or hostname>:<port> # (Caution - Do not use EDA API values, use EDA k8s API values)
  CONNECT_PASSWORD: <Secret long-lived token of the service account created before>
  CONNECT_USERNAME: <Name of the service account based on which secret token was created>

kubectl apply -f - <<EOF
apiVersion: v1
kind: Secret
metadata:
  name: eda-connect-k8s-controller-env-secret # Do not change the name of this Secret
  namespace: <eda-connect-k8s> # Refers to the namespace where the OLM operator was installed
data:
  CONNECT_HOST: https://<EDA-k8s-cluster-ip or hostname>:<port> # (Caution - Do not use EDA API values, use EDA k8s API values)
  CONNECT_PASSWORD: <Secret long-lived token of the service account created before>
  CONNECT_USERNAME: <Name of the service account based on which secret token was created>

EOF

Configuration Parameters#

The environment secret requires the following configuration values:

CONNECT_HOST

The URL to reach the EDA Kubernetes cluster API.

CONNECT_USERNAME

The service account name created in the Create a Service Account section.

CONNECT_PASSWORD

The long-lived token created in the Create a Service Account Token section.

Step 4: Create EDA Connect K8s Controller Config#

Create a eda-connect-k8s-controller-config-cr.yaml file with the following content and update the fields as appropriate:

apiVersion: config.eda.nokia.com/v1
kind: ConnectControllerConfig
metadata:
  labels:
    app.kubernetes.io/name: operator
  name: connectcontrollerconfig
  namespace: <eda-connect-k8s> # Refers to the namespace where the OLM operator was installed
spec:
  connectPluginName: k8s-controller-plugin
  controllerImagePullSecret: eda-k8s-image-secret # Refers to the controller container image registry secret to be used
  heartBeat: "10"
  logLevel: info
  edaNamespace: <eda-fabric-namespace> # The namespace in EDA containing the fabric and resources, this will different from the eda-system namespace.
  skipTLSVerify: False
  tlsCertificateData:
  tlsEnabled: True

kubectl apply -f - <<EOF
apiVersion: config.eda.nokia.com/v1
kind: ConnectControllerConfig
metadata:
  labels:
    app.kubernetes.io/name: operator
  name: connectcontrollerconfig
  namespace: <eda-connect-k8s> # Refers to the namespace where the OLM operator was installed
spec:
  connectPluginName: k8s-controller-plugin
  controllerImagePullSecret: eda-k8s-image-secret # Refers to the controller container image registry secret to be used
  heartBeat: "10"
  logLevel: info
  edaNamespace: <eda-fabric-namespace> # The namespace in EDA containing the fabric and resources, this will different from the eda-system namespace.
  skipTLSVerify: False
  tlsCertificateData:
  tlsEnabled: True

EOF

Configuration Parameters#

The controller config requires the following values:

connectPluginName

A unique name for the plugin within your EDA environment.

heartBeat

The interval in seconds at which the plugin should send heartbeats. Values between 10-30 are recommended.

edaNamespace

The namespace in EDA containing the fabric and resources (different from the eda-system namespace).

skipTLSVerify

Can be enabled to disable server TLS certificate verification when connecting to the EDA Kubernetes cluster (not recommended for production).

tlsCertificateData

When certificate validation is enabled, this property can contain the certificate information of the EDA Kubernetes cluster. This is only needed if certificate validation is enabled and if the EDA Kubernetes certificate has not been signed by a trusted authority.

tlsEnabled

Should always be true to ensure TLS is used to secure the communication with the EDA Kubernetes cluster.

Post-Installation Verification#

After deployment, verify the installation was successful using the steps described in the Post-Installation Verification section of the main installation guide.